# Compare — Whisper vs signaling firewalls, 5G-core firewalls & operator PKI/SEPP

> Your firewall reads the message. Your operator PKI proves the NF — but only to itself.
> Signaling firewalls, 5G-core firewalls, and the operator PKI/SEPP are each good; keep running every one.
> Whisper is the three layers none of them owns — a publicly-verifiable NF identity, cross-operator
> attribution across rotating egress, and cross-operator revocation at DNS-TTL — additive to all three,
> and never a replacement for mTLS or OAuth2.

Enea, SecurityGen, P1, Positive Technologies, Mobileum on the signaling plane; Palo Alto CN-Series,
Fortinet, A10, Check Point on the packet core; Ericsson and Nokia PKI and the SEPP on the trust plane —
each is good at what it does, and you should keep running every one. But the compromised-NF,
rotating-egress incident survives the whole stack, because it lives in three seams none of them was
built to close: a **publicly-verifiable NF identity**, **cross-operator attribution**, and
**cross-operator revocation at DNS-TTL**. Whisper is those three seams — and only those. Additive, never
a replacement: it adds the public, DNSSEC+DANE layer on top, from the NF's *existing* key.
**The address is the NF — publicly verifiable, revocable in one TTL.**

`whisper verify --trustless` — the one thing your signaling firewall, your core firewall, and your
operator CA all lack: no one has to trust *our* API.

- **3 layers** — signaling FW · 5G-core FW · operator PKI/SEPP — Whisper is additive to all three
- **OAuth2 optional** — authorization at the 5G NRF is optional by spec (TS 33.501) — the flat-trust root the incumbents don't close
- **1 TTL** — cross-operator revoke: one signed record pull, not one CRL/OCSP per operator
- **0** — rip-and-replace: never replaces mTLS or OAuth2; the same SBA cert, DANE-pinned
- **trustless** — verify an NF's identity without trusting our API — or the peer's private CA

---

## Every layer here is good. The incident survives in the seams *between* them.

The 5G SBA is a flat, all-IP HTTP/2 mesh, and it inherits the whole web/API threat model. Reach the NRF
and you can pull any NF's profile and speak as it — `OAuth2` authorization is optional by spec, so
reachability approximates authorization. The action then rides out through IPX hubs, roaming peers and
cloud-hosted egress. Strip that incident down and it leans on exactly three structural gaps. Here's which
category of tool leaves each one open, and why.

### Gap 1 · you can't attribute the operator when the egress rotates

A signaling firewall scores the message *within the signaling plane* — Global Title, realm, GT-to-GT. A
5G-core firewall scores the packet. Neither names the internet-side operator behind a rotating egress: an
event arrives through one IPX ASN, then another, then a cloud-hosted NF, and every hop is disposable.
In-plane attribution stops at the last GT you saw — which was never the actor.

**Only Whisper closes it — the graph.** A live internet-infrastructure graph — **7.44B**
nodes and **39.3B** relationships of fused BGP, DNS, WHOIS/RDAP, TLS and hosting, answering
in under 300 ms — fingerprints the *operator*, not the IP. Rotation across IPX ASNs and clouds collapses
into one infrastructure genealogy (shared ASN, hosting, certificate lineage); a residential- or
cloud-proxy swarm collapses on a `JA4/JA3` client fingerprint that travels with the tooling regardless of
the exit. Every answer is a reproducible evidence chain your CSIRT and a regulator can replay — the
**NIS2 Art.23** who/where an incident report needs.

> **"My signaling firewall already flags the malicious message. Why can't it tell me who's behind it?"**
> Because it attributes in-plane. GT and realm identify the last signaling hop, not the internet operator
> running a rotating IPX/cloud egress — and the last GT you logged was disposable. The graph fuses BGP,
> DNS, RDAP and TLS to name the operator behind the host, and JA4 collapses the swarm to one tooling
> fingerprint. It's an additive feed *into* the firewall you already run, not a second one.

### Gap 2 · NF identity is proved privately — no outsider can check it, no one can revoke it fast

3GPP does bind identity into the certificate: TS 33.310 mandates the NF cert carry
`subjectAltName = urn:uuid:<nfInstanceId>`, and mTLS on the SBI is mandatory. That is genuinely strong —
*inside one operator*. But the CA is operator-private: no roaming partner, no IPX, no regulator, no peer
operator can independently verify "this really is operator X's AMF" without bilateral cross-certification
of each MNO's Root CA. And when an NF is compromised, revocation is a per-operator CRL/OCSP that doesn't
cross the operator boundary — de-peering is slow, manual, commercial.

**Only Whisper closes it — public identity.** Take the same `nfInstanceId` and the NF's *existing* key,
and anchor them in the public DNSSEC root: a routable **/128** that drops into the NF's
`NFProfile.ipv6Addresses`, with a DANE-EE `TLSA 3 1 1` pin of the *same SBA certificate* it already
presents. Now any counterparty verifies the NF against the IANA root — no cross-certification, no access
to the operator's private CA — and one signed-record pull revokes it everywhere at cache-TTL. It never
replaces mTLS or OAuth2; it's the independent, public layer on top.

> **"3GPP already puts the nfInstanceId in the cert and mandates mTLS. Isn't identity solved?"**
> Solved inside your operator — not across the boundary. The cert is signed by *your* private CA, so a
> roaming partner or regulator can't verify it without cross-certifying your Root CA, and a compromise
> waits on a per-operator CRL. Whisper keeps the exact `urn:uuid:nfInstanceId` identity and makes it
> publicly verifiable and cross-operator revocable — the same cert, DANE-pinned, from the NF's existing
> key. No new PKI, no re-key, no NRF API change.

Gap 1 is attribution made durable across rotation. Gap 2 is a private assertion made a public, revocable
proof. No layer you already run was built to close either — that's the white space, and it's exactly
where the compromised-NF endgame persists unattributed.

---

## An outsider asks three questions. Your stack answers them only privately.

Line the three categories you run up against the questions a cross-operator incident actually forces you
to answer, and the picture is honest and simple: the message layer and the packet layer are well covered,
the NF cert is strong *inside* your domain — and the three questions an outsider asks are the seams.

```
Is the message / packet malicious?      ──▶  covered — signaling + 5G-core firewalls (message & packet layer)

① Is this really operator X's NF —      ──▶  GAP 1 — operator PKI/SEPP: ✓ inside your domain,
   provably, to an outsider?                    — to a roaming partner without cross-cert
② Who's behind the rotating IPX /       ──▶  GAP 2 — no incumbent answers
   roaming / cloud egress?
③ Compromised — kill it everywhere,     ──▶  GAP 3 — per-operator CRL/OCSP; doesn't cross the boundary
   now?

                       Whisper spans ① ② ③ and feeds the FW you run
                       public DANE-EE /128 (same cert) · operator fingerprint + JA4 · revoke at DNS-TTL
                       evidence chain → your SIEM (Splunk today · CEF / ECS)
```

Additive by construction. The signaling and core firewalls own the message and packet; the operator PKI
owns the NF cert inside your domain. Whisper owns the three questions an outsider asks — provable
identity, attribution across rotation, and cross-operator revocation — and hands the first layer a
sharper feed.

---

## Incumbents own the top rows. Whisper owns the bottom five. One row, both — by different means.

Two honest columns for the layers you run — the signaling / 5G-core firewalls, and the operator PKI/SEPP
— against Whisper. Keep every incumbent: the top two rows are theirs. The identity-issuance row, both of
us do — they issue privately; we make the same identity public. And the bottom five are the ones no layer
on your stack was built to answer.

| Capability | Signaling / 5G-core firewall | Operator PKI / SEPP | Whisper |
|---|---|---|---|
| Signaling firewalling — inspect & score SS7 / Diameter / GTP-C / HTTP-2 messages | ✓ | — | additive feed |
| 5G-core traffic protection — GTP-U / SCTP / malformed / DoS packet defense | ✓ | — | additive feed |
| NF identity issuance — a certificate bound to `urn:uuid:nfInstanceId` | — | ✓ private CA | ✓ public DNSSEC+DANE |
| **Publicly-verifiable** NF identity — no bilateral cross-certification | — | — | ✓ |
| Cross-operator attribution across rotating egress (BGP·DNS·RDAP·TLS·`JA4`) | — | — | ✓ |
| Cross-operator revocation at **DNS-TTL** — one pull, not one CRL/OCSP per operator | — | — | ✓ |
| Routable identity that survives NAT / roaming / IPX | — | — | ✓ |
| Identity derived from the NF's **existing** key — no re-key, no new CA | — | — | ✓ |

> **"So where does the operator PKI stop and Whisper start?"**
> At the operator boundary. Your PKI issues and lifecycles the NF cert, mTLS binds it on the SBI,
> OAuth2/NRF authorizes the service call — all mandatory, all primary, all kept. Whisper takes the exact
> identity that PKI already minted and projects it onto a public anchor: DNSSEC, DANE, RDAP, reverse-DNS,
> and a graph that names the operator behind a rotating egress. It's a second, independent,
> publicly-checkable layer — *and* a cross-operator kill-switch — not a replacement for the first.

One honest caveat, said out loud: revocation here kills the **/128 and its egress authorization** at
DNS-TTL — faster and cross-operator, where a CRL/OCSP can't reach. It does *not* revoke the operator's
TLS certificate; that stays the operator CA's job. Sell it as the additional kill-switch your PKI never
had, not as a PKI.

---

## It DANE-pins the same SBA cert your NF already presents. It doesn't re-issue anything.

The identity is not new. The NF already carries a certificate whose `subjectAltName` is
`urn:uuid:<nfInstanceId>`, signed by your operator CA and presented on every mTLS handshake on the SBI.
Whisper takes that *same* cert and that *same* key and anchors them in the public DNSSEC root — the
identity your PKI privately asserts becomes globally, third-party verifiable, with no re-key, no second
PKI, and no change to the NRF API.

```
NF's existing SBA cert            /128                        Any peer can verify
SAN = urn:uuid:nfInstanceId  ──▶  2a04:2a01:5e0::a3f    ──▶   whisper verify --trustless
operator-private CA · ECDSA       into NFProfile.ipv6Addresses roaming partner · IPX · regulator
key never leaves the NF           DANE-EE TLSA 3 1 1 · same cert  no cross-cert · no private CA
     (public key + UUID)          (DNSSEC to the IANA root)
                                            │
                                  op:revoke → gone cross-operator at DNS-TTL
                                  no re-key · no new CA · no NRF API change
```

Same `nfInstanceId`, same cert, same key — anchored in the public DNSSEC root instead of a hidden
operator CA. The private identity your PKI already minted becomes third-party verifiable and
cross-operator revocable, with nothing re-issued.

And it feeds the tools around it. Findings land as a machine-readable feed into the SIEM the SOC already
runs — the **Splunk**, Microsoft Sentinel and OpenCTI connectors ship today, mapping to CEF and ECS, with **STIX 2.1 over TAXII** export on the roadmap. It is not another console your NF SOC
babysits; it's depth on the seam your firewalls and PKI don't reach, arriving in the formats they already
ingest.

### Every layer here, you (or your peer) must trust. Ours, no one does.

Your firewall's verdict, your PKI's assertion, a roaming partner's SEPP — each asks someone to trust it.
Whisper's core claim — *this address is that NF* — is checkable by anyone against the IANA DNS root, with
our own API and the peer's private CA both deliberately outside the trust path. No account required.

```sh
# keyless — re-derive and verify any NF's identity, trustless
$ whisper verify --trustless 2a04:2a01:5e0::a3f
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA 3 1 1) matches the NF's existing SBA cert
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — the peer's private CA was never trusted

# the address is the NF — reverse DNS names it, no NRF access, no cross-cert
$ dig -x 2a04:2a01:5e0::a3f +short
  amf-3d3e8b1a.5gc.example-mno.whisper.online.

# who really operates a host probing your N32 border — the graph API, with your key
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"185.62.x.x\")"}'
  operator:  <fingerprinted> · seen across 3 IPX ASNs + AWS / Azure
  rotating egress collapsed by JA4: same tooling, 37 exit IPs → 1 operator
```

```sh
# bind an NF to the nfInstanceId it already carries (the UUID in its cert SAN)
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
       identity_public_key:'<base64 SPKI of the NF's existing key>',
       device_id:'3d3e8b1a-9c2f-4e77-b6a1-8f2c1e7d40a9'}})"   # device_id = nfInstanceId
  → identity 2a04:2a01:5e0::a3f   DANE-pins the SAME SBA cert · drops into NFProfile.ipv6Addresses

# who has been resolving / RDAP-querying this NF — a recon tripwire at the N32 border
$ whisper lookups 2a04:2a01:5e0::a3f
  14:02Z  AAAA  vplmn-262-02 — enumerating your AMF pool before a roaming burst

# per-NF egress governance — default-deny lateral movement (CISA ESF 5G Cloud)
$ whisper policy set --default deny --allow smf.5gc.example-mno.whisper.online,udm.5gc.example-mno.whisper.online

# compromised NF — kill it everywhere, in one TTL, not one CRL per operator
$ whisper kill --revoke 2a04:2a01:5e0::a3f   # cross-operator, at DNS-TTL
```

Today you pass the `nfInstanceId` as `device_id` — a generic domain separator that ships now. A
first-class typed `--nf-instance-id` argument is on the roadmap.

---

## Whisper is one layer, done well. It sits beside these — not over them.

Plenty of good tools live inside the signaling plane, inside the SIM, or inside the compliance binder.
That's a different lane, and we don't claim it. Naming the boundary is the point: it's how you know
exactly what you're buying.

- **Signaling firewalling & packet-core inspection.** Message scoring across SS7 / Diameter / GTP-C / HTTP-2, and GTP-U / SCTP / malformed / DoS protection on the packet core. That stays ✓ for the signaling and 5G-core firewalls — Whisper does *not* inspect signaling or the user plane. We add verifiable identity, attribution and revocation *beneath* them.
- **The subscriber plane — SUPI / SUCI / 5G-AKA.** The permanent subscriber identity, its SUCI concealment, and the symmetric AKA secret in the UICC/eSIM with the home-network UDM/AUSF. That's the device-and-subscriber trust domain. Whisper targets the **NF plane** — the network functions, not the SIM.
- **NESAS/SCAS certification & FCC rip-and-replace.** We are honestly *not* a GSMA NESAS / 3GPP SCAS certification control, and *not* a route to CRA conformity or an FCC Covered-List removal. We're a defense-in-depth differentiator and a cryptographic PSIRT-attribution tool — value in the RFP, not a certificate you can wave.

We don't do signaling firewalling, user-plane inspection, subscriber-plane crypto, or type-approval
paperwork — and we don't pretend to. Whisper is the network-identity and attribution layer that closes
the three cross-operator seams, and it's honest about being exactly that. DANE/DNSSEC is strongest at the
*trust boundaries* — NF discovery/DNS, N32/roaming, NEF exposure, management — not deep inside the SBI
where mTLS and the NRF already bind tightly.

---

## No new silo. Mapped to your standards. Availability-safe by construction.

The additive posture isn't just tidy architecture — it's what makes the buy defensible. Nothing you
already run gets torn out; one line item closes three cross-operator seams and feeds everything else.

- **A feed, not another console.** The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS, with **STIX 2.1 over TAXII** export on the roadmap; a sample Sentinel analytics rule and a Splunk CIM mapping ship in the docs. Zero analysts babysitting a new pane of glass.
- **Speaks your compliance language.** Cryptographic attribution accelerates the who/where an **NIS2 Art.23** incident report needs; per-NF /128 micro-segmentation maps to **NSA/CISA ESF 5G Cloud** lateral-movement isolation; a DANE-pinned peer identity hardens the N32-c spoofing vector **GSMA FS.36** names; DANE-pinned NF resolution is an **EU 5G Toolbox TM02** move. [See the map →](/for-operators)
- **Flat, forecastable TCO.** Per-NF, per-year and flat — not per-signaling-message, not core-throughput metered. Against interconnect-scale economics that's a line item you can forecast. ROI in analyst-hours saved correlating disposable IPX/cloud egress, and one `revoke` instead of a slow, manual de-peering. [See pricing →](/pricing)
- **Fail-open, never in the datapath.** Whisper rides existing DNS/IPv6 and adds **no inline SBI chokepoint**. mTLS and OAuth2/NRF stay primary; if a consumer authorizes against the DANE/verify path, that plane is built to **fail open** — a Whisper outage never drops an NF, checks degrade to your existing anchors. Anycast on AS219419, no single node in the path.
- **Nothing issued in the dark.** Every NF-identity mint and every revoke lands in a public, append-only **RFC 6962 Merkle transparency log**, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable, non-repudiable issuance trail for your regulator. *Honest status:* tamper-evident today, independent witnessing is the next step.
- **A vendor built to outlast the question.** Real routable address space (**AS219419**), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start — the safest way to begin, and to leave.

> **"If Whisper is down, does my core stop? And does any of this replace my mTLS or my NRF?"**
> No, and no. The identity plane fails open and is never in the SBI datapath — a Whisper outage degrades
> checks to your existing anchors; it never drops an NF or gates a service call. And nothing here replaces
> mandatory 3GPP security: mTLS binds the cert on the SBI, OAuth2/NRF authorizes the call, your PKI issues
> and lifecycles. Whisper is a second, independent, *public* layer on top of all three — plus a
> cross-operator kill-switch — which also means low switching cost in both directions, the safest way to start.

---

## Keep your stack. Close the three seams.

Whisper is the identity, attribution and revocation layer that sits on top of the signaling firewall, the
core firewall and the operator PKI/SEPP you already run — additive, mapped to your standards, flat to
price, from the NF's existing key. Keyless to try, one call to provision, one more to revoke.

Secure your core → <https://console.whisper.security/sign-up> · [For operators →](/for-operators)

Or run `whisper verify --trustless` right now — our API isn't in the trust path.

---

*Whisper for Telecom · Identity on the wire for 5G network functions · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
