You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/Deployment/STIR-SHAKEN/index.md
+13-2Lines changed: 13 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -202,7 +202,18 @@ although this has probably already been done by the issuing authority.
202
202
203
203
The "id" of this object MUST be a canonicalized telephone nmumber which
204
204
starts with a country code. The only valid characters are the numbers
205
-
0-9, '#' and '*'.
205
+
0-9, '#' and '*'. With the 18.23.0, 20.8.0 and 21.3.0 releases of Asterisk,
206
+
caller-ids are canonicalized before searching for "tn" objects. Previously,
207
+
caller-ids had to match "tn" ids exactly.
208
+
209
+
/// warning
210
+
The STIR-SHAKEN subsystem takes "caller-id" from the channel exactly like
211
+
the `CALLERID(num)` dialplan function. If you create or modify outgoing SIP
212
+
headers like `From` or `P-Asserted-Identity` and they don't match what's on the
213
+
channel, the information in the outgoing Identity header won't match
214
+
the the headers. This may cause the remote end to fail to validate
215
+
your attestation.
216
+
///
206
217
207
218
The default values for all of the "tn" parameters come from the "[attestation](#attestation-object)" and "[profile](#profile-object)" objects.
208
219
@@ -561,7 +572,7 @@ Compared to verification, attestation is simple.
561
572
1. If the profile name set in `stir_shaken_profile` doesn't exist, skip attestation and continue the call.
562
573
1. If the [attestation](#attestation)`global_disable` flag is true, skip attestation and continue the call.
563
574
1. If the [profile](#profile-object)`endpoint_behavior` parameter isn't `attest` or `on`, skip attestation and continue the call.
564
-
1. If there's no "tn" object matching the caller-id, skip attestation and continue the call.
575
+
1. If there's no "tn" object matching the caller-id, skip attestation and continue the call. With the 18.23.0, 20.8.0 and 21.3.0 releases of Asterisk, the caller-id is canonicalized (everything except 0-9, # and * are removed) before a "tn" object is searched for. Previously, the caller-id had to match the "tn" id exactly so a caller-id of "+1234567890" would NOT match a "tn" id of "1234567890".
565
576
1. Finally create and sign the Identity header using the `private_key_file`, `public_cert_url`, `attest_level` and `send_mky` parameters from [tn](#tn-object), [profile](#profile-object) or [attestation](#attestation-object). If this fails, the call will be terminated.
0 commit comments