[SR-Users] About STIR/SHAKEN - Caller Identity

Yuriy Gorlichenko ovoshlook at gmail.com
Fri Aug 23 07:50:52 CEST 2019 

Hello, Daniel.
You disscussed it with Oleg Belousov at Kamailio World 2019. ( I added him
in cc as he Just subscribed on list and did not saw this thread)

I was a part of his team Who realized this.
Yes, we've implemented STIR/SHAKEN platform for mobile operator, using Lua,
which interrogates with php-fpm scripts via http/json queries.
Apart from signing SIP requests and validation of identity headers we had
to deploy additional business requirements,
including integration with CVT (Call Validation Treatment) entity, special
handling of certain SIP headers, blacklisting, etc. Above approach gave us
bit more flexibility.

We can deploy C module, if required, can share our expertize as well.

On Fri, 16 Aug 2019, 16:38 Daniel-Constantin Mierla, <miconda at gmail.com>
wrote:

> Hello,
>
> at couple of events I participated during the past few months, I was
> asked about support of STIR/SHAKEN (caller identity
> authentication/verification), which is a hot topic these days at least
> in USA, aiming to combat "fraudulent" robo-calling. Therefore I thought
> of share some details with everyone in the community about the state in
> Kamailio, writing to both devs and users, the information being relevant
> for everyone.
>
> We already have the (related) module named auth_identity, available
> since 2008 (iirc):
>
>   -
> https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html
>
> But it implements the previous iteration of the specs for caller
> identity, respectively RFC 4474:
>
>   - https://tools.ietf.org/html/rfc4474
>
> However, that RFC is obsoleted by 8224 (the latest core specs for
> STIR/SHAKEN):
>
>   - https://tools.ietf.org/html/rfc8224
>
> Then, there are also RFCs 8225 and 8226 to add to the core specs.
>
> Should anyone be interested to implement STIR/SHAKEN specs in a modules,
> I would suggest to start from auth_identity -- might not be much work to
> update it to become conform with latest specs (a new module can be
> created, of course, even when starting from auth_identity).
>
> However, these specs are about signing the SIP request (the INVITE) with
> special PKI certificate. It can be done easily with embedded scripts
> such as Lua or Python (inline execution in native kamailio.cfg or using
> kemi scripts). At Kamailio World 2019, one of the participants I
> discussed with told me they already implemented using Lua.
>
> That's it for a starting point, if anyone wants to discuss more, just
> reply to sr-users and add your comments or ask the questions.
>
> If someone wants to go ahead and work on a C module, announce yourself
> to avoid duplicate work of others, and use sr-dev if you need assistance
> on module development.
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190823/b04c2118/attachment.html>

More information about the sr-users mailing list