Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls
John R. Levine
johnl at iecc.com
Sun Mar 8 00:46:33 UTC 2020
> Most DNS registers avoid verifying customer information as long as the
> payment clears (for a short time). DKIM (and DNSSEC) is built on top of
> trusting tokens from third-parties which disclaim all liability.
Right. The only promise that DKIM makes is that if you have a stream of
mail signed by the same domain, you can praise or blame the same entity
for it. It's a handle that recipient systems can use to build a
reputation system, not a whitelist. DKIM has worked this way since 2006,
the documentation is entirely clear that's what it does, and I'm kind of
surprised you haven't gotten the memo.
> Phone companies and advertisers have already demonstrated they can't be
> trusted to act as third-party introducers.
No kidding. I've talked to people at big telcos who are in the middle
of STIR/SHAKEN and they tell me they plan to use it pretty much the same
way that mail providers use DKIM. Some senders will have a good
reputation and their calls will be delivered, some won't, and not so much.
As with mail, it also provides a handle to push back on people sending
unwanted junk.
> Eventually we'll have STE/STU-equivalent end-to-end verification on our
> smartphones.
That's known not to work for e-mail spam, so I can't imagine why anyone
would expect it to work for phone calls.
Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
More information about the NANOG
mailing list