
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Thank you Glen and Paul, much appreciated! </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 2, 2020 at 5:19 PM Glen Gerhard <<a href="mailto:glen@cognexus.net">glen@cognexus.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

  
  <div>

    <font size="+1">Sounds like a good plan to me. It might help to

      figure out a few test call paths to verify the verstats directly.<br>

      <br>

      IMHO much of the S/S technology will be overshadowed by the

      analytics providers in terms of call presentation/blocking. <br>

      <br>

      That said, S/S will be helpful to law agencies in tracking

      malicious intent groups. This alone makes it worth the effort. A

      lot of the work /benefit takes place at the vetting of corporate

      ownership. S/S also provides Rich Call Data which replaces the

      pathetic CNAM.<br>

      <br>

      The Delegated Certs extension will help with the call center

      attestations but is still a ways off. Then you need your SBCs and

      PBXs to support it.<br>

      <br>

      SIPNOC is next week and it's usually helpful.<br>

      <a href="https://www.sipforum.org/news-events/sipnoc-2020-overview/#topics" target="_blank">https://www.sipforum.org/news-events/sipnoc-2020-overview/#topics</a><br>

      <br>

      <br>

      ~Glen<br>

    </font><br>

    <div>On 12/2/2020 1:49 PM, Patrick Labbett

      wrote:<br>

    </div>

    <blockquote type="cite">

      
      <div dir="ltr">

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hello, I'm

          looking for guidance/feedback on the impact of STIR/SHAKEN on

          the call center and answering service industries. Very few are

          interconnected VoIP service providers themselves. </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br>

        </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Specifically,

          customers of these industries often desire the call center

          utilize their company phone number when contacting their

          employees or customers for an improved end-user experience. </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br>

        </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif">The worry is

          that STIR/SHAKEN will be implemented in a way that causes

          these "spoofed" calls (that have legitimate

          business relationships in place) to be marked as such or

          eventually blocked as STIR/SHAKEN tightens it's grip on

          malicious intent. </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br>

        </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Here is my

          understanding of the situation: As a customer of an

          Originating carrier, the Call Center's outbound calls will be

          signed by their Originating carrier's STIR/SHAKEN certificate

          - so as long as the SIP Identity header isn't modified in

          transit and the certificate is validated on the Terminating

          side, everything should continue to work normally for us as

          end users. So this is largely the carrier's problem, and not

          the call centers.</div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br>

        </div>

        <div class="gmail_default" style="font-family:arial,helvetica,sans-serif">However, it's

          not clear (to me) how the Attestation aspect of things will

          work (and if it even effects the typical customer): </div>

        <div class="gmail_default">

          <ul>

            <li style="font-family:arial,helvetica,sans-serif">Does just

              being a customer of the Originating Carrier give the Call

              Center's calls Full Attestation?</li>

            <li style="font-family:arial,helvetica,sans-serif">As a call

              center, if spoofing a number not owned/in inventory, would

              that be Partial Attestation?</li>

            <li style="font-family:arial,helvetica,sans-serif">Does the

              owner/location of the spoofed number matter, i.e. :</li>

            <ul style="font-family:arial,helvetica,sans-serif">

              <li>Partial Attestation: Number owned by Originating

                carrier, but not by customer making call</li>

              <li>Gateway Attestation: Number not owned by Originating

                carrier (and by extension not owned by customer making

                the call)</li>

            </ul>

            <li><font face="arial, helvetica, sans-serif">Will

                different Terminating carriers treat Attestation

                designations differently?</font></li>

            <li>Is this largely a framework that carriers will

              implement some day in the future?</li>

          </ul>

          <div style="font-family:arial,helvetica,sans-serif">Am I way

            overthinking this? (Yes.) </div>

          <div style="font-family:arial,helvetica,sans-serif"><br>

          </div>

          <div style="font-family:arial,helvetica,sans-serif">Thank you

            in advance for any perspective you can offer, or resources

            you can direct me to. </div>

          <div style="font-family:arial,helvetica,sans-serif"><br>

          </div>

          <div style="font-family:arial,helvetica,sans-serif">My

            personal plan of attack for call centers:</div>

          <div style="font-family:arial,helvetica,sans-serif">

            <ul>

              <li>Document permission and business use case for numbers

                spoofed on behalf of customers</li>

              <li>That's it - that's the whole plan. </li>

              <li>????</li>

            </ul>

            <div>Aside from making sure my carriers know I exist and

              that I have permission to use those numbers, what else is

              there?</div>

            <div><br>

            </div>

          </div>

          <div style="font-family:arial,helvetica,sans-serif">-Patrick

            Labbett</div>

        </div>

      </div>

      <br>

      <fieldset></fieldset>

      <pre>_______________________________________________

VoiceOps mailing list

<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a>

<a href="https://puck.nether.net/mailman/listinfo/voiceops" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a>

</pre>

    </blockquote>

    <br>

    <pre cols="72">-- 

Glen Gerhard

<a href="mailto:glen@cognexus.net" target="_blank">glen@cognexus.net</a>

858.324.4536


Cognexus, LLC

7891 Avenida Kirjah

San Diego, CA 92037</pre>

  </div>


_______________________________________________<br>

VoiceOps mailing list<br>

<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>

<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>

</blockquote></div>