[Dundi] Looking Glass

Brian West brian at bkw.org
Fri Oct 29 00:21:17 CDT 2004 

Well that pretty much sums it up.  The fate of DUNDi when used with the GPA
is a dim one with no such way to monitor, test and spot problems in the
network DUNDi+GPA will fail.  You yourself said DUNDi would either be a big
success or a huge flop.   The internet suffers the same issues... IP
addresses, whois records and websites.  I don't see any difference in this
vs call routing.  Anyway that's my two cents.

bkw

> -----Original Message-----
> From: dundi-bounces at lists.digium.com [mailto:dundi-
> bounces at lists.digium.com] On Behalf Of Mark Spencer
> Sent: Friday, October 29, 2004 12:06 AM
> To: Distributed Universal Number Discovery
> Subject: RE: [Dundi] Looking Glass
> 
> This is an extremely slippery slope.
> 
> The most important things DUNDi/e164 can do are to preserve the integrity
> and the privacy of the members participating.  When you publically make
> available information outside of the trust group, you are weakening the
> privacy of the members within the group.
> 
> The question is whether the existing language provides sufficient
> protections.
> 
> Section 2f was explicitly created to prevent the dissimination of the
> routes or any portion of them outside the trust group.
> 
> If the language in 2f is not strong enough to make that protection, we may
> need to revise it and publish a new revision of the GPA, but upgrading the
> GPA is not an easy task -- everyone would have to re-execute the new
> version, effective a common time, at which point people who were only
> running the old one would have to be cut off.  Obviously this is a fairly
> impractical scenario -- but much more practical right now since we have
> only a few tens of nodes.
> 
> When I made my talk about DUNDi at VON, I was approached after my talk by
> the CEO of Vonage who waited in line in order to tell me he would *never*
> use this system (or ENUM) or anything which allowed any ability for
> someone to determine who his customers were, no matter how circuitous (I
> told him I could make a web site that would pay $2 for anyone that was a
> vonage customer but he didn't seem to consider that a likely one).
> 
> DUNDi/e164 has both a technical and non-technical portion.  There is a lot
> of debate about the scalability of either.  The scalability of the
> technical side is rather easily measurable, and there is a path to
> improving it (I should have the push stuff done before too long).  The
> non-technical piece can only be scalable if it is enforced 100%, right
> from the start, and any infraction is immediately attacked.  If violations
> become widespread, then truly, it will become worthless at large.
> 
> I cannot stress the importance of maintaining accuracy and privacy of
> these numbers within the Trust Group and no amount of fancy diagnostic
> tools are worth that risk.
> 
> Mark
> 
> 
> On Thu, 28 Oct 2004, Brian West wrote:
> 
> > Ok I think the new LG is more of what we need.  It doesn't display any
> > identifying info about the route and I think that still follows the
> spirit
> > of the GPA... What about you?
> >
> > bkw
> >
> >> -----Original Message-----
> >> From: dundi-bounces at lists.digium.com [mailto:dundi-
> >> bounces at lists.digium.com] On Behalf Of Scott Wolf
> >> Sent: Thursday, October 28, 2004 10:34 PM
> >> To: Distributed Universal Number Discovery
> >> Subject: Re: [Dundi] Looking Glass
> >>
> >> I am now filtering out all user/pass's, EID's, and IP/Host's. Basically
> >> just if a route exists, and cache info. EID lookup is also disabled.
> >>
> >> Would a click through of the GPA be enough to allow full access?
> >>
> >> Scott Wolf
> >> wolfson
> >>
> >> Martin List-Petersen wrote:
> >>
> >>
> >> 	Yes/No is a bit too little. You might want to know, if a old entry
> >> is being
> >> 	pushed or not. So masking the output to a certain degree probably is
> >> the best
> >> 	solution.
> >>
> >> 	/Marlow
> >>
> >> 	Quoting Brian West <brian at bkw.org> <mailto:brian at bkw.org> :
> >>
> >>
> >>
> >> 		I think the tool is acceptable if any info about where or
> > who
> >> the number
> >> 		goes is masked.  I think the best response is to say YES we
> >> see it or NO we
> >> 		don't and the weight of the result if any.  It will also
> > help
> >> try to see if
> >> 		the rest of the network sees you from X or Y perspective.
> >> What does
> >> 		everyone else think?
> >>
> >> 		bkw
> >>
> >>
> >>
> >> 			-----Original Message-----
> >> 			From: dundi-bounces at lists.digium.com [mailto:dundi-
> >> 			bounces at lists.digium.com] On Behalf Of Mark Spencer
> >> 			Sent: Thursday, October 28, 2004 9:43 PM
> >> 			To: dundi at lists.digium.com
> >> 			Subject: Re: [Dundi] Looking Glass
> >>
> >> 			The DUNDi Looking Glass, while neat, is also in
> >> violation of GPA section
> >> 			2f:
> >>
> >> 			     (f) A Participant may not disclose any specific
> >> Route, Service or
> >> 			         Participant contact information obtained
> > from
> >> the Peering System
> >> 			         to any party outside of the Peering System
> >> except as a
> >> 			         by-product of facilitating communication in
> >> accordance with
> >> 			         section 2e (e.g., phone books or other
> >> databases may not be
> >> 			         published, but the Internet addresses of
> > the
> >> Egress Gateway or
> >> 			         Service does not need to be obfuscated.)
> >>
> >> 			I would like to solicit feedback from the list about
> > how
> >> this tool might
> >> 			be more appropriately used.
> >>
> >>
> >>
> >>
> >> 	_______________________________________________
> >> 	Dundi mailing list
> >> 	Dundi at lists.digium.com
> >> 	http://lists.digium.com/mailman/listinfo/dundi
> >>
> >>
> >
> >
> > _______________________________________________
> > Dundi mailing list
> > Dundi at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/dundi
> >
> _______________________________________________
> Dundi mailing list
> Dundi at lists.digium.com
> http://lists.digium.com/mailman/listinfo/dundi

More information about the Dundi mailing list