Note: This new implementation is available as of Asterisk 18.22.0, 20.7.0, and 21.2.0.
It’s been almost 4 years since STIR/SHAKEN support was first added to Asterisk and a lot has changed since them. As a result, the original implementation wouldn’t actually interoperate with any other STIR/SHAKEN implementations. The good news is that standards and processes have become clearer as has our understanding of them and this prompted us to start a review and refactor last fall which is now complete.
Some of the major changes include:
- Support for checking the TNAuthList extension in X509 certificates.
- Returning “Reason” headers in SIP responses when verification failed but we wished to continue the call.
- Support for sending Media Key(mky) grants in the Identity header when the call involved DTLS.
- Performance improvements for outgoing call Telephone Number matching.
- Additional configuration options.
- More strict adherence to RFC and ATIS specifications.
- Using libjwt to handle JWT and PassPORT lifecycle.
All of these changes required a compete refactor of the stir_shaken.conf file which means you’ll need to update that file.
Lots more information is available on the STIR-SHAKEN page on the Asterisk Documentation website.