[Dundi] [RFC] GPA accountability/recourse and potential protocol addition

[Mark Spencer]

> However, the fact that the call arrived from an unknown (to us) IP address, 
> and that the call setup information is not required to contain any 
> GPA-related details, means I cannot trace back these calls to their source. 
> At best, I can trace them to the purported owner of the IP address they came 
> from, but that is all.

Presumably you're running with a rotating secret which *is* a GPA related 
detail.  That means that whomever sent you that call *must* have obtained 
that secret from you.  We could enable logging to make it easier to see 
who had queried your system to help track down who sent you the call.

> For us, as an ITSP publishing routes to end-user TNs, this is not acceptable. 
> If we publish the route as "no unsolicited" calls, we better have some means 
> of quickly addressing an end-user's complaint about receiving such calls, or 
> we are likely to lose the customer.

You can find out who queried the system and even if *their* information is 
invalid, their IP is filled in by the next-to-last peer, and if that is 
forged you can still find out which of your neighbors sent you the query 
and track it that way.

> I don't know of a good solution to this, although I can think of one 
> possibility: if there was a way to query for an _IP address_ through the 
> peering network, so that any peers that are communicating with that IP 
> address could supply its EID, then I can do a query on the EID to obtain 
> contact information. If this IP->EID query does not result in useful contact 
> information, then I won't feel bad about blocking the IP entirely. If it 
> does, I can then take action to contact the peer in question, so that they 
> can address the issue.

The best thing would be if there was a way to use the EID and public key 
to somehow authenticate the call.

Mark