Usually, with any new network protocols, the last 5% of deployment and interop take 95% of the effort. STIR/SHAKEN is about 10% deployed, so there is a lot of work to be done, including a lot of interop testing and likely RFC update based on the deployment experience.
The RFC for Identity relies on JWT functionality which is not normally present in the current SIP stacks. It is designed to be implemented using standard web development technologies and falls slightly outside of the normal telecom implementation expertise. Furthermore, the Identity header more than triples the average SIP message size, which according to standards, should trigger the protocol change from UDP to TCP. Bad JWT implementation and network issues associated with the increased SIP message size already affect the reliability of legitimate calls. Most of the currently deployed SIP equipment has interop issues in their Identity or TCP/TLS implementations. This is compounded by the fact that SIP is, at this point, a legacy protocol. Most SIP calls are sent over unecrypted UDP, which would not be acceptable for any modern protocol. At the same time, SIP over TLS has many performance and reliability issues that would need to be addressed before it is ready for industry-wide deployment. Dealing with the fact that a lot of telecom equipment is not routinely updated and relies on being isolated from public access and mutual interop to operate makes deploying anything new an excruciating process. The current set of standards was not exactly designed to make deployment easier. To summarize, currently, this is a bit of a mess. I would expect people working hard to fix this, but very few people seem to care. It feels like the whole industry is going through the infamous "Mission Accomplished" moment. _____________ Roman Shpount On Mon, Jul 12, 2021 at 1:39 PM Mary Barnes <[email protected]> wrote: > For what has been implemented right now (i.e., basic calls), all the > specifications are RFCs. AFAIK no one has implemented ACME for > certificate management (yet). > > Regards, > Mary. > > On Mon, Jul 12, 2021 at 11:59 AM Salz, Rich <rsalz= > [email protected]> wrote: > >> Linked from today’s front page of The New York Times: >> >> >> >> How Do You Stop Robocalls? >> >> An F.C.C. rule that went into effect last month is meant to help put a >> stop to those relentless calls about your extended warranty, and others. >> >> https://www.nytimes.com/article/stop-robocalls-scam-fcc.html?smid=em-share >> >> >> >> It talks about Shaken/Stir by name a couple of times. Someone want to >> tell the reporter there are still IESG issues that needs be resolved? >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >> > _______________________________________________ > stir mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/stir >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
