Secure Telephone Identity Revisited (STIR) Out-of-Band Architecture and Use Cases
RFC 8816

Document Type RFC - Informational (February 2021; No errata)
Authors Eric Rescorla  , Jon Peterson 
Last updated 2021-02-11
Replaces draft-rescorla-stir-fallback
Stream Internet Engineering Task Force (IETF)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd Robert Sparks
Shepherd write-up Show (last changed 2019-07-11)
IESG IESG state RFC 8816 (Informational)
Action Holders
Consensus Boilerplate Yes
Telechat date
Responsible AD Adam Roach
Send notices to Robert Sparks <>
IANA IANA review state Version Changed - Review Needed
IANA action state No IANA Actions

Internet Engineering Task Force (IETF)                       E. Rescorla
Request for Comments: 8816                                       Mozilla
Category: Informational                                      J. Peterson
ISSN: 2070-1721                                                  Neustar
                                                           February 2021

Secure Telephone Identity Revisited (STIR) Out-of-Band Architecture and
                               Use Cases


   The Personal Assertion Token (PASSporT) format defines a token that
   can be carried by signaling protocols, including SIP, to
   cryptographically attest the identity of callers.  However, not all
   telephone calls use Internet signaling protocols, and some calls use
   them for only part of their signaling path, while some cannot
   reliably deliver SIP header fields end-to-end.  This document
   describes use cases that require the delivery of PASSporT objects
   outside of the signaling path, and defines architectures and
   semantics to provide this functionality.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are candidates for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
   2.  Terminology
   3.  Operating Environments
   4.  Dataflows
   5.  Use Cases
     5.1.  Case 1: VoIP to PSTN Call
     5.2.  Case 2: Two Smart PSTN Endpoints
     5.3.  Case 3: PSTN to VoIP Call
     5.4.  Case 4: Gateway Out-of-Band
     5.5.  Case 5: Enterprise Call Center
   6.  Storing and Retrieving PASSporTs
     6.1.  Storage
     6.2.  Retrieval
   7.  Solution Architecture
     7.1.  Credentials and Phone Numbers
     7.2.  Call Flow
     7.3.  Security Analysis
     7.4.  Substitution Attacks
     7.5.  Rate Control for CPS Storage
   8.  Authentication and Verification Service Behavior for
     8.1.  Authentication Service (AS)
     8.2.  Verification Service (VS)
     8.3.  Gateway Placement Services
   9.  Example HTTPS Interface to the CPS
   10. CPS Discovery
   11. Encryption Key Lookup
   12. IANA Considerations
   13. Privacy Considerations
   14. Security Considerations
   15. Informative References
   Authors' Addresses

1.  Introduction

   The STIR problem statement [RFC7340] describes widespread problems
   enabled by impersonation in the telephone network, including illegal
   robocalling, voicemail hacking, and swatting.  As telephone services
   are increasingly migrating onto the Internet, and using Voice over IP
   (VoIP) protocols such as SIP [RFC3261], it is necessary for these
   protocols to support stronger identity mechanisms to prevent
   impersonation.  For example, [RFC8224] defines a SIP Identity header
   field capable of carrying PASSporT objects [RFC8225] in SIP as a
   means to cryptographically attest that the originator of a telephone
   call is authorized to use the calling party number (or, for native
   SIP cases, SIP URI) associated with the originator of the call.

   Not all telephone calls use SIP today, however, and even those that
   do use SIP do not always carry SIP signaling end-to-end.  Calls from
   telephone numbers still routinely traverse the Public Switched
   Telephone Network (PSTN) at some point.  Broadly, calls fall into one
   of three categories:

   1.  One or both of the endpoints is actually a PSTN endpoint.

   2.  Both of the endpoints are non-PSTN (SIP, Jingle, etc.) but the
       call transits the PSTN at some point.

   3.  Non-PSTN calls that do not transit the PSTN at all (such as
       native SIP end-to-end calls).

   The first two categories represent the majority of telephone calls
   associated with problems like illegal robocalling: many robocalls
Show full document text