<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>thanks for giving further details. Just wanted to give the basic
details about these topics and Kamailio ... a C module can be
contributed if someone wants to do it, but other alternatives are
already possible ...<br>
</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 23.08.19 07:50, Yuriy Gorlichenko
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABSP_VfcPQJCjfN7uMgNe6CUmrjpRN=ROfwV3MF6tVshUFGVOA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">
<div dir="auto">Hello, Daniel.</div>
<div dir="auto">You disscussed it with Oleg Belousov at Kamailio
World 2019. ( I added him in cc as he Just subscribed on list
and did not saw this thread) </div>
<div dir="auto"><br>
</div>
<div dir="auto">I was a part of his team Who realized this. </div>
<div dir="auto">Yes, we've implemented STIR/SHAKEN platform for
mobile operator, using Lua, which interrogates with php-fpm
scripts via http/json queries. </div>
<div dir="auto">Apart from signing SIP requests and validation
of identity headers we had to deploy additional business
requirements, </div>
<div dir="auto">including integration with CVT (Call Validation
Treatment) entity, special handling of certain SIP headers,
blacklisting, etc. Above approach gave us bit more
flexibility.</div>
<div dir="auto"><br>
</div>
<div dir="auto">We can deploy C module, if required, can share
our expertize as well.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, 16 Aug 2019, 16:38
Daniel-Constantin Mierla, <<a
href="mailto:miconda@gmail.com" target="_blank"
rel="noreferrer" moz-do-not-send="true">miconda@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
at couple of events I participated during the past few months,
I was<br>
asked about support of STIR/SHAKEN (caller identity<br>
authentication/verification), which is a hot topic these days
at least<br>
in USA, aiming to combat "fraudulent" robo-calling. Therefore
I thought<br>
of share some details with everyone in the community about the
state in<br>
Kamailio, writing to both devs and users, the information
being relevant<br>
for everyone.<br>
<br>
We already have the (related) module named auth_identity,
available<br>
since 2008 (iirc):<br>
<br>
- <a
href="https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html"
rel="noreferrer noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html</a><br>
<br>
But it implements the previous iteration of the specs for
caller<br>
identity, respectively RFC 4474:<br>
<br>
- <a href="https://tools.ietf.org/html/rfc4474"
rel="noreferrer noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://tools.ietf.org/html/rfc4474</a><br>
<br>
However, that RFC is obsoleted by 8224 (the latest core specs
for<br>
STIR/SHAKEN):<br>
<br>
- <a href="https://tools.ietf.org/html/rfc8224"
rel="noreferrer noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://tools.ietf.org/html/rfc8224</a><br>
<br>
Then, there are also RFCs 8225 and 8226 to add to the core
specs.<br>
<br>
Should anyone be interested to implement STIR/SHAKEN specs in
a modules,<br>
I would suggest to start from auth_identity -- might not be
much work to<br>
update it to become conform with latest specs (a new module
can be<br>
created, of course, even when starting from auth_identity).<br>
<br>
However, these specs are about signing the SIP request (the
INVITE) with<br>
special PKI certificate. It can be done easily with embedded
scripts<br>
such as Lua or Python (inline execution in native kamailio.cfg
or using<br>
kemi scripts). At Kamailio World 2019, one of the participants
I<br>
discussed with told me they already implemented using Lua.<br>
<br>
That's it for a starting point, if anyone wants to discuss
more, just<br>
reply to sr-users and add your comments or ask the questions.<br>
<br>
If someone wants to go ahead and work on a C module, announce
yourself<br>
to avoid duplicate work of others, and use sr-dev if you need
assistance<br>
on module development.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
-- <br>
Daniel-Constantin Mierla -- <a href="http://www.asipto.com"
rel="noreferrer noreferrer noreferrer" target="_blank"
moz-do-not-send="true">www.asipto.com</a><br>
<a href="http://www.twitter.com/miconda" rel="noreferrer
noreferrer noreferrer" target="_blank"
moz-do-not-send="true">www.twitter.com/miconda</a> -- <a
href="http://www.linkedin.com/in/miconda" rel="noreferrer
noreferrer noreferrer" target="_blank"
moz-do-not-send="true">www.linkedin.com/in/miconda</a><br>
<br>
<br>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
<a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a></pre>
</body>
</html>