On 10/4/22 5:23 PM, Peter Beckman wrote:
On Tue, 4 Oct 2022, Michael Thomas wrote:
Exactly. And that doesn't require an elaborate PKI. Who is allowed to use what telephone numbers is an administrative issue for the ingress provider to police. It's the equivalent to gmail not allowing me to spoof whatever email address I want. The FCC could have required that ages ago.
How does one carrier that gets DIDs from multiple other carriers communicate to the termination carrier selected during LCR that the DID set as CallerID is indeed serviced by that carrier and authorized to use said DID as CallerID?
If a call is asynchronous, e.g. the DID carrier is not the terminating carrier, how can the termination carrier trust/know definitively that someone is allowed to use that CallerID?
Don't forget the resellers!!!
My point is not that the termination carrier believe that it's legitimate (although that would be nice), but to get the originating carrier to police things before it ever gets forwarded. The FCC could have forced that ages ago in most cases. Requiring the receiving end to police things is fraught with false positives where the originating carrier has a lot more knowledge of who their customer is. Mike