Personally, I'm quite curious to know how the ITG would even be identifying these companies as being distinct from the wholesaler, at least without a traceback request for an actual violation, where the investigation (that the wholesaler would likely be not only cooperative with but actively involved in) eventually revealed that all of the violations were originating from one particular customer of theirs. But sans any violations to look into...how would they know? In particular, when asking these questions, what I specifically have in mind are wholesalers not like VI/Sangoma et al., but more like e.g. https://atheral.com/, which carries traffic for a bunch of smaller regional ISPs that want to offer VoIP but don't want any of the headaches associated with doing so. So most of them I presume literally own no infrastructure of their own...no softswitch, no SBC, no nothing. They might be 499 filers, but that's likely the extent of their direct regulatory involvement. I believe Daniel might be hanging around on this list, so perhaps he can shed some light on how they have been advised to approach this (whether they are signing all calls with their own SHAKEN cert/key, or whether they can host SHAKEN certs owned by their customers and sign the end-users of that customer's calls with that customer's own cert, or a mix of both). -- Nathan -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Mary Lou Carey via VoiceOps Sent: Wednesday, July 12, 2023 1:29 PM To: voiceops at voiceops.org Subject: [VoiceOps] Update on STIR/SHAKEN I spoke with my FCC contact today and was told to read the last order issued in March so his response wasn't crystal clear. He said the FCC is still in the process of deciding which types of companies can sign with a third-party vendor's token and which ones can't. I told him my concern is that the ITG is going to start blocking traffic in August and companies won't know that they aren't compliant because their wholesale provider told them they were fine. I specifically asked, "If the ITG decides a company should have had its own token, will you give them time to get one?" He said they have a process for handling these issues, but he didn't come out and say "Yes" so here's what I would suggest since the process can sometimes take longer than the 30 days they give you to comply. If you are using a third-party provider whose signing with their token. At least complete the preliminary steps to qualify for your own STIR/SHAKEN token. That way if they do come to you and tell you that you need to get it on a moment's notice, you won't be fighting the clock so much. The pre-requisites for filing with the STI-PA to become an approved carrier are: 1. Order your own OCN (aka company code from NECA) IPES is the correct type for all VOIP carriers 2. Have your 499 up to date and fees paid. If you've never filed a 499A yet, get your 499 filer ID and submit your first 499-A. (All carriers delivering long-distance traffic in the US should have already completed this step anyways). 3. Robocall Mitigation Plan filed. There are multiple companies helping carriers get their STIR/SHAKEN certificate, so it doesn't matter if you use my services or anyone else's. I just want to make sure everyone is aware of what they need to do to make sure their traffic doesn't get blocked because thats a lot harder to fix than getting a certificate/token is! MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops