%% You should probably cite draft-ietf-stir-problem-statement instead of this I-D. @techreport{peterson-secure-origin-ps-02, number = {draft-peterson-secure-origin-ps-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-peterson-secure-origin-ps/02/}, author = {Jon Peterson and Henning Schulzrinne and Hannes Tschofenig}, title = {{Secure Origin Identification: Problem Statement, Requirements, and Roadmap}}, pagetotal = 21, year = 2013, month = sep, day = 4, abstract = {Over the past decade, SIP has become a major signaling protocol for voice communications, one which has replaced many traditional telephony deployments. However, interworking SIP with the traditional telephone network has ultimately reduced the security of Caller ID systems. Given the widespread interworking of SIP with the telephone network, the lack of effective standards for identifying the calling party in a SIP session has granted attackers new powers as they impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes or even circumventing multi-factor authentication systems trusted by banks. This document therefore examines the reasons why providing identity for telephone numbers on the Internet has proven so difficult, and shows how changes in the last decade may provide us with new strategies for attaching a secure identity to SIP sessions.}, }