Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

[Rich Kulawiec <rsk () gsp org>]

On Mon, Jul 08, 2019 at 06:54:51PM -0600, Keith Medcalf wrote:
> This is because DKIM was a solution to a problem that did not exist.

This is correct.  We have always known the IP address of the connecting
MTA, therefore we have always known the network it resides in, therefore
we have always known who is responsible for what transits that connection.

Worse, this (poorly) attempts to wallpaper over the problems of
compromised systems/accounts.  Do recall that not long ago we learned that
EVERY Yahoo account was compromised.  Anyone who thinks that Microsoft
or Google or Comcast or anyone else are doing any better is naive:
it's not a question of whether they've also suffered mass compromises,
only a question of how many and when they'll publicly admit it.

This isn't surprising.  The real underlying problems here are tough and
expensive, thus it's far easire to do (nearly) meaningless feel-good work,
declare the problems solved, and engage in a round of self-congratulation.
It *appears*, and that's a preliminary assessment on my part, that
SHAKEN/STIR is following this same track.

---rsk