(1) What type of RFC is being requested?
This threat model should be published as an Informational RFC
(2) Please provide a Document Announcement Write-Up.
Technical Summary
As the Internet and the telephone network have become increasingly
interconnected and interdependent, attackers can impersonate or
obscure calling party numbers when orchestrating bulk commercial
calling schemes, hacking voicemail boxes or even circumventing multi-
factor authentication systems trusted by banks. This document
analyzes threats in the resulting system, enumerating actors,
reviewing the capabilities available to and used by attackers, and
describing scenarios in which attacks are launched.
Working Group Summary
This document is a product of the STIR working group.
Document Quality
This document was developed in parallel with the problem statement.
It has received significant cross-area review.
Personnel
Robert Sparks is the document shepherd.
Richard Barnes is the Responsible AD.
(3) Briefly describe the review of this document that was performed by the
Document Shepherd.
The shepherd has reviewed this version of the document and its predecessors
to ensure it reflects working group discussions and to ensure it is ready
for wider review.
(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?
No concerns.
(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.
We have had good cross-area participation in the development of this document,
particularly from individuals that participate heavily in the security area.
(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of?
There are no specific concerns to call out.
(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed.
Yes.
(8) Has an IPR disclosure been filed that references this document?
No IPR disclosures have been filed referencing this document.
(9) How solid is the WG consensus behind this document?
The document has been thoroughly discussed by the group and has a solid
consensus.
(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
There has been no threat of appeal or significant discontent expressed with the
content of this document.
(11) Identify any ID nits the Document Shepherd has found in this document.
All known nits have been addressed.
(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, media type, and URI type reviews.
This document contains no content needing this type of formal review.
(13) Have all references within this document been identified as either
normative or informative?
Yes.
(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?
There are no such references.
(15) Are there downward normative references references (see RFC 3967)?
THere are no such references.
(16) Will publication of this document change the status of any existing RFCs?
No.
(17) Describe the Document Shepherd's review of the IANA considerations section.
The IANA Consideration section contains:
This memo includes no request to IANA.
(18) List any new IANA registries that require Expert Review for future
allocations.
There are none.
(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, etc.
There are no formal languages used in this document.