RFC 8443 — PASSporT Extension for Resource Priority Authorization
RFC 8443 (Singh, Dolly, Das, Nguyen — August 2018) is the IETF
specification that extends PASSporT with the rph claim,
carrying a cryptographically signed assertion of authorization
for the SIP Resource-Priority header field. The motivation
was straightforward: SIP networks act on Resource-Priority
to give certain calls preferential routing or treatment
(NS/EP communications, public-safety calls, MLPP for military
networks), and an unsigned priority assertion is trivial to
spoof. The rph claim binds the priority assertion to the
originator’s authority through the same certificate hierarchy
that authenticates the calling number.
What it specifies
The mechanism is small:
- The
rphclaim. A JSON object with one required key,auth— an array of strings, each carrying a namespace and priority value (e.g.,ets.0for the Emergency Telecommunications Service highest priority,wps.0for Wireless Priority Service). The structure can carry multiple authorization assertions for cases where a call is authorized in multiple priority namespaces simultaneously. - PASSporT type extension semantics. A SIP request
carrying a
Resource-Priorityheader field with prioritized values can carry an Identity header field whose PASSporT includes therphclaim. The verifier checks the signature against a certificate authorized for the asserted priority namespace, confirming the originator’s authority.
If signature validation fails, RFC 8443 specifies that the
verifier should infer the calling party is not authorized for
the asserted priority and treat the call as ordinary —
specifically, the Resource-Priority header field SHOULD be
stripped before further routing. This is the right
default-deny posture for priority systems that gate scarce
resources.
Where this document is referenced
- RFC 9027 extends this document’s
rphclaim with emergency-services-specific assertion values (esnet.x) and adds a newsphclaim for SIP Priority Header protection. The two documents work together for emergency-services use cases. - RFC 8225 is the base PASSporT spec this document extends.
- STIR extensions is the topic page that catalogs PASSporT extensions and auxiliary mechanisms; the priority-authorization extension is one of the catalog entries.
The author team reflects the spec’s origins in the emergency-communications and national-security communications community — Vencore Labs, AT&T, and the DHS Office of Emergency Communications were the primary contributors. The work tracks back through the longstanding NS/EP and MLPP priority-marking work in SIP.