[asterisk-dev] Stir Shaken

Jared Smith jaredsmith at jaredsmith.net
Thu Jun 24 11:55:02 CDT 2021 

On Thu, Jun 24, 2021 at 4:04 AM John T. Bittner <john at xaccel.net> wrote:

> As a voip provider we are in the process of getting our own token and cert.
>
> We got our OCN and did all the other FCC requirements.
>
> We are at the point of working with iconectiv to get our token.
>
> Based on the info we have after we get the token we go to neustar to get
> our cert.
>

That all seems correct.


>
>
> Iconectiv are asking a lot of questions on how we are going to get certs
> out of there api’s ? This is confusing me, I was under impression that we
> get the cert from neustar.
>

iConectiv is the Policy Administrator -- they don't give you the actual
cert, but they do certify that you've got your OCN and are authorized to
get a cert, etc.  Neustar is one of the Certificate Authorities that is
authorized to give out Stir/Shaken certs.


> I have spent hours reading many things about stir shaken and a lot of it
> is contradicting. I also can’t find anything on the asterisk setup were we
> would even configure api information to connect to iconectiv.
>

You don't do this from within Asterisk -- you'd have to do this outside of
Asterisk, and the configure Asterisk for the cert that you get from Neustar.


> Our SBC’s are asterisk based so we would like to implement this directly
> on these servers.
>
>
>
> Do I need middleman software to get this to work.
>

Yes -- Asterisk doesn't handle this directly, at least at this point.
Please be aware that you'll likely need to interact with the APIs from both
the PA and the CA (iConectiv and Neustar, in your case).


>
> Last question…  We do a lot of call forwarding and passthrough caller id.
>
> Is there any method to allow this with Stir Shaken ?
>

You can -- but it's complicated, depending on your relationship with the
customers and numbers you're forwarding.  The major point of Stir/Shaken is
that the recipient of a call can know that the caller ID on the call
actually belongs to someone authorized to use that number.  If you as a
middleman know that the number presented belongs to your customer, then you
can give them an "A" level attestation.  If you know the customer but not
that they're authorized to use that particular number, you can give the
calls a "B" level attestation.  If you don't know the customer or the
number, you give them a "C" level attestation.

--
Jared Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20210624/ad435198/attachment.html>

More information about the asterisk-dev mailing list