<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03.12.2019 15:39, volga629 via Users
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1575380370.3324485.1@skillsearch.ca">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<div id="geary-body" dir="auto">
<div>Thank you reply, so any bad actor can't use as example with
self sign certificates ? So digital signature must be
produced from well known authorized CA certificate key pair ?</div>
</div>
</blockquote>
<tt>Correct. The bad actor's self-signed X509 STIR/SHAKEN
certificate can be easily</tt><tt><br>
distinguished from an officially recognized one (exactly like
HTTPS certs).</tt>
<blockquote type="cite"
cite="mid:1575380370.3324485.1@skillsearch.ca">
<div id="geary-body" dir="auto">
<div><br>
</div>
<div>Can you point on one of the well know CA authority which
authorized for SHAKEN/STIR.</div>
<div><br>
</div>
<div>volga629 <br>
</div>
</div>
</blockquote>
<tt>The last known info I have is this [1] "call for certification
authorities", back in</tt><tt><br>
</tt><tt>July. I'm not sure whether the deadline is over, or if any
CAs have started popping up,</tt><tt><br>
</tt><tt>but from what I just searched, things haven't progressed
much.</tt>
<p><tt>Regards,</tt><br>
</p>
<p><tt>[1]: </tt><tt><a
href="https://sites.atis.org/insights/sti-ga-call-for-certificate-authorities/">https://sites.atis.org/insights/sti-ga-call-for-certificate-authorities/</a><br>
</tt></p>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
</body>
</html>