[sr-dev] [SR-Users] About STIR/SHAKEN - Caller Identity
Daniel-Constantin Mierla
miconda at gmail.com
Fri Aug 23 16:11:01 CEST 2019
Hello,
thanks for giving further details. Just wanted to give the basic details
about these topics and Kamailio ... a C module can be contributed if
someone wants to do it, but other alternatives are already possible ...
Cheers,
Daniel
On 23.08.19 07:50, Yuriy Gorlichenko wrote:
> Hello, Daniel.
> You disscussed it with Oleg Belousov at Kamailio World 2019. ( I added
> him in cc as he Just subscribed on list and did not saw this thread)
>
> I was a part of his team Who realized this.
> Yes, we've implemented STIR/SHAKEN platform for mobile operator, using
> Lua, which interrogates with php-fpm scripts via http/json queries.
> Apart from signing SIP requests and validation of identity headers we
> had to deploy additional business requirements,
> including integration with CVT (Call Validation Treatment) entity,
> special handling of certain SIP headers, blacklisting, etc. Above
> approach gave us bit more flexibility.
>
> We can deploy C module, if required, can share our expertize as well.
>
> On Fri, 16 Aug 2019, 16:38 Daniel-Constantin Mierla,
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
> Hello,
>
> at couple of events I participated during the past few months, I was
> asked about support of STIR/SHAKEN (caller identity
> authentication/verification), which is a hot topic these days at least
> in USA, aiming to combat "fraudulent" robo-calling. Therefore I
> thought
> of share some details with everyone in the community about the
> state in
> Kamailio, writing to both devs and users, the information being
> relevant
> for everyone.
>
> We already have the (related) module named auth_identity, available
> since 2008 (iirc):
>
> -
> https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html
>
> But it implements the previous iteration of the specs for caller
> identity, respectively RFC 4474:
>
> - https://tools.ietf.org/html/rfc4474
>
> However, that RFC is obsoleted by 8224 (the latest core specs for
> STIR/SHAKEN):
>
> - https://tools.ietf.org/html/rfc8224
>
> Then, there are also RFCs 8225 and 8226 to add to the core specs.
>
> Should anyone be interested to implement STIR/SHAKEN specs in a
> modules,
> I would suggest to start from auth_identity -- might not be much
> work to
> update it to become conform with latest specs (a new module can be
> created, of course, even when starting from auth_identity).
>
> However, these specs are about signing the SIP request (the
> INVITE) with
> special PKI certificate. It can be done easily with embedded scripts
> such as Lua or Python (inline execution in native kamailio.cfg or
> using
> kemi scripts). At Kamailio World 2019, one of the participants I
> discussed with told me they already implemented using Lua.
>
> That's it for a starting point, if anyone wants to discuss more, just
> reply to sr-users and add your comments or ask the questions.
>
> If someone wants to go ahead and work on a C module, announce yourself
> to avoid duplicate work of others, and use sr-dev if you need
> assistance
> on module development.
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
> www.twitter.com/miconda <http://www.twitter.com/miconda> --
> www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190823/fabde1c4/attachment.html>
More information about the sr-dev
mailing list