1. Summary
draft-ietf-stir-rfc4474bis defines protocol and is intended for publication as
Proposed Standard. It obsoletes RFC4474. From the abstract:
The baseline security mechanisms in the Session Initiation Protocol
(SIP) are inadequate for cryptographically assuring the identity of
the end users that originate SIP requests, especially in an
interdomain context. This document defines a mechanism for securely
identifying originators of SIP requests. It does so by defining a
SIP header field for conveying a signature used for validating the
identity, and for conveying a reference to the credentials of the
signer.
This document is a component of a toolset for combating robocalling. In the
US, the FCC is applying significant pressure to the industry to deter
robocalling (with deadlines in the last part of 2016). An industry-led strike
force is moving towards deployment of a solution that uses that toolset. The
ATIS/SIP Forum IPNNI Task Force's SHAKEN solution relies on the toolset defined
by STIR and profiles it for deployment in the North American market.
The changes from RFC4474 are significant, and detailed in the document. The
syntax defined in this document is not backwards compatible with RFC4474 (and
this is discussed explicitly in the document). There are no known deployed
implementations of RFC4474.
2. Review and Consensus
This document has undergone heavy review. The syntax and expressivity of the
protocol changed significantly during its development, particularly when
reconciling early tension with the SHAKEN effort. The feedback from that effort
led to the use of the passport concepts defined in draft-ietf-stir-passport.
Recent versions of this document were implemented and tested at the SIP Forum
SIPit test event in September. Feedback from that event informed improvements
to both the protocol and the prose in the document. Those implementations are
tracking the changes made in the latest versions.
The document suite has been through three working group last calls, the third
of which was abbreviated to one week. The first last call stimulated
significant discussion, some of which was heated. Dave Crocker, in particular,
provided a large amount of feedback during the first last call, indicating
disagreement with the overall approach the working group has taken. Working
through the comments led to improvements in the documents.
This document required no formal directorate reviews.
3. Intellectual Property
The authors have each confirmed that any IPR they are aware of has been
disclosed. There is currently one disclosure registered for this document. The
disclosure was sent to the working group list on 24 Mar 2015. There was no
subsequent list discussion.
4. Other Points
IDnits reports no significant issues with the document. In particular, there
are no normative downreferences from this document.
The document uses ABNF to define grammar. The ABNF was reviewed by the
implementers at SIPit. Robert Sparks also verified the ABNF was well formed
using BAP.
The document requires several actions from IANA. They are concretely described
in the document text.