Would join Kaufman here to say that free-range STIR/SHAKEN implementations in the US are limited by the small number of certified authentication providers, but presumably the EU version will to some extent avoid US-style Guilded Age corporate welfare...
-- Alex
On 19 Oct 2023, at 09:33, Ben Kaufman via sr-users sr-users@lists.kamailio.org wrote:
Like some of the other posters here, we’ve implemented it as a 302-redirect server. This was the primary reason for using the secsipid rather than stirshaken module. Both modules have a function to append an Identity header, but secsipid also has functions to simply build the identity header which can then easily be appended to the reply, rather than only appending to the request and plucking the Identity header from there. Secsipid also has a function secsipid_sign() which allows for creating your own JWT. This is useful if you want to create some variations on the Identity header - we use this to create div passports (as opposed to shaken passports) in some situations.
Not sure how it will be implemented there, but the biggest challenge for me in the US was acquiring certificates because there is a very limited number of regulatory approved vendors.