Secure Telephone Identity Credentials: Certificates
RFC 8226
Document | Type | RFC - Proposed Standard (February 2018; Errata) | |
---|---|---|---|
Authors | Jon Peterson , Sean Turner | ||
Last updated | 2019-01-22 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Robert Sparks | ||
Shepherd write-up | Show (last changed 2016-10-18) | ||
IESG | IESG state | RFC 8226 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Adam Roach | ||
Send notices to | "Robert Sparks" <rjsparks@nostrum.com> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) J. Peterson Request for Comments: 8226 Neustar Category: Standards Track S. Turner ISSN: 2070-1721 sn3rd February 2018 Secure Telephone Identity Credentials: Certificates Abstract In order to prevent the impersonation of telephone numbers on the Internet, some kind of credential system needs to exist that cryptographically asserts authority over telephone numbers. This document describes the use of certificates in establishing authority over telephone numbers, as a component of a broader architecture for managing telephone numbers as identities in protocols like SIP. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8226. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Peterson & Turner Standards Track [Page 1] RFC 8226 STIR Certs February 2018 Table of Contents 1. Introduction ....................................................2 2. Terminology .....................................................3 3. Authority for Telephone Numbers in Certificates .................4 4. Certificate Usage with STIR .....................................5 5. Enrollment and Authorization Using the TN Authorization List ....6 5.1. Constraints on Signing PASSporTs ...........................8 5.2. Certificate Extension Scope and Structure ..................8 6. Provisioning Private Keying Material ............................9 7. Acquiring Credentials to Verify Signatures ......................9 8. JWT Claim Constraints Syntax ...................................10 9. TN Authorization List Syntax ...................................12 10. Certificate Freshness and Revocation ..........................14 10.1. Acquiring the TN List by Reference .......................15 11. IANA Considerations ...........................................16 11.1. ASN.1 Registrations ......................................16 11.2. Media Type Registrations .................................16 12. Security Considerations .......................................17 13. References ....................................................18 13.1. Normative References .....................................18 13.2. Informative References ...................................20 Appendix A. ASN.1 Module ..........................................21 Acknowledgments ...................................................24 Authors' Addresses ................................................24 1. Introduction The Secure Telephone Identity Revisited (STIR) problem statement [RFC7340] identifies the primary enabler of robocalling, vishing (voicemail hacking), swatting, and related attacks as the capability to impersonate a calling party number. The starkest examples of these attacks are cases where automated callees on the Public Switched Telephone Network (PSTN) rely on the calling number as a security measure -- for example, to access a voicemail system. Robocallers use impersonation as a means of obscuring identity. While robocallers can, in the ordinary PSTN, block (that is, withhold) their caller identity, callees are less likely to pick up calls from blocked identities; therefore, appearing to call from some number, any number, is preferable. Robocallers, however, prefer not to call from a number that can trace back to the robocaller, and therefore they impersonate numbers that are not assigned to them. One of the most important components of a system to preventShow full document text