Re: Privacy and security issues
- Date: Thu, 16 Oct 2003 10:34:58 -0400
At 11:02 PM 10/15/2003, Patrik Fältström wrote:
I want to reemphasize this point that 1. there is NO real WHOIS requirement
in ENUM at all..this is not ICANN ( thank god ) but the need for technical
contact data for the ENUM FQDN goes the genuine need for security and
stability in the Internet iteslf. My impression from monitoring activities
of the various national ENUM forums is that this is understood...there are
already numerous directories out there that map TN to subscriber .. they
are called phone books. :-)
On 16 okt 2003, at 02.24, Amelia Effendi wrote:
in regards to ENUM implementation, issues like privacy and security
cannot be avoided. the concern arise on what should be contained in the
WHOIS and Tier 2 NAPTR record. With WHOIS, MAYBE to only allow a certain
eligible people to access the record by having PIN number and password?
As John said, passwords doesn't go into the RFC 954 protocol, but in a
potential new Whois _service_.
You can also (which is already done in many ccTLDs in the world) decide
what data you have in Whois to make sure you don't disclose too much about
the registrant. For example, you might have only technical information
there and no information about the registrant at all. Remember, whois is
not needed at all (in general) for any protocol on the Internet. It is a
help for operations.
That said .. I'm hoping that the global deployment of ENUM will offer
national administrations the chance to look at CRISP as a new alternative
to WHOIS like information retrieval I'm certainly pushing for that in the
US ..however in the final analysis each and every one of these issues are
the exclusive decision of national implementation. What Australia does is
its own business...
Regarding the NAPTR records, the only thing which should be disclosed is
information which the holder of the phone number accept having there. This
is why ENUM is an opt-in system.
and as the draft below indicates .. if you read carefully ... 1. this is a
opt in system ..but 2. the use of SIP actually enhances consumer privacy by
giving direct control of voice communications back to the end user and not
the incumbent carrier and creates new and dynamic competitive forces in the
market that can and IMHO will respond quickly to the privacy needs and
requirements of consumers ...unlike some incumbent carriers we are familiar
For more information, see draft-ietf-enum-privacy-security-01.txt
Comments on this draft BTW are always welcome
on top of that there is a risk of spamming as well. some spamming
prevention method such as filtering, diital certificate could and have
proven to be failed with recently in Telstra Australia Bigpond Internet
is down because of the spam attack.
again one clear reason for demanding that regulators insist on dynamic
competitive markets for IP transport services..
from your point of view, what are other possible privacy and security
issues and the possible prevention method of those issues? i believe that
this cannot be left to the last minute when transisioning from trial to
Richard Shockey, Senior Manager, Strategic Technology Initiatives
46000 Center Oak Plaza - Sterling, VA 20166
sip:rshockey(at)iptel.org ENUM +87810-13313-31331
PSTN Office +1 571.434.5651 PSTN Mobile: +1 703.593.2683, Fax: +1 815.333.1237
<mailto:richard(at)shockey.us> or <mailto:richard.shockey(at)neustar.biz>
<http://www.neustar.biz> ; <http://www.enum.org>