[VoiceOps] Production STIR/SHAKEN

Dave Frigen dfrigen at wabash.net
Mon Jul 27 15:49:02 EDT 2020


Paul, this is in reply to your question posted on July 24th: Currently there
are 34 active STI-GA SHAKEN participants authorized to exchange SHAKEN
tokens in the U.S. While Canada and the UK are working on SHAKEN, to my
knowledge there are no PA's or CA's to operate and approve new applicants in
those countries.

 

T-Mobile, Comcast, Verizon, and AT&T were the first four carriers to adopt
SHAKEN and are still temporarily using self-signed certificates (not
official PA authored certificates that Transnexus and the rest of the U.S.
uses). This is due to FCC expectations of having a SHAKEN platform in
production at the beginning of the year and there not being a PA (Policy
Administrator), nor any CA's (Certificate Authorities) at that time.
Self-signing certificates were the only means of operating the SHAKEN
platform in the FCC timeframe. We, as out-of-band (OOB) operators do not
have the ability to exchange certs. (certificates) with the self-signers
today. It goes without saying that these networks are huge and not easily
converted. T-Mobile and Comcast are in the process of converting to official
PA authored certificates, they are expected to be on-line in the coming
month. Both AT&T and Verizon are in the engineering stages and planning to
convert in the future. I reside on a board seat of the national STI-GA
governance board as an NTCA representative, and have asked the self-signers
to begin publishing their self-signing root addresses so every can exchange
tokens in the interim regardless of whether or not they are official PA
authored certs. I anticipate self-signing certs going away, and likely
within the coming months. In summary, we, as out-of-band (OOB) operators, do
not have the ability to exchange certs. with the self-signers today,
hopefully they will agree to publish their root certificate addresses soon.

 

I want to prequalify this next statement by congratulating any TDM provider
that is adopting OOB or some sort of TDM SHAKEN technology. You're doing the
right thing, because TDM isn't going away anytime soon. And all Americans
deserve the right to have their calls officially authenticated and verified
just like any iP network provider's calls. OOB and other technologies for
use on TDM calls for SHAKEN are in the infant stages and are just now being
discussed and considered for permanent TDM standards. The body that is
adopting new TDM standards is the PTSC Non-IP Call Authentication Task
Force, led by ATIS. Anyone is welcome to become a member of the task force.
There is a nominal $250 fee for organizations that are not already an ATIS
member. If you want more information on how to join the committee, I'd be
glad to help. Belonging to the committee is one of many ways to comply with
the FCC's mandate for TDM providers to adopt SHAKEN.

 

As to the original question of who to test OOB with, Transnexus to
Transnexus will allow for both authentication and verification testing; or
Transnexus to Netnumber or Neustar. These would be OOB to OOB calls.
Regarding OOB to IP, or the reverse..it's my understanding that OOB to
in-band will only work one way today. OOB can authenticate a PA certificate
that in-band can receive. HTTP Post software or a Call Placement Service
(CPS) is required for an IP provider to post a token to an OOB provider.
With that being said, Wabash is a Transnexus customer and would be more than
happy to test OOB SHAKEN with any provider desiring to do so. Let me know
and I'll get you in touch with our engineers.

 

Lastly, I'd like to add that Wabash originally implemented OOB SHAKEN into a
C-15 with no CapEx, just existing translations modifications. After running
the Transnexus/ClearIP platform for a while, we decided to upgrade our SBC
to a cloud solution for under $100 a month, but to date that is our only
capital expense to be OOB SHAKEN enabled. So, don't let your switch vendor
insist that you break-the-bank to operate OOB.

 

Dave  

 

 

 

Dave Frigen

Chief Operating Officer 

Wabash Communications CO-OP | www.wabash.net

Office: 618.665.3311 

                                                                 

 <https://www.facebook.com/wabashcommunicationscoop/>
<https://www.instagram.com/wabashcommunications/>
<https://www.youtube.com/channel/UCWoo3wyybeYEnTpTxK2jbUg>
<https://www.linkedin.com/company/18788687/admin/> 

 

 <http://www.wabash.net/> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20200727/b8780f48/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1390 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20200727/b8780f48/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20200727/b8780f48/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1401 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20200727/b8780f48/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1499 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20200727/b8780f48/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 15208 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20200727/b8780f48/attachment-0009.png>


More information about the VoiceOps mailing list