[VoiceOps] STIR/SHAKEN Discussion: Will it help?

Calvin Ellison calvin.ellison at voxox.com
Tue Dec 31 14:35:45 EST 2019


On Tue, Dec 31, 2019 at 8:54 AM Mark Lindsey <lindsey at e-c-group.com> wrote:

>
> My presentation focused Bad Actors who don't register with anybody. But
> after my presentation, Jon Peterson (who wrote much of the SHAKEN RFCs)
> added another security gap in the American implementation: anybody can get
> an OCN and CLLI code, access to numbers, get a Service Provider Token and a
> signing Certificate from the PA/CA, and then sign every call they want to
> from any number they want to.
>
> *Mark R Lindsey, SMTS* | +1-229-316-0013 | mark at ecg.co |* https://ecg.co/lindsey/
> <https://ecg.co/lindsey/>*
>

I think the entire point of S/S (can we abbreviate this yet?) *is* the bad
actors. Yes, an entity can go through all the hoops to sign calls, and
their traffic will become immediately identifiable. It shouldn't take long
for their certificate to get revoked while the FCC and others work on
fining them out of existence with possible criminal charges with jail time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20191231/5370f182/attachment-0001.htm>


More information about the VoiceOps mailing list