STIR/SHAKEN CA Ecosystem Compliance

Approved Certificate Authorities in the STIR/SHAKEN ecosystem are required to meet technical requirements from ATIS-1000080 and policy requirements from the supporting CA ecosystem’s Certificate Policy.

This report is broken int two parts:

  1. One generated using Zlint a tool commonly used to asses CA ecosystem compliance with such requirements. The tests used to generate this report are currently not part of the main Zlint distribution but can be found here.
  2. One generated with a custom script that eumerates the known STIR/SHAKEN certificates and asses each repository against the current rule set . The source for this test can be found here while the report itself can be found here.

Summary

Leaf Certificates

CA Certificates

Certificate Repository URL

Details

* The percent of certificates per issuer is calculated against total certificates from all issuers.
** The percent of errors, warnings and notices is calculated against total observed certificates from the specified issuer.
*** Tests use the ATIS-1000080 and Certificate Policy versions release dates to determine if tests are ran. Certificates issued before these dates are not executed as the rules may not have been enforce at the time.

Leaf Certificates

Issuers Certificates Errors Warnings Notices Not Effective
Comcast 30 (6.71%) 30 (100.00%) 30 (100.00%) 0 (0.00%) 0 (0.00%)
GBSDTech 3 (0.67%) 3 (100.00%) 0 (0.00%) 0 (0.00%) 0 (0.00%)
Martini Security 30 (6.71%) 0 (0.00%) 0 (0.00%) 1 (3.33%) 0 (0.00%)
Metaswitch 41 (9.17%) 41 (100.00%) 1 (2.44%) 0 (0.00%) 36 (87.80%)
NetNumber 4 (0.89%) 4 (100.00%) 0 (0.00%) 4 (100.00%) 0 (0.00%)
Neustar 120 (26.85%) 119 (99.17%) 31 (25.83%) 0 (0.00%) 29 (24.17%)
Peeringhub 8 (1.79%) 8 (100.00%) 1 (12.50%) 0 (0.00%) 0 (0.00%)
Ribbon Communications 8 (1.79%) 8 (100.00%) 8 (100.00%) 0 (0.00%) 0 (0.00%)
Sansay 127 (28.41%) 127 (100.00%) 127 (100.00%) 0 (0.00%) 0 (0.00%)
T-Mobile 2 (0.45%) 2 (100.00%) 2 (100.00%) 0 (0.00%) 0 (0.00%)
TransNexus 74 (16.55%) 74 (100.00%) 10 (13.51%) 0 (0.00%) 0 (0.00%)
Total 447 (100.00%) 416 (93.06%) 210 (46.98%) 5 (1.12%) 65 (14.54%)

CA Certificates

Issuers Certificates Errors Warnings Notices Not Effective
Comcast 2 (6.06%) 0 (0.00%) 0 (0.00%) 0 (0.00%) 2 (100.00%)
GBSDTech 2 (6.06%) 1 (50.00%) 0 (0.00%) 0 (0.00%) 2 (100.00%)
Martini Security 3 (9.09%) 0 (0.00%) 0 (0.00%) 1 (33.33%) 0 (0.00%)
Metaswitch 2 (6.06%) 2 (100.00%) 0 (0.00%) 0 (0.00%) 2 (100.00%)
NetNumber 3 (9.09%) 2 (66.67%) 2 (66.67%) 0 (0.00%) 3 (100.00%)
Neustar 6 (18.18%) 4 (66.67%) 6 (100.00%) 0 (0.00%) 4 (66.67%)
Peeringhub 2 (6.06%) 2 (100.00%) 2 (100.00%) 0 (0.00%) 1 (50.00%)
Ribbon Communications 2 (6.06%) 2 (100.00%) 2 (100.00%) 0 (0.00%) 2 (100.00%)
Sansay 2 (6.06%) 0 (0.00%) 2 (100.00%) 0 (0.00%) 1 (50.00%)
T-Mobile 4 (12.12%) 1 (25.00%) 0 (0.00%) 0 (0.00%) 3 (75.00%)
TransNexus 5 (15.15%) 3 (60.00%) 3 (60.00%) 0 (0.00%) 3 (60.00%)
Total 33 (100.00%) 17 (51.52%) 17 (51.52%) 1 (3.03%) 23 (69.70%)

Key

Type Description
Errors Tests in which the specifications are unambiguous on what the expected behavior must be.
Warnings Tests in which the specifications are ambiguous or are provide only a recommendation.
Notices Tests in which industry best practices are not followed.
Not Effective Tests that exist in the current specifications but were not in effect at the time of issuance.

Generated: 31 Jan 23 21:50 UTC