[prev in list] [next in list] [prev in thread] [next in thread]
List: serusers
Subject: Re: [SR-Users] How to get Stir/Shaken certificates
From: David Villasmil <david.villasmil.work () gmail ! com>
Date: 2021-07-22 16:18:42
Message-ID: CAFGRPVrRuNwtWvgOZFzH-SVdzya9D2pjofnvKqk2KACxEktwTQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I should say: "forward the header, or the validation result", either should
be enough.
On Thu, 22 Jul 2021 at 18:14, David Villasmil <
david.villasmil.work@gmail.com> wrote:
> There really is no way of doing what you're thinking about. STIR/SHAKEN is
> really for calls TO US/Canada numbers. Where all incoming calls should have
> an Identity header which you can then validate. Even incoming international
> calls should in theory include said header as a transit (attestation C)
> source.
>
> You are receiving calls from US/Canada numbers to non-US/Canada numbers.
>
> You could, on the other hand, require your inbound providers to forward
> the identity header and you could then validate it, and act accordingly.
> Whether the providers will do that is another story.
>
>
>
> On Thu, 22 Jul 2021 at 16:52, Oleg Belousov <obelousov@gmail.com> wrote:
>
>> STIR-SHAKEN is currently only applicable for the US and Canada. To be
>> part of it service provider must have an Operating Company Number (OCN)
>> which allows access to NANPA Numbering Resource assignments. That also
>> means (and as per my knowledge/experience) - US/Canadian SPs only sign
>> calls with +1 destination. It is however worth it to check if the identity
>> header is present in calls you receive. If it is here - then you can
>> validate MT calls even not being part of a stir-shaken ecosystem.
>> --
>> obelousov.tel
>>
>>
>> On Thu, Jul 22, 2021 at 4:31 PM Benoît Panizzon <benoit.panizzon@imp.ch>
>> wrote:
>>
>>> Hi
>>>
>>> > You need first to register with STI-PA (Policy Administrator), in
>>> > order to receive a token to obtain further certificates from an
>>> > approved Certification Authority.
>>> > In the US STI-PA is Iconectiv, in Canada - Neustar. Please check that
>>> > link https://authenticate.iconectiv.com/
>>>
>>> Thank you for that link. This is very interesting.
>>>
>>> We receive an increasing number of calls from spoofed US numbers in
>>> Switzerland. Mostly tech support scams. I was pondering if there is a
>>> way to validate them via STIR/SHAKEN.
>>>
>>> We try to filter out invalid +1 prefixes and lengths, but that is a
>>> rather fuzzy thing to do.
>>>
>>> So it would be great, if we could implement STIR/SHAKEN to validate
>>> received calls from the +1 prefix.
>>>
>>> Unfortunately to register for a STI-PA account, only TSP with an
>>> address in he United States are allowed. Do you know if there is a way
>>> to register as a Swiss Ofcom registered TSP?
>>>
>>> (And yes, I am aware that signature signalling also has to be
>>> implemented but we have to start somewhere).
>>>
>>> Hopefully STIR/SHAKEN can in future be deployed on a global level.
>>> Germany and UK would also benefit a lot, seeing also a lot of spoofed
>>> calls with their prefixes.
>>>
>>> --
>>> Mit freundlichen Grüssen
>>>
>>> -Benoît Panizzon- @ HomeOffice und normal erreichbar
>>> --
>>> I m p r o W a r e A G - Leiter Commerce Kunden
>>> ______________________________________________________
>>>
>>> Zurlindenstrasse 29
>>> <https://www.google.com/maps/search/Zurlindenstrasse+29?entry=gmail&source=g>
>>> Tel +41 61 826 93 00
>>> CH-4133 Pratteln Fax +41 61 826 93 01
>>> Schweiz Web http://www.imp.ch
>>> ______________________________________________________
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users@lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work@gmail.com
> phone: +34669448337
>
--
Regards,
David Villasmil
email: david.villasmil.work@gmail.com
phone: +34669448337
[Attachment #5 (text/html)]
<div dir="auto">I should say: "forward the header, or the validation result", either \
should be enough.</div><div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Thu, 22 Jul 2021 at 18:14, David Villasmil <<a \
href="mailto:david.villasmil.work@gmail.com">david.villasmil.work@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">There really is no \
way of doing what you're thinking about. STIR/SHAKEN is really for calls TO US/Canada \
numbers. Where all incoming calls should have an Identity header which you can then \
validate. Even incoming international calls should in theory include said header as a \
transit (attestation C) source.</div><div dir="auto"><br></div><div dir="auto">You \
are receiving calls from US/Canada numbers to non-US/Canada numbers.</div><div \
dir="auto"><br></div><div dir="auto">You could, on the other hand, require your \
inbound providers to forward the identity header and you could then validate it, and \
act accordingly. Whether the providers will do that is another story.</div><div \
dir="auto"><br></div><div dir="auto"><br></div><div><br><div class="gmail_quote"><div \
dir="ltr" class="gmail_attr">On Thu, 22 Jul 2021 at 16:52, Oleg Belousov <<a \
href="mailto:obelousov@gmail.com" target="_blank">obelousov@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div \
dir="ltr">STIR-SHAKEN is currently only applicable for the US and Canada. To be part \
of it service provider must have an Operating Company Number (OCN) which allows \
access to NANPA Numbering Resource assignments. That also means (and as per my \
knowledge/experience) - US/Canadian SPs only sign calls with +1 destination. It is \
however worth it to check if the identity header is present in calls you receive. If \
it is here - then you can validate MT calls even not being part of a stir-shaken \
ecosystem.</div><div dir="ltr"><div><div dir="ltr" \
data-smartmail="gmail_signature">--<br><a href="http://obelousov.tel" \
target="_blank">obelousov.tel</a></div></div><br></div></div><div dir="ltr"><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jul 22, 2021 at 4:31 PM \
Benoît Panizzon <<a href="mailto:benoit.panizzon@imp.ch" \
target="_blank">benoit.panizzon@imp.ch</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">Hi<br> <br>
> You need first to register with STI-PA (Policy Administrator), in<br>
> order to receive a token to obtain further certificates from an<br>
> approved Certification Authority.<br>
> In the US STI-PA is Iconectiv, in Canada - Neustar. Please check that<br>
> link <a href="https://authenticate.iconectiv.com/" rel="noreferrer" \
target="_blank">https://authenticate.iconectiv.com/</a><br> <br>
Thank you for that link. This is very interesting.<br>
<br>
We receive an increasing number of calls from spoofed US numbers in<br>
Switzerland. Mostly tech support scams. I was pondering if there is a<br>
way to validate them via STIR/SHAKEN.<br>
<br>
We try to filter out invalid +1 prefixes and lengths, but that is a<br>
rather fuzzy thing to do.<br>
<br>
So it would be great, if we could implement STIR/SHAKEN to validate<br>
received calls from the +1 prefix.<br>
<br>
Unfortunately to register for a STI-PA account, only TSP with an<br>
address in he United States are allowed. Do you know if there is a way<br>
to register as a Swiss Ofcom registered TSP?<br>
<br>
(And yes, I am aware that signature signalling also has to be<br>
implemented but we have to start somewhere).<br>
<br>
Hopefully STIR/SHAKEN can in future be deployed on a global level.<br>
Germany and UK would also benefit a lot, seeing also a lot of spoofed<br>
calls with their prefixes.<br>
<br>
-- <br>
Mit freundlichen Grüssen<br>
<br>
-Benoît Panizzon- @ HomeOffice und normal erreichbar<br>
-- <br>
I m p r o W a r e A G - Leiter Commerce Kunden<br>
______________________________________________________<br>
<br>
<a href="https://www.google.com/maps/search/Zurlindenstrasse+29?entry=gmail&source=g" \
target="_blank">Zurlindenstrasse 29</a> Tel +41 61 826 93 00<br> \
CH-4133 Pratteln Fax +41 61 826 93 01<br> Schweiz \
Web <a href="http://www.imp.ch" rel="noreferrer" \
target="_blank">http://www.imp.ch</a><br> \
______________________________________________________<br> </blockquote></div></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org" \
target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the \
sender!<br> Edit mailing list options or unsubscribe:<br>
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" \
rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div>-- <br><div dir="ltr" data-smartmail="gmail_signature"><div \
dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a \
href="mailto:david.villasmil.work@gmail.com" \
target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: \
+34669448337</div></div></div> </blockquote></div></div>-- <br><div dir="ltr" \
class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a \
href="mailto:david.villasmil.work@gmail.com" \
target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: \
+34669448337</div></div></div>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic