Trust & Security

RFC 8224 (Authenticated Identity in SIP)

RFC 8224 is the IETF specification that defines the Identity SIP header for cryptographically signing the asserted caller-ID. It is the foundation of STIR/SHAKEN.

What it specifies

RFC 8224 obsoletes RFC 4474. It defines:

• The Identity header field syntax (a JWS-signed token).
• The info parameter (URL to the signing certificate).
• How to canonicalize the SIP request before signing (so intermediaries don't break the signature).
• How verifying entities fetch the cert, verify the JWS, and act on the result.

Required headers in the signed payload

{
  "alg": "ES256",
  "ppt": "shaken",       // RFC 8588: the SHAKEN PASSporT extension
  "typ": "passport",
  "x5u": "https://cert.didhub.io/shaken.crt"
}
{
  "attest": "A",         // attestation level
  "dest":   { "tn": ["15557654321"] },
  "iat":    1700000000,
  "orig":   { "tn": "15551234567" },
  "origid": "abc123"     // unique call ID, for trace-back
}

Companion RFCs

• RFC 8225 — PASSporT format
• RFC 8226 — X.509 certs for STIR
• RFC 8588 — SHAKEN extension to PASSporT

Related terms

Related glossary terms

Asterisk (open-source PBX framework)

Asterisk is the original open-source telephony framework, started by Mark Spencer in 1999. It is a Class 5 PBX engine: it terminates SIP/IAX

Read →

Attestation Levels (A, B, C)

Attestation levels are the three trust ratings that an originating carrier assigns to outbound calls under STIR/SHAKEN. They tell the termin

Read →

Auto-Provisioning (zero-touch desk phone setup)

Auto-provisioning is how you deploy 50, 500, or 50,000 desk phones without manually configuring each one. The phone boots, fetches its confi

Read →

BYOC (Bring Your Own Carrier)

BYOC is a deployment model where you use a third-party SaaS platform (Vapi, Retell, Microsoft Teams, Zoom Phone, Twilio Flex) for the call-c

Read →