<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<div class="moz-cite-prefix">On 03.12.2019 03:59, volga629 via Users
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1575338355.3038.7@skillsearch.ca">
<div id="geary-body" dir="auto">
<div><span style="font-variant-ligatures: normal; orphans: 2;
widows: 2;"><span style="font-variant-ligatures: normal;
background-color: rgb(255, 255, 255);">If call from
originator is being replaced by middle with same source
and destination and change Identity header with keys and
certificate location is possible that terminator will
authorize it ?</span></span></div>
</div>
</blockquote>
<p><tt>Hi Volga,</tt></p>
<p><tt>Yes, it is perfectly possible to rebuild the Identity header
and re-attribute the<br>
asserted source/destination to yourself. In order to do this,
you only need to own<br>
an officially recognized STIR/SHAKEN X509 cert along with its
private key, issued by<br>
a STIR/SHAKEN certification authority.</tt></p>
<p><tt>So, while this is possible, I don't see why anyone in their
right mind would do it.<br>
Doing so would jeopardize the image of the carrier, putting
their business at risk.<br>
It's similar to how public IP routing in the internet works:
any ISP could MITM any<br>
piece of traffic, yet none do. Or do they? :)</tt></p>
<p><tt>Best regards,<br>
</tt></p>
<pre class="moz-signature" cols="72">--
Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
</body>
</html>