undefined | Better HN

0 pointsCaptainOfCoit5mo ago0 comments

Besides being trivial to enumerate, every service and their mother is asking for a phone number, from physical stores/rentals/hotels who sometimes reject you if you say no, to the countless online services either asking for it or requiring it. I must have given away my phone number to hundreds if not thousands of entities after having it for more than 20 years.

0 comments

jstummbillig5mo ago

I was interested in how we could do much better, but I should have been more specific.

zokier5mo ago

Incoming calls should be subject to acls and default-deny policy should be practical. This means that

- caller identity should not be spoofable

- identities should form hierarchies and groups so you can allow whole organizations instead of individuals

- organizations should use predictable identities for egress calls

- most likely managing multiple identities per device is needed (e.g. personal and work identites)

etc

None of this is particularly difficult technically. Even simply slapping x509 certs on calls and having some basic filtering would achieve a lot.

CaptainOfCoitOP5mo ago

> None of this is particularly difficult technically. Even simply slapping x509 certs on calls and having some basic filtering would achieve a lot.

Slapping x509 certs on probably some of the oldest telecommunications infrastructure in the world (both in terms of devices using it, and devices enabling it) wouldn't be "technically difficult"?

But I've never worked in telecommunications, maybe I'm overestimating how large piece of work this would be.

2 more replies

j / k navigate · click thread line to collapse