< draft-ietf-stir-passport-shaken-05.txt   draft-ietf-stir-passport-shaken-06.txt >
STIR C. Wendt STIR C. Wendt
Internet-Draft Comcast Internet-Draft Comcast
Intended status: Standards Track M. Barnes Intended status: Standards Track M. Barnes
Expires: May 10, 2019 iconectiv Expires: June 9, 2019 iconectiv
November 06, 2018 December 06, 2018
PASSporT SHAKEN Extension (SHAKEN) PASSporT SHAKEN Extension (SHAKEN)
draft-ietf-stir-passport-shaken-05 draft-ietf-stir-passport-shaken-06
Abstract Abstract
This document extends PASSporT, which is a token object that conveys This document extends PASSporT, which is a token object that conveys
cryptographically-signed information about the participants involved cryptographically-signed information about the participants involved
in communications. The extension is defined, corresponding to the in communications. The extension is defined, corresponding to the
SHAKEN specification, to provide both a specific set of levels-of- SHAKEN specification, to provide both a specific set of levels-of-
confidence to the correctness of the originating identity for a SIP confidence in the correctness of the originating identity for a SIP
based Communication Service Provider (CSP) telephone network based Communication Service Provider (CSP) telephone network
originated call as well as an identifier that allows the CSP to originated call as well as an identifier that allows the CSP to
uniquely identify the origination of the call within its network. uniquely identify the origin of the call within its network.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 10, 2019. This Internet-Draft will expire on June 9, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 44 skipping to change at page 2, line 44
Secure Telephone Identity Revisited (STIR) protocols including Secure Telephone Identity Revisited (STIR) protocols including
PASSporT [RFC8225], SIP Authenticated Identity Management [RFC8224] PASSporT [RFC8225], SIP Authenticated Identity Management [RFC8224]
and the STIR certificate framework [RFC8226] for implementing the and the STIR certificate framework [RFC8226] for implementing the
cryptographic validation of an authorized originator of telephone cryptographic validation of an authorized originator of telephone
calls using SIP. Because the current telephone network contains both calls using SIP. Because the current telephone network contains both
VoIP and TDM/SS7 originated traffic, there are many scenarios that VoIP and TDM/SS7 originated traffic, there are many scenarios that
need to be accounted for where PASSporT signatures may represent need to be accounted for where PASSporT signatures may represent
either direct or indirect call origination scenarios. The SHAKEN either direct or indirect call origination scenarios. The SHAKEN
[ATIS-1000074] specification defines levels of attestation of the [ATIS-1000074] specification defines levels of attestation of the
origination of the call as well as an origination identifier that can origination of the call as well as an origination identifier that can
help create a unique association with the origination of calls from help create a unique association between the origin of a particular
various parts of the VoIP or TDM telephone network. This document call to the point in the VoIP or TDM telephone network the call came
specifies these values as claims to extend the base set of PASSporT from to identify, for example, either a customer or class of service
claims. that call represents. This document specifies these values as claims
to extend the base set of PASSporT claims.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
In addition, the following terms are used in this document: In addition, the following terms are used in this document:
o Verified association: is typically defined as an authenticated o Verified association: is typically defined as an authenticated
relationship with a device that initiated a call, for example, a relationship between a customer and a device that initiated a call
subscriber account with a specific SIM card or set of SIP on behalf of that customer, for example, a subscriber account with
credentials. a specific SIM card or set of SIP credentials.
o PASSporT: Defined in [RFC8225] is a JSON Web Token [RFC7519] o PASSporT: Defined in [RFC8225] is a JSON Web Token [RFC7519]
defined specifically for securing the identity of an initiator of defined specifically for securing the identity of an initiator of
personal communication. This document defines a specific personal communication. This document defines a specific
extension to PASSporT. extension to PASSporT.
3. Overview of 'shaken' PASSporT extension 3. Overview of 'shaken' PASSporT extension
The SHAKEN framework is designed to use PASSporT [RFC8225] as a The SHAKEN framework is designed to use PASSporT [RFC8225] as a
method of asserting the telephone number calling identity. In method of asserting the telephone number calling identity. In
 End of changes. 7 change blocks. 
13 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/