[SR-Users] Re: STIR/SHAKEN with Kamailio

My point was simply that there's more challenge in the bureaucracy than technical implementation. From a technical standpoint, the corner cases to consider are: 1. Number validity. Sure things that fit into an e.164 and/or recognizable number patterns are simple. What happens when someone sends a From: URI of `sip:anonymous@domain.com` - IIRC, the orig_tn field within the identity header is supposed to be numeric. Do you reject the call? Attest it as "C" and provide this in the `orig_tn` field or in a separate field? 2. Handling of forwarded calls - If you're sending a Diversion: header, do you also add an Identity header with a `div` passport? Rewrite the From header? How do you determine the attestation in that case? 3. Known customers sending numbers for which you're not the provider? Strictly speaking this should attest as "B", but supposing that you're a secondary vendor for the customer, and they're sending their primary number which is with a different provider? Do you then allow them to submit an LOA (or whatever your jurisdictional equivalent is) and attest as A? The questions above are strictly for STI Authentication. Verification has some other idiosyncrasies. Consider that there's three attestation levels for authentication, and normally as a carrier it is not desirable to pass the Identity header to the customer (consider if Privacy: is on). The general practice is to assign this to a verstat parameter to the user portion of a PAI header's **USER** field, which is syntactically awkward in Kamailio. Also strictly speaking AFAIK, the verstat only has two values - passed or failed - so there's three possible attestation levels but they only map to two verification levels. Therea are suggestions on how to deal with this, but I'm not sure on their official status. This brings up the final complexity: It's a rapidly evolving system without a high degree of consistency vendor to vendor, so there's as much of a challenge of staying on top of things as anything else. -----Original Message----- From: Olle E. Johansson via sr-users <sr-users(a)lists.kamailio.org> Sent: Friday, October 20, 2023 2:08 AM To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Cc: Olle E. Johansson <oej(a)edvina.net> Subject: [SR-Users] Re: STIR/SHAKEN with Kamailio CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Sadly that's my view of the US implementation. I can't say if it solved the problem, but I can see that a lot of new and old actors got an oppurtunity to earn more money. There's no EU-wide implementation or regulation at this point. I am aware of France. There are certainly discussions. /O __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: