Skip to main content

Shepherd writeup
draft-ietf-stir-passport

1. Summary

draft-ietf-stir-passport defines protocol and is intended for publication as
Proposed Standard. From the abstract:

   This document defines a method for creating and validating a token
   that cryptographically verifies an originating identity, or more
   generally a URI or telephone number representing the originator of
   personal communications.  The PASSporT token is cryptographically
   signed to protect the integrity of the identity the originator and to
   verify the assertion of the identity information at the destination.
   The cryptographic signature is defined with the intention that it can
   confidently verify the originating persona even when the signature is
   sent to the destination party over an insecure channel.  PASSporT is
   particularly useful for many personal communications applications
   over IP networks and other multi-hop interconnection scenarios where
   the originating and destination parties may not have a direct trusted
   relationship.

This document is a component of a toolset for combating robocalling. In the US,
the FCC is applying significant pressure to the industry to deter robocalling
(with deadlines in the last part of 2016). An industry-led strike force is
moving towards deployment of a solution that uses that toolset. The ATIS/SIP
Forum IPNNI Task Force's SHAKEN solution relies on the toolset defined by STIR
and profiles it for deployment in the North American market.

2. Review and Consensus

This document has undergone heavy review. It was introduced into the suite of
STIR documents as part of aligning with the SHAKEN effort.

Recent versions of this document were implemented and tested at the SIP Forum
SIPit test event in September. Feedback from that event informed significant
improvements to both the protocol and the prose in the document. Those
implementations are tracking the changes made in the latest versions.

The document suite has been through three working group last calls, the third
of which was abbreviated to one week. The first last call stimulated
significant discussion, some of which was heated. 

This document requires review on the jwt-reg-review and jose-reg-review lists.
Review requests were sent to those lists 18Oct. Feedback from those reviews
has been incorporated in the draft. Jim Schaad, in particular, provided a careful
review and many improvements.

The document registers a media type, requiring media-type review. That review
was requested 18Oct. Feedback from the review has been incorporated into the 
document.

3. Intellectual Property

The authors have each confirmed that any IPR they are aware of has been
disclosed. There are currently no disclosures registered for this document.

4. Other Points

There are no normative downreferences from this document. 

The document uses no formal languages, but does contain several examples. These
have been carefully reviewed by implementors.

The document requires several actions from IANA. They are concretely described
in the document text.

Back