[Asterisk-Dev] DUNDi (Was: A crazy idea... Skype channel in
Asterisk)
Kevin Walsh
kevin at cursor.biz
Wed Oct 20 07:52:30 MST 2004
Duane [duane at e164.org] wrote:
> But that's the problem, how do you prove someone has a phone number
> without a central registry? Well unless you're planning to dial email
> addresses that match the email address on the PGP keys...
>
Before you read any further, I should state that I haven't read the
whole of the "internet draft" document yet. I have read the "white
paper" and the "GPA".
It seems to me that if I could con someone into to peering with me,
such that I then get access to the "trust network", I could claim to
be the owner of the phone number for several major banks. I could
answer my phone using the appropriate bank's name and get all manner
of confidential details out of people. After all, they called me
so I must be a bank employee, right? The scam would probably work
for ages until someone, somehow, noticed and shut me down. How is
that guarded against? I know that the GPA covers this, but that
document only provides a legal means of removing the peer - the
problem would have to be discovered, reported and investigated first.
The various ENUM repositories seem to attempt to verify the submitted
numbers in advance of publication, and would therefore appear more
trustworthy - assuming you trust the ENUM repository administrators,
of course.
Also, it seems to me that every DUNDi peer must be queried for every
new request. This would only happen for numbers that have not already
been cached and have not expired due to TTL expiry. If this happens
then will every DUNDi peer on the planet eventually get queried for
every original request made by any client (query depth limits
notwithstanding)? Apart from the wasted bandwidth, it could take all
year to find that a requested number is simply not in the system.
The ENUM, being central, has the advantage of knowing how to direct
each request to aim directly for the node that is responsible for the
requested number.
Perhaps I'll read the internet draft tomorrow and try to achieve some
form of enlightenment before asking any more (probably stupid) questions.
I think I'm just lacking a fundamental understanding of the whole point
of the system. Perhaps I'll love it once I've worked out what it's for.
:-)
Final questions: If DUNDi is aiming to become an open standard then
why is its name asserted as a trademark in the "white paper" and on the
website (although not in the "internet draft", it seems)? Also, I
couldn't help but notice that the "internet draft" specifically opts
out of section 10 of RFC 2026 (the IETF's intellectual property
"disclaimer"). Why is that? Are these not barriers to the future
acceptance of the protocol as a full RFC?
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the asterisk-dev
mailing list