On 6/21/2013 8:24 AM, Richard Shockey wrote:
The issue in STIR is particularly distressing. The regulators are actively asking for help here and I'm convinced the IETF can make a substantial contribution here. http://www.cs.columbia.edu/~hgs/papers/2013/2013-source-identity.pptx
...
http://tools.ietf.org/html/draft-peterson-secure-origin-ps-00
STIR is having an interesting discussion about viable architectural models.
The basic problem it seeks to solve is validating the authorization to use a given telephone number in the SIP From field.
The main proposal is for two mechanisms to be operated in parallel, for all SIP-originated calls (and maybe all SS7>SIP calls):
1. In-band signing - package a signature in a separate field, that carries the semantics of authorization for the From field number. The proposal calls for the public key to be in a credential, managed in the same loose-trust bushy-root CA anchor model used for Web TLS server authentication.
2. Out-of-band caching - store signature information in a public cache, to provide recovery from transit handling that destroys the in-band signature, such as transit over SS7 (SIP-SS7-SIP). The validation agent checks the cache whenever a valid signature is not present. A proposal for this is at:
https://github.com/ekr/ietf-drafts/blob/master/draft-rescorla-callerid-fallback.txt Draft charter for the activity: http://www.ietf.org/mail-archive/web/stir/current/msg00200.html Mailing list: Mailing List: https://www.ietf.org/mailman/listinfo/stir d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net