I was responding to David's statement of "it effectively mean you MUST remove it from the headers, since the TNs in the payload must match the TNs in the headers for the identity to be valid." This statement is incorrect, as evidenced by the ATIS docs.

The clearest example is in 1000082 8.2.1 which describes the validation process, and how the orig tn and dest tn from the passport are to be compared to the values from the SIP To: and From: headers:

Normalize to the canonical form the received in the “verificationRequest” “from” and “to” telephone numbers (remove visual separators and leading “+”) and compare them with ones extracted from the “orig” and “dest” claims of PASSporT payload.



From: sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Emilio Panighetti <emiliop@operalogic.com>
Sent: Wednesday, November 3, 2021, 10:42 PM
To: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] STIR/SHAKEN, is a number format mandatory?

Take a look at ATIS-1000082: https://access.atis.org/apps/group_public/download.php/45032/ATIS-1000082.pdf

6.2 Datatype:origTelephoneNumber

Field

Type

Required?

Description

tn

String
Allowed Characters : [0-9],*,#,+, and
visual separators defined in RFC 3966: “.”, “-“, “(“, “)”.

Y

Telephone Number of Originating identity.

Server will remove all non-numeric characters if received except star (*) and pound (#) characters.

Ex.: (+1) 235-555-121212355551212


Do you really trust a 3rd party server to do your job?
The attestation is done with the bare digits as in the example above: 12355551212 clear from all decorators including the preceding ‘+’.

If you look at any identity header with an attestation, the numbers are always as above, without decorators.

If you go to 8.1.3.2 Request Sample within the same document, all the JSON samples contain no decorators.

What you’re quoting from ATIS-1000074 are SIP headers.
The current version is https://access.atis.org/apps/group_public/download.php/45032/ATIS-1000082.pdf
It explains the overall protocol. The implementation details are in ATIS-1000082

Regards


On Nov 3, 2021, at 10:48 PM, Ben Kaufman <bkaufman@nexvortex.com> wrote:

I don’t think so, because the examples in ATIS-1000074-E specifically show To: and From: headers with a leading plus:
 
 
  From: "Alice"<sip:+12155551212@tel.example2.net>;tag=614bdb40
 
I think the necessity is only to logically match the values there.
 
Ben Kaufman
 
From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of David Villasmil
Sent: Wednesday, November 3, 2021 6:43 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] STIR/SHAKEN, is a number format mandatory?
 
then it effectively mean you MUST remove it from the headers, since the TNs in the payload must match the TNs in the headers for the identity to be valid.

Regards,
 
David Villasmil
phone: +34669448337
 
 
On Wed, Nov 3, 2021 at 11:12 PM Ben Kaufman <bkaufman@nexvortex.com> wrote:

According to ATIS-1000074-E

 

“ the term "valid telephone number" refers to a telephone number that is a nationally specific service number (e.g., 611, 911), or a telephone number that can be converted into a globally routable E.164 number, as specified in section 8.3 of [RFC 8224].”

 

 

From the RFC (https://datatracker.ietf.org/doc/html/rfc8224#section-8.3)

 

Implementations MUST drop any "+"s, internal dashes, parentheses,

or other non-numeric characters, except for the "#" or "*" keys

used in some special service numbers (typically, these will appear

only in the To header field value).  This MUST result in an ASCII

string limited to "#", "*", and digits without whitespace or

visual separators.

 
 
In looking at the examples in ATIS-1000074-E, this doesn’t mean that the + should be removed from the other SIP headers (To:, From:, etc), but apparently it shouldn’t be in the  jwt of the Identity header.
 
Ben Kaufman
 
From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of David Villasmil
Sent: Wednesday, November 3, 2021 5:32 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: [SR-Users] STIR/SHAKEN, is a number format mandatory?
 
Hello guys,
 
I'm getting failed by my provider because I'm sending to them with +1 both on the headers and on the payload. My understanding is there is no mandatory format, or is there?

Regards,
 
David Villasmil
phone: +34669448337
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
 * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
 * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users