WG Review: Secure Telephone Identity Revisited (stir)

The IESG <iesg-secretary@ietf.org> Wed, 21 August 2013 17:52 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1317E11E8242; Wed, 21 Aug 2013 10:52:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.473
X-Spam-Status: No, score=-102.473 tagged_above=-999 required=5 tests=[AWL=0.127, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id UVaufqe9D71V; Wed, 21 Aug 2013 10:52:03 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2350A11E83D4; Wed, 21 Aug 2013 10:52:03 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: WG Review: Secure Telephone Identity Revisited (stir)
X-Test-IDTracker: no
X-IETF-IDTracker: 4.70.p1
Message-ID: <20130821175202.24713.10458.idtracker@ietfa.amsl.com>
Date: Wed, 21 Aug 2013 10:52:02 -0700
Cc: stir WG <stir@ietf.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 17:52:11 -0000

A new IETF working group has been proposed in the Real-time Applications
and Infrastructure Area. The IESG has not made any determination yet. The
following draft charter was submitted, and is provided for informational
purposes only. Please send your comments to the IESG mailing list (iesg
at ietf.org) by 2013-08-28.

Secure Telephone Identity Revisited (stir)
Current Status: Proposed WG


Assigned Area Director:
  Richard Barnes <rlb@ipv.sx>

Mailing list
  Address: stir@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/stir
  Archive: http://www.ietf.org/mail-archive/web/stir/


The STIR working group will specify Internet-based mechanisms that allow 
verification of the calling party's authorization to use a particular 
telephone number for an incoming call.  Since it has  become fairly easy 
to present an incorrect source telephone number, a growing set of 
problems have emerged over the last decade.  As with email, the claimed 
source identity of a SIP request is not verified, permitting unauthorized

use of the source identity as part of deceptive and coercive activities, 
such as robocalling (bulk unsolicited commercial communications), vishing

(voicemail hacking, and impersonating banks) and swatting (impersonating 
callers to emergency services to stimulate unwarranted large scale law 
enforcement deployments).  In addition, use of an incorrect source 
telephone number facilitates wire fraud or can lead to a return call at 
premium rates.  

SIP is one of the main VoIP technologies used by parties that want to
present an incorrect origin, in this context an origin telephone number.
Several previous efforts have tried to secure the origins of SIP
communications, including RFC 3325, RFC 4474, and the VIPR working group.
To date, however, true validation of the source of SIP calls has not seen
any appreciable deployment.  Several factors contributed to this lack of
success, including: failure of the problem to be seen as critical at the
time; lack of any technical means of producing a proof of authorization
use telephone numbers; misalignment of the mechanisms proposed by RFC
with the complex deployment environment that has emerged for SIP; lack of
end-to-end SIP session establishment; and inherent operational problems
with a transitive trust model.  To make deployment of this solution more
likely, consideration must be given to latency, real-time performance,
computational overhead, and administrative overhead for the legitimate
call source and all verifiers.

As its priority mechanism work item, the working group will specify a SIP
header-based mechanism for verification that the originator of a SIP 
session is authorized to use the claimed source telephone number, where 
the session is established with SIP end to end.  This is called an
mechanism. The mechanism will use a canonical telephone number 
representation specified by the working group, including any mappings
might be needed between the SIP header fields and the canonical telephone

number representation.  The working group will consider choices for 
protecting identity information and credentials used.  This protection 
will likely be based on a digital signature mechanism that covers a set 
of information in the SIP header fields, and verification will employ a 
credential that contains the public key that is associated with the one 
or more telephone numbers.  Credentials used with this mechanism will be 
derived from existing telephone number assignment and delegation models. 

That is, when a telephone number or range of telephone numbers is 
delegated to an entity, relevant credentials will be generated (or 
modified) to reflect such delegation.  The mechanism must allow a 
telephone number holder to further delegate and revoke use of a telephone

number without compromising the global delegation scheme.

In addition to its priority mechanism work item, the working group will
consider a mechanism for verification of the originator during session
establishment in an environment with one or more non-SIP hops, most
likely requiring an out-of-band authorization mechanism.  However, the
in-band and the out-of-band mechanisms should share as much in common as
possible, especially the credentials.  The in-band mechanism must be sent
to the IESG for approval and publication prior to the out-of-band

Expansion of the authorization mechanism to identities using the
user@domain form is out of scope.  The work of this group is limited to
developing a solution for telephone numbers.

The working group will coordinate with the Security Area on credential

The working group will coordinate with other working groups in the RAI
Area regarding signaling through existing deployments.

The working group welcomes input from potential implementors or operators

of technologies developed by this working group.  For example, national 
numbering authorities might consider acting as credential authorities for

telephone numbers within their purview.

It is important to note that while the main focus of this working group
is telephone numbers, the STIR working group will not develop any
mechanisms that require changes to circuit-switched technologies.

Authentication and authorization of identity is closely linked to
privacy, and these security features sometimes come at the cost of
privacy.  Anonymous calls are already defined in SIP standards, and this
working group will not propose changes to these standards.  In order to
support anonymity, the working group will provide a solution in which the
called party receives an indication that the source telephone number is
unavailable.  This working group, to the extent feasible, will specify
privacy-friendly mechanisms that do not reveal any more information to
user agents or third parties than a call that does not make use of secure
telephone identification mechanisms.

Input to working group discussions shall include:

  - Private Extensions to the Session Initiation Protocol (SIP)
    for Asserted Identity within Trusted Networks
    [RFC 3325]

  - Enhancements for Authenticated Identity Management in the
    Session Initiation Protocol (SIP)
    [RFC 4474]

  - Secure Call Origin Identification

  - Secure Origin Identification: Problem Statement, Requirements,
    and Roadmap

  - Authenticated Identity Management in the Session Initiation
    Protocol (SIP)

The working group will deliver the following:

  - A problem statement detailing the deployment environment and
    situations that motivate work on secure telephone identity

  - A threat model for the secure telephone identity mechanisms

  - A privacy analysis of the secure telephone identity mechanisms

  - A document describing the SIP in-band mechanism for telephone
    number-based identities during call setup

  - A document describing the credentials required to support
    telephone number identity authentication

  - A document describing the out-of-band mechanism for telephone
    number-based identities during call setup

Sep 2013   Submit problem statement for Informational
Nov 2013   Submit threat model for Informational
Nov 2013   Submit in-band mechanism for Proposed Standard
Feb 2014   Submit credential specification for Proposed Standard
Apr 2014   Submit Privacy analysis for Informational
Jun 2014   Submit out-of-band mechanism for Proposed Standard