Search RFCs

RFC Editor

File formats:

Status:

INFORMATIONAL

Authors:

J. Peterson
H. Schulzrinne
H. Tschofenig

Stream:

IETF

Source:

stir (rai)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC7340

Discuss this RFC: Send questions or comments to the mailing liststir@ietf.org

Other actions:Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 7340

Abstract

Over the past decade, Voice over IP (VoIP) systems based on SIP havereplaced many traditional telephony deployments. Interworking VoIPsystems with the traditional telephone network has reduced theoverall level of calling party number and Caller ID assurances bygranting attackers new and inexpensive tools to impersonate orobscure calling party numbers when orchestrating bulk commercialcalling schemes, hacking voicemail boxes, or even circumventingmulti-factor authentication systems trusted by banks. Despiteprevious attempts to provide a secure assurance of the origin of SIPcommunications, we still lack effective standards for identifying thecalling party in a VoIP session. This document examines the reasonswhy providing identity for telephone numbers on the Internet hasproven so difficult and shows how changes in the last decade mayprovide us with new strategies for attaching a secure identity to SIPsessions. It also gives high-level requirements for a solution inthis space.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.