Stir/Shaken Certificate Issuer Raises Concerns to FCC

Martini Security raised concerns about enforcing Stir/Shaken requirements and standards, a letter to the FCC posted Friday in docket 17-97. The company, which is a Secure Telephone Identity Governance Authority certified authority (STI-CA) of Stir/Shaken certificates, said "most" STI-CA participants "are failing to meet the stated requirements of the standards and policies governing both the functioning and interoperability of" the Stir/Shaken ecosystem. Martini Security noted the STI-GA didn't implement "any observable changes" to address non-conformance issues it discovered in a 2022 report. It recommended the FCC require the STI-GA to "regularly report" on the state of compliance, establish a "problem-reporting mechanism for STI-CA non-conformity," and require STI-CAs to make their issued certificates publicly available.