Thank you reply, so any bad actor can't use as example with self sign
certificates ? So digital signature must be produced from well known
authorized CA certificate key pair ?
Can you point on one of the well know CA authority which authorized for
SHAKEN/STIR.
volga629
On Tue, Dec 3, 2019 at 06:56, Liviu Chircu <[email protected]> wrote:
On 03.12.2019 03:59, volga629 via Users wrote:
If call from originator is being replaced by middle with same source
and destination and change Identity header with keys and
certificate location is possible that terminator will authorize it ?
Hi Volga,
Yes, it is perfectly possible to rebuild the Identity header and
re-attribute the
asserted source/destination to yourself. In order to do this, you
only need to own
an officially recognized STIR/SHAKEN X509 cert along with its
private key, issued by
a STIR/SHAKEN certification authority.
So, while this is possible, I don't see why anyone in their right
mind would do it.
Doing so would jeopardize the image of the carrier, putting their
business at risk.
It's similar to how public IP routing in the internet works: any
ISP could MITM any
piece of traffic, yet none do. Or do they? :)
Best regards,
--
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com <http://www.opensips-solutions.com/>
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
