# Comparing to SHAKEN VVP (the protcol used by Open Verifiable Calling) is compatible with SHAKEN. It was not created to replace SHAKEN, but to provide broader and more robust evidence as input to OSP attestations in SHAKEN, and to allow security guarantees to extend across the jurisdictional boundaries that limit where SHAKEN is used. VVP is also capable of bridging between VOIP and other important contexts, such as RCS/BCID, SMS, web meetings, social media, email, vCon, and more. A VVP dossier and a single vetting process can generate evidence for any or all of them. Both SHAKEN and VVP use RFC 8225-compatible STIR PASSporTs. Per the SIP and STIR RFCs, a single call may contain `Identity` headers of both types at the same time, which means that the mechanisms can freely overlap or be used together. A call may also begin its route outside a SHAKEN jurisdiction, protected by VVP data, and then transition into SHAKEN mode (or combined VVP and SHAKEN mode) when nodes on the route require it. It is not possible to go the other way (SHAKEN → VVP), because SHAKEN passports lack some information that VVP requires. |


| SHAKEN | VVP | | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | legal and geo application | Wherever a jurisdiction specifies a governance process and a set of certificate authorities to trust. | Global | | regulatory compliance | Required in US, Canada, Brazil, France. | May satisfy many national regulators, but not required anywhere | | standards | Uses STIR standard with several national variants that are also formally standardized. | Uses STIR standard. No need for national variants. VVP is an [RFC draft](https://datatracker.ietf.org/doc/draft-hardman-verifiable-voice-protocol/); dossier is a a [draft standard at Trust Over IP Foundation](https://trustoverip.github.io/kswg-dossier-specification/). | | scope of evidence | Commitment by OSP to an opinion about reliability of caller's CLID. |

  1. Globally recognized identity of legal entity that's accountable for the call
  2. Ownership or license for that legal entity to use brand assets
  3. Call intent
  4. Right of legal entity to use telephone number
  5. Relationship between legal entity and a BPO that proxies them
  6. Signing authority delegated from legal entity to their OSP
  7. Certifications, licenses, or accreditations of the caller
  8. Certifications or accreditations of each issuer of evidence, tracing back to global roots of trust like GLEIF or national regulatory authorities
  9. Involvement (or lack of involvement) of an AI agent in the communication
  10. Settlement details
  11. Identity, qualifications, and authorizations of the specific staff member making a call on behalf of the responsible organization
  12. Optionally, the same attributes about the callee (instead or in addition)
  13. Historical audit trail
| | timing | Can only be evaluated in the present moment, not in a historical audit trail. | Can be evaluated forever, with respect to the moment in time when the call occurred. | | size of passport | 200-300 bytes | 200-300 bytes | | centralization | Certification, registry, and governance of certificate authorities; certificate revocation lists | none | | lifespan | CA certs replaced every 3 months (SHAKEN extensions that call for delegated certs would be more frequent) | permanent — no replacement or reissuance needed | | infrastructure support | any SIP route or node that preserves Identity headers is already compatible; out-of-band can bridge non-SIP; TSPs must verify | any SIP route or node that preserves Identity headers is already compatible; out-of-band can bridge non-SIP; anybody can verify, including handsets | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ovc.provenant.net/comparing-to-shaken.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.