Comparing to SHAKEN

VVP (the protcol used by Open Verifiable Calling) is compatible with SHAKEN. It was not created to replace SHAKEN, but to provide broader and more robust evidence as input to OSP attestations in SHAKEN, and to allow security guarantees to extend across the jurisdictional boundaries that limit where SHAKEN is used. VVP is also capable of bridging between VOIP and other important contexts, such as RCS/BCID, SMS, web meetings, social media, email, vCon, and more. A VVP dossier and a single vetting process can generate evidence for any or all of them.

Both SHAKEN and VVP use RFC 8225-compatible STIR PASSporTs. Per the SIP and STIR RFCs, a single call may contain Identity headers of both types at the same time, which means that the mechanisms can freely overlap or be used together. A call may also begin its route outside a SHAKEN jurisdiction, protected by VVP data, and then transition into SHAKEN mode (or combined VVP and SHAKEN mode) when nodes on the route require it. It is not possible to go the other way (SHAKEN → VVP), because SHAKEN passports lack some information that VVP requires.

SHAKEN

VVP

legal and geo application

Wherever a jurisdiction specifies a governance process and a set of certificate authorities to trust.

Global

regulatory compliance

Required in US, Canada, Brazil, France.

May satisfy many national regulators, but not required anywhere

standards

Uses STIR standard with several national variants that are also formally standardized.

Uses STIR standard. No need for national variants. VVP is an RFC draft; dossier is a a draft standard at Trust Over IP Foundation.

scope of evidence

Commitment by OSP to an opinion about reliability of caller's CLID.

  1. Globally recognized identity of legal entity that's accountable for the call

  2. Ownership or license for that legal entity to use brand assets

  3. Call intent

  4. Right of legal entity to use telephone number

  5. Relationship between legal entity and a BPO that proxies them

  6. Signing authority delegated from legal entity to their OSP

  7. Certifications, licenses, or accreditations of the caller

  8. Certifications or accreditations of each issuer of evidence, tracing back to global roots of trust like GLEIF or national regulatory authorities

  9. Involvement (or lack of involvement) of an AI agent in the communication

  10. Settlement details

  11. Identity, qualifications, and authorizations of the specific staff member making a call on behalf of the responsible organization

  12. Optionally, the same attributes about the callee (instead or in addition)

  13. Historical audit trail

timing

Can only be evaluated in the present moment, not in a historical audit trail.

Can be evaluated forever, with respect to the moment in time when the call occurred.

size of passport

200-300 bytes

200-300 bytes

centralization

Certification, registry, and governance of certificate authorities; certificate revocation lists

none

lifespan

CA certs replaced every 3 months (SHAKEN extensions that call for delegated certs would be more frequent)

permanent — no replacement or reissuance needed

PreviousCredential StructureNextComparing to RCD

Last updated