I never said STIR/SHAKEN would be used to ‘look up’ for call routing. Earlier someone mentioned an issue with open peering is spam calls. STIR/SHAKEN can solve that issue.
You can certainly use STIR/SHAKEN to reject calls from $COMPANY once you have determined you don’t like $COMPANY. That can easily be done off line by CDR analysis. Sure you let a couple dozen calls in but you can pretty quickly find ‘$BAD_COMPANY’ and start rejecting their calls. The system would settle our fairly quickly From: Peter Beckman <beck...@angryox.com> Date: Wednesday, October 25, 2023 at 12:04 PM To: Matthew Crocker <matt...@corp.crocker.com> Cc: Pinchas Neiman <neimanpinc...@gmail.com>, Jawaid Bazyar <jaw...@bazyar.net>, voiceops <voiceops@voiceops.org> Subject: Re: [VoiceOps] Voice Peering CAUTION: This email originated from outside of Crocker. Do not click links or open attachments unless you recognize the sender and know the content is safe. STIR/SHAKEN does not delegate any authority to anyone. It merely allows me to sign a call that I originate, so that someone else can say "Oh this came from $COMPANY." Besides, STIR/SHAKEN is done at the time of an origination call, it cannot be "looked up" to see where to route a call. The suggestion that STIR/SHAKEN could be used to authoritatively assign a DID endpoint to someone demonstrates a lack of understanding in how it works and what it does and does not do. Beckman On Wed, 25 Oct 2023, Matthew Crocker via VoiceOps wrote: > > With STIR/SHAKEN (in theory) all calls will be signed, authenticated so you > can trace the originating carrier. In an open peering environment you can > use it to accept/reject calls > > Open SIP proxy handles all of the SIP traffic, RTP goes directly between > carriers. > All calls originated must be signed (STIRred) > > * Call isn’t signed, gets rejected by the SIP peering proxy > Terminating carrier can validate the signed calls (SHAKEN) > > * Don’t like the signing CA? reject the call > * Don’t like the signing carrier? Reject the call > * Carrier sending too many spam calls, adjust treatment based on customer > spam settings > > > Routing is handled between terminating carrier and SIP peering proxy. > Originating carrier sends all calls to peering proxy first, if proxy doesn’t > have the route it sends a 4XX error back and originating carrier can continue > routing on other paths. > > So terminating carriers would need to export/upload (hacked BGP?) numbers > they are willing to receive calls on to the peering proxy. > > Proxies can be spun up in various AWS/Azure/GoogleCloud VPS > > > From: Pinchas Neiman <neimanpinc...@gmail.com> > Date: Wednesday, October 25, 2023 at 11:18 AM > To: Jawaid Bazyar <jaw...@bazyar.net> > Cc: Matthew Crocker <matt...@corp.crocker.com>, voiceops > <voiceops@voiceops.org> > Subject: Re: [VoiceOps] Voice Peering > CAUTION: This email originated from outside of Crocker. Do not click links or > open attachments unless you recognize the sender and know the content is safe. > > By reading the RFCs I was able to grasp 75% of it, it's well written and > covers your clear constraint, at least on how to verify the SIP header comes > from a trustworthy authority (If you agree on the root authority) > Practically implementing STIR/SHAKEN has bureaucracy involved. > > On Tue, Oct 24, 2023 at 9:38 PM Jawaid Bazyar via VoiceOps > <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: > Is there a good clear document somewhere describing how STIR/SHAKEN is > supposed to work? > > On Tue, Oct 24, 2023 at 9:33 PM Matthew Crocker via VoiceOps > <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: > > >> On Oct 24, 2023, at 9:13 PM, Peter Beckman via VoiceOps >> <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: >> >> CAUTION: This email originated from outside of Crocker. Do not click links >> or open attachments unless you recognize the sender and know the content is >> safe. >> >> >> The challenge is how do you authenticate the end "carrier" or service >> provider? >> > > STIR/SHAKEN > > >> Sure, anyone who leases numbers directly from NANPA can look up the carrier >> of record and exchange traffic directly, but any business who also leases >> numbers INDIRECTLY gets cut out and still needs to pay their upstream >> carrier(s) to place/receive calls, either by channels or per minute, even >> if their upstream is directly peered and not transiting the PSTN at all. >> >> If this would be for the end user, then NANPA would have to delegate to the >> leasee, the leasee delegate to the reseller, the reseller to the end user, >> then the end user could publish their VoIP contact info, and anyone could >> call directly via VoIP, cutting out all of the middle peers. >> >> But, as another person said, this is ripe for abuse, and with no motivation >> by NANPA or the larger carriers to make calls less expensive for the >> reseller or end user, I see this going nowhere. Until there is some value >> in NANPA (plus all the other country telephony organizations) and the >> direct carriers leasing numbers to do so. >> >> Beckman >> >>> On Tue, 24 Oct 2023, Ross Tajvar via VoiceOps wrote: >>> >>> I can think of a few ways that could be adapted into a platform more like >>> an Internet exchange, but as others have said, it just doesn't seem worth >>> it. >>> >>> On Tue, Oct 24, 2023, 5:31 PM Jawaid Bazyar via VoiceOps < >>> voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: >>> >>>> I think schemes like DUNDI (and some of the others mentioned here) suffer >>>> from a trust issue – what’s to prevent operator X from poisoning the >>>> protocol with bogus “stolen” numbers? >>>> >>>> >>>> >>>> On Tue, Oct 24, 2023 at 5:25 PM Jared Smith via VoiceOps < >>>> voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: >>>> >>>>> On Tue, Oct 24, 2023 at 8:49 AM Mike Hammett via VoiceOps < >>>>> voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: >>>>> >>>>>> This was in another thread, but I broke it out into it's own >>>>>> conversation. Someone had asked: >>>>>> >>>>>> --- >>>>>> I am joining this thread late, but, would anyone out there be interested >>>>>> in exchanging traffic with other carriers directly over SIP? >>>>>> >>>>> >>>>> Just another point of VoIP history trivia at this point... but in >>>>> addition to things like ENUM and ITAD, Mark Spencer of Asterisk fame also >>>>> invented Dundi, which was an encrypted peer-to-peer protocol for route >>>>> advertisement and discovery. As far as I know, very few people besides me >>>>> ever put it in production, but it worked really well at the time. (Of >>>>> course, it's been about 17 or 18 years now since I used it in production.) >>>>> >>>>> -Jared >>>>> _______________________________________________ >>>>> VoiceOps mailing list >>>>> VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> >>>>> https://puck.nether.net/mailman/listinfo/voiceops >>>>> >>>> _______________________________________________ >>>> VoiceOps mailing list >>>> VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> >>>> https://puck.nether.net/mailman/listinfo/voiceops >>>> >>> >> >> --------------------------------------------------------------------------- >> Peter Beckman Internet Guy >> beck...@angryox.com<mailto:beck...@angryox.com> >> https://www.angryox.com/ >> --------------------------------------------------------------------------- >> _______________________________________________ >> VoiceOps mailing list >> VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> >> https://puck.nether.net/mailman/listinfo/voiceops >> _______________________________________________ >> VoiceOps mailing list >> VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> >> https://puck.nether.net/mailman/listinfo/voiceops > _______________________________________________ > VoiceOps mailing list > VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> > https://puck.nether.net/mailman/listinfo/voiceops > _______________________________________________ > VoiceOps mailing list > VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> > https://puck.nether.net/mailman/listinfo/voiceops > > > -- > Pinchas S. Neiman > Software Engineer At ESEQ Technology Corp. > 845.213.1229 #2 > [Image removed by sender.] > --------------------------------------------------------------------------- Peter Beckman Internet Guy beck...@angryox.com https://www.angryox.com/ ---------------------------------------------------------------------------
_______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops