<div dir="auto"><div dir="auto">Hello, Daniel.</div><div dir="auto">You disscussed it with Oleg Belousov at Kamailio World 2019. ( I added him in cc as he Just subscribed on list and did not saw this thread) </div><div dir="auto"><br></div><div dir="auto">I was a part of his team Who realized this. </div><div dir="auto">Yes, we've implemented STIR/SHAKEN platform for mobile operator, using Lua, which interrogates with php-fpm scripts via http/json queries. </div><div dir="auto">Apart from signing SIP requests and validation of identity headers we had to deploy additional business requirements, </div><div dir="auto">including integration with CVT (Call Validation Treatment) entity, special handling of certain SIP headers, blacklisting, etc. Above approach gave us bit more flexibility.</div><div dir="auto"><br></div><div dir="auto">We can deploy C module, if required, can share our expertize as well.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 16 Aug 2019, 16:38 Daniel-Constantin Mierla, <<a href="mailto:miconda@gmail.com" target="_blank" rel="noreferrer">miconda@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
at couple of events I participated during the past few months, I was<br>
asked about support of STIR/SHAKEN (caller identity<br>
authentication/verification), which is a hot topic these days at least<br>
in USA, aiming to combat "fraudulent" robo-calling. Therefore I thought<br>
of share some details with everyone in the community about the state in<br>
Kamailio, writing to both devs and users, the information being relevant<br>
for everyone.<br>
<br>
We already have the (related) module named auth_identity, available<br>
since 2008 (iirc):<br>
<br>
- <a href="https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html</a><br>
<br>
But it implements the previous iteration of the specs for caller<br>
identity, respectively RFC 4474:<br>
<br>
- <a href="https://tools.ietf.org/html/rfc4474" rel="noreferrer noreferrer noreferrer" target="_blank">https://tools.ietf.org/html/rfc4474</a><br>
<br>
However, that RFC is obsoleted by 8224 (the latest core specs for<br>
STIR/SHAKEN):<br>
<br>
- <a href="https://tools.ietf.org/html/rfc8224" rel="noreferrer noreferrer noreferrer" target="_blank">https://tools.ietf.org/html/rfc8224</a><br>
<br>
Then, there are also RFCs 8225 and 8226 to add to the core specs.<br>
<br>
Should anyone be interested to implement STIR/SHAKEN specs in a modules,<br>
I would suggest to start from auth_identity -- might not be much work to<br>
update it to become conform with latest specs (a new module can be<br>
created, of course, even when starting from auth_identity).<br>
<br>
However, these specs are about signing the SIP request (the INVITE) with<br>
special PKI certificate. It can be done easily with embedded scripts<br>
such as Lua or Python (inline execution in native kamailio.cfg or using<br>
kemi scripts). At Kamailio World 2019, one of the participants I<br>
discussed with told me they already implemented using Lua.<br>
<br>
That's it for a starting point, if anyone wants to discuss more, just<br>
reply to sr-users and add your comments or ask the questions.<br>
<br>
If someone wants to go ahead and work on a C module, announce yourself<br>
to avoid duplicate work of others, and use sr-dev if you need assistance<br>
on module development.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
-- <br>
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" rel="noreferrer noreferrer noreferrer" target="_blank">www.asipto.com</a><br>
<a href="http://www.twitter.com/miconda" rel="noreferrer noreferrer noreferrer" target="_blank">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" rel="noreferrer noreferrer noreferrer" target="_blank">www.linkedin.com/in/miconda</a><br>
<br>
<br>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" rel="noreferrer noreferrer" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>