draft-ietf-dime-rfc4006bis-09.txt   draft-ietf-dime-rfc4006bis-10.txt 
Network Working Group L. Bertz, Ed. Network Working Group L. Bertz, Ed.
Internet-Draft Sprint Internet-Draft Sprint
Obsoletes: 4006 (if approved) D. Dolson, Ed. Obsoletes: 4006 (if approved) D. Dolson, Ed.
Intended status: Standards Track Y. Lifshitz, Ed. Intended status: Standards Track Y. Lifshitz, Ed.
Expires: December 13, 2018 Sandvine Expires: January 16, 2019 Sandvine
June 11, 2018 July 15, 2018
Diameter Credit-Control Application Diameter Credit-Control Application
draft-ietf-dime-rfc4006bis-09 draft-ietf-dime-rfc4006bis-10
Abstract Abstract
This document specifies a Diameter application that can be used to This document specifies a Diameter application that can be used to
implement real-time credit-control for a variety of end user services implement real-time credit-control for a variety of end user services
such as network access, Session Initiation Protocol (SIP) services, such as network access, Session Initiation Protocol (SIP) services,
messaging services, and download services. The Diameter Credit- messaging services, and download services. The Diameter Credit-
Control application as defined in this document obsoletes RFC4006, Control application as defined in this document obsoletes RFC4006,
and it must be supported by all new Diameter Credit-Control and it must be supported by all new Diameter Credit-Control
Application implementations. Application implementations.
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 13, 2018. This Internet-Draft will expire on January 16, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 17 skipping to change at page 5, line 17
12.12. Final-Unit-Action AVP . . . . . . . . . . . . . . . . . 97 12.12. Final-Unit-Action AVP . . . . . . . . . . . . . . . . . 97
12.13. Multiple-Services-Indicator AVP . . . . . . . . . . . . 97 12.13. Multiple-Services-Indicator AVP . . . . . . . . . . . . 97
12.14. Redirect-Address-Type AVP . . . . . . . . . . . . . . . 97 12.14. Redirect-Address-Type AVP . . . . . . . . . . . . . . . 97
12.15. Requested-Action AVP . . . . . . . . . . . . . . . . . . 97 12.15. Requested-Action AVP . . . . . . . . . . . . . . . . . . 97
12.16. Subscription-Id-Type AVP . . . . . . . . . . . . . . . . 98 12.16. Subscription-Id-Type AVP . . . . . . . . . . . . . . . . 98
12.17. Tariff-Change-Usage AVP . . . . . . . . . . . . . . . . 98 12.17. Tariff-Change-Usage AVP . . . . . . . . . . . . . . . . 98
12.18. User-Equipment-Info-Type AVP . . . . . . . . . . . . . . 98 12.18. User-Equipment-Info-Type AVP . . . . . . . . . . . . . . 98
13. Credit-Control Application Related Parameters . . . . . . . . 98 13. Credit-Control Application Related Parameters . . . . . . . . 98
14. Security Considerations . . . . . . . . . . . . . . . . . . . 99 14. Security Considerations . . . . . . . . . . . . . . . . . . . 99
14.1. Direct Connection with Redirects . . . . . . . . . . . . 100 14.1. Direct Connection with Redirects . . . . . . . . . . . . 100
15. Privacy Considerations . . . . . . . . . . . . . . . . . . . 100 14.2. Application Level Redirects . . . . . . . . . . . . . . 100
15. Privacy Considerations . . . . . . . . . . . . . . . . . . . 101
15.1. Privacy Sensitive AVPs . . . . . . . . . . . . . . . . . 101 15.1. Privacy Sensitive AVPs . . . . . . . . . . . . . . . . . 101
15.2. Data Minimization . . . . . . . . . . . . . . . . . . . 102 15.2. Data Minimization . . . . . . . . . . . . . . . . . . . 103
15.3. Diameter Agents . . . . . . . . . . . . . . . . . . . . 103 15.3. Diameter Agents . . . . . . . . . . . . . . . . . . . . 104
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 103 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 104
16.1. Normative References . . . . . . . . . . . . . . . . . . 103 16.1. Normative References . . . . . . . . . . . . . . . . . . 104
16.2. Informative References . . . . . . . . . . . . . . . . . 106 16.2. Informative References . . . . . . . . . . . . . . . . . 106
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 106 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 107
Appendix B. Credit-Control Sequences . . . . . . . . . . . . . . 107 Appendix B. Credit-Control Sequences . . . . . . . . . . . . . . 107
B.1. Flow I . . . . . . . . . . . . . . . . . . . . . . . . . 107 B.1. Flow I . . . . . . . . . . . . . . . . . . . . . . . . . 107
B.2. Flow II . . . . . . . . . . . . . . . . . . . . . . . . . 110 B.2. Flow II . . . . . . . . . . . . . . . . . . . . . . . . . 110
B.3. Flow III . . . . . . . . . . . . . . . . . . . . . . . . 112 B.3. Flow III . . . . . . . . . . . . . . . . . . . . . . . . 112
B.4. Flow IV . . . . . . . . . . . . . . . . . . . . . . . . . 113 B.4. Flow IV . . . . . . . . . . . . . . . . . . . . . . . . . 113
B.5. Flow V . . . . . . . . . . . . . . . . . . . . . . . . . 114 B.5. Flow V . . . . . . . . . . . . . . . . . . . . . . . . . 114
B.6. Flow VI . . . . . . . . . . . . . . . . . . . . . . . . . 116 B.6. Flow VI . . . . . . . . . . . . . . . . . . . . . . . . . 116
B.7. Flow VII . . . . . . . . . . . . . . . . . . . . . . . . 117 B.7. Flow VII . . . . . . . . . . . . . . . . . . . . . . . . 117
B.8. Flow VIII . . . . . . . . . . . . . . . . . . . . . . . . 118 B.8. Flow VIII . . . . . . . . . . . . . . . . . . . . . . . . 118
B.9. Flow IX . . . . . . . . . . . . . . . . . . . . . . . . . 120 B.9. Flow IX . . . . . . . . . . . . . . . . . . . . . . . . . 120
skipping to change at page 100, line 42 skipping to change at page 100, line 42
value of the Redirect-Host-Usage AVP is unequal to zero, all value of the Redirect-Host-Usage AVP is unequal to zero, all
following messages are sent to the host specified in the Redirect- following messages are sent to the host specified in the Redirect-
Host AVP until the time specified by the Redirect-Max-Cache-Time AVP Host AVP until the time specified by the Redirect-Max-Cache-Time AVP
is expired. is expired.
There are some authorization issues even with redirects. There may There are some authorization issues even with redirects. There may
be attacks toward nodes that have been properly authorized, but that be attacks toward nodes that have been properly authorized, but that
abuse their authorization or have been compromised. These issues are abuse their authorization or have been compromised. These issues are
discussed more widely in [RFC4072], Section 8. discussed more widely in [RFC4072], Section 8.
14.2. Application Level Redirects
This document includes a redirection facility in Section 5.6.2,
whereby the service provider can redirect (in an application-specific
way) the end user to an alternate location when their credits have
expired. This is useful in that it allows for the user to return to
normal service quickly, but also exposes additional risks and attack
surface. In particular, this redirection can potentially occur at an
arbitrary point in a user's session, potentially without any
additional contextual confirmation available to the user that the
redirection is driven by the network. This lack of confirmation
matters, because, in many application protocols, the communication
peer is also capable of inducing redirection. When the peer is an
attacker, the redirection can be to an attacker-controlled site. In
particular, such sites may be "phishing" sites designed to appear
similar to legitimate payment sites in an attempt to obtain users'
payment information for fraudulent uses. When users become used to
such redirection, they may have difficulty distinguishing such
attacks from legitimate redirections.
Because of the potentially harmful consequences of arbitrary
redirection by an attacker (such as to phishing sites), it is
important for service providers to be aware of that risk and assure
their users are aware of it as well. Service providers should follow
industry best practices for the specific application layer protocol
to reduce the chances that such attacks could be mistaken for
legitimate redirection. The details of such practice are out of
scope for this document.
15. Privacy Considerations 15. Privacy Considerations
As the Diameter protocol, and especially credit-control application, As the Diameter protocol, and especially credit-control application,
deals with subscribers and their actions, extra care should be taken deals with subscribers and their actions, extra care should be taken
regarding the privacy of the subscribers. In terms of [RFC6973], regarding the privacy of the subscribers. In terms of [RFC6973],
both the credit-control client and credit-control server are both the credit-control client and credit-control server are
intermediary entities, wherein the subscribers' privacy may be intermediary entities, wherein the subscribers' privacy may be
compromised even if no security issues exist, and only authorized compromised even if no security issues exist, and only authorized
entities have access to the privacy-sensitive information. entities have access to the privacy-sensitive information.
skipping to change at page 101, line 44 skipping to change at page 102, line 26
7. Restriction-Filter-Rule AVP: the information inside IPFilterRule 7. Restriction-Filter-Rule AVP: the information inside IPFilterRule
may be used to infer services used by the subscriber. may be used to infer services used by the subscriber.
8. Redirect-Server-Address AVP: the service-provider might embed 8. Redirect-Server-Address AVP: the service-provider might embed
personal information on the subscriber in the URL/I (e.g. to personal information on the subscriber in the URL/I (e.g. to
create a personalized message). However, the service-provider create a personalized message). However, the service-provider
may anonymise the subscriber's identity instead in the URL/I, may anonymise the subscriber's identity instead in the URL/I,
and let the redirect server query the information directly. and let the redirect server query the information directly.
Such anonymized information must not allow personal information Such anonymized information must not allow personal information
or the subscriber's identity to be easily guessed. Similar AVPs or the subscriber's identity to be easily guessed. Furthermore,
are: Redirect-Address-URL, Redirect-Address-SIP-URI. the service-provider should treat the URL/I schema itself as
confidential, and make sure it cannot be inferred from
observation of the traffic, or due to its trivial structure. A
trivial structure could allow an adversary to query/modify
personal information even without knowing the subscriber's
identity. Similar AVPs are: Redirect-Address-URL, Redirect-
Address-SIP-URI.
9. Service-Context-Id AVP: depending with how the service-provider 9. Service-Context-Id AVP: depending with how the service-provider
uses it, it may contain privacy-sensitive information about the uses it, it may contain privacy-sensitive information about the
service (e.g. in a 3GPP network Service-Context-Id AVP has a service (e.g. in a 3GPP network Service-Context-Id AVP has a
different value for: Packet Switching, SMS and MMS etc.) different value for: Packet Switching, SMS and MMS etc.)
10. Service-Parameter-Info AVP: depending with how the service- 10. Service-Parameter-Info AVP: depending with how the service-
provider uses it, it may contain privacy-sensitive information provider uses it, it may contain privacy-sensitive information
about the subscriber (e.g. location). about the subscriber (e.g. location).
 End of changes. 8 change blocks. 
12 lines changed or deleted 48 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/