Doesn't this assume fraudulent calls are NOT being made off of established "legitimate" carrier networks. A valid certificate doesn't mean it's not a fraud call, does it? I may be missing something here

In the near future, calls that arrive without an idenity token at terminating service providers will either be presented as “un-verified”, sent to a “Captcha-like” application, or be rejected.