Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Carlos, Sorry for the delayed response. Can you email me on my 9-5 do...@flatplanetphone.com? TIA. Dovid On Mon, Aug 31, 2020 at 10:01 AM Carlos Perez wrote: > Dovid, > > Sansay will take care of everything you need. I will contact you > separately. > > On Mon, Aug 31, 2020 at 3:38 AM Dovid Bender wrote: > >> Hi, >> >> Does anyone have a recommendation for a company that get us everything >> needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert >> etc. From the small research I have done there is a lot of fragmented >> information out there and it would be easier for us to pay someone else to >> do this then invest our own time to take care of this. >> >> TIA. >> >> Regards, >> >> Dovid >> >> ___ >> VoiceOps mailing list >> VoiceOps@voiceops.org >> https://puck.nether.net/mailman/listinfo/voiceops >> > -- > > Carlos Perez > Sansay, Inc. > +1 858-754-2216 Direct > +1 858-754-2211 Support > +1-858-754-2200 Main > ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
So far this trail of emails is correct. All calls have to be traceable back to the origination provider (via PA registered certificates) for legal enforcement purposes. So each SP will need to authenticate (guarantee validity of) their own calls. You just don’t necessarily need access to your own phone numbers if you lease. I would add that not only will a network likely be blocked for monkey business, it will be prosecuted too. And with the recent passing of the Traced Act and all the hype at the FCC lately they’re likely to impose big penalties on bad-actors. Dave From: VoiceOps On Behalf Of Mark Lindsey Sent: Wednesday, September 2, 2020 2:01 PM To: Alex Balashov Cc: VoiceOps Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup SHAKEN doesn't record the chain (like you'd see with Via headers, for example) of Intermediate Providers who handle the call. There's only one Identity header and it is to be passed unchanged from the origin point to the terminating Voice Service Provider. When the Identity header with PASSporT arrives at the final Voice Service Provider, that recipient can determine who created the PASSporT and then make judgments. For example, there has been a lot of discussion in FCC filings about "reputation" of service providers. Perhaps you could subscribe to a Reputation database to determine what to do with the calls. For example, "This call got an A level attestation from XYZTelecom, but XYZTelecom has a 5% score in the reputation database, so I'm going to treat it as if this call is likely a nuisance call." Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co <mailto:m...@ecg.co> | <https://ecg.co/lindsey/> https://ecg.co/lindsey/ On Sep 2, 2020, at 2:52 PM, Alex Balashov mailto:abalas...@evaristesys.com> > wrote: Thank you, that’s very clear and sums it all up! One lingering question: even without providing a fully attestable chain of custody, if the call took a route A -> B -> C, are signatures cumulative such that I could block calls attested by B coming through C? Or am I constrained to blocking a certain level of attestation only through the last/proximate peering hop (C) that directly touches me? I suppose success is going to come down to the on-the-ground realities, political viability, etc of taking that “block attested calls from carrier X” step. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:47 PM, Paul Timmins mailto:ptimm...@clearrate.com> > wrote: The solution is that you sign your calls with your certificate. Carriers aren't doing LNP dips to verify the number is really yours, they're trusting your attestation (A: yes, the caller id is verified, B: it comes from our customer, but not verified, C: "this touched our switches, good luck with it"). If you attest total nonsense as A, or send tons of nonsense in general, people start blocking calls you sign. It really verifies who is sending the call, and what that company says the call is verified, not a full chain of custody of the number back to the NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is signing tons of bullshit. Let's block attested calls from his SPID" -Paul _ From: VoiceOps mailto:voiceops-boun...@voiceops.org> > on behalf of Alex Balashov mailto:abalas...@evaristesys.com> > Sent: Wednesday, September 2, 2020 2:42 PM To: VoiceOps Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup LCR or no LCR, using a termination vendor that is different to one’s origination vendor for a given CID is more normal than not in VoIP. I would guess it’s the default wholesale use-case. Origination and termination are very different business models with radically different economics. I’m not clear on what the official STIR/SHAKEN solution to this is. I assume it’s delegated certificates as Jared suggested. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:39 PM, Carlos Alvarez mailto:caalva...@gmail.com> > wrote: If I understand correctly, no as long as your providers are all supporting this. What I think you mean is that you get origination/DIDs from say Bandwidth, and you use LCR to route calls to whoever is cheapest? There are ways to work with that challenge as long as your carriers are ready to do so. On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger mailto:ja...@compuwizz.net> > wrote: If we purchase our numbers through wholesalers, would we need delegated certificates if we are sending an outbound call through a vendor that is not the wholesaler we got the number from? On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen mailto:dfri...@wabash.net> > wrote: There is a
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Replace “robocalls” with “spoofed calls” and you would be correct. A service provider can legitimately provide A attestation to calls that turn out to be illegal robocalls, as long as the caller can legitimately use the number they are calling from. At that point the traceback functionality of STIR/SHAKEN can be invoked and trace the call back to the robocaller for prosecution. The service provider would not be on the hook for attesting the illegal calls. However, if the calling number is spoofed and is not one that the end user can legitimately use, the service provider could have their SHAKEN certificate revoked for attesting that traffic at the A level (presumably after a certain period of warning and if they were not responsive to resolving the situation). From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Paul Timmins Sent: Wednesday, September 2, 2020 12:12 PM To: voiceops@voiceops.org Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup Exactly that. The idea is collateral pain for misbehavior. Or attorneys general knocking on doors wondering why they're allowing robocalls through their network. Ideally both. On 9/2/20 3:06 PM, Alex Balashov wrote: That’s what I thought, thank you for clarifying. I was just confused because of the language in Paul’s previous explanation—no fault of his. But in the bottom of the barrel, it will leave some folks with a conundrum about what to do when XYZTelecom sends their good conversational traffic through their peer A, and their crappier traffic through their peer B. But I suppose that is the very dilemma that this technique is meant to force. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 3:01 PM, Mark Lindsey <mailto:lind...@e-c-group.com> wrote: SHAKEN doesn't record the chain (like you'd see with Via headers, for example) of Intermediate Providers who handle the call. There's only one Identity header and it is to be passed unchanged from the origin point to the terminating Voice Service Provider. When the Identity header with PASSporT arrives at the final Voice Service Provider, that recipient can determine who created the PASSporT and then make judgments. For example, there has been a lot of discussion in FCC filings about "reputation" of service providers. Perhaps you could subscribe to a Reputation database to determine what to do with the calls. For example, "This call got an A level attestation from XYZTelecom, but XYZTelecom has a 5% score in the reputation database, so I'm going to treat it as if this call is likely a nuisance call." Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co<mailto:m...@ecg.co> | https://ecg.co/lindsey/<https://urldefense.proofpoint.com/v2/url?u=https-3A__ecg.co_lindsey_=DwMDaQ=N13-TaG7c-EYAiUNohBk74oLRjUiBTwVm-KSnr4bPSc=VcRLyVxkyGds34uxiPM944HQvaWq-nynyZXfNpSfhOs=1R2piqtkdrEiuvmHt_qcplO7ZJqMdIkxdu_REKvI5-0=bfpZN3Qs-XiEWVqI-UO_RSGfdV7fqcSBPBneAU7IkNc=> On Sep 2, 2020, at 2:52 PM, Alex Balashov mailto:abalas...@evaristesys.com>> wrote: Thank you, that’s very clear and sums it all up! One lingering question: even without providing a fully attestable chain of custody, if the call took a route A -> B -> C, are signatures cumulative such that I could block calls attested by B coming through C? Or am I constrained to blocking a certain level of attestation only through the last/proximate peering hop (C) that directly touches me? I suppose success is going to come down to the on-the-ground realities, political viability, etc of taking that “block attested calls from carrier X” step. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:47 PM, Paul Timmins mailto:ptimm...@clearrate.com>> wrote: The solution is that you sign your calls with your certificate. Carriers aren't doing LNP dips to verify the number is really yours, they're trusting your attestation (A: yes, the caller id is verified, B: it comes from our customer, but not verified, C: "this touched our switches, good luck with it"). If you attest total nonsense as A, or send tons of nonsense in general, people start blocking calls you sign. It really verifies who is sending the call, and what that company says the call is verified, not a full chain of custody of the number back to the NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is signing tons of bullshit. Let's block attested calls from his SPID" -Paul From: VoiceOps mailto:voiceops-boun...@voiceops.org>> on behalf of Alex Balashov mailto:abalas...@evaristesys.com>> Sent: Wednesday, September 2, 2020 2:42 PM To: VoiceOps Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup LCR or no LCR, using a termination vend
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Exactly that. The idea is collateral pain for misbehavior. Or attorneys general knocking on doors wondering why they're allowing robocalls through their network. Ideally both. On 9/2/20 3:06 PM, Alex Balashov wrote: That’s what I thought, thank you for clarifying. I was just confused because of the language in Paul’s previous explanation—no fault of his. But in the bottom of the barrel, it will leave some folks with a conundrum about what to do when XYZTelecom sends their good conversational traffic through their peer A, and their crappier traffic through their peer B. But I suppose that is the very dilemma that this technique is meant to force. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 3:01 PM, Mark Lindsey wrote: SHAKEN doesn't record the chain (like you'd see with Via headers, for example) of Intermediate Providers who handle the call. There's only one Identity header and it is to be passed unchanged from the origin point to the terminating Voice Service Provider. When the Identity header with PASSporT arrives at the final Voice Service Provider, that recipient can determine who created the PASSporT and then make judgments. For example, there has been a lot of discussion in FCC filings about "reputation" of service providers. Perhaps you could subscribe to a Reputation database to determine what to do with the calls. For example, "This call got an A level attestation from XYZTelecom, but XYZTelecom has a 5% score in the reputation database, so I'm going to treat it as if this call is likely a nuisance call." *Mark R Lindsey, SMTS**| **+1-229-316-0013|m...@ecg.co <mailto:m...@ecg.co>**|**https://ecg.co/lindsey/* * * On Sep 2, 2020, at 2:52 PM, Alex Balashov <mailto:abalas...@evaristesys.com>> wrote: Thank you, that’s very clear and sums it all up! One lingering question: even without providing a fully attestable chain of custody, if the call took a route A -> B -> C, are signatures cumulative such that I could block calls attested by B coming through C? Or am I constrained to blocking a certain level of attestation only through the last/proximate peering hop (C) that directly touches me? I suppose success is going to come down to the on-the-ground realities, political viability, etc of taking that “block attested calls from carrier X” step. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:47 PM, Paul Timmins <mailto:ptimm...@clearrate.com>> wrote: The solution is that you sign your calls with your certificate. Carriers aren't doing LNP dips to verify the number is really yours, they're trusting your attestation (A: yes, the caller id is verified, B: it comes from our customer, but not verified, C: "this touched our switches, good luck with it"). If you attest total nonsense as A, or send tons of nonsense in general, people start blocking calls you sign. It really verifies who is sending the call, and what that company says the call is verified, not a full chain of custody of the number back to the NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is signing tons of bullshit. Let's block attested calls from his SPID" -Paul *From:* VoiceOps <mailto:voiceops-boun...@voiceops.org>> on behalf of Alex Balashov mailto:abalas...@evaristesys.com>> *Sent:* Wednesday, September 2, 2020 2:42 PM *To:* VoiceOps *Subject:* Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup LCR or no LCR, using a termination vendor that is different to one’s origination vendor for a given CID is more normal than not in VoIP. I would guess it’s the default wholesale use-case. Origination and termination are very different business models with radically different economics. I’m not clear on what the official STIR/SHAKEN solution to this is. I assume it’s delegated certificates as Jared suggested. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:39 PM, Carlos Alvarez <mailto:caalva...@gmail.com>> wrote: If I understand correctly, no as long as your providers are all supporting this. What I think you mean is that you get origination/DIDs from say Bandwidth, and you use LCR to route calls to whoever is cheapest? There are ways to work with that challenge as long as your carriers are ready to do so. On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger <mailto:ja...@compuwizz.net>> wrote: If we purchase our numbers through wholesalers, would we need delegated certificates if we are sending an outbound call through a vendor that is not the wholesaler we got the number from? On Wed, Sep 2, 2020 at 7:22 AM Dave
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Once signed, you just pass it on with its existing signature. Only the originator signs it. It could technically have multiple headers, but that's not the intent. As for on the ground realities, I can only point out that out of 8008 possibly signed inbound calls in the last 24 hours (only my intelliquent SIP trunks have the ability to pass the identity header right now): 319 have attest A, None have attest B, 2 have Attest C 310 of the calls were T-Mobile, 5 were comcast, and 6 were other. Out of the last 10,000 calls I have originated toward the STIR/SHAKEN routes (which covers about 2 hours), I signed: 2643 have attest A 4695 have attest B (this is our default where I haven't explicitly verified the customer is only sending numbers that are theirs) 244 have attest C (this gets triggered if there's a header indicating the call was redirected) It's really not as complicated as people are making it out to be. Transnexus has been great to work with, as has Inteliquent. -Paul On 9/2/20 2:52 PM, Alex Balashov wrote: Thank you, that’s very clear and sums it all up! One lingering question: even without providing a fully attestable chain of custody, if the call took a route A -> B -> C, are signatures cumulative such that I could block calls attested by B coming through C? Or am I constrained to blocking a certain level of attestation only through the last/proximate peering hop (C) that directly touches me? I suppose success is going to come down to the on-the-ground realities, political viability, etc of taking that “block attested calls from carrier X” step. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:47 PM, Paul Timmins wrote: The solution is that you sign your calls with your certificate. Carriers aren't doing LNP dips to verify the number is really yours, they're trusting your attestation (A: yes, the caller id is verified, B: it comes from our customer, but not verified, C: "this touched our switches, good luck with it"). If you attest total nonsense as A, or send tons of nonsense in general, people start blocking calls you sign. It really verifies who is sending the call, and what that company says the call is verified, not a full chain of custody of the number back to the NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is signing tons of bullshit. Let's block attested calls from his SPID" -Paul *From:* VoiceOps on behalf of Alex Balashov *Sent:* Wednesday, September 2, 2020 2:42 PM *To:* VoiceOps *Subject:* Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup LCR or no LCR, using a termination vendor that is different to one’s origination vendor for a given CID is more normal than not in VoIP. I would guess it’s the default wholesale use-case. Origination and termination are very different business models with radically different economics. I’m not clear on what the official STIR/SHAKEN solution to this is. I assume it’s delegated certificates as Jared suggested. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: If I understand correctly, no as long as your providers are all supporting this. What I think you mean is that you get origination/DIDs from say Bandwidth, and you use LCR to route calls to whoever is cheapest? There are ways to work with that challenge as long as your carriers are ready to do so. On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger <mailto:ja...@compuwizz.net>> wrote: If we purchase our numbers through wholesalers, would we need delegated certificates if we are sending an outbound call through a vendor that is not the wholesaler we got the number from? On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen mailto:dfri...@wabash.net>> wrote: There is a STIR-SHAKEN process of registering and testing with the Policy Administrator (PA) as a certified Service Provider (SP) before you can purchase SHAKEN token certificates from a Certificate Authority (CA) and begin to engage in using the technology. This is not a walk in the park. Transnexus is one of two public CA's in the U.S. today. They are experts on the subject and can help you through both processes. In order to get the best call attestation you must prove to the PA and CA that you are a bono fide service provider and not a bad-acting enterprise on a network that deserves lesser attestation levels. One of the registration requirements is a SP 's access to valid national phone number pools. This has been very confusing for some resale provide
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
That’s what I thought, thank you for clarifying. I was just confused because of the language in Paul’s previous explanation—no fault of his. But in the bottom of the barrel, it will leave some folks with a conundrum about what to do when XYZTelecom sends their good conversational traffic through their peer A, and their crappier traffic through their peer B. But I suppose that is the very dilemma that this technique is meant to force. — Sent from mobile, with due apologies for brevity and errors. > On Sep 2, 2020, at 3:01 PM, Mark Lindsey wrote: > > SHAKEN doesn't record the chain (like you'd see with Via headers, for > example) of Intermediate Providers who handle the call. There's only one > Identity header and it is to be passed unchanged from the origin point to the > terminating Voice Service Provider. > > When the Identity header with PASSporT arrives at the final Voice Service > Provider, that recipient can determine who created the PASSporT and then make > judgments. For example, there has been a lot of discussion in FCC filings > about "reputation" of service providers. Perhaps you could subscribe to a > Reputation database to determine what to do with the calls. > > For example, "This call got an A level attestation from XYZTelecom, but > XYZTelecom has a 5% score in the reputation database, so I'm going to treat > it as if this call is likely a nuisance call." > > > > Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co | https://ecg.co/lindsey/ > > > > >> On Sep 2, 2020, at 2:52 PM, Alex Balashov wrote: >> >> Thank you, that’s very clear and sums it all up! >> >> One lingering question: even without providing a fully attestable chain of >> custody, if the call took a route A -> B -> C, are signatures cumulative >> such that I could block calls attested by B coming through C? Or am I >> constrained to blocking a certain level of attestation only through the >> last/proximate peering hop (C) that directly touches me? >> >> I suppose success is going to come down to the on-the-ground realities, >> political viability, etc of taking that “block attested calls from carrier >> X” step. >> >> — >> Sent from mobile, with due apologies for brevity and errors. >> >>>> On Sep 2, 2020, at 2:47 PM, Paul Timmins wrote: >>>> >>> >>> The solution is that you sign your calls with your certificate. Carriers >>> aren't doing LNP dips to verify the number is really yours, they're >>> trusting your attestation (A: yes, the caller id is verified, B: it comes >>> from our customer, but not verified, C: "this touched our switches, good >>> luck with it"). If you attest total nonsense as A, or send tons of nonsense >>> in general, people start blocking calls you sign. >>> >>> >>> >>> It really verifies who is sending the call, and what that company says the >>> call is verified, not a full chain of custody of the number back to the >>> NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? >>> Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID >>> is signing tons of bullshit. Let's block attested calls from his SPID" >>> >>> >>> >>> -Paul >>> >>> >>> >>> From: VoiceOps on behalf of Alex Balashov >>> >>> Sent: Wednesday, September 2, 2020 2:42 PM >>> To: VoiceOps >>> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup >>> >>> LCR or no LCR, using a termination vendor that is different to one’s >>> origination vendor for a given CID is more normal than not in VoIP. I would >>> guess it’s the default wholesale use-case. Origination and termination are >>> very different business models with radically different economics. >>> >>> I’m not clear on what the official STIR/SHAKEN solution to this is. I >>> assume it’s delegated certificates as Jared suggested. >>> >>> — >>> Sent from mobile, with due apologies for brevity and errors. >>> >>>> On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: >>>> >>>> >>>> If I understand correctly, no as long as your providers are all supporting >>>> this. What I think you mean is that you get origination/DIDs from say >>>> Bandwidth, and you use LCR to route calls to whoever is cheapest? There >>>> are ways to work with that challenge as long as your carriers are r
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
SHAKEN doesn't record the chain (like you'd see with Via headers, for example) of Intermediate Providers who handle the call. There's only one Identity header and it is to be passed unchanged from the origin point to the terminating Voice Service Provider. When the Identity header with PASSporT arrives at the final Voice Service Provider, that recipient can determine who created the PASSporT and then make judgments. For example, there has been a lot of discussion in FCC filings about "reputation" of service providers. Perhaps you could subscribe to a Reputation database to determine what to do with the calls. For example, "This call got an A level attestation from XYZTelecom, but XYZTelecom has a 5% score in the reputation database, so I'm going to treat it as if this call is likely a nuisance call." Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co | https://ecg.co/lindsey/ <https://ecg.co/lindsey/> > On Sep 2, 2020, at 2:52 PM, Alex Balashov wrote: > > Thank you, that’s very clear and sums it all up! > > One lingering question: even without providing a fully attestable chain of > custody, if the call took a route A -> B -> C, are signatures cumulative such > that I could block calls attested by B coming through C? Or am I constrained > to blocking a certain level of attestation only through the last/proximate > peering hop (C) that directly touches me? > > I suppose success is going to come down to the on-the-ground realities, > political viability, etc of taking that “block attested calls from carrier X” > step. > > — > Sent from mobile, with due apologies for brevity and errors. > >> On Sep 2, 2020, at 2:47 PM, Paul Timmins wrote: >> >> >> The solution is that you sign your calls with your certificate. Carriers >> aren't doing LNP dips to verify the number is really yours, they're trusting >> your attestation (A: yes, the caller id is verified, B: it comes from our >> customer, but not verified, C: "this touched our switches, good luck with >> it"). If you attest total nonsense as A, or send tons of nonsense in >> general, people start blocking calls you sign. >> >> >> >> It really verifies who is sending the call, and what that company says the >> call is verified, not a full chain of custody of the number back to the >> NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? >> Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is >> signing tons of bullshit. Let's block attested calls from his SPID" >> >> >> >> -Paul >> >> >> >> From: VoiceOps on behalf of Alex Balashov >> >> Sent: Wednesday, September 2, 2020 2:42 PM >> To: VoiceOps >> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup >> >> LCR or no LCR, using a termination vendor that is different to one’s >> origination vendor for a given CID is more normal than not in VoIP. I would >> guess it’s the default wholesale use-case. Origination and termination are >> very different business models with radically different economics. >> >> I’m not clear on what the official STIR/SHAKEN solution to this is. I assume >> it’s delegated certificates as Jared suggested. >> >> — >> Sent from mobile, with due apologies for brevity and errors. >> >>> On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: >>> >>> >>> If I understand correctly, no as long as your providers are all supporting >>> this. What I think you mean is that you get origination/DIDs from say >>> Bandwidth, and you use LCR to route calls to whoever is cheapest? There >>> are ways to work with that challenge as long as your carriers are ready to >>> do so. >>> >>> On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger >> <mailto:ja...@compuwizz.net>> wrote: >>> If we purchase our numbers through wholesalers, would we need delegated >>> certificates if we are sending an outbound call through a vendor that is >>> not the wholesaler we got the number from? >>> >>> On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen >> <mailto:dfri...@wabash.net>> wrote: >>> There is a STIR-SHAKEN process of registering and testing with the Policy >>> Administrator (PA) as a certified Service Provider (SP) before you can >>> purchase SHAKEN token certificates from a Certificate Authority (CA) and >>> begin to engage in using the technology. This is not a walk in the park. >>> Transnexus is one of two public CA's in the U.S. toda
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Thank you, that’s really helpful info. — Sent from mobile, with due apologies for brevity and errors. > On Sep 2, 2020, at 2:49 PM, Mark Lindsey wrote: > > The official SHAKEN/STIR answer, anticipated by the FCC rules, ignores > how/where you're buying origination services. Unless an lawyer tells me > otherwise, the FCC says each "Voice Service Provider" must implement the > SHAKEN framework on all its SIP network, and so you (as the Voice Service > Provider) have to verify the callers' rights to use those telephone numbers > for outbound calls before you add the A-Level Attestation. You use your own > certificate to sign your own calls. > > It's not clear that it's legal under the TRACED Act to merely depend on your > downstream providers to implement SHAKEN so you don't have to. > > Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co | https://ecg.co/lindsey/ > > > > >> On Sep 2, 2020, at 2:42 PM, Alex Balashov wrote: >> >> LCR or no LCR, using a termination vendor that is different to one’s >> origination vendor for a given CID is more normal than not in VoIP. I would >> guess it’s the default wholesale use-case. Origination and termination are >> very different business models with radically different economics. >> >> I’m not clear on what the official STIR/SHAKEN solution to this is. I assume >> it’s delegated certificates as Jared suggested. >> >> — >> Sent from mobile, with due apologies for brevity and errors. >> >>>> On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: >>>> >>> >>> If I understand correctly, no as long as your providers are all supporting >>> this. What I think you mean is that you get origination/DIDs from say >>> Bandwidth, and you use LCR to route calls to whoever is cheapest? There >>> are ways to work with that challenge as long as your carriers are ready to >>> do so. >>> >>>> On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger wrote: >>>> If we purchase our numbers through wholesalers, would we need delegated >>>> certificates if we are sending an outbound call through a vendor that is >>>> not the wholesaler we got the number from? >>>> >>>>> On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen wrote: >>>>> There is a STIR-SHAKEN process of registering and testing with the Policy >>>>> Administrator (PA) as a certified Service Provider (SP) before you can >>>>> purchase SHAKEN token certificates from a Certificate Authority (CA) and >>>>> begin to engage in using the technology. This is not a walk in the park. >>>>> Transnexus is one of two public CA's in the U.S. today. They are experts >>>>> on >>>>> the subject and can help you through both processes. In order to get the >>>>> best call attestation you must prove to the PA and CA that you are a bono >>>>> fide service provider and not a bad-acting enterprise on a network that >>>>> deserves lesser attestation levels. >>>>> >>>>> One of the registration requirements is a SP 's access to valid national >>>>> phone number pools. This has been very confusing for some resale providers >>>>> that purchase and use numbers from wholesalers only. If your organization >>>>> does not have it's own numbering resources, you can register using your >>>>> wholesale provider's numbering pool data. Don't assume you have to >>>>> register >>>>> with the FCC and possess your own pool of numbers to become a registered >>>>> SHAKEN SP. >>>>> >>>>> SHAKEN ROBO call mitigation is a new frontier, and obtaining the best >>>>> attestation level possible for a SP is essential to the SP and the SHAKEN >>>>> ecosystem. Register and test for the best attestation level possible. >>>>> Transnexus is a seasoned expert on the subject and a U.S. registered CA >>>>> with >>>>> the PA. >>>>> >>>>> Dave >>>>> >>>>> >>>>> -Original Message- >>>>> From: VoiceOps On Behalf Of Mary Lou Carey >>>>> Sent: Tuesday, September 1, 2020 5:36 PM >>>>> To: Dovid Bender >>>>> Cc: Voiceops.org >>>>> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup >>>>> >>>>> I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless >>>>> and >&
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Thank you, that’s very clear and sums it all up! One lingering question: even without providing a fully attestable chain of custody, if the call took a route A -> B -> C, are signatures cumulative such that I could block calls attested by B coming through C? Or am I constrained to blocking a certain level of attestation only through the last/proximate peering hop (C) that directly touches me? I suppose success is going to come down to the on-the-ground realities, political viability, etc of taking that “block attested calls from carrier X” step. — Sent from mobile, with due apologies for brevity and errors. > On Sep 2, 2020, at 2:47 PM, Paul Timmins wrote: > > > The solution is that you sign your calls with your certificate. Carriers > aren't doing LNP dips to verify the number is really yours, they're trusting > your attestation (A: yes, the caller id is verified, B: it comes from our > customer, but not verified, C: "this touched our switches, good luck with > it"). If you attest total nonsense as A, or send tons of nonsense in general, > people start blocking calls you sign. > > > > It really verifies who is sending the call, and what that company says the > call is verified, not a full chain of custody of the number back to the > NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? > Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is > signing tons of bullshit. Let's block attested calls from his SPID" > > > > -Paul > > > > From: VoiceOps on behalf of Alex Balashov > > Sent: Wednesday, September 2, 2020 2:42 PM > To: VoiceOps > Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup > > LCR or no LCR, using a termination vendor that is different to one’s > origination vendor for a given CID is more normal than not in VoIP. I would > guess it’s the default wholesale use-case. Origination and termination are > very different business models with radically different economics. > > I’m not clear on what the official STIR/SHAKEN solution to this is. I assume > it’s delegated certificates as Jared suggested. > > — > Sent from mobile, with due apologies for brevity and errors. > >>> On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: >>> >> >> If I understand correctly, no as long as your providers are all supporting >> this. What I think you mean is that you get origination/DIDs from say >> Bandwidth, and you use LCR to route calls to whoever is cheapest? There are >> ways to work with that challenge as long as your carriers are ready to do so. >> >>> On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger wrote: >>> If we purchase our numbers through wholesalers, would we need delegated >>> certificates if we are sending an outbound call through a vendor that is >>> not the wholesaler we got the number from? >>> >>>> On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen wrote: >>>> There is a STIR-SHAKEN process of registering and testing with the Policy >>>> Administrator (PA) as a certified Service Provider (SP) before you can >>>> purchase SHAKEN token certificates from a Certificate Authority (CA) and >>>> begin to engage in using the technology. This is not a walk in the park. >>>> Transnexus is one of two public CA's in the U.S. today. They are experts on >>>> the subject and can help you through both processes. In order to get the >>>> best call attestation you must prove to the PA and CA that you are a bono >>>> fide service provider and not a bad-acting enterprise on a network that >>>> deserves lesser attestation levels. >>>> >>>> One of the registration requirements is a SP 's access to valid national >>>> phone number pools. This has been very confusing for some resale providers >>>> that purchase and use numbers from wholesalers only. If your organization >>>> does not have it's own numbering resources, you can register using your >>>> wholesale provider's numbering pool data. Don't assume you have to register >>>> with the FCC and possess your own pool of numbers to become a registered >>>> SHAKEN SP. >>>> >>>> SHAKEN ROBO call mitigation is a new frontier, and obtaining the best >>>> attestation level possible for a SP is essential to the SP and the SHAKEN >>>> ecosystem. Register and test for the best attestation level possible. >>>> Transnexus is a seasoned expert on the subject and a U.S. registered CA >>>> with >>>> the PA. >>
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
The official SHAKEN/STIR answer, anticipated by the FCC rules, ignores how/where you're buying origination services. Unless an lawyer tells me otherwise, the FCC says each "Voice Service Provider" must implement the SHAKEN framework on all its SIP network, and so you (as the Voice Service Provider) have to verify the callers' rights to use those telephone numbers for outbound calls before you add the A-Level Attestation. You use your own certificate to sign your own calls. It's not clear that it's legal under the TRACED Act to merely depend on your downstream providers to implement SHAKEN so you don't have to. Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co | https://ecg.co/lindsey/ <https://ecg.co/lindsey/> > On Sep 2, 2020, at 2:42 PM, Alex Balashov wrote: > > LCR or no LCR, using a termination vendor that is different to one’s > origination vendor for a given CID is more normal than not in VoIP. I would > guess it’s the default wholesale use-case. Origination and termination are > very different business models with radically different economics. > > I’m not clear on what the official STIR/SHAKEN solution to this is. I assume > it’s delegated certificates as Jared suggested. > > — > Sent from mobile, with due apologies for brevity and errors. > >> On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: >> >> >> If I understand correctly, no as long as your providers are all supporting >> this. What I think you mean is that you get origination/DIDs from say >> Bandwidth, and you use LCR to route calls to whoever is cheapest? There are >> ways to work with that challenge as long as your carriers are ready to do so. >> >> On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger > <mailto:ja...@compuwizz.net>> wrote: >> If we purchase our numbers through wholesalers, would we need delegated >> certificates if we are sending an outbound call through a vendor that is not >> the wholesaler we got the number from? >> >> On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen > <mailto:dfri...@wabash.net>> wrote: >> There is a STIR-SHAKEN process of registering and testing with the Policy >> Administrator (PA) as a certified Service Provider (SP) before you can >> purchase SHAKEN token certificates from a Certificate Authority (CA) and >> begin to engage in using the technology. This is not a walk in the park. >> Transnexus is one of two public CA's in the U.S. today. They are experts on >> the subject and can help you through both processes. In order to get the >> best call attestation you must prove to the PA and CA that you are a bono >> fide service provider and not a bad-acting enterprise on a network that >> deserves lesser attestation levels. >> >> One of the registration requirements is a SP 's access to valid national >> phone number pools. This has been very confusing for some resale providers >> that purchase and use numbers from wholesalers only. If your organization >> does not have it's own numbering resources, you can register using your >> wholesale provider's numbering pool data. Don't assume you have to register >> with the FCC and possess your own pool of numbers to become a registered >> SHAKEN SP. >> >> SHAKEN ROBO call mitigation is a new frontier, and obtaining the best >> attestation level possible for a SP is essential to the SP and the SHAKEN >> ecosystem. Register and test for the best attestation level possible. >> Transnexus is a seasoned expert on the subject and a U.S. registered CA with >> the PA. >> >> Dave >> >> >> -Original Message- >> From: VoiceOps > <mailto:voiceops-boun...@voiceops.org>> On Behalf Of Mary Lou Carey >> Sent: Tuesday, September 1, 2020 5:36 PM >> To: Dovid Bender mailto:do...@telecurve.com>> >> Cc: Voiceops.org mailto:voiceops@voiceops.org>> >> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup >> >> I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and >> VOIP carriers install and maintain their PSTN networks for the the last 20 >> years. I can help clients get their FCC Certification to become a >> STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, etc >> (if you need those pieces). Once my clients get their certification, I refer >> them to TransNexus. Jim and his team can help you with the process of >> turning your STIR/SHAKEN services up. >> >> MARY LOU CAREY >> BackUP Telecom Consulting >> Office: 615-791-9969 >> Cell: 615-796- >> >> On 2020-08-3
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
The solution is that you sign your calls with your certificate. Carriers aren't doing LNP dips to verify the number is really yours, they're trusting your attestation (A: yes, the caller id is verified, B: it comes from our customer, but not verified, C: "this touched our switches, good luck with it"). If you attest total nonsense as A, or send tons of nonsense in general, people start blocking calls you sign. It really verifies who is sending the call, and what that company says the call is verified, not a full chain of custody of the number back to the NANPA/PA. Could you attest A a call from "0" or "911", or "999-999-"? Yes, you could. It'd work for a while, til someone said "Wow, Alex's SPID is signing tons of bullshit. Let's block attested calls from his SPID" -Paul From: VoiceOps on behalf of Alex Balashov Sent: Wednesday, September 2, 2020 2:42 PM To: VoiceOps Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup LCR or no LCR, using a termination vendor that is different to one’s origination vendor for a given CID is more normal than not in VoIP. I would guess it’s the default wholesale use-case. Origination and termination are very different business models with radically different economics. I’m not clear on what the official STIR/SHAKEN solution to this is. I assume it’s delegated certificates as Jared suggested. — Sent from mobile, with due apologies for brevity and errors. On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: If I understand correctly, no as long as your providers are all supporting this. What I think you mean is that you get origination/DIDs from say Bandwidth, and you use LCR to route calls to whoever is cheapest? There are ways to work with that challenge as long as your carriers are ready to do so. On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger mailto:ja...@compuwizz.net>> wrote: If we purchase our numbers through wholesalers, would we need delegated certificates if we are sending an outbound call through a vendor that is not the wholesaler we got the number from? On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen mailto:dfri...@wabash.net>> wrote: There is a STIR-SHAKEN process of registering and testing with the Policy Administrator (PA) as a certified Service Provider (SP) before you can purchase SHAKEN token certificates from a Certificate Authority (CA) and begin to engage in using the technology. This is not a walk in the park. Transnexus is one of two public CA's in the U.S. today. They are experts on the subject and can help you through both processes. In order to get the best call attestation you must prove to the PA and CA that you are a bono fide service provider and not a bad-acting enterprise on a network that deserves lesser attestation levels. One of the registration requirements is a SP 's access to valid national phone number pools. This has been very confusing for some resale providers that purchase and use numbers from wholesalers only. If your organization does not have it's own numbering resources, you can register using your wholesale provider's numbering pool data. Don't assume you have to register with the FCC and possess your own pool of numbers to become a registered SHAKEN SP. SHAKEN ROBO call mitigation is a new frontier, and obtaining the best attestation level possible for a SP is essential to the SP and the SHAKEN ecosystem. Register and test for the best attestation level possible. Transnexus is a seasoned expert on the subject and a U.S. registered CA with the PA. Dave -Original Message- From: VoiceOps mailto:voiceops-boun...@voiceops.org>> On Behalf Of Mary Lou Carey Sent: Tuesday, September 1, 2020 5:36 PM To: Dovid Bender mailto:do...@telecurve.com>> Cc: Voiceops.org mailto:voiceops@voiceops.org>> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and VOIP carriers install and maintain their PSTN networks for the the last 20 years. I can help clients get their FCC Certification to become a STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, etc (if you need those pieces). Once my clients get their certification, I refer them to TransNexus. Jim and his team can help you with the process of turning your STIR/SHAKEN services up. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796- On 2020-08-31 05:37 AM, Dovid Bender wrote: > Hi, > > Does anyone have a recommendation for a company that get us everything > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a > cert etc. From the small research I have done there is a lot of > fragmented information out there and it would be easier for us to pay > someone else to do this then invest our own time to take care of this. > > TIA. > > Regards, > > Dovid > __
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
LCR or no LCR, using a termination vendor that is different to one’s origination vendor for a given CID is more normal than not in VoIP. I would guess it’s the default wholesale use-case. Origination and termination are very different business models with radically different economics. I’m not clear on what the official STIR/SHAKEN solution to this is. I assume it’s delegated certificates as Jared suggested. — Sent from mobile, with due apologies for brevity and errors. > On Sep 2, 2020, at 2:39 PM, Carlos Alvarez wrote: > > > If I understand correctly, no as long as your providers are all supporting > this. What I think you mean is that you get origination/DIDs from say > Bandwidth, and you use LCR to route calls to whoever is cheapest? There are > ways to work with that challenge as long as your carriers are ready to do so. > >> On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger wrote: >> If we purchase our numbers through wholesalers, would we need delegated >> certificates if we are sending an outbound call through a vendor that is not >> the wholesaler we got the number from? >> >>> On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen wrote: >>> There is a STIR-SHAKEN process of registering and testing with the Policy >>> Administrator (PA) as a certified Service Provider (SP) before you can >>> purchase SHAKEN token certificates from a Certificate Authority (CA) and >>> begin to engage in using the technology. This is not a walk in the park. >>> Transnexus is one of two public CA's in the U.S. today. They are experts on >>> the subject and can help you through both processes. In order to get the >>> best call attestation you must prove to the PA and CA that you are a bono >>> fide service provider and not a bad-acting enterprise on a network that >>> deserves lesser attestation levels. >>> >>> One of the registration requirements is a SP 's access to valid national >>> phone number pools. This has been very confusing for some resale providers >>> that purchase and use numbers from wholesalers only. If your organization >>> does not have it's own numbering resources, you can register using your >>> wholesale provider's numbering pool data. Don't assume you have to register >>> with the FCC and possess your own pool of numbers to become a registered >>> SHAKEN SP. >>> >>> SHAKEN ROBO call mitigation is a new frontier, and obtaining the best >>> attestation level possible for a SP is essential to the SP and the SHAKEN >>> ecosystem. Register and test for the best attestation level possible. >>> Transnexus is a seasoned expert on the subject and a U.S. registered CA with >>> the PA. >>> >>> Dave >>> >>> >>> -Original Message- >>> From: VoiceOps On Behalf Of Mary Lou Carey >>> Sent: Tuesday, September 1, 2020 5:36 PM >>> To: Dovid Bender >>> Cc: Voiceops.org >>> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup >>> >>> I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and >>> VOIP carriers install and maintain their PSTN networks for the the last 20 >>> years. I can help clients get their FCC Certification to become a >>> STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, etc >>> (if you need those pieces). Once my clients get their certification, I refer >>> them to TransNexus. Jim and his team can help you with the process of >>> turning your STIR/SHAKEN services up. >>> >>> MARY LOU CAREY >>> BackUP Telecom Consulting >>> Office: 615-791-9969 >>> Cell: 615-796- >>> >>> On 2020-08-31 05:37 AM, Dovid Bender wrote: >>> > Hi, >>> > >>> > Does anyone have a recommendation for a company that get us everything >>> > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a >>> > cert etc. From the small research I have done there is a lot of >>> > fragmented information out there and it would be easier for us to pay >>> > someone else to do this then invest our own time to take care of this. >>> > >>> > TIA. >>> > >>> > Regards, >>> > >>> > Dovid >>> > ___ >>> > VoiceOps mailing list >>> > VoiceOps@voiceops.org >>> > https://puck.nether.net/mailman/listinfo/voiceops >>> ___ >>> VoiceOps mailing list >>> VoiceOps@voiceops.org >>> https://puck.nether.net/mailman/listinfo/voiceops >>> >>> ___ >>> VoiceOps mailing list >>> VoiceOps@voiceops.org >>> https://puck.nether.net/mailman/listinfo/voiceops >> ___ >> VoiceOps mailing list >> VoiceOps@voiceops.org >> https://puck.nether.net/mailman/listinfo/voiceops > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
In practice i can sign anything and it properly flags on comcast and tmo. There are totally legitimate circumstances (like forwarding a call) where you might attest C a call that isn't sourced from a number you own. From: VoiceOps on behalf of Jared Geiger Sent: Wednesday, September 2, 2020 2:27 PM To: Voiceops.org Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup If we purchase our numbers through wholesalers, would we need delegated certificates if we are sending an outbound call through a vendor that is not the wholesaler we got the number from? On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen mailto:dfri...@wabash.net>> wrote: There is a STIR-SHAKEN process of registering and testing with the Policy Administrator (PA) as a certified Service Provider (SP) before you can purchase SHAKEN token certificates from a Certificate Authority (CA) and begin to engage in using the technology. This is not a walk in the park. Transnexus is one of two public CA's in the U.S. today. They are experts on the subject and can help you through both processes. In order to get the best call attestation you must prove to the PA and CA that you are a bono fide service provider and not a bad-acting enterprise on a network that deserves lesser attestation levels. One of the registration requirements is a SP 's access to valid national phone number pools. This has been very confusing for some resale providers that purchase and use numbers from wholesalers only. If your organization does not have it's own numbering resources, you can register using your wholesale provider's numbering pool data. Don't assume you have to register with the FCC and possess your own pool of numbers to become a registered SHAKEN SP. SHAKEN ROBO call mitigation is a new frontier, and obtaining the best attestation level possible for a SP is essential to the SP and the SHAKEN ecosystem. Register and test for the best attestation level possible. Transnexus is a seasoned expert on the subject and a U.S. registered CA with the PA. Dave -Original Message- From: VoiceOps mailto:voiceops-boun...@voiceops.org>> On Behalf Of Mary Lou Carey Sent: Tuesday, September 1, 2020 5:36 PM To: Dovid Bender mailto:do...@telecurve.com>> Cc: Voiceops.org mailto:voiceops@voiceops.org>> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and VOIP carriers install and maintain their PSTN networks for the the last 20 years. I can help clients get their FCC Certification to become a STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, etc (if you need those pieces). Once my clients get their certification, I refer them to TransNexus. Jim and his team can help you with the process of turning your STIR/SHAKEN services up. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796- On 2020-08-31 05:37 AM, Dovid Bender wrote: > Hi, > > Does anyone have a recommendation for a company that get us everything > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a > cert etc. From the small research I have done there is a lot of > fragmented information out there and it would be easier for us to pay > someone else to do this then invest our own time to take care of this. > > TIA. > > Regards, > > Dovid > ___ > VoiceOps mailing list > VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> > https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
If I understand correctly, no as long as your providers are all supporting this. What I think you mean is that you get origination/DIDs from say Bandwidth, and you use LCR to route calls to whoever is cheapest? There are ways to work with that challenge as long as your carriers are ready to do so. On Wed, Sep 2, 2020 at 11:28 AM Jared Geiger wrote: > If we purchase our numbers through wholesalers, would we need delegated > certificates if we are sending an outbound call through a vendor that is > not the wholesaler we got the number from? > > On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen wrote: > >> There is a STIR-SHAKEN process of registering and testing with the Policy >> Administrator (PA) as a certified Service Provider (SP) before you can >> purchase SHAKEN token certificates from a Certificate Authority (CA) and >> begin to engage in using the technology. This is not a walk in the park. >> Transnexus is one of two public CA's in the U.S. today. They are experts >> on >> the subject and can help you through both processes. In order to get the >> best call attestation you must prove to the PA and CA that you are a bono >> fide service provider and not a bad-acting enterprise on a network that >> deserves lesser attestation levels. >> >> One of the registration requirements is a SP 's access to valid national >> phone number pools. This has been very confusing for some resale providers >> that purchase and use numbers from wholesalers only. If your organization >> does not have it's own numbering resources, you can register using your >> wholesale provider's numbering pool data. Don't assume you have to >> register >> with the FCC and possess your own pool of numbers to become a registered >> SHAKEN SP. >> >> SHAKEN ROBO call mitigation is a new frontier, and obtaining the best >> attestation level possible for a SP is essential to the SP and the SHAKEN >> ecosystem. Register and test for the best attestation level possible. >> Transnexus is a seasoned expert on the subject and a U.S. registered CA >> with >> the PA. >> >> Dave >> >> >> -----Original Message- >> From: VoiceOps On Behalf Of Mary Lou >> Carey >> Sent: Tuesday, September 1, 2020 5:36 PM >> To: Dovid Bender >> Cc: Voiceops.org >> Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup >> >> I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless >> and >> VOIP carriers install and maintain their PSTN networks for the the last 20 >> years. I can help clients get their FCC Certification to become a >> STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, >> etc >> (if you need those pieces). Once my clients get their certification, I >> refer >> them to TransNexus. Jim and his team can help you with the process of >> turning your STIR/SHAKEN services up. >> >> MARY LOU CAREY >> BackUP Telecom Consulting >> Office: 615-791-9969 >> Cell: 615-796- >> >> On 2020-08-31 05:37 AM, Dovid Bender wrote: >> > Hi, >> > >> > Does anyone have a recommendation for a company that get us everything >> > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a >> > cert etc. From the small research I have done there is a lot of >> > fragmented information out there and it would be easier for us to pay >> > someone else to do this then invest our own time to take care of this. >> > >> > TIA. >> > >> > Regards, >> > >> > Dovid >> > ___ >> > VoiceOps mailing list >> > VoiceOps@voiceops.org >> > https://puck.nether.net/mailman/listinfo/voiceops >> ___ >> VoiceOps mailing list >> VoiceOps@voiceops.org >> https://puck.nether.net/mailman/listinfo/voiceops >> >> ___ >> VoiceOps mailing list >> VoiceOps@voiceops.org >> https://puck.nether.net/mailman/listinfo/voiceops >> > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
If we purchase our numbers through wholesalers, would we need delegated certificates if we are sending an outbound call through a vendor that is not the wholesaler we got the number from? On Wed, Sep 2, 2020 at 7:22 AM Dave Frigen wrote: > There is a STIR-SHAKEN process of registering and testing with the Policy > Administrator (PA) as a certified Service Provider (SP) before you can > purchase SHAKEN token certificates from a Certificate Authority (CA) and > begin to engage in using the technology. This is not a walk in the park. > Transnexus is one of two public CA's in the U.S. today. They are experts on > the subject and can help you through both processes. In order to get the > best call attestation you must prove to the PA and CA that you are a bono > fide service provider and not a bad-acting enterprise on a network that > deserves lesser attestation levels. > > One of the registration requirements is a SP 's access to valid national > phone number pools. This has been very confusing for some resale providers > that purchase and use numbers from wholesalers only. If your organization > does not have it's own numbering resources, you can register using your > wholesale provider's numbering pool data. Don't assume you have to register > with the FCC and possess your own pool of numbers to become a registered > SHAKEN SP. > > SHAKEN ROBO call mitigation is a new frontier, and obtaining the best > attestation level possible for a SP is essential to the SP and the SHAKEN > ecosystem. Register and test for the best attestation level possible. > Transnexus is a seasoned expert on the subject and a U.S. registered CA > with > the PA. > > Dave > > > -Original Message- > From: VoiceOps On Behalf Of Mary Lou Carey > Sent: Tuesday, September 1, 2020 5:36 PM > To: Dovid Bender > Cc: Voiceops.org > Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup > > I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and > VOIP carriers install and maintain their PSTN networks for the the last 20 > years. I can help clients get their FCC Certification to become a > STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, > etc > (if you need those pieces). Once my clients get their certification, I > refer > them to TransNexus. Jim and his team can help you with the process of > turning your STIR/SHAKEN services up. > > MARY LOU CAREY > BackUP Telecom Consulting > Office: 615-791-9969 > Cell: 615-796- > > On 2020-08-31 05:37 AM, Dovid Bender wrote: > > Hi, > > > > Does anyone have a recommendation for a company that get us everything > > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a > > cert etc. From the small research I have done there is a lot of > > fragmented information out there and it would be easier for us to pay > > someone else to do this then invest our own time to take care of this. > > > > TIA. > > > > Regards, > > > > Dovid > > ___ > > VoiceOps mailing list > > VoiceOps@voiceops.org > > https://puck.nether.net/mailman/listinfo/voiceops > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
There is a STIR-SHAKEN process of registering and testing with the Policy Administrator (PA) as a certified Service Provider (SP) before you can purchase SHAKEN token certificates from a Certificate Authority (CA) and begin to engage in using the technology. This is not a walk in the park. Transnexus is one of two public CA's in the U.S. today. They are experts on the subject and can help you through both processes. In order to get the best call attestation you must prove to the PA and CA that you are a bono fide service provider and not a bad-acting enterprise on a network that deserves lesser attestation levels. One of the registration requirements is a SP 's access to valid national phone number pools. This has been very confusing for some resale providers that purchase and use numbers from wholesalers only. If your organization does not have it's own numbering resources, you can register using your wholesale provider's numbering pool data. Don't assume you have to register with the FCC and possess your own pool of numbers to become a registered SHAKEN SP. SHAKEN ROBO call mitigation is a new frontier, and obtaining the best attestation level possible for a SP is essential to the SP and the SHAKEN ecosystem. Register and test for the best attestation level possible. Transnexus is a seasoned expert on the subject and a U.S. registered CA with the PA. Dave -Original Message- From: VoiceOps On Behalf Of Mary Lou Carey Sent: Tuesday, September 1, 2020 5:36 PM To: Dovid Bender Cc: Voiceops.org Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and VOIP carriers install and maintain their PSTN networks for the the last 20 years. I can help clients get their FCC Certification to become a STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, etc (if you need those pieces). Once my clients get their certification, I refer them to TransNexus. Jim and his team can help you with the process of turning your STIR/SHAKEN services up. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796- On 2020-08-31 05:37 AM, Dovid Bender wrote: > Hi, > > Does anyone have a recommendation for a company that get us everything > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a > cert etc. From the small research I have done there is a lot of > fragmented information out there and it would be easier for us to pay > someone else to do this then invest our own time to take care of this. > > TIA. > > Regards, > > Dovid > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
I'm a Carrier Consultant who's been helping CLEC, IXC, Paging, Wireless and VOIP carriers install and maintain their PSTN networks for the the last 20 years. I can help clients get their FCC Certification to become a STIR/SHAKEN carrier as well as Numbering Resources, NPAC / LSR training, etc (if you need those pieces). Once my clients get their certification, I refer them to TransNexus. Jim and his team can help you with the process of turning your STIR/SHAKEN services up. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796- On 2020-08-31 05:37 AM, Dovid Bender wrote: Hi, Does anyone have a recommendation for a company that get us everything needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert etc. From the small research I have done there is a lot of fragmented information out there and it would be easier for us to pay someone else to do this then invest our own time to take care of this. TIA. Regards, Dovid ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Transnexus is a certified and registered Certificate Authority with the PA who manages STIR/SHAKEN for the US. You can get certificates directly from them. I'd start with Transnexus because they are experts on the subject. They helped us get registered and tested with the PA. We're authenticating and verifying certs today. Dave From: VoiceOps On Behalf Of Matthew Crocker Sent: Monday, August 31, 2020 6:49 AM To: Dovid Bender ; Voiceops.org Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup ClearIP by Transnexus Get Outlook for iOS <https://aka.ms/o0ukef> _ From: VoiceOps mailto:voiceops-boun...@voiceops.org> > on behalf of Dovid Bender mailto:do...@telecurve.com> > Sent: Monday, August 31, 2020 6:37:26 AM To: Voiceops.org mailto:voiceops@voiceops.org> > Subject: [VoiceOps] Outsourcing STIR/SHAKEN Setup Hi, Does anyone have a recommendation for a company that get us everything needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert etc. From the small research I have done there is a lot of fragmented information out there and it would be easier for us to pay someone else to do this then invest our own time to take care of this. TIA. Regards, Dovid ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Hi Dovid, The linchpin is the SBC, so I believe it’s the SBC vendor that would determine from where you can obtain the “one stop shop”. Certainly, in the case of TransNexus, the interface to the STIR/SHAKEN service/on-prem server is SIP. if it’s an Oracle or Frafos SBC you have, we can help you interface to TransNexus. Many Thanks & Best Regards, Richard Jobson Teraquant Corporation ph: 719 488 1003 d/l: (719) 766-8523 www.teraquant.com rich...@teraquant.com https://www.linkedin.com/in/uc-expert-monitoring/ Network Monitoring and Service Assurance - Speech Quality Experts (PESQ/POLQA) and Active Testing - Reporting – HPBX - Session Border Controllers – SDN and SD-WAN - Big Data Analytics and fraud detection and protection. -- NOTICE: This electronic mail transmission may contain confidential information and is intended only for the person(s) named. Any use, copying, or disclosure by any other person is strictly prohibited. If you have received this transmission in error, please notify the sender via e-mail. From: VoiceOps on behalf of Carlos Perez Date: Monday, August 31, 2020 at 8:05 AM To: Dovid Bender Cc: "Voiceops.org" Subject: Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup Dovid, Sansay will take care of everything you need. I will contact you separately. On Mon, Aug 31, 2020 at 3:38 AM Dovid Bender wrote: Hi, Does anyone have a recommendation for a company that get us everything needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert etc. From the small research I have done there is a lot of fragmented information out there and it would be easier for us to pay someone else to do this then invest our own time to take care of this. TIA. Regards, Dovid ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops -- Carlos Perez Sansay, Inc. +1 858-754-2216 Direct +1 858-754-2211 Support +1-858-754-2200 Main ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Dovid, Sansay will take care of everything you need. I will contact you separately. On Mon, Aug 31, 2020 at 3:38 AM Dovid Bender wrote: > Hi, > > Does anyone have a recommendation for a company that get us everything > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert > etc. From the small research I have done there is a lot of fragmented > information out there and it would be easier for us to pay someone else to > do this then invest our own time to take care of this. > > TIA. > > Regards, > > Dovid > > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > -- Carlos Perez Sansay, Inc. +1 858-754-2216 Direct +1 858-754-2211 Support +1-858-754-2200 Main ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
Dovid, I would encourage you to speak with Rebekah Johnson of Numeracle. One of my clients, Fonative, the RegReady CPaaS, is working with them, and finding their process to be very capable and complete. Before replying I posed your question to her and she came back to me in a positive and insightful manner. Her contact details are as follows: *Rebekah Johnson* Founder & CEO | Numeracle e: a nd d: +1 251.401.6606 <https://dialpad.com/launch/?phone=%2B1%2520251.401.6606> www.numeracle.com [image: photo] *Andy Abramson* CEO, Comunicano +1.858.523.1800 | aabram...@comunicano.com www.comunicano.com | : andyabramson <#SignatureSanitizer_SafeHtmlFilter_> <http://facebook.com/andyabramson> <http://us.linkedin.com/in/andyabramson> <http://twitter.com/andyabramson> <http://instagram.com/andyabramson> Create your own WiseStamp email signature <https://www.wisestamp.com/signature-in-email/?utm_source=promotion_medium=signature_campaign=create_your_own=5446650486325248> On Mon, Aug 31, 2020 at 4:50 AM Matthew Crocker wrote: > ClearIP by Transnexus > > Get Outlook for iOS <https://aka.ms/o0ukef> > -- > *From:* VoiceOps on behalf of Dovid > Bender > *Sent:* Monday, August 31, 2020 6:37:26 AM > *To:* Voiceops.org > *Subject:* [VoiceOps] Outsourcing STIR/SHAKEN Setup > > Hi, > > Does anyone have a recommendation for a company that get us everything > needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert > etc. From the small research I have done there is a lot of fragmented > information out there and it would be easier for us to pay someone else to > do this then invest our own time to take care of this. > > TIA. > > Regards, > > Dovid > > ___ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > -- ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Re: [VoiceOps] Outsourcing STIR/SHAKEN Setup
ClearIP by Transnexus Get Outlook for iOS<https://aka.ms/o0ukef> From: VoiceOps on behalf of Dovid Bender Sent: Monday, August 31, 2020 6:37:26 AM To: Voiceops.org Subject: [VoiceOps] Outsourcing STIR/SHAKEN Setup Hi, Does anyone have a recommendation for a company that get us everything needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert etc. From the small research I have done there is a lot of fragmented information out there and it would be easier for us to pay someone else to do this then invest our own time to take care of this. TIA. Regards, Dovid ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
[VoiceOps] Outsourcing STIR/SHAKEN Setup
Hi, Does anyone have a recommendation for a company that get us everything needed for STIR/SHAKEN setup? By setup I mean helping us file to get a cert etc. From the small research I have done there is a lot of fragmented information out there and it would be easier for us to pay someone else to do this then invest our own time to take care of this. TIA. Regards, Dovid ___ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops