[Dundi] Looking Glass

Mark Spencer markster at digium.com
Fri Oct 29 00:05:53 CDT 2004 

This is an extremely slippery slope.

The most important things DUNDi/e164 can do are to preserve the integrity 
and the privacy of the members participating.  When you publically make 
available information outside of the trust group, you are weakening the 
privacy of the members within the group.

The question is whether the existing language provides sufficient 
protections.

Section 2f was explicitly created to prevent the dissimination of the 
routes or any portion of them outside the trust group.

If the language in 2f is not strong enough to make that protection, we may 
need to revise it and publish a new revision of the GPA, but upgrading the 
GPA is not an easy task -- everyone would have to re-execute the new 
version, effective a common time, at which point people who were only 
running the old one would have to be cut off.  Obviously this is a fairly 
impractical scenario -- but much more practical right now since we have 
only a few tens of nodes.

When I made my talk about DUNDi at VON, I was approached after my talk by 
the CEO of Vonage who waited in line in order to tell me he would *never* 
use this system (or ENUM) or anything which allowed any ability for 
someone to determine who his customers were, no matter how circuitous (I 
told him I could make a web site that would pay $2 for anyone that was a 
vonage customer but he didn't seem to consider that a likely one).

DUNDi/e164 has both a technical and non-technical portion.  There is a lot 
of debate about the scalability of either.  The scalability of the 
technical side is rather easily measurable, and there is a path to 
improving it (I should have the push stuff done before too long).  The 
non-technical piece can only be scalable if it is enforced 100%, right 
from the start, and any infraction is immediately attacked.  If violations 
become widespread, then truly, it will become worthless at large.

I cannot stress the importance of maintaining accuracy and privacy of 
these numbers within the Trust Group and no amount of fancy diagnostic 
tools are worth that risk.

Mark


On Thu, 28 Oct 2004, Brian West wrote:

> Ok I think the new LG is more of what we need.  It doesn't display any
> identifying info about the route and I think that still follows the spirit
> of the GPA... What about you?
>
> bkw
>
>> -----Original Message-----
>> From: dundi-bounces at lists.digium.com [mailto:dundi-
>> bounces at lists.digium.com] On Behalf Of Scott Wolf
>> Sent: Thursday, October 28, 2004 10:34 PM
>> To: Distributed Universal Number Discovery
>> Subject: Re: [Dundi] Looking Glass
>>
>> I am now filtering out all user/pass's, EID's, and IP/Host's. Basically
>> just if a route exists, and cache info. EID lookup is also disabled.
>>
>> Would a click through of the GPA be enough to allow full access?
>>
>> Scott Wolf
>> wolfson
>>
>> Martin List-Petersen wrote:
>>
>>
>> 	Yes/No is a bit too little. You might want to know, if a old entry
>> is being
>> 	pushed or not. So masking the output to a certain degree probably is
>> the best
>> 	solution.
>>
>> 	/Marlow
>>
>> 	Quoting Brian West <brian at bkw.org> <mailto:brian at bkw.org> :
>>
>>
>>
>> 		I think the tool is acceptable if any info about where or
> who
>> the number
>> 		goes is masked.  I think the best response is to say YES we
>> see it or NO we
>> 		don't and the weight of the result if any.  It will also
> help
>> try to see if
>> 		the rest of the network sees you from X or Y perspective.
>> What does
>> 		everyone else think?
>>
>> 		bkw
>>
>>
>>
>> 			-----Original Message-----
>> 			From: dundi-bounces at lists.digium.com [mailto:dundi-
>> 			bounces at lists.digium.com] On Behalf Of Mark Spencer
>> 			Sent: Thursday, October 28, 2004 9:43 PM
>> 			To: dundi at lists.digium.com
>> 			Subject: Re: [Dundi] Looking Glass
>>
>> 			The DUNDi Looking Glass, while neat, is also in
>> violation of GPA section
>> 			2f:
>>
>> 			     (f) A Participant may not disclose any specific
>> Route, Service or
>> 			         Participant contact information obtained
> from
>> the Peering System
>> 			         to any party outside of the Peering System
>> except as a
>> 			         by-product of facilitating communication in
>> accordance with
>> 			         section 2e (e.g., phone books or other
>> databases may not be
>> 			         published, but the Internet addresses of
> the
>> Egress Gateway or
>> 			         Service does not need to be obfuscated.)
>>
>> 			I would like to solicit feedback from the list about
> how
>> this tool might
>> 			be more appropriately used.
>>
>>
>>
>>
>> 	_______________________________________________
>> 	Dundi mailing list
>> 	Dundi at lists.digium.com
>> 	http://lists.digium.com/mailman/listinfo/dundi
>>
>>
>
>
> _______________________________________________
> Dundi mailing list
> Dundi at lists.digium.com
> http://lists.digium.com/mailman/listinfo/dundi
>

More information about the Dundi mailing list