[stir] Re: Verifiable Voice Protocol (VVP)
"Peterson, Jon" <Jon.Peterson@transunion.com> Tue, 14 October 2025 12:17 UTC
Return-Path: <Jon.Peterson@transunion.com>
X-Original-To: stir@mail2.ietf.org
Delivered-To: stir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 76574731ED44 for <stir@mail2.ietf.org>; Tue, 14 Oct 2025 05:17:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.695
X-Spam-Level:
X-Spam-Status: No, score=-2.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=transunion.com header.b="lZgyjvcD"; dkim=pass (1024-bit key) header.d=transunion.onmicrosoft.com header.b="Cu1HKNQD"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srj_-ZBQxE8S for <stir@mail2.ietf.org>; Tue, 14 Oct 2025 05:17:39 -0700 (PDT)
Received: from mx0a-00030c01.pphosted.com (mx0a-00030c01.pphosted.com [148.163.156.98]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8D86C731ED3D for <stir@ietf.org>; Tue, 14 Oct 2025 05:17:38 -0700 (PDT)
Received: from pps.filterd (m0216092.ppops.net [127.0.0.1]) by mx0a-00030c01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 59ECC2Fa019513; Tue, 14 Oct 2025 07:17:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.com; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=tuppdkim; bh=VrDO5LxkuCd+VqfPx7Sjyml49 MsAFgmmf+RF3pg7tls=; b=lZgyjvcDz5G+NCV5NUjaLueLXhF2DDotPR0BvfQQL UGgLwZBq+ASX4Yoc6TlrNnxN7J9+UJWwrE/eLMpCykoOxW79U/sY6HJ+SLgbwILj n2AI3hyxYbURFnWUiObu/q7bti70kj9WrrdxBpHCBw/Eo+g+SrPqAvPDQAznKseU XVuo7QE5vh9XTNqSd1+HPpUs0qk5Rcuaoe0Xxjq61sJjArrUS7av0nb3TbrwzTx/ Sty5VXh4i1hIm9CFwCjfvIECBsY6sod1mdIGfKmctFno9ZtJS5hidBfDJ8/dPDyt 1hopqb/oSlILC5KZTCmwmgHKEWDIT+ORquh7o8YNv1NrA==
Received: from byapr05cu005.outbound.protection.outlook.com (mail-westusazon11010027.outbound.protection.outlook.com [52.101.85.27]) by mx0a-00030c01.pphosted.com (PPS) with ESMTPS id 49sdnnhqqt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Oct 2025 07:17:28 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WujvjVcKWwlHWPhSIbKS7KlKFIJTrvYYHn0XGB6ishSt4VVfv6FdXbXCLtSLAcwFZtW9pz/KDLy8FomeyEWrFEUievjBsGoaO3lIh8qiwwTNEBgj1VU4xll0kC/GYEE9IdmSSZlyHevmsSwf9C2WgS63mxEpVC1SCriNqq8Oe7tPtPI1Z+gpSn+SOtRzl6+qc1sO/l/DricTGZpfdl35PPt9eH2mT2wc0iuCOrIE8ifDwpv5iwcBWTerlGz/C30BGbBmlpBcqY5xHWUbEENsAzW6DlX9Y16xoWb6Rp4CN7fYsP55niQDAiiRGiOhfW/obv+Ed99HT4VfdgokKGa7aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VrDO5LxkuCd+VqfPx7Sjyml49MsAFgmmf+RF3pg7tls=; b=u3fbS635EhjWDakxLWpVDyszsSDSmt9GO1iGv1OeaUTNrFc0VshPkebqinrPDVd222wjxMCfWhwPftqaMgznK96cKyXPa8qlVK4UoJptO7/+DqTmTxu1v3wJJJ8VOE+rkGL7iKl2fhVDCssqwxtSd4AF7DCP6pKhA5BVfHrTsRNWCrQTRSwG40w2KkTnA39RQYYr/SbSiFxWFmPO8cfPtoJeKrEgurgqpbFwUmh1yOxKmKvC5rW8QQlEjydMDmWvSo44o6dX771iuYoFUbtWHCH2zhkRIcoFqPW8w7Hp0oVsbeAYDixVrT49CRKP+PUcE5WUSu4RVvrkmkbfAU+uNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transunion.com; dmarc=pass action=none header.from=transunion.com; dkim=pass header.d=transunion.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.onmicrosoft.com; s=selector2-transunion-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VrDO5LxkuCd+VqfPx7Sjyml49MsAFgmmf+RF3pg7tls=; b=Cu1HKNQDrzLszh1Scw4/cryuJC/bHkKjyQe7b6sh8Q3QK2iSZ9yMCswcadXqAKwao6cG+cYO4+uElDGRVe5H0kIb3ppsI03sEu4x+Zoc61+7T47zUQs4XKAWhfKTWlIZhdjJhdtUrW5RQ8swHrGC7ESinwTFRgPfK7Oux14bgSQ=
Received: from CO6PR17MB4978.namprd17.prod.outlook.com (2603:10b6:303:139::23) by DM4PR17MB5995.namprd17.prod.outlook.com (2603:10b6:8:46::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.10; Tue, 14 Oct 2025 12:17:25 +0000
Received: from CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::75f3:2d23:490a:feed]) by CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::75f3:2d23:490a:feed%6]) with mapi id 15.20.9228.009; Tue, 14 Oct 2025 12:17:25 +0000
From: "Peterson, Jon" <Jon.Peterson@transunion.com>
To: Orie <orie@or13.io>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [stir] Re: Verifiable Voice Protocol (VVP)
Thread-Index: AQHcOG6ix+kW+ebbv0KYgul9n3b7urS4hXAAgALaUoCABjU0Mg==
Date: Tue, 14 Oct 2025 12:17:25 +0000
Message-ID: <CO6PR17MB49786AE19F3623ED479CCBD6FDEBA@CO6PR17MB4978.namprd17.prod.outlook.com>
References: <CAD5OKxsCDRA_TWfqBNQjpoACntFfqOS98cVHL8aWNR8YKvjR+Q@mail.gmail.com> <0687B06D-E2A6-4461-8486-91D6DF64CF85@chriswendt.net> <CH3PR13MB67474A4BBA37A797BD655CD9E1E1A@CH3PR13MB6747.namprd13.prod.outlook.com> <CAD5OKxsDrC9r-skA_h+=hiNcFELONEKncvz-woiN2wwOs9JcvQ@mail.gmail.com> <CH3PR13MB6747A843414CC671AA4588BFE1E1A@CH3PR13MB6747.namprd13.prod.outlook.com> <D3BB43A7-4249-4BB9-8237-16118933E742@vigilsec.com> <CAMzqgoysSOsXTzn6xH2ok_bx7yjpbONQVSzyj25tfZ2E2oeUaQ@mail.gmail.com>
In-Reply-To: <CAMzqgoysSOsXTzn6xH2ok_bx7yjpbONQVSzyj25tfZ2E2oeUaQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO6PR17MB4978:EE_|DM4PR17MB5995:EE_
x-ms-office365-filtering-correlation-id: 9141343b-6460-4e65-12af-08de0b1ba2d7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|4022899009|1800799024|38070700021|13003099007|8096899003|7053199007;
x-microsoft-antispam-message-info: FQU6NSI4oPtk8sWEMB+KVEOPakDq13Ghv75gRqYPIIoEi8cvufzL0QOFAejrX6Es3/m/gcG+PM40rdqLaXFj72Fc/ZSc+gfI8VDloNa8tbH9026yD2sc+t1BSbxxMSOgFgF5Lbb6dG/aWzOism6tX04xTt1PGleLNFYm1Y3azurF/2UowEkn14q6gJ7GXs9pNbfM9jztF89I9evXImY5Du9AJJa62norarqBpZJs2GVoI/DMpviS7AYTrPeqg3FpJLcb5ADyUrzaQK5xmj8iKyseun212Psz98hbJdVTeFDT+bVz00QwIN1zx5cGgXz6lCZif7+MuoD7lrbLpRHN8AssyKi6ED0Qk0HwO6BiaArON3TNzP2q52ClfY1GjS5+RNlxZUhogpPSmvoBRBdE/DqSmx6nIls0VlHxdB/x8J2QO9hM7vn9qiCi3RXHB8zNpkMGf5MEMfTn5Ld5dzB+raPf56k6C8VP9yh3Sy6p8pTPsrlgDzu45GurmvHKgIOVV5a9vxMQgDv8/HJCXM+yIygG1mxJIjKt3E15TRv9OhU+PStxJo05ftkyuvy4FLK2Wjzdqt4mtvvG57XzTlHoKQgF8VX3AJHW4Td1aSBMazBbcc6u1obRuFuELFs2k+Q/iFuXqePD97szIqOx6Sk1vlqer7ahaf7JQlRMumL7srjRvVHxlqBoBNDTS5f/HxKgsh3O2Nd3WLqgOx3aLYcP5B/2LAn/fTmQTyU3+vMVXPy5CUsk/o5afuSKrzJY2auHbAvZgaUPTzUitsDI5qknG2aQR5De6MSEUMUf7KVS+3xVUOrQXuf9ghIAfsB3XXfg4gQSqaJgz4RcNcu2EL73MDgXeNRaCVdM+PlAkvQEZFZqYl/IALTzPZ2vX+axa9GbW2tPeH8UxtLWS7DaExdz7rF5vEtwlgyb0Q49zChgDo3EaDlD1OAKub0RnYQWGKYBqowjHXDFmTqDAQeP3WXMiyHNolZ10jzfKEgn813UiVi63k72Efx1JUKHXrPs277BxWjk8f336cLk/qL449EZ9gRVZaF0ophbZoVOvhCpb18whH1oBqfzSNBf53pQrok6Q4MXGaKZ2rOx9oSE4RoKj7obL6jD/I9z/CLrGRx74nV9Btni0GHMDVhUbYD6qEiRYE656LsOhYqLQ8rpcTDgjeQ3EJRizVcx7s8ViVufrR9/oSiTkIpq41aI1J8TgTuTz3C/LB52h7NxzG/8b3ou3Y7hIXK1NSnDmVE6410YiR5fBHrOtEwflU+SQU269SDHyCdyJQG3CUpBsinLY31oHwE6j/sO0lzfo1vZ1BrBY/2hO8wniaCWsJsebkXT0v4mAoBQgYcqMnN4mScSsd6zEZEo9lb31ZN962C8b5lqnlki2Npagor0UbsOIdrBghzqTC0WZ+FHuJnE2yV0+obD2Hi0VV9QqPb2cmvRkCuX87KjxYXzFKa6B+6aVtfICGedBUFMEUti90cu6I+4g1ZtNQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO6PR17MB4978.namprd17.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(4022899009)(1800799024)(38070700021)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: esXKKJFfuGH6nQSLLEwveoLXqQQHk+dyL+5B4PDB15WDTy8/KWNiKFfVSe1P8Tl8vFwVvzhdXpi9G9FQFk2gh0SzHUukUS2m9Wbh0UVwHUKhhel5uXhr3k91boYcFo8xPIR/LHOMZwuyKYqByz+fjjxtf98cJQuSIs0uUW3kA/p8EwVoL7C2wuU6AQNxSrgVTOcVyiXrX1qmTS5RZ2UpvJNWT1oMAOlp+HL73b7kUNpeXqK1T5eKAoIt5QF2Mkd3QzM939adtWwRdvgim82KPjOXA4k13NOVAQld0WGTp8ifE9lyL3gBqPlJGoxLL/my0bXNW3heLv4RnDbxOZGVUT9Ju9I2dyfEaSFdIwEJE2Ykvv2KQPkhgD2qYCtFjjeUNlE0HThAxXbJwhGY/q1nR/Z0SRb2p3fIptDG91xwQKK8Lq9MIgdFce+d0UHjdYB2NX939LqiHXEEJ67JNn0tKnkIbe0FewcVbfxS3mhJGPFitBmELWY/Gy57C9mkWmHB6lIjWqGKs2mzoBwiOwdSEE5WpPpWwiII7Zx8iwx31c2IExnuScpNlSCw5Xfr6ITI+oR0l/1DhmBL6k8/dpS8B2J1STJgaXwGq75+311tHCR0HAsy9O+iCITr6D4nlp1s6f5Cdd0fr8q4Z9mQAIG9QGX1iA5Ha+3OkUQJrYFR112Cy7PjQUH8b9FCFZzpcTM0UgjXdo3CjvIffEnxLdX368I9TgsjEzv+z2VcbmKuxi//uN2/KsxeZknorD+MY12MH6lMIvLjFpoSBzjoYcVAQLlBvxGkWdDJvCfYjcVLE/0nOFVUrQGd4yCWgYbB7DLHsQ4yEdYTyDTk07qy9QwgxNREVfLu2rM8lXb19v8NIouQ4x9kEjFyJcwsRFAUycqH05Ka2q3lz6Sx9wKqe/9uVMZ23hjYj7JferXzQ7BJzzNIn3sUkGrNOGwaM2oah+MZnsy5ywEfKT5jpiz1RrrQCRcB1Xs5XW1r4YLjNsJjugzpWQg0+rRnGVTarl6CFaTvgOsGn0zXKpuF55S2SSRmP0RtTouzhf7NTseiLTaMW4HyCdgGmqkiFGlO4ctTYeIgfcwwxkhKTwOfKS+5II+iEZIwkklJ7XgtBy94jJlI+TR0btpmbhavpdkoF+bJJ7aYAKABLLNgUJs29h1CWWm3zkLccLR+OPLxOvTa+azi1HAJwyJfDLpMC/JKgvuwlQBuUjNny0VhmTrr7DM8OXJA9jK01tZeBB5kWDJcHBT170SLCRngEhXB5hLNNTvkQ+J8JLsS7WbILLYmnhnOSboWlXT3baa6KUppHaAmQonfUrtA2bOOQ6GjFNsfcWMeKJlXGCPeeG5pTg8xE2uJo4zpbTQT9wjL7enIIWu6imRHWpNMGY9kKr8GN05b46X3KlPoCY5kc6QmA7qBlkM943OgKcLIGvx1WQzKjJaieN7LQsU6+T8P1kFzs30ceq8a+RPue67xAfKKHQtde1XzcPi4wejYa/fJQ17Wtnc8bjGtKJ57S72ps8Qy0VFIMzkHRKovGogylAzTbJUC19lvCp8ZGhFFhpnEqDe1+fF092oJN6nJcz4git07cd9u7S6QSCFCI+eDktqfuT/1sy44+X6dmL+iXK40InWeBTbSOuEZGpk=
Content-Type: multipart/alternative; boundary="_000_CO6PR17MB49786AE19F3623ED479CCBD6FDEBACO6PR17MB4978namp_"
MIME-Version: 1.0
X-OriginatorOrg: transunion.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO6PR17MB4978.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9141343b-6460-4e65-12af-08de0b1ba2d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2025 12:17:25.6750 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0685d760-4332-4f24-b2ea-ffbbc2383f15
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: C82/vIGrwvvlJBPf4wkYJzcOyA6+4Vh1iIl+9V7zF+PJYoMET37jZgkRSvvsr5haeN5Rk5iCqG0zJFWbk6ezUV/O6YLLNVQXcE8VLKOsQM4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR17MB5995
X-Authority-Analysis: v=2.4 cv=F6tat6hN c=1 sm=1 tr=0 ts=68ee3f58 cx=c_pps a=3isWwmYGSdluMw1j68YAZQ==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=9QfKlLONOboA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RpNjiQI2AAAA:8 a=48vgC7mUAAAA:8 a=SSmOFEACAAAA:8 a=OENpm5DYAAAA:8 a=tGX7uwomAAAA:8 a=gYdj9CMZAAAA:8 a=w1VtefKfAAAA:8 a=fuZCEjYyTRn1OLBWaQUA:9 a=lqcHg5cX4UMA:10 a=QEXdDO2ut3YA:10 a=39uyPCLvXxQA:10 a=o_ianMma39wA:10 a=RG2feypgzCcGetkU6SIA:9 a=tqdMzFhGG8mD8GCBlf4leDhY3gs=:19 a=RbihSCbmS7UqdsLG:21 a=_W_S_7VecoQA:10 a=YJwUl2ujW4Y_XnIir_F9:22 a=aUs-xJEnSl5POLiEmVNU:22 a=ZFOOzkjxzLGrPE5HuMia:22 a=HE9wkd683oz8aKaGCqil:22 a=xm8PXHvXF9WL09pmvKgj:22 a=cPQSjfK2_nFv0Q5t_7PE:22 a=poXaRoVlC6wW9_mwW8W4:22 a=pHzHmUro8NiASowvMSCR:22 a=xoEH_sTeL_Rfw54TyV31:22
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDE0MDAxNyBTYWx0ZWRfX05YVqjCt6uHV UnwgjHjvx94NHuKqsgaUx/OtGti9jJOVazjcEoJL0K4SKs6FcpdvRXIEumc0V3wQ2ooUkdl+ckf 2NywzBIrbSPa9fiRyTx3MeblGGvdYSrz45FdMO/Ay2tbn3qoGjYlsjGmuDIERZ5Vd8gk3nerWU6 dejqCcaIcNY2d0mlgW90MF4CU56it0FB40o7Ys+nF+RfIq7/qerHQIlEs0ep0A1Xaz6KnsT13Y0 /sXVBHOW1RKcUmt/1t5ICBpjqCjxEQCtypsABRqV7wNWgsLLOEEQ7TPZfOQRe2m4N4ZgXhaWHpY tCvpxXqRl1jt02UJGvZU5FixM6RhQfBabQpNfMcBuA5aut9WQkuxmQ58pFr/ArPICvTqUfznlIh +ezKtIATEGlYUSPRTrVHPUaIuT3q/g==
X-Proofpoint-GUID: ox2-trMzNpcIUt9i8y0rnJRTHvFr6H5x
X-Proofpoint-ORIG-GUID: ox2-trMzNpcIUt9i8y0rnJRTHvFr6H5x
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-14_02,2025-10-13_01,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 adultscore=0 clxscore=1011 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2510020000 definitions=main-2510140017
Message-ID-Hash: ZNQ43UTGCJ4STIW5ROOAU5NQPDRLNHVW
X-Message-ID-Hash: ZNQ43UTGCJ4STIW5ROOAU5NQPDRLNHVW
X-MailFrom: Jon.Peterson@transunion.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-stir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Pierce Gorman <Pierce.Gorman@numeracle.com>, Chris Wendt <chris-ietf@chriswendt.net>, Brett Nemeroff <Brett.Nemeroff@numeracle.com>, Richard Shockey <richard@shockey.us>, IETF STIR Mail List <stir@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [stir] Re: Verifiable Voice Protocol (VVP)
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/TNdAZ0KHrGHjxGjUQAWM3Hv2OcQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Owner: <mailto:stir-owner@ietf.org>
List-Post: <mailto:stir@ietf.org>
List-Subscribe: <mailto:stir-join@ietf.org>
List-Unsubscribe: <mailto:stir-leave@ietf.org>
I took an initial look at this. Broadly, I’d probably embed most of the information in the proposed new PASSporT headers/claims into either subelements of rcd (a lot of this overlaps with what RCD does) or into STIR certs themselves. RCD is supposed to provide externally verifiable data about the calling party, data that you trust because you trust the party signing it - architecturally, it should be a sufficient wrapper for the sort of dossier the draft is linking to STIR. In most STIR deployments today, the OP (as the draft calls it) is the entity signing the PASSporT. If we could snap our fingers and make it the TNU (as the draft calls it) that signs PASSporTs today, I imagine the bulk of the problems this draft is trying to address would already be solved without the addition of any new headers. STIR has always strongly favored making the security association here (caller-callee) as end-to-end as possible. Also, transmitting this sort of assurance back from the callee to the caller is the problem we call “connected identity,” there is a mature draft describing it (4916-update). I would not recommend using an SDP field to pass such information in the backwards direction. Jon Peterson TransUnion From: Orie <orie@or13.io> Date: Friday, October 10, 2025 at 9:19 AM To: Russ Housley <housley@vigilsec.com> Cc: Pierce Gorman <Pierce.Gorman@numeracle.com>, Chris Wendt <chris-ietf@chriswendt.net>, Brett Nemeroff <Brett.Nemeroff@numeracle.com>, Richard Shockey <richard@shockey.us>, IETF STIR Mail List <stir@ietf.org> Subject: [stir] Re: Verifiable Voice Protocol (VVP) This Message Originated from Outside of the Organization Do not click links or open attachments unless you can confirm the sender and know the content is safe. Report Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/GX53klZ1TQ0!Y2Oq2O7wX37ubKekr-dBgYAjreGWKEVVDeLxjlKzsFDxWCESADeCsixwdZGWnG05ljc6pG33AO2U8owwJZgxbQXbV9GaVEd_2XRVawHgoC6IXX370JXaPMwhHPbUM9MVKg$> Hi Daniel ! & STIR, First time seeing this draft : ) There have been some STIR presentations of applicability of the "Issuer, Holder / Presenter, Verifier" model for verifiable credentials to STIR WG, at previous IETFs. For folks less familiar with Verifiable Credentials, they are sorta like https://datatracker.ietf.org/doc/html/rfc5755<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc5755__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5X6QogRIo$> They are also worked on in OAUTH and SPICE, with primitives coming from JOSE / COSE (or other security mechanisms like https://www.w3.org/TR/vc-data-integrity/<https://urldefense.com/v3/__https://www.w3.org/TR/vc-data-integrity/__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5Xos8Xu3M$>, or https://trustoverip.github.io/tswg-acdc-specification/<https://urldefense.com/v3/__https://trustoverip.github.io/tswg-acdc-specification/__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5XKCbTM4c$> ) Here are some related drafts to consider: - https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5XvE9nRZY$> - https://datatracker.ietf.org/doc/draft-wendt-stir-vesper/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-wendt-stir-vesper/__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5X3AEU4Ec$> The security technology "ACDCs" have also been proposed in this draft: - https://datatracker.ietf.org/doc/draft-smith-satp-vlei-binding/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-smith-satp-vlei-binding/__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5XhyF--Oo$> I'll leave it to the STIR chairs to handle the agenda discussions, just thought I would share some background on this topic. Regards, OS, ART AD On Wed, Oct 8, 2025 at 12:44 PM Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote: Pierce: For historical reasons, the tooling fills in “Network Working Group“ if the author does not specify a working group. The final RFC is approved, will just indicate "IETF" Russ On Oct 8, 2025, at 12:14 PM, Pierce Gorman <Pierce.Gorman@numeracle.com<mailto:Pierce.Gorman@numeracle.com>> wrote: Is anyone aware of an effort to bring VVP into the STIR working group? The protocol specification posted in the IETF archive under the “Network Working Group“ (?) defines a new kind of STIR PASSporT using numerous non-STI verifiable credentials. Verifiable Voice Protocol<https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-hardman-verifiable-voice-protocol-00.html__;!!GX53klZ1TQ0!1v_DDAI_jfLPL72FRmRJh69uINmJYOn_UrvcBB1jcjoeIJD9EyrHtg3omFjBzF5qZHoF-E5v8w5XDdDnQzc$> Pierce _______________________________________________ stir mailing list -- stir@ietf.org<mailto:stir@ietf.org> To unsubscribe send an email to stir-leave@ietf.org<mailto:stir-leave@ietf.org>
- [stir] For those of you who follow this kind of s… Richard Shockey
- [stir] Re: For those of you who follow this kind … Roman Shpount
- [stir] Re: [art] Re: For those of you who follow … Richard Shockey
- [stir] Re: [art] Re: For those of you who follow … Roman Shpount
- [stir] Re: [art] Re: For those of you who follow … Brett Nemeroff
- [stir] Re: [art] Re: Re: Re: For those of you who… Tim Bray
- [stir] Re: [art] Re: Re: Re: For those of you who… Brett Nemeroff
- [stir] Re: [art] Re: For those of you who follow … Richard Shockey
- [stir] Re: [art] Re: For those of you who follow … Roman Shpount
- [stir] Re: [art] Re: For those of you who follow … Chris Wendt
- [stir] Re: [art] Re: For those of you who follow … Pierce Gorman
- [stir] Re: [art] Re: For those of you who follow … Brett Nemeroff
- [stir] Re: [art] Re: For those of you who follow … Roman Shpount
- [stir] Verifiable Voice Protocol (VVP) Pierce Gorman
- [stir] Re: [art] Re: For those of you who follow … Pierce Gorman
- [stir] Re: [art] Re: For those of you who follow … Andy Newton
- [stir] Re: Verifiable Voice Protocol (VVP) Daniel Hardman
- [stir] Re: [art] Re: Re: Re: For those of you who… Roman Shpount
- [stir] Re: Verifiable Voice Protocol (VVP) Russ Housley
- [stir] Re: [art] Re: Re: Re: For those of you who… Richard Shockey
- [stir] Re: [art] Re: Re: Re: For those of you who… Roman Shpount
- [stir] Re: [art] Re: Re: Re: For those of you who… Henning Schulzrinne
- [stir] Re: [art] Re: Re: Re: For those of you who… Roman Shpount
- [stir] Re: [art] Re: Re: Re: For those of you who… Pierce Gorman
- [stir] Re: Verifiable Voice Protocol (VVP) Orie
- [stir] Re: Verifiable Voice Protocol (VVP) Peterson, Jon
- [stir] Re: [art] Re: For those of you who follow … Brett Nemeroff
- [stir] Re: [art] Re: Re: Re: For those of you who… Richard Shockey
- [stir] Re: Verifiable Voice Protocol (VVP) Daniel Hardman
- [stir] Re: [art] Re: For those of you who follow … Chris Wendt
- [stir] Re: Verifiable Voice Protocol (VVP) Brett Nemeroff