Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

[Michael Thomas <mike () mtcc com>]

On 5/16/24 4:17 PM, Brandon Martin wrote:
> I think the issue with their lack of effectiveness on spam calls is 
> due to the comparatively small number of players in the PSTN (speaking 
> of both classic TDM and modern IP voice-carrying and signaling 
> networks) world allowing lots of regulatory capture. That's going to 
> keep the FCC from issuing mandatory rules much beyond what much of the 
> industry is on the road to implementing already to keep their 
> customers placated.

I think it should be pointed out that the STIR/SHAKEN crowd doesn't 
really get it either. The problem is mainly a problem of the border 
between bad guys and the onramps onto the PSTN. SIP has made that dirt 
cheap and something anybody can do it for nothing at all down in their 
basements. It's essentially the same thing as email back in the days of 
open relays and no submission auth. STIR/SHAKEN obfuscated that problem 
by trying to solve the problem of who is allowed to assert what E.164 
address when it's much easier to solve in the "where did this come from 
and who should I blame?" realm. I don't hear anybody moaning about 
deploying DKIM except maybe spammer sites that don't want accountability 
and their onramp sites that turn a blind eye making money off them. They 
care these days because for legit senders, baddies cost them money due 
to deliverability. It would have been trivial to attach a DKIM like 
signature to SIP messages and be done with it instead of trying to boil 
the legacy addressing ocean. I should know, I did that for shits and 
giggles about 20 years ago.

Mike