Secure Telephone Identity Threat Model
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, stir mailing list <firstname.lastname@example.org>, stir chair <email@example.com> Subject: Document Action: 'Secure Telephone Identity Threat Model' to Informational RFC (draft-ietf-stir-threats-04.txt) The IESG has approved the following document: - 'Secure Telephone Identity Threat Model' (draft-ietf-stir-threats-04.txt) as Informational RFC This document is the product of the Secure Telephone Identity Revisited Working Group. The IESG contact persons are Richard Barnes and Alissa Cooper. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-stir-threats/
Technical Summary As the Internet and the telephone network have become increasingly interconnected and interdependent, attackers can impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes or even circumventing multi- factor authentication systems trusted by banks. This document analyzes threats in the resulting system, enumerating actors, reviewing the capabilities available to and used by attackers, and describing scenarios in which attacks are launched. Working Group Summary This document is a product of the STIR working group. Document Quality This document was developed in parallel with the problem statement. It has received significant cross-area review. Personnel Robert Sparks is the document shepherd. Richard Barnes is the Responsible AD.