<div dir="ltr">I spoke with NECA on the phone today and they confirmed IPES OCN can be issued with only the documents I quoted from their website. They said some VoIP companies who don't have their own numbering resources still get an OCN because the partners they are connected to want them to have one. I'm hoping this might be a solution for wholesale providers and international gateways who want to sign calls at Attestation Level B or C. Certificate Delegation doesn't address this.<div><br></div><div>Full Attestation (A) — The service provider has authenticated the calling party and they are authorized to use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.<br>Partial Attestation (B) — The service provider has authenticated the call origination, but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.<br>Gateway Attestation (C) — The service provider has authenticated from where it received the call, but cannot authenticate the call source. An example of this case would be a call received from an international gateway.<br></div><div><a href="https://transnexus.com/whitepapers/understanding-stir-shaken/">https://transnexus.com/whitepapers/understanding-stir-shaken/</a> <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 21, 2019 at 7:57 AM Mary Lou Carey <<a href="mailto:marylou@backuptelecom.com">marylou@backuptelecom.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">My understanding is that the only VOIP carriers that can get an IPES OCN <br>
are Interconnected VOIP carriers. You have to get a certification from <br>
the FCC to become an Interconnected VOIP carrier because the <br>
Interconnected VOIP status allows you to order and manager your own <br>
NXXs.<br>
<br>
The main network difference between a CLEC and an Interconnected VOIP <br>
carrier is that the CLEC has a direct connection to the PSTN via their <br>
own SS7 links and direct trunks to the ILEC. The Interconnected VOIP <br>
carrier gets their connection to the PSTN through a third party carrier <br>
that manages the SS7 links and direct trunks to the ILEC.<br>
<br>
MARY LOU CAREY<br>
BackUP Telecom Consulting<br>
Office: 615-791-9969<br>
Cell: 615-796-1111<br>
<br>
On 2019-08-20 07:51 PM, Calvin Ellison wrote:<br>
> Glen,<br>
> <br>
> What are we to do for our clients who have DID/TFN from 3rd paries? We<br>
> won't have any relationship with their DID provider to request a<br>
> delegated certificate, and wouldn't have one of our own to sign those<br>
> calls, even as Attestation level B or C. Does the client need to<br>
> request a delegated cert and provide it to each termination carrier<br>
> they want to use?<br>
> <br>
> I had a call with Bandwidth today was told the delegated certificates<br>
> would need to contain (or refer via URL) a list of which numbers are<br>
> permitted to be signed by that cert. I hope they've considered the<br>
> potential information leak here and use hashes of the permitted<br>
> numbers, not the numbers in cleartext.<br>
> <br>
> For what it's worth, I received confirmation from NECA that an IPES<br>
> OCN can be issued without an FCC waiver. This would at least let us<br>
> sign with level B or C.<br>
> <br>
> Query to NECA and their reply:<br>
> <br>
> Assuming I will need an OCN, I have been told that VoIP carriers that<br>
> are not certified by<br>
> the FCC as Interconnected VoIP carriers cannot be assigned an OCN.<br>
> This doesn't jive with the lingo on your website:<br>
> <br>
>> IPES service: Proof of service and customers, e.g., interconnection<br>
>> agreement (or evidence of an interconnection order pursuant to an<br>
>> approved tariff) and contractual agreements with end-user customers.<br>
>> Or, regulatory administration approval, if applicable.<br>
> <br>
> We definitely have contracted customers and definitely have<br>
> interconnections with DID/TFN origination carriers and termination<br>
> carriers. If we have no intention to obtain numbering resources<br>
> directly, can we still obtain an OCN?<br>
> <br>
> YES, YOU CAN STILL OBTAIN AN OCN.<br>
> <br>
> Regards,<br>
> <br>
> CALVIN ELLISON<br>
> Senior Voice Operations Engineer<br>
> <a href="mailto:calvin.ellison@voxox.com" target="_blank">calvin.ellison@voxox.com</a><br>
> +1 (213) 285-0555<br>
> <br>
> -----------------------------------------------<br>
> <a href="http://VOXOX.COM" rel="noreferrer" target="_blank">VOXOX.COM</a> [2]<br>
> 5825 Oberlin Drive, Suite 5<br>
> San Diego, CA 92121<br>
> <br>
> On Tue, Aug 20, 2019 at 9:17 AM Glen Gerhard <<a href="mailto:glen@cognexus.net" target="_blank">glen@cognexus.net</a>><br>
> wrote:<br>
> <br>
>> Yes, I believe that is the case today. In the new "delegated<br>
>> certificate" model the VoIP provider (or CPaaS provider) will be<br>
>> provided a certificate from the OCN that is used for the ANI. This<br>
>> delegated certificate will give the downstream carriers A level<br>
>> Attestation for the calls regardless of where the outbound calls are<br>
>> originated.<br>
>> <br>
>> Ultimately it is the originating Enterprise that needs to be<br>
>> traceable from the terminating carrier. Once this relationship chain<br>
>> has been vetted the certificates can be delegated and used at call<br>
>> set up time. NetNumber has a service for brokering the Certificates<br>
>> but the spec is not fully adopted to my knowledge.<br>
>> <br>
>> Another proposal at ATIS is to have the sending CNAM (and expanded<br>
>> eCNAM) validated with a similar vetted relationship and certificate<br>
>> chain. Ultimately this may be more useful for both the Enterprise<br>
>> and the Callee than just the ANI.<br>
>> <br>
>> ~Glen<br>
>> <br>
>> On 8/16/2019 11:40, Mary Lou Carey wrote:<br>
>> So it sounds to me like you just have to be a certified carrier to<br>
>> get a STIR/SHAKEN certificate. That means either a CLEC, Wireless,<br>
>> or Interconnected VOIP Carrier. The VOIP carriers that are not<br>
>> certified by the FCC as Interconnected VOIP carriers cannot be<br>
>> assigned an OCN.<br>
>> <br>
>> MARY LOU CAREY<br>
>> BackUP Telecom Consulting<br>
>> Office: 615-791-9969<br>
>> Cell: 615-796-1111<br>
>> <br>
>> On 2019-08-16 01:32 PM, Calvin Ellison wrote:<br>
>> As explained to me by TransNexus, the Certificate Authorities will<br>
>> most likely require an OCN. VoIP carriers with their own numbering<br>
>> resources already have their IPES category OCN. It's also possible<br>
>> they might only require a SPID.<br>
>> <br>
>> Regards,<br>
>> <br>
>> CALVIN ELLISON<br>
>> Senior Voice Operations Engineer<br>
>> <a href="mailto:calvin.ellison@voxox.com" target="_blank">calvin.ellison@voxox.com</a><br>
>> +1 (213) 285-0555<br>
>> <br>
>> -----------------------------------------------<br>
>> <a href="http://VOXOX.COM" rel="noreferrer" target="_blank">VOXOX.COM</a> [1] [1]<br>
>> 5825 Oberlin Drive, Suite 5<br>
>> San Diego, CA 92121<br>
>> <br>
>> On Fri, Aug 16, 2019 at 8:02 AM Dovid Bender <<a href="mailto:dovid@telecurve.com" target="_blank">dovid@telecurve.com</a>><br>
>> wrote:<br>
>> <br>
>> Alex,<br>
>> <br>
>> You would think so. From what I understand you will need to be a LEC<br>
>> <br>
>> to get a cert.<br>
>> <br>
>> On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov<br>
>> <<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>> wrote:<br>
>> <br>
>> If non-LEC VoIP providers can direct own numbering resources now,<br>
>> it follows that they should be able to partake of STIR/SHAKEN.<br>
>> <br>
>> —<br>
>> Sent from mobile, with due apologies for brevity and errors.<br>
>> <br>
>> On Aug 16, 2019, at 9:16 AM, Dovid Bender <<a href="mailto:dovid@telecurve.com" target="_blank">dovid@telecurve.com</a>><br>
>> wrote:<br>
>> <br>
>> As I understand it if one wants to get a cert for STIR shaken<br>
>> you need to become a CLEC. Anyone have a how to/contacts for<br>
>> companies that make this effortless and easy?<br>
>> <br>
>> _______________________________________________<br>
>> VoiceOps mailing list<br>
>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
>> _______________________________________________<br>
>> VoiceOps mailing list<br>
>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
> _______________________________________________<br>
> VoiceOps mailing list<br>
> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
> <br>
> Links:<br>
> ------<br>
> [1] <a href="http://www.voxox.com/" rel="noreferrer" target="_blank">http://www.voxox.com/</a><br>
> _______________________________________________<br>
> VoiceOps mailing list<br>
> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
> _______________________________________________<br>
> VoiceOps mailing list<br>
> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
> <br>
> --<br>
> Glen Gerhard<br>
> <a href="mailto:glen@cognexus.net" target="_blank">glen@cognexus.net</a><br>
> 858.324.4536<br>
> <br>
> Cognexus, LLC<br>
> 7891 Avenida Kirjah<br>
> San Diego, CA 92037<br>
> <br>
> _______________________________________________<br>
> VoiceOps mailing list<br>
> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
> <br>
> <br>
> Links:<br>
> ------<br>
> [1] <a href="http://VOXOX.COM" rel="noreferrer" target="_blank">http://VOXOX.COM</a><br>
> [2] <a href="http://www.voxox.com/" rel="noreferrer" target="_blank">http://www.voxox.com/</a><br>
> _______________________________________________<br>
> VoiceOps mailing list<br>
> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
</blockquote></div>