[enum-wg] ENUM - do you trust the other guy? are you ready to go without DNSSEC?
Rui Ribeiro racribeiro at gmail.com
Mon Nov 2 02:41:53 CET 2009
Hi all, Last week I was talking with some guys, and I had same new/old view of the ENUM problem... do you think that the DNS records are reliable? will they allways be reliable? Let's supose something... I have this problem... I have a register on ENUM, but there isn't any gain for me with it. What if I register on my number a "tel:" (or any other kind of) register to a "number" that I receive a fee when someone calls? Since most of the VoIP systems are enabled to try to reach the number, what ever is the answer (sip, tel, ...), it will (most likely) call the "tel:" register, no questions asked! The user would get the call and pay (a lot more than e could anticipated), the callee would answer the call and receive money from it. Would you trust an ENUM record to a number/address that you don't no nothing about? I don't know how the valued added numbers are on the other countries. As well as I know, any number can be a legit number... but, in fact, it may be a really expensive number! You may say... well, that's not a bad thing and there are ways to prevent it, and so on... are there really? Some possibilities: 1. IVR on each caller PBX stating that the number being called is not what the user has dialled; 2. caller PBX understands that the number being called is not what the user has dialled, blocks call; 3. don't look/accept at "tel:" records to numbers/prefixes that aren't trusted/allowed; 4. list the ENUM records prior to effectivly dial the call (as I've seen on the ENUM android client, but impossible to make available to all the user terminals worldwide). This has a faillure... it depends on the caller PBX (permanent) configuration and the hability for the user to understand what it implies. Let's say that you trust the other guy. Are you ready to go without DNSSEC? What if, someone (aka hacker) has changed your good and reliable ENUM records to some kind of trickery like described above? The more it goes, the more I think that "User ENUM" shouldn't aspire to superimpose the numbering of telcos worldwide. The user my be "confused", the regulators and telcos are getting crazy, ENUM doesn't start althought it is very promissing to some parts of the emerging markets. Is there any (wild) chance that RIPE would start to manage E164 numbers on e164.arpa tree? The e164 CC would be some unused yet (refering to the Internet and not any geo-location), It could be IP style managed where LIR's would be tier-2 registrars. This way we, the users, could benifit from being on "the" big, oficial, reliable, trusted tree without the hassle of managing the numbers with regulators and operators. That prefix would define "User Internet VoIP" worldwide, which would be much easier to market and for operators to interconnect with later on. (please flame me... I feel I'm going into the dark side!) Rui Ribeiro racribeiro at gmail.com
[ enum-wg Archives ]