[VoiceOps] [EXTERNAL] Identity Header Test Tool

Tue Jul 5 21:15:25 EDT 2022

C level attestation is the appropriate attestation level for an intermediate provider to use when signing a call.

Below is the text from ATIS-1000074.v002 regarding B level attestation:

==============================================================
B. Partial Attestation: The signing provider shall satisfy all of the following conditions:

  *   Is responsible for the origination of the call onto the IP-based service provider voice network.
  *   Has a direct authenticated relationship with the customer and can identify the customer.
  *   Has NOT established a verified association with the telephone number being used for the call.
NOTE: By populating this value, the service provider attests that it can trace the source of the call to a customer for policy enforcement purposes.
==============================================================

An intermediate provider is not “responsible for the origination of the call onto the IP-based service provider voice network”.

An intermediate provider does not have “a direct authenticated relationship with the customer and can identify the customer”.

The FCC worded it slightly differently, but perhaps more clearly, in the First Report and Order (FCC-20-42A1):

==============================================================
8. The STIR/SHAKEN framework relies on the originating voice service provider attesting to the subscriber’s identity. The SHAKEN specification allows an originating voice service provider to provide different “levels” of attestation. Specifically, the voice service provider can indicate that (i) it can confirm the identity of the subscriber making the call, and that the subscriber is using its associated telephone number (“full” or “A” attestation); (ii) it can confirm the identity of the subscriber but not the telephone number (“partial” or “B” attestation); or merely that (iii) it is the point of entry to the IP network for a call that originated elsewhere, such as a call that originated abroad or on a domestic network that is not STIR/SHAKEN-enabled (“gateway” or “C” attestation).
==============================================================

An intermediate provider cannot “confirm the identity of the subscriber”.

Sincerely,

Alec Fenichel

From: VoiceOps <voiceops-bounces at voiceops.org> on behalf of Nathan Anderson <nathana at fsr.com>
Date: Tuesday, July 5, 2022 at 19:04
To: 'Mark Lindsey' <lindsey at e-c-group.com>, voiceops at voiceops.org <voiceops at voiceops.org>
Subject: Re: [VoiceOps] [EXTERNAL] Identity Header Test Tool
Mark Lindsey wrote:

> The ATIS destination of the C-level attestation is for a situation
> that, like flying pigs, doesn't appear to occur anywhere in reality.

As a side-note, I have observed that when calling Lumen/Level3 DIDs of ours from an AT&T mobile, those calls arrive to us with "C"-level attestation, signed with a CenturyLink/Lumen SHAKEN cert.

-- Nathan
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fvoiceops&data=05%7C01%7Calec.fenichel%40transnexus.com%7C57c3d227476748a3156708da5edac04f%7C8e2972a2d21d49acb00518e8ceaadee3%7C0%7C0%7C637926590880060406%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3q2CQUI1LgYhw9eXvxbXOBo8%2FWX2cs5e07g8L2Mxl%2Bk%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20220706/4072c604/attachment.htm>