Hello,
thanks for giving further details. Just wanted to give the basic details about these topics and Kamailio ... a C module can be contributed if someone wants to do it, but other alternatives are already possible ...
Cheers, Daniel
On 23.08.19 07:50, Yuriy Gorlichenko wrote:
Hello, Daniel. You disscussed it with Oleg Belousov at Kamailio World 2019. ( I added him in cc as he Just subscribed on list and did not saw this thread)
I was a part of his team Who realized this. Yes, we've implemented STIR/SHAKEN platform for mobile operator, using Lua, which interrogates with php-fpm scripts via http/json queries. Apart from signing SIP requests and validation of identity headers we had to deploy additional business requirements, including integration with CVT (Call Validation Treatment) entity, special handling of certain SIP headers, blacklisting, etc. Above approach gave us bit more flexibility.
We can deploy C module, if required, can share our expertize as well.
On Fri, 16 Aug 2019, 16:38 Daniel-Constantin Mierla, <miconda@gmail.com mailto:miconda@gmail.com> wrote:
Hello, at couple of events I participated during the past few months, I was asked about support of STIR/SHAKEN (caller identity authentication/verification), which is a hot topic these days at least in USA, aiming to combat "fraudulent" robo-calling. Therefore I thought of share some details with everyone in the community about the state in Kamailio, writing to both devs and users, the information being relevant for everyone. We already have the (related) module named auth_identity, available since 2008 (iirc): - https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html But it implements the previous iteration of the specs for caller identity, respectively RFC 4474: - https://tools.ietf.org/html/rfc4474 However, that RFC is obsoleted by 8224 (the latest core specs for STIR/SHAKEN): - https://tools.ietf.org/html/rfc8224 Then, there are also RFCs 8225 and 8226 to add to the core specs. Should anyone be interested to implement STIR/SHAKEN specs in a modules, I would suggest to start from auth_identity -- might not be much work to update it to become conform with latest specs (a new module can be created, of course, even when starting from auth_identity). However, these specs are about signing the SIP request (the INVITE) with special PKI certificate. It can be done easily with embedded scripts such as Lua or Python (inline execution in native kamailio.cfg or using kemi scripts). At Kamailio World 2019, one of the participants I discussed with told me they already implemented using Lua. That's it for a starting point, if anyone wants to discuss more, just reply to sr-users and add your comments or ask the questions. If someone wants to go ahead and work on a C module, announce yourself to avoid duplicate work of others, and use sr-dev if you need assistance on module development. Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users