On 12/19/19 8:16 AM, Christopher Morrow wrote:
How is it envisioned that this will work? I mean, I'm all for less spam calling... and ideally there would be some form of 'source address verification' on the PSTN/phone network... but in today's world that really just doesn't exist and the motivations to suppress fake sources are 'just as good' as they are on the intertubes. (with crappier options in the gear - SHAKEN/STIR are really not even available in the majority of the switch 'gear' right?)
It's my opinion that STIR/SHAKEN is trying to solve the wrong problem. Telephone numbers are oh-so last millennia. I don't care about telephone numbers any more than I care about ip addresses. What I care about is the From: address, be it email, sip or anything else that uses an email-like address. Unlike the e.164 quagmire, domains can vouch that they actually sent a message ala DKIM (in fact, when i was developing DKIM, i for shits and giggles, DKIM-signed SIP messages too). If a message comes from gmail (and verifies), I have a pretty good belief that it really is that user since I know they don't allow their users to spoof other email accounts. Same can be done with SIP. That is the road forward here, not an ugly complex bandaid on an outdated form of identity. Mike