<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

RE: RE : data point - anonymous E.164 number usage


Olivier

I think you may be correct.

We need to not lose sight of why we are validating a person's identity in the context of ENUM authentication.

In brief, the telco record (by whichever means it's accessed) will confirm that a number is assigned to a given entity.  That doesn't confirm that the applicant is that entity, which is where the validation comes in.

For example, BT could confirm that my home number is assigned to Paul Rosbotham.  What BT cannot confirm, however, is that an applicant to "ENUM-registrationsRUs" who supplies my name & phone number on their application is in fact Paul Rosbotham.  This is where validation comes in.

Now, if, for a given cateogory of numbers e.g. prepay mobiles in some countries, it becomes apparent that the telco record can't in fact tie the number to a named entity, it follows that there's not much merit in going any further with the authentication.  The big question is, do you (a) find another means of assessing ownership, (b) bar these numbers from provision as the ramifications are too complex, or (c) not bother with authentication for these numbers, and perhaps pick up any disputes later.

This is one for the mobile operators to discuss with the ENUM community, and I'm glad I'm in a position and to sit back and watch...

Whatever, all of this is quite different to (and probably less important than) any policy issues that may or may not exist generically around identifying prepay customers, e.g. whether it's desirable/acceptable to the authorities for any communications to be totally anonymous.

Cheers

Paul 

> -----Original Message-----
> From:	Olivier.Girard@localhost [SMTP:Olivier.Girard@localhost]
> Sent:	Friday, February 27, 2004 9:39 AM
> To:	ag@localhost jseng@localhost
> Cc:	enum-l@localhost enum-trials@localhost enum-trial@localhost
> Subject:	RE : data point - anonymous E.164 number usage
> 
> Dear All, 
> 
> I think we should make a difference here. In my opinion, the interest of
> validation in ENUM is not to know WHO is owner of an E.164 number or WHO has
> the right to use an ENUM domain name. The role of ENUM validation is
> primarily the ensure that only the one who has the right to use an E.164
> number can use the associated ENUM domain name. Nothing more.
> 
> The integrity of the link between an E.164 number and its associated ENUM
> domain name is the central point and preserving it does not require the
> identification or authentication of the user. 
> 
> In my opinion, it is sligthly different from the authentication process in
> the mobile prepaid world...
> 
> Am I wrong...? 
> 
> Best, 
> 
> Olivier     
> 
> -----Message d'origine-----
> De : enum-trials-admin@localhost [
] De la > part de Adrian Georgescu > Envoy> é : vendredi, 27. février 2004 10:03 > À : James Seng > Cc : enum-l@localhost enum-trials@localhost enum-trial@localhost > Objet : Re: data point - anonymous E.164 number usage > > > James, > > The point is that before a model of authentication and authorization is > designed for a specific market, it is advisable to take a look out > there "in the real world" to see if or to which extent the effort is > justified. Otherwise, we could delay or block the introduction of a new > technology just because paper-work requires effort which does not > compensate what the end service delivers (cost > benefit). > > Adrian > > On 27 Feb 2004, at 01:16, James Seng wrote: > > > And the point is?... > > > > Michael Haberler wrote: > >> In the context of validation of numbers for ENUM, I have tried to > >> estimate the amount of mobile users which have totally anonymously > >> bought a prepaid SIM card, or in other words, users of E.164 numbers > >> which have no trace at all in a phonebook or other records.> > >> In the EU, all countries except Germany, Hungary and Italy permit > >> totally anonymous purchase of prepaid SIM cards. This indicates that > >> about 65% of the EU population have access to anonymous mobile > >> service (even in Italy, just a taxpayer code is needed which is not > >> subscriber data but allows to track down a user for law enforcement - > >> but lets leave that out for the sake of argument; in France I > >> understand a record is made for purposes of recovering a lost SIM > >> card but not for proof of identity). > >> There are about 400 Million mobile users in Europe, and penetration > >> of prepaid is about 40%. Assuming that nobody registers if he doesnt > >> have to, and multiplying those figures a ballpark estimate is that > >> *there are about 100 Million E.164 numbers in use in Europe without > >> any subscriber data just through the use of prepaid SIM cards. > >> *-Michael > > ********************************************************************** This message may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. **********************************************************************

<<< Chronological >>> Author    Subject <<< Threads >>>