[SR-Users] About STIR/SHAKEN - Caller Identity

Daniel-Constantin Mierla miconda at gmail.com
Fri Aug 23 16:11:01 CEST 2019


thanks for giving further details. Just wanted to give the basic details
about these topics and Kamailio ... a C module can be contributed if
someone wants to do it, but other alternatives are already possible ...


On 23.08.19 07:50, Yuriy Gorlichenko wrote:
> Hello, Daniel.
> You disscussed it with Oleg Belousov at Kamailio World 2019. ( I added
> him in cc as he Just subscribed on list and did not saw this thread) 
> I was a part of his team Who realized this. 
> Yes, we've implemented STIR/SHAKEN platform for mobile operator, using
> Lua, which interrogates with php-fpm scripts via http/json queries. 
> Apart from signing SIP requests and validation of identity headers we
> had to deploy additional business requirements, 
> including integration with CVT (Call Validation Treatment) entity,
> special handling of certain SIP headers, blacklisting, etc. Above
> approach gave us bit more flexibility.
> We can deploy C module, if required, can share our expertize as well.
> On Fri, 16 Aug 2019, 16:38 Daniel-Constantin Mierla,
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>     Hello,
>     at couple of events I participated during the past few months, I was
>     asked about support of STIR/SHAKEN (caller identity
>     authentication/verification), which is a hot topic these days at least
>     in USA, aiming to combat "fraudulent" robo-calling. Therefore I
>     thought
>     of share some details with everyone in the community about the
>     state in
>     Kamailio, writing to both devs and users, the information being
>     relevant
>     for everyone.
>     We already have the (related) module named auth_identity, available
>     since 2008 (iirc):
>       -
>     https://www.kamailio.org/docs/modules/stable/modules/auth_identity.html
>     But it implements the previous iteration of the specs for caller
>     identity, respectively RFC 4474:
>       - https://tools.ietf.org/html/rfc4474
>     However, that RFC is obsoleted by 8224 (the latest core specs for
>       - https://tools.ietf.org/html/rfc8224
>     Then, there are also RFCs 8225 and 8226 to add to the core specs.
>     Should anyone be interested to implement STIR/SHAKEN specs in a
>     modules,
>     I would suggest to start from auth_identity -- might not be much
>     work to
>     update it to become conform with latest specs (a new module can be
>     created, of course, even when starting from auth_identity).
>     However, these specs are about signing the SIP request (the
>     INVITE) with
>     special PKI certificate. It can be done easily with embedded scripts
>     such as Lua or Python (inline execution in native kamailio.cfg or
>     using
>     kemi scripts). At Kamailio World 2019, one of the participants I
>     discussed with told me they already implemented using Lua.
>     That's it for a starting point, if anyone wants to discuss more, just
>     reply to sr-users and add your comments or ask the questions.
>     If someone wants to go ahead and work on a C module, announce yourself
>     to avoid duplicate work of others, and use sr-dev if you need
>     assistance
>     on module development.
>     Cheers,
>     Daniel
>     -- 
>     Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
>     www.twitter.com/miconda <http://www.twitter.com/miconda> --
>     www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>     _______________________________________________
>     Kamailio (SER) - Users Mailing List
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190823/fabde1c4/attachment.html>

More information about the sr-users mailing list