[VoiceOps] Voice Peering

Pinchas Neiman neimanpinchas at gmail.com
Wed Oct 25 12:53:56 EDT 2023


And a pool of peers trusting themselves, could establish a mutual database
where they could award or revoke trust to companies or CAs.

Then other peers could follow them read only.

On Wed, Oct 25, 2023 at 12:07 PM Matthew Crocker <matthew at corp.crocker.com>
wrote:

>
>
> I never said STIR/SHAKEN would be used to ‘look up’ for call routing.
>
>
>
> Earlier someone mentioned an issue with open peering is spam calls.
> STIR/SHAKEN can solve that issue.
>
> You can certainly use STIR/SHAKEN to reject calls from $COMPANY once you
> have determined you don’t like $COMPANY.  That can easily be done off line
> by CDR analysis.  Sure you let a couple dozen calls in but you can pretty
> quickly find ‘$BAD_COMPANY’ and start rejecting their calls.   The system
> would settle our fairly quickly
>
>
>
> *From: *Peter Beckman <beckman at angryox.com>
> *Date: *Wednesday, October 25, 2023 at 12:04 PM
> *To: *Matthew Crocker <matthew at corp.crocker.com>
> *Cc: *Pinchas Neiman <neimanpinchas at gmail.com>, Jawaid Bazyar <
> jawaid at bazyar.net>, voiceops <voiceops at voiceops.org>
> *Subject: *Re: [VoiceOps] Voice Peering
>
> CAUTION: This email originated from outside of Crocker. Do not click links
> or open attachments unless you recognize the sender and know the content is
> safe.
>
>
> STIR/SHAKEN does not delegate any authority to anyone.
>
> It merely allows me to sign a call that I originate, so that someone else
> can say "Oh this came from $COMPANY."
>
> Besides, STIR/SHAKEN is done at the time of an origination call, it cannot
> be "looked up" to see where to route a call.
>
> The suggestion that STIR/SHAKEN could be used to authoritatively assign a
> DID endpoint to someone demonstrates a lack of understanding in how it
> works and what it does and does not do.
>
> Beckman
>
> On Wed, 25 Oct 2023, Matthew Crocker via VoiceOps wrote:
>
> >
> > With STIR/SHAKEN (in theory) all calls will be signed, authenticated so
> you can trace the originating carrier.  In an open peering environment you
> can use it to accept/reject calls
> >
> > Open SIP proxy handles all of the SIP traffic,  RTP goes directly
> between carriers.
> > All calls originated must be signed (STIRred)
> >
> >  *   Call isn’t signed, gets rejected by the SIP peering proxy
> > Terminating carrier can validate the signed calls (SHAKEN)
> >
> >  *   Don’t like the signing CA?  reject the call
> >  *   Don’t like the signing carrier? Reject the call
> >  *   Carrier sending too many spam calls,  adjust treatment based on
> customer spam settings
> >
> >
> > Routing is handled between terminating carrier and SIP peering proxy.
> Originating carrier sends all calls to peering proxy first, if proxy
> doesn’t have the route it sends a 4XX error back and originating carrier
> can continue routing on other paths.
> >
> > So terminating carriers would need to export/upload (hacked BGP?)
> numbers they are willing to receive calls on to the peering proxy.
> >
> > Proxies can be spun up in various AWS/Azure/GoogleCloud VPS
> >
> >
> > From: Pinchas Neiman <neimanpinchas at gmail.com>
> > Date: Wednesday, October 25, 2023 at 11:18 AM
> > To: Jawaid Bazyar <jawaid at bazyar.net>
> > Cc: Matthew Crocker <matthew at corp.crocker.com>, voiceops <
> voiceops at voiceops.org>
> > Subject: Re: [VoiceOps] Voice Peering
> > CAUTION: This email originated from outside of Crocker. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
> >
> > By reading the RFCs I was able to grasp 75% of it, it's well written and
> covers your clear constraint, at least on how to verify the SIP header
> comes from a trustworthy authority (If you agree on the root authority)
> > Practically implementing STIR/SHAKEN has bureaucracy involved.
> >
> > On Tue, Oct 24, 2023 at 9:38 PM Jawaid Bazyar via VoiceOps <
> voiceops at voiceops.org<mailto:voiceops at voiceops.org>> wrote:
> > Is there a good clear document somewhere describing how STIR/SHAKEN is
> supposed to work?
> >
> > On Tue, Oct 24, 2023 at 9:33 PM Matthew Crocker via VoiceOps <
> voiceops at voiceops.org<mailto:voiceops at voiceops.org>> wrote:
> >
> >
> >> On Oct 24, 2023, at 9:13 PM, Peter Beckman via VoiceOps <
> voiceops at voiceops.org<mailto:voiceops at voiceops.org>> wrote:
> >>
> >> CAUTION: This email originated from outside of Crocker. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
> >>
> >>
> >> The challenge is how do you authenticate the end "carrier" or service
> >> provider?
> >>
> >
> > STIR/SHAKEN
> >
> >
> >> Sure, anyone who leases numbers directly from NANPA can look up the
> carrier
> >> of record and exchange traffic directly, but any business who also
> leases
> >> numbers INDIRECTLY gets cut out and still needs to pay their upstream
> >> carrier(s) to place/receive calls, either by channels or per minute,
> even
> >> if their upstream is directly peered and not transiting the PSTN at all.
> >>
> >> If this would be for the end user, then NANPA would have to delegate to
> the
> >> leasee, the leasee delegate to the reseller, the reseller to the end
> user,
> >> then the end user could publish their VoIP contact info, and anyone
> could
> >> call directly via VoIP, cutting out all of the middle peers.
> >>
> >> But, as another person said, this is ripe for abuse, and with no
> motivation
> >> by NANPA or the larger carriers to make calls less expensive for the
> >> reseller or end user, I see this going nowhere. Until there is some
> value
> >> in NANPA (plus all the other country telephony organizations) and the
> >> direct carriers leasing numbers to do so.
> >>
> >> Beckman
> >>
> >>> On Tue, 24 Oct 2023, Ross Tajvar via VoiceOps wrote:
> >>>
> >>> I can think of a few ways that could be adapted into a platform more
> like
> >>> an Internet exchange, but as others have said, it just doesn't seem
> worth
> >>> it.
> >>>
> >>> On Tue, Oct 24, 2023, 5:31 PM Jawaid Bazyar via VoiceOps <
> >>> voiceops at voiceops.org<mailto:voiceops at voiceops.org>> wrote:
> >>>
> >>>> I think schemes like DUNDI (and some of the others mentioned here)
> suffer
> >>>> from a trust issue – what’s to prevent operator X from poisoning the
> >>>> protocol with bogus “stolen” numbers?
> >>>>
> >>>>
> >>>>
> >>>> On Tue, Oct 24, 2023 at 5:25 PM Jared Smith via VoiceOps <
> >>>> voiceops at voiceops.org<mailto:voiceops at voiceops.org>> wrote:
> >>>>
> >>>>> On Tue, Oct 24, 2023 at 8:49 AM Mike Hammett via VoiceOps <
> >>>>> voiceops at voiceops.org<mailto:voiceops at voiceops.org>> wrote:
> >>>>>
> >>>>>> This was in another thread, but I broke it out into it's own
> >>>>>> conversation. Someone had asked:
> >>>>>>
> >>>>>> ---
> >>>>>> I am joining this thread late, but, would anyone out there be
> interested
> >>>>>> in exchanging traffic with other carriers directly over SIP?
> >>>>>>
> >>>>>
> >>>>> Just another point of VoIP history trivia at this point... but in
> >>>>> addition to things like ENUM and ITAD, Mark Spencer of Asterisk fame
> also
> >>>>> invented Dundi, which was an encrypted peer-to-peer protocol for
> route
> >>>>> advertisement and discovery.  As far as I know, very few people
> besides me
> >>>>> ever put it in production, but it worked really well at the time. (Of
> >>>>> course, it's been about 17 or 18 years now since I used it in
> production.)
> >>>>>
> >>>>> -Jared
> >>>>> _______________________________________________
> >>>>> VoiceOps mailing list
> >>>>> VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
> >>>>> https://puck.nether.net/mailman/listinfo/voiceops
> >>>>>
> >>>> _______________________________________________
> >>>> VoiceOps mailing list
> >>>> VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
> >>>> https://puck.nether.net/mailman/listinfo/voiceops
> >>>>
> >>>
> >>
> >>
> ---------------------------------------------------------------------------
> >> Peter Beckman                                                  Internet
> Guy
> >> beckman at angryox.com<mailto:beckman at angryox.com <beckman at angryox.com>>
> https://www.angryox.com/
> >>
> ---------------------------------------------------------------------------
> >> _______________________________________________
> >> VoiceOps mailing list
> >> VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
> >> https://puck.nether.net/mailman/listinfo/voiceops
> >> _______________________________________________
> >> VoiceOps mailing list
> >> VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
> >> https://puck.nether.net/mailman/listinfo/voiceops
> > _______________________________________________
> > VoiceOps mailing list
> > VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
> > https://puck.nether.net/mailman/listinfo/voiceops
> > _______________________________________________
> > VoiceOps mailing list
> > VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
> > https://puck.nether.net/mailman/listinfo/voiceops
> >
> >
> > --
> > Pinchas S. Neiman
> > Software Engineer At ESEQ Technology Corp.
> > 845.213.1229 #2
> > [Image removed by sender.]
> >
>
> ---------------------------------------------------------------------------
> Peter Beckman                                                  Internet Guy
> beckman at angryox.com
> https://www.angryox.com/
> ---------------------------------------------------------------------------
>


-- 
*Pinchas S. Neiman*
Software Engineer At ESEQ Technology Corp.
845.213.1229 #2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20231025/4e9b2eaa/attachment-0001.htm>


More information about the VoiceOps mailing list