@techreport{brown-spice-phishing-resist-attestation-00,
    number =    {draft-brown-spice-phishing-resist-attestation-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-brown-spice-phishing-resist-attestation/00/},
    author =    {Derek Brown},
    title =     {{Phishing-Resistant Phone Number Attestation for MFA}},
    pagetotal = 5,
    year =      2025,
    month =     nov,
    day =       3,
    abstract =  {This draft introduces a phishing-resistant phone number attestation mechanism for multi-factor authentication (MFA). Conceptually similar to WebAuthn, it uses origin-bound cryptographic challenges to ensure that users only attest ownership of their phone numbers to legitimate relying parties. The protocol leverages network-operator- issued verifiable credentials (VCs) that cryptographically bind phone number ownership to a user's device. Applications present origin- scoped challenges that users sign using their VC, ensuring secure, domain-specific authentication and mitigating replay, relay, and phishing attacks- without relying on SMS-based one-time passwords (OTPs).},
}