Re: [asterisk-users] stir/shaken

[Joshua C. Colp]

On Tue, Nov 30, 2021 at 1:22 PM Henning Follmann 
wrote:

>
> Hello,
> I have some trouble reading the headers.
> Asterisk 16
>
> in my dial plan I have these:
>
> ...
> exten => _X,n,NoOp(Number of STIR/SHAKEN identities: ${STIR_SHAKEN(count)})
> exten => _X,n,NoOp(First STIR/SHAKEN identity: ${STIR_SHAKEN(0,identity)})
> exten => _X,n,NoOp(First STIR/SHAKEN attestation:
> ${STIR_SHAKEN(0,attestation)})
> ...
>
>
> and I do get this:
> -- Executing [@incoming:2] NoOp("PJSIP/flowroute-003c",
> "Number of STIR/SHAKEN identities: 1") in new stack
> -- Executing [**@incoming:3] NoOp("PJSIP/flowroute-003c",
> "First STIR/SHAKEN identity: +1") in new stack
> -- Executing [**@incoming:4] NoOp("PJSIP/flowroute-003c",
> "First STIR/SHAKEN attestation: ") in new stack
>
>
> Why do I not see the attestation?
> Also I do not see any validation. What am I missing here?
>

Unfortunately during recent OpenSIPit testing we encountered issues with
things including verification, and will be revisiting our approach to
STIR/SHAKEN. It may not work right now.

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] stir/shaken

[Henning Follmann]

Hello,
I have some trouble reading the headers.
Asterisk 16

in my dial plan I have these:

...
exten => _X,n,NoOp(Number of STIR/SHAKEN identities: ${STIR_SHAKEN(count)})
exten => _X,n,NoOp(First STIR/SHAKEN identity: ${STIR_SHAKEN(0,identity)})
exten => _X,n,NoOp(First STIR/SHAKEN attestation: ${STIR_SHAKEN(0,attestation)})
...


and I do get this:
-- Executing [@incoming:2] NoOp("PJSIP/flowroute-003c", "Number of 
STIR/SHAKEN identities: 1") in new stack
-- Executing [**@incoming:3] NoOp("PJSIP/flowroute-003c", 
"First STIR/SHAKEN identity: +1") in new stack
-- Executing [**@incoming:4] NoOp("PJSIP/flowroute-003c", 
"First STIR/SHAKEN attestation: ") in new stack


Why do I not see the attestation?
Also I do not see any validation. What am I missing here?

-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Alexander Perkins]

Hi All.  The folks at TILTX have set up a Facebook Live event
for Wednesday, May 26, 2021 at 12:00 PM Eastern Time.  According to TILTX,
this will cover STIR/SHAKEN and how Asterisk works with it.  If anybody is
interested, here is the link.

https://www.facebook.com/events/489246355856999/

Thanks,
Alex
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Alexander Perkins]

Hey All.  I spoke to the guys at TILTX and they agreed to host a 30 minute
webinar for STIR/SHAKEN and Asterisk.  They will coordinate internally and
they will send me an invite.  I will share this invite in the event anybody
would like to join.

Alex
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Sebastian Nielsen]

Its just that it seems so unrealistic.. WHAT do you need 1M DID’s for? Give 
each stone in your company driveway a own phone number?

1M DID’s = Thats 10% of the population of the country I live in. (sweden)

 

1M DID’s is also three times more than the amount of customers the phone 
operator ”tre” ( https://www.tre.se ) has in sweden, one of sweden’s largest 
phone operators, they are 4th the largest phone operator. (1: Telia, 2: Tele2, 
3: Telenor, 4: Tre)

 

Then you understand why I wonder WTF people are doing… 

 

Best regards, Sebastian Nielsen

 

Från: asterisk-users-boun...@lists.digium.com 
 För d...@donkelly.biz
Skickat: den 12 mars 2021 03:14
Till: 'Asterisk Users Mailing List - Non-Commercial Discussion' 

Ämne: Re: [asterisk-users] STIR/SHAKEN

 

You said it in your first post when you said “I reallt don’t understand.” You 
don’t understand the business that these people are in. A few people showed you 
a few examples of why it’s important to use more than one carrier--and there 
are other reasons that stir/shaken is a big deal for some of us.

 

It clearly isn’t a big deal for you, so you probably don’t have much to add to 
the discussion.

 

--Don

 

 

From: asterisk-users mailto:asterisk-users-boun...@lists.digium.com> > On Behalf Of Sebastian 
Nielsen
Sent: Thursday, March 11, 2021 7:21 PM
To: 'Mailing List' mailto:asterisk-users@lists.digium.com> >
Subject: Re: [asterisk-users] STIR/SHAKEN

 

1:  1M DID’s? Then I would go straight out and say you are a phone operator, 
and then getting your own STIR/SHAKEN certificate shouldn’t be a problem at 
all. Thats a massive amount of numbers, unrealistically many numbers for any 
company ever except for those that are a phone operator.

 

2: For me, its seems like hunting for nano-cents. I checked around when I got 
my DID and call account for my own personal use, and the prices aren’t that 
different. Its really not worth the effort for what you save. Checked with 
several operators and the prices are almost the same per minute, its like one 
operator has like 0.016 per minute and another has 0.014 … not gonna save much 
on that. Might save like 1$-2$ per month on choosing the latter operator.

 

3: Why? Consolidiate all your agreements to 1 single operator that handles 
everything, and everything will be so much simpler. Then you are simply a trunk 
ccustomer to that particular operator, no need to handle all this with signing 
and certificates and everything..

To save a little tiny nano-cent from each minute of call..

 

Från: asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com>  
mailto:asterisk-users-boun...@lists.digium.com> > För Joel Serrano
Skickat: den 12 mars 2021 01:52
Till: Asterisk Users Mailing List - Non-Commercial Discussion 
mailto:asterisk-users@lists.digium.com> >
Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi, 

 

I wanted to add some comments to Sebastian's response:

 

1- When you have a lot of DIDs, you can't just "port" them over from company1 
to company2. Try to have 1M or so DIDs and ask if you can just port them. No 
no, not that simple. There is a process that a lot of times is not worth the 
cost/risk/etc.

2- What happens if company1 has very good pricing for DIDs, but extremely high 
rates for placing outbound calls, and company2 has super aggressive pricing for 
the destinations you use most, but sells DIDs very expensive? Mix and match? :)

3- What do you do, when instead of having 1 outbound carrier, you have several 
50? 

 

At the end I think you are mistakenly comparing apples to oranges, your DID 
provider has nothing to do with your outbound carrier, can the DID provider 
also give you outbound calling? Most likely, but that doesn't mean that the 
best way to go is to route outbound calls via the carrier that is providing you 
DIDs.

 

On Thu, Mar 11, 2021 at 4:34 PM Sebastian Nielsen mailto:sebast...@sebbe.eu> > wrote:

I reallt don’t understand why people simply use the same operator to terminate 
your calls, which also provide DIDs for you.

 

Then you don’t need to touch this at all, your carrier will do all the 
STIR/SHAKEN handling for you, you are just a PBX customer.

And then the operator then simply limits your account to only present your DID 
as outgoing number.

 

Seems to be a unneccesary complicated solution just to have your numbers at 
company 1 and have your call termination at company 2.

So fricking unneccessary.

 

What I know there is requirements of number portability, so as long as company 
2 can handle DIDs (ergo ”own” DIDs) you should be able to move your DIDs from 
company 1 to company 2 – then company 2 owns your DIDs.

 

Best regards, Sebastian Nielsen

 

Från: asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com>  
mailto:asterisk-users-boun...@lists.digium.com> > För Alexander Perkins
Skickat: den 12 mars 2021 01:23
Ti

Re: [asterisk-users] STIR/SHAKEN

[Sebastian Nielsen]

1:  1M DID’s? Then I would go straight out and say you are a phone operator, 
and then getting your own STIR/SHAKEN certificate shouldn’t be a problem at 
all. Thats a massive amount of numbers, unrealistically many numbers for any 
company ever except for those that are a phone operator.

 

2: For me, its seems like hunting for nano-cents. I checked around when I got 
my DID and call account for my own personal use, and the prices aren’t that 
different. Its really not worth the effort for what you save. Checked with 
several operators and the prices are almost the same per minute, its like one 
operator has like 0.016 per minute and another has 0.014 … not gonna save much 
on that. Might save like 1$-2$ per month on choosing the latter operator.

 

3: Why? Consolidiate all your agreements to 1 single operator that handles 
everything, and everything will be so much simpler. Then you are simply a trunk 
ccustomer to that particular operator, no need to handle all this with signing 
and certificates and everything..

To save a little tiny nano-cent from each minute of call..

 

Från: asterisk-users-boun...@lists.digium.com 
 För Joel Serrano
Skickat: den 12 mars 2021 01:52
Till: Asterisk Users Mailing List - Non-Commercial Discussion 

Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi, 

 

I wanted to add some comments to Sebastian's response:

 

1- When you have a lot of DIDs, you can't just "port" them over from company1 
to company2. Try to have 1M or so DIDs and ask if you can just port them. No 
no, not that simple. There is a process that a lot of times is not worth the 
cost/risk/etc.

2- What happens if company1 has very good pricing for DIDs, but extremely high 
rates for placing outbound calls, and company2 has super aggressive pricing for 
the destinations you use most, but sells DIDs very expensive? Mix and match? :)

3- What do you do, when instead of having 1 outbound carrier, you have several 
50? 

 

At the end I think you are mistakenly comparing apples to oranges, your DID 
provider has nothing to do with your outbound carrier, can the DID provider 
also give you outbound calling? Most likely, but that doesn't mean that the 
best way to go is to route outbound calls via the carrier that is providing you 
DIDs.

 

On Thu, Mar 11, 2021 at 4:34 PM Sebastian Nielsen mailto:sebast...@sebbe.eu> > wrote:

I reallt don’t understand why people simply use the same operator to terminate 
your calls, which also provide DIDs for you.

 

Then you don’t need to touch this at all, your carrier will do all the 
STIR/SHAKEN handling for you, you are just a PBX customer.

And then the operator then simply limits your account to only present your DID 
as outgoing number.

 

Seems to be a unneccesary complicated solution just to have your numbers at 
company 1 and have your call termination at company 2.

So fricking unneccessary.

 

What I know there is requirements of number portability, so as long as company 
2 can handle DIDs (ergo ”own” DIDs) you should be able to move your DIDs from 
company 1 to company 2 – then company 2 owns your DIDs.

 

Best regards, Sebastian Nielsen

 

Från: asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com>  
mailto:asterisk-users-boun...@lists.digium.com> > För Alexander Perkins
Skickat: den 12 mars 2021 01:23
Till: asterisk-users@lists.digium.com <mailto:asterisk-users@lists.digium.com> 
Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent quite a 
lot of time with the folks at TILTX understanding the framework; but I am not 
exactly sure what you mean by the 'inbound piece.

 

Greg/Doug, like many folks here, we use LCR.  So, the terminating carrier is 
not necessarily the one that issued us the telephone numbers.  So, they will 
not sign it or simply cannot sign it.  Remember that a very limited number of 
companies can actually sign the calls; the rest have to buy it from these 
'Service Providers'.  

 

And there is another situation - the company you purchase your numbers from and 
the company you place your calls through may be different and both may not be 
able to sign your calls.  Again, a very limited number of service providers 
that can actually sign your calls.  So what do you do in that scenario?  You 
have to find a Service Provider that can:

 

1.  Verify you own that telephone number(s).

2.  Sign your calls.

3.  Provide you with the technical means to do so.

 

So, that's that...  I hope this makes sense.  

 

Alex

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http:/

Re: [asterisk-users] STIR/SHAKEN

[John Millican]

Sebastian,
There are many reasons why someone would want the DIDs provided by one 
provider and outbound calls to go out via 1,2 3, or more providers.
In one of my installs I have a situation where local calls are placed 
via a local telco switch but LD calls go out via a voip provider.  The 
Local telco has the DID but the LD does not so I have to verify the DIDs 
with the Voip provider(s).

Another case may be for least cost routing.
There are other reasons but you can see that it is not always as simple 
as using the same provider for DID and origination.

Thanks,
John

On 3/11/21 3:34 PM, Sebastian Nielsen wrote:


I reallt don’t understand why people simply use the same operator to 
terminate your calls, which also provide DIDs for you.


Then you don’t need to touch this at all, your carrier will do all the 
STIR/SHAKEN handling for you, you are just a PBX customer.


And then the operator then simply limits your account to only present 
your DID as outgoing number.


Seems to be a unneccesary complicated solution just to have your 
numbers at company 1 and have your call termination at company 2.


So fricking unneccessary.

What I know there is requirements of number portability, so as long as 
company 2 can handle DIDs (ergo ”own” DIDs) you should be able to move 
your DIDs from company 1 to company 2 – then company 2 owns your DIDs.


Best regards, Sebastian Nielsen

*Från:* asterisk-users-boun...@lists.digium.com 
 *För *Alexander Perkins

*Skickat:* den 12 mars 2021 01:23
*Till:* asterisk-users@lists.digium.com
*Ämne:* Re: [asterisk-users] STIR/SHAKEN

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent 
quite a lot of time with the folks at TILTX understanding the 
framework; but I am not exactly sure what you mean by the 'inbound piece.


Greg/Doug, like many folks here, we use LCR.  So, the terminating 
carrier is not necessarily the one that issued us the telephone 
numbers.  So, they will not sign it or simply cannot sign it.  
Remember that a very limited number of companies can actually sign the 
calls; the rest have to buy it from these 'Service Providers'.


And there is another situation - the company you purchase your numbers 
from and the company you place your calls through may be different and 
both may not be able to sign your calls.  Again, a very limited number 
of service providers that can actually sign your calls. So what do you 
do in that scenario?  You have to find a Service Provider that can:


1.  Verify you own that telephone number(s).

2.  Sign your calls.

3.  Provide you with the technical means to do so.

So, that's that...  I hope this makes sense.

Alex




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Sebastian Nielsen]

I reallt don’t understand why people simply use the same operator to terminate 
your calls, which also provide DIDs for you.

 

Then you don’t need to touch this at all, your carrier will do all the 
STIR/SHAKEN handling for you, you are just a PBX customer.

And then the operator then simply limits your account to only present your DID 
as outgoing number.

 

Seems to be a unneccesary complicated solution just to have your numbers at 
company 1 and have your call termination at company 2.

So fricking unneccessary.

 

What I know there is requirements of number portability, so as long as company 
2 can handle DIDs (ergo ”own” DIDs) you should be able to move your DIDs from 
company 1 to company 2 – then company 2 owns your DIDs.

 

Best regards, Sebastian Nielsen

 

Från: asterisk-users-boun...@lists.digium.com 
 För Alexander Perkins
Skickat: den 12 mars 2021 01:23
Till: asterisk-users@lists.digium.com
Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent quite a 
lot of time with the folks at TILTX understanding the framework; but I am not 
exactly sure what you mean by the 'inbound piece.

 

Greg/Doug, like many folks here, we use LCR.  So, the terminating carrier is 
not necessarily the one that issued us the telephone numbers.  So, they will 
not sign it or simply cannot sign it.  Remember that a very limited number of 
companies can actually sign the calls; the rest have to buy it from these 
'Service Providers'.  

 

And there is another situation - the company you purchase your numbers from and 
the company you place your calls through may be different and both may not be 
able to sign your calls.  Again, a very limited number of service providers 
that can actually sign your calls.  So what do you do in that scenario?  You 
have to find a Service Provider that can:

 

1.  Verify you own that telephone number(s).

2.  Sign your calls.

3.  Provide you with the technical means to do so.

 

So, that's that...  I hope this makes sense.  

 

Alex



smime.p7s
Description: S/MIME Cryptographic Signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Jeff LaCoursiere]

The "inbound piece" is "what do I do with the tag information"?

Should I find a way to present the fact that a call has an A rating?

Should I offer to block calls with a C rating?

It would be great to see asterisk be able to unpack this stuff and have 
it available as a dialplan variable and in the CDRs.


Jeff LaCoursiere
StratusTalk, Inc.

On 3/11/21 6:21 PM, Alexander Perkins wrote:
Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent 
quite a lot of time with the folks at TILTX understanding the 
framework; but I am not exactly sure what you mean by the 'inbound piece.


Greg/Doug, like many folks here, we use LCR.  So, the terminating 
carrier is not necessarily the one that issued us the telephone 
numbers.  So, they will not sign it or simply cannot sign it.  
Remember that a very limited number of companies can actually sign the 
calls; the rest have to buy it from these 'Service Providers'.


And there is another situation - the company you purchase your numbers 
from and the company you place your calls through may be different and 
both may not be able to sign your calls. Again, a very limited number 
of service providers that can actually sign your calls.  So what do 
you do in that scenario?  You have to find a Service Provider that can:


1.  Verify you own that telephone number(s).
2.  Sign your calls.
3.  Provide you with the technical means to do so.

So, that's that...  I hope this makes sense.

Alex



--
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Jeff LaCoursiere]

To be honest, that is the logic we ended up with, and are dumping our 
LCR.  The savings aren't worth the headache.  We don't have 1M numbers, 
but we have a significant number.  We can't quite get down to one 
carrier (and don't really want to), but we can keep outbound calls on 
the carrier that "owns" them, and not worry about this.


Jeff LaCoursiere
StratusTalk, Inc.

On 3/11/21 8:12 PM, d...@donkelly.biz wrote:


You said it in your first post when you said “I reallt don’t 
understand.” You don’t understand the business that these people are 
in. A few people showed you a few examples of why it’s important to 
use more than one carrier--and there are other reasons that 
stir/shaken is a big deal for some of us.


It clearly isn’t a big deal for you, so you probably don’t have much 
to add to the discussion.


--Don

*From:* asterisk-users  *On 
Behalf Of *Sebastian Nielsen

*Sent:* Thursday, March 11, 2021 7:21 PM
*To:* 'Mailing List' 
*Subject:* Re: [asterisk-users] STIR/SHAKEN

1:  1M DID’s? Then I would go straight out and say you are a phone 
operator, and then getting your own STIR/SHAKEN certificate shouldn’t 
be a problem at all. Thats a massive amount of numbers, 
unrealistically many numbers for any company ever except for those 
that are a phone operator.


2: For me, its seems like hunting for nano-cents. I checked around 
when I got my DID and call account for my own personal use, and the 
prices aren’t that different. Its really not worth the effort for what 
you save. Checked with several operators and the prices are almost the 
same per minute, its like one operator has like 0.016 per minute and 
another has 0.014 … not gonna save much on that. Might save like 1$-2$ 
per month on choosing the latter operator.


3: Why? Consolidiate all your agreements to 1 single operator that 
handles everything, and everything will be so much simpler. Then you 
are simply a trunk ccustomer to that particular operator, no need to 
handle all this with signing and certificates and everything..


To save a little tiny nano-cent from each minute of call..

*Från:*asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com> 
<mailto:asterisk-users-boun...@lists.digium.com>> *För *Joel Serrano

*Skickat:* den 12 mars 2021 01:52
*Till:* Asterisk Users Mailing List - Non-Commercial Discussion 
mailto:asterisk-users@lists.digium.com>>

*Ämne:* Re: [asterisk-users] STIR/SHAKEN

Hi,

I wanted to add some comments to Sebastian's response:

1- When you have a lot of DIDs, you can't just "port" them over from 
company1 to company2. Try to have 1M or so DIDs and ask if you can 
just port them. No no, not that simple. There is a process that a lot 
of times is not worth the cost/risk/etc.


2- What happens if company1 has very good pricing for DIDs, but 
extremely high rates for placing outbound calls, and company2 has 
super aggressive pricing for the destinations you use most, but sells 
DIDs very expensive? Mix and match? :)


3- What do you do, when instead of having 1 outbound carrier, you have 
several 50?


At the end I think you are mistakenly comparing apples to oranges, 
your DID provider has nothing to do with your outbound carrier, can 
the DID provider also give you outbound calling? Most likely, but that 
doesn't mean that the best way to go is to route outbound calls via 
the carrier that is providing you DIDs.


On Thu, Mar 11, 2021 at 4:34 PM Sebastian Nielsen <mailto:sebast...@sebbe.eu>> wrote:


I reallt don’t understand why people simply use the same operator
to terminate your calls, which also provide DIDs for you.

Then you don’t need to touch this at all, your carrier will do all
the STIR/SHAKEN handling for you, you are just a PBX customer.

And then the operator then simply limits your account to only
present your DID as outgoing number.

Seems to be a unneccesary complicated solution just to have your
numbers at company 1 and have your call termination at company 2.

So fricking unneccessary.

What I know there is requirements of number portability, so as
long as company 2 can handle DIDs (ergo ”own” DIDs) you should be
able to move your DIDs from company 1 to company 2 – then company
2 owns your DIDs.

Best regards, Sebastian Nielsen

*Från:*asterisk-users-boun...@lists.digium.com
<mailto:asterisk-users-boun...@lists.digium.com>
mailto:asterisk-users-boun...@lists.digium.com>> *För *Alexander
Perkins
*Skickat:* den 12 mars 2021 01:23
*Till:* asterisk-users@lists.digium.com
<mailto:asterisk-users@lists.digium.com>
*Ämne:* Re: [asterisk-users] STIR/SHAKEN

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've
spent quite a lot of time with the folks at TILTX understanding
the framework; but I am not exactly sure what you mean by the
'inbound piece.

Greg/Doug, like many folks h

Re: [asterisk-users] STIR/SHAKEN

[dk]

You said it in your first post when you said “I reallt don’t understand.” You 
don’t understand the business that these people are in. A few people showed you 
a few examples of why it’s important to use more than one carrier--and there 
are other reasons that stir/shaken is a big deal for some of us.

 

It clearly isn’t a big deal for you, so you probably don’t have much to add to 
the discussion.

 

--Don

 

 

From: asterisk-users  On Behalf Of 
Sebastian Nielsen
Sent: Thursday, March 11, 2021 7:21 PM
To: 'Mailing List' 
Subject: Re: [asterisk-users] STIR/SHAKEN

 

1:  1M DID’s? Then I would go straight out and say you are a phone operator, 
and then getting your own STIR/SHAKEN certificate shouldn’t be a problem at 
all. Thats a massive amount of numbers, unrealistically many numbers for any 
company ever except for those that are a phone operator.

 

2: For me, its seems like hunting for nano-cents. I checked around when I got 
my DID and call account for my own personal use, and the prices aren’t that 
different. Its really not worth the effort for what you save. Checked with 
several operators and the prices are almost the same per minute, its like one 
operator has like 0.016 per minute and another has 0.014 … not gonna save much 
on that. Might save like 1$-2$ per month on choosing the latter operator.

 

3: Why? Consolidiate all your agreements to 1 single operator that handles 
everything, and everything will be so much simpler. Then you are simply a trunk 
ccustomer to that particular operator, no need to handle all this with signing 
and certificates and everything..

To save a little tiny nano-cent from each minute of call..

 

Från: asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com>  
mailto:asterisk-users-boun...@lists.digium.com> > För Joel Serrano
Skickat: den 12 mars 2021 01:52
Till: Asterisk Users Mailing List - Non-Commercial Discussion 
mailto:asterisk-users@lists.digium.com> >
Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi, 

 

I wanted to add some comments to Sebastian's response:

 

1- When you have a lot of DIDs, you can't just "port" them over from company1 
to company2. Try to have 1M or so DIDs and ask if you can just port them. No 
no, not that simple. There is a process that a lot of times is not worth the 
cost/risk/etc.

2- What happens if company1 has very good pricing for DIDs, but extremely high 
rates for placing outbound calls, and company2 has super aggressive pricing for 
the destinations you use most, but sells DIDs very expensive? Mix and match? :)

3- What do you do, when instead of having 1 outbound carrier, you have several 
50? 

 

At the end I think you are mistakenly comparing apples to oranges, your DID 
provider has nothing to do with your outbound carrier, can the DID provider 
also give you outbound calling? Most likely, but that doesn't mean that the 
best way to go is to route outbound calls via the carrier that is providing you 
DIDs.

 

On Thu, Mar 11, 2021 at 4:34 PM Sebastian Nielsen mailto:sebast...@sebbe.eu> > wrote:

I reallt don’t understand why people simply use the same operator to terminate 
your calls, which also provide DIDs for you.

 

Then you don’t need to touch this at all, your carrier will do all the 
STIR/SHAKEN handling for you, you are just a PBX customer.

And then the operator then simply limits your account to only present your DID 
as outgoing number.

 

Seems to be a unneccesary complicated solution just to have your numbers at 
company 1 and have your call termination at company 2.

So fricking unneccessary.

 

What I know there is requirements of number portability, so as long as company 
2 can handle DIDs (ergo ”own” DIDs) you should be able to move your DIDs from 
company 1 to company 2 – then company 2 owns your DIDs.

 

Best regards, Sebastian Nielsen

 

Från: asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com>  
mailto:asterisk-users-boun...@lists.digium.com> > För Alexander Perkins
Skickat: den 12 mars 2021 01:23
Till: asterisk-users@lists.digium.com <mailto:asterisk-users@lists.digium.com> 
Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent quite a 
lot of time with the folks at TILTX understanding the framework; but I am not 
exactly sure what you mean by the 'inbound piece.

 

Greg/Doug, like many folks here, we use LCR.  So, the terminating carrier is 
not necessarily the one that issued us the telephone numbers.  So, they will 
not sign it or simply cannot sign it.  Remember that a very limited number of 
companies can actually sign the calls; the rest have to buy it from these 
'Service Providers'.  

 

And there is another situation - the company you purchase your numbers from and 
the company you place your calls through may be different and both may not be 
able to sign your calls.  Again, a very limited

Re: [asterisk-users] STIR/SHAKEN

[Joel Serrano]

Hi,

I wanted to add some comments to Sebastian's response:

1- When you have a lot of DIDs, you can't just "port" them over from
company1 to company2. Try to have 1M or so DIDs and ask if you can just
port them. No no, not that simple. There is a process that a lot of times
is not worth the cost/risk/etc.
2- What happens if company1 has very good pricing for DIDs, but
extremely high rates for placing outbound calls, and company2 has super
aggressive pricing for the destinations you use most, but sells DIDs very
expensive? Mix and match? :)
3- What do you do, when instead of having 1 outbound carrier, you have
several 50?

At the end I think you are mistakenly comparing apples to oranges, your DID
provider has nothing to do with your outbound carrier, can the DID provider
also give you outbound calling? Most likely, but that doesn't mean that the
best way to go is to route outbound calls via the carrier that is providing
you DIDs.

On Thu, Mar 11, 2021 at 4:34 PM Sebastian Nielsen 
wrote:

> I reallt don’t understand why people simply use the same operator to
> terminate your calls, which also provide DIDs for you.
>
>
>
> Then you don’t need to touch this at all, your carrier will do all the
> STIR/SHAKEN handling for you, you are just a PBX customer.
>
> And then the operator then simply limits your account to only present your
> DID as outgoing number.
>
>
>
> Seems to be a unneccesary complicated solution just to have your numbers
> at company 1 and have your call termination at company 2.
>
> So fricking unneccessary.
>
>
>
> What I know there is requirements of number portability, so as long as
> company 2 can handle DIDs (ergo ”own” DIDs) you should be able to move your
> DIDs from company 1 to company 2 – then company 2 owns your DIDs.
>
>
>
> Best regards, Sebastian Nielsen
>
>
>
> *Från:* asterisk-users-boun...@lists.digium.com <
> asterisk-users-boun...@lists.digium.com> *För *Alexander Perkins
> *Skickat:* den 12 mars 2021 01:23
> *Till:* asterisk-users@lists.digium.com
> *Ämne:* Re: [asterisk-users] STIR/SHAKEN
>
>
>
> Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent
> quite a lot of time with the folks at TILTX understanding the framework;
> but I am not exactly sure what you mean by the 'inbound piece.
>
>
>
> Greg/Doug, like many folks here, we use LCR.  So, the terminating carrier
> is not necessarily the one that issued us the telephone numbers.  So, they
> will not sign it or simply cannot sign it.  Remember that a very limited
> number of companies can actually sign the calls; the rest have to buy it
> from these 'Service Providers'.
>
>
>
> And there is another situation - the company you purchase your numbers
> from and the company you place your calls through may be different and both
> may not be able to sign your calls.  Again, a very limited number of
> service providers that can actually sign your calls.  So what do you do in
> that scenario?  You have to find a Service Provider that can:
>
>
>
> 1.  Verify you own that telephone number(s).
>
> 2.  Sign your calls.
>
> 3.  Provide you with the technical means to do so.
>
>
>
> So, that's that...  I hope this makes sense.
>
>
>
> Alex
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Telium Technical Support]

If you operate a small PBX for a business your approach is fine.

 

If you operate a large PBX, or just have lots of high toll rate calls, the 
price difference between carriers can add up to a lot money every day.  These 
operators will route their calls to whomever offers the best rate for that 
route.  

 

And that’s the problem being solved.  STIR/SHAKEN makes it tough for spoofers, 
but also tough for businesses doing LCR.  Sadly, the easier it becomes to 
implement STIR/SHAKEN (telling the next hop along the route to trust your 
identity), the easier it will be for spoofers to do the same.  I suspect it 
won’t be long until unscrupulous service providers undermine STIR/SHAKEN 

 

From: asterisk-users [mailto:asterisk-users-boun...@lists.digium.com] On Behalf 
Of Sebastian Nielsen
Sent: Thursday, March 11, 2021 7:34 PM
To: 'Mailing List' 
Subject: Re: [asterisk-users] STIR/SHAKEN

 

I reallt don’t understand why people simply use the same operator to terminate 
your calls, which also provide DIDs for you.

 

Then you don’t need to touch this at all, your carrier will do all the 
STIR/SHAKEN handling for you, you are just a PBX customer.

And then the operator then simply limits your account to only present your DID 
as outgoing number.

 

Seems to be a unneccesary complicated solution just to have your numbers at 
company 1 and have your call termination at company 2.

So fricking unneccessary.

 

What I know there is requirements of number portability, so as long as company 
2 can handle DIDs (ergo ”own” DIDs) you should be able to move your DIDs from 
company 1 to company 2 – then company 2 owns your DIDs.

 

Best regards, Sebastian Nielsen

 

Från: asterisk-users-boun...@lists.digium.com 
<mailto:asterisk-users-boun...@lists.digium.com>  
mailto:asterisk-users-boun...@lists.digium.com> > För Alexander Perkins
Skickat: den 12 mars 2021 01:23
Till: asterisk-users@lists.digium.com <mailto:asterisk-users@lists.digium.com> 
Ämne: Re: [asterisk-users] STIR/SHAKEN

 

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent quite a 
lot of time with the folks at TILTX understanding the framework; but I am not 
exactly sure what you mean by the 'inbound piece.

 

Greg/Doug, like many folks here, we use LCR.  So, the terminating carrier is 
not necessarily the one that issued us the telephone numbers.  So, they will 
not sign it or simply cannot sign it.  Remember that a very limited number of 
companies can actually sign the calls; the rest have to buy it from these 
'Service Providers'.  

 

And there is another situation - the company you purchase your numbers from and 
the company you place your calls through may be different and both may not be 
able to sign your calls.  Again, a very limited number of service providers 
that can actually sign your calls.  So what do you do in that scenario?  You 
have to find a Service Provider that can:

 

1.  Verify you own that telephone number(s).

2.  Sign your calls.

3.  Provide you with the technical means to do so.

 

So, that's that...  I hope this makes sense.  

 

Alex

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Alexander Perkins]

Hi Jeff.  What exactly do you mean by the 'inbound piece'?  I've spent
quite a lot of time with the folks at TILTX understanding the framework;
but I am not exactly sure what you mean by the 'inbound piece.

Greg/Doug, like many folks here, we use LCR.  So, the terminating carrier
is not necessarily the one that issued us the telephone numbers.  So, they
will not sign it or simply cannot sign it.  Remember that a very limited
number of companies can actually sign the calls; the rest have to buy it
from these 'Service Providers'.

And there is another situation - the company you purchase your numbers from
and the company you place your calls through may be different and both may
not be able to sign your calls.  Again, a very limited number of service
providers that can actually sign your calls.  So what do you do in that
scenario?  You have to find a Service Provider that can:

1.  Verify you own that telephone number(s).
2.  Sign your calls.
3.  Provide you with the technical means to do so.

So, that's that...  I hope this makes sense.

Alex
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Jeff LaCoursiere]

Hi Alex,

Are they doing anything on inbound for you, and have you made any 
decisions about how you will display the tag to your customers? I have 
been focusing on the outbound piece of this, just starting to think 
about what to do with the incoming data...


Cheers,

Jeff LaCoursiere
StratusTalk, Inc.

On 3/7/21 7:08 PM, Alexander Perkins wrote:
Hi Greg.  In our use case, we purchase DIDs from them.  So, they are 
the inbound carrier (they are a CLEC and IPES) and STIR/SHAKEN Service 
Provider.  However, we do not use them for termination.  They offer 
service termination, but we do not use them due to 
existing contracts.  So, in order to have our calls signed, we needed 
them to do it.  The biggest issue we've come across is the number of 
companies /able to /provide this service is limited, especially to the 
Asterisk community. I stress able to because even though some 
companies are Service Providers, they are simply not 
technically capable of offering it.


I will send you my contact's information at TILTX privately.  He's a 
subject-matter expert with the STIR/SHAKEN framework and he's offered 
us invaluable help.


Thanks,
Alex

On Sun, Mar 7, 2021 at 1:43 PM Greg Troxel > wrote:



Alexander Perkins mailto:alexanderhenryperk...@gmail.com>> writes:

> They ended up creating an AGI script for us that handles
everything.  At
> the end of the day, all we needed to do was pull down the
script, and add
> the exten => s,n,AGI(TILTX-SHAKEN.agi) command and it handles
> everything else.

I wonder if you could step back and explain the big picture, as
I'm not
really following this.   As I understand it:

  usually asterisk is used as a pbx

  STIR/SHAKEN is a protocol run between carriers to prove the
authority
  to use the claimed callerid

  when someone gets service from a carrier and connects to it from
  asterisk, I would expect the carrier to basically filter the claimed
  callerid to be from the set of values recorded with your account as
  legit, and for the carrier to do the STIR/SHAKEN authentication.

So I wonder if your asterisk instance is connecting to the PSTN as a
top-level carrier, or, more likely, I am confused in some way.




--


*Jeff LaCoursiere*
STRATUSTALK, INC. / CTO

Phone:  *+1 703.496.4990 x108*
Mobile: *+1 815.546.6599*
Email:  *j...@stratustalk.com* 
Website:*https://www.stratustalk.com*
Address:*One Freedom Square
13th Floor
Reston, VA 20190*

 
 




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Alexander Perkins]

Hi Greg.  In our use case, we purchase DIDs from them.  So, they are the
inbound carrier (they are a CLEC and IPES) and STIR/SHAKEN Service
Provider.  However, we do not use them for termination.  They offer service
termination, but we do not use them due to existing contracts.  So, in
order to have our calls signed, we needed them to do it.  The biggest issue
we've come across is the number of companies *able to *provide this service
is limited, especially to the Asterisk community.  I stress able to because
even though some companies are Service Providers, they are simply not
technically capable of offering it.

I will send you my contact's information at TILTX privately.  He's a
subject-matter expert with the STIR/SHAKEN framework and he's offered us
invaluable help.

Thanks,
Alex

On Sun, Mar 7, 2021 at 1:43 PM Greg Troxel  wrote:

>
> Alexander Perkins  writes:
>
> > They ended up creating an AGI script for us that handles everything.  At
> > the end of the day, all we needed to do was pull down the script, and add
> > the exten => s,n,AGI(TILTX-SHAKEN.agi) command and it handles
> > everything else.
>
> I wonder if you could step back and explain the big picture, as I'm not
> really following this.   As I understand it:
>
>   usually asterisk is used as a pbx
>
>   STIR/SHAKEN is a protocol run between carriers to prove the authority
>   to use the claimed callerid
>
>   when someone gets service from a carrier and connects to it from
>   asterisk, I would expect the carrier to basically filter the claimed
>   callerid to be from the set of values recorded with your account as
>   legit, and for the carrier to do the STIR/SHAKEN authentication.
>
> So I wonder if your asterisk instance is connecting to the PSTN as a
> top-level carrier, or, more likely, I am confused in some way.
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Jeff LaCoursiere]

On 3/7/21 2:26 PM, Doug Lytle wrote:

On 3/7/21 1:43 PM, Greg Troxel wrote:

So I wonder if your asterisk instance is connecting to the PSTN as a
top-level carrier, or, more likely, I am confused in some way.


Greg,

I think this is the case for quite alot of those here.

For me though, I just manage the on premise PBX and my carrier handles 
the STIR/SHAKEN part.


Doug



Hi,

There are issues for those of us that use multiple upstream carriers for 
call termination, with LCR for example.  If you send your calls out the 
same provider that supplies your inbound DID, your calls should get the 
"A" rating and your callers should have no issues. At present if I send 
calls out a provider that does NOT handle the DID in the caller ID 
field, it gets a "B" rating.  I don't think this will pose a problem for 
the forseeable future - I don't see carriers marking these as "spam",  
they just won't get the ultra-special "secure" mark.


Also good to note the upcoming deadline does NOT mean call blocking, 
just call tagging.  The blocking bit will be up to the end user, though 
I could see phones shipping with default settings that may do so.


Basically we can't do LCR anymore.  Outbound calls are locked to the 
provider that gave us the DID.  I'm not sure that's really a bad thing, 
its less headache than for us to try to become a signing authority.


I think the whole thing is still very fluid.  Didn't even mention call 
forwarding issues.


j

--


*Jeff LaCoursiere*
STRATUSTALK, INC. / CTO

Phone:  *+1 703.496.4990 x108*
Mobile: *+1 815.546.6599*
Email:  *j...@stratustalk.com* 
Website:*https://www.stratustalk.com*
Address:*One Freedom Square
13th Floor
Reston, VA 20190*

 
 




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Doug Lytle]

On 3/7/21 1:43 PM, Greg Troxel wrote:

So I wonder if your asterisk instance is connecting to the PSTN as a
top-level carrier, or, more likely, I am confused in some way.


Greg,

I think this is the case for quite alot of those here.

For me though, I just manage the on premise PBX and my carrier handles 
the STIR/SHAKEN part.


Doug

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Greg Troxel]

Alexander Perkins  writes:

> They ended up creating an AGI script for us that handles everything.  At
> the end of the day, all we needed to do was pull down the script, and add
> the exten => s,n,AGI(TILTX-SHAKEN.agi) command and it handles
> everything else.

I wonder if you could step back and explain the big picture, as I'm not
really following this.   As I understand it:

  usually asterisk is used as a pbx

  STIR/SHAKEN is a protocol run between carriers to prove the authority
  to use the claimed callerid

  when someone gets service from a carrier and connects to it from
  asterisk, I would expect the carrier to basically filter the claimed
  callerid to be from the set of values recorded with your account as
  legit, and for the carrier to do the STIR/SHAKEN authentication.

So I wonder if your asterisk instance is connecting to the PSTN as a
top-level carrier, or, more likely, I am confused in some way.


signature.asc
Description: PGP signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Alexander Perkins]

Hi All.  I wanted to give an update to this as we've been working closely
with the Technology Innovation Lab (TILTX) and getting this working on our
Asterisk boxes.

They ended up creating an AGI script for us that handles everything.  At
the end of the day, all we needed to do was pull down the script, and add
the exten => s,n,AGI(TILTX-SHAKEN.agi) command and it handles
everything else.

Anyways, I am sharing this because it took us a long time to find a
STIR/SHAKEN Service Provider that would work with us.  These guys not only
worked with us, but they created something super-simple for us at no
charge.  Highly recommend them.  Here's their email address for this -
0...@tiltx.com

Hope this helps.

Alex
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR/SHAKEN

[Jeff LaCoursiere]

On 1/28/21 2:08 AM, Alexander Perkins wrote:
Jeff, yes.  The process is long.  It is actually around one year.  We 
ended up going with a SHAKEN Service Provider named Technology 
Innovation Lab (www.tiltx.com ). They have been 
awesome.  They are certified in Asterisk and catered the solution to 
our Asterisk install.  Highly recommend them. Their email for SHAKEN 
is 0...@tiltx.com .


Anyways, give them a shot.  Took us a while to find a SHAKEN Service 
Provider that knew Asterisk.


Alex

Thanks Alex!  I'll give them a call.  I'm planning to make a big post in 
a week or so with all I have learned, hopefully will help others unsure 
where we stand.  June is coming up quick!


Cheers,

--


*Jeff LaCoursiere*
STRATUSTALK, INC. / CTO

Phone:  *+1 703.496.4990 x108*
Mobile: *+1 815.546.6599*
Email:  *j...@stratustalk.com* 
Website:*https://www.stratustalk.com*
Address:*One Freedom Square
13th Floor
Reston, VA 20190*

 
 




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] STIR/SHAKEN

[Alexander Perkins]

Jeff, yes.  The process is long.  It is actually around one year.  We ended
up going with a SHAKEN Service Provider named Technology Innovation Lab (
www.tiltx.com).  They have been awesome.  They are certified in Asterisk
and catered the solution to our Asterisk install.  Highly recommend them.
Their email for SHAKEN is 0...@tiltx.com.

Anyways, give them a shot.  Took us a while to find a SHAKEN Service
Provider that knew Asterisk.

Alex
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] STIR/SHAKEN

[Jeff LaCoursiere]

On 1/25/21 12:12 PM, Steve Edwards wrote:

On Mon, 25 Jan 2021, Jeff LaCoursiere wrote:

So how does this guy get around it?  It sounds to me like he is 
offering to sign calls for whoever, which IMO totally defeats the 
purpose.


IIRC, back when he first started hawking his solution, he accepted 
everything. Numbers from Vitelity, my old out of service copper 
number, 555-555-.


I'm all for the discussion, but can you start a new thread so we don't 
keep associating the innocent party (the OP) with this spammer.


Excellent point, started new thread.

In my digging today it seems I need to become a SHAKEN service provider, 
and there is a rather lengthy and difficult process to go through to 
become one (this slide from a Bandwidth.com seminar):


Has anyone gone through this recently?  Does it really still take 7 to 9 
months?  That seems crazy.


Cheers,


--
Jeff LaCoursiere
StratusTalk, Inc.
703 496 4990 x108
815 546 6599 cell

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Steve Edwards]

On Sun, 12 Jul 2020, Steve Edwards wrote:

So this is a provider issue, not an end user issue and 'June 30, 2021' 
doesn't sound like 'soon.' If this is legit, why haven't my providers 
said squat?


Seems one of my providers, Vitelity (iax.cc to us old timers), when asked, 
is not panicking about the imminent end of the world:


"Thank you for reaching out.  We will not be doing any stir shaken changes 
until the end of the year.  If changes are necessary client side, we will 
let you know."


--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Joshua C. Colp]

On Tue, Jul 14, 2020 at 4:36 PM Saint Michael  wrote:

> I need to point out the this is factually misleading and materially false:
> "I think this, being the basis of your whole argument, is the fallacy.
> S/S is forcing people to take responsibility, for sure, but carriers
> won't just let their customers leave because they don't want to sign
> calls.  It will force them to make sure they know who their customers
> are, and make it impossible for those customers to escape consequences if
> they misbehave."
>
> There is Law of The Land that is about to take effect. Use google and
> search "stir shaken" Whoever thinks I am exaggerated is dreaming. Also: it
> is true that my service is the only one for asterisk --worldwide. The model
> proposed by Transexus (302 redirect with a new header) can't be used by
> Asterisk.
> But don't take my word for it:
> https://issues.asterisk.org/jira/browse/ASTERISK-28924
>

Please consider this your third and final warning for continuing to promote
your offering on the asterisk-users mailing list. It is acceptable on the
asterisk-biz[1] mailing list but not here. If you continue your account may
be removed from this mailing list.

[1] http://lists.digium.com/mailman/listinfo/asterisk-biz

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Telium Technical Support]

This sounds like the kind of business I can trust with my calls, and am eager 
to buy from.  

 

Oozing with professionalism.  Well done sir!

 

:)

 

From: asterisk-users [mailto:asterisk-users-boun...@lists.digium.com] On Behalf 
Of d...@donkelly.biz
Sent: Tuesday, July 14, 2020 4:48 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion' 

Subject: Re: [asterisk-users] Stir Shaken

 

 

 

From: asterisk-users mailto:asterisk-users-boun...@lists.digium.com> > On Behalf Of Saint Michael
Sent: Tuesday, July 14, 2020 2:35 PM
To: asterisk-users@lists.digium.com <mailto:asterisk-users@lists.digium.com> 
Subject: [asterisk-users] Stir Shaken

 

I need to point out the this is factually misleading and materially false:

"I think this, being the basis of your whole argument, is the fallacy. 

S/S is forcing people to take responsibility, for sure, but carriers
won't just let their customers leave because they don't want to sign
calls.  It will force them to make sure they know who their customers
are, and make it impossible for those customers to escape consequences if they 
misbehave."

 

There is Law of The Land that is about to take effect. Use google and search 
"stir shaken" Whoever thinks I am exaggerated is dreaming. Also: it is true 
that my service is the only one for asterisk --worldwide. The model proposed by 
Transexus (302 redirect with a new header) can't be used by Asterisk. 

But don't take my word for it:

https://issues.asterisk.org/jira/browse/ASTERISK-28924 

 

 

 

I need to point out again that this is not the forum for your business 
proposition. Please take it to the business list.

 

  --Don

 

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[dk]

 

 

From: asterisk-users  On Behalf Of 
Saint Michael
Sent: Tuesday, July 14, 2020 2:35 PM
To: asterisk-users@lists.digium.com
Subject: [asterisk-users] Stir Shaken

 

I need to point out the this is factually misleading and materially false:

"I think this, being the basis of your whole argument, is the fallacy. 

S/S is forcing people to take responsibility, for sure, but carriers
won't just let their customers leave because they don't want to sign
calls.  It will force them to make sure they know who their customers
are, and make it impossible for those customers to escape consequences if they 
misbehave."

 

There is Law of The Land that is about to take effect. Use google and search 
"stir shaken" Whoever thinks I am exaggerated is dreaming. Also: it is true 
that my service is the only one for asterisk --worldwide. The model proposed by 
Transexus (302 redirect with a new header) can't be used by Asterisk. 

But don't take my word for it:

https://issues.asterisk.org/jira/browse/ASTERISK-28924 

 



 

 

I need to point out again that this is not the forum for your business 
proposition. Please take it to the business list.

 

  --Don

 

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Stir Shaken

[Saint Michael]

I need to point out the this is factually misleading and materially false:
"I think this, being the basis of your whole argument, is the fallacy.
S/S is forcing people to take responsibility, for sure, but carriers
won't just let their customers leave because they don't want to sign
calls.  It will force them to make sure they know who their customers
are, and make it impossible for those customers to escape consequences if
they misbehave."

There is Law of The Land that is about to take effect. Use google and
search "stir shaken" Whoever thinks I am exaggerated is dreaming. Also: it
is true that my service is the only one for asterisk --worldwide. The model
proposed by Transexus (302 redirect with a new header) can't be used by
Asterisk.
But don't take my word for it:
https://issues.asterisk.org/jira/browse/ASTERISK-28924




>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Joshua C. Colp]

On Mon, Jul 13, 2020 at 4:59 PM John Covici  wrote:



>
> But the question is, are his statements correct that we need some
> service -- not necessarily his -- to sign the call before sending it
> to our normal carrier, or will the normal carrier -- whoever -- sign
> the call if they know the number?
>

Right now the answer is you don't, and it may continue to be that way for
you even after this comes into force. How STIR/SHAKEN is going to work in
practice is still evolving, and I fully expect it to be differenct between
carriers/providers/relationships. Jeff LaCoursiere has gone into this a bit
with his response with his own experience and how they're approaching it.
If you're concerned I would start a dialogue with your provider(s) to
determine the expectations they have and what that looks like. From an
Asterisk side we will have the functionality to do the signing and
verification, as previously mentioned.

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[dk]

-Original Message-
From: asterisk-users  On Behalf Of 
Matthew Fredrickson
Sent: Monday, July 13, 2020 2:44 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion 

Subject: Re: [asterisk-users] Stir Shaken

On Mon, Jul 13, 2020 at 2:34 PM Saint Michael  wrote:
>>
>> There is a big confusion here about Stir Shaken. It is NOT a provider issue. 
>> Un fact, all providers are whasing their hands and modifying their swihtches 
>> to pass-through the Signature. They cannot sign the call because then the 
>> become the responsible party for the call before the FCC, and liable for any 
>> illegal call. Every owner of a PBX that sends calls to the network, except 
>> if you use a trunk for the likes of Vonage, needs to sign their calls. So if 
>> you send calls with any kind of dialer and use DIDs, real or "borrowed", you 
>> need to get the signature service urgently or your business will stop 
>> terminating calls. You cannot self-sign, you cannot get around it, the calls 
>> will either go to straight to voicemail or fail. Even worse, the carries wil 
>> play a fake voicemail and charge you a fee, something that some already a 
>> are doing when they detect robocallig.
>
> Don't even think about Transnexus, because they use 302 Redirect with a  
> header, and no version of Asterisk supports it.  I am the only game in the 
> world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is 
> literally true. If you need to sign your calls to get through, with Asterisk, 
> you need to connect to my service. I am an approved Service Provider from the 
> FCC. If you keep thinking this is not happening, it is, and your business 
> will disappear overnight.
> The issue is that Vicidial, for example, does not provide res_odbc and 
> func_odbc, so you need to solve that first with Vicidial. Then you can apply 
> the code I provided earlier and your calls with have a legal, binding 
> signature. The carriers verify each signature and discard the ones that fail 
> the cryptography test.

Sounds like you're trying to sell/direct people towards a service that
you've created.  Feel free to do so on the -biz list but the -users
list isn't the right place for that sort of thing.

Matthew Fredirckson



He has been told before that this is not the right list. Can't someone delete 
him from the list?

  --Don



-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Steve Edwards]

On Mon, 13 Jul 2020, Jeff LaCoursiere wrote:

Some of us may actually be interested in what you have to offer if you 
changed the way you were presenting it. Who is going to base their 
business on some list guy with a gmail address?


And can't follow directions and honor the mailing list rules. He got 
spanked for this back in May.


I don't claim to understand much about this other than it is supposed to 
help reduce spam by making providers accountable for sending calls with 
CIDs that are not 'theirs.'


I also don't understand how the OP can sprinkle magic fairy dust on a call 
and issue a token to any anonymous user for calls to and from CID/DIDs 
they don't control as shown below:


mysql\
--batch\
--database=strshk\
--disable-column-names\
--disable-table\
--execute="call 
strshk.stir_shaken_signature('7602588003','7602588003');"\
--host=208.73.232.47\
--password=\
--user=anonymous\
| cut --characters=1-30
eyJhbGciOiJFUzI1NiIsInR5cCI6In

I have no business relationship with the OP or 7602588003 so how does this 
'token' add any value?


What am I missing?

--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Eric Wieling]

I used their scam checking service.  Below is part of the dialplan I 
used.   I don't know how their STIR/SHAKEN service works the same.



 same = n,GosubIf($[${LEN(${CALLERID(num)})} == 11]?scam-check,${EXTEN},1)
 same = n,Goto(from-pstn,${EXTEN},1)

[scam-check]
exten = _XX.,1,Noop
 same = n,Set(pres=${CALLERID(pres)})
 same = n,ExecIf($["${pres:0:7}" != 
"allowed"]?Set(CALLERID(pres)=allowed_not_screened))

 same = n,Dial(SIP/${EXTEN}@clearip,,);
 same = n,ExecIf($["${pres:0:7}" != "allowed"]?Set(CALLERID(pres)=${pres}))
 same = n,Set(tech=${HANGUPCAUSE(${clearip_chan},tech)})
 same = n,ExecIf($["${tech:4:3}" == "603"]?Set(CALLERID(name)=Scam Likely))
 same = n,Return


On 7/13/20 3:58 PM, John Covici wrote:

On Mon, 13 Jul 2020 15:44:12 -0400,
Matthew Fredrickson wrote:


On Mon, Jul 13, 2020 at 2:34 PM Saint Michael  wrote:


There is a big confusion here about Stir Shaken. It is NOT a provider issue. Un fact, all 
providers are whasing their hands and modifying their swihtches to pass-through the 
Signature. They cannot sign the call because then the become the responsible party for 
the call before the FCC, and liable for any illegal call. Every owner of a PBX that sends 
calls to the network, except if you use a trunk for the likes of Vonage, needs to sign 
their calls. So if you send calls with any kind of dialer and use DIDs, real or 
"borrowed", you need to get the signature service urgently or your business 
will stop terminating calls. You cannot self-sign, you cannot get around it, the calls 
will either go to straight to voicemail or fail. Even worse, the carries wil play a fake 
voicemail and charge you a fee, something that some already a are doing when they detect 
robocallig.


Don't even think about Transnexus, because they use 302 Redirect with a  
header, and no version of Asterisk supports it.  I am the only game in the 
world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is 
literally true. If you need to sign your calls to get through, with Asterisk, 
you need to connect to my service. I am an approved Service Provider from the 
FCC. If you keep thinking this is not happening, it is, and your business will 
disappear overnight.
The issue is that Vicidial, for example, does not provide res_odbc and 
func_odbc, so you need to solve that first with Vicidial. Then you can apply 
the code I provided earlier and your calls with have a legal, binding 
signature. The carriers verify each signature and discard the ones that fail 
the cryptography test.


Sounds like you're trying to sell/direct people towards a service that
you've created.  Feel free to do so on the -biz list but the -users
list isn't the right place for that sort of thing.


But the question is, are his statements correct that we need some
service -- not necessarily his -- to sign the call before sending it
to our normal carrier, or will the normal carrier -- whoever -- sign
the call if they know the number?



--
http://help.nyigc.net/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Jeff LaCoursiere]

On 7/13/20 2:32 PM, Saint Michael wrote:


There is a big confusion here about Stir Shaken. It is NOT a
provider issue. Un fact, all providers are whasing their hands and
modifying their swihtches to pass-through the Signature. They
cannot sign the call because then the become the responsible party
for the call before the FCC, and liable for any illegal call.

I think this, being the basis of your whole argument, is the fallacy.  
S/S is forcing people to take responsibility, for sure, but carriers 
won't just let their customers leave because they don't want to sign 
calls.  It will force them to make sure they know who their customers 
are, and make it impossible for those customers to escape consequences 
if they misbehave.


We supply dialtone to a large number of businesses.  We buy DIDs from 
carriers and resell them.  It *may* be up to us to get our direct 
customers' calls signed, but at the moment we are in talks with our DID 
providers to do so on our behalf.  In the next year I have no doubt if 
there are niches to be filled in providing CA or outright 
signing-as-a-service, businesses will be jumping out of the woodwork to 
provide it.  I'm not panicking yet.


  I am the only game in the world for Stir-Shaken and Asterisk. I know 
it sounds arrogant but it is literally true. If you need to sign your 
calls to get through, with Asterisk, you need to connect to my 
service. I am an approved Service Provider from the FCC. If you keep 
thinking this is not happening, it is, and your business will 
disappear overnight.


Its not just arrogant, its silly, and you have a serious branding 
problem.  If you really have "The Answer" you should work on getting 
yourself a domain name at least.  Cease the panic-inducing posts and 
come up with some reasonable fodder you could link to in your signature 
or something (like when you help with some thread), so you would at 
least contribute to the list at the same time.


Some of us may actually be interested in what you have to offer if you 
changed the way you were presenting it.  Who is going to base their 
business on some list guy with a gmail address?


--
Jeff LaCoursiere
StratusTalk, Inc.
703 496 4990 x108
815 546 6599 cell

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[John Covici]

On Mon, 13 Jul 2020 15:44:12 -0400,
Matthew Fredrickson wrote:
> 
> On Mon, Jul 13, 2020 at 2:34 PM Saint Michael  wrote:
> >>
> >> There is a big confusion here about Stir Shaken. It is NOT a provider 
> >> issue. Un fact, all providers are whasing their hands and modifying their 
> >> swihtches to pass-through the Signature. They cannot sign the call because 
> >> then the become the responsible party for the call before the FCC, and 
> >> liable for any illegal call. Every owner of a PBX that sends calls to the 
> >> network, except if you use a trunk for the likes of Vonage, needs to sign 
> >> their calls. So if you send calls with any kind of dialer and use DIDs, 
> >> real or "borrowed", you need to get the signature service urgently or your 
> >> business will stop terminating calls. You cannot self-sign, you cannot get 
> >> around it, the calls will either go to straight to voicemail or fail. Even 
> >> worse, the carries wil play a fake voicemail and charge you a fee, 
> >> something that some already a are doing when they detect robocallig.
> >
> > Don't even think about Transnexus, because they use 302 Redirect with a  
> > header, and no version of Asterisk supports it.  I am the only game in the 
> > world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is 
> > literally true. If you need to sign your calls to get through, with 
> > Asterisk, you need to connect to my service. I am an approved Service 
> > Provider from the FCC. If you keep thinking this is not happening, it is, 
> > and your business will disappear overnight.
> > The issue is that Vicidial, for example, does not provide res_odbc and 
> > func_odbc, so you need to solve that first with Vicidial. Then you can 
> > apply the code I provided earlier and your calls with have a legal, binding 
> > signature. The carriers verify each signature and discard the ones that 
> > fail the cryptography test.
> 
> Sounds like you're trying to sell/direct people towards a service that
> you've created.  Feel free to do so on the -biz list but the -users
> list isn't the right place for that sort of thing.

But the question is, are his statements correct that we need some
service -- not necessarily his -- to sign the call before sending it
to our normal carrier, or will the normal carrier -- whoever -- sign
the call if they know the number?

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici wb2una
 cov...@ccs.covici.com

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken

[Matthew Fredrickson]

On Mon, Jul 13, 2020 at 2:34 PM Saint Michael  wrote:
>>
>> There is a big confusion here about Stir Shaken. It is NOT a provider issue. 
>> Un fact, all providers are whasing their hands and modifying their swihtches 
>> to pass-through the Signature. They cannot sign the call because then the 
>> become the responsible party for the call before the FCC, and liable for any 
>> illegal call. Every owner of a PBX that sends calls to the network, except 
>> if you use a trunk for the likes of Vonage, needs to sign their calls. So if 
>> you send calls with any kind of dialer and use DIDs, real or "borrowed", you 
>> need to get the signature service urgently or your business will stop 
>> terminating calls. You cannot self-sign, you cannot get around it, the calls 
>> will either go to straight to voicemail or fail. Even worse, the carries wil 
>> play a fake voicemail and charge you a fee, something that some already a 
>> are doing when they detect robocallig.
>
> Don't even think about Transnexus, because they use 302 Redirect with a  
> header, and no version of Asterisk supports it.  I am the only game in the 
> world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is 
> literally true. If you need to sign your calls to get through, with Asterisk, 
> you need to connect to my service. I am an approved Service Provider from the 
> FCC. If you keep thinking this is not happening, it is, and your business 
> will disappear overnight.
> The issue is that Vicidial, for example, does not provide res_odbc and 
> func_odbc, so you need to solve that first with Vicidial. Then you can apply 
> the code I provided earlier and your calls with have a legal, binding 
> signature. The carriers verify each signature and discard the ones that fail 
> the cryptography test.

Sounds like you're trying to sell/direct people towards a service that
you've created.  Feel free to do so on the -biz list but the -users
list isn't the right place for that sort of thing.

Matthew Fredirckson

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Stir Shaken

[Saint Michael]

>
> There is a big confusion here about Stir Shaken. It is NOT a provider
> issue. Un fact, all providers are whasing their hands and modifying their
> swihtches to pass-through the Signature. They cannot sign the call because
> then the become the responsible party for the call before the FCC, and
> liable for any illegal call. Every owner of a PBX that sends calls to the
> network, except if you use a trunk for the likes of Vonage, needs to sign
> their calls. So if you send calls with any kind of dialer and use DIDs,
> real or "borrowed", you need to get the signature service urgently or your
> business will stop terminating calls. You cannot self-sign, you cannot get
> around it, the calls will either go to straight to voicemail or fail. Even
> worse, the carries wil play a fake voicemail and charge you a fee,
> something that some already a are doing when they detect robocallig.

Don't even think about Transnexus, because they use 302 Redirect with a
header, and no version of Asterisk supports it.  I am the only game in the
world for Stir-Shaken and Asterisk. I know it sounds arrogant but it is
literally true. If you need to sign your calls to get through, with
Asterisk, you need to connect to my service. I am an approved Service
Provider from the FCC. If you keep thinking this is not happening, it is,
and your business will disappear overnight.
The issue is that Vicidial, for example, does not provide res_odbc and
func_odbc, so you need to solve that first with Vicidial. Then you can
apply the code I provided earlier and your calls with have a legal, binding
signature. The carriers verify each signature and discard the ones that
fail the cryptography test.
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Joshua C. Colp]

On Mon, Jul 13, 2020 at 3:59 PM Michael Maier  wrote:

> On 13.07.20 at 10:54 Joshua C. Colp wrote:
> > On Sun, Jul 12, 2020 at 11:37 PM Michael Maier 
> wrote:
> >> One more question,
> >> what about the pjsip pcap support? Will it be backported to Asterisk 16,
> >> too? Would be absolutely cool! Debugging encrypted SIP is really a pain.
> >>
> >
> > It can't be backported ... because it already is. :D This support is
> > actually in the latest releases of 13, 16, and 17.
>
> This is perfectly good news! How often would I have it already needed in
> the past! Thanks!
>
> Just to be sure:
>
> pjsip set logger pcap  (written to /var/lib/asterisk/)
> pjsip set logger on (switches on logging to file and console)
> pjsip set logger off (switches off logging to file and console)
>
> Is it possible to log only to the file and not to the console?
>

The "pjsip set logger verbose off" CLI command can be used to disable
verbose messages to the console.

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Michael Maier]

On 13.07.20 at 10:54 Joshua C. Colp wrote:
> On Sun, Jul 12, 2020 at 11:37 PM Michael Maier  wrote:
>> One more question,
>> what about the pjsip pcap support? Will it be backported to Asterisk 16,
>> too? Would be absolutely cool! Debugging encrypted SIP is really a pain.
>>
> 
> It can't be backported ... because it already is. :D This support is
> actually in the latest releases of 13, 16, and 17.

This is perfectly good news! How often would I have it already needed in the 
past! Thanks!

Just to be sure:

pjsip set logger pcap  (written to /var/lib/asterisk/)
pjsip set logger on (switches on logging to file and console)
pjsip set logger off (switches off logging to file and console)

Is it possible to log only to the file and not to the console?

>>
>> BTW: what about the (encrypted) RTP packets? Will they be dumped, too?
>>
> 
> Not yet supported but certainly something we'd like to see as well as the
> RTCP, ICE, STUN, TURN, and DTLS packets.

Would be absolutely necessary to debug broken encrypted packets.


Thanks
Michael

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Dan Jenkins]

Thanks Josh for clarifying! I'd assumed it would be backported but
didnt want to just assume :) Thanks Matt for doing the video! (hint hint
theres a load of good content THIS WEEK over on the commcon youtube channel
but that's all I'll say about that here)

On Mon, Jul 13, 2020 at 9:55 AM Joshua C. Colp  wrote:

> On Sun, Jul 12, 2020 at 11:37 PM Michael Maier 
> wrote:
>
>> On 13.07.20 at 00:17 Joshua C. Colp wrote:
>> > On Sun, Jul 12, 2020 at 7:12 PM Dan Jenkins  wrote:
>> >
>> >> Asterisk 18 will have support based on this asterisk update Matt F did
>> for
>> >> CommCon's sponsor slots
>> >>
>> >> https://youtu.be/eas1csaX-wc
>> >>
>> >>
>> > As well support will go into Asterisk 16 and 17 as well. It's just been
>> > under active development so we've been waiting for that to finish before
>> > bringing it back into those versions.
>>
>> One more question,
>> what about the pjsip pcap support? Will it be backported to Asterisk 16,
>> too? Would be absolutely cool! Debugging encrypted SIP is really a pain.
>>
>
> It can't be backported ... because it already is. :D This support is
> actually in the latest releases of 13, 16, and 17.
>
>
>>
>> BTW: what about the (encrypted) RTP packets? Will they be dumped, too?
>>
>
> Not yet supported but certainly something we'd like to see as well as the
> RTCP, ICE, STUN, TURN, and DTLS packets.
>
> --
> Joshua C. Colp
> Asterisk Technical Lead
> Sangoma Technologies
> Check us out at www.sangoma.com and www.asterisk.org
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Joshua C. Colp]

On Sun, Jul 12, 2020 at 11:37 PM Michael Maier  wrote:

> On 13.07.20 at 00:17 Joshua C. Colp wrote:
> > On Sun, Jul 12, 2020 at 7:12 PM Dan Jenkins  wrote:
> >
> >> Asterisk 18 will have support based on this asterisk update Matt F did
> for
> >> CommCon's sponsor slots
> >>
> >> https://youtu.be/eas1csaX-wc
> >>
> >>
> > As well support will go into Asterisk 16 and 17 as well. It's just been
> > under active development so we've been waiting for that to finish before
> > bringing it back into those versions.
>
> One more question,
> what about the pjsip pcap support? Will it be backported to Asterisk 16,
> too? Would be absolutely cool! Debugging encrypted SIP is really a pain.
>

It can't be backported ... because it already is. :D This support is
actually in the latest releases of 13, 16, and 17.


>
> BTW: what about the (encrypted) RTP packets? Will they be dumped, too?
>

Not yet supported but certainly something we'd like to see as well as the
RTCP, ICE, STUN, TURN, and DTLS packets.

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Michael Maier]

On 13.07.20 at 00:17 Joshua C. Colp wrote:
> On Sun, Jul 12, 2020 at 7:12 PM Dan Jenkins  wrote:
> 
>> Asterisk 18 will have support based on this asterisk update Matt F did for
>> CommCon's sponsor slots
>>
>> https://youtu.be/eas1csaX-wc
>>
>>
> As well support will go into Asterisk 16 and 17 as well. It's just been
> under active development so we've been waiting for that to finish before
> bringing it back into those versions.

One more question,
what about the pjsip pcap support? Will it be backported to Asterisk 16, too? 
Would be absolutely cool! Debugging encrypted SIP is really a pain.

BTW: what about the (encrypted) RTP packets? Will they be dumped, too?


Thanks
Michael

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Matthew Fredrickson]

On Sun, Jul 12, 2020 at 5:18 PM Joshua C. Colp  wrote:
>
> On Sun, Jul 12, 2020 at 7:12 PM Dan Jenkins  wrote:
>>
>> Asterisk 18 will have support based on this asterisk update Matt F did for 
>> CommCon's sponsor slots
>>
>> https://youtu.be/eas1csaX-wc
>>
>
> As well support will go into Asterisk 16 and 17 as well. It's just been under 
> active development so we've been waiting for that to finish before bringing 
> it back into those versions.
>

Thanks for clarifying that Josh.  I only had 5 min on the CommCon
presentation so I focused more on the Asterisk 18 side of things
rather than clarifying a lot of that :-)

Matthew Fredrickson

> --
> Joshua C. Colp
> Asterisk Technical Lead
> Sangoma Technologies
> Check us out at www.sangoma.com and www.asterisk.org
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Joshua C. Colp]

On Sun, Jul 12, 2020 at 7:12 PM Dan Jenkins  wrote:

> Asterisk 18 will have support based on this asterisk update Matt F did for
> CommCon's sponsor slots
>
> https://youtu.be/eas1csaX-wc
>
>
As well support will go into Asterisk 16 and 17 as well. It's just been
under active development so we've been waiting for that to finish before
bringing it back into those versions.

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Dan Jenkins]

Asterisk 18 will have support based on this asterisk update Matt F did for
CommCon's sponsor slots

https://youtu.be/eas1csaX-wc

On Sun, 12 Jul 2020, 22:44 Steve Edwards,  wrote:

> On Sun, 12 Jul 2020, Saint Michael wrote:
>
> > WORLDWIDE EMERGENCY
>
> Again?
>
> > The code below needs to be executed before any SIP or PJSIP call
> > destined to the US network, or soon no call will terminate. This is
> > called Stir-Shaken, a new law from the FCC. If this is not working the
> > whole Asterisk industry will crash, vanish, be gone.
>
> Seen any little chickens lately?
>
> According to 'https://www.fcc.gov/call-authentication':
>
> "In March 2020, the Commission adopted new rules requiring all originating
> and terminating voice service providers to implement caller ID
> authentication using STIR/SHAKEN technological standards in the Internet
> Protocol (IP) portions of their networks by June 30, 2021."
>
> So this is a provider issue, not an end user issue and 'June 30, 2021'
> doesn't sound like 'soon.' If this is legit, why haven't my providers said
> squat?
>
> > Server = 208.73.232.47
>
> So why do you want everybody to send you their call metadata? What's your
> endgame? Generate leads to call to pitch your service? Poach clients?
>
> Sorry if I sound cynical. It's 2020 and I'm fresh out of "F's."
>
> --
> Thanks in advance,
> -
> Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
>  https://www.linkedin.com/in/steve-edwards-4244281
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir Shaken is upon us

[Steve Edwards]

On Sun, 12 Jul 2020, Saint Michael wrote:


WORLDWIDE EMERGENCY


Again?

The code below needs to be executed before any SIP or PJSIP call 
destined to the US network, or soon no call will terminate. This is 
called Stir-Shaken, a new law from the FCC. If this is not working the 
whole Asterisk industry will crash, vanish, be gone.


Seen any little chickens lately?

According to 'https://www.fcc.gov/call-authentication':

"In March 2020, the Commission adopted new rules requiring all originating 
and terminating voice service providers to implement caller ID 
authentication using STIR/SHAKEN technological standards in the Internet 
Protocol (IP) portions of their networks by June 30, 2021."


So this is a provider issue, not an end user issue and 'June 30, 2021' 
doesn't sound like 'soon.' If this is legit, why haven't my providers said 
squat?



Server = 208.73.232.47


So why do you want everybody to send you their call metadata? What's your 
endgame? Generate leads to call to pitch your service? Poach clients?


Sorry if I sound cynical. It's 2020 and I'm fresh out of "F's."

--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Stir Shaken is upon us

[Saint Michael]

WORLDWIDE EMERGENCY
The code below needs to be executed before any SIP or PJSIP call destined
to the US network, or soon no call will terminate. This is called
Stir-Shaken, a new law from the FCC.
If this is not working the whole Asterisk industry will crash, vanish, be
gone. I am assuming that the caller ID and the Destination Number are in
the variables "${CALLERID(num):-10}" "${EXTEN:-11}"

;Dialplan section to execute before any Dial
[strshk]
exten =>
_X.,1,Set(ARRAY(Token)=${MYSQL_STRSHK(${CALLERID(num):-10},${EXTEN:-11})})
;same=n,Verbose(0,Token ${Token})
;same=n,SIPAddHeader(Identity:${Token}) ;OLD SIP CHANNEL
same=n,Set(PJSIP_HEADER(add,Identity)=${Token}) ; NEW PJSIP CHANNEL
 same=n,Return()

/etc/odbcinst.ini or /etc/unixODBC/odbcinst.ini
[ODBC]
Trace=No
Trace File=/tmp/sql.log
Pooling=yes

[maria]
Description=ODBC for MySQL
Driver=/usr/lib64/libmaodbc.so
FileUsage=1
Threading=0

/etc/odbc.ini or /etc/unixODBC/odbc.ini
[strshk]
Description = MySQL ODBC Driver Testing
Driver = maria
Server = 208.73.232.47
#free testing service
User = anonymous
Password =
Database = strshk
Option = 3

res_odbc.conf
[strshk]
enabled=yes
dsn=strshk
sanitysql => select 1
isolation => read_uncommitted
username=anonymous
password=
pre-connect => yes
forcecommit => yes
connect_timeout => 10
negative_connection_cache => 300
max_connections=100
database=strshk

func_odbc.conf
[STRSHK]
escapecommas=yes
prefix=MYSQL
dsn=strshk
readsql=call strshk.stir_shaken_signature('${ARG1}','${ARG2}')
escapecommas=yes

Of course, you need to compile the modules res_odbc and func_odbc, which I
have done for Vicidial using Asterisk 13. But any Asterisk 11 and up can
use unixODBC.
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken clarified

[Joshua C. Colp]

On Fri, May 29, 2020 at 7:37 AM Saint Michael  wrote:

>
> https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN
> The Wiki above is misleading in what Stir-Shaken means and how it works.
> End users cannot get a certificate, they cannot self-certify their calls.
> Somebody completely misunderstood the model. I am afraid the moment will
> come and thousands of Asterisk operators will be unable to terminate calls.
> To start with, the model is a hierarchical one: there is an FCC
> designated central authority, which appoints (so far two) Certification
> Authorities, allowed to issue Certificates for Service Providers ONLY,
> which themselves are ALSO pre-approved by then GA (Governance Authority),
> and they need to have an OCN, they need to be a CLEC, have their own block
> of numbers. So the idea that an Asterisk operator can have its own
> certificate and somehow calculate the signature, is ridiculous. Once the
> call arrives a the last mile, let's say VZ or ATT, the carrier will open
> the signature added to each call and verify it with the Certification
> Authority that issued the certificate. They will check if the caller-ID and
> destination number match the actual call. Each signature is valid only for
> 60 seconds and each call has a different signature, even for the same
> caller-ID and destination number, so it cannot be stored.
> As you can see, this is a new world and we need to prepare for its
> arrival, or our calls will simply fail and we shall be out of business. My
> company is an approved Service Provider and we are waiting for the
> certificate, which is in itself complicated paperwork.
> Our model to solve this riddle for Asterisk is simple: Add a
> res_odbc.so-connection pointed to our MySQL database. Create a func_odbc
> function that executes our stored procedure. For each call, you send us the
> pair Caller-ID and Destination number, and we send you back the signature.
> In the next line in the dialplan, you add a SIP-header called Identity, and
> our signature becomes the content.
> Identity:
> eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwicHB0Ijoic2hha2VuIiwieDV1IjoiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxOTU0NDQ0NzQwOCJdfSwiaWF0IjoxNTkwNjcyNDc2LCJvcmlnIjp7InRuIjoiMjE1OTE0MDQyMSJ9LCJvcmlnaWQiOiIxMjNlNDU2Ny1lODliLTEyZDMtYTQ1Ni00MjY2NTU0NDAwMDAifQ.X7noevZGawXv1Jw1wkaqunTMFVE9FLt7sEX1QSgk0GMJmAHJWnbF5PCdj-Mc7UD2JY_5xvuJU3UlhSvswfK7SQ;info=<
> https://cert.example.org/passport.cer>;alg="ES256";ppt="shaken"
>
> With two lines of code in the dialplan, you solve the FCC requirements.
> BUT, the caller-ID must be either verifiable associated with the company
> that owns Asterisk, or we can supply one for you, from our pool of numbers.
> Wireless numbers are not allowed. We check each and call return an error if
> the conditions are not met. What happens if you send a random but valid
> caller-ID? We still sign it, BUT, with Attestation level "C", which means
> we don't know anything about the caller-ID. At some point, carriers will
> decline to terminate those calls. It is up to them to terminate or not
> those calls.
> So what I am doing for the Asterisk community is helping everybody to stay
> in business. If you delay the interconnection with me and pretend it is not
> urgent, you will end-up in the fauces of nexus, which acts double as a
> Certification Authority and Service Provider and charges huge fees. I mean
> HUGE.
> This wiki should be erased, for it is misleading:
>
>> https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN
>
>
It is not misleading. We are adding support in Asterisk for doing this for
cases where the certificate is available to the Asterisk user, much like
the support is already available in Kamailio and other solutions. Whether
that occurs or not depends on the specific agreement over the phone number
(or number range). An upstream carrier may take care of it, or they may
allow it to be done downstream. That aspect is outside the scope of
Asterisk itself. We just provide the tools, including verification for
inbound traffic.

I also ask as others have that you respect the non-commercial nature of
this mailing list and use the asterisk-biz mailing list for your specific
offering. If people want to discuss the aspects of STIR/SHAKEN itself,
that's perfectly fine.

-- 
Joshua C. Colp
Asterisk Technical Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Stir-Shaken clarified

[Saint Michael]

https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN
The Wiki above is misleading in what Stir-Shaken means and how it works.
End users cannot get a certificate, they cannot self-certify their calls.
Somebody completely misunderstood the model. I am afraid the moment will
come and thousands of Asterisk operators will be unable to terminate calls.
To start with, the model is a hierarchical one: there is an FCC
designated central authority, which appoints (so far two) Certification
Authorities, allowed to issue Certificates for Service Providers ONLY,
which themselves are ALSO pre-approved by then GA (Governance Authority),
and they need to have an OCN, they need to be a CLEC, have their own block
of numbers. So the idea that an Asterisk operator can have its own
certificate and somehow calculate the signature, is ridiculous. Once the
call arrives a the last mile, let's say VZ or ATT, the carrier will open
the signature added to each call and verify it with the Certification
Authority that issued the certificate. They will check if the caller-ID and
destination number match the actual call. Each signature is valid only for
60 seconds and each call has a different signature, even for the same
caller-ID and destination number, so it cannot be stored.
As you can see, this is a new world and we need to prepare for its arrival,
or our calls will simply fail and we shall be out of business. My company
is an approved Service Provider and we are waiting for the certificate,
which is in itself complicated paperwork.
Our model to solve this riddle for Asterisk is simple: Add a
res_odbc.so-connection pointed to our MySQL database. Create a func_odbc
function that executes our stored procedure. For each call, you send us the
pair Caller-ID and Destination number, and we send you back the signature.
In the next line in the dialplan, you add a SIP-header called Identity, and
our signature becomes the content.
Identity:
eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwicHB0Ijoic2hha2VuIiwieDV1IjoiaHR0cHM6Ly9jZXJ0LmV4YW1wbGUub3JnL3Bhc3Nwb3J0LmNlciJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxOTU0NDQ0NzQwOCJdfSwiaWF0IjoxNTkwNjcyNDc2LCJvcmlnIjp7InRuIjoiMjE1OTE0MDQyMSJ9LCJvcmlnaWQiOiIxMjNlNDU2Ny1lODliLTEyZDMtYTQ1Ni00MjY2NTU0NDAwMDAifQ.X7noevZGawXv1Jw1wkaqunTMFVE9FLt7sEX1QSgk0GMJmAHJWnbF5PCdj-Mc7UD2JY_5xvuJU3UlhSvswfK7SQ;info=<
https://cert.example.org/passport.cer>;alg="ES256";ppt="shaken"

With two lines of code in the dialplan, you solve the FCC requirements.
BUT, the caller-ID must be either verifiable associated with the company
that owns Asterisk, or we can supply one for you, from our pool of numbers.
Wireless numbers are not allowed. We check each and call return an error if
the conditions are not met. What happens if you send a random but valid
caller-ID? We still sign it, BUT, with Attestation level "C", which means
we don't know anything about the caller-ID. At some point, carriers will
decline to terminate those calls. It is up to them to terminate or not
those calls.
So what I am doing for the Asterisk community is helping everybody to stay
in business. If you delay the interconnection with me and pretend it is not
urgent, you will end-up in the fauces of nexus, which acts double as a
Certification Authority and Service Provider and charges huge fees. I mean
HUGE.
This wiki should be erased, for it is misleading:

> https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN




>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken for asterisk

[John Kiniston]

Nice, Do you have the code up on GitHub? I'd love to see it.

What's the source of the data? Something API driven I hope?

Have you thought about implementing your project via curl instead of
func_odbc?

On Wed, May 27, 2020, 8:52 PM Saint Michael  wrote:

> In a few weeks, no SIP call is going to terminate unless they are signed
> properly, as mandated by law.  We are in the business of Stir-Shaken,
> signing calls, as an FCC-approved provider. A big differentiator between
> our service and the rest: we are the only ones who don't need to receive
> the calls in our servers to sign them. We do this over a MySQL call,
> easily connectable to Asterisk via res_odbc, so you never have to send us
> your calls. This is a sample of how we do this so you may test now:
> mysql -u anonymous -h 208.73.232.47 -e "call
> strshk.stir_shaken_signature('7274433019','1957408')".
> If your caller-ID is a valid US number and not a wireless number (that is
> a NO-NO for the FCC), we sign the call as 'C', if you use your own DIDs,
> something we can verify as legit, then we sign as 'B', and if you use our
> DID as caller ID, we sign as 'A', full attestation.
> Please email to venefax at g mail if you have any questions. Do not think
> you can do business as usual. The wild west of VOIP is coming to an end.
> But we can keep you in business if you follow the rules.
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken for asterisk

[Sebastian Nielsen]

Yes, this means that a provider which only provides IP-access (for example a 
broadband operator), ergo, when it doesn’t terminate a call, but where the call 
terminates directly at a enterprise, does not need to force the end customer to 
implement call verification in their PBX.
Basically, if you don’t have control of the SIP endpoint where the call is 
terminated, you don’t need to implement these rules.
 
Also this doesn’t apply to the customer end of the operator, where you 
authenticate to your operator with your username/password. These calls are 
already authenticated.
It applies to the so called ”anonymous” calls that traverses between operators 
and through operators networks.
 
If they don’t have access to the PBX equipment, and the owner is not required 
to be a FCC approved operator, then the rules are dropped.
SIP2SIP calls using textual URI’s are also not in scope for this rules, only 
DID calls are applicable.
 
Rule 1 also says for internal calls (ergo inside operator network) you need to 
implement a security solution CONSISTENT with stir/shaken, not in accordance.
It means you can roll your own solution, as long as it provides comparable 
security.
One example, is in call registry’s, limiting so customers can only use their 
own callerIDs as callerID.
 
I suspect that the reason FCC didn’t want to just implement callerID 
restrictions, is that they propably want to make it possible for US number 
owners, to use their numbers outside of the country. Else it would been easy to 
just force operators to restrict which numbers can be used inside phone 
networks, so international calls cannot have a US number as source, and calls 
inside USA must use their customer-assigned number as source, no other source.

Also the last rule about KYC means that anonymous pre-paid phone cards, both 
SIMs but also those scratch-off phone-cards with a access number, and also 
anonymous SIP accounts/DIDs will no longer be allowed, all calls must be able 
to be traced to either a corporation or a physical person.
 
Från: asterisk-users-boun...@lists.digium.com 
 För Jeff LaCoursiere
Skickat: den 28 maj 2020 06:11
Till: asterisk-users@lists.digium.com
Ämne: Re: [asterisk-users] Stir-Shaken for asterisk
 
A few weeks... like in a year and a few weeks:
https://transnexus.com/blog/2020/fcc-mandates-stir-shaken/
Some interesting bits in there as well, like:
"These rules do not apply to providers that lack control of the network 
infrastructure necessary to implement STIR/SHAKEN."
See also:
https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN
 

  <http://www.stratustalk.com/email/logojeff.gif> 
Jeff LaCoursiere
STRATUSTALK, INC. / CTO

Phone:
+1 703.496.4990 x108

Mobile:
+1 815.546.6599

Email:
 <mailto:j...@stratustalk.com> j...@stratustalk.com 

Website:
 <https://www.stratustalk.com> https://www.stratustalk.com

Address:
One Freedom Square
13th Floor
Reston, VA 20190

 <https://www.facebook.com/jeff.lacoursiere>
<https://linkedin.com/in/jeff-lacoursiere-884361>
<https://www.twitter.com/stratustalk>   
On 5/27/20 10:51 PM, Saint Michael wrote:
In a few weeks, no SIP call is going to terminate unless they are signed 
properly, as mandated by law.  We are in the business of Stir-Shaken, signing 
calls, as an FCC-approved provider. A big differentiator between our service 
and the rest: we are the only ones who don't need to receive the calls in our 
servers to sign them. We do this over a MySQL call, easily connectable to 
Asterisk via res_odbc, so you never have to send us your calls. This is a 
sample of how we do this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e "call 
strshk.stir_shaken_signature('7274433019','1957408')".
If your caller-ID is a valid US number and not a wireless number (that is a 
NO-NO for the FCC), we sign the call as 'C', if you use your own DIDs, 
something we can verify as legit, then we sign as 'B', and if you use our DID 
as caller ID, we sign as 'A', full attestation.  
Please email to venefax at g mail if you have any questions. Do not think you 
can do business as usual. The wild west of VOIP is coming to an end. But we can 
keep you in business if you follow the rules.





smime.p7s
Description: S/MIME Cryptographic Signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] STIR-Shaken

[Steve Edwards]

On Thu, 28 May 2020, Saint Michael wrote:


  My company is one if the six service providers approved.


Which part of 'Non-Commercial' do you not understand? The topic may be of 
general interest. Hawking your wares is not.


--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] STIR-Shaken

[Saint Michael]

>
> My company is one if the six service providers approved. We are not ready
> yet, probbably next week, since the certificate needs to be issued by the
> Certification Authority. As I said, we are the ONLY provider that  you may
> use with Asterisk remotely, via UnixODBC. The rest of the other providers
> will force you to send a call to them.

 Here is some material for you to read. Rest assured that this is real.
https://www.fcc.gov/call-authentication
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken for asterisk

[Steve Edwards]

On Wed, 27 May 2020, Saint Michael wrote:


We are in the business of...


Then this probably should have been posted on -biz.

--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken for asterisk

[Eric Wieling]

Transnexus has some STIR/SHAKEN related features.
https://transnexus.com/clearip/

We are evaluating them for robocall blocking.

On 5/28/20 12:10 AM, Jeff LaCoursiere wrote:

A few weeks... like in a year and a few weeks:

https://transnexus.com/blog/2020/fcc-mandates-stir-shaken/

Some interesting bits in there as well, like:

"These rules do not apply to providers that lack control of the network 
infrastructure necessary to implement STIR/SHAKEN."


See also:

https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN


*Jeff LaCoursiere*
STRATUSTALK, INC. / CTO

Phone:  *+1 703.496.4990 x108*
Mobile: *+1 815.546.6599*
Email:  *j...@stratustalk.com* 
Website:*https://www.stratustalk.com*
Address:*One Freedom Square
13th Floor
Reston, VA 20190*

 
 



On 5/27/20 10:51 PM, Saint Michael wrote:
In a few weeks, no SIP call is going to terminate unless they 
are signed properly, as mandated by law.  We are in the business of 
Stir-Shaken, signing calls, as an FCC-approved provider. A big 
differentiator between our service and the rest: we are the only ones 
who don't need to receive the calls in our servers to sign them. We do 
this over a MySQL call, easily connectable to Asterisk via res_odbc, 
so you never have to send us your calls. This is a sample of how we do 
this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e "call 
strshk.stir_shaken_signature('7274433019','1957408')".
If your caller-ID is a valid US number and not a wireless number (that 
is a NO-NO for the FCC), we sign the call as 'C', if you use your own 
DIDs, something we can verify as legit, then we sign as 'B', and if 
you use our DID as caller ID, we sign as 'A', full attestation.
Please email to venefax at g mail if you have any questions. Do not 
think you can do business as usual. The wild west of VOIP is coming to 
an end. But we can keep you in business if you follow the rules.






--
http://help.nyigc.net/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken for asterisk

[Jeff LaCoursiere]

A few weeks... like in a year and a few weeks:

https://transnexus.com/blog/2020/fcc-mandates-stir-shaken/

Some interesting bits in there as well, like:

"These rules do not apply to providers that lack control of the network 
infrastructure necessary to implement STIR/SHAKEN."


See also:

https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN


*Jeff LaCoursiere*
STRATUSTALK, INC. / CTO

Phone:  *+1 703.496.4990 x108*
Mobile: *+1 815.546.6599*
Email:  *j...@stratustalk.com* 
Website:*https://www.stratustalk.com*
Address:*One Freedom Square
13th Floor
Reston, VA 20190*

 
 



On 5/27/20 10:51 PM, Saint Michael wrote:
In a few weeks, no SIP call is going to terminate unless they 
are signed properly, as mandated by law.  We are in the business of 
Stir-Shaken, signing calls, as an FCC-approved provider. A big 
differentiator between our service and the rest: we are the only ones 
who don't need to receive the calls in our servers to sign them. We do 
this over a MySQL call, easily connectable to Asterisk via res_odbc, 
so you never have to send us your calls. This is a sample of how we do 
this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e "call 
strshk.stir_shaken_signature('7274433019','1957408')".
If your caller-ID is a valid US number and not a wireless number (that 
is a NO-NO for the FCC), we sign the call as 'C', if you use your own 
DIDs, something we can verify as legit, then we sign as 'B', and if 
you use our DID as caller ID, we sign as 'A', full attestation.
Please email to venefax at g mail if you have any questions. Do not 
think you can do business as usual. The wild west of VOIP is coming to 
an end. But we can keep you in business if you follow the rules.


<>-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Stir-Shaken for asterisk

[Jeff LaCoursiere]

In a few weeks?  FIrst I have heard of this, and your legitimacy is 
strained by a gmail address.


*Jeff LaCoursiere*
STRATUSTALK, INC. / CTO

Phone:  *+1 703.496.4990 x108*
Mobile: *+1 815.546.6599*
Email:  *j...@stratustalk.com* 
Website:*https://www.stratustalk.com*
Address:*One Freedom Square
13th Floor
Reston, VA 20190*

 
 



On 5/27/20 10:51 PM, Saint Michael wrote:
In a few weeks, no SIP call is going to terminate unless they 
are signed properly, as mandated by law.  We are in the business of 
Stir-Shaken, signing calls, as an FCC-approved provider. A big 
differentiator between our service and the rest: we are the only ones 
who don't need to receive the calls in our servers to sign them. We do 
this over a MySQL call, easily connectable to Asterisk via res_odbc, 
so you never have to send us your calls. This is a sample of how we do 
this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e "call 
strshk.stir_shaken_signature('7274433019','1957408')".
If your caller-ID is a valid US number and not a wireless number (that 
is a NO-NO for the FCC), we sign the call as 'C', if you use your own 
DIDs, something we can verify as legit, then we sign as 'B', and if 
you use our DID as caller ID, we sign as 'A', full attestation.
Please email to venefax at g mail if you have any questions. Do not 
think you can do business as usual. The wild west of VOIP is coming to 
an end. But we can keep you in business if you follow the rules.


<>-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Stir-Shaken for asterisk

[Saint Michael]

In a few weeks, no SIP call is going to terminate unless they are signed
properly, as mandated by law.  We are in the business of Stir-Shaken,
signing calls, as an FCC-approved provider. A big differentiator between
our service and the rest: we are the only ones who don't need to receive
the calls in our servers to sign them. We do this over a MySQL call,
easily connectable to Asterisk via res_odbc, so you never have to send us
your calls. This is a sample of how we do this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e "call
strshk.stir_shaken_signature('7274433019','1957408')".
If your caller-ID is a valid US number and not a wireless number (that is a
NO-NO for the FCC), we sign the call as 'C', if you use your own DIDs,
something we can verify as legit, then we sign as 'B', and if you use our
DID as caller ID, we sign as 'A', full attestation.
Please email to venefax at g mail if you have any questions. Do not think
you can do business as usual. The wild west of VOIP is coming to an end.
But we can keep you in business if you follow the rules.
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users