<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Privacy and security issues

  • To: Patrik Fltstrm < >
    "Amelia Effendi" < >
  • From: Richard Shockey < >
  • Date: Thu, 16 Oct 2003 10:34:58 -0400

At 11:02 PM 10/15/2003, Patrik Fltstrm wrote:

On 16 okt 2003, at 02.24, Amelia Effendi wrote:

in regards to ENUM implementation, issues like privacy and security cannot be avoided. the concern arise on what should be contained in the WHOIS and Tier 2 NAPTR record. With WHOIS, MAYBE to only allow a certain eligible people to access the record by having PIN number and password?
As John said, passwords doesn't go into the RFC 954 protocol, but in a potential new Whois _service_.

You can also (which is already done in many ccTLDs in the world) decide what data you have in Whois to make sure you don't disclose too much about the registrant. For example, you might have only technical information there and no information about the registrant at all. Remember, whois is not needed at all (in general) for any protocol on the Internet. It is a help for operations.
I want to reemphasize this point that 1. there is NO real WHOIS requirement in ENUM at all..this is not ICANN ( thank god ) but the need for technical contact data for the ENUM FQDN goes the genuine need for security and stability in the Internet iteslf. My impression from monitoring activities of the various national ENUM forums is that this is understood...there are already numerous directories out there that map TN to subscriber .. they are called phone books. :-)

That said .. I'm hoping that the global deployment of ENUM will offer national administrations the chance to look at CRISP as a new alternative to WHOIS like information retrieval I'm certainly pushing for that in the US ..however in the final analysis each and every one of these issues are the exclusive decision of national implementation. What Australia does is its own business...


Regarding the NAPTR records, the only thing which should be disclosed is information which the holder of the phone number accept having there. This is why ENUM is an opt-in system.
and as the draft below indicates .. if you read carefully ... 1. this is a opt in system ..but 2. the use of SIP actually enhances consumer privacy by giving direct control of voice communications back to the end user and not the incumbent carrier and creates new and dynamic competitive forces in the market that can and IMHO will respond quickly to the privacy needs and requirements of consumers ...unlike some incumbent carriers we are familiar with.


For more information, see draft-ietf-enum-privacy-security-01.txt
Comments on this draft BTW are always welcome


    regard, patrik


on top of that there is a risk of spamming as well. some spamming prevention method such as filtering, diital certificate could and have proven to be failed with recently in Telstra Australia Bigpond Internet is down because of the spam attack.

again one clear reason for demanding that regulators insist on dynamic competitive markets for IP transport services..


from your point of view, what are other possible privacy and security issues and the possible prevention method of those issues? i believe that this cannot be left to the last minute when transisioning from trial to commercialise.

Thank you,
Amelia

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Richard Shockey, Senior Manager, Strategic Technology Initiatives
NeuStar Inc.
46000 Center Oak Plaza  -   Sterling, VA  20166
sip:rshockey(at)iptel.org   ENUM +87810-13313-31331
PSTN Office +1 571.434.5651 PSTN Mobile: +1 703.593.2683,  Fax: +1 815.333.1237
<mailto:richard(at)shockey.us> or <mailto:richard.shockey(at)neustar.biz>
<http://www.neustar.biz> ; <http://www.enum.org>
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<




  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>