Hi All,
I have a quick question regarding verification on incoming calls regarding the stir/shaken policy. I'm using the secsipid library to check the identity header, but the problem I'm running into is that there is no identity header in the invite from the incoming call (It's showing up as null). Have most carriers enabled passing along an identity header, or is this something that is still in the works for some of them.
Would I need to request and get the certificate from the terminating carrier? I've tried using the auth_identity module to see if i need to use the verification functions to get/request the certificate, but I have had no luck so far.
Would anyone be able to provide direction on how to request/get/pass along the identity header from an incoming call with stir/shaken.
(I am using kamailio v5.6 and debian 12)
Thanks in advance, Temi
Have you done a packet capture to try to ascertain whether the Identity header is objectively present in incoming requests, on the wire?
On May 30, 2024, at 2:48 PM, tfayomi--- via sr-users sr-users@lists.kamailio.org wrote:
Hi All,
I have a quick question regarding verification on incoming calls regarding the stir/shaken policy. I'm using the secsipid library to check the identity header, but the problem I'm running into is that there is no identity header in the invite from the incoming call (It's showing up as null). Have most carriers enabled passing along an identity header, or is this something that is still in the works for some of them.
Would I need to request and get the certificate from the terminating carrier? I've tried using the auth_identity module to see if i need to use the verification functions to get/request the certificate, but I have had no luck so far.
Would anyone be able to provide direction on how to request/get/pass along the identity header from an incoming call with stir/shaken.
(I am using kamailio v5.6 and debian 12)
Thanks in advance, Temi __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Yes, I have done an sngrep and the Identity header isn't shown at all on any incoming requests. That's partially why I was wondering if I need to request the identity header from the terminating carrier or if they need to provide it.
On May 30, 2024, at 4:24 PM, tfayomi--- via sr-users sr-users@lists.kamailio.org wrote:
Yes, I have done an sngrep and the Identity header isn't shown at all on any incoming requests.
Well, you've answered your own question, as far as the technical side of it goes.
On the business/policy side: carriers are in various stages of implementation of STIR/SHAKEN, and may or may not offer it, and you may or may not need to ask them.
-- Alex
Hello,
For outgoing calls _from your DIDs_ to your providers, you need to sign the identify header. For incoming calls from your providers, IF THEY SIGN them, then you verify them, Otherwise they just have no attestation. If they do provide it, it possible you need to let them know you want it, but i'd assume they'd send it automatically -if they receive it from upstream-.
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
On Thu, May 30, 2024 at 10:45 PM tfayomi--- via sr-users < sr-users@lists.kamailio.org> wrote:
Yes, I have done an sngrep and the Identity header isn't shown at all on any incoming requests. That's partially why I was wondering if I need to request the identity header from the terminating carrier or if they need to provide it. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
On one of our carriers, I had to request them to send us the identity header. Ask them in case you are in the same situation.
On Thu, May 30, 2024 at 2:09 PM David Villasmil via sr-users < sr-users@lists.kamailio.org> wrote:
Hello,
For outgoing calls _from your DIDs_ to your providers, you need to sign the identify header. For incoming calls from your providers, IF THEY SIGN them, then you verify them, Otherwise they just have no attestation. If they do provide it, it possible you need to let them know you want it, but i'd assume they'd send it automatically -if they receive it from upstream-.
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
On Thu, May 30, 2024 at 10:45 PM tfayomi--- via sr-users < sr-users@lists.kamailio.org> wrote:
Yes, I have done an sngrep and the Identity header isn't shown at all on any incoming requests. That's partially why I was wondering if I need to request the identity header from the terminating carrier or if they need to provide it. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hello,
not everyone has implemented this. You need to check whether it's there and validate if present.
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
On Thu, May 30, 2024 at 9:11 PM tfayomi--- via sr-users < sr-users@lists.kamailio.org> wrote:
Hi All,
I have a quick question regarding verification on incoming calls regarding the stir/shaken policy. I'm using the secsipid library to check the identity header, but the problem I'm running into is that there is no identity header in the invite from the incoming call (It's showing up as null). Have most carriers enabled passing along an identity header, or is this something that is still in the works for some of them.
Would I need to request and get the certificate from the terminating carrier? I've tried using the auth_identity module to see if i need to use the verification functions to get/request the certificate, but I have had no luck so far.
Would anyone be able to provide direction on how to request/get/pass along the identity header from an incoming call with stir/shaken.
(I am using kamailio v5.6 and debian 12)
Thanks in advance, Temi __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
-
Alex Balashov -
David Villasmil -
Joel Serrano -
tfayomi@untangledtechnology.com