(1) What type of RFC is being requested?
It is appropriate to publish this problem statement as an Informational
document.
(2) Please provide a Document Announcement Write-Up.
Technical Summary
Over the past decade, Voice over IP (VoIP) systems based on SIP have
replaced many traditional telephony deployments. Interworking VoIP
systems with the traditional telephone network has reduced the
overall security of calling party number and Caller ID assurances by
granting attackers new and inexpensive tools to impersonate or
obscure calling party numbers when orchestrating bulk commercial
calling schemes, hacking voicemail boxes or even circumventing multi-
factor authentication systems trusted by banks. Despite previous
attempts to provide a secure assurance of the origin of SIP
communications, we still lack of effective standards for identifying
the calling party in a VoIP session. This document examines the
reasons why providing identity for telephone numbers on the Internet
has proven so difficult, and shows how changes in the last decade may
provide us with new strategies for attaching a secure identity to SIP
sessions.
Working Group Summary
This document is a product of the STIR working group.
Document Quality
This document and its predecessors received significant review
from during the working group formation stages to its current form.
There is solid consensus that it reflects the problem the working
group intends to address.
Personnel
Robert Sparks is the document shepherd.
Richard Barnes is the Responsible AD.
(3) Briefly describe the review of this document that was performed by the
Document Shepherd.
The shepherd has reviewed this version of the document and its predecessors
to ensure it reflects working group discussions and to ensure it is ready
for wider review.
(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?
No concerns.
(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.
We have had good cross-area participation in the development of this document,
particularly from individuals that participate heavily in the security area.
(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of?
There are no specific concerns to call out.
(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed.
Yes.
(8) Has an IPR disclosure been filed that references this document?
No IPR disclosures have been filed referencing this document.
(9) How solid is the WG consensus behind this document?
This document has been thoroughly discussed by the group and has strong
consensus.
(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
There has been no threat of appeal or significant discontent expressed with the
content of this document.
(11) Identify any ID nits the Document Shepherd has found in this document.
There is one reference that is not used (currently [6]).
(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, media type, and URI type reviews.
This document contains no content needing this type of formal review.
(13) Have all references within this document been identified as either
normative or informative?
Yes.
(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?
There are no such references.
(15) Are there downward normative references references (see RFC 3967)?
There are no such references.
(16) Will publication of this document change the status of any existing RFCs?
No.
(17) Describe the Document Shepherd's review of the IANA considerations section.
The IANA Consideration section contains:
This memo includes no request to IANA.
(18) List any new IANA registries that require Expert Review for future
allocations.
There are none.
(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, etc.
There are no formal languages used in this document.