[asterisk-users] Stir-Shaken for asterisk

Sebastian Nielsen sebastian at sebbe.eu
Wed May 27 23:39:57 CDT 2020


Yes, this means that a provider which only provides IP-access (for example a broadband operator), ergo, when it doesn’t terminate a call, but where the call terminates directly at a enterprise, does not need to force the end customer to implement call verification in their PBX.
Basically, if you don’t have control of the SIP endpoint where the call is terminated, you don’t need to implement these rules.
 
Also this doesn’t apply to the customer end of the operator, where you authenticate to your operator with your username/password. These calls are already authenticated.
It applies to the so called ”anonymous” calls that traverses between operators and through operators networks.
 
If they don’t have access to the PBX equipment, and the owner is not required to be a FCC approved operator, then the rules are dropped.
SIP2SIP calls using textual URI’s are also not in scope for this rules, only DID calls are applicable.
 
Rule 1 also says for internal calls (ergo inside operator network) you need to implement a security solution CONSISTENT with stir/shaken, not in accordance.
It means you can roll your own solution, as long as it provides comparable security.
One example, is in call registry’s, limiting so customers can only use their own callerIDs as callerID.
 
I suspect that the reason FCC didn’t want to just implement callerID restrictions, is that they propably want to make it possible for US number owners, to use their numbers outside of the country. Else it would been easy to just force operators to restrict which numbers can be used inside phone networks, so international calls cannot have a US number as source, and calls inside USA must use their customer-assigned number as source, no other source.

Also the last rule about KYC means that anonymous pre-paid phone cards, both SIMs but also those scratch-off phone-cards with a access number, and also anonymous SIP accounts/DIDs will no longer be allowed, all calls must be able to be traced to either a corporation or a physical person.
 
Från: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> För Jeff LaCoursiere
Skickat: den 28 maj 2020 06:11
Till: asterisk-users at lists.digium.com
Ämne: Re: [asterisk-users] Stir-Shaken for asterisk
 
A few weeks... like in a year and a few weeks:
https://transnexus.com/blog/2020/fcc-mandates-stir-shaken/
Some interesting bits in there as well, like:
"These rules do not apply to providers that lack control of the network infrastructure necessary to implement STIR/SHAKEN."
See also:
https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN
 

  <http://www.stratustalk.com/email/logojeff.gif> 
Jeff LaCoursiere
STRATUSTALK, INC. / CTO

Phone:
+1 703.496.4990 x108

Mobile:
+1 815.546.6599

Email:
 <mailto:jeff at stratustalk.com> jeff at stratustalk.com 

Website:
 <https://www.stratustalk.com> https://www.stratustalk.com

Address:
One Freedom Square
13th Floor
Reston, VA 20190

 <https://www.facebook.com/jeff.lacoursiere>    <https://linkedin.com/in/jeff-lacoursiere-884361>    <https://www.twitter.com/stratustalk>   
On 5/27/20 10:51 PM, Saint Michael wrote:
In a few weeks, no SIP call is going to terminate unless they are signed properly, as mandated by law.  We are in the business of Stir-Shaken, signing calls, as an FCC-approved provider. A big differentiator between our service and the rest: we are the only ones who don't need to receive the calls in our servers to sign them. We do this over a MySQL call, easily connectable to Asterisk via res_odbc, so you never have to send us your calls. This is a sample of how we do this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e "call strshk.stir_shaken_signature('7274433019','19544447408')".
If your caller-ID is a valid US number and not a wireless number (that is a NO-NO for the FCC), we sign the call as 'C', if you use your own DIDs, something we can verify as legit, then we sign as 'B', and if you use our DID as caller ID, we sign as 'A', full attestation.  
Please email to venefax at g mail if you have any questions. Do not think you can do business as usual. The wild west of VOIP is coming to an end. But we can keep you in business if you follow the rules.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200528/229058b4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200528/229058b4/attachment.bin>


More information about the asterisk-users mailing list