Secure Telephone Identity Credentials: Certificates
RFC 8226
Internet Engineering Task Force (IETF) J. Peterson
Request for Comments: 8226 Neustar
Category: Standards Track S. Turner
ISSN: 2070-1721 sn3rd
February 2018
Secure Telephone Identity Credentials: Certificates
Abstract
In order to prevent the impersonation of telephone numbers on the
Internet, some kind of credential system needs to exist that
cryptographically asserts authority over telephone numbers. This
document describes the use of certificates in establishing authority
over telephone numbers, as a component of a broader architecture for
managing telephone numbers as identities in protocols like SIP.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8226.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Peterson & Turner Standards Track [Page 1]
RFC 8226 STIR Certs February 2018
Table of Contents
1. Introduction ....................................................2
2. Terminology .....................................................3
3. Authority for Telephone Numbers in Certificates .................4
4. Certificate Usage with STIR .....................................5
5. Enrollment and Authorization Using the TN Authorization List ....6
5.1. Constraints on Signing PASSporTs ...........................8
5.2. Certificate Extension Scope and Structure ..................8
6. Provisioning Private Keying Material ............................9
7. Acquiring Credentials to Verify Signatures ......................9
8. JWT Claim Constraints Syntax ...................................10
9. TN Authorization List Syntax ...................................12
10. Certificate Freshness and Revocation ..........................14
10.1. Acquiring the TN List by Reference .......................15
11. IANA Considerations ...........................................16
11.1. ASN.1 Registrations ......................................16
11.2. Media Type Registrations .................................16
12. Security Considerations .......................................17
13. References ....................................................18
13.1. Normative References .....................................18
13.2. Informative References ...................................20
Appendix A. ASN.1 Module ..........................................21
Acknowledgments ...................................................24
Authors' Addresses ................................................24
1. Introduction
The Secure Telephone Identity Revisited (STIR) problem statement
[RFC7340] identifies the primary enabler of robocalling, vishing
(voicemail hacking), swatting, and related attacks as the capability
to impersonate a calling party number. The starkest examples of
these attacks are cases where automated callees on the Public
Switched Telephone Network (PSTN) rely on the calling number as a
security measure -- for example, to access a voicemail system.
Robocallers use impersonation as a means of obscuring identity.
While robocallers can, in the ordinary PSTN, block (that is,
withhold) their caller identity, callees are less likely to pick up
calls from blocked identities; therefore, appearing to call from some
number, any number, is preferable. Robocallers, however, prefer not
to call from a number that can trace back to the robocaller, and
therefore they impersonate numbers that are not assigned to them.
One of the most important components of a system to prevent
Show full document text