> On Jul 3, 2023, at 8:05 PM, Markus via VoiceOps <[email protected]> wrote:
>
> Am 30.06.2023 um 23:00 schrieb Mary Lou Carey via VoiceOps:
>> I've heard from several clients that their upstream carrier told them they
>> don't need to worry about being STIR/SHAKEN compliant because they are
>> taking care of everything for them.
>> THAT IS NOT CORRECT! Every phone company is required to have its own
>> certificate/token!
>
> What if I'm an European telecom operator and have US-based end-users (via
> SIP) who are calling to the US and who would like to signal their United
> States A-number to the called party?
>
> What if I'm an European telecom operator and have Euro end-users (via SIP)
> who are calling to the US and who would like to signal their European
> A-number to the called party?
>
> If I try to register here - https://authenticatereg.iconectiv.com/register -
> "Country: United States" is hard-coded.
>
> Is there a way for Euro TSPs to get STIR/SHAKEN without creating a US
> entity/company just for this purpose?
I'm pretty sure it's the job of whoever is providing gateway services into the
USA to sign the call, and that anyone in the STIR/SHAKEN system in the US has
some sort of regulatory nexus here where they could be held legally
responsible. It's all about finding a throat to choke if there's misconduct.
The liability would be on whoever sells you service. I think the long term idea
is that other STIs would set up around the world over time and there would be a
collection of root certificates much like browser SSL stacks, so you could
authenticate calls that came in from other countries and tie them back to a
regulatory regime that can hold them responsible.
Unless Mary has a different idea of what the plan is?
-Paul
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
