IETF Interim: Secure Telephone Identity Revisited (STIR) 2026-04-09 18:00

The IETF interim session revisited Secure Telephone Identity (STIR) and introduced the Vesper profile, a proposed specification that bundles existing STIR mechanisms—delegate certificates, short‑lived certificates, transparency logs, claim constraints, and rich call data—into a single, opinionated framework. Participants reviewed minor draft revisions, addressed editorial nitpicks, and prepared to submit the updated documents for formal consideration. Key insights included the emphasis on delegating certificate authority to reflect enterprise‑to‑third‑party call handling, the integration of short‑lived certificates for rapid revocation, and the use of certificate transparency to audit issuance. The Vesper draft also proposes leveraging domain names as a supplemental identifier, linking telephone numbers to web‑based trust anchors. During the discussion, John and Dan highlighted the need for an additional, cryptographically‑attested identifier—such as a domain—paired with a third‑party Reputation‑Based Call‑Detail (RCD) mechanism to strengthen caller provenance. They cautioned against siloed trust models and argued that any new identifier must be bound to the call authentication event. If adopted, Vesper could become the IETF‑standard method for end‑to‑end call verification, giving carriers and enterprises a robust tool to combat spoofing and fraud while preserving flexibility for delegated call services.