Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05

From: David Farber <dave () farber net>
Date: Sun, 2 Oct 2005 18:23:00 -0400


Begin forwarded message:

From: Brad Templeton <btm () templetons com>
Date: October 2, 2005 6:07:54 PM EDT
To: David Farber <dave () farber net>
Cc: Ip Ip <ip () v2 listbox com>
Subject: Re: [IP] How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05 



Unfortunately, just as caller-ID gets going, people are now learning it
has no authentication.   It's just a token passed along among providers,
with no trust rules or contracts, and lots of people have accounts
with providers that can provide fake caller id.  Furthermore since the
protocol was not designed with any means to authenticate it, it's unlikely 
to ever be authenticated.  It's more like the From line of email.
I met one fellow who runs around demonstrating to various voice mail providers who let you into your voice mail without a password if the caller-id matches the box owner how this allows any interested party into the mail box. Slowly 
they are getting convinced to at least offer a passcode to the customer.
This is a shame, in that there would be a lot of applications which could 
be enabled by authenticated caller-id, not just quicker access to voice
mail.   Of course you would still want the option to not authenticate or
be anonymous when desired.




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: