Hello, Thanks much for all good questions. Please see below:
Selon "Manfredi, Albert E" <[EMAIL PROTECTED]>: > > -----Original Message----- > > From: Pars Mutaf [mailto:[EMAIL PROTECTED] > > Dear all, > > > > Quick reminder: the problem that I'm bringing to your > > attention is: > > > > http://www.ietf.org/internet-drafts/draft-mutaf-piqproblem-00.txt > > Pars, it seems to me that the reason cell phone numbers are hard to get > is that cell phone users have long preferred it to remain that way. I don't agree with you here. Cell phone users had no choice. They were and still are subject to a fundamental trade-off between privacy and reachability. I have seen users, with broken cell phones, or who have lost their phone. They are simply in trouble. They have hard time recovering the cell phone numbers of their friends, colleagues, family members etc. I have seen users (including myself) exchanging phone numbers in ridiculous ways. The first number is read to the other user, and the other user returns his/her number via the cellular network. It should be noted that this also requires short distance user contact. If the other user is 100 meters away, you see each other but you are in a crowded place and you can't reach each other, you simply cannot communicate. You have cellular phones but are unable to communicate. Or, just after a tsunami, someone that I know is lost. But I don't have a cell phone (or lost it). I can borrow a phone from someone else but I don't have the phone number. Or simply, you need another user's phone number but you don't have it yet. You know each other but you have not exchanged your phone numbers yet. etc etc... > For > that matter, with sales people completely abusing the regular land line > phone system, I believe the majority of land line telephone subscribers > would have preferred that other phone system to be equally made > difficult to abuse. This is an excellent point. Please see below. > > So I don't think that making it easier to distribute cell phone > telephone numbers is something that technology is preventing. The main requirement is that if you need private information about Alice, you should ask Alice. Alice will decide in *real-time* (real-time is really the keyword here). The decision belongs to Alice. We have Bluetooth, IrDA etc, but they require user contact. Surprisingly we cannot exchange private information via a cellular network (i.e. over very large distances). I suspect that this is simply because we don't have multicast name resolution or name-based IPv6 addresses currently (in cellular context). Please take my last sentence seriously. I mean it. These are the only solutions for learning someone's IP address from his/her human name. And if you don't know Alice's device's IP address, you cannot reach her phone and request her phone number. I think this also answers a good question like: "If this protocol is that important why we don't have it today?"... I think the answer is above. > In your proposal, for example, the problem will happen when obnoxious, > over the top sales critters (as they have proven themselves to be) > figure out how to pretend they are alicecollins making the request for > your phone number. Your will reply "yes," and then you're screwed. > > Or, alternatively, an alicecollins is making this request, but the one > you really know is called alicejcollins. Now this unknown person has > your cell number. These are very sane and important concerns. This protocol must be designed carefully. My point is that, *today*, we *have* well-known security solutions to achieve that. A serious threat analysis must be made and the protocol must be designed accordingly. Some of the potential threats and defenses (I'm not expert on details): 1. For example, as you have very well identified, the requesting user's identity must be verifiable. If not, the responder user must be notified. Again, the decision belongs to the user. 2. There will be Denial-of-Service threats if we use public key cryptography. Same problem with IKE. In our case, we have an advantage: the requestor is necessarily a *human*. Consequently, CAPTCHAs (Turing test) may be used. All we need to do is to define a CAPTCHA option in our exchanges. Work is needed of course. URL: http://en.wikipedia.org/wiki/Captcha 3. The last threat that you identified above looks like "phishing" to me. We have this problem on the web. I suspect that there is ongoing work on that. But anyway, I don't think this is a compelling enough reason to STOP this project. Also, some users may augment their own level of security by using a pseudonym instead of their real name, etc etc. If phone number information leaks (not because of the proposed protocol), some users may periodically change their phone number (i.e. recovation). But again, in this case, they will need the proposed protocol to redistribute their new phone number more easily. These decisions belong to the user. > > In short, I don't think it is technology that is needed here. I think technology is needed, and we *have* this technology and the necessary expertise. All we need to do is to put the pieces together. Regards, pars mutaf > > Bert > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
