[IP] more on How we got it wrong on Calling-Number ID [RISKS] Risks Digest 24.05
Begin forwarded message:
From: Brad Templeton <btm@xxxxxxxxxxxxxx>
Date: October 2, 2005 6:07:54 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: Ip Ip <ip@xxxxxxxxxxxxxx>
Subject: Re: [IP] How we got it wrong on Calling-Number ID [RISKS]
Risks Digest 24.05
Unfortunately, just as caller-ID gets going, people are now learning it
has no authentication. It's just a token passed along among providers,
with no trust rules or contracts, and lots of people have accounts
with providers that can provide fake caller id. Furthermore since the
protocol was not designed with any means to authenticate it, it's
unlikely
to ever be authenticated. It's more like the From line of email.
I met one fellow who runs around demonstrating to various voice mail
providers
who let you into your voice mail without a password if the caller-id
matches
the box owner how this allows any interested party into the mail
box. Slowly
they are getting convinced to at least offer a passcode to the customer.
This is a shame, in that there would be a lot of applications which
could
be enabled by authenticated caller-id, not just quicker access to voice
mail. Of course you would still want the option to not authenticate or
be anonymous when desired.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/