[asterisk-dev] Stir Shaken

Sat Jun 26 19:52:25 CDT 2021

On Thu, Jun 24, 2021 at 10:55 AM Jared Smith <jaredsmith at jaredsmith.net>
wrote:

> On Thu, Jun 24, 2021 at 4:04 AM John T. Bittner <john at xaccel.net> wrote:
>
>> As a voip provider we are in the process of getting our own token and
>> cert.
>>
>> We got our OCN and did all the other FCC requirements.
>>
>> We are at the point of working with iconectiv to get our token.
>>
>> Based on the info we have after we get the token we go to neustar to get
>> our cert.
>>
>
> That all seems correct.
>
>
>>
>>
>> Iconectiv are asking a lot of questions on how we are going to get certs
>> out of there api’s ? This is confusing me, I was under impression that we
>> get the cert from neustar.
>>
>
> iConectiv is the Policy Administrator -- they don't give you the actual
> cert, but they do certify that you've got your OCN and are authorized to
> get a cert, etc.  Neustar is one of the Certificate Authorities that is
> authorized to give out Stir/Shaken certs.
>
>
>> I have spent hours reading many things about stir shaken and a lot of it
>> is contradicting. I also can’t find anything on the asterisk setup were we
>> would even configure api information to connect to iconectiv.
>>
>
> You don't do this from within Asterisk -- you'd have to do this outside of
> Asterisk, and the configure Asterisk for the cert that you get from Neustar.
>
>
>> Our SBC’s are asterisk based so we would like to implement this directly
>> on these servers.
>>
>>
>>
>> Do I need middleman software to get this to work.
>>
>
> Yes -- Asterisk doesn't handle this directly, at least at this point.
> Please be aware that you'll likely need to interact with the APIs from both
> the PA and the CA (iConectiv and Neustar, in your case).
>
>
>>
>> Last question…  We do a lot of call forwarding and passthrough caller id.
>>
>> Is there any method to allow this with Stir Shaken ?
>>
>
> You can -- but it's complicated, depending on your relationship with the
> customers and numbers you're forwarding.  The major point of Stir/Shaken is
> that the recipient of a call can know that the caller ID on the call
> actually belongs to someone authorized to use that number.  If you as a
> middleman know that the number presented belongs to your customer, then you
> can give them an "A" level attestation.  If you know the customer but not
> that they're authorized to use that particular number, you can give the
> calls a "B" level attestation.  If you don't know the customer or the
> number, you give them a "C" level attestation.
>

Now let's say that I own DID 8885551212 and my upstream provider send a
call to me for that DID from "someuser" at 7775551212 with a valid A level
attestation.  I need to forward (not route) that call back to an upstream
provider (maybe not the same one), say to a cell phone.  I want the caller
ID to be that of the original caller.  What do I do?

>
> --
> Jared Smith
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20210626/024a9ebc/attachment.html>