On 3/6/20 2:34 PM, Sean Donelan wrote:
https://www.fcc.gov/document/chairman-pai-proposes-mandating-stirshaken-combat-robocalls
Federal Communications Commission Chairman Ajit Pai today proposed a
major step forward to further the FCC’s efforts to protect consumers
against
spoofed robocalls: new rules requiring implementation of caller ID
authentication using socalled “STIR/SHAKEN” technological standards.
STIR/SHAKEN enables phone companies to verify the accuracy of caller
ID information that is transmitted with a call. Industry-wide
implementation would reduce the effectiveness of illegal spoofing,
allow law enforcement to identify bad actors more easily, and help
phone companies identify calls with illegally spoofed caller ID
information before those calls reach their subscribers.
The FCC will vote on these new rules during its Open Meeting on March 31.
In my opinion, STIR/SHAKEN is solving the wrong problem. e.164 addresses
are dinosaurs and pretty irrelevant for identity. Cryptographic
protection of the From: address in SIP would be a lot more sane because
we already know how to do that. Since it's basically an all SIP world
these days, we should just retire e.164'isms and move on.
Mike