[VOIPSEC] Truths on "Truth in Caller ID Act"

Zmolek, Andrew (Andy) zmolek at avaya.com
Wed Oct 4 23:56:36 CDT 2006 

John-

For the record, I did not say that network elements should perform ANI
authentication (though I'm not sure how any bona-fide solution could
avoid authentication at some point in the network given that my home
phone can't authenticate anything).  But if you're going to resurrect
that ancient meme--and for those unfamiliar with the circuit vs. packet
wars it goes roughly like this: "Internet (a.k.a. 'dumb network')
architecture is inherently superior to the PSTN IN (Intelligent Network)
architecture"--to suggest that therein lies the answer to ANI spoofing
problem, then please at least offer some evidence that this problem is
solvable at the endpoint. 

Given that (1) the vast majority of endpoints in the PSTN still have no
facility for authentication of any sort unless you count what I do when
I see my Caller ID display and (2) the obvious Internet parallel in
authenticated email only demonstrates that endpoint-driven
authentication is neither widespread nor easily implemented, I don't
think your endpoint authentication argument is a slam dunk at all. That
being said, sure, one can take the position that endpoints create
identity and should validate it. But why stop there?

Based on the work going on in the Higgins Project and what Microsoft is
doing with CardSpace, I would assert that an identity provider (of any
flavor) should be completely separable both from the network and from
the applications that operate on that identity. Still, at the end of the
day the E.164 addressing within the PSTN is still an identifier that
benefits from authentication--and even if its assertion were ultimately
authenticated over an IP network using a client-server or P2P protocol
near the endpoint, it still needs to be assigned and managed just like
an IP address. It's not like IANA can give out the same public IP
address to multiple people and not break the Internet. 

For that matter, it's not like the IETF has solved the problem of IP
address spoofing (which is really the closest equivalent of ANI spoofing
when you really get down to it). Still, reversible DNS does give IP some
authentication advantages that the E.164 system doesn't have (not to
mention the addition of a unique namespace on top of the addressing
layer that is used by people and applications so that the addressing
layer can be independently managed with its own PKI-based authentication
scheme for applications that support it). The point here is that we've
got two distinct public networks, each with their own (mostly) unsolved
spoofing problems. Either one can be solved using a network-driven or
application-driven approach (granted, one can argue that web PKI solves
the problem for web apps, but that would only be completely true if (1)
you authenticated your DNS server in the first place and (2) IP address
spoofing itself was impossible).

And for those SIP zealots out there (including my many IETF friends),
don't tell me that this problem has been solved with SIP because I'll be
more than happy to present dozens of counterexamples for whatever claims
you want to make about the superiority of SIP identity assertion (unless
you already buy the concept that a network-asserted identity has some
advantages, which I don't contest). Frankly, we would have cleanly
solved the SRTP key management problem and countless other protocol
authentication problems (like email and spam) if we had a universal
identity assertion solution available within the IETF standards
framework--something that will never happen so long as IETF community
perceives that capability (in any recognizable form at least) to be a
threat to privacy. 

/\\//\Y/\   Andy Zmolek  |  zmolek at avaya.com  |  303-538-6040 
		Senior Manager, Security Planning & Strategy
            GCS Security Technology Development  |  Avaya, Inc. 

P.S. Don't tell me that PKI already solved the SIP identity problem
unless you can point me to an implement able standard that establishes
the operational governance and trust management practices required to
make a global SIP PKI as real as the web PKI (which incidentally only
requires servers to hold certificates, something that doesn't work so
well for P2P SIP). The reality of SIP on the ground today is that it can
be secure or it can be interoperable but it's practically impossible to
be both at the same time and that's as true of identity assertions as
encryption or any other security feature associated with SIP.


-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
Behalf Of John Osmon
Sent: Wednesday, October 04, 2006 7:18 PM
To: voipsec at voipsa.org
Subject: Re: [VOIPSEC] Truths on "Truth in Caller ID Act"

On Wed, Oct 04, 2006 at 06:03:56PM -0600, Zmolek, Andrew (Andy) wrote:
[...]
> An ANI validation database *could* be created [...] [...] Perhaps the 
> ease with which ANI spoofing can be accomplished via VoIP will 
> encourage more discussion on this topic in the future.

Perhaps we'll be even luckier:
  People will realize that the end points should be doing the
  identification rather than the network elements.



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list