Skip to main content

Secure Telephone Identity Revisited

Document Charter Secure Telephone Identity Revisited WG (stir)
Title Secure Telephone Identity Revisited
Last updated 2022-01-24
State Approved
WG State Active
IESG Responsible AD Orie Steele
Charter edit AD Murray Kucherawy
Send notices to (None)


The STIR working group will specify Internet-based mechanisms that allow
verification of the calling party's authorization to use a particular
telephone number for an incoming call. Since it has become fairly easy to
present an incorrect source telephone number, a growing set of problems have
emerged over the last decade. As with email, the claimed source identity of a
SIP request is not verified, permitting unauthorized use of the source identity
as part of deceptive and coercive activities, such as robocalling (bulk
unsolicited commercial communications), vishing (voicemail hacking, and
impersonating banks) and swatting (impersonating callers to emergency services
to stimulate unwarranted large scale law enforcement deployments). In
addition, use of an incorrect source telephone number facilitates wire fraud or
can lead to a return call at premium rates.

SIP is one of the main VoIP technologies used by parties that want to present
an incorrect origin, in this context an origin telephone number. Several
previous efforts have tried to secure the origins of SIP communications,
including RFC 3325, RFC 4474 (replaced by RFC 8224), and the VIPR working
group. To date, however, true validation of the source of SIP calls has not
seen any appreciable deployment. Several factors contributed to this lack of
success, including: failure of the problem to be seen as critical at the time;
lack of any technical means of producing a proof of authorization to use
telephone numbers; misalignment of the mechanisms proposed by RFC 4474 with the
complex deployment environment that has emerged for SIP; lack of end-to-end SIP
session establishment; and inherent operational problems with a transitive
trust model. To make deployment of this solution more likely, consideration
must be given to latency, real-time performance, computational overhead, and
administrative overhead for the legitimate call source and all verifiers.

As its priority mechanism work item, the working group will specify and
maintain a SIP header-based mechanism for verification that the originator of a
SIP session is authorized to use the claimed source telephone number, where the
session is established with SIP end to end. This is called an in-band
mechanism. The mechanism will use a canonical telephone number representation
specified by the working group, including any mappings that might be needed
between the SIP header fields and the canonical telephone number
representation. The working group will consider choices for protecting
identity information and credentials used. This protection will likely be
based on a digital signature mechanism that covers a set of information in the
SIP header fields, and verification will employ a credential that contains the
public key that is associated with the one or more telephone numbers.
Credentials used with this mechanism will be derived from existing telephone
number assignment and delegation models. That is, when a telephone number or
range of telephone numbers is delegated to an entity, relevant credentials will
be generated (or modified) to reflect such delegation. The mechanism must
allow a telephone number holder to further delegate and revoke use of a
telephone number without compromising the global delegation scheme.

In addition to its priority mechanism work item, the working group will work on
mechanisms for verification of the originator during session establishment in
an environment with one or more non-SIP hops, most likely requiring an
out-of-band authorization mechanism. It is important to note that while the
main focus of this working group is telephone numbers, the STIR working group
will not develop any mechanisms that require changes to circuit-switched
technologies. Moreover, the work of this group is limited to developing a
solution for telephone numbers. Expansion of the authorization mechanism to
identities using the user@domain or other name forms is out of scope.

The group will also consider extensions that leverage STIR to solve related
identity problems around telephone calls and other telephone-number based
communication, including call diversion and forwarding, rich identity
presentation for delivery to a called party, messaging that uses telephone
numbers, connected identity (mechanisms that identify the called party reached
to the calling party), and similar use cases related to fraud and security.

The working group will coordinate with the Security Area on credential
management and signature mechanics.

The working group will coordinate with other working groups in the ART Area
regarding signaling through existing deployments.

The working group welcomes input from potential implementors or operators of
technologies developed by this working group. For example, national numbering
authorities might consider acting as credential authorities for telephone
numbers within their purview.

Authentication and authorization of identity is closely linked to privacy, and
these security features sometimes come at the cost of privacy. Anonymous calls
are already defined in SIP standards, and this working group will not propose
changes to these standards. In order to support anonymity, the working group
will provide a solution in which the called party receives an indication that
the source telephone number is unavailable. This working group, to the extent
feasible, will specify privacy-friendly mechanisms that do not reveal any more
information to user agents or third parties than a call that does not make use
of secure telephone identification mechanisms.