Secure Telephone Identity Credentials: Certificates
RFC 8226

Document Type RFC - Proposed Standard (February 2018; No errata)
Last updated 2018-02-14
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Robert Sparks
Shepherd write-up Show (last changed 2016-10-18)
IESG IESG state RFC 8226 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Adam Roach
Send notices to "Robert Sparks" <rjsparks@nostrum.com>
IANA IANA review state Version Changed - Review Needed
IANA action state No IANA Actions
Internet Engineering Task Force (IETF)                       J. Peterson
Request for Comments: 8226                                       Neustar
Category: Standards Track                                      S. Turner
ISSN: 2070-1721                                                    sn3rd
                                                           February 2018

          Secure Telephone Identity Credentials: Certificates

Abstract

   In order to prevent the impersonation of telephone numbers on the
   Internet, some kind of credential system needs to exist that
   cryptographically asserts authority over telephone numbers.  This
   document describes the use of certificates in establishing authority
   over telephone numbers, as a component of a broader architecture for
   managing telephone numbers as identities in protocols like SIP.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8226.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Peterson & Turner            Standards Track                    [Page 1]
RFC 8226                       STIR Certs                  February 2018

Table of Contents

   1. Introduction ....................................................2
   2. Terminology .....................................................3
   3. Authority for Telephone Numbers in Certificates .................4
   4. Certificate Usage with STIR .....................................5
   5. Enrollment and Authorization Using the TN Authorization List ....6
      5.1. Constraints on Signing PASSporTs ...........................8
      5.2. Certificate Extension Scope and Structure ..................8
   6. Provisioning Private Keying Material ............................9
   7. Acquiring Credentials to Verify Signatures ......................9
   8. JWT Claim Constraints Syntax ...................................10
   9. TN Authorization List Syntax ...................................12
   10. Certificate Freshness and Revocation ..........................14
      10.1. Acquiring the TN List by Reference .......................15
   11. IANA Considerations ...........................................16
      11.1. ASN.1 Registrations ......................................16
      11.2. Media Type Registrations .................................16
   12. Security Considerations .......................................17
   13. References ....................................................18
      13.1. Normative References .....................................18
      13.2. Informative References ...................................20
   Appendix A. ASN.1 Module ..........................................21
   Acknowledgments ...................................................24
   Authors' Addresses ................................................24

1.  Introduction

   The Secure Telephone Identity Revisited (STIR) problem statement
   [RFC7340] identifies the primary enabler of robocalling, vishing
   (voicemail hacking), swatting, and related attacks as the capability
   to impersonate a calling party number.  The starkest examples of
   these attacks are cases where automated callees on the Public
   Switched Telephone Network (PSTN) rely on the calling number as a
   security measure -- for example, to access a voicemail system.
   Robocallers use impersonation as a means of obscuring identity.
   While robocallers can, in the ordinary PSTN, block (that is,
   withhold) their caller identity, callees are less likely to pick up
   calls from blocked identities; therefore, appearing to call from some
   number, any number, is preferable.  Robocallers, however, prefer not
   to call from a number that can trace back to the robocaller, and
   therefore they impersonate numbers that are not assigned to them.

   One of the most important components of a system to prevent
Show full document text