RE : data point - anonymous E.164 number usage
- Date: Sat, 28 Feb 2004 11:20:30 +0100
I fully agree with Olivier:
We have here two complete separate problems:
1. Identification required to get an E.164 number.
This is a problem that has nothing to do with ENUM and should be kept
completely separate. That prepaid cards are given out in some (most) countries
without proper id is NOT an ENUM problem.
If some legal entity wants to get the identification of a person or entity assigned
an E.164 number, it should use the existing infrastructure. This is also holds if they
want to know the identity holding an e164.arpa domain related to this number if
no contact information is available.
ENUM is not here to solve OPPs (Other People Problems)
2. The only thing that ENUM needs to provide is consistency in the
E.164 name space, that is: a e614.arpa domain shall only be delegated if
and only for the period of time the associated E.164 number is assigned to
a person or entity and it shall be delegated to the SAME person or entity.
As Olivier shows this does not necessarily require to reveal the entity of the person,
especially not on mobile phone if you use the access to the identification token
(e.g a SIM-card), but there ara also possibilities for fixed lines.
For regulators, they should only state the requirement and not the procedure
how to do this, because you can do this in many different ways. They will of course
have the right to check a given procedure if it complies to the requirement given.
3. In case of ENUM-only numbers the validation problem is not existent, because
the domain in e164.arpa IS the E.164 number, so there is consistency in the
name space per default. The identification problem remains,
but has to be solved at least nationally equivalent to other number ranges, especially mobiles.
If it is allowed to have anonymous number usage there, it must also be allowed to have
it here. So this is a national problem. Because it cannot be quod licet Jovi, not licet bovi ;-)
Last note: this does not hinder anybody wanting to give his identity to either an
ENUM contact info or a phone directory. In case of ENUM-only numbers the
normal procedure like with all other numebrs could apply (e.g entry in phone book
and possibility to opt-out)
regards
Richard
-----Ursprüngliche Nachricht-----
Von: Olivier.Girard@localhost [
]
Gesendet: Sa 28.02.2004 10:24
An: jim@localhost Olivier.Girard@localhost
Cc: ag@localhost jseng@localhost enum-l@localhost enum-trials@localhost enum-trial@localhost
Betreff: RE : RE : data point - anonymous E.164 number usage
>> As you say, it's proving that this entity has the right to use a given
E.164 number
>> is what matters. Unfortunately that usually means identifying this
entity... :-)
Not sure Jim...
If the allocation of an E.164 number to XYZ is accompanied with a validation
piece (password, certificate, digsig key or whatever it is...) which becomes
invalid as soon as XYZ is not anymore owner of the number and that this
piece is checked every time XYZ want to use her/his number in relation to a
service (not only ENUM but every service which require the use of an E.164
number), then you do not need to identify the person. In that case you have
only to check if the validation piece is valid.
This, of course, needs a review of the E.164 number allocation policy which
is national matter...
In my opinion, we should focus on a generic solution (not only related to
ENUM).
Today, I can use my mobile number to register for a web based SMS service
which offers me to send SMS from the web keeping my mobile number (it works
also with anonymous prepaid!). The registration check is made via SMS (you
get a "validation" password via SMS). The problem is: when I cease the
contract with my mobile operator I can continue to send SMS using my old
mobile number. Of course I can not get any reply to the SMS I have sent
because the number is not allocated anymore (unless the associated ENUM
Domain & NAPTR remain active after the E.164 number has been deactivated...
;o) )
In my opinion, there are two critical things:
1 - the point where an E.164 number is registered for a service (it can be
ENUM, SMS, etc... but also telephony)
2 - the point where an E.164 number is not used anymore by the user and
given back to the "allocator" (at this time, all registrations made with
this number must be cancelled. For this, it is necessary that all service
providers who have a relationship with the number be informed accordingly or
that all those service providers make a periodic check of the validation
piece.
Is it a way to work on ?
-----Message d'origine-----
De : Jim Reid []
Envoyé : vendredi, 27. février 2004 23:43
À : Olivier.Girard@localhost
Cc : ag@localhost jseng@localhost enum-l@localhost
enum-trials@localhost enum-trial@localhost
Objet : Re: RE : data point - anonymous E.164 number usage
>>>>> "Olivier" == Olivier Girard <Olivier.Girard@localhost
>>>>> writes:
Olivier> Dear All, I think we should make a difference here. In my
Olivier> opinion, the interest of validation in ENUM is not to
Olivier> know WHO is owner of an E.164 number or WHO has the right
Olivier> to use an ENUM domain name. The role of ENUM validation
Olivier> is primarily the ensure that only the one who has the
Olivier> right to use an E.164 number can use the associated ENUM
Olivier> domain name. Nothing more.
Absolutely! There is a very subtle but important difference here and you're
right to underline it.
I think we're all guilty of being too loose with our terminology and
confusing identity with authentication and/or validation. The identity of
whatever it is that registers an E.164 number shouldn't matter. As you say,
it's proving that this entity has the right to use a given E.164 number is
what matters. Unfortunately that usually means identifying this entity...
:-)