Technical Summary
Over the past decade, Voice over IP (VoIP) systems based on SIP have
replaced many traditional telephony deployments. Interworking VoIP
systems with the traditional telephone network has reduced the
overall security of calling party number and Caller ID assurances by
granting attackers new and inexpensive tools to impersonate or
obscure calling party numbers when orchestrating bulk commercial
calling schemes, hacking voicemail boxes or even circumventing multi-
factor authentication systems trusted by banks. Despite previous
attempts to provide a secure assurance of the origin of SIP
communications, we still lack of effective standards for identifying
the calling party in a VoIP session. This document examines the
reasons why providing identity for telephone numbers on the Internet
has proven so difficult, and shows how changes in the last decade may
provide us with new strategies for attaching a secure identity to SIP
sessions.
Working Group Summary
This document is a product of the STIR working group.
Document Quality
This document and its predecessors received significant review
from during the working group formation stages to its current form.
There is solid consensus that it reflects the problem the working
group intends to address.
Personnel
Robert Sparks is the document shepherd.
Richard Barnes is the Responsible AD.