FCC proposes $10 Million fine for spoofed robocalls

• Previous message (by thread): FCC proposes $10 Million fine for spoofed robocalls
• Next message (by thread): FCC proposes $10 Million fine for spoofed robocalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/19/19 9:14 PM, Christopher Morrow wrote:
>> Plus if it didn't work well/too cumbersome/etc with email, it probably
>> won't be any better with voice. We have lots of experience with what
>> doesn't work for email.
> I sort of figured that the shaken/stir model that ( i happened to
> propose in their first meeting) of:
>    "get the originator (handset, ebony phone, call-warehouse) to
> digitally sign the call initiation, propagate that through the network
> to the receiver (so they could associate the
> md5/sha256/cert-signature/etc with an identity, and let the receivers
> decide: 'Not in my known callers list, no answer'"
>
> was a great plan... that the folk in the room basically didn't
> understand (or even want me to voice, actually)... It's a shame that
> something like this wasn't created instead of shaken/stir. You could
> check the signature at any of the hops, start failing calls earlier as
> rates of completion didn't stay at some standard level. All sorts of
> options would be available, and really the callers could be identified
> (at least by endpoint) more quickly.
>
> oh well. glad we got shaken / stir though? :)


SHAKEN is trying to solve e.164 problem which inherently hard and 
subject to a lot of cases where it fails. Their problem statement is 
worth the read if you're interested.

But the reality is that it's a pretty SIP-y world these days, and the 
proper identity for SIP is the From: address, not the e.164 address. 
Since From: addresses contain domain names, you can tie identity to the 
domain itself, instead of trying to make sense of telephone number 
delegations. It would be trivial to attach a signature to the SIP 
INVITE's -- we've been doing that for 15 years with email, and then you 
at least know that the INVITE came from the domain it purports to be 
from. It works even for PSTN last legs because the PSTN headend can 
place the From: address in the caller id. Armed with that knowledge, you 
can filter to your heart's content.

And since we've been told that 5G is a magic elixir that will wash our 
clothes and dress our dogs, our new phones can just be SIP UA's instead 
of going through the PSTN nonsense at all.

STIR/SHAKEN seems like a solution to a problem whose time is way overdue 
to be retired.

Mike

• Previous message (by thread): FCC proposes $10 Million fine for spoofed robocalls
• Next message (by thread): FCC proposes $10 Million fine for spoofed robocalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]