The IESG has approved the following document: - 'Secure Telephone Identity Problem Statement and Requirements' (draft-ietf-stir-problem-statement-05.txt) as Informational RFC This document is the product of the Secure Telephone Identity Revisited Working Group. The IESG contact persons are Richard Barnes and Alissa Cooper. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-stir-problem-statement/ Technical Summary Over the past decade, Voice over IP (VoIP) systems based on SIP have replaced many traditional telephony deployments. Interworking VoIP systems with the traditional telephone network has reduced the overall security of calling party number and Caller ID assurances by granting attackers new and inexpensive tools to impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes or even circumventing multi- factor authentication systems trusted by banks. Despite previous attempts to provide a secure assurance of the origin of SIP communications, we still lack of effective standards for identifying the calling party in a VoIP session. This document examines the reasons why providing identity for telephone numbers on the Internet has proven so difficult, and shows how changes in the last decade may provide us with new strategies for attaching a secure identity to SIP sessions. Working Group Summary This document is a product of the STIR working group. Document Quality This document and its predecessors received significant review from during the working group formation stages to its current form. There is solid consensus that it reflects the problem the working group intends to address. Personnel Robert Sparks is the document shepherd. Richard Barnes is the Responsible AD.
