**Session Date/Time:** 23 Jul 2025 12:30 # STIR Working Group Meeting - IETF 123 ## Summary The STIR working group met to discuss three main topics: Certificate Transparency for STIR certificates, JWT Claim Constraints for ACME, and the Vesper framework. The group also addressed administrative updates including document status and a reference update for RFC 8588. Key discussions focused on the applicability and threat model for certificate transparency in the STIR context, and progress on the Vesper framework simplification. ## Key Discussion Points ### Document Status Updates - RFC 9795 on RCD is now published - Two documents currently with IESG: one approved and waiting for final actions, RFC 4916 update pending author actions - Certificate OCSP document in IETF last call - Certificate short-lived document completed working group last call, awaiting shepherd write-up ### Certificate Transparency for STIR - **Threat Model Discussion**: Extensive debate on the specific threats CT addresses in STIR context vs. WebPKI - Missisuance of SPC codes in certificates - Incorrect telephone number validation by CAs - Rogue CA certificate issuance - **Competition Concerns**: Discussion about potential for CT policies to favor certain classes of entities over others in pluralist environments - **Technical Benefits**: - Detection of certificates issued with unauthorized service provider codes - Monitoring capability for legitimate certificate holders - Forensic value for investigating certificate misuse - **Implementation Details**: Focus on profiling RFC 6962 for STIR context rather than redefining CT mechanisms ### JWT Claim Constraints in ACME - **Informational Update**: Progress on ACME draft for authority token profiles - **Technical Approach**: Two certificate extensions defined in RFC 8226, creating authority token profile for potential RCD and delegate certificate usage - **Examples Provided**: Basic RCD usage patterns with permitted and excluded claim values - **Status**: Moving toward adoption in ACME working group with positive feedback ### Vesper Framework - **Major Simplification**: Wholesale revision based on IETF 122 feedback to focus on current STIR tools and scope - **Scope Definition**: Limited to delegate certificates with telephone number scope, TN and JWT claim constraints usage - **Architecture**: Framework for authority token management, number assignment validation, and KYC/vetting processes - **Privacy Features**: Hash mechanisms to protect sensitive data while maintaining integrity verification - **Modularity**: Suggestion to make certificate transparency support more modular rather than tightly coupled ### RFC 8588 Reference Update - **Issue**: Referenced ATIS specification version no longer available due to ATIS versioning practices - **Solution**: Update to persistent reference for current v3 version, potentially hosted by SIP Forum - **Process**: New draft submitted to address reference issues and incorporate incremental updates ## Decisions and Action Items - **Certificate Transparency**: No formal objection to call for adoption - proceeding with adoption process - **Vesper Framework**: Not calling for adoption yet, seeking additional feedback round before proceeding - **RFC 8588 Update**: Chris Wendt to initiate mailing list discussion on the reference update draft - **ACME JWT Constraints**: Continue progress in ACME working group with STIR awareness ## Next Steps - Issue call for adoption on Certificate Transparency draft - Solicit additional feedback on Vesper framework before adoption consideration - Begin mailing list discussion on RFC 8588 reference update - Continue ACME working group process for JWT claim constraints - Incorporate feedback on certificate transparency modularity suggestions for Vesper