[OpenSIPS-Users] SHAKEN/STIR
volga629 at networklab.ca
volga629 at networklab.ca
Tue Dec 3 08:39:30 EST 2019
Thank you reply, so any bad actor can't use as example with self sign
certificates ? So digital signature must be produced from well known
authorized CA certificate key pair ?
Can you point on one of the well know CA authority which authorized for
SHAKEN/STIR.
volga629
On Tue, Dec 3, 2019 at 06:56, Liviu Chircu <liviu at opensips.org> wrote:
> On 03.12.2019 03:59, volga629 via Users wrote:
>> If call from originator is being replaced by middle with same source
>> and destination and change Identity header with keys and
>> certificate location is possible that terminator will authorize it ?
> Hi Volga,
>
> Yes, it is perfectly possible to rebuild the Identity header and
> re-attribute the
> asserted source/destination to yourself. In order to do this, you
> only need to own
> an officially recognized STIR/SHAKEN X509 cert along with its
> private key, issued by
> a STIR/SHAKEN certification authority.
>
> So, while this is possible, I don't see why anyone in their right
> mind would do it.
> Doing so would jeopardize the image of the carrier, putting their
> business at risk.
> It's similar to how public IP routing in the internet works: any
> ISP could MITM any
> piece of traffic, yet none do. Or do they? :)
>
> Best regards,
>
> --
> Liviu Chircu
> OpenSIPS Developer
> http://www.opensips-solutions.com <http://www.opensips-solutions.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20191203/b036850e/attachment.html>
More information about the Users
mailing list