On 6/21/2013 8:24 AM, Richard Shockey wrote:
The issue in STIR is particularly distressing. The regulators are actively
asking for help here and I'm convinced the IETF can make a substantial
contribution here.
http://www.cs.columbia.edu/~hgs/papers/2013/2013-source-identity.pptx
...
http://tools.ietf.org/html/draft-peterson-secure-origin-ps-00
STIR is having an interesting discussion about viable architectural
models.
The basic problem it seeks to solve is validating the authorization to
use a given telephone number in the SIP From field.
The main proposal is for two mechanisms to be operated in parallel, for
all SIP-originated calls (and maybe all SS7>SIP calls):
1. In-band signing - package a signature in a separate field, that
carries the semantics of authorization for the From field number. The
proposal calls for the public key to be in a credential, managed in the
same loose-trust bushy-root CA anchor model used for Web TLS server
authentication.
2. Out-of-band caching - store signature information in a public
cache, to provide recovery from transit handling that destroys the
in-band signature, such as transit over SS7 (SIP-SS7-SIP). The
validation agent checks the cache whenever a valid signature is not
present. A proposal for this is at:
https://github.com/ekr/ietf-drafts/blob/master/draft-rescorla-callerid-fallback.txt
Draft charter for the activity:
http://www.ietf.org/mail-archive/web/stir/current/msg00200.html
Mailing list:
Mailing List: https://www.ietf.org/mailman/listinfo/stir
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net