Authenticated Identity Management in the Session Initiation Protocol (SIP)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, Robert Sparks <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Authenticated Identity Management in the Session Initiation Protocol (SIP)' to Proposed Standard (draft-ietf-stir-rfc4474bis-16.txt) The IESG has approved the following document: - 'Authenticated Identity Management in the Session Initiation Protocol (SIP)' (draft-ietf-stir-rfc4474bis-16.txt) as Proposed Standard This document is the product of the Secure Telephone Identity Revisited Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-stir-rfc4474bis/
Technical Summary The baseline security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP requests. It does so by defining a SIP header field for conveying a signature used for validating the identity, and for conveying a reference to the credentials of the signer. The changes from RFC4474 are significant, and detailed in the document. The syntax defined in this document is not backwards compatible with RFC4474 (and this is discussed explicitly in the document). There are no known deployed implementations of RFC4474. Working Group Summary This document has undergone heavy review. The syntax and expressivity of the protocol changed significantly during its development, particularly when reconciling early tension with the SHAKEN effort. The feedback from that effort led to the use of the passport concepts defined in draft-ietf-stir-passport. Recent versions of this document were implemented and tested at the SIP Forum SIPit test event in September. Feedback from that event informed improvements to both the protocol and the prose in the document. Those implementations are tracking the changes made in the latest versions. The document suite has been through three working group last calls, the third of which was abbreviated to one week. The first last call stimulated significant discussion, some of which was heated. Dave Crocker, in particular, provided a large amount of feedback during the first last call, indicating disagreement with the overall approach the working group has taken. Working through the comments led to improvements in the documents. Document Quality This document is a component of a toolset for combating robocalling. In the US, the FCC is applying significant pressure to the industry to deter robocalling (with deadlines in the last part of 2016). An industry-led strike force is moving towards deployment of a solution that uses that toolset. The ATIS/SIP Forum IPNNI Task Force's SHAKEN solution relies on the toolset defined by STIR and profiles it for deployment in the North American market. Personnel The document shepherd is Robert Sparks. The responsible AD is Adam Roach.
RFC Editor Note Please fix the following editorial nits introduced in this version: Introduction; old text: identity can provide a much stronger and assurance of identity than New text: identity can provide a much stronger assurance of identity than Section 6.1.1; old text: would retry such a request as a ssequential for, by re-processing the New text: would retry such a request as a sequential fork, by re-processing the (note two typos fixed: the spelling of "sequential", and the change from "for" to "fork").