Re: [Ecrit] FW: [Geopriv] Winterbottom-ecrit-direct considered

["Dawson, Martin" <Martin.Dawson at andrew.com>]

Hi Brian,

Please *define* what you mean when you keep saying SP in this thread.

There are two VoIP providers I use regularly; MyNetFone which is an Oz provider and Skype. There are others as well that I use as circumstance suggests. So... come to the US and I'll only be entitled to second class emergency service calling?

Skype is the one I use the most, though I have a number of subscriptions. The most recent one is "martin-psp" which I exclusively log onto from my PSP and use, again, in circumstances where it's most convenient.

Now I don't *need* to provide any useful information (from an ESP perspective) to have these accounts. There's no identity information of the type you refer to.

The only reason Skype want more rigorous identity information is when they want to charge me money (e.g. for Skype out/in) - even then it might just be a PayPal username. The only reason any commercial VSP wants this sort of information is when they want to charge money. So... you appear to be limiting "premium" emergency service access to people with credit cards.

And - in any case - you haven't addressed your invented problem. People can still call the ESRP without going through one of these "blessed" VSP operators. So what have you achieved?

There's no empirical, or even anecdotal, evidence for your claims as far as I know. Please cite your sources. We've put the mechanisms in place to provide reliable location identity with calls (via the ISPs of course). Where is the study that shows that people are going to go running off to free airport WiFi access points (despite the fact that their location will be known) and start making nuisance calls in high volume? By the same token, where is the evidence that this would be mitigated by a patchwork of occasional and often foreign VSP subscriptions?

Regards,
Martin

-----Original Message-----
From: ecrit-bounces at ietf.org [mailto:ecrit-bounces at ietf.org] On Behalf Of Brian Rosen
Sent: Wednesday, 4 November 2009 12:37 AM
To: Marc Linsner; ecrit at ietf.org
Subject: Re: [Ecrit] FW: [Geopriv] Winterbottom-ecrit-direct considered

inline


On 11/3/09 10:18 AM, "Marc Linsner" <mlinsner at cisco.com> wrote:

>
>
> On 11/2/09 11:56 AM, "Brian Rosen" <br at brianrosen.net> wrote:
>
>> Nope, just dealing with reality.
>>
>> Reality is that calls come from service providers. They like it that way.
>
> I'll ask again, how does a call coming from a particular service provider
> relate to the nature/veracity of the emergency?
The quality of the information, and the ability to get additional
assistance, if needed, depends on the SP, if there is any.  Most SPs have
dedicated emergency call teams that will quickly assist a PSAP if there is a
problem.  They have information which may be valuable to the PSAP.  PSAPs
appreciate this.  They depend on it.  They really work over SPs who don't do
that.


>
>>
>> If that changes, then strategies should change, but emergency calling ought
>> not to be the driver for any such change.
>
> I have doubts that PS could alter the VoIP marketplace.
I assume "PS" is "SP".  SPs ARE the VoIP marketplace.  There is no VoIP
marketplace without SPs presently.  There is no reason to think that will
change

>
>>
>> What "real value of the information included with the call" am I ignoring?
>> I said we'll deal with addresses (albeit, with SBCs and all manner of NATs,
>> that is getting pretty hard to do) first.  What else should we look for?
>
>
> 1) Location: Have I had other calls within x meters of this location in the
> last 5 minutes? 20 minutes? 1 hour? 24 hours?
The primary problem is abuse.  What should I do if I had a legitimate call
from the same location, but a different address/SP/...?  What should I do if
I had an abusive call from the same location?  Our statistics on that are
probably poor, but my personal opinion is that location is not a good
indicator of abuse.  I suppose it depends on how reliable location will be
with abusive calls.  If it turns out to be very reliable, that might be
helpful.  I suspect the abuser will manage to make location unreliable.  I
guess we will see.  We certainly have the ability to use location as an
input to the routing decisions, so no problem if it actually works.

Of course, in the current systems, you don't get location with a "simless"
call.  I agree that we shouldn't assume that will be the case going forward.

I would not use this for a DDoS attack.  That would kill a call from a
non-compromised device in a residence/office with one that was compromised.

>
> 2) Caller Identity (From; Contact): Have I had other calls with the same
> identity in the last 5 minutes? 20 minutes? 1 hour? 24 hours?
Yes, this is like address. We'll clearly start with that.  If it works,
that's our primary defense.   Often effective on abuse, usually not
effective enough on a DDoS: you shut off the sources you know are bad, but
too many new ones pop up to make that effective enough.  It's also usually
spoofed.

>
> 3) Network Address: Have I received other calls from this IP address in the
> last 5 minutes? 20 minutes? 1 hour? 24 hours?
As above.

The "filter based on source SP" is a secondary line of defense.  An attack
signature is an even better line of primary attack, if there is one.  Normal
abuse would not have a signature.  A DDoS attack often does.
>
> -Marc-
>
>
>


_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www.ietf.org/mailman/listinfo/ecrit