[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 draft-ietf-ecrit-unauthenticated-access

ECRIT                                                     H. Schulzrinne
Internet-Draft                                       Columbia University
Intended status: Standards Track                               S. McCann
Expires: May 22, 2008                        Siemens/Roke Manor Research
                                                                G. Bajko
                                                                   Nokia
                                                           H. Tschofenig
                                                  Nokia Siemens Networks
                                                       November 19, 2007


   Extensions to the Emergency Services Architecture for dealing with
                Unauthenticated and Unauthorized Devices
         draft-schulzrinne-ecrit-unauthenticated-access-01.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on May 22, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   The IETF emergency services architecture assumes that access to a
   network has already happened using the traditional network access



Schulzrinne, et al.       Expires May 22, 2008                  [Page 1]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   authentication procedures or that no authentication for network
   access is needed (e.g., in case of public hotspots).  Subsequent
   protocol interactions, such as obtaining location information,
   learning the address of the Public Safety Answering Point (PSAP) and
   the emergency call itself are largely decoupled from the underlying
   network access procedures.

   There are, however, cases where a device is not in possession of
   credentials for network access, does not have a VoIP provider, or
   where the credentials are available but became invalid due to various
   reasons (e.g., credit exhaustion, expired accounts, etc.).

   This document provides a problem statement, introduces terminology
   and describes an extension for the base IETF emergency services
   architecture.




































Schulzrinne, et al.       Expires May 22, 2008                  [Page 2]

Internet-Draft      Unauthenticated Emergency Service      November 2007


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  A Warning Note . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Architecture . . . . . . . . . . . . . . . . . . . . . . . . .  7
   5.  Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     5.1.  End Host Profile . . . . . . . . . . . . . . . . . . . . . 10
       5.1.1.  ESRP Discovery . . . . . . . . . . . . . . . . . . . . 10
       5.1.2.  Location Determination and Location Configuration  . . 10
       5.1.3.  Emergency Call Identification  . . . . . . . . . . . . 10
       5.1.4.  SIP Emergency Call Signaling . . . . . . . . . . . . . 11
       5.1.5.  Media  . . . . . . . . . . . . . . . . . . . . . . . . 11
       5.1.6.  Testing  . . . . . . . . . . . . . . . . . . . . . . . 11
     5.2.  ISP Profile  . . . . . . . . . . . . . . . . . . . . . . . 11
       5.2.1.  ESRP Discovery . . . . . . . . . . . . . . . . . . . . 11
       5.2.2.  Location Determination and Location Configuration  . . 11
     5.3.  ESRP Profile . . . . . . . . . . . . . . . . . . . . . . . 12
       5.3.1.  Emergency Call Routing . . . . . . . . . . . . . . . . 12
       5.3.2.  Emergency Call Identification  . . . . . . . . . . . . 12
       5.3.3.  SIP Emergency Call Signaling . . . . . . . . . . . . . 12
       5.3.4.  Location Retrieval . . . . . . . . . . . . . . . . . . 12
     5.4.  PSAP Profile . . . . . . . . . . . . . . . . . . . . . . . 12
       5.4.1.  Location Retrieval . . . . . . . . . . . . . . . . . . 13
       5.4.2.  Emergency Call Routing . . . . . . . . . . . . . . . . 13
       5.4.3.  Emergency Call Identification  . . . . . . . . . . . . 13
       5.4.4.  SIP Emergency Call Signaling . . . . . . . . . . . . . 13
       5.4.5.  Media  . . . . . . . . . . . . . . . . . . . . . . . . 13
       5.4.6.  Testing  . . . . . . . . . . . . . . . . . . . . . . . 13
   6.  Example  . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 14
   9.  Open Issues  . . . . . . . . . . . . . . . . . . . . . . . . . 14
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
     10.2. Informative References . . . . . . . . . . . . . . . . . . 17
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
   Intellectual Property and Copyright Statements . . . . . . . . . . 21













Schulzrinne, et al.       Expires May 22, 2008                  [Page 3]

Internet-Draft      Unauthenticated Emergency Service      November 2007


1.  Introduction

   Summoning police, the fire department or an ambulance in emergencies
   is one of the fundamental and most-valued functions of the telephone.
   As telephone functionality moves from circuit-switched telephony to
   Internet telephony, its users rightfully expect that this core
   functionality will continue to work at least as well as it has for
   the older technology.  New devices and services are being made
   available that could be used to make a request for help, which are
   not traditional telephones, and users are increasingly expecting them
   to be used to place emergency calls.

   Based on the communication model of the Session Initiation Protocol
   (SIP) as excercised in the IETF it is not necessary to deploy SIP
   entities in access networks (or associated to them).  Instead, VoIP
   provider may deploy their SIP entities at any place on the Internet.
   The IETF emergency services architecture acknowledges this deployment
   model and even goes a step further by recognizing that there are
   potentially other, non-SIP VoIP providers, that might want to offer
   emergency service support to their customers.  Hence, the interaction
   between a SIP User Agent and its VoIP provider does not need to be
   standardized although [I-D.ietf-ecrit-phonebcp] provides best current
   practise recommendations regarding the usage of certain features as
   excercised in the case of SIP.

   This flexibility has implications for the architecture, as briefly
   described in [I-D.tschofenig-ecrit-architecture-overview], but allows
   access networks to be application layer agnostic.  Furthermore, since
   the normal VoIP communication exchanges do not traverse these
   entities in the access network it is quite likely that
   interoperability problems will occur especially in an emergency case.

   There are essentially three environments that need to be considered:

   1.  The emergency caller does not credentials for access to the
       network but it still has credentials for his VoIP provider.

       This is often the case with enterprise networks, home networks,
       or governmental networks.  In other cases the user might be able
       to obtain such credentials, for example in hotspots found in
       hotels, at airports, and in many coffee shops.  Unfortunately,
       users have to go through a lengthy procedure (often involving
       captive portals) to obtain a temporary account in exchange of
       money.  In emergency situations it is certainly not desirable to
       let the user find their way through a number of webpages and to
       type-in their credit card details.





Schulzrinne, et al.       Expires May 22, 2008                  [Page 4]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   2.  The emergency caller has credentials for network access but does
       not have credentials for a VoIP provider.  This case is rather
       unlikely.
   3.  The emergency caller has credentials (for either network access
       or it's VoIP provider) but they do not provide enough
       authorization to make a call.  This use case essentially refers
       to lack of authorization.  Examples are: Insufficient credits,
       lack of a roaming agreement (between visited network and home
       network), disabled account, and other authorization failures.

   Scenario (1) is the most likely scenario and the main focus of this
   document.

   In all these cases it is not possible to place an emergency call as
   envisioned in the IETF emergency services architecture, described in
   [I-D.ietf-ecrit-framework].


2.  A Warning Note

   At the time of writing there is no regulation in place that demands
   the functionality described in this memo.  SDOs have started their
   work on this subject in a proactive fashion in the anticipation that
   national regulation in some countries might demand this functionality
   for a subset of network types.

   There are also indications that the functionality of unauthenticated
   emergency calls in today's cellular system (called SIM-less calls) in
   certain countries leads to a fair amount of hoaks calls or test calls
   leading to overload situations at PSAPs.

   As an example, Federal Office of Communications (OFCOM, Switzerland)
   provided statistics about 112 calls in Switzerland from Jan. 1997 to
   Nov. 2001.  Switzerland did not offer SIM-less emergency calls except
   for almost a month in July 2000 where a significant increase in hoaks
   and test calls was reported.  As a consequence, the functionality was
   disabled again.  More details can be found in the panel presentations
   of the 3rd SDO Emergency Services Workshop [esw07].


3.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in RFC 2119
   [RFC2119].

   This document introduces the following new terms:



Schulzrinne, et al.       Expires May 22, 2008                  [Page 5]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   Un-initialized Device:

      A device without VoIP client software.

   Non-service-initialized Device:

      A device for which there is no valid service contract with a
      provider of the services enumerated in paragraph (a) of this
      section.  Other terms: "un-activated", "un-provisioned",
      "unbranded", "non-service-initialized" device.

   Unauthenticated Emergency Service:

      The term "unauthenticated emergency services" refers to the case
      where an emergency caller does not have credentials (e.g., no SIM
      card, no username and password, no private key) to either attach
      to network or for usage with a VoIP service or both.  Still, the
      device is granted (limited) access to perform emergency calling.
      It is important to differentiate between the unavailability of
      credentials for network access and for VoIP access as the network
      provider and the VoIP provider are often distinct entities and
      therefore the user might have different credentials with the two.

   Unauthorized Emergency Service:

      The term "unauthorized emergency services" refers to the case
      where a device aims to attach to the network or to use a VoIP
      service but the authorization procedure fails.  The authorization
      step may fail as a consequence of triggering different procedures
      (such as network access authentication or registration at the VoIP
      providers registrar).  Still, the device is granted (limited)
      access to perform emergency calling.  It is important to
      differentiate between network operator and VoIP provider as they
      often refer to different parties and therefore the authorization
      decision might be executed by a different backend infrastructure.

      Lack of authorization might be caused by a number of reasons,
      including credit exhaustion, expired accounts, locked account,
      missing access rights (e.g., access to the competitors enterprise
      network), etc.


   This document reuses terminology from [I-D.ietf-geopriv-l7-lcp-ps]
   and [I-D.ietf-ecrit-requirements], namely Internet Access Provider
   (IAP), Internet Service Provider (ISP), Application Service Provider
   (ASP), Voice Service Provider (VSP), Emergency Service Routing Proxy
   (ESRP), Public Safety Answering Point (PSAP), Location Configuration
   Server (LCS), (emergency) service dial string, and (emergency)



Schulzrinne, et al.       Expires May 22, 2008                  [Page 6]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   service identifier.


4.  Architecture

   For unauthenticated emergency services support it is insufficient to
   provide mechanisms only at the link layer in order to bypass
   authentication.  A modification to the emergency services
   architecture is necessary since the IAP and the ISP need to make sure
   that the claimed emergency caller indeed performs an emergency call
   rather than using the network for other purposes, and thereby acting
   fraudulent by skipping any authentication, authorization and
   accounting procedures.  Hence, without introducing some understanding
   of the specific application the ISP (and consequently the IAP) will
   not be able to detect and filter malicious activities.  This leads to
   the architecture described in Figure 1 where the IAP needs to
   implement extensions to link layer procedures for unauthenticated
   emergency service access and the ISP needs to deploy emergency
   services related entities used for call routing, such as the
   Emergency Services Routing Proxy (ESRP), a Location Configuration
   Server (LCS) and a mapping database.

   On a very high-level, the interaction is as follows starting with the
   end host not being attached to the network and the user starting to
   make an emergency call.

   o  Some radio networks have added support for unauthenticated
      emergency access, some other type of networks advertise these
      capabilities using layer beacons.  The end host learns about these
      unauthenticated emergency services capabilities either from the
      link layer type or from advertisement.
   o  The end host uses the link layer specific network attachment
      procedures defined for unauthenticated network access in order to
      get access to emergency services.
   o  When the link layer network attachment procedure is completed the
      end host learns basic configuration information using DHCP from
      the ISP, including the address of the ESRP, as shown in (2).
   o  When the IP address configuration is completed then the SIP UA
      initiates a SIP INVITE towards the indicated ESRP, as shown in
      (3).  The INVITE message contains all the necessary parameters
      required by Section 5.1.4.
   o  The ESRP receives the INVITE and processes it according to the
      description in Section 5.3.3.  The location of the end host may
      need to be determined using a protocol interaction shown in (4).
   o  Potentially, an interaction between the LCS of the ISP and the LCS
      of the IAP may be necessary, see (5).





Schulzrinne, et al.       Expires May 22, 2008                  [Page 7]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   o  Finally, the correct PSAP for the location of the end host has to
      be evaluated, see (6).
   o  The ESRP routes the call to the PSAP, as shown in (7).
   o  The PSAP evaluates the initial INVITE and acts according to SIP
      and the description in Section 5.4.4 in order to complete the call
      setup.
   o  Finally, when the call setup is completed media traffic can be
      exchanged between the PSAP operator and the emergency caller,
      according to Section 5.4.5 and Section 5.1.5.

   For editorial reasons the end-to-end SIP and media exchange between
   the PSAP and SIP UA are not shown in Figure 1.

   Two important aspects are worth to highlight:

   o  The IAP/ISP needs to understand the concept of emergency calls and
      the SIP profile described in this document.  No other VoIP
      protocol profile, such as XMPP, Skype, etc., are supported for
      emergency calls in this particular architecture.  Other profiles
      may be added in the future, but the deployment effort is enormous
      since they have to be universally deployed.
   o  The end host has no obligation to determine location information.
      It may attach location information if it has location available
      (e.g., from a GPS receiver).

   Figure 1 shows that the ISP needs to deploy SIP-based emergency
   services functionality.  It is important to note that the ISP itself
   may outsource the functionality by simply providing access to them
   (e.g., it puts the IP address of an ESRP or a LoST server into an
   allow-list).  For editorial reasons this outsourcing is not shown.





















Schulzrinne, et al.       Expires May 22, 2008                  [Page 8]

Internet-Draft      Unauthenticated Emergency Service      November 2007


         +---------------------------+
         |                           |
         | Emergency Network         |
         | Infrastructure            |
         |                           |
         | +----------+ +----------+ |
         | | PSAP     | | ESRP     | |
         | |          | |          | |
         | +----------+ +----------+ |
         +-------------------^-------+
                             |
                             | (7)
    +------------------------+-----------------------+
    | ISP                    |                       |
    |                        |                       |
    |+----------+            v                       |
    || Mapping  |  (6)  +----------+                 |
    || Database |<----->| ESRP /   |                 |
    |+----------+       | SIP Proxy|<-+              |
    |+----------+       +----------+  |  +----------+|
    || LCS-ISP  |          ^          |  | DHCP     ||
    ||          |<---------+          |  | Server   ||
    |+----------+     (4)             |  +----------+|
    +-------^-------------------------+-----------^--+
    +-------|-------------------------+-----------|--+
    | IAP   | (5)                     |           |  |
    |       V                         |           |  |
    |+----------+                     |           |  |
    || LCS-IAP  |       +----------+  |           |  |
    ||          |       | Link     |  |(3)        |  |
    |+----------+       | Layer    |  |           |  |
    |                   | Device   |  |        (2)|  |
    |                   +----------+  |           |  |
    |                        ^        |           |  |
    |                        |        |           |  |
    +------------------------+--------+-----------+--+
                             |        |           |
                          (1)|        |           |
                             |        |           |
                             |   +----+           |
                             v   v                |
                        +----------+              |
                        | End      |<-------------+
                        | Host     |
                        +----------+

         Figure 1: Unauthenticated Emergency Services Architecture




Schulzrinne, et al.       Expires May 22, 2008                  [Page 9]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   It is important to note that a single ESRP may also offer it's
   service to several ISPs.


5.  Profiles

5.1.  End Host Profile

5.1.1.  ESRP Discovery

   The end host MUST use the "Dynamic Host Configuration Protocol (DHCP-
   for-IPv4) Option for Session Initiation Protocol (SIP) Servers"
   [RFC3361] (for IPv6) and / or the "Dynamic Host Configuration
   Protocol (DHCPv6) Options for Session Initiation Protocol (SIP)
   Servers" [RFC3319].  This SIP proxy located in the ISP network will
   be used as the ESRP for routing emergency calls.  There is no need to
   discovery a separate SIP proxy with specific emergency call
   functionality since the internal procedure for emergency call
   processing is subject of ISP internal operation.

5.1.2.  Location Determination and Location Configuration

   There is no requirement for end hosts to support any Location
   Configuration Protocol.  If clients are in possession of location
   information, for example, based on a built-in GPS receiver then they
   SHOULD attach the location information in a PIDF-LO.  When
   constructing the PIDF-LO the guidelines in PIDF-LO profile
   [I-D.ietf-geopriv-pdif-lo-profile] MUST be followed.  For civic
   location information the format defined in
   [I-D.ietf-geopriv-revised-civic-lo] MUST be supported.

5.1.3.  Emergency Call Identification

   To determine which calls are emergency calls, some entity needs to
   map a user entered dialstring into this URN scheme.  A user may
   "dial" 1-1-2, but the call would be sent to urn:service:sos.  This
   mapping SHOULD be performed at the endpoint device.

   End hosts MUST use the Service URN mechanism
   [I-D.ietf-ecrit-service-urn] to mark calls as emergency calls for
   their home emergency dial string (if known).  For visited emergency
   dial string the translation into the Service URN mechanism is not
   mandatory since the ESRP in the ISPs network knows the visited
   emergency dial strings.







Schulzrinne, et al.       Expires May 22, 2008                 [Page 10]

Internet-Draft      Unauthenticated Emergency Service      November 2007


5.1.4.  SIP Emergency Call Signaling

   SIP signaling capabilities [RFC3261] are mandated for end hosts.

   The initial SIP signaling method is an INVITE.  The SIP INVITE
   request MUST be constructed according to the requirements in Section
   9.2 [I-D.ietf-ecrit-phonebcp].

   Regarding callback behavior SIP UAs MUST have a globally routable URI
   in a Contact: header.

5.1.5.  Media

   End points MUST comply with the media requirements for end points
   placing an emergency call found in Section 14 of
   [I-D.ietf-ecrit-phonebcp].

5.1.6.  Testing

   The description in Section 15 of [I-D.ietf-ecrit-phonebcp] is fully
   applicable to this document.

5.2.  ISP Profile

5.2.1.  ESRP Discovery

   The ISP MUST implement the server side part of "Dynamic Host
   Configuration Protocol (DHCP-for-IPv4) Option for Session Initiation
   Protocol (SIP) Servers" [RFC3361] (for IPv4) and / or the "Dynamic
   Host Configuration Protocol (DHCPv6) Options for Session Initiation
   Protocol (SIP) Servers" [RFC3319].

5.2.2.  Location Determination and Location Configuration

   The ISP must perform the neccesary steps to determine the location of
   the end host.  It is not necessary to standardize a specific
   mechanism.

   The role of the ISP is to operate the LIS.  The usage of HELD
   [I-D.ietf-geopriv-http-location-delivery] with the identity
   extensions [I-D.winterbottom-geopriv-held-identity-extensions] may be
   a possible choice.  It might be necessary for the ISP to talk to the
   IAP in order to determine the location of the end host.  The work on
   LIS-to-LIS communication may be relevant, see
   [I-D.winterbottom-geopriv-lis2lis-req].






Schulzrinne, et al.       Expires May 22, 2008                 [Page 11]

Internet-Draft      Unauthenticated Emergency Service      November 2007


5.3.  ESRP Profile

5.3.1.  Emergency Call Routing

   The ESRP must route the emergency call to the PSAP responsible for
   the physical location of the end host.  However, a standardized
   approach for determining the correct PSAP based on a given location
   is useful but not mandatory.

   For cases where a standardized protocol is used LoST
   [I-D.ietf-ecrit-lost] is a suitable mechanism.

5.3.2.  Emergency Call Identification

   The ESRP MUST understand the Service URN mechanism
   [I-D.ietf-ecrit-service-urn] (i.e., the 'urn:service:sos' tree) and
   additionally the national emergency dial strings.  The ESRP SHOULD
   perform a mapping of national emergency dial strings to Service URNs
   to simplify processing at PSAPs.

5.3.3.  SIP Emergency Call Signaling

   SIP signaling capabilities [RFC3261] are mandated for the ESRP.  The
   ESRP MUST process the messages sent by the client, according to
   Section 5.1.4.  Furthermore, the ESRP MUST be able to add a reference
   to location information, as described in SIP Location Conveyance
   [I-D.ietf-sip-location-conveyance], before forwarding the call to the
   PSAP.  The ISP MUST be prepared to receive incoming dereferencing
   requests to resolve the reference to the location information.

5.3.4.  Location Retrieval

   The ESRP acts a location recipient and the usage of HELD
   [I-D.ietf-geopriv-http-location-delivery] with the identity
   extensions [I-D.winterbottom-geopriv-held-identity-extensions] may be
   a possible choice.  The ESRP would thereby act as a HELD client and
   the corresponding LIS at the ISP as the HELD server.

   The ESRP needs to obtain enough information to route the call.  The
   ESRP itself, however, does not necessarily need to process location
   information obtained via HELD since it may be used as input to LoST
   to obtain the PSAP URI.

5.4.  PSAP Profile







Schulzrinne, et al.       Expires May 22, 2008                 [Page 12]

Internet-Draft      Unauthenticated Emergency Service      November 2007


5.4.1.  Location Retrieval

   The PSAP MUST act according to SIP Location Conveyance when
   processing a request with location information.  In particular, it
   MUST understand PIDF-LO format [RFC4119], the PIDF-LO profile
   [I-D.ietf-geopriv-pdif-lo-profile] (including all shape types) and
   the revised civic format [I-D.ietf-geopriv-revised-civic-lo]
   (including the civic location tokens applicable for the geographial
   region the PSAP is responsible for).  Furthermore, the PSAP MUST
   understand the SIP or SIPS dereference scheme (see
   [I-D.ietf-sip-location-conveyance]) and the HELD dereferencing
   protocol (see [I-D.winterbottom-geopriv-deref-protocol]).

5.4.2.  Emergency Call Routing

   There might be additional emergency call routing applied within the
   PSAP operators network.  This aspect is, however, outside the scope
   of this document.

   LoST [I-D.ietf-ecrit-lost] might be an appropriate way to determine
   the next ESRP or the final PSAP for routing the emergency call.

5.4.3.  Emergency Call Identification

   The PSAP MUST understand the Service URN mechanism
   [I-D.ietf-ecrit-service-urn] (i.e., the 'urn:service:sos' tree).

5.4.4.  SIP Emergency Call Signaling

   SIP signaling [RFC3261] is expected be supported by the PSAP.  The
   PSAP MUST process the messages sent by the client, as indicated in
   Section 5.1.4.  When receiving an emergency call the ESRP will
   dereference the reference to location information for dispatch.

5.4.5.  Media

   The PSAP MUST process the media traffic sent by the client, as
   indicated in Section 5.1.5.

5.4.6.  Testing

   The PSAP MUST process the signaling messages sent by the client, as
   indicated in Section 5.1.6.


6.  Example

   [Editor's Note: A WLAN hotspot or a DSL home network example could go



Schulzrinne, et al.       Expires May 22, 2008                 [Page 13]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   in here.]


7.  Security Considerations

   The security threats discussed in [I-D.ietf-ecrit-security-threats]
   are applicable to this document.  A number of security
   vulnerabilities discussed in [I-D.barnes-geopriv-lo-sec] around faked
   location information are less problematic in this case since location
   information does not need to be provided by the end host itself or it
   can be verified to fall within a specific geographical area.

   There are a couple of new vulnerabilities raised with unauthenticated
   emergency services since the PSAP operator does is not in possession
   of any identity information about the emergency call via the
   signaling path itself.  In countries where this functionality is used
   for GSM networks today this has lead to a significant amount of
   misuse.

   The link layer mechanisms need to provide a special way of handling
   unauthenticated emergency services.  Although this subject is not a
   topic for the IETF itself but there are at least a few high-level
   assumptions that may need to be collected.  This includes security
   features that may be desirable.


8.  Acknowledgments

   We would like to thank the authors of [I-D.ietf-ecrit-phonebcp]
   (James Polk and Brian Rosen) for their good work.  This document
   makes heavy use of their document.

   We would like to thank members from the Wimax Forum for their help
   with the terminology.  We would also like to thank the participants
   of the 2nd and 3rd SDO Emergency Services Workshop for their input
   regarding this subject.


9.  Open Issues

   The following three high-level topics have been determined as open
   issues:
   o  NAT Traversal: A certain NAT traversal story needs to be described
      and mandated.  Most likely ICE for both the PSAP and the end host.
   o  A DNS-based discovery procedure that discovers an ESRP in the
      local access network may need to be provided.





Schulzrinne, et al.       Expires May 22, 2008                 [Page 14]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   o  Text about link layer requirements are missing.  These are
      necessary to make the "big picture" complete.
   o  EAP method for emergency calls: Some of the discussions around the
      liaison request from the IEEE to the IETF EMU WG need to get
      reflected.
   o  Quality of Service treatment for emergency calls has not been
      described in this document


10.  References

10.1.  Normative References

   [I-D.ietf-sip-location-conveyance]
              Polk, J. and B. Rosen, "Location Conveyance for the
              Session Initiation Protocol",
              draft-ietf-sip-location-conveyance-08 (work in progress),
              July 2007.

   [I-D.ietf-ecrit-service-urn]
              Schulzrinne, H., "A Uniform Resource Name (URN) for
              Emergency and Other Well-Known Services",
              draft-ietf-ecrit-service-urn-07 (work in progress),
              August 2007.

   [RFC4776]  Schulzrinne, H., "Dynamic Host Configuration Protocol
              (DHCPv4 and DHCPv6) Option for Civic Addresses
              Configuration Information", RFC 4776, November 2006.

   [RFC3825]  Polk, J., Schnizlein, J., and M. Linsner, "Dynamic Host
              Configuration Protocol Option for Coordinate-based
              Location Configuration Information", RFC 3825, July 2004.

   [RFC4119]  Peterson, J., "A Presence-based GEOPRIV Location Object
              Format", RFC 4119, December 2005.

   [I-D.ietf-geopriv-pdif-lo-profile]
              Winterbottom, J., Thomson, M., and H. Tschofenig, "GEOPRIV
              PIDF-LO Usage Clarification, Considerations and
              Recommendations", draft-ietf-geopriv-pdif-lo-profile-10
              (work in progress), October 2007.

   [I-D.ietf-geopriv-revised-civic-lo]
              Thomson, M. and J. Winterbottom, "Revised Civic Location
              Format for PIDF-LO",
              draft-ietf-geopriv-revised-civic-lo-06 (work in progress),
              October 2007.




Schulzrinne, et al.       Expires May 22, 2008                 [Page 15]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   [RFC3361]  Schulzrinne, H., "Dynamic Host Configuration Protocol
              (DHCP-for-IPv4) Option for Session Initiation Protocol
              (SIP) Servers", RFC 3361, August 2002.

   [RFC3319]  Schulzrinne, H. and B. Volz, "Dynamic Host Configuration
              Protocol (DHCPv6) Options for Session Initiation Protocol
              (SIP) Servers", RFC 3319, July 2003.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [I-D.rosen-iptel-dialstring]
              Rosen, B., "Dialstring parameter for the Session
              Initiation Protocol Uniform Resource  Identifier",
              draft-rosen-iptel-dialstring-05 (work in progress),
              March 2007.

   [I-D.ietf-sip-gruu]
              Rosenberg, J., "Obtaining and Using Globally Routable User
              Agent (UA) URIs (GRUU) in the  Session Initiation Protocol
              (SIP)", draft-ietf-sip-gruu-15 (work in progress),
              October 2007.

   [RFC2396]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifiers (URI): Generic Syntax", RFC 2396,
              August 1998.

   [RFC3264]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
              with Session Description Protocol (SDP)", RFC 3264,
              June 2002.

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, July 2003.

   [RFC3551]  Schulzrinne, H. and S. Casner, "RTP Profile for Audio and
              Video Conferences with Minimal Control", STD 65, RFC 3551,
              July 2003.

   [RFC3428]  Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C.,
              and D. Gurle, "Session Initiation Protocol (SIP) Extension
              for Instant Messaging", RFC 3428, December 2002.

   [RFC4103]  Hellstrom, G. and P. Jones, "RTP Payload for Text
              Conversation", RFC 4103, June 2005.




Schulzrinne, et al.       Expires May 22, 2008                 [Page 16]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   [RFC3984]  Wenger, S., Hannuksela, M., Stockhammer, T., Westerlund,
              M., and D. Singer, "RTP Payload Format for H.264 Video",
              RFC 3984, February 2005.

   [I-D.ietf-sipping-toip]
              Wijk, A. and G. Gybels, "Framework for real-time text over
              IP using the Session Initiation Protocol  (SIP)",
              draft-ietf-sipping-toip-08 (work in progress),
              October 2007.

   [RFC3920]  Saint-Andre, P., Ed., "Extensible Messaging and Presence
              Protocol (XMPP): Core", RFC 3920, October 2004.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [I-D.winterbottom-geopriv-deref-protocol]
              Winterbottom, J., Tschofenig, H., Schulzrinne, H.,
              Thomson, M., and M. Dawson, "An HTTPS Location
              Dereferencing Protocol Using HELD",
              draft-winterbottom-geopriv-deref-protocol-00 (work in
              progress), November 2007.

   [I-D.ietf-ecrit-phonebcp]
              Rosen, B. and J. Polk, "Best Current Practice for
              Communications Services in support of Emergency  Calling",
              draft-ietf-ecrit-phonebcp-03 (work in progress),
              November 2007.

10.2.  Informative References

   [I-D.ietf-ecrit-lost]
              Hardie, T., "LoST: A Location-to-Service Translation
              Protocol", draft-ietf-ecrit-lost-06 (work in progress),
              August 2007.

   [I-D.tschofenig-ecrit-architecture-overview]
              Tschofenig, H. and H. Schulzrinne, "Emergency Services
              Architecture Overview: Sharing Responsibilities",
              draft-tschofenig-ecrit-architecture-overview-00 (work in
              progress), July 2007.

   [I-D.ietf-geopriv-l7-lcp-ps]
              Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
              Location Configuration Protocol; Problem Statement and
              Requirements", draft-ietf-geopriv-l7-lcp-ps-05 (work in
              progress), September 2007.




Schulzrinne, et al.       Expires May 22, 2008                 [Page 17]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   [I-D.ietf-ecrit-framework]
              Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
              "Framework for Emergency Calling using Internet
              Multimedia", draft-ietf-ecrit-framework-04 (work in
              progress), November 2007.

   [I-D.marshall-geopriv-lbyr-requirements]
              Marshall, R., "Requirements for a Location-by-Reference
              Mechanism used in Location  Configuration and Conveyance",
              draft-marshall-geopriv-lbyr-requirements-02 (work in
              progress), July 2007.

   [I-D.ietf-geopriv-http-location-delivery]
              Barnes, M., Winterbottom, J., Thomson, M., and B. Stark,
              "HTTP Enabled Location Delivery (HELD)",
              draft-ietf-geopriv-http-location-delivery-03 (work in
              progress), November 2007.

   [I-D.ietf-ecrit-mapping-arch]
              Schulzrinne, H., "Location-to-URL Mapping Architecture and
              Framework", draft-ietf-ecrit-mapping-arch-03 (work in
              progress), September 2007.

   [I-D.ietf-ecrit-requirements]
              Schulzrinne, H. and R. Marshall, "Requirements for
              Emergency Context Resolution with Internet Technologies",
              draft-ietf-ecrit-requirements-13 (work in progress),
              March 2007.

   [I-D.winterbottom-geopriv-held-identity-extensions]
              Winterbottom, J. and M. Thomson, "HELD Device identity
              Extensions",
              draft-winterbottom-geopriv-held-identity-extensions-03
              (work in progress), October 2007.

   [I-D.winterbottom-geopriv-lis2lis-req]
              Winterbottom, J. and S. Norreys, "LIS to LIS Protocol
              Requirements", draft-winterbottom-geopriv-lis2lis-req-01
              (work in progress), November 2007.

   [I-D.ietf-ecrit-security-threats]
              Taylor, T., "Security Threats and Requirements for
              Emergency Call Marking and Mapping",
              draft-ietf-ecrit-security-threats-05 (work in progress),
              August 2007.

   [I-D.schulzrinne-ecrit-location-hiding-requirements]
              Schulzrinne, H., "Location Hiding: Problem Statement and



Schulzrinne, et al.       Expires May 22, 2008                 [Page 18]

Internet-Draft      Unauthenticated Emergency Service      November 2007


              Requirements",
              draft-schulzrinne-ecrit-location-hiding-requirements-01
              (work in progress), August 2007.

   [I-D.barnes-geopriv-lo-sec]
              Barnes, R., "Threats to GEOPRIV Location Objects",
              draft-barnes-geopriv-lo-sec-00 (work in progress),
              July 2007.

   [esw07]    "3rd SDO Emergency Services Workshop,
              http://www.emergency-services-coordination.info/2007Nov/",
              October 30th - November 1st 2007.


Authors' Addresses

   Henning Schulzrinne
   Columbia University
   Department of Computer Science
   450 Computer Science Building
   New York, NY  10027
   US

   Phone: +1 212 939 7004
   Email: hgs+ecrit@cs.columbia.edu
   URI:   http://www.cs.columbia.edu


   Stephen McCann
   Siemens/Roke Manor Research

   Email: stephen.mccann@roke.co.uk


   Gabor Bajko
   Nokia

   Email: Gabor.Bajko@nokia.com













Schulzrinne, et al.       Expires May 22, 2008                 [Page 19]

Internet-Draft      Unauthenticated Emergency Service      November 2007


   Hannes Tschofenig
   Nokia Siemens Networks
   Otto-Hahn-Ring 6
   Munich, Bavaria  81739
   Germany

   Email: Hannes.Tschofenig@nsn.com
   URI:   http://www.tschofenig.com











































Schulzrinne, et al.       Expires May 22, 2008                 [Page 20]

Internet-Draft      Unauthenticated Emergency Service      November 2007


Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Schulzrinne, et al.       Expires May 22, 2008                 [Page 21]


Html markup produced by rfcmarkup 1.111, available from https://tools.ietf.org/tools/rfcmarkup/