On 5/16/24 6:55 PM, John Levine wrote:
It appears that Brandon Martin <lists.nanog@monmotha.net> said:
I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks) world allowing lots of regulatory capture. It's the opposite. SS7 was designed for a world with a handful of large trustworthy telcos. But now that we have VoIP, it's a world of a zillion sleasy little VoIP carriers stuffing junk into the network. The real telcos have no desire to deliver spam calls. Everything is bill and keep so they get no revenue and a lot of complaints.
Mike is right that STIR/SHAKEN is more complex than it needs to be but even after it was widely deployed, the telcos had to argue with the FCC to change the rules so they were allowed to drop spam calls which only changed recently. That's why you see PROBABLE SPAM rather than just not getting the call.
I was screaming at the top of my lungs that P-Asserted-Identity was going to bite them in the ass 20 years ago. And then they eventually came up with something that solved the wrong problem in the most bellheaded way possible 15 years later. Bellheads should not be trusted with internet security. The FCC is most likely not blameless here either but the telcos/bellheads most certainly aren't either. Anybody who thinks this is an either/or problem is wrong. Mike