draft-ietf-sip-session-timer-06.txt   draft-ietf-sip-session-timer-07.txt 
Internet Engineering Task Force SIP WG Internet Engineering Task Force SIP WG
Internet Draft S.Donovan,J.Rosenberg Internet Draft S.Donovan,J.Rosenberg
draft-ietf-sip-session-timer-06.txt dynamicsoft draft-ietf-sip-session-timer-07.txt dynamicsoft
August 24, 2001 October 1, 2001
Expires: February 2002 Expires: April 2002
The SIP Session Timer The SIP Session Timer
STATUS OF THIS MEMO STATUS OF THIS MEMO
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 8, line 19 skipping to change at page 8, line 19
arrives at the rebooted UA, it decides to reject the call (generally, arrives at the rebooted UA, it decides to reject the call (generally,
it will reject the call unless it explicitly is capable of recovering it will reject the call unless it explicitly is capable of recovering
lost calls). If From tags are used, the UAS can detect that the re- lost calls). If From tags are used, the UAS can detect that the re-
INVITE is for an existing call by the existence of the tag in the To INVITE is for an existing call by the existence of the tag in the To
field of the re-INVITE. Therefore, a UAC MUST insert a From tag in an field of the re-INVITE. Therefore, a UAC MUST insert a From tag in an
initial INVITE if it supports session timer. A UAS that wishes to initial INVITE if it supports session timer. A UAS that wishes to
reject a re-INVITE for a call that it believes is already terminated reject a re-INVITE for a call that it believes is already terminated
SHOULD respond with a 481. A UAC receiving a 481 to a session timer SHOULD respond with a 481. A UAC receiving a 481 to a session timer
refresh MUST generate a BYE to terminate that call leg. refresh MUST generate a BYE to terminate that call leg.
Without From tags, A could INVITE B without a From tag. B If From tags were not mandatory, A could INVITE B without a
inserts a tag in the 200 OK. Now, B sends a re-INVITE to A. From tag. B inserts a tag in the 200 OK. Now, B sends a
Meantime, A has crashed and rebooted. This re-INVITE has a re-INVITE to A. Meantime, A has crashed and rebooted. This
From tag, but no To tag. It therefore cannot be re-INVITE has a From tag, but no To tag. It therefore
distinguished for a new INVITE in which the UAC inserts a cannot be distinguished for a new INVITE in which the UAC
From tag. This ambiguity is resolved by mandating use of inserts a From tag. This ambiguity is resolved by mandating
From tag with session timer. use of From tag with session timer.
The requirement for From tags and responding with a 481 to The requirement for From tags and responding with a 481 to
stale re-INVITEs has been added to the updated version of stale re-INVITEs has been added to the updated version of
RFC2543. However, to eliminate a dependency between this RFC2543. However, to eliminate a dependency between this
spec and the new version of SIP, these two features are spec and the new version of SIP, these two features are
specified here as well. specified here as well.
A UAC which supports the session timer extension defined here MUST A UAC which supports the session timer extension defined here MUST
include a Supported header in each request (except ACK), listing the include a Supported header in each request (except ACK), listing the
option tag "timer" [4]. It MUST do so even if the UAC is not option tag "timer" [4]. It MUST do so even if the UAC is not
skipping to change at page 12, line 41 skipping to change at page 12, line 41
failure. Rather, the proxy SHOULD insert a Min-SE header containing failure. Rather, the proxy SHOULD insert a Min-SE header containing
its minimum timer. If a Min-SE header is already present, the proxy its minimum timer. If a Min-SE header is already present, the proxy
SHOULD increase (but MUST NOT decrease) the value to equal its SHOULD increase (but MUST NOT decrease) the value to equal its
minimum timer. The proxy MUST then increase the Session-Expires value minimum timer. The proxy MUST then increase the Session-Expires value
to be equal to the value in the Min-SE header, as described above. A to be equal to the value in the Min-SE header, as described above. A
proxy MUST NOT insert a Min-SE header, or modify the value of an proxy MUST NOT insert a Min-SE header, or modify the value of an
existing header, in a proxied request if that request contains a existing header, in a proxied request if that request contains a
Supported header with the value "timer". This is needed to protect Supported header with the value "timer". This is needed to protect
against certain denial of service attacks, described in Section 11. against certain denial of service attacks, described in Section 11.
Assuming the has requested session timer (and thus has possibly Assuming the proxy has requested session timer (and thus has possibly
inserted the Session-Expires header or reduced it), the proxy MUST inserted the Session-Expires header or reduced it), the proxy MUST
remember that it is using session timer, and also remember the value remember that it is using session timer, and also remember the value
of the Session-Expires header from the proxied request. This MUST be of the Session-Expires header from the proxied request. This MUST be
remembered for the duration of the transaction. The proxy MUST remembered for the duration of the transaction. The proxy MUST
remember, for the duration of the transaction, whether the request remember, for the duration of the transaction, whether the request
contained the Supported header with the value "timer". contained the Supported header with the value "timer".
If the request did not contain a Supported header with the value If the request did not contain a Supported header with the value
"timer", the proxy MAY insert a Require header into the request, with "timer", the proxy MAY insert a Require header into the request, with
the value "timer". However, this is NOT RECOMMENDED. This allows the the value "timer". However, this is NOT RECOMMENDED. This allows the
skipping to change at page 17, line 28 skipping to change at page 17, line 28
12 Examples 12 Examples
The following examples are meant to illustrate the functionality The following examples are meant to illustrate the functionality
associated with the session timer. In the interest of brevity, all associated with the session timer. In the interest of brevity, all
headers except Supported, Session-Expires, Min-SE and Require are headers except Supported, Session-Expires, Min-SE and Require are
intentionally left out of the SIP messages. intentionally left out of the SIP messages.
12.1 Basic session timer 12.1 Basic session timer
In this case, two UAs communicate directly, with no proxies. Both In this case, two UAs communicate directly, with no proxies. Both
support the session timer. The call is setup with a two minute support the session timer. The call is setup with a one hour
session expiration. One minute later, the UAC refreshes the session. expiration. Half an hour later, the UAC refreshes the session.
Calling UA -> Called UA Calling UA -> Called UA
INVITE INVITE
Supported: timer Supported: timer
Session-Expires: 3600 Session-Expires: 3600
Calling UA <- Called UA Calling UA <- Called UA
200 OK 200 OK
Require: timer Require: timer
Session-Expires: 3600;refresher=uac Called UA starts timer on send Session-Expires: 3600;refresher=uac Called UA starts timer on send
Calling UA starts timer on receipt Calling UA starts timer on receipt
Calling UA -> Called UA Calling UA -> Called UA
ACK ACK
60 seconds later: 1800 seconds later:
Calling UA -> Called UA Calling UA -> Called UA
INVITE INVITE
Supported: timer Supported: timer
Session-Expires: 3600;refresher=uac Session-Expires: 3600;refresher=uac
Calling UA <- Called UA Calling UA <- Called UA
200 OK 200 OK
Require: timer Require: timer
Session-Expires: 3600;refresher=uac Called UA starts timer on send Session-Expires: 3600;refresher=uac Called UA starts timer on send
Calling UA starts timer on receipt Calling UA starts timer on receipt
skipping to change at page 26, line 29 skipping to change at page 26, line 29
ACK ACK
Proxy -> Called UA Proxy -> Called UA
ACK ACK
13 Acknowledgements 13 Acknowledgements
The authors wish to thank Brett Tate for his contributions to this The authors wish to thank Brett Tate for his contributions to this
work. work.
14 Changes since -05 14 Author's Addresses
o Added a section explicitly defining the 422 response code.
o Clarified UAC behavior for 422, distinguishing between calls
and call legs.
o Merged normative text in Section 2 with the rest of the
document. Section 2 is now purely tutorial, at a higher level.
o Clarified that the recommended minimum value for Session-
Expires is 30 minutes. The previous text just talked about the
"interval", without a formal definition of what interval might
mean.
o Min-SE now used in 422 response, instead of Session-Expires,
based on agreement at IETF 51.
o Clarified that Require in a request does not mean that the UAS
is being required to perform refreshes, just that its required
to support the extension.
o Updated row three of Table 3 to indicate a value of "uas"
since this case is actually possible. Updated the related text
in the section on proxy behavior to describe the scenario.
o Based on IETF 51 discussions, removed absolute time. Everyting
is now in delta-seconds.
o Removed example flow that uses Require header. No reason to
list flows that are not recommended.
o Updated examples to use recommended values for parameters.
o Added terminology section, reworked text to use consistent
terms based on that section.
o Modeled the behavior of a UAS as the concatenation of a proxy
and virtual UAS, so that a UAS could perform the same session
timer manipulations as a proxy without respecification of the
rules for such processing.
o Generalization of the request processing behaviors to work for
both INVITE and re-INVITE, which allowed for the removal of
the secion on performing refreshes.
o Allow proxies to insert or increase Min-SE (and possibly
increase Session-Timer as a result) in order to handle the
case when the UAC doesn't support session timer, and a proxy
receives a request with a value that is too small.
o Min-SE header in initial INVITE is the maximum of the values
returned in 422, AND also received in any INVITE. Previously,
it was just 422. This change is needed because of the previous
item.
o Improvied Security Considerations section to explicitly
consider several DoS cases.
15 Changes since -04
o Added requirement for From tags with session timer, to handle
this crash and reboot case. Discussed when a UA would want to
recover calls this way.
o Removed text about inserting Session-Expires:0 when you want
to indicate that the call is down. Rather, send a 481.
o Made handling of a 481 a MUST for UAC.
o Added clarification to call flows on when timer is started and
updated.
o Added wording indicating that it is bad to do usage billing
using SIP.
o Added wording indicating that the UAS should not change the
SDP for a re-INVITE that is used solely for refreshing the
session timer.
o Added text about using 422 Session Timer Too Small message to
reject an INVITE with a session expiration value that is
smaller that policy at a proxy or UAC.
o Changed SPS to proxy in call flows
o Mentioned that low session timer values can lead to re-INVITE
glare.
o Added discussion of why minimum of 30 minutes is a SHOULD and
not a MUST.
o Added Min-SE header and related processing.
o Added refresher parameter to Session-Expires, which has
simplified processing.
16 Author's Addresses
Steven R. Donovan Steven R. Donovan
dynamicsoft dynamicsoft
5100 Tennyson Parkway 5100 Tennyson Parkway
Suite 1200 Suite 1200
Plano, Texas 75024 Plano, Texas 75024
email: sdonovan@dynamicsoft.com email: sdonovan@dynamicsoft.com
Jonathan Rosenberg Jonathan Rosenberg
dynamicsoft dynamicsoft
72 Eagle Rock Avenue 72 Eagle Rock Avenue
First Floor First Floor
East Hanover, NJ 07936 East Hanover, NJ 07936
email: jdrosen@dynamicsoft.com email: jdrosen@dynamicsoft.com
17 Bibliography 15 Bibliography
[1] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, "SIP: [1] M. Handley, H. Schulzrinne, E. Schooler, and J. Rosenberg, "SIP:
session initiation protocol," Request for Comments 2543, Internet session initiation protocol," Request for Comments 2543, Internet
Engineering Task Force, Mar. 1999. Engineering Task Force, Mar. 1999.
[2] H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: a [2] H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: a
transport protocol for real-time applications," Request for Comments transport protocol for real-time applications," Request for Comments
1889, Internet Engineering Task Force, Jan. 1996. 1889, Internet Engineering Task Force, Jan. 1996.
[3] S. Bradner, "Key words for use in RFCs to indicate requirement [3] S. Bradner, "Key words for use in RFCs to indicate requirement
skipping to change at page 30, line 10 skipping to change at page 28, line 10
12 Examples ............................................ 17 12 Examples ............................................ 17
12.1 Basic session timer ................................. 17 12.1 Basic session timer ................................. 17
12.2 Basic negotiation of Session Time ................... 18 12.2 Basic negotiation of Session Time ................... 18
12.3 No Session-Expires Header in INVITE ................. 19 12.3 No Session-Expires Header in INVITE ................. 19
12.4 Session timer without Calling UA Support ............ 20 12.4 Session timer without Calling UA Support ............ 20
12.5 Session Timer without Called UA Support ............. 21 12.5 Session Timer without Called UA Support ............. 21
12.6 Neither UA Supports Session Timer ................... 23 12.6 Neither UA Supports Session Timer ................... 23
12.7 Both UAs Support, Change in Roles ................... 23 12.7 Both UAs Support, Change in Roles ................... 23
12.8 Proxy Rejects Timer ................................. 25 12.8 Proxy Rejects Timer ................................. 25
13 Acknowledgements .................................... 26 13 Acknowledgements .................................... 26
14 Changes since -05 ................................... 26 14 Author's Addresses .................................. 26
15 Changes since -04 ................................... 27 15 Bibliography ........................................ 27
16 Author's Addresses .................................. 28
17 Bibliography ........................................ 29
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/