[conspire] Fixing (maybe? somewhat?) the "Caller-ID lying" problem
Rick Moen
rick at linuxmafia.com
Mon Dec 6 15:51:10 PST 2021
Quoting Syeed Ali (syeedali at syeedali.com):
> On Wed, 24 Nov 2021 14:03:53 -0800
> Rick Moen <rick at linuxmafia.com> wrote:
>
> > It remains to be seen how well all of this will work in the real
> > world. The experience of rogue/corrupt/criminal/incompetent CAs for
> > the Web and related Internet protocols is not reassuring.
>
> This all becomes a frightening incentive for a CA to continue to be, or
> become, corrupt.
Yes, well, the incentive landscape has historically been a keystone
problem for Certificate Authorities -- where CAs for the Web and
Internet domains have been concerned. I could give you a long
recitation of the scandals -- or you can read about them in back issues
of RISKS Digest, in Bruce Schneier's blog, and similar places.
I'm guesstimating that the CAs implementing STIR attestation are
(probably?) not the same CAs that one is familiar with for https, but
it's the same general concept, at least. Wikipedia says that something
called the The Secure Telephone Identity Governance Authority, or
STI-GA, is currently involved with setting/registering the relevant CAs.
This is all at the very outskirts of my knowledge, however: I'm parsing
information about this, but it's brand new to me, and I really don't
know much. (Probably, I know about as much as anyone who's not a telco
needs to know.)
More information about the conspire
mailing list