Secure Telephone Identity Credentials: Certificates
draft-ietf-stir-certificates-17

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, adam@nostrum.com, stir@ietf.org, Robert Sparks <rjsparks@nostrum.com>, draft-ietf-stir-certificates@ietf.org, rfc-editor@rfc-editor.org, stir-chairs@ietf.org, rjsparks@nostrum.com
Subject: Protocol Action: 'Secure Telephone Identity Credentials: Certificates' to Proposed Standard (draft-ietf-stir-certificates-17.txt)

The IESG has approved the following document:
- 'Secure Telephone Identity Credentials: Certificates'
  (draft-ietf-stir-certificates-17.txt) as Proposed Standard

This document is the product of the Secure Telephone Identity Revisited
Working Group.

The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-stir-certificates/


Technical Summary

 In order to prevent the impersonation of telephone numbers on the
   Internet, some kind of credential system needs to exist that
   cryptographically asserts authority over telephone numbers.  This
   document describes the use of certificates in establishing authority
   over telephone numbers, as a component of a broader architecture for
   managing telephone numbers as identities in protocols like SIP.

Working Group Summary

This document has undergone heavy review. Interoperability testing at the SIPit
in September identified issues leading to the introduction of the JWT Claim
Constraints, shifting where LOA assertions are made.

The document suite has been through three working group last calls, the third
of which was abbreviated to one week. The first last call stimulated
significant discussion, some of which was heated. 

Document Quality
This document is a component of a toolset for combating robocalling. In the
US, the FCC is applying significant pressure to the industry to deter
robocalling (with deadlines in the last part of 2016). An industry-led strike
force is moving towards deployment of a solution that uses that toolset. The
ATIS/SIP Forum IPNNI Task Force's SHAKEN solution relies on the toolset defined
by STIR and profiles it for deployment in the North American market.

Personnel

The document shepherd is Robert Sparks. The responsible AD is Adam Roach.

RFC Editor Note

This document contains several IANA-registered values in formal ASN.1
definitions. The definitions speculatively assumed values prior to official
assignment, and two of these presumed values have subsequently been assigned.
As a consequence, the final published ASN.1 syntax will need to be modified to
match actually assigned values. The areas to take note of are listed below.

These two definitions, which each appear _twice_ in the document, will need to
be updated to match the assigned entries in
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1
(these are known to need adjustment, as id-pe 25 has been assigned for another
purpose)

     id-pe-JWTClaimConstraints OBJECT IDENTIFIER ::= { id-pe 25 }

     id-pe-TNAuthList OBJECT IDENTIFIER ::= { id-pe 26 }

This definition, which appears _twice_ in the document, should match the
assigned value in
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.48
(as the codepoint 14 remains unallocated, this may not need adjustment)

     id-ad-stirTNList  OBJECT IDENTIFIER ::= { id-ad 14 }

Finally, the (88) in the following definition from Appendix A needs to be
replaced with the actually assigned value from
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0
(the current value of 88 has already been assigned for another purpose, so
this will require adjustment):

   TN-Module-2016
     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-tn-module(88) }