draft-wendt-stir-vesper — VESPER core specification
draft-wendt-stir-vesper (Wendt, Sliwa) is the normative specification for the VESPER framework. I am the primary author. The conceptual context — what VESPER is, the four roles, why the certificate profile is structured the way it is, the relationship to STIR/SHAKEN — lives on the VESPER topic page. This page covers what’s specific to this draft.
What this draft specifies
The draft defines the normative requirements for VESPER deployment. Top-level sections cover the certificate profile (required and optional X.509 extensions on a VESPER delegate certificate), the issuance process (an ACME-based flow extended with TNAuthList Authority Tokens and optional JWTClaimConstraints Authority Tokens), the authentication and verification procedures (the normative steps Authentication Services and Verification Services follow when constructing or validating PASSporTs signed by VESPER delegate certificates), the RTU Token (the JWT form for portable proof of right-to-use in non-SIP contexts), and the Connected Identity integration with draft-ietf-stir-rfc4916-update.
What changed across revisions
Several architectural pieces present in earlier drafts have been
removed or simplified. The vper PASSporT claim was removed —
the VESPER trust signal is encoded in the certificate itself,
and PASSporTs signed by a VESPER delegate certificate are
standard RFC 8225 PASSporTs. The Claim Agent role (an
intermediate entity asserting claims on behalf of the responsible
entity) was also removed — VESPER puts the signing in the hands
of the responsible entity directly, with delegate-certificate
mechanics handling further sub-delegation. Privacy modes that
were sketched in early drafts have been dropped in favor of
simpler privacy semantics that emerge from short-lived
certificates and reduced data exposure on the trust artifact
itself.
The convergence across these changes is toward a smaller spec — fewer new claims, fewer roles, fewer mechanism-specific behaviors — leveraging existing infrastructure (X.509 extensions, ACME issuance, RFC 8225 PASSporTs) more heavily.
Status
Currently draft-wendt-stir-vesper-07, an individual draft (not
yet a working-group document). The work is being discussed in
the STIR working group, with the proposed STIR recharter expected
to formalize VESPER as the working group’s primary direction
for extending the framework. The recharter discussions explicitly
identified VESPER as the work item that surfaced the
architectural questions the expanded scope addresses.