RFC 9027 — Assertion Values for RPH/SIP Priority Header Claims for Emergency Services Networks
RFC 9027 (Dolly, Wendt — June 2021) is the IETF specification
that closes a gap in RFC 8443 for
emergency services networks. It adds a new set of auth array
values (esnet.x) to the rph claim, covering emergency-call
origination and callback scenarios, and defines a new PASSporT
claim sph that protects the SIP Priority header field’s
psap-callback value. I am co-author. The work is small — 7
pages — but operationally specific: emergency-services
networks have particular trust requirements that the generic
priority-authorization mechanism didn’t cover.
What it specifies
Two additions to the priority-authorization story:
- New
authvalues for therphclaim. Theesnet.xfamily of values, where x is a specific emergency-services context (e.g.,esnet.1for emergency call origination). An originating provider assertingesnet.xis signing that the call is destined for emergency services — theorigclaim represents the calling-party number, thedestclaim must be a country-/region-specific emergency dial string (911,112) orurn:service:sos(RFC 5031). TheResource-Priorityheader field can then carry the appropriate priority value with cryptographic backing for the emergency-services assertion. - The
sphclaim. A new PASSporT claim, registered in the JWT Claims registry. Protects the SIPPriorityheader field’spsap-callbackvalue (RFC 7090) — the value asserted on a callback from a Public Safety Answering Point to a calling party that initiated an emergency call. Thesphclaim signs that thePriorityvalue is being asserted by a PSAP authorized to initiate such callbacks.
The two additions cover both directions of an emergency-call
flow: outbound (citizen → PSAP, secured via rph with
esnet.x) and inbound (PSAP → citizen on callback, secured
via sph with psap-callback).
Why this work was needed
RFC 8443 defined the base priority-authorization mechanism but didn’t enumerate emergency-services namespaces — those were left to follow-on specifications, and the emergency-services use case is particularly sensitive because calls falsely asserting emergency-service destination can affect routing decisions in ways that matter for public safety. Without an emergency-services namespace and verification path, emergency-services networks either had to trust unauthenticated priority assertions or rely on out-of-band identification of emergency-service calls.
The companion psap-callback protection covers a related but
distinct case. PSAPs frequently call back when an emergency
call drops or callback information is needed. Networks
preferentially route these callbacks based on the Priority
header field. Without cryptographic backing, the callback
value is forgeable. The sph claim closes that gap for the
PSAP side.
Where this document is referenced
- RFC 8443 is the base
priority-authorization spec this document extends. Read
8443 first for the
rphclaim mechanics; 9027 picks up with the emergency-services-specific values. - RFC 8225 defines the PASSporT extension framework both documents plug into.
- STIR extensions is the topic page that catalogs the PASSporT extension family.