SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

• Previous message (by thread): SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
• Next message (by thread): SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Jul 2019, Keith Medcalf wrote:

> The solution is to disallow spoofing.  If the "pretty overlay
> information" does not equal the "billing information" then do not permit
> the call to be made.  Easy Peasy.

This assumes that all calls from a phone number originate from the carrier
of record for that phone number.

This assumption is false.

For calls made by Verizon Wireless customers that originate FROM Verizon
Wireless's network, STIR/SHAKEN will enable Verizon to tag the call with a
crypto sig that we can all verify came from Verizon, thus increasing the
trust that the call originated from Verizon Wireless.

However, Verizon not-Wireless also does other telephony business, such as
termination. Verizon not-Wireless customers can and likely do terminate
calls to them with CallerID of phone numbers that may or may not be
registered with Level3, Onvoy, Bandwidth or another carrier. However
Verizon not-Wireless has NO IDEA if their customer truly owns/leases the
value in the CallerID field from another carrier. Thus Verizon not-Wireless
may sign the terminating call using STIR/SHAKEN but have *NO IDEA* if their
termination customer actually owns/leases/controls the CallerID value.

And the absence of a STIR/SHAKEN header also means nothing. While we do LRN
lookups for calls, we do not currently use that information to ensure that
the originating party owns/leases that number legitimately.

As a Tier 2 or 3 carrier, our carrier does not publish anywhere that we
lease numbers from them, and our customers are not required to terminate
calls using their phone numbers as CallerID with other carriers.

The presence of STIR/SHAKEN increases the trust in the CallerID value ONLY
when the phone number owner of record in the LNP database matches the
signor of the call.

The absence of STIR/SHAKEN is where we are already today. And small
carriers can implement STIR/SHAKEN without concern for whether or not the
CallerID value is their phone number or not.

Though if the bad-actor does sign the call, I can distrust or block all of
the bad-actor's calls. At least until they stop signing the calls, or they
start a new contract with a new cert leaving all of us to play whack-a-mole
some more, as we do now.

DKIM-signed and SPF approved for all the good it will do,

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------

• Previous message (by thread): SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
• Next message (by thread): SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]