draft-ietf-stir-8588bis — Revision of the SHAKEN PASSporT Extension
draft-ietf-stir-8588bis (Wendt, Barnes) is the IETF revision of
RFC 8588 — the specification defining the shaken PASSporT
extension with the attest claim (SHAKEN’s A/B/C attestation
levels) and the origid claim (originating identifier). I am a
co-author with Mary Barnes — the same authorship as the original
RFC 8588 (May 2019). Currently draft-ietf-stir-8588bis-01
(published 13 April 2026), submitted to the IESG (Publication
Requested). Standards Track. Replaces the earlier individual draft
draft-barnes-stir-8588bis. Once published as an RFC, will
obsolete RFC 8588.
The conceptual context for the SHAKEN framework, and for the attestation levels themselves, lives on the SHAKEN topic page and the attestation levels page; this page covers what’s specific to the bis revision.
What changes from RFC 8588
The bis revision is narrowly scoped — RFC 8588 is itself a small specification, and this revision addresses a small set of specific issues rather than rewriting the design. The “Changes from RFC 8588” section of the draft identifies the substantive updates:
iatexample correction. RFC 8588 contained an error in the example PASSporT payload — theiatvalue was rendered with quotes around it, which is incorrect (it should be a numeric value, not a string). The bis revision fixes the example.- ATIS-1000074 reference update. The normative reference to ATIS-1000074 (the SHAKEN base specification) is updated to reference the version in effect at the time of this draft’s publication. The ATIS standards process only retains the most recent version of a published specification, so anchoring the IETF reference to a specific version requires periodic refresh.
In addition, while not called out as a separate change in that
section, the bis revision tightens the format of the origid
claim:
origidpinned to UUID format (RFC 9562). In RFC 8588,origidwas defined as an opaque unique identifier without a normative format. The bis revision specifies in section 5 that the value MUST be a UUID as defined in RFC 9562 (Universally Unique IDentifier URN Namespace). The privacy considerations remain as in RFC 8588 —origidshould be generated such that correlation across calls doesn’t leak information about gateway routing patterns or subscriber-level identifiers — but the format is now standardized to UUID.
The bis revision is otherwise unchanged from RFC 8588. The
attestation level definitions (A/B/C) are unchanged. The
attest claim semantics are unchanged. The IANA registrations
update only the reference to point to the new RFC number once
published.
Status
Currently draft-ietf-stir-8588bis-01, active working group
document in the STIR WG, expires 15 October 2026. The draft was
adopted by the WG (replacing draft-barnes-stir-8588bis) and is
progressing through normal IETF process. Standards Track. Once
published as an RFC, the new RFC will obsolete RFC 8588 and
become the operative IETF specification for the SHAKEN PASSporT
extension.