This looks reasonable to me and given how much effort it has taken to get agreement on theses words, I am not keen on any of the material changes I have seen proposed. On Aug 21, 2013, at 11:52 AM, The IESG <iesg-secretary@xxxxxxxx> wrote: > A new IETF working group has been proposed in the Real-time Applications > and Infrastructure Area. The IESG has not made any determination yet. The > following draft charter was submitted, and is provided for informational > purposes only. Please send your comments to the IESG mailing list (iesg > at ietf.org) by 2013-08-28. > > Secure Telephone Identity Revisited (stir) > ------------------------------------------------ > Current Status: Proposed WG > > Chairs: > TBD > > Assigned Area Director: > Richard Barnes <rlb@xxxxxx> > > Mailing list > Address: stir@xxxxxxxx > To Subscribe: https://www.ietf.org/mailman/listinfo/stir > Archive: http://www.ietf.org/mail-archive/web/stir/ > > Charter: > > The STIR working group will specify Internet-based mechanisms that allow > verification of the calling party's authorization to use a particular > telephone number for an incoming call. Since it has become fairly easy > to present an incorrect source telephone number, a growing set of > problems have emerged over the last decade. As with email, the claimed > source identity of a SIP request is not verified, permitting unauthorized > > use of the source identity as part of deceptive and coercive activities, > such as robocalling (bulk unsolicited commercial communications), vishing > > (voicemail hacking, and impersonating banks) and swatting (impersonating > callers to emergency services to stimulate unwarranted large scale law > enforcement deployments). In addition, use of an incorrect source > telephone number facilitates wire fraud or can lead to a return call at > premium rates. > > SIP is one of the main VoIP technologies used by parties that want to > present an incorrect origin, in this context an origin telephone number. > Several previous efforts have tried to secure the origins of SIP > communications, including RFC 3325, RFC 4474, and the VIPR working group. > To date, however, true validation of the source of SIP calls has not seen > any appreciable deployment. Several factors contributed to this lack of > success, including: failure of the problem to be seen as critical at the > time; lack of any technical means of producing a proof of authorization > to > use telephone numbers; misalignment of the mechanisms proposed by RFC > 4474 > with the complex deployment environment that has emerged for SIP; lack of > end-to-end SIP session establishment; and inherent operational problems > with a transitive trust model. To make deployment of this solution more > likely, consideration must be given to latency, real-time performance, > computational overhead, and administrative overhead for the legitimate > call source and all verifiers. > > As its priority mechanism work item, the working group will specify a SIP > header-based mechanism for verification that the originator of a SIP > session is authorized to use the claimed source telephone number, where > the session is established with SIP end to end. This is called an > in-band > mechanism. The mechanism will use a canonical telephone number > representation specified by the working group, including any mappings > that > might be needed between the SIP header fields and the canonical telephone > > number representation. The working group will consider choices for > protecting identity information and credentials used. This protection > will likely be based on a digital signature mechanism that covers a set > of information in the SIP header fields, and verification will employ a > credential that contains the public key that is associated with the one > or more telephone numbers. Credentials used with this mechanism will be > derived from existing telephone number assignment and delegation models. > > That is, when a telephone number or range of telephone numbers is > delegated to an entity, relevant credentials will be generated (or > modified) to reflect such delegation. The mechanism must allow a > telephone number holder to further delegate and revoke use of a telephone > > number without compromising the global delegation scheme. > > In addition to its priority mechanism work item, the working group will > consider a mechanism for verification of the originator during session > establishment in an environment with one or more non-SIP hops, most > likely requiring an out-of-band authorization mechanism. However, the > in-band and the out-of-band mechanisms should share as much in common as > possible, especially the credentials. The in-band mechanism must be sent > to the IESG for approval and publication prior to the out-of-band > mechanism. > > Expansion of the authorization mechanism to identities using the > user@domain form is out of scope. The work of this group is limited to > developing a solution for telephone numbers. > > The working group will coordinate with the Security Area on credential > management. > > The working group will coordinate with other working groups in the RAI > Area regarding signaling through existing deployments. > > The working group welcomes input from potential implementors or operators > > of technologies developed by this working group. For example, national > numbering authorities might consider acting as credential authorities for > > telephone numbers within their purview. > > It is important to note that while the main focus of this working group > is telephone numbers, the STIR working group will not develop any > mechanisms that require changes to circuit-switched technologies. > > Authentication and authorization of identity is closely linked to > privacy, and these security features sometimes come at the cost of > privacy. Anonymous calls are already defined in SIP standards, and this > working group will not propose changes to these standards. In order to > support anonymity, the working group will provide a solution in which the > called party receives an indication that the source telephone number is > unavailable. This working group, to the extent feasible, will specify > privacy-friendly mechanisms that do not reveal any more information to > user agents or third parties than a call that does not make use of secure > telephone identification mechanisms. > > Input to working group discussions shall include: > > - Private Extensions to the Session Initiation Protocol (SIP) > for Asserted Identity within Trusted Networks > [RFC 3325] > > - Enhancements for Authenticated Identity Management in the > Session Initiation Protocol (SIP) > [RFC 4474] > > - Secure Call Origin Identification > [draft-cooper-iab-secure-origin-00] > > - Secure Origin Identification: Problem Statement, Requirements, > and Roadmap > [draft-peterson-secure-origin-ps-00] > > - Authenticated Identity Management in the Session Initiation > Protocol (SIP) > [draft-jennings-dispatch-rfc4474bis-00] > > The working group will deliver the following: > > - A problem statement detailing the deployment environment and > situations that motivate work on secure telephone identity > > - A threat model for the secure telephone identity mechanisms > > - A privacy analysis of the secure telephone identity mechanisms > > - A document describing the SIP in-band mechanism for telephone > number-based identities during call setup > > - A document describing the credentials required to support > telephone number identity authentication > > - A document describing the out-of-band mechanism for telephone > number-based identities during call setup > > Milestones > > Sep 2013 Submit problem statement for Informational > Nov 2013 Submit threat model for Informational > Nov 2013 Submit in-band mechanism for Proposed Standard > Feb 2014 Submit credential specification for Proposed Standard > Apr 2014 Submit Privacy analysis for Informational > Jun 2014 Submit out-of-band mechanism for Proposed Standard >