[VoiceOps] Identity Header Test Tool

Nathan Anderson nathana at fsr.com
Tue Jul 5 18:52:01 EDT 2022

This totally rocks; thank you for putting this together.

In case anyone is interested, here is what I happen to see when calling any of these numbers through VoIP Innovations' T.38 deck; I will try other LCR rate decks of theirs, as well as other term providers, in the near future:

Like others here have observed happening to them, calling the Bandwidth.com number results in the call being shown as attested, but our original signed attestation has gone missing and been replaced with a "B"-level attestation by Bandwidth themselves.  So perhaps VI does not send any term traffic to Bandwidth, or they just aren't included in the T.38 LCR (very likely, since VI's portal indicates that Bandwidth does not support T.38 on origination, so it's equally likely they don't for term, either, especially since it's much tricker to support for term if you aren't doing the T.38 gatewaying for all TDM- or POTS-destined traffic yourself), and either some intermediate provider is stripping our Identity header out or it's going IP-to-TDM-to-IP with no STI-CPS/OOB-SHAKEN.

The Sinch number seems to be hosted by Inteliquent, and our own signed "A"-level attestation arrives at the destination unmolested.  Makes sense since VI does a ton of business with IQ.

None of our calls to any of the toll-free numbers are attested at all.  Somewhat surprising in the case of Lumen/L3, even more surprising with Sinch/IQ.

-- Nathan

-----Original Message-----
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of David Frankel
Sent: Sunday, July 3, 2022 8:05 AM
To: voiceops at voiceops.org
Subject: [VoiceOps] Identity Header Test Tool

Last week I was forwarded a note from this list regarding tools to test and debug SHAKEN Identity headers. That prompted us to stitch together some modules we already had in an attempt to help.

What we have is at http://identity.legalcallsonly.org. You can call one of the test numbers listed on that page, and if we receive your header, we'll read you a six-digit code. Disconnect and then plug the code into the box on the web form, and we'll show you details of that Identity header.

Perhaps most importantly, you'll be able to see if the header we received is the one you sent. In addition, we parse the header and try to tell you if it is correctly formatted and valid.

Currently we have a couple of geographic DIDs and three toll-free numbers (each using different underlying providers). So far we aren't having a lot of success getting the Identity headers on the TFNs; we're working to improve that.

Suggestions welcome. We hope the tool provokes more discussion about best practices regarding making the Authentication Framework as functional and useful as possible. 

Happy 4th of July!

David Frankel
St. George, UT USA

VoiceOps mailing list
VoiceOps at voiceops.org

More information about the VoiceOps mailing list