[VoiceOps] Update on STIR/SHAKEN

Nathan Anderson nathana at fsr.com
Wed Jul 12 18:20:41 EDT 2023 

Personally, I'm quite curious to know how the ITG would even be identifying these companies as being distinct from the wholesaler, at least without a traceback request for an actual violation, where the investigation (that the wholesaler would likely be not only cooperative with but actively involved in) eventually revealed that all of the violations were originating from one particular customer of theirs.  But sans any violations to look into...how would they know?

In particular, when asking these questions, what I specifically have in mind are wholesalers not like VI/Sangoma et al., but more like e.g. https://atheral.com/, which carries traffic for a bunch of smaller regional ISPs that want to offer VoIP but don't want any of the headaches associated with doing so.  So most of them I presume literally own no infrastructure of their own...no softswitch, no SBC, no nothing.  They might be 499 filers, but that's likely the extent of their direct regulatory involvement.

I believe Daniel might be hanging around on this list, so perhaps he can shed some light on how they have been advised to approach this (whether they are signing all calls with their own SHAKEN cert/key, or whether they can host SHAKEN certs owned by their customers and sign the end-users of that customer's calls with that customer's own cert, or a mix of both).

-- Nathan

-----Original Message-----
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Mary Lou Carey via VoiceOps
Sent: Wednesday, July 12, 2023 1:29 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] Update on STIR/SHAKEN

I spoke with my FCC contact today and was told to read the last order 
issued in March so his response wasn't crystal clear. He said the FCC is 
still in the process of deciding which types of companies can sign with 
a third-party vendor's token and which ones can't.

I told him my concern is that the ITG is going to start blocking traffic 
in August and companies won't know that they aren't compliant because 
their wholesale provider told them they were fine. I specifically asked, 
"If the ITG decides a company should have had its own token, will you 
give them time to get one?" He said they have a process for handling 
these issues, but he didn't come out and say "Yes" so here's what I 
would suggest since the process can sometimes take longer than the 30 
days they give you to comply.


If you are using a third-party provider whose signing with their token. 
At least complete the preliminary steps to qualify for your own 
STIR/SHAKEN token. That way if they do come to you and tell you that you 
need to get it on a moment's notice, you won't be fighting the clock so 
much. The pre-requisites for filing with the STI-PA to become an 
approved carrier are:

1. Order your own OCN (aka company code from NECA) IPES is the correct 
type for all VOIP carriers
2. Have your 499 up to date and fees paid. If you've never filed a 499A 
yet, get your 499 filer ID and submit your first 499-A. (All carriers 
delivering long-distance traffic in the US should have already completed 
this step anyways).
3. Robocall Mitigation Plan filed.

There are multiple companies helping carriers get their STIR/SHAKEN 
certificate, so it doesn't matter if you use my services or anyone 
else's. I just want to make sure everyone is aware of what they need to 
do to make sure their traffic doesn't get blocked because thats a lot 
harder to fix than getting a certificate/token is!

MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

More information about the VoiceOps mailing list