| < draft-ietf-stir-certificates-16.txt | draft-ietf-stir-certificates-17.txt > | |||
|---|---|---|---|---|
| Network Working Group J. Peterson | Network Working Group J. Peterson | |||
| Internet-Draft Neustar | Internet-Draft Neustar | |||
| Intended status: Standards Track S. Turner | Intended status: Standards Track S. Turner | |||
| Expires: June 12, 2018 sn3rd | Expires: June 17, 2018 sn3rd | |||
| December 9, 2017 | December 14, 2017 | |||
| Secure Telephone Identity Credentials: Certificates | Secure Telephone Identity Credentials: Certificates | |||
| draft-ietf-stir-certificates-16 | draft-ietf-stir-certificates-17 | |||
| Abstract | Abstract | |||
| In order to prevent the impersonation of telephone numbers on the | In order to prevent the impersonation of telephone numbers on the | |||
| Internet, some kind of credential system needs to exist that | Internet, some kind of credential system needs to exist that | |||
| cryptographically asserts authority over telephone numbers. This | cryptographically asserts authority over telephone numbers. This | |||
| document describes the use of certificates in establishing authority | document describes the use of certificates in establishing authority | |||
| over telephone numbers, as a component of a broader architecture for | over telephone numbers, as a component of a broader architecture for | |||
| managing telephone numbers as identities in protocols like SIP. | managing telephone numbers as identities in protocols like SIP. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 12, 2018. | This Internet-Draft will expire on June 17, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 13, line 22 ¶ | skipping to change at page 13, line 22 ¶ | |||
| indirectly name all of the telephone numbers associated with that | indirectly name all of the telephone numbers associated with that | |||
| identifier for a service provider. | identifier for a service provider. | |||
| 2. Telephone numbers can be listed in a range (in the | 2. Telephone numbers can be listed in a range (in the | |||
| TelephoneNumberRange format), which consists of a starting | TelephoneNumberRange format), which consists of a starting | |||
| telephone number and then an integer count of numbers within the | telephone number and then an integer count of numbers within the | |||
| range, where the valid boundaries of ranges may vary according to | range, where the valid boundaries of ranges may vary according to | |||
| national policies. The count field is only applicable to start | national policies. The count field is only applicable to start | |||
| fields' whose values do not include "*" or "#" (i.e., a | fields' whose values do not include "*" or "#" (i.e., a | |||
| TelephoneNumber that does not include "*" or "#"). count never | TelephoneNumber that does not include "*" or "#"). count never | |||
| overflows a TelephoneNumber digit boundary (i.e., a | makes the number increase in length (i.e., a TelephoneNumberRange | |||
| TelephoneNumberRange with TelephoneNumber=10 with a count=91 will | with TelephoneNumber=10 with a count=91 will address numbers | |||
| address numbers 10-99). | 10-99); formally, given the inputs count and TelephoneNumber of | |||
| length D the end of the TelephoneNumberRange is: | ||||
| MIN(TelephoneNumber + count, 10^D - 1). | ||||
| 3. A single telephone number can be listed (as a TelephoneNumber). | 3. A single telephone number can be listed (as a TelephoneNumber). | |||
| Note that because large-scale service providers may want to associate | Note that because large-scale service providers may want to associate | |||
| many numbers, possibly millions of numbers, with a particular | many numbers, possibly millions of numbers, with a particular | |||
| certificate, optimizations are required for those cases to prevent | certificate, optimizations are required for those cases to prevent | |||
| the certificate size from becoming unmanageable. In these cases, the | the certificate size from becoming unmanageable. In these cases, the | |||
| TN Authorization List may be given by reference rather than by value, | TN Authorization List may be given by reference rather than by value, | |||
| through the presence of a separate certificate extension that permits | through the presence of a separate certificate extension that permits | |||
| verifiers to either (1) securely download the list of numbers | verifiers to either (1) securely download the list of numbers | |||
| skipping to change at page 16, line 14 ¶ | skipping to change at page 16, line 16 ¶ | |||
| o The TN ASN.1 module in the "SMI Security for PKIX Module | o The TN ASN.1 module in the "SMI Security for PKIX Module | |||
| Identifier" (1.3.6.1.5.5.7.0) registry: | Identifier" (1.3.6.1.5.5.7.0) registry: | |||
| 89 id-mod-tn-module | 89 id-mod-tn-module | |||
| 11.2. Media Type Registrations | 11.2. Media Type Registrations | |||
| Type name: application | Type name: application | |||
| Subtype name: tnauthlist | Subtype name: tnauthlist | |||
| Required parameters: None. | Required parameters: None | |||
| Optional parameters: None. | Optional parameters: None | |||
| Encoding considerations: Binary. | Encoding considerations: Binary | |||
| Security considerations: See Section 12 of [RFCTBD]. | Security considerations: See Section 12 of [RFCTBD] | |||
| Interoperability considerations: | Interoperability considerations: | |||
| The TN Authorization List inside this media type MUST be | The TN Authorization List inside this media type MUST be | |||
| DER-encoded TNAuthorizationList. | DER-encoded TNAuthorizationList. | |||
| Published specification: [RFCTBD]. | Published specification: [RFCTBD] | |||
| Applications that use this media type: | Applications that use this media type: | |||
| Issuers and relying parties of secure telephone identity | Issuers and relying parties of secure telephone identity | |||
| certificates, to limit the subject's authority to a | certificates, to limit the subject's authority to a | |||
| particular telephone number or telephone number range. | particular telephone number or telephone number range. | |||
| Fragment identifier considerations: None | ||||
| Additional information: | Additional information: | |||
| Deprecated alias names for this type: None | ||||
| Magic number(s): None | Magic number(s): None | |||
| File extension(s): None | File extension(s): None | |||
| Macintosh File Type Code(s): None | Macintosh File Type Code(s): None | |||
| Person & email address to contact for further information: | Person & email address to contact for further information: | |||
| Jon Peterson <jon.peterson@team.neustar> | Jon Peterson <jon.peterson@team.neustar> | |||
| Intended usage: COMMON | Intended usage: COMMON | |||
| Restrictions on usage: none | Restrictions on usage: None | |||
| Author: Sean Turner <sean@sn3rd.com> | Author: Sean Turner <sean@sn3rd.com> | |||
| Change controller: The IESG <iesg@ietf.org> | Change controller: The IESG <iesg@ietf.org> | |||
| [RFC editor's instruction: Please replace RFCTBD with the | [RFC editor's instruction: Please replace RFCTBD with the | |||
| RFC number when this document is published.] | RFC number when this document is published.] | |||
| 12. Security Considerations | 12. Security Considerations | |||
| This document is entirely about security. For further information on | This document is entirely about security. For further information on | |||
| certificate security and practices, see [RFC5280], in particular its | certificate security and practices, see [RFC5280], in particular its | |||
| End of changes. 9 change blocks. | ||||
| 13 lines changed or deleted | 17 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||