Hello,
When verifying an incoming Stir-Shaken call, Asterisk gets a so-call payload field in Identity header.
This header includes an iat value that corresponds to a timestamp.
Can this value points to a time in the future (because of de-synchronized clocks) ?
I’ve seen max_iat_age setting in stir_shaken.conf.sample file.
Is there an Asterisk setting allowing sysadmin to specify that up a certain amount of seconds in the future, the iat is to be considered as valid ?
Best regards
No. The formula for determining if IAT is valid is simple…
if (iat + ctx->eprofile->vcfg_common.max_iat_age < now_s) {
SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_IAT_EXPIRED,
"%s: iat %ld older than %u seconds\n", ctx->tag,
iat, ctx->eprofile->vcfg_common.max_iat_age);
}
If the IAT > “now” it will always pass the check. Neither RFC8224 nor ATIS-1000074.v003 really specify whether an IAT in the future is an error or not. At least not that I can see.
Thank you very much for replying.
I was told here that local regulation required to reject calls with an iat set “over 60s in the future or over 60s in the past”. I’ll try to read confirmation in local documentation or technical standards.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.