On 4/27/2020 12:09 PM, Michael Thomas wrote:
but one trip through SS7 land breaks any end to end traceability so
I'm sort of dubious how well this will work in practice. Scammers are
not dumb, after all.
Although the actual mechanisms aren't yet defined to a level that allows
interoperable implementation, there's an architectural sketch of how
this can be done in the RFC Editor's Queue:
https://datatracker.ietf.org/doc/draft-ietf-stir-oob/
Some vendors who provide STIR/SHAKEN solutions have filled in the
protocol gaps with their own designs, and are already offering
implementations based on that architecture to customers [1]. The
technique is on the FCC's radar, although they consider it too early to
mandate solutions based on it [2].
/a
____
[1] See, for example,
https://transnexus.com/blog/2019/fcc-filings-support-oob-stir/
[2] See bullet 7 on page 5 of
https://docs.fcc.gov/public/attachments/DOC-362932A1.pdf
