Subject: [IP] more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
Begin forwarded message:
From: Bob Frankston <Bob2firstname.lastname@example.org>
Date: October 2, 2005 7:02:48 PM EDT
To: email@example.com, 'Ip Ip' <firstname.lastname@example.org>
Cc: 'Brad Templeton' <email@example.com>, Hiawatha Bray <firstname.lastname@example.org>
Subject: RE: [IP] more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
It's a bit more difficult to see this with the DNS because as the many
message show -- there's a lot invested in the current DNS as people build
upon the simplistic assumption that someone is taking care of the hard
problems and now we can have business and mechanisms that take advantage of
the names in the DNS. To the extent it doesn't seem to quite work we hope a
few tweaks will solve the problems.
We see this less with Caller-ID because it's so limited and the simple end
point devices can't do much beyond block/nonblock. But sticking with that
assumption means we can't take advantage of the text messaging channel
rather than having to answer a "ring". Caller-ID doesn't even make it
across many network boundaries and the name is actually a reverse lookup
and not necessarily data. On a cell phone it looks it up in your address
book using a dumb algorithm.
I'll also respond to Hiawatha's question about what does it mean for Europe
to take control. It's a good question because "control of what". Here too,
we see piling on as if there were something real and intrinsic. Controlling
the DNS is seen as controlling the magic names that define the Internet.
Notice how often it's called "The Web" not The Internet because it's about
commerce and meaning not technology.
I realize my "beyond DNS" letter was opaque or too easily misinterpreted.
Explaining all the concepts requires far more than most would want to read.
So I'll try to stick to pointing out obvious absurdities while simply
noting that we don't have to use bad mechanisms because there are better
approaches. The reason we cling to what seems to work is what we want to
believe it works and thus look for confirmation rather than critical
-----Original Message----- From: David Farber [mailto:email@example.com] Sent: Sunday, October 02, 2005 18:23 To: Ip Ip Subject: [IP] more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
Begin forwarded message:
From: Brad Templeton <firstname.lastname@example.org> Date: October 2, 2005 6:07:54 PM EDT To: David Farber <email@example.com> Cc: Ip Ip <firstname.lastname@example.org> Subject: Re: [IP] How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
Unfortunately, just as caller-ID gets going, people are now learning it has no authentication. It's just a token passed along among providers, with no trust rules or contracts, and lots of people have accounts with providers that can provide fake caller id. Furthermore since the protocol was not designed with any means to authenticate it, it's unlikely to ever be authenticated. It's more like the From line of email.
I met one fellow who runs around demonstrating to various voice mail providers who let you into your voice mail without a password if the caller-id matches the box owner how this allows any interested party into the mail box. Slowly they are getting convinced to at least offer a passcode to the customer.
This is a shame, in that there would be a lot of applications which could be enabled by authenticated caller-id, not just quicker access to voice mail. Of course you would still want the option to not authenticate or be anonymous when desired.
Archives at: http://www.interesting-people.org/archives/interesting- people/
Archives at: http://www.interesting-people.org/archives/interesting-people/
Powered by eList eXpress LLC