[VoiceOps] STIR/SHAKEN warning!

[Paul Timmins]

> On Jul 3, 2023, at 8:05 PM, Markus via VoiceOps <voiceops at voiceops.org> wrote:
> 
> Am 30.06.2023 um 23:00 schrieb Mary Lou Carey via VoiceOps:
>> I've heard from several clients that their upstream carrier told them they don't need to worry about being STIR/SHAKEN compliant because they are taking care of everything for them.
>> THAT IS NOT CORRECT! Every phone company is required to have its own certificate/token!
> 
> What if I'm an European telecom operator and have US-based end-users (via SIP) who are calling to the US and who would like to signal their United States A-number to the called party?
> 
> What if I'm an European telecom operator and have Euro end-users (via SIP) who are calling to the US and who would like to signal their European A-number to the called party?
> 
> If I try to register here - https://authenticatereg.iconectiv.com/register - "Country: United States" is hard-coded.
> 
> Is there a way for Euro TSPs to get STIR/SHAKEN without creating a US entity/company just for this purpose?

I'm pretty sure it's the job of whoever is providing gateway services into the USA to sign the call, and that anyone in the STIR/SHAKEN system in the US has some sort of regulatory nexus here where they could be held legally responsible. It's all about finding a throat to choke if there's misconduct.

The liability would be on whoever sells you service. I think the long term idea is that other STIs would set up around the world over time and there would be a collection of root certificates much like browser SSL stacks, so you could authenticate calls that came in from other countries and tie them back to a regulatory regime that can hold them responsible.

Unless Mary has a different idea of what the plan is?

-Paul