draft-ietf-stir-certificates-16.txt   draft-ietf-stir-certificates-17.txt 
Network Working Group J. Peterson Network Working Group J. Peterson
Internet-Draft Neustar Internet-Draft Neustar
Intended status: Standards Track S. Turner Intended status: Standards Track S. Turner
Expires: June 12, 2018 sn3rd Expires: June 17, 2018 sn3rd
December 9, 2017 December 14, 2017
Secure Telephone Identity Credentials: Certificates Secure Telephone Identity Credentials: Certificates
draft-ietf-stir-certificates-16 draft-ietf-stir-certificates-17
Abstract Abstract
In order to prevent the impersonation of telephone numbers on the In order to prevent the impersonation of telephone numbers on the
Internet, some kind of credential system needs to exist that Internet, some kind of credential system needs to exist that
cryptographically asserts authority over telephone numbers. This cryptographically asserts authority over telephone numbers. This
document describes the use of certificates in establishing authority document describes the use of certificates in establishing authority
over telephone numbers, as a component of a broader architecture for over telephone numbers, as a component of a broader architecture for
managing telephone numbers as identities in protocols like SIP. managing telephone numbers as identities in protocols like SIP.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 12, 2018. This Internet-Draft will expire on June 17, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 13, line 22 skipping to change at page 13, line 22
indirectly name all of the telephone numbers associated with that indirectly name all of the telephone numbers associated with that
identifier for a service provider. identifier for a service provider.
2. Telephone numbers can be listed in a range (in the 2. Telephone numbers can be listed in a range (in the
TelephoneNumberRange format), which consists of a starting TelephoneNumberRange format), which consists of a starting
telephone number and then an integer count of numbers within the telephone number and then an integer count of numbers within the
range, where the valid boundaries of ranges may vary according to range, where the valid boundaries of ranges may vary according to
national policies. The count field is only applicable to start national policies. The count field is only applicable to start
fields' whose values do not include "*" or "#" (i.e., a fields' whose values do not include "*" or "#" (i.e., a
TelephoneNumber that does not include "*" or "#"). count never TelephoneNumber that does not include "*" or "#"). count never
overflows a TelephoneNumber digit boundary (i.e., a makes the number increase in length (i.e., a TelephoneNumberRange
TelephoneNumberRange with TelephoneNumber=10 with a count=91 will with TelephoneNumber=10 with a count=91 will address numbers
address numbers 10-99). 10-99); formally, given the inputs count and TelephoneNumber of
length D the end of the TelephoneNumberRange is:
MIN(TelephoneNumber + count, 10^D - 1).
3. A single telephone number can be listed (as a TelephoneNumber). 3. A single telephone number can be listed (as a TelephoneNumber).
Note that because large-scale service providers may want to associate Note that because large-scale service providers may want to associate
many numbers, possibly millions of numbers, with a particular many numbers, possibly millions of numbers, with a particular
certificate, optimizations are required for those cases to prevent certificate, optimizations are required for those cases to prevent
the certificate size from becoming unmanageable. In these cases, the the certificate size from becoming unmanageable. In these cases, the
TN Authorization List may be given by reference rather than by value, TN Authorization List may be given by reference rather than by value,
through the presence of a separate certificate extension that permits through the presence of a separate certificate extension that permits
verifiers to either (1) securely download the list of numbers verifiers to either (1) securely download the list of numbers
skipping to change at page 16, line 14 skipping to change at page 16, line 16
o The TN ASN.1 module in the "SMI Security for PKIX Module o The TN ASN.1 module in the "SMI Security for PKIX Module
Identifier" (1.3.6.1.5.5.7.0) registry: Identifier" (1.3.6.1.5.5.7.0) registry:
89 id-mod-tn-module 89 id-mod-tn-module
11.2. Media Type Registrations 11.2. Media Type Registrations
Type name: application Type name: application
Subtype name: tnauthlist Subtype name: tnauthlist
Required parameters: None. Required parameters: None
Optional parameters: None. Optional parameters: None
Encoding considerations: Binary. Encoding considerations: Binary
Security considerations: See Section 12 of [RFCTBD]. Security considerations: See Section 12 of [RFCTBD]
Interoperability considerations: Interoperability considerations:
The TN Authorization List inside this media type MUST be The TN Authorization List inside this media type MUST be
DER-encoded TNAuthorizationList. DER-encoded TNAuthorizationList.
Published specification: [RFCTBD]. Published specification: [RFCTBD]
Applications that use this media type: Applications that use this media type:
Issuers and relying parties of secure telephone identity Issuers and relying parties of secure telephone identity
certificates, to limit the subject's authority to a certificates, to limit the subject's authority to a
particular telephone number or telephone number range. particular telephone number or telephone number range.
Fragment identifier considerations: None
Additional information: Additional information:
Deprecated alias names for this type: None
Magic number(s): None Magic number(s): None
File extension(s): None File extension(s): None
Macintosh File Type Code(s): None Macintosh File Type Code(s): None
Person & email address to contact for further information: Person & email address to contact for further information:
Jon Peterson <jon.peterson@team.neustar> Jon Peterson <jon.peterson@team.neustar>
Intended usage: COMMON Intended usage: COMMON
Restrictions on usage: none Restrictions on usage: None
Author: Sean Turner <sean@sn3rd.com> Author: Sean Turner <sean@sn3rd.com>
Change controller: The IESG <iesg@ietf.org> Change controller: The IESG <iesg@ietf.org>
[RFC editor's instruction: Please replace RFCTBD with the [RFC editor's instruction: Please replace RFCTBD with the
RFC number when this document is published.] RFC number when this document is published.]
12. Security Considerations 12. Security Considerations
This document is entirely about security. For further information on This document is entirely about security. For further information on
certificate security and practices, see [RFC5280], in particular its certificate security and practices, see [RFC5280], in particular its
 End of changes. 9 change blocks. 
13 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/