How to disable Stir/Shaken data for international calls?

Asterisk Asterisk Support
1

Hello,

As currently, it seems Stir/Shaken headers are only needed on domestic calls, how can you control the presence of Stir/Shaken headers when you have a single trunk for both domestic and international calls ?

Maybe, a dedicated CHANNEL variable could help.

Cheers

2

Interesting. I hadn’t thought of this. We could enhance the STIR_SHAKEN dialplan function to disable attestation on a call-by-call basis. We could also add a pattern to be added to a profile that only allows attestation for destinations that match the pattern.

Can you open an issue at Issues · asterisk/asterisk · GitHub for this and I’ll take a look.

3

Something like this would perfectly match my use case (disabling attestation for an international call).
same = n,Set(STIR_SHAKEN(attestation)=off)

I’ll open an issue as requested.

4

Thinking back about this, I think adding a pattern only allows attestation for destinations that match the pattern would perfectly match our needs, as IMHO, ITSP are only required to comply to Stir/Shaken for domestic calls and editing once for all, a pattern defining all domestic numbers seems simple.

See issue #791 on Github.

With North American Numbering Plan including several countries, how is Stir/Shaken currently handled for non-domestic calls ?
Are Stir/Shaken headers added or removed by ITSP when crossing the boundaries ?

5

I would imagine more and more countries will enter the STIR world. My impression is that the UK is only holding off because of not wanting to implemetn SHAKEN, when the circuit switched network is about to be retired.

Whilst I haven’t looked into the innards of the protocol, I would expect them to be forwarded intact by proxies, and I can’t think why they would be handled differently by back to back user agents. To be honest, I don’t really understand the problem underlying this whole thread.

Having had a quick skim of the first RFC, the only reason I can think of for stripping them, is if the receiving country has very strict privacy laws. In the email world that would be equivalent to saying all Received: headers must be stripped before sending to that country. In practice, any such enforcement would be done by the receiving gateway, in that country.

6

@david551
The problem underlying this whole thread is that, at the moment, with Asterisk, through a given PJSIP trunk, either all your outbound calls or none of them bear an Identity header.

If you’re an ITSP equipped with Asterisk, you need at least two outbound SIP trunks:

  1. one for Stir/Shaken calls (in case your own country requires Stir/Shaken),
  2. one for non-Stir/Shaken traffic as even if destination country requires some sort of Stir/Shaken metadata and if my understanding is correct, the destination ITSP may cut your call because he can’t verify it without the certs and tools from the origination country.

The issues I see with Stir/Shaken metadata addition are:

  1. technical as that Identity header can be very long, it can introduce fragmentation
  2. organizational as you can’t really prepare to it until everybody enforce Stir/Shaken and cut non-compliant calls.

I would be very curious to read about experience in USA-Canada telephony as Stir/Shaken seems required in both countries.

7

hmm if I was you ISP, I would require that you have Stir/Shaken on all calls
and if you call a destintion where the they do not allow it, I would remove it
but I would require that you always have it

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.