<div id="geary-body" dir="auto"><div>Good Luck, very important mission.</div><div>You might willing bring to the table some improvement for the effort to provide better availability for CA list and peer verification process. </div><div>If SIPNOC willing to organize web service where all involved parties will be able to register and go through verify process as trusted telco or voip provider.</div><div>And then expose API from telcos or voip providers end points only ( must have fixed end point ip) to get verification information for CA list or peer information. </div><div>That will have minimal impact on on application layer and will provide true trusted source of verification process.</div><div><br></div><div><pre style="box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 12px; color: rgb(36, 41, 46); font-variant-ligatures: normal; orphans: 2; widows: 2;">1.3.3. ca_list (string)
Path to a file containing trusted CA certificates for the
verifier. The certificates must be in PEM format, one after
another.
Example 1.3. Set ca_list parameter
...
modparam("stir_shaken", "ca_list", "/stir_certs/ca_list.pem")
...</pre><pre style="box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 12px; color: rgb(36, 41, 46); font-variant-ligatures: normal; orphans: 2; widows: 2;"><br></pre><pre style="box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 12px; color: rgb(36, 41, 46); font-variant-ligatures: normal; orphans: 2; widows: 2;"><br></pre><pre style="box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 12px; color: rgb(36, 41, 46); font-variant-ligatures: normal; orphans: 2; widows: 2;">volga629</pre></div><div><br></div><div> </div></div><div id="geary-quote" dir="auto"><br>On Tue, Nov 26, 2019 at 14:31, Bogdan-Andrei Iancu <bogdan@opensips.org> wrote:<br><blockquote type="cite">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<span><span id="ember1176" class="ember-view"><span>Hi All<br>
<br>
On 5th of December, I will talk at</span></span></span><span><span id="ember1176" class="ember-view"><a data-control-name="hashtag" target="_self" href="https://www.linkedin.com/feed/hashtag/?highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6605066211233460224&keywords=%23sipnoc2019&originTrackingId=7AFxItq%2BFji6frtUIfI3qg%3D%3D" id="ember1179" class="hashtag-link ember-view"><span dir="ltr" id="ember1180" class="hashtag-a11y ember-view"><span></span></span></a><span>
SIPNOC 2019 [1] about the new STIR/SHAKEN </span></span></span><span><span id="ember1176" class="ember-view"><span>implementation [2] in
OpenSIPS 3.1</span></span></span><span><span id="ember1192" class="ember-view"><span>, about the usage models and the
associated risks.<br>
<br>
</span></span></span><br>
<span><span id="ember1192" class="ember-view"><span><span><span id="ember1192" class="ember-view"><span>[1]
<a class="moz-txt-link-freetext" href="https://www.sipforum.org/news-events/sipnoc-2019-overview/">https://www.sipforum.org/news-events/sipnoc-2019-overview/</a><br>
[2]
<a class="moz-txt-link-freetext" href="https://github.com/OpenSIPS/opensips/tree/master/modules/stir_shaken">https://github.com/OpenSIPS/opensips/tree/master/modules/stir_shaken</a><br>
<br>
</span></span></span><br>
10:45am – 11:15am: The Usage Models and Risks of STIR/SHAKEN,
Seen from the Pragmatism of an Implementation.<br>
</span></span></span><br>
<span><span id="ember1192" class="ember-view"><span>Abstracts:
<br>
There are many things still to be defined and settled in
STIR/SHAKEN from the regulatory perspective. Nevertheless,
this presentation wants to bring this topic under scrutiny
from the point of view of an implementation in the OpenSIPS
SIP Server. So, what are the possible STIR/SHAKEN usage
scenarios from the perspective of how the SIP traffic is
handled and, more important, how the certificates are managed.
While a SIP server may cover the full horizontal of
authorization, inspection and verification processes, it is
more relevant to see what are the possible models when comes
to certificate managing. And definitely there is a need for
coexistence between a certificate-agnostic model and a
certificate self-managing model, in order to answer to future
standardization and usage challenges. ITSP, Telcos and Carries
are to deploy and use STIR/SHAKEN implementations in the real
word, so are they fully aware of the security and performance
risks introduced by such a service? Well, the exercise of
producing such a STIR/SHAKEN implementation is a good way to
answer these questions and get yourselves ready.
<br>
<br>
<br>
See you in Washington! <br>
</span></span></span>
<pre class="moz-signature" cols="72">--
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Bootcamp Pre-Registration
<a class="moz-txt-link-freetext" href="https://opensips.org/training/OpenSIPS_Bootcamp/">https://opensips.org/training/OpenSIPS_Bootcamp/</a>
</pre>
</blockquote></div>