[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)

To: cdel at firsthand.net, jim at rfc1035.com
Subject: RE: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
From: "Peter Williams" <home_pw at msn.com>
Date: Tue, 29 Jun 2004 09:13:40 -0700
Cc: enum at ietf.org
List-help: <mailto:enum-request@ietf.org?subject=help>
List-id: Enum Discussion List <enum.ietf.org>
List-post: <mailto:enum@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=unsubscribe>
Sender: enum-bounces at ietf.org

you wrote. .

> Operators can (and probably should) use a private version of
e164.arpa today. This doesn't need any involvement in the Tier-0 and
Tier-1 stuff or ITU's interim procedures. e164.arpa is the IETF/IAB
agreed domain name for ENUM. It's neutral and not controlled by any
commercial interest or nation. So it's the obvious choice for the
unique and consistent naming scheme that Infrastructure ENUM
needs. There is no viable alternative. [BTW don't confuse the domain
name e164.arpa with its public expression on the internet today.] This
would also make it easier for operators to interwork and perhaps link
their private trees: ie nobody has to figure out the DNS gunk needed
to merge say enum.pulver.com with e164.at or enum.bt.intra.


cdel:--< what specifically do you propose? It sounds like you are proposing
non routable private e164.arpa zones behind firewalls?

not firewalls: SSL VPNs... (which also give you the security negotiation, the single signon, and the layer-independent privacy handling) Adding ENUM discovery to SSL single signon makes a lot of sense, when the SSL layer is tuned for setting up the SIP proxys' sessions. The E.164 address can also be added to the SAML, which when signed and issued by authorities can implement the semantics of the national authorities that Richard seeks to preserve (who knows why some people wish to preserve dinosaurs).

But as you imply, behind every VPN there is a private DNS. Inter-VPN routing can allow references to the DNS access points of some of the other providers in the n confederations.

Jim's idea is use e164.arpa as a name, not as a zone administration point.If I go one step further, in the SSL world, we just have each SSL VPN issue a self-signed cert, asserting a binding between this .arpa name and the local tunnel endpoinf to the DNS server reachable to the community using the particular SSL-net interface.

Dump DNS zone delegation, and use VPN management system mechanism, instead - and use the SSL culture to handle the politics of confederated naming (given SSL management works on an critical infrastructure scale).

_______________________________________________
enum mailing list
enum at ietf.org
https://www1.ietf.org/mailman/listinfo/enum

Follow-Ups:
- RE: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
  - From: Christian de Larrinaga
- Re: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
  - From: Jim Reid

Prev by Date: RE: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
Next by Date: RE: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
Previous by thread: Re: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
Next by thread: Re: ENUM Privacy (was RE: [Enum] User ENUM vs Operator ENUM)
Index(es):
- Date
- Thread