GPA wording (was RE: [Dundi] Looking Glass)

Ed Guy edguy at pulver.com
Fri Oct 29 10:44:34 CDT 2004 

>....  What can be done unauthenticated needs to be decided and
>that term "specific", ironically, made more specific.

#anal mode on full.

Actually, its probably the other way around, more exceptions
might be useful: if the word "specific" were removed, then you
could clearly release no information obtained from the
e164-trust group.

The only permitted disclosure it that which occurs naturally
in call signaling and that signaling must initially be sent
from a trust group member to the terminating service. This limitation
means:
* one cannot build a public ENUM wrapper on top of DUNDi
* A DUNDi node MAY NOT refer a caller to the terminating service,
  e.g., using SIP 302. They must start the call on their behalf.
as well as prohibiting many other forms of disclosure.

It may be useful to release collective statistics about number of nodes,
number of queries, latencies, etc. But, these are "Explicitly set forth;
definite." and thus still covered by "specific".  It seems that
"Specific" adds little value. (oops, sorry.)

The EIDs to which a node is connected are obtained from the local
configuration and not obtained from the peering system,  thus,
OK to release (It's your configuration data.)  But Pings time
implemented with DUNDi NULL commands are obtained from the peering system,
and are private. (But, ICMP ping times to the same node are not.)

Is there any non-specific information which ought to be released?

#anal mode off (or at least, back to normal ;-) )

While the statistics that have been released so far are
useful,  I don't want to give anyone carte-blanche to release them
in the future.  We cant possibly envision all the ways this data can
be combined to be used against any of the participating services.

So, while the next version of the GPA should strike the word "specific"
it does not warrant a revision for that purpose.

/ed






-----Original Message-----
From: dundi-bounces at lists.digium.com
[mailto:dundi-bounces at lists.digium.com]On Behalf Of Mark Spencer
Sent: Friday, October 29, 2004 1:38 AM
To: Distributed Universal Number Discovery
Subject: RE: [Dundi] Looking Glass


> is a dim one with no such way to monitor, test and spot problems in the
> network DUNDi+GPA will fail.  You yourself said DUNDi would either be a
big
> success or a huge flop.   The internet suffers the same issues... IP
> addresses, whois records and websites.  I don't see any difference in this
> vs call routing.  Anyway that's my two cents.

You can test and spot problems in a more controlled way, we just have to
determine what it is.  It's not that the tool is bad, it's that it's
uncontrolled.  What can be done unauthenticated needs to be decided and
that term "specific", ironically, made more specific.

Mark
_______________________________________________
Dundi mailing list
Dundi at lists.digium.com
http://lists.digium.com/mailman/listinfo/dundi

More information about the Dundi mailing list