[VoiceOps] STIR/SHAKEN Discussion: Will it help?

[Mary Lou Carey]

I wouldn't say it's all that easy because you have to be certified as a 
CLEC, Interconnected VOIP, or Wireless provider in order to get access 
to numbering resources. A lot of people missed that part in the 
guidelines because it was not worded clearly and they didn't know that 
you can't get NXXs assigned without providing the certification to the 
PA. I contacted Brent Struthers (STI-GA Director) a few months back and 
asked him about that because it didn't make sense that you could get 
access to NANPA resources without the proper certification to get NXXs. 
He verified that you DO have to have a CLEC, Interconnected VOIP, or 
Wireless provider cerfification in order to get access to NANPA 
resources!

MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111

On 2019-12-31 01:35 PM, Calvin Ellison wrote:
> On Tue, Dec 31, 2019 at 8:54 AM Mark Lindsey <lindsey at e-c-group.com>
> wrote:
> 
>> My presentation focused Bad Actors who don't register with anybody.
>> But after my presentation, Jon Peterson (who wrote much of the
>> SHAKEN RFCs) added another security gap in the American
>> implementation: anybody can get an OCN and CLLI code, access to
>> numbers, get a Service Provider Token and a signing Certificate from
>> the PA/CA, and then sign every call they want to from any number
>> they want to.
>> 
>> MARK R LINDSEY, SMTS | +1-229-316-0013 | mark at ecg.co |
>> HTTPS://ECG.CO/LINDSEY/
> 
> I think the entire point of S/S (can we abbreviate this yet?) _is_ the
> bad actors. Yes, an entity can go through all the hoops to sign calls,
> and their traffic will become immediately identifiable. It shouldn't
> take long for their certificate to get revoked while the FCC and
> others work on fining them out of existence with possible criminal
> charges with jail time.
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops