NS/EP Service Provider Credential for SIP RPH Signing Ray P. Singh November 6, 2017 NS/EP Service Provider Credential for SIP RPH Signing PTSC and IPNNI Task Force Meetings McLean, Virginia November 6, 2017

Overview Background Next Step Objective IETF last call was initiated for draft-ietf-stir-rph-01 providing PASSPorT extension for SIP RPH Signing Next Step Objective Define Solution for Authority/Delegation and NS/EP Service Provider (SP) Credential (i.e., Certificate) for SIP RPH Signing

Authority/Delegation and SP Credential Solution considerations Authority and Delegation OEC is the authority for claims associated with “ets” and “wps” namespaces in the SIP RPH NS/EP Service Providers are delegated by OEC as authority for signing SIP RPH with “ets” and “wps” namespaces

Options Option 1: Authority issues certificates for authorized NS/EP Service Providers Option 2: NS/EP Service Providers use their own certificate to identify themselves (e.g., TN certificate used for SHAKEN) Dedicated infrastructure for NS/EP Service Provider certificate issuance and maintenance Leverages SHAKEN infrastructure by using the carrier certificate to sign both TN and SIP RPH Certificate identifies authorized NS/EP Provider Manual distribution of list of authorized NS/EP Service Providers Different certificates required for SHAKEN and RPH signing Carriers benefit of using same credentials for SHAKEN and RPH signing - Avoids complexity of having to use a different certificate for RPH signing from the one used for TN signing Recommendation: NS/EP NGN-PS Service Provider use SHAKEN Credential (i.e., Certificate) for both TN and RPH Signing.

Conclusion/Next Step Need to identify the enhancements needed to allow a NS/EP NGN-PS Service Provider to use its SHAKEN certificate to sign SIP RPHs