GPA wording (was RE: [Dundi] Looking Glass)

Brian West brian at bkw.org
Fri Oct 29 11:04:05 CDT 2004 

Ed,
	You make some very good points.

bkw

> -----Original Message-----
> From: dundi-bounces at lists.digium.com [mailto:dundi-
> bounces at lists.digium.com] On Behalf Of Ed Guy
> Sent: Friday, October 29, 2004 10:45 AM
> To: Distributed Universal Number Discovery
> Subject: GPA wording (was RE: [Dundi] Looking Glass)
> 
> 
> >....  What can be done unauthenticated needs to be decided and
> >that term "specific", ironically, made more specific.
> 
> #anal mode on full.
> 
> Actually, its probably the other way around, more exceptions
> might be useful: if the word "specific" were removed, then you
> could clearly release no information obtained from the
> e164-trust group.
> 
> The only permitted disclosure it that which occurs naturally
> in call signaling and that signaling must initially be sent
> from a trust group member to the terminating service. This limitation
> means:
> * one cannot build a public ENUM wrapper on top of DUNDi
> * A DUNDi node MAY NOT refer a caller to the terminating service,
>   e.g., using SIP 302. They must start the call on their behalf.
> as well as prohibiting many other forms of disclosure.
> 
> It may be useful to release collective statistics about number of nodes,
> number of queries, latencies, etc. But, these are "Explicitly set forth;
> definite." and thus still covered by "specific".  It seems that
> "Specific" adds little value. (oops, sorry.)
> 
> The EIDs to which a node is connected are obtained from the local
> configuration and not obtained from the peering system,  thus,
> OK to release (It's your configuration data.)  But Pings time
> implemented with DUNDi NULL commands are obtained from the peering system,
> and are private. (But, ICMP ping times to the same node are not.)
> 
> Is there any non-specific information which ought to be released?
> 
> #anal mode off (or at least, back to normal ;-) )
> 
> While the statistics that have been released so far are
> useful,  I don't want to give anyone carte-blanche to release them
> in the future.  We cant possibly envision all the ways this data can
> be combined to be used against any of the participating services.
> 
> So, while the next version of the GPA should strike the word "specific"
> it does not warrant a revision for that purpose.
> 
> /ed
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: dundi-bounces at lists.digium.com
> [mailto:dundi-bounces at lists.digium.com]On Behalf Of Mark Spencer
> Sent: Friday, October 29, 2004 1:38 AM
> To: Distributed Universal Number Discovery
> Subject: RE: [Dundi] Looking Glass
> 
> 
> > is a dim one with no such way to monitor, test and spot problems in the
> > network DUNDi+GPA will fail.  You yourself said DUNDi would either be a
> big
> > success or a huge flop.   The internet suffers the same issues... IP
> > addresses, whois records and websites.  I don't see any difference in
> this
> > vs call routing.  Anyway that's my two cents.
> 
> You can test and spot problems in a more controlled way, we just have to
> determine what it is.  It's not that the tool is bad, it's that it's
> uncontrolled.  What can be done unauthenticated needs to be decided and
> that term "specific", ironically, made more specific.
> 
> Mark
> _______________________________________________
> Dundi mailing list
> Dundi at lists.digium.com
> http://lists.digium.com/mailman/listinfo/dundi
> 
> _______________________________________________
> Dundi mailing list
> Dundi at lists.digium.com
> http://lists.digium.com/mailman/listinfo/dundi

More information about the Dundi mailing list