ietf
[Top] [All Lists]

Re: [dispatch] VIPR - proposed charter version 3

2010-07-09 17:20:46


Richard Shockey wrote:

RS> You cannot authoritatively determine a binding between a phone number
and a consumer (domain) without access to the databases.

The point of ViPR is that the authoritative mapping as you've defined it just isn't necessary; a forward routability check is all that is really needed.

Indeed, let us look at email for a moment. How does one know that "jdrosen(_at_)jdrosen(_dot_)net" authoritatively maps to me? In reality the only authoritative source for this is the databases at jdrosen.net which contain credentials that are bound to me. However, those are inaccessible to the rest of the world. Instead, one can check if jdrosen(_at_)jdrosen(_dot_)net routes to me by sending me an email with some kind of secret, and if I can prove I know that secret, you know that I'm jdrosen(_at_)jdrosen(_dot_)net(_dot_) This forward routability check is the foundation for vast amounts of web security and identity, and that same principle is applied here for phone numbers.

Do you argue that we should stop using these forward email routing checks in the web?

-Jonathan R.


--
Jonathan D. Rosenberg, Ph.D.                   SkypeID: jdrosen
Chief Technology Strategist                    Mobile: +1 (732) 766-2496
Skype                                          SkypeIn: +1 (408) 465-0361
jdrosen(_at_)skype(_dot_)net                              http://www.skype.com
jdrosen(_at_)jdrosen(_dot_)net                            http://www.jdrosen.net


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf