[cabfpub] Creating an open CA regime for telephone number "possession"
sleevi at google.com
Fri Dec 8 14:24:59 MST 2017
I'm not sure the Forum would be appropriate for that discussion - it
certainly seems like the participants in STIR are best placed to articulate
those needs - particularly given both the scope and participation of the
My reply is meant to suggest that a distributed PKI is not, in and of
itself, better than a single GA. As you note, ITU-T already services as a
singular GA for purposes of the distribution and assignment of phone
numbers, and thus within that problem space, a single GA is not only not
unreasonable, it's also with ample precedent and benefit.
Thanks for raising the matter, as others in the Forum have, as it certainly
serves as a potential avenue for members to get involved. However, whether
or not a single GA is appropriate should perhaps best be considered by STIR
in STIR. Certainly, in designing new systems, I would not recommend or
encourage the use of third-party CAs, especially for validation, as an
apriori good. The issues shown, through the academic literature, the
market, and through technical compliance measures like Certificate
Transparency, shows the number of harms that can arise from that.
On Fri, Dec 8, 2017 at 4:18 PM, Tony Rutkowski <tony at yaanatech.com> wrote:
> Hi Ryan,
> I did not mean to imply that the Forum should be
> the Governing Authority - only that some consideration
> should be given to something other than a single GA
> for traffic exchange other than a designated monopoly
> under a FCC mandate for a global identifier system.
> You articulation of some of the tradeoffs is the kind of
> discussion that has not apparently even occurred. The
> subject deserves a broader discussion and treatment
> within the Forum and among vendors/providers even
> if it is provided only as guidance.
> On 08-Dec-17 2:19 PM, Ryan Sleevi wrote:
> > whether or not STIR opts for a centralized PKI or a distributed PKI is
> > a situation best evaluated by the STIR participants in accordance with
> > their needs, which, despite both utilizing certificates, does not
> > inherently mean there is overlap with the set of the CA/Browser forum
> > needs.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public