On 5/16/24 6:55 PM, John Levine wrote:
It appears that Brandon Martin <lists.na...@monmotha.net> said:
I think the issue with their lack of effectiveness on spam calls is due
to the comparatively small number of players in the PSTN (speaking of
both classic TDM and modern IP voice-carrying and signaling networks)
world allowing lots of regulatory capture.
It's the opposite. SS7 was designed for a world with a handful of
large trustworthy telcos. But now that we have VoIP, it's a world of a
zillion sleasy little VoIP carriers stuffing junk into the network.
The real telcos have no desire to deliver spam calls. Everything is
bill and keep so they get no revenue and a lot of complaints.
Mike is right that STIR/SHAKEN is more complex than it needs to be but
even after it was widely deployed, the telcos had to argue with the
FCC to change the rules so they were allowed to drop spam calls which
only changed recently. That's why you see PROBABLE SPAM rather than
just not getting the call.
I was screaming at the top of my lungs that P-Asserted-Identity was
going to bite them in the ass 20 years ago. And then they eventually
came up with something that solved the wrong problem in the most
bellheaded way possible 15 years later. Bellheads should not be trusted
with internet security. The FCC is most likely not blameless here either
but the telcos/bellheads most certainly aren't either. Anybody who
thinks this is an either/or problem is wrong.
Mike
