The STIR IETF charter group is working on this problem now. (Literally right now, join the Jabber or listen) Namely this article highlights the need for CallerID due to
- Robocalling
- Phishing
- DoS attacks
Former solutions include:
RFC 4474 defines SIP "Identity", however this isn't compatible with existing deployments so it hasn't been used. RFC447bis is a modification to that proposal that may be included in STIR's meeting.
P-Asserted-Identity (P-A-I) in RFC3225, however this is focused on solving the problem within a trusted subset of known players.
These solutions focus on "identity" and include a "SIP URI" or "SIP address" and while the ultimate STIR mechanism (or a variant thereof) might also work for SIP URIs, the focus in this initial work is all around securing the origin identification of telephone numbers.
The aspect that gives the STIR group more potential is that its focus makes a great amount of sense given that so much of the SIP traffic today is a result of telecom service providers moving their regular calls to telephone numbers off of the legacy PSTN networks and over to IP networks where they use SIP. Additionally, a great amount of the "problem" traffic seen in VoIP today can be created by attackers who use simple VoIP software to generate their calls to regular telephone numbers.
source