asterisk icon indicating copy to clipboard operation
asterisk copied to clipboard

Published 20 hours ago verified publisher icon asterisk

[improvement]: Stir-Shaken: extend support to 'ppt=div' along to current 'ppt=shaken' in Identity header

Open oza4h07 opened this issue 6 months ago • 2 comments
trafficstars

Improvement Description

In some countries, latest Stir-Shaken regulation (see [1] §11) covers Call Forwarding. When Alice calls Bob and Bob forwards to Cory, the goal is to verify both Alice and Bob attested identities before handling the call to Cory.

This is done is with two Identity headers: one with ppt=shaken (for Alice), the other with ppt=div (for Bob) like this:

identity: ;info=;ppt=shaken;alg=< signing algorithm > identity: ;info=;ppt=div;alg=

The first Identity header is the exact copy of the Identity header found in the signaling of Alice to Bob call. Bob's ITSP should find a way to make this Identity header available to the system handling the forwarded call.

The second Identity header is built "as usual" except with a 'ppt=div' part instead of a 'ppt=shaken' one.

Spec doc says receiving system should be able to accept calls which have been forwarded up to 5 times (so exactly one ppt=shaken plus from 0 and up to 5 ppt=div).

With Dialplan's dialing handlers and PJSIP_HEADER, Asterisk has everything needed by a sysadmin, to append Identity headers copied from incoming call signaling. A specific mechanism may be designed but as some ITSP dedicate some boxes to inbound and some other to outbound calling, existing dialing handlers and PJSIP_HEADER seem fine, IMHO.

What seems to be missing though are the capabilities:

  • verify an inbound call that include a ppt=div section
  • attest an outbound call relying on ppt=div.

[1] https://www.fftelecoms.org/app/uploads/2024/09/FFT-SIP-interface-specification-V3.3-2024-07-26.pdf

oza4h07 avatar Apr 23 '25 14:04 oza4h07

IHMO, a variable like STIR_SHAKEN_CONTEXT, defaulting to shaken would be a convenient way to tell Asterisk how to attest the next outbound call same = n,Set(STIR_SHAKEN_CONTEXT=div) same = n,Dial(PSJIP/123456@foobar)

To make sure previous Identities are correctly inserted in the next outbound call, maybe another dedicated variable would make sense: same = n,Set(STIR_SHAKEN_PREVIOUS_IDENTITIES=foo;info=;ppt=shaken;alg=foo bar;info=;ppt=div;alg=bar) same = n,Set(STIR_SHAKEN_CONTEXT=div) same = n,Dial(PSJIP/123456@foobar)

oza4h07 avatar Apr 23 '25 14:04 oza4h07

RFC8946 (https://datatracker.ietf.org/doc/rfc8946/) introduced 'div'

oza4h07 avatar Apr 28 '25 10:04 oza4h07

Any comment on this improvement ? Are we aware of countries, beside France, requiring this 'div' value ?

oza4h07 avatar Sep 30 '25 09:09 oza4h07

If you mean if there's any update on this, there isn't any. As for other countries - so far you are the only individual to raise this. It has not shown up otherwise.

jcolp avatar Sep 30 '25 09:09 jcolp

I lately discovered RFC8816 (STIR Out of Band) that better uses cases I had in mind.

oza4h07 avatar Oct 03 '25 15:10 oza4h07