1. NS/EP Service Provider Credential for SIP RPH Signing
Ray P. Singh
November 6, 2017
NS/EP Service Provider Credential for SIP RPH Signing
PTSC and IPNNI Task Force Meetings
McLean, Virginia
November 6, 2017

2. Overview Background Next Step Objective
IETF last call was initiated for draft-ietf-stir-rph-01 providing PASSPorT extension for SIP RPH Signing
Next Step Objective
Define Solution for Authority/Delegation and NS/EP Service Provider (SP) Credential (i.e., Certificate) for SIP RPH Signing

3. Authority/Delegation and SP Credential
Solution considerations
Authority and Delegation
OEC is the authority for claims associated with “ets” and “wps” namespaces in the SIP RPH
NS/EP Service Providers are delegated by OEC as authority for signing SIP RPH with “ets” and “wps” namespaces

4. Options
Option 1: Authority issues certificates for authorized NS/EP Service Providers
Option 2: NS/EP Service Providers use their own certificate to identify themselves (e.g., TN certificate used for SHAKEN)
Dedicated infrastructure for NS/EP Service Provider certificate issuance and maintenance
Leverages SHAKEN infrastructure by using the carrier certificate to sign both TN and SIP RPH
Certificate identifies authorized NS/EP Provider
Manual distribution of list of authorized NS/EP Service Providers
Different certificates required for SHAKEN and RPH signing
Carriers benefit of using same credentials for SHAKEN and RPH signing -
Avoids complexity of having to use a different certificate for RPH signing from the one used for TN signing
Recommendation: NS/EP NGN-PS Service Provider use SHAKEN Credential (i.e., Certificate) for both TN and RPH Signing.

5. Conclusion/Next Step
Need to identify the enhancements needed to allow a NS/EP NGN-PS Service Provider to use its SHAKEN certificate to sign SIP RPHs