idnits 2.17.1 draft-wendt-stir-passport-shaken-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([ATIS-1000074]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (July 03, 2017) is 2483 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCThis' is mentioned on line 162, but not defined == Unused Reference: 'I-D.ietf-stir-certificates' is defined on line 181, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-stir-passport' is defined on line 186, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ATIS-1000074' == Outdated reference: A later version (-18) exists of draft-ietf-stir-certificates-14 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 stir C. Wendt 3 Internet-Draft Comcast 4 Intended status: Standards Track M. Barnes 5 Expires: January 4, 2018 MLB@Realtime Communications 6 July 03, 2017 8 PASSporT SHAKEN Extension (SHAKEN) 9 draft-wendt-stir-passport-shaken-00 11 Abstract 13 This document extends PASSporT, a token object that conveys 14 cryptographically-signed information about the participants involved 15 in personal communications, to include information defined as part of 16 the SHAKEN [ATIS-1000074] specification for indicating an attestation 17 level and originating ID. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on January 4, 2018. 36 Copyright Notice 38 Copyright (c) 2017 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 55 3. PASSporT 'attest' Claim . . . . . . . . . . . . . . . . . . . 2 56 4. PASSporT 'origid' Claim . . . . . . . . . . . . . . . . . . . 3 57 5. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 6. Using 'shaken' in SIP . . . . . . . . . . . . . . . . . . . . 3 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 60 7.1. JSON Web Token claims . . . . . . . . . . . . . . . . . . 3 61 7.2. PASSporT Types . . . . . . . . . . . . . . . . . . . . . 4 62 8. Security Considerations . . . . . . . . . . . . . . . . . . . 4 63 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 64 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 10.1. Normative References . . . . . . . . . . . . . . . . . . 4 66 10.2. Informative References . . . . . . . . . . . . . . . . . 5 67 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 69 1. Introduction 71 The SHAKEN specification defines a framework for using STIR protocols 72 including PASSporT and the STIR certificate framework for 73 implementing the cryptographic validation of an authorized originator 74 of telephone calls using SIP. Because the current telephone network 75 contains both VoIP and TDM/SS7 originated traffic, there is many 76 scenarios that need to be accounted for where PASSporT signatures may 77 represent either direct or indirect call origination scenarios. The 78 SHAKEN [ATIS-1000074] specification defines levels of attribution of 79 the origination of the call as well as an origination identifier that 80 can help create a unique association with the origination of calls 81 from various parts of the VoIP or TDM telephone network. This 82 document specifies these indicators as a specified PASSporT 83 extension. 85 2. Terminology 87 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 88 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 89 document are to be interpreted as described in [RFC2119]. 91 3. PASSporT 'attest' Claim 93 This indicator allows for both identifying the service provider that 94 is vouching for the call as well as a clearly indicating what 95 information the service provider is attesting to. The 'attest' claim 96 can be one of the following three values, 'A', 'B', or 'C' as defined 97 in [ATIS-1000074]. 99 4. PASSporT 'origid' Claim 101 The purpose of the unique origination identifier is to assign an 102 opaque identifier corresponding to the service provider-initiated 103 calls themselves, customers, classes of devices, or other groupings 104 that a service provider might want to use for determining things like 105 reputation or trace back identification of customers or gateways. 106 The value of 'origid' claim is a UUID as defined in [RFC4122]. 108 5. Example 110 Protected Header 111 { 112 "alg":"ES256", 113 "typ":"passport", 114 "ppt":"shaken", 115 "x5u":"https://cert.example.org/passport.crt" 116 } 117 Payload 118 { 119 "attest":"A" 120 "dest":{"uri":"sip:alice@example.com"} 121 "iat":"1443208345", 122 "orig":{"tn":"12155551212"}, 123 "origid":"123e4567-e89b-12d3-a456-426655440000" 124 } 126 6. Using 'shaken' in SIP 128 The use of the 'shaken' PASSporT type and the claims 'attest' and 129 'origid' are formally defined in [ATIS-1000074] for usage in SIP 130 [RFC3261] aligned with the use of the identity header defined in 131 [I-D.ietf-stir-rfc4474bis]. The carriage of the 'attest' and 132 'origid' values are in the full PASSporT token included in the 133 identity header as specified in [ATIS-1000074]. 135 7. IANA Considerations 137 7.1. JSON Web Token claims 139 This specification requests that the IANA add two new claims to the 140 JSON Web Token Claims registry as defined in [RFC7519]. 142 Claim Name: "attest" 143 Claim Description: Attestation level as defined in SHAKEN framework 145 Change Controller: IESG 147 Specification Document(s): [RFCThis] 149 Claim Name: "origid" 151 Claim Description: Originating Identifier as defined in SHAKEN 152 framework 154 Change Controller: IESG 156 Specification Document(s): [RFCThis] 158 7.2. PASSporT Types 160 This specification requests that the IANA add a new entry to the 161 PASSporT Types registry for the type "shaken" which is specified in 162 [RFCThis]. 164 8. Security Considerations 166 TBD 168 9. Acknowledgements 170 TBD 172 10. References 174 10.1. Normative References 176 [ATIS-1000074] 177 ATIS/SIP Forum NNI Task Group, "Signature-based Handling 178 of Asserted information using toKENs (SHAKEN)", January 179 2017. 181 [I-D.ietf-stir-certificates] 182 Peterson, J. and S. Turner, "Secure Telephone Identity 183 Credentials: Certificates", draft-ietf-stir- 184 certificates-14 (work in progress), May 2017. 186 [I-D.ietf-stir-passport] 187 Wendt, C. and J. Peterson, "Personal Assertion Token 188 (PASSporT)", draft-ietf-stir-passport-11 (work in 189 progress), February 2017. 191 [I-D.ietf-stir-rfc4474bis] 192 Peterson, J., Jennings, C., Rescorla, E., and C. Wendt, 193 "Authenticated Identity Management in the Session 194 Initiation Protocol (SIP)", draft-ietf-stir-rfc4474bis-16 195 (work in progress), February 2017. 197 [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally 198 Unique IDentifier (UUID) URN Namespace", RFC 4122, 199 DOI 10.17487/RFC4122, July 2005, 200 . 202 [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token 203 (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, 204 . 206 10.2. Informative References 208 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 209 Requirement Levels", BCP 14, RFC 2119, 210 DOI 10.17487/RFC2119, March 1997, 211 . 213 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 214 A., Peterson, J., Sparks, R., Handley, M., and E. 215 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 216 DOI 10.17487/RFC3261, June 2002, 217 . 219 Authors' Addresses 221 Chris Wendt 222 Comcast 223 One Comcast Center 224 Philadelphia, PA 19103 225 USA 227 Email: chris-ietf@chriswendt.net 229 Mary Barnes 230 MLB@Realtime Communications 232 Email: mary.ietf.barnes@gmail.com