[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [Enum] Carrier ENUM mini-BoF Agenda

To: Peter Williams <home_pw at msn.com>
Subject: Re: AW: [Enum] Carrier ENUM mini-BoF Agenda
From: Jeff Williams <jwkckid1 at ix.netcom.com>
Date: Mon, 21 Jun 2004 00:21:24 -0700
Cc: enum at ietf.org, Richard.Stastny at oefeg.at, richard at shockey.us
List-help: <mailto:enum-request@ietf.org?subject=help>
List-id: Enum Discussion List <enum.ietf.org>
List-post: <mailto:enum@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=unsubscribe>
Organization: INEGroup Spokesman
References: <BAY3-F21RPCG8NcvVxb00011b8d@hotmail.com>
Sender: enum-bounces at ietf.org

Peter and all,

Peter Williams wrote:

> >From: Jeff Williams <jwkckid1 at ix.netcom.com>
> >To: Stastny Richard <Richard.Stastny at oefeg.at>
> >CC: enum at ietf.org, Richard Shockey <richard at shockey.us>
> >Subject: Re: AW: [Enum] Carrier ENUM mini-BoF Agenda
> >Date: Sun, 20 Jun 2004 19:42:26 -0700
> >
> >Stastny and all,
> >
> >Stastny Richard wrote:
> >
> > > So given Steven questions, my "User ENUM" definitions
> > > and Richards "Carrier TN to URI translation mechanisms" aka "Carrier
> >ENUM",
> > >
> > > I want to try to give an answer to question 1b first, before I address
> >1a
> > >
> > > a: within User ENUM there exist privacy issues.
> > >     set-up properly these issues do not exist in "Carrier ENUM",
> > >     because either the information is not accessible or not usable
> > >     by end-users.
> > >     Note: all privacy issues with ENUM should thereore be discussed
> > >     in the first half of the meeting, not in the mini-BoF on "Carrier
> >ENUM"
> >
> >   Good point.
>
> This is not appropriate, in my view. The reasoning is very flawed. There is
> a relationship between holder of the E.164 and the ENUM provider. While
> end-users may be unable to gain access to the marketing information derived
> from the providers analyis of the transactions for a given ENUM name,
> listing beneath e164.arpa (or elsewhere), the provider may seek to sell this
> information about the holder to value-added resellers, folk sellling
> additional telematic services, etc etc. This is quite typical in the US, and
> is what the US privacy policy apparatus is designed to codify, and disclose
> (even if it provides little in the way of enfocement) - so subscribers are
> at least notified of the possible arrangements that may impact their wider
> use of telematics.

>
>
> Remember to distinguish between privacy, and security folks. Providing
> wonderful access conrol security by DNS or procedural means has no relevance
> to the privacy issues which we mut address in our engineering work on a
> public lookup service. Privacy is about information reuse, and disclousre of
> the possible reuses  by all involved parties, including providers. In many
> cases, the most blatant privacy abuses do NORMALLY not involve the end-users
> directly: they involve selling information about end-users by providers and
> others with whom the end-user has no contractual relationships.

Given your own comments and remarks here Peter, I would disagree
that there is a separation between privacy and security, they are directly
as well as indirectly.  If a provider can and does sell such user ENUM
data to any other party, the security of those users at that point is
jeopardized.  This can by in large, but not completely eliminated/reduced
if the standards track is inclusive of the necessary provisions.  These were
already discussed and discounted  as not necessary at that time.  Bad idea,
that.

>
>
> Remember, it took IETF over 15 years of hard work to privacy-enhace our
> email standards, with CA policy disclosures etc. We bridged complex legal
> work about digital signatures and CAs, and simple crypto work. And it took
> us over 10 years to secure IPSEC. If if takes as long to privacy enhance or
> secure ENUM protocols, so be it.

  It shouldn't take anywhere near 10 years to address security and privacy
issues with the ENUM standards track unless anti-privacy bigots
wish to be continually disruptive...

>
>
> Peter.
>
> _______________________________________________
> enum mailing list
> enum at ietf.org
> https://www1.ietf.org/mailman/listinfo/enum

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
    Pierre Abelard

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
E-Mail jwkckid1 at ix.netcom.com
 Registered Email addr with the USPS
Contact Number: 214-244-4827



_______________________________________________
enum mailing list
enum at ietf.org
https://www1.ietf.org/mailman/listinfo/enum

References:
- Re: AW: [Enum] Carrier ENUM mini-BoF Agenda
  - From: Peter Williams

Prev by Date: Re: [Enum] Carrier ENUM mini-BoF Agenda
Next by Date: Re: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
Previous by thread: Re: AW: [Enum] Carrier ENUM mini-BoF Agenda
Next by thread: RE: AW: [Enum] Carrier ENUM mini-BoF Agenda
Index(es):
- Date
- Thread