As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN. ? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> wrote:
As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Alex, You would think so. From what I understand you will need to be a LEC to get a cert. On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov <abalashov at evaristesys.com> wrote:
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN.
? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> wrote:
As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
As explained to me by TransNexus, the Certificate Authorities will most likely require an OCN. VoIP carriers with their own numbering resources already have their IPES category OCN. It's also possible they might only require a SPID. Regards, *Calvin Ellison* Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555 ----------------------------------------------- *voxox.com <http://www.voxox.com/> * 5825 Oberlin Drive, Suite 5 San Diego, CA 92121 [image: Voxox] On Fri, Aug 16, 2019 at 8:02 AM Dovid Bender <dovid at telecurve.com> wrote:
Alex,
You would think so. From what I understand you will need to be a LEC to get a cert.
On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov <abalashov at evaristesys.com> wrote:
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN.
? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> wrote:
As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
So it sounds to me like you just have to be a certified carrier to get a STIR/SHAKEN certificate. That means either a CLEC, Wireless, or Interconnected VOIP Carrier. The VOIP carriers that are not certified by the FCC as Interconnected VOIP carriers cannot be assigned an OCN. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2019-08-16 01:32 PM, Calvin Ellison wrote:
As explained to me by TransNexus, the Certificate Authorities will most likely require an OCN. VoIP carriers with their own numbering resources already have their IPES category OCN. It's also possible they might only require a SPID.
Regards,
CALVIN ELLISON Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555
----------------------------------------------- VOXOX.COM [1] 5825 Oberlin Drive, Suite 5 San Diego, CA 92121
On Fri, Aug 16, 2019 at 8:02 AM Dovid Bender <dovid at telecurve.com> wrote:
Alex,
You would think so. From what I understand you will need to be a LEC to get a cert.
On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov <abalashov at evaristesys.com> wrote:
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN.
? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> wrote:
As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Links: ------ [1] http://www.voxox.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
An HTML attachment was scrubbed... URL: <https://puck.nether.net/pipermail/voiceops/attachments/20190820/0da1de43/att...>
Glen, What are we to do for our clients who have DID/TFN from 3rd paries? We won't have any relationship with their DID provider to request a delegated certificate, and wouldn't have one of our own to sign those calls, even as Attestation level B or C. Does the client need to request a delegated cert and provide it to each termination carrier they want to use? I had a call with Bandwidth today was told the delegated certificates would need to contain (or refer via URL) a list of which numbers are permitted to be signed by that cert. I hope they've considered the potential information leak here and use hashes of the permitted numbers, not the numbers in cleartext. For what it's worth, I received confirmation from NECA that an IPES OCN can be issued without an FCC waiver. This would at least let us sign with level B or C. Query to NECA and their reply: Assuming I will need an OCN, I have been told that VoIP carriers that are not certified by the FCC as Interconnected VoIP carriers cannot be assigned an OCN. This doesn't jive with the lingo on your website: IPES service: Proof of service and customers, e.g., interconnection agreement (or evidence of an interconnection order pursuant to an approved tariff) and contractual agreements with end-user customers. Or, regulatory administration approval, if applicable. We definitely have contracted customers and definitely have interconnections with DID/TFN origination carriers and termination carriers. If we have no intention to obtain numbering resources directly, can we still obtain an OCN? *Yes, you can still obtain an OCN.* Regards, *Calvin Ellison* Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555 ----------------------------------------------- *voxox.com <http://www.voxox.com/> * 5825 Oberlin Drive, Suite 5 San Diego, CA 92121 [image: Voxox] On Tue, Aug 20, 2019 at 9:17 AM Glen Gerhard <glen at cognexus.net> wrote:
Yes, I believe that is the case today. In the new "delegated certificate" model the VoIP provider (or CPaaS provider) will be provided a certificate from the OCN that is used for the ANI. This delegated certificate will give the downstream carriers A level Attestation for the calls regardless of where the outbound calls are originated.
Ultimately it is the originating Enterprise that needs to be traceable from the terminating carrier. Once this relationship chain has been vetted the certificates can be delegated and used at call set up time. NetNumber has a service for brokering the Certificates but the spec is not fully adopted to my knowledge.
Another proposal at ATIS is to have the sending CNAM (and expanded eCNAM) validated with a similar vetted relationship and certificate chain. Ultimately this may be more useful for both the Enterprise and the Callee than just the ANI.
~Glen
On 8/16/2019 11:40, Mary Lou Carey wrote:
So it sounds to me like you just have to be a certified carrier to get a STIR/SHAKEN certificate. That means either a CLEC, Wireless, or Interconnected VOIP Carrier. The VOIP carriers that are not certified by the FCC as Interconnected VOIP carriers cannot be assigned an OCN.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2019-08-16 01:32 PM, Calvin Ellison wrote:
As explained to me by TransNexus, the Certificate Authorities will most likely require an OCN. VoIP carriers with their own numbering resources already have their IPES category OCN. It's also possible they might only require a SPID.
Regards,
CALVIN ELLISON Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555
----------------------------------------------- VOXOX.COM [1] 5825 Oberlin Drive, Suite 5 San Diego, CA 92121
On Fri, Aug 16, 2019 at 8:02 AM Dovid Bender <dovid at telecurve.com> <dovid at telecurve.com> wrote:
Alex,
You would think so. From what I understand you will need to be a LEC to get a cert.
On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov <abalashov at evaristesys.com> <abalashov at evaristesys.com> wrote:
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN.
? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> <dovid at telecurve.com>
wrote:
As I understand it if one wants to get a cert for STIR shaken
you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Links: ------ [1] http://www.voxox.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- Glen Gerhardglen at cognexus.net 858.324.4536
Cognexus, LLC 7891 Avenida Kirjah San Diego, CA 92037
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
My understanding is that the only VOIP carriers that can get an IPES OCN are Interconnected VOIP carriers. You have to get a certification from the FCC to become an Interconnected VOIP carrier because the Interconnected VOIP status allows you to order and manager your own NXXs. The main network difference between a CLEC and an Interconnected VOIP carrier is that the CLEC has a direct connection to the PSTN via their own SS7 links and direct trunks to the ILEC. The Interconnected VOIP carrier gets their connection to the PSTN through a third party carrier that manages the SS7 links and direct trunks to the ILEC. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2019-08-20 07:51 PM, Calvin Ellison wrote:
Glen,
What are we to do for our clients who have DID/TFN from 3rd paries? We won't have any relationship with their DID provider to request a delegated certificate, and wouldn't have one of our own to sign those calls, even as Attestation level B or C. Does the client need to request a delegated cert and provide it to each termination carrier they want to use?
I had a call with Bandwidth today was told the delegated certificates would need to contain (or refer via URL) a list of which numbers are permitted to be signed by that cert. I hope they've considered the potential information leak here and use hashes of the permitted numbers, not the numbers in cleartext.
For what it's worth, I received confirmation from NECA that an IPES OCN can be issued without an FCC waiver. This would at least let us sign with level B or C.
Query to NECA and their reply:
Assuming I will need an OCN, I have been told that VoIP carriers that are not certified by the FCC as Interconnected VoIP carriers cannot be assigned an OCN. This doesn't jive with the lingo on your website:
IPES service: Proof of service and customers, e.g., interconnection agreement (or evidence of an interconnection order pursuant to an approved tariff) and contractual agreements with end-user customers. Or, regulatory administration approval, if applicable.
We definitely have contracted customers and definitely have interconnections with DID/TFN origination carriers and termination carriers. If we have no intention to obtain numbering resources directly, can we still obtain an OCN?
YES, YOU CAN STILL OBTAIN AN OCN.
Regards,
CALVIN ELLISON Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555
----------------------------------------------- VOXOX.COM [2] 5825 Oberlin Drive, Suite 5 San Diego, CA 92121
On Tue, Aug 20, 2019 at 9:17 AM Glen Gerhard <glen at cognexus.net> wrote:
Yes, I believe that is the case today. In the new "delegated certificate" model the VoIP provider (or CPaaS provider) will be provided a certificate from the OCN that is used for the ANI. This delegated certificate will give the downstream carriers A level Attestation for the calls regardless of where the outbound calls are originated.
Ultimately it is the originating Enterprise that needs to be traceable from the terminating carrier. Once this relationship chain has been vetted the certificates can be delegated and used at call set up time. NetNumber has a service for brokering the Certificates but the spec is not fully adopted to my knowledge.
Another proposal at ATIS is to have the sending CNAM (and expanded eCNAM) validated with a similar vetted relationship and certificate chain. Ultimately this may be more useful for both the Enterprise and the Callee than just the ANI.
~Glen
On 8/16/2019 11:40, Mary Lou Carey wrote: So it sounds to me like you just have to be a certified carrier to get a STIR/SHAKEN certificate. That means either a CLEC, Wireless, or Interconnected VOIP Carrier. The VOIP carriers that are not certified by the FCC as Interconnected VOIP carriers cannot be assigned an OCN.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2019-08-16 01:32 PM, Calvin Ellison wrote: As explained to me by TransNexus, the Certificate Authorities will most likely require an OCN. VoIP carriers with their own numbering resources already have their IPES category OCN. It's also possible they might only require a SPID.
Regards,
CALVIN ELLISON Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555
----------------------------------------------- VOXOX.COM [1] [1] 5825 Oberlin Drive, Suite 5 San Diego, CA 92121
On Fri, Aug 16, 2019 at 8:02 AM Dovid Bender <dovid at telecurve.com> wrote:
Alex,
You would think so. From what I understand you will need to be a LEC
to get a cert.
On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov <abalashov at evaristesys.com> wrote:
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN.
? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> wrote:
As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Links: ------ [1] http://www.voxox.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- Glen Gerhard glen at cognexus.net 858.324.4536
Cognexus, LLC 7891 Avenida Kirjah San Diego, CA 92037
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Links: ------ [1] http://VOXOX.COM [2] http://www.voxox.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
I spoke with NECA on the phone today and they confirmed IPES OCN can be issued with only the documents I quoted from their website. They said some VoIP companies who don't have their own numbering resources still get an OCN because the partners they are connected to want them to have one. I'm hoping this might be a solution for wholesale providers and international gateways who want to sign calls at Attestation Level B or C. Certificate Delegation doesn't address this. Full Attestation (A) ? The service provider has authenticated the calling party and they are authorized to use the calling number. An example of this case is a subscriber registered with the originating telephone service provider?s softswitch. Partial Attestation (B) ? The service provider has authenticated the call origination, but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX. Gateway Attestation (C) ? The service provider has authenticated from where it received the call, but cannot authenticate the call source. An example of this case would be a call received from an international gateway. https://transnexus.com/whitepapers/understanding-stir-shaken/ On Wed, Aug 21, 2019 at 7:57 AM Mary Lou Carey <marylou at backuptelecom.com> wrote:
My understanding is that the only VOIP carriers that can get an IPES OCN are Interconnected VOIP carriers. You have to get a certification from the FCC to become an Interconnected VOIP carrier because the Interconnected VOIP status allows you to order and manager your own NXXs.
The main network difference between a CLEC and an Interconnected VOIP carrier is that the CLEC has a direct connection to the PSTN via their own SS7 links and direct trunks to the ILEC. The Interconnected VOIP carrier gets their connection to the PSTN through a third party carrier that manages the SS7 links and direct trunks to the ILEC.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2019-08-20 07:51 PM, Calvin Ellison wrote:
Glen,
What are we to do for our clients who have DID/TFN from 3rd paries? We won't have any relationship with their DID provider to request a delegated certificate, and wouldn't have one of our own to sign those calls, even as Attestation level B or C. Does the client need to request a delegated cert and provide it to each termination carrier they want to use?
I had a call with Bandwidth today was told the delegated certificates would need to contain (or refer via URL) a list of which numbers are permitted to be signed by that cert. I hope they've considered the potential information leak here and use hashes of the permitted numbers, not the numbers in cleartext.
For what it's worth, I received confirmation from NECA that an IPES OCN can be issued without an FCC waiver. This would at least let us sign with level B or C.
Query to NECA and their reply:
Assuming I will need an OCN, I have been told that VoIP carriers that are not certified by the FCC as Interconnected VoIP carriers cannot be assigned an OCN. This doesn't jive with the lingo on your website:
IPES service: Proof of service and customers, e.g., interconnection agreement (or evidence of an interconnection order pursuant to an approved tariff) and contractual agreements with end-user customers. Or, regulatory administration approval, if applicable.
We definitely have contracted customers and definitely have interconnections with DID/TFN origination carriers and termination carriers. If we have no intention to obtain numbering resources directly, can we still obtain an OCN?
YES, YOU CAN STILL OBTAIN AN OCN.
Regards,
CALVIN ELLISON Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555
----------------------------------------------- VOXOX.COM [2] 5825 Oberlin Drive, Suite 5 San Diego, CA 92121
On Tue, Aug 20, 2019 at 9:17 AM Glen Gerhard <glen at cognexus.net> wrote:
Yes, I believe that is the case today. In the new "delegated certificate" model the VoIP provider (or CPaaS provider) will be provided a certificate from the OCN that is used for the ANI. This delegated certificate will give the downstream carriers A level Attestation for the calls regardless of where the outbound calls are originated.
Ultimately it is the originating Enterprise that needs to be traceable from the terminating carrier. Once this relationship chain has been vetted the certificates can be delegated and used at call set up time. NetNumber has a service for brokering the Certificates but the spec is not fully adopted to my knowledge.
Another proposal at ATIS is to have the sending CNAM (and expanded eCNAM) validated with a similar vetted relationship and certificate chain. Ultimately this may be more useful for both the Enterprise and the Callee than just the ANI.
~Glen
On 8/16/2019 11:40, Mary Lou Carey wrote: So it sounds to me like you just have to be a certified carrier to get a STIR/SHAKEN certificate. That means either a CLEC, Wireless, or Interconnected VOIP Carrier. The VOIP carriers that are not certified by the FCC as Interconnected VOIP carriers cannot be assigned an OCN.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2019-08-16 01:32 PM, Calvin Ellison wrote: As explained to me by TransNexus, the Certificate Authorities will most likely require an OCN. VoIP carriers with their own numbering resources already have their IPES category OCN. It's also possible they might only require a SPID.
Regards,
CALVIN ELLISON Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555
----------------------------------------------- VOXOX.COM [1] [1] 5825 Oberlin Drive, Suite 5 San Diego, CA 92121
On Fri, Aug 16, 2019 at 8:02 AM Dovid Bender <dovid at telecurve.com> wrote:
Alex,
You would think so. From what I understand you will need to be a LEC
to get a cert.
On Fri, Aug 16, 2019 at 10:33 AM Alex Balashov <abalashov at evaristesys.com> wrote:
If non-LEC VoIP providers can direct own numbering resources now, it follows that they should be able to partake of STIR/SHAKEN.
? Sent from mobile, with due apologies for brevity and errors.
On Aug 16, 2019, at 9:16 AM, Dovid Bender <dovid at telecurve.com> wrote:
As I understand it if one wants to get a cert for STIR shaken you need to become a CLEC. Anyone have a how to/contacts for companies that make this effortless and easy?
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Links: ------ [1] http://www.voxox.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- Glen Gerhard glen at cognexus.net 858.324.4536
Cognexus, LLC 7891 Avenida Kirjah San Diego, CA 92037
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Links: ------ [1] http://VOXOX.COM [2] http://www.voxox.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
An update on this topic: https://sites.atis.org/insights/sti-ga-executes-iconectiv-contract-as-secure... The STI-GA Board determined that an entity must meet the following criteria to access STI certificates: 1. Have a current FCC Form 499A on file with the FCC (filed by all intrastate, interstate, and international providers of telecommunications (including VoIP providers) within the United States, with limited exceptions) 2. Have an Operating Company Number (OCN) 3. Have direct access to telephone numbers from the North American Number Plan Administrator (NANPA) and National Pooling Administrator (NPA) [1 <https://sites.atis.org/insights/sti-ga-executes-iconectiv-contract-as-secure...> ] 1. While the access limitation is reasonable, signing a given call should not be limited to only the pool of numbers available to the provider via direct access. In other words, per ATIS-100074, 5.2.3, under correct conditions a qualified service provider (SP) must be allowed to sign leased numbers as well as other numbers belonging to an OCN not assigned to that qualified SP insofar as the SP can properly verify the customer?s authorized use of that number. Regards, *Calvin Ellison* Senior Voice Operations Engineer calvin.ellison at voxox.com +1 (213) 285-0555 ----------------------------------------------- *voxox.com <http://www.voxox.com/> * 5825 Oberlin Drive, Suite 5 San Diego, CA 92121 [image: Voxox]
participants (6)
-
abalashov@evaristesys.com -
calvin.ellison@voxox.com -
calvine@gmail.com -
dovid@telecurve.com -
glen@cognexus.net -
marylou@backuptelecom.com