[Asterisk-Dev] DUNDi (Was: A crazy idea... Skype channel
in Asterisk)
Michael Loftis
mloftis at wgops.com
Wed Oct 20 23:35:34 MST 2004
--On Wednesday, October 20, 2004 15:52 +0100 Kevin Walsh <kevin at cursor.biz>
wrote:
> Duane [duane at e164.org] wrote:
>> But that's the problem, how do you prove someone has a phone number
>> without a central registry? Well unless you're planning to dial email
>> addresses that match the email address on the PGP keys...
>>
> Before you read any further, I should state that I haven't read the
> whole of the "internet draft" document yet. I have read the "white
> paper" and the "GPA".
>
> It seems to me that if I could con someone into to peering with me,
> such that I then get access to the "trust network", I could claim to
> be the owner of the phone number for several major banks. I could
> answer my phone using the appropriate bank's name and get all manner
> of confidential details out of people. After all, they called me
> so I must be a bank employee, right? The scam would probably work
> for ages until someone, somehow, noticed and shut me down. How is
> that guarded against? I know that the GPA covers this, but that
> document only provides a legal means of removing the peer - the
> problem would have to be discovered, reported and investigated first.
BGP works like this. Most of the time if oyu can peer with a "Tier 1"
provider, you advertise service for any given netblock you please. route
filtering and such is nowhere near as common as people would like to think.
More information about the asterisk-dev
mailing list