Good Luck, very important mission.
You might willing bring to the table some improvement for the effort to
provide better availability for CA list and peer verification process.
If SIPNOC willing to organize web service where all involved parties
will be able to register and go through verify process as trusted
telco or voip provider.
And then expose API from telcos or voip providers end points only (
must have fixed end point ip) to get verification information for CA
list or peer information.
That will have minimal impact on on application layer and will provide
true trusted source of verification process.
1.3.3. ca_list (string)
Path to a file containing trusted CA certificates for the
verifier. The certificates must be in PEM format, one after
another.
Example 1.3. Set ca_list parameter
...
modparam("stir_shaken", "ca_list", "/stir_certs/ca_list.pem")
...
volga629
On Tue, Nov 26, 2019 at 14:31, Bogdan-Andrei Iancu
<bog...@opensips.org> wrote:
Hi All
On 5th of December, I will talk at
<https://www.linkedin.com/feed/hashtag/?highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6605066211233460224&keywords=%23sipnoc2019&originTrackingId=7AFxItq%2BFji6frtUIfI3qg%3D%3D>SIPNOC
2019 [1] about the new STIR/SHAKENimplementation [2] in OpenSIPS 3.1,
about the usage models and the associated risks.
[1] <https://www.sipforum.org/news-events/sipnoc-2019-overview/>
[2]
<https://github.com/OpenSIPS/opensips/tree/master/modules/stir_shaken>
10:45am – 11:15am: The Usage Models and Risks of STIR/SHAKEN, Seen
from the Pragmatism of an Implementation.
Abstracts:
There are many things still to be defined and settled in STIR/SHAKEN
from the regulatory perspective. Nevertheless, this presentation
wants to bring this topic under scrutiny from the point of view of an
implementation in the OpenSIPS SIP Server. So, what are the possible
STIR/SHAKEN usage scenarios from the perspective of how the SIP
traffic is handled and, more important, how the certificates are
managed. While a SIP server may cover the full horizontal of
authorization, inspection and verification processes, it is more
relevant to see what are the possible models when comes to
certificate managing. And definitely there is a need for coexistence
between a certificate-agnostic model and a certificate self-managing
model, in order to answer to future standardization and usage
challenges. ITSP, Telcos and Carries are to deploy and use
STIR/SHAKEN implementations in the real word, so are they fully
aware of the security and performance risks introduced by such a
service? Well, the exercise of producing such a STIR/SHAKEN
implementation is a good way to answer these questions and get
yourselves ready.
See you in Washington!
--
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
<https://www.opensips-solutions.com/>
OpenSIPS Bootcamp Pre-Registration
<https://opensips.org/training/OpenSIPS_Bootcamp/>
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
