[asterisk-bugs] [JIRA] (ASTERISK-30407) STIR/SHAKEN Not compliant
Luke Escude (JIRA)
noreply at issues.asterisk.org
Thu Jan 26 17:22:03 CST 2023
Luke Escude created ASTERISK-30407:
--------------------------------------
Summary: STIR/SHAKEN Not compliant
Key: ASTERISK-30407
URL: https://issues.asterisk.org/jira/browse/ASTERISK-30407
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_stir_shaken
Affects Versions: 16.30.0
Reporter: Luke Escude
So a number of carriers have starting complaining about how we're signing STIR/SHAKEN stuff, and it turns out the stir_shaken module is indeed not doing it according to the RFC.
They're complaining about 2 issues:
1. The order of the fields is incorrect
2. The '+' sign in the phone numbers needs to be removed (they're calling it "canonicalization")
Here's an example output from stir_shaken.conf:
{
"dest": {
"tn": [
"+1NPANXXXXXX"
]
},
"orig": {
"tn": "1NPANXXXXXX"
},
"attest": "A",
"origid": "e391c481-510b-46ff-a7d0-4c8fcff2436b",
"iat": 167458XXXX
}
The field order is definitely noncompliant with the RFC, and I do see the + sign they're referring to, in the dest.tn field.
Reference: https://www.rfc-editor.org/rfc/rfc8225.html#section-9
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list