[OpenSIPS-Users] SHAKEN/STIR
Liviu Chircu
liviu at opensips.org
Mon Dec 2 23:56:08 EST 2019
On 03.12.2019 03:59, volga629 via Users wrote:
> If call from originator is being replaced by middle with same source
> and destination and change Identity header with keys and certificate
> location is possible that terminator will authorize it ?
Hi Volga,
Yes, it is perfectly possible to rebuild the Identity header and
re-attribute the
asserted source/destination to yourself. In order to do this, you only
need to own
an officially recognized STIR/SHAKEN X509 cert along with its private
key, issued by
a STIR/SHAKEN certification authority.
So, while this is possible, I don't see why anyone in their right mind
would do it.
Doing so would jeopardize the image of the carrier, putting their
business at risk.
It's similar to how public IP routing in the internet works: any ISP
could MITM any
piece of traffic, yet none do. Or do they? :)
Best regards,
--
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20191203/c20acf6b/attachment.html>
More information about the Users
mailing list