[VoiceOps] question about stir/shaken - iat and DATE header
Joseph Jackson
jjackson at aninetworks.net
Thu Jul 1 13:29:08 EDT 2021
I've heard that TNSi also counts on the date header being present.
So far we don't see a lot of people passing tokens with the date header.
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Matthew Yaklin
Sent: Thursday, July 01, 2021 12:25 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] question about stir/shaken - iat and DATE header
All,
Pretty simple question here. When you do a verify request are you filling in the iat with your sbc's current date/time or using the DATE information from the invite?
With Neustar the iat is currently optional. IQNT is basically removing the DATE header in a test we are doing by sending them a call and getting it back in a different region.
It really does not make sense to me to use the DATE header because it could be messed with by anyone in the path. It is untrusted. The iat is trusted so when you verify it makes more sense to use the current date/time of your SBC because the limitation is 60 seconds from AS to VS.
I imagine Neustar made it optional because their own system has some intelligence when it comes to this expiration of the AS.
On top of that Metaswitch is not prepared for this situation. They are basically counting on that DATE header to be there in their recommended perimeta SBC config. They plan to fix it by using the current date/time.
Just looking for how others are handling this. Just leaving it blank for now?
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20210701/c16bb7d0/attachment.htm>
More information about the VoiceOps
mailing list