[OAUTH-WG] JWTs helping combat fraudulent and unwanted telephone calls

Mike Jones <Michael.Jones@microsoft.com> Wed, 12 February 2020 23:29 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B6AD12001A; Wed, 12 Feb 2020 15:29:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ElZ-JZ2AMTYr; Wed, 12 Feb 2020 15:29:13 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640107.outbound.protection.outlook.com [40.107.64.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF32120019; Wed, 12 Feb 2020 15:29:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TZBLERURD3KRnmFioMfe+v2z6ckz+2dbd1W9y3eGxnfaqVIt2HxitM3Dj3ezKoLuFDwwBuRENHKyetyd9gORXeDGlqZ+mpSESlIGR/gztXQG/+VEdgo/SlAdjun8d1sgJbnpYcmZHLcDf34sYSpJYq/LJem0Swm0U9qU/MHeVAiWD2/57o5NwjwOOG2tXdlgfu1Ku0nTGi+JrIoaJl41PeyZZpwUN7gqqRZHcrvJvYfDzKTLpHN5YDVT7O8XKPBz4oYaJ+k3R1tPTSCQX45Hao8LgbFNJx37nnNncWyBM3m/V8eSNbLzXp0BLx5oDwrWXOvvoUTLmewZdwA7awaABQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sR4SCY2wwgIoFd/hAOHNbGpBtdIE/FSiZNyaPJVaHXY=; b=YpU6UY3NIuMQuDRe+zt/EviGiNqAgnsjZ58K7QD2/kcUxIMSffKN9KujUz0OBR91T/B+DXZ8T+mLHaFrB6wUMHthsvjc2d9yPnrnmfjrJHQLdGIcFnWrhIXal4ayFmKGcnzeIlqdVsHvzVPVeUyQnOONPYNzLDOXh7iGUPTW3TipL5TuxmzCOX4tCGA8PSYcRxS2gyKX8zK8cRrZunhEHn+NXbwyCAvRcUvGBGxyJ/570Ko0sNq0kDOh10IyAC4qNfMUAhDkyxwl5PZ2b6/ytpHAHysyDNvKK5APeuyVrF1556Z+z9sRfLy4RGNDQ4JGJ48gVFkGlGash6OSDJDUqg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sR4SCY2wwgIoFd/hAOHNbGpBtdIE/FSiZNyaPJVaHXY=; b=KD1nzlcoJ1eWXGB0ITT53GL7O+yYFaQgk0tfQiXgOGZ+tYPen/uU0JHzAcw6XPNgSQfnTUqd6i48m97jhcS3h7e5FTiomYcUpPZS3uEYelLIMKwQ2jGKMrKB9k8rQZikutKMmy5Oi9y4rQw7oOYboBvPESXgRE9yJ+eM55ozOKw=
Received: from MN2PR00MB0688.namprd00.prod.outlook.com (10.255.125.23) by BL0PR00MB0403.namprd00.prod.outlook.com (52.132.20.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2761.0; Wed, 12 Feb 2020 23:29:11 +0000
Received: from MN2PR00MB0688.namprd00.prod.outlook.com ([fe80::393e:e323:9372:f755]) by MN2PR00MB0688.namprd00.prod.outlook.com ([fe80::393e:e323:9372:f755%3]) with mapi id 15.20.2769.000; Wed, 12 Feb 2020 23:29:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
CC: "nat@sakimura.org" <nat@sakimura.org>, "ve7jtb@ve7jtb.com" <ve7jtb@ve7jtb.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: JWTs helping combat fraudulent and unwanted telephone calls
Thread-Index: AdXh4vPXv93YS6C6SYO9au6ntF8OZA==
Date: Wed, 12 Feb 2020 23:29:10 +0000
Message-ID: <MN2PR00MB06881F2AB81562E8989E8887F51B0@MN2PR00MB0688.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=81fae285-1728-4d31-9a00-0000c8f4669e; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-02-12T20:26:57Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [12.1.75.136]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 9eb3b2cd-6124-4788-c474-08d7b0135d38
x-ms-traffictypediagnostic: BL0PR00MB0403:
x-microsoft-antispam-prvs: <BL0PR00MB0403B9A00E878EA107D39441F51B0@BL0PR00MB0403.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0311124FA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10001)(10019020)(4636009)(366004)(189003)(199004)(7696005)(81166006)(66946007)(52536014)(110136005)(9686003)(54906003)(26005)(81156014)(86362001)(966005)(8676002)(5660300002)(76116006)(186003)(8936002)(66476007)(6506007)(64756008)(55016002)(498600001)(71200400001)(66446008)(2906002)(33656002)(15650500001)(66556008)(4326008)(8990500004)(10290500003)(26123001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR00MB0403; H:MN2PR00MB0688.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qFPagCSYDmyZLP4/tQXnmRLROF5uKXmezPCGV4I+8fTUYdEPwTFvBy5Lwl0+XDahMIqX12ROQIwCTm9QMqBZYon9uH1rkNUEbi6krxxp+KizOUOI3uLHusN56xIJPmZ+Dn+jADY3BbYSbApvuS8Io4C5pVAMl43EHpoh0Fl6PbIA6+r4FQpYqe0patu99fct6aApds0UYeCiZy/JJQQFwWC6L5oBQpdFJSb6uhtldck/5bcnynY9zsOy152k8N/ozrKrM1klPJCWCs/tN3d5SvtUwP8x8GIv0FED2QGLkmzPEG9TuI3Drsev9ZPteQUrrMLVmYwIOTpr9gPfPK/ceRyXOaAGZn618L/+t8HOW2C9nie76TDoQpSYi+VqVG76S//KWyhe7PUtwkjqaLqO7kbQTPoRxdEIMZh6q2vtcYpdHVVpKLMxtqZ1Mzrs0KR6akzAnqIOi3cydqQQkiEa6ipiUx9WxFL2gzm5LBw93xwWXzER89qHM7vNM4VVrW1plXCcCwPwHS/p4jYYMpsw6XVtLGV9v81AJqtKY2lppkk6WbzPB6DwXX4B5NBKTf4B5WjRMpdig9hdvLiMwaDQtp17PHkKVD6gnnWkjPFxIKq9Il0enhu6Zgd9y4x6aww0AWcx2KoMknQ6bA6K29Ijz7n6F2HDjQxk89XxY/bZAEk=
x-ms-exchange-antispam-messagedata: wQRWVqdHO5nKdVxx2OzT2S+2T5XEkEAlvUzGWr/+OoxgReIM5uMQK3NbUHCOkXQj0eiEoJyBQOrT+XdjhmlzV6uWagis9Bm485hiOlBkn1pKwnaWjafVG3I818WXY77inZ0Ai9qb+ZxhYvLE10kWqw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR00MB06881F2AB81562E8989E8887F51B0MN2PR00MB0688namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9eb3b2cd-6124-4788-c474-08d7b0135d38
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2020 23:29:10.9490 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: M2thqzRu2NrAvvZqw1P/hxLVHthFrIB6Fv465s7zu2QJqBBXqS7U8DIjrk6klSuiFxQU+nks9HmYh+UHYlJ4AA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0403
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Hg93C2lZQrVaRzCIbMruuCxufP8>
Subject: [OAUTH-WG] JWTs helping combat fraudulent and unwanted telephone calls
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 23:29:16 -0000

I wanted to bring two excellent articles by the IETF on work by the STIR working group<https://datatracker.ietf.org/wg/stir/about/> to combat fraudulent and unwanted telephone calls to your attention:


  *   STIR into Action<https://www.ietf.org/blog/stir-action/>n/>, January 2020:
Abstract:  Providers of voice over IP in the United States will be required to implement the IETF's Secure Telephony Identity Revisited (STIR) protocol as a result of recently enacted legislation to address some of the root causes of illegal robocalling on the telephone network.


  *   Causing a STIR<https://www.ietf.org/blog/stir/>r/>, August 2019:
Abstract:  Recently, the output of the IETF Secure Telephony Identity Revisited (STIR) working group has received considerable attention from service providers, regulators, and the press because it addresses some of the root causes of the illegal robocalling which has crippled the telephone network.

I love this work for two reasons.  First, like the rest of you, I receive a huge volume of unwanted and often fraudulent phone calls.  I love that engineers and regulators are partnering to take concrete steps to reduce the volume of these illegal and annoying calls.

Second, I love it that the STIR protocols are using JSON Web Tokens (JWTs)<https://tools.ietf.org/html/rfc7519> under the covers as the format to represent verifiable statements about legitimate uses of telephone numbers, enabling verifiable Caller ID.  It's often said that one sign of a standard having succeeded is that it's used for things that the inventors never imagined.  This is certainly such a case!  I'm proud that the JSON Web Token, which we originally designed with digital identity use cases in mind, is now being used in a completely different context to solve a real problem experienced by people every day.

                                                       -- Mike

P.S.  This note was also posted at https://self-issued.info/?p=2045 and as @selfissued<https://twitter.com/selfissued>.