[SR-Users] STIR/SHAKEN, is a number format mandatory?
Ben Kaufman
bkaufman at nexvortex.com
Thu Nov 4 06:13:53 CET 2021
I was responding to David's statement of "it effectively mean you MUST remove it from the headers, since the TNs in the payload must match the TNs in the headers for the identity to be valid." This statement is incorrect, as evidenced by the ATIS docs.
The clearest example is in 1000082 8.2.1 which describes the validation process, and how the orig tn and dest tn from the passport are to be compared to the values from the SIP To: and From: headers:
Normalize to the canonical form the received in the “verificationRequest” “from” and “to” telephone numbers (remove visual separators and leading “+”) and compare them with ones extracted from the “orig” and “dest” claims of PASSporT payload.
________________________________
From: sr-users <sr-users-bounces at lists.kamailio.org> on behalf of Emilio Panighetti <emiliop at operalogic.com>
Sent: Wednesday, November 3, 2021, 10:42 PM
To: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] STIR/SHAKEN, is a number format mandatory?
Take a look at ATIS-1000082: https://access.atis.org/apps/group_public/download.php/45032/ATIS-1000082.pdf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.atis.org%2Fapps%2Fgroup_public%2Fdownload.php%2F45032%2FATIS-1000082.pdf&data=04%7C01%7Cbkaufman%40nexvortex.com%7C701db8cbb12a4668941a08d99f452320%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637715941579694899%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GNZDRAd2QeKpFZviYAiE%2Fc%2FOdYxH9FXq4GDjiRwiJBM%3D&reserved=0>
6.2 Datatype:origTelephoneNumber
Field
Type
Required?
Description
tn
String
Allowed Characters : [0-9],*,#,+, and
visual separators defined in RFC 3966: “.”, “-“, “(“, “)”.
Y
Telephone Number of Originating identity.
Server will remove all non-numeric characters if received except star (*) and pound (#) characters.
Ex.: (+1) 235-555-121212355551212
Do you really trust a 3rd party server to do your job?
The attestation is done with the bare digits as in the example above: 12355551212 clear from all decorators including the preceding ‘+’.
If you look at any identity header with an attestation, the numbers are always as above, without decorators.
If you go to 8.1.3.2 Request Sample within the same document, all the JSON samples contain no decorators.
What you’re quoting from ATIS-1000074 are SIP headers.
The current version is https://access.atis.org/apps/group_public/download.php/45032/ATIS-1000082.pdf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.atis.org%2Fapps%2Fgroup_public%2Fdownload.php%2F45032%2FATIS-1000082.pdf&data=04%7C01%7Cbkaufman%40nexvortex.com%7C701db8cbb12a4668941a08d99f452320%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637715941579694899%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GNZDRAd2QeKpFZviYAiE%2Fc%2FOdYxH9FXq4GDjiRwiJBM%3D&reserved=0>
It explains the overall protocol. The implementation details are in ATIS-1000082
Regards
On Nov 3, 2021, at 10:48 PM, Ben Kaufman <bkaufman at nexvortex.com<mailto:bkaufman at nexvortex.com>> wrote:
I don’t think so, because the examples in ATIS-1000074-E specifically show To: and From: headers with a leading plus:
To: <sip:+12155551213 at tel.example1.net>
From: "Alice"<sip:+12155551212 at tel.example2.net>;tag=614bdb40
I think the necessity is only to logically match the values there.
Ben Kaufman
From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> On Behalf Of David Villasmil
Sent: Wednesday, November 3, 2021 6:43 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Subject: Re: [SR-Users] STIR/SHAKEN, is a number format mandatory?
then it effectively mean you MUST remove it from the headers, since the TNs in the payload must match the TNs in the headers for the identity to be valid.
Regards,
David Villasmil
email: david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>
phone: +34669448337
On Wed, Nov 3, 2021 at 11:12 PM Ben Kaufman <bkaufman at nexvortex.com<mailto:bkaufman at nexvortex.com>> wrote:
According to ATIS-1000074-E
“ the term "valid telephone number" refers to a telephone number that is a nationally specific service number (e.g., 611, 911), or a telephone number that can be converted into a globally routable E.164 number, as specified in section 8.3 of [RFC 8224].”
From the RFC (https://datatracker.ietf.org/doc/html/rfc8224#section-8.3<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8224%23section-8.3&data=04%7C01%7Cbkaufman%40nexvortex.com%7C701db8cbb12a4668941a08d99f452320%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637715941579704848%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2PBBKKVT%2BsPMlBts9dQuyjS9XNO%2FLqyhPmvDovVwVaI%3D&reserved=0>)
Implementations MUST drop any "+"s, internal dashes, parentheses,
or other non-numeric characters, except for the "#" or "*" keys
used in some special service numbers (typically, these will appear
only in the To header field value). This MUST result in an ASCII
string limited to "#", "*", and digits without whitespace or
visual separators.
In looking at the examples in ATIS-1000074-E, this doesn’t mean that the + should be removed from the other SIP headers (To:, From:, etc), but apparently it shouldn’t be in the jwt of the Identity header.
Ben Kaufman
From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> On Behalf Of David Villasmil
Sent: Wednesday, November 3, 2021 5:32 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>>
Subject: [SR-Users] STIR/SHAKEN, is a number format mandatory?
Hello guys,
I'm getting failed by my provider because I'm sending to them with +1 both on the headers and on the payload. My understanding is there is no mandatory format, or is there?
Regards,
David Villasmil
email: david.villasmil.work at gmail.com<mailto:david.villasmil.work at gmail.com>
phone: +34669448337
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7C701db8cbb12a4668941a08d99f452320%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637715941579704848%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UHsICX%2Fp0rFh8havXV%2FXVSFPLDckS20bzmTWAkhIing%3D&reserved=0>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.kamailio.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fsr-users&data=04%7C01%7Cbkaufman%40nexvortex.com%7C701db8cbb12a4668941a08d99f452320%7Cafc1818e7b6848568913201b9396c4fc%7C1%7C0%7C637715941579714803%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=P%2FH3FCnhwujBsAXZVzsndjNNDvTgjskgyxxKjoOmmoM%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20211104/26874310/attachment.htm>
More information about the sr-users
mailing list