|
このページは大阪弁化フィルタによって翻訳生成されたんですわ。 |
Annoying robocallers and scammers using the worldwide telephone network are an old problem, but the ascendancy of VoIP (voice over IP) as mass-market technology over the past thirty years worsened the problem because it made spoofing Caller-ID a trivial task even for knuckle-dragging boiler-room spammers driving MS-Windows boxes using mass-market Make a Fortune as a Spammer software -- because of a quirk in the broader populace's thinking: Starting soon after Caller-ID's (https://www.melabs.com/resources/callerid.htm, http://tapiex.com/help/faqcallerid.htm) debut in 1992, people started assuming what their telephones' little LCD displays showed them about the claimed call's originating telephone number and associated caller name was the truth. And it basically isn't. Not reliably. The Caller-ID technical standard is a hodgepodge of arrangements among carriers, many of them charging money for name-database lookups, which is why mobile phone callers' calls sometimes appear as "WIRELESS CALLER", or as the location where the phone number is registered. And VoIP tore the already terrible reliability of the Caller-ID informtion into shreds starting on a serious scale around 2004, because, as the Wikipedia article about VoIP says: Voice over IP protocols and equipment provide caller ID support that is compatible the PSTN. Many VoIP service providers also allow callers to configure custom caller ID information. "Configure custom caller ID information". I like that. Delicately stated. In other words, the computer-based user (or software bot) originating the VoIP call is completely free to lie and make the claimed calling number and associated name/location label become anything at all. http://voipsa.org/blog/2006/09/29/hello-mom-im-a-fake/ https://en.wikipedia.org/wiki/Caller_ID_spoofing I've spent decades, on and off, trying to get folks to understand the implications, e.g., that "blocking the spammer's number" is just shooting at your own feet, because that wasn't the spammer's telephone number, but rather an innocent third party's (or nobody's). Well, something to help is now being rolled out in at least the United States and Canada, in the form of a pair of protocols with cutesy Ian Fleming-inspired names: o STIR (Secure Telephony Identity Revisited) adds a digital certificate to the Session Initiation Protocol (SIP) information used to initiate and route calls in VoIP systems. Defined in: RFC 8224 - Authenticated Identity Management in the Session Initiation Protocol (SIP) RFC 8225 - PASSporT: Personal Assertion Token RFC 8226 - Secure Telephone Identity Credentials: Certificates o SHAKEN (Signature-based Handling of Asserted information using toKENs) is a suite of guidelines for public switched telephone networks that indicate how to deal with calls that have incorrect or missing STIR information. Defined in: RFC 8588 - Personal Assertion Token (PaSSporT) Extension for Signature-based Handling of Asserted information using toKENs (SHAKEN) https://en.wikipedia.org/wiki/STIR/SHAKEN The STIR crypto headers allow endpoints along the system to positively identify call origin, and decide wheter to trust the claimed Caller ID. Being buzzword-compliant, this involves passing around a JSON Web Token with the Caller ID claim and attestations. It's a web-of-trust crypto system -- except, depressingly, Certificate Authorities (CAs) are involved. https://transnexus.com/whitepapers/stir-shaken-cms-solutions/ According to the Wikipedia articles, the details of SHAKEN are a bit more fluid and recent. Anyhow, FCC has been leaning on aall US telcos to implement STIR/SHAKEN, the latest of the oft-rescheduled deadlines being Nov. 30, 2021. Canada's CRTC has had a similar record with Canadian carriers. It remains to be seen how well all of this will work in the real world. The experience of rogue/corrupt/criminal/incompetent CAs for the Web and related Internet protocols is not reassuring. In the meantime, remember the general rule, that Caller-ID can and will lie fluently whenever convenient for a VoIP originator.