{"draft":"draft-ietf-stir-problem-statement-05","doc_id":"RFC7340","title":"Secure Telephone Identity Problem Statement and Requirements","authors":["J. Peterson","H. Schulzrinne","H. Tschofenig"],"format":["ASCII","HTML"],"page_count":"25","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Secure Telephone Identity Revisited RAI","abstract":"Over the past decade, Voice over IP (VoIP) systems based on SIP have\r\nreplaced many traditional telephony deployments.  Interworking VoIP\r\nsystems with the traditional telephone network has reduced the\r\noverall level of calling party number and Caller ID assurances by\r\ngranting attackers new and inexpensive tools to impersonate or\r\nobscure calling party numbers when orchestrating bulk commercial\r\ncalling schemes, hacking voicemail boxes, or even circumventing\r\nmulti-factor authentication systems trusted by banks.  Despite\r\nprevious attempts to provide a secure assurance of the origin of SIP\r\ncommunications, we still lack effective standards for identifying the\r\ncalling party in a VoIP session.  This document examines the reasons\r\nwhy providing identity for telephone numbers on the Internet has\r\nproven so difficult and shows how changes in the last decade may\r\nprovide us with new strategies for attaching a secure identity to SIP\r\nsessions.  It also gives high-level requirements for a solution in\r\nthis space.","pub_date":"September 2014","keywords":["SIP","XMPP","Secure Origin Identification","Communication Security","RTCWeb","Problem Statement","Real-Time Communication"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7340","errata_url":null}