[cabfpub] CABF role for anti-spoofing certificates
Tony Rutkowski
tony at yaanatech.com
Sun Aug 28 14:00:46 UTC 2016
Dean and CABF members,
Some of you may be aware - if nothing else through the
press coverage - that efforts have been stepped up to deal
with so-called robocalls that is more generally known
within the many industry communities involved as
anti-spoofing.
Much of the work currently revolves around associating
X.509 certs with telephone numbers - in blocs or individually.
Central to this approach is the attached Internet Draft in
a group known as stir. Although it is being treated as
"last call," concerns have been raised as to its suitability.
Indeed, the obvious question is why don't they simply
use the Forum's specification and a class of EVcert for
this purpose, including its OCSP provisions. That
question hasn't been answered, and there is no known
collaboration with the CABF.
Some of the statements in this draft are flat wrong,
such as that introduction statement that "...telephone
numbers have long been a part of the X.509...." In addition,
the identity construct "Service Provider Identifier (SPID)"
is fuzzy at best and has no consistent global use. Also
omitted is any treatment of Rec. ITU-T E.164 which is
the global telephone identifier number space to which
the certificates are being bound.
Why should the CABF and its members care? For the
CABF itself, that answer is that the EVcert specification
is best of breed, scales well, and has many years of
experience and evolution behind it.
The OS/browser vendors should care because their
platforms, tables, and apps will make use of the
stir certificates. The CAs should care because the
provision of certificates globally for this purpose
is a major business opportunity that in many national
jurisdictions will be the subject of regulatory provisions.
--tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160828/b034a495/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: draft-ietf-stir-certificates-07.pdf
Type: application/pdf
Size: 102204 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160828/b034a495/attachment-0002.pdf>
More information about the Public
mailing list