The IESG has approved the following document: - 'Secure Telephone Identity Credentials: Certificates' (draft-ietf-stir-certificates-17.txt) as Proposed Standard This document is the product of the Secure Telephone Identity Revisited Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/ Technical Summary In order to prevent the impersonation of telephone numbers on the Internet, some kind of credential system needs to exist that cryptographically asserts authority over telephone numbers. This document describes the use of certificates in establishing authority over telephone numbers, as a component of a broader architecture for managing telephone numbers as identities in protocols like SIP. Working Group Summary This document has undergone heavy review. Interoperability testing at the SIPit in September identified issues leading to the introduction of the JWT Claim Constraints, shifting where LOA assertions are made. The document suite has been through three working group last calls, the third of which was abbreviated to one week. The first last call stimulated significant discussion, some of which was heated. Document Quality This document is a component of a toolset for combating robocalling. In the US, the FCC is applying significant pressure to the industry to deter robocalling (with deadlines in the last part of 2016). An industry-led strike force is moving towards deployment of a solution that uses that toolset. The ATIS/SIP Forum IPNNI Task Force's SHAKEN solution relies on the toolset defined by STIR and profiles it for deployment in the North American market. Personnel The document shepherd is Robert Sparks. The responsible AD is Adam Roach. RFC Editor Note This document contains several IANA-registered values in formal ASN.1 definitions. The definitions speculatively assumed values prior to official assignment, and two of these presumed values have subsequently been assigned. As a consequence, the final published ASN.1 syntax will need to be modified to match actually assigned values. The areas to take note of are listed below. These two definitions, which each appear _twice_ in the document, will need to be updated to match the assigned entries in https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1 (these are known to need adjustment, as id-pe 25 has been assigned for another purpose) id-pe-JWTClaimConstraints OBJECT IDENTIFIER ::= { id-pe 25 } id-pe-TNAuthList OBJECT IDENTIFIER ::= { id-pe 26 } This definition, which appears _twice_ in the document, should match the assigned value in https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.48 (as the codepoint 14 remains unallocated, this may not need adjustment) id-ad-stirTNList OBJECT IDENTIFIER ::= { id-ad 14 } Finally, the (88) in the following definition from Appendix A needs to be replaced with the actually assigned value from https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 (the current value of 88 has already been assigned for another purpose, so this will require adjustment): TN-Module-2016 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tn-module(88) }
