SITR/SHAKEN implementation in effect today (June 30 2021)
Michael Thomas
mike at mtcc.com
Wed Jun 30 18:56:00 UTC 2021
On 6/30/21 11:30 AM, Sean Donelan wrote:
>
> STIR/SHAKEN Broadly Implemented Starting Today
> https://www.fcc.gov/document/stirshaken-broadly-implemented-starting-today
>
>
> WASHINGTON, June 30, 2021—FCC Acting Chairwoman Jessica Rosenworcel today
> announced that the largest voice service providers are now using
> STIR/SHAKEN caller ID authentication standards in their IP networks,
> in accordance with the deadline set by the FCC. This widespread
> implementation helps protect consumers against malicious spoofed
> robocalls and helps law enforcement track bad actors. The STIR/SHAKEN
> standards serve as a common digital language used by phone networks,
> allowing valid information to pass from provider to provider which,
> among other things, informs blocking tools of possible suspicious calls.
Just because you can know (fsvo "know") that a call is allowed to assert
a number doesn't change anything unless other actions are taken. With
DKIM which is far simpler than STIR it would require reputation systems
that don't seem to have been deployed, submission auth which thankfully
was deployed, policy enforcement (ie ADSP) which is not deployed, and
user indicators which are sporadically deployed.
Given the giant security holes caused by solving the wrong problem (ie
trying to authenticate the e.164 address rather than the originating
domain) it's just going to push spammers to exploit those holes. It's
very much to be seen whether victory can be declared, IMO.
Mike
More information about the NANOG
mailing list