appliedbits
LIBRARY  ·  IETF LIBRARY ENTRY
Last updated 2026-05-06 drafted

draft-ietf-stir-8588bis — Revision of the SHAKEN PASSporT Extension

draft-ietf-stir-8588bis (Wendt, Barnes) is the IETF revision of RFC 8588 — the specification defining the shaken PASSporT extension with the attest claim (SHAKEN’s A/B/C attestation levels) and the origid claim (originating identifier). I am a co-author with Mary Barnes — the same authorship as the original RFC 8588 (May 2019). Currently draft-ietf-stir-8588bis-01 (published 13 April 2026), submitted to the IESG (Publication Requested). Standards Track. Replaces the earlier individual draft draft-barnes-stir-8588bis. Once published as an RFC, will obsolete RFC 8588.

The conceptual context for the SHAKEN framework, and for the attestation levels themselves, lives on the SHAKEN topic page and the attestation levels page; this page covers what’s specific to the bis revision.

What changes from RFC 8588

The bis revision is narrowly scoped — RFC 8588 is itself a small specification, and this revision addresses a small set of specific issues rather than rewriting the design. The “Changes from RFC 8588” section of the draft identifies the substantive updates:

  • iat example correction. RFC 8588 contained an error in the example PASSporT payload — the iat value was rendered with quotes around it, which is incorrect (it should be a numeric value, not a string). The bis revision fixes the example.
  • ATIS-1000074 reference update. The normative reference to ATIS-1000074 (the SHAKEN base specification) is updated to reference the version in effect at the time of this draft’s publication. The ATIS standards process only retains the most recent version of a published specification, so anchoring the IETF reference to a specific version requires periodic refresh.

In addition, while not called out as a separate change in that section, the bis revision tightens the format of the origid claim:

  • origid pinned to UUID format (RFC 9562). In RFC 8588, origid was defined as an opaque unique identifier without a normative format. The bis revision specifies in section 5 that the value MUST be a UUID as defined in RFC 9562 (Universally Unique IDentifier URN Namespace). The privacy considerations remain as in RFC 8588 — origid should be generated such that correlation across calls doesn’t leak information about gateway routing patterns or subscriber-level identifiers — but the format is now standardized to UUID.

The bis revision is otherwise unchanged from RFC 8588. The attestation level definitions (A/B/C) are unchanged. The attest claim semantics are unchanged. The IANA registrations update only the reference to point to the new RFC number once published.

Status

Currently draft-ietf-stir-8588bis-01, active working group document in the STIR WG, expires 15 October 2026. The draft was adopted by the WG (replacing draft-barnes-stir-8588bis) and is progressing through normal IETF process. Standards Track. Once published as an RFC, the new RFC will obsolete RFC 8588 and become the operative IETF specification for the SHAKEN PASSporT extension.