Stir-Shaken For Asterisk

Home » Asterisk Users » Stir-Shaken For Asterisk
Asterisk Users 6 Comments

In a few weeks, no SIP call is going to terminate unless they are signed properly, as mandated by law. We are in the business of Stir-Shaken, signing calls, as an FCC-approved provider. A big differentiator between our service and the rest: we are the only ones who don’t need to receive the calls in our servers to sign them. We do this over a MySQL call, easily connectable to Asterisk via res_odbc, so you never have to send us your calls. This is a sample of how we do this so you may test now:
mysql -u anonymous -h 208.73.232.47 -e “call strshk.stir_shaken_signature(‘7274433019′,’19544447408’)”. If your caller-ID is a valid US number and not a wireless number (that is a NO-NO for the FCC), we sign the call as ‘C’, if you use your own DIDs, something we can verify as legit, then we sign as ‘B’, and if you use our DID as caller ID, we sign as ‘A’, full attestation. Please email to venefax at g mail if you have any questions. Do not think you can do business as usual. The wild west of VOIP is coming to an end. But we can keep you in business if you follow the rules.

6 thoughts on - Stir-Shaken For Asterisk

  • In a few weeks?  FIrst I have heard of this, and your legitimacy is strained by a gmail address.

    *Jeff LaCoursiere*
    STRATUSTALK, INC. / CTO

    Phone: *+1 703.496.4990 x108*
    Mobile: *+1 815.546.6599*
    Email: *jeff@stratustalk.com*
    Website: *https://www.stratustalk.com*
    Address: *

  • A few weeks… like in a year and a few weeks:

    https://transnexus.com/blog/2020/fcc-mandates-stir-shaken/

    Some interesting bits in there as well, like:

    “These rules do not apply to providers that lack control of the network infrastructure necessary to implement STIR/SHAKEN.”

    See also:

    https://wiki.asterisk.org/wiki/display/AST/STIR+and+SHAKEN

    *Jeff LaCoursiere*
    STRATUSTALK, INC. / CTO

    Phone: *+1 703.496.4990 x108*
    Mobile: *+1 815.546.6599*
    Email: *jeff@stratustalk.com*
    Website: *https://www.stratustalk.com*
    Address: *

  • This is a multipart message in MIME format.

    ——=_NextPart_000_0032_01D634BA.CD27B020
    Content-Type: text/plain;
    charset=”UTF-8″
    Content-Transfer-Encoding: quoted-printable

    Yes, this means that a provider which only provides IP-access (for example a broadband operator), ergo, when it doesn’t terminate a call, but where the call terminates directly at a enterprise, does not need to force the end customer to implement call verification in their PBX. Basically, if you don’t have control of the SIP endpoint where the call is terminated, you don’t need to implement these rules.

    Also this doesn’t apply to the customer end of the operator, where you authenticate to your operator with your username/password. These calls are already authenticated. It applies to the so called ”anonymous” calls that traverses between operators and through operators networks.

    If they don’t have access to the PBX equipment, and the owner is not required to be a FCC approved operator, then the rules are dropped. SIP2SIP calls using textual URI’s are also not in scope for this rules, only DID calls are applicable.

    Rule 1 also says for internal calls (ergo inside operator network) you need to implement a security solution CONSISTENT with stir/shaken, not in accordance. It means you can roll your own solution, as long as it provides comparable security. In a few weeks, no SIP call is going to terminate unless they are signed properly, as mandated by law. We are in the business of Stir-Shaken, signing calls, as an FCC-approved provider. A big differentiator between our service and the rest: we are the only ones who don’t need to receive the calls in our servers to sign them. We do this over a MySQL call, easily connectable to Asterisk via res_odbc, so you never have to send us your calls. This is a sample of how we do this so you may test now:
    mysql -u anonymous -h 208.73.232.47 -e “call strshk.stir_shaken_signature(‘7274433019′,’19544447408’)”. If your caller-ID is a valid US number and not a wireless number (that is a NO-NO for the FCC), we sign the call as ‘C’, if you use your own DIDs, something we can verify as legit, then we sign as ‘B’, and if you use our DID as caller ID, we sign as ‘A’, full attestation.
    Please email to venefax at g mail if you have any questions. Do not think you can do business as usual. The wild west of VOIP is coming to an end. But we can keep you in business if you follow the rules.

    ——=_NextPart_000_0032_01D634BA.CD27B020
    Content-Type: text/html;
    charset=”UTF-8″
    Content-Transfer-Encoding: quoted-printable

  • Nice, Do you have the code up on GitHub? I’d love to see it.

    What’s the source of the data? Something API driven I hope?

    Have you thought about implementing your project via curl instead of func_odbc?