SPEERMINT Working Group                                        J-F. Mule
Internet-Draft                                                 CableLabs
Expires: December 21, 2006                                 June 19, April 26, 2007                                 October 23, 2006

       SPEERMINT Requirements for SIP-based VoIP Interconnection
                draft-ietf-speermint-requirements-00.txt
                draft-ietf-speermint-requirements-01.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on December 21, 2006. April 26, 2007.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document describes high-level guidelines and general
   requirements for Session PEERing for Multimedia INTerconnect and INTerconnect.  It
   also defines the a minimum set of requirements applicable to SIP session
   peering for VoIP Voice over IP interconnects.

   In its current form, the document  It is a first draft intended to become
   best current practices based on the
   SPEERMINT mailing list's discussions on requirements.  The main
   objectives are to generate consensus on what categories of
   requirements should be covered, and to start more discussions on use cases discussed in the
   technical protocol requirements that apply to VoIP interconnects.
   speermint working group.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  General Requirements  . .  Terminology  . . . . . . . . . . . . . . . . . . . 3
     2.1.  Unified solution for session peering policies . . . . . . . 3
     2.2.  Domain Based  . . . . . . . . . . . . . . . . . . . . . . .  4
     2.3.  No blocked calls  . . . . . . . . . .
   3.  General Requirements . . . . . . . . . . . 4
     2.4.  Scaling . . . . . . . . . .  5
   4.  Requirements for SIP-based VoIP Interconnection  . . . . . . .  8
     4.1.  DNS, Call Addressing Data (CAD) and ENUM . . . . . . . . . 4
     2.5.  Independence  8
     4.2.  Minimum set of lower layers  . . . . . . . . . . . . . . . 4
     2.6.  Administrative and technical policies SIP-SDP-related requirements  . . . . . . .  8
     4.3.  Media-related Requirements . . . . 4
     2.7.  Minimal additional cost on call initiation . . . . . . . . 5
     2.8.  Look beyond SIP . . . .  9
     4.4.  Security Requirements  . . . . . . . . . . . . . . . . . . 5
   3.  Requirements for SIP-based  9
       4.4.1.  Security in today's VoIP Interconnection networks  . . . . . . . . 5
     3.1.  DNS, Call Routing Data (CRD) and ENUM . . .  9
       4.4.2.  TLS Considerations for session peering . . . . . . . . 5
     3.2.  Minimum set 10
   5.  Annex A - List of SIP-SDP-related requirements . . . . . . . . 6
     3.3.  Media-related requirements  . . . . . . . . Policy Parameters for VoIP
       Interconnections . . . . . . . . 6
     3.4.  Security requirements . . . . . . . . . . . . . . . 12
     5.1.  Categories of parameters and Justifications  . . . . 7
   4.  Open Questions . . . 12
     5.2.  Summary of Parameters for Consideration in Session
           Peering Policies . . . . . . . . . . . . . . . . . . . . . 7
   5. 14
   6.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . . 7
   6. 16
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . . 7
   7. 17
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
     7.1. 18
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 8
     7.2. 18
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 9 18
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9 21
   Intellectual Property and Copyright Statements . . . . . . . . . . 9 22

1.  Introduction

   The Session PEERing for Multimedia INTerconnect (SPEERMINT) Working
   Group is chartered to focus on architectures to identify, signal, and
   route delay-sensitive communication sessions.  These sessions use the
   SIP signaling
   Session Initiation Protocol (SIP) protocol to enable peering between
   two or more administrative domains over IP networks.

   This document describes high-level guidelines and general SPEERMINT
   requirements for session
   peering and defines the minimum set of peering; these requirements are applicable
   to any type of multimedia session peering such as Voice over IP
   (VoIP), video telephony, and instant messaging.  The document also
   defines a minimum set of requirements for SIP-based
   VoIP interconnection.  A number a sub-set of Editor's Notes have been inserted
   in the text to seek specific comments on draft requirements. session
   peering use cases: VoIP interconnects.

   The reader should be familiar intent of this version of this document is to describe what
   mechanisms are used for establishing SIP session peering with the definitions a
   special look at VoIP interconnects, and terms defined in doing so, it defines some
   of requirements associated with the SPEERMINT terminology draft [SPEERMINT-TERM].

2.  General Requirements secure establishment of VoIP
   interconnects between a large number of peers.
   The following section defines general primary focus is on the requirements applicable to the
   "solution space".

   Editor's Notes:

   o  this section will capture the general requirements per wg
      consensus.

   o  Some requirements SHOULD make use boundaries
   of key words per RFC 2119
      [RFC2119].

   o  Most layer-5 SIP networks: SIP UA or end-device requirements are
   considered out of scope.
   It is also not the requirements contained in goal of this version document to mandate any particular
   use of the draft
      are derived from draft-ietf-speermint-reqs-and-terminology-01.txt.

   o  Some requirements apply any IETF protocols to entities performing establish session peering
      while others apply to end-systems.  Some statements seem to be
      "design goals" for the working group to consider by users or
   service providers.  However, when discussing
      solutions.

2.1.  Unified solution for session peering policies

   Policies developed in the context of protocol mechanisms are used, the SPEERMINT working group
   SHOULD
   document aims at providing guidelines or best current practices on
   how they should be extensible implemented, or configured and flexible enough enabled in order to cover existing and future
   peering policies.  These start by a closed system which accepts only
   incoming calls from selected peers (i.e.
   facilitate session peering.

   Finally, a set list of bilateral peerings)
   and include parameters for the model definition of membership in a number of session peering fabrics or
   carrier clubs.  The case of
   policy is provided in an open SIP proxy informative annex.  It should be covered as a
   special case considered
   as well.

2.2.  Domain Based

   Although an example of the initial call routing may be based on E.164 numbers, information a
   generic peering methodology Voice Service Provider, or
   Application Service Provider may require in order to connect to
   another using SIP.

2.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in RFC 2119
   [RFC2119].

   This specification makes use of terms defined in
   [I-D.ietf-speermint-terminology], the Session Description Protocol
   (SDP) [RFC4566] and the Session Initiation Protocol (SIP) [RFC3261].
   We also use the terms Voice Service Provider (VSP) and Application
   Service Provider (ASP) as defined in [I-D.ietf-ecrit-requirements].

3.  General Requirements

   The following section defines general guidelines and requirements
   applicable to session peering for multimedia sessions.

   o  Session peering should not rely on such numbers.  Rather,
   call routing be independent of lower layers.  The
      mechanisms used to establish session peering SHOULD accommodate
      diverse supporting lower layers.

      Motivations:
      Session peering is about layer 5 mechanisms.  It should not matter
      whether lower layers rely on URIs.  We assume the public Internet or are
      implemented by private L3 connectivity, using firewalls or L2/L3
      Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer
      Security (TLS) connections [RFC3546]...

   o  Session Peering Policies and Extensibility:
      Policies developed for session peering SHOULD be flexible and
      extensible to cover existing and future session peering models.
      It is also RECOMMENDED that all SIP URIs with policies be published via local
      configuration choices in a distributed system like DNS rather than
      in a centralized system like a 'peering registry'.
      In the same domain-part share context of session peering, a policy is defined as the same set
      of parameters and other information needed by one VSP/ASP to
      connect to another.  Some of the session policy parameters may be
      statically exchanged and set throughout the lifetime of the
      peering policies, thus relationship.  Others parameters may be discovered and
      updated dynamically using by some explicit protocol mechanisms.
      These dynamic parameters may also relate to a VSP/ASP's session-
      dependent or session independent policies as defined in
      [I-D.ietf-sipping-session-policy-framework].

      Motivations:
      It is critical that the
   domain solutions be flexible and extensible given
      the various emerging models: layer 5 peering may involve open
      federations of SIP proxies, or closed environments with systems
      that only accept incoming calls from selected peers based on a set
      of bilateral trust relationships.  Federations may also be based
      on memberships in peering fabrics or voice service provider clubs,
      etc.  Session peering may be direct or indirect.
      The maintenance of the "system" should scale beyond simple lists
      of peering partners.  In particular, it must incorporate
      aggregation mechanisms which avoid O(n^2) scaling (where n is the
      number of participating peers).  The distributed management of the
      DNS is a good example for the scalability of this approach.

   o  Administrative and Technical Policies:
      Various types of policy information may need to be discovered or
      exchanged in order to establish session peering.  At a minimum, a
      policy SHOULD specify information related to call addressing data
      in order to avoid session establishment failures.  A policy MAY
      also include information related to QoS, billing and accounting,
      layer-3 related interconnect requirements which are out of the
      scope of this document.

      Motivations:
      The reasons for declining or accepting incoming calls from a
      prospective peering partner can be both administrative
      (contractual, legal, commercial, or business decisions) and
      technical (certain QoS parameters, TLS keys, domain keys, ...).
      The objectives are to provide a baseline framework to define,
      publish and optionally retrieve policy information so that a
      session establishment does not need to be attempted to know that
      imcompatible policy parameters will cause the session to fail
      (this was originally referred to as "no blocked calls").

   o  URIs and Domain-Based Peering Context:
      Call Addressing Data SHOULD rely on URIs (Uniform Resource
      Identifiers, RFC 3986 [RFC3986]) for call routing and SIP URIs
      SHOULD be preferred over tel URIs (RFC 3966 [RFC3966]).  Although
      the initial call addressing data may be based on E.164 numbers for
      voice interconnects, a generic peering methodology SHOULD NOT rely
      on such E.164 numbers.

      Motivations:
      Telephone numbers commonly appear in the username portion of a SIP
      URI.  When telephone numbers are in tel URIs, SIP requests cannot
      be routed in accordance with the traditional DNS resolution
      procedures standardized for SIP as indicated in RFC 3824
      [RFC3824].  Furthermore, we assume that all SIP URIs with the same
      domain-part share the same set of peering policies, thus the
      domain of the SIP URI may be used as the primary key to any
      information regarding the reachability of that SIP URI.

   o  URI Reachability and Minimal additional cost on call initiation:
      Based on a well-known URI (for e.g. sip, pres, or im URIs), it
      MUST be possible to determine whether the domain servicing the URI
      (VSP/ASP) allows for session peering, and if it does, it SHOULD be
      possible to locate and retrieve the domain's policy and signaling
      functions.  For example, an originating service provider must be
      able to determine whether a SIP URI is open for direct
      interconnection without requiring to initiate a SIP request.
      Furthermore, since each call setup implies the execution of any
      proposed algorithm, the establishment of a SIP session via peering
      SHOULD incur minimal overhead and delay, and employ caching
      wherever possible to avoid extra protocol round trips.

      Motivations:
      This requirement is important as unsuccessful call attempts are
      highly undesirable since they can introduce high delays due to
      timeouts and can act as an unintended denial of service attack
      (e.g., by repeated TLS handshakes).  There should be a high
      probability of successful call completion for policy-conforming
      peers.

   o  Variability of the Call Address Data:
      A terminating VSP/ASP or user SHOULD be able to indicate its
      domain ingress points (Signaling Path Border Element(s)) based on
      the identity of the originating VSP/ASP or user.
      The mechanisms recommended for the use and resolution of the call
      addressing data SHOULD allow for variability or customization of
      the response(s) depending on various elements, such as the
      identity of the originating or terminating user or user domain.

4.  Requirements for SIP-based VoIP Interconnection

   This section defines some requirements for SIP-based VoIP
   Interconnection.  It should be considered as the minimal set of
   requirements to be implemented to perform SIP VoIP interconnects.

4.1.  DNS, Call Addressing Data (CAD) and ENUM

   Call Addressing Data can be derived from various mechanisms available
   to the user, such as ENUM when the input is a telephone number, or
   other DNS queries using SRV and NAPTR resource records when the entry
   is a SIP URI for example.  The SPEERMINT Working Group is focused on
   the use of CAD.

   The following requirements are best current practices for VoIP
   session peering:

   o  SIP URIs SHOULD be preferred over tel URIs when establishing a SIP
      session for voice interconnects.

   o  The recommendations defined in [RFC3824] SHOULD be followed by
      implementers when using E.164 numbers with SIP, and by authors of
      NAPTR records for ENUM for records with an 'E2U+sip' service
      field.  Other ENUM implementation issues and experiences are
      described in [I-D.ietf-enum-experiences] that may be relevant for
      VoIP interconnects using ENUM.

   o  The use of DNS domain names and hostnames is RECOMMENDED in SIP
      URIs and they MUST be resolvable on the public Internet.

   o  The DNS procedures specified in [RFC3263] SHOULD be followed to
      resolve a SIP URI into a reachable host (IP address and port), and
      transport protocol.  Note that RFC 3263 relies on DNS SRV
      [RFC2782] and NAPTR Resource Records [RFC2915].

4.2.  Minimum set of SIP-SDP-related requirements

   The main objective of VoIP interconnects being the establishment of
   successful SIP calls between peer VSPs/ASPs, this section provides a
   minimum set of SIP-related requirements.

   o  The Core SIP Specifications as defined in [RFC3261] and
      [I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling
      Path Border Elements and any other SIP implementations involved in
      session peering.
      Justifications:
      The specifications contained in the Core SIP group provide the
      fundamental and basic mechanisms required to enable VoIP
      interconnects.  This includes: the SIP protocol for session
      establishment and its updates such as RFC 3853 and RFC 4320, SDP
      [RFC4566] and its Offer/Answer model [RFC3264] for VoIP media
      session descriptions and codec negotiations, SIP Asserted Identity
      for caller ID services, and various other extensions to support
      NAT traversal, etc.

   o  The following RFCs SHOULD be supported: Reliability of Provisional
      Responses in SIP - PRACK [RFC3262], the SIP UPDATE method (for
      e.g. for codec changes during a session) [RFC3311], the Reason
      header field [RFC3326].

   In the context of session peering where peers desire to maximize the
   chances of successful call establishment, the recommendations
   contained in RFC 3261 regarding the use of the Supported and Require
   headers MUST be followed.  Signaling Path Border Elements SHOULD
   include the supported SIP extensions in the Supported header and the
   use of the Require header must be configurable on a per target domain
   basis in order to match a network peer policy and to maximize
   interoperability.

4.3.  Media-related Requirements

   VSPs engaged in session peering SHOULD support of compatible codecs
   and include media-related parameters in their domain's policy.
   Transcoding SHOULD be avoided by proposing commonly agreed codecs.

   Motivations: The media capabilities of a VSP's network are either a
   property of the SIP end-devices, or, a combination of the property of
   end-devices and Data Path Border Elements that may provide media
   transcoding.  The choice of one or more common codecs for VoIP
   sessions between VSPs is therefore outside the scope of speermint.
   Indeed, as stated in introduction, requirements applicable to end-
   devices of a VSP are considered out of scope.  A list of media-
   related policy parameters are provided in the informative Section 5.

4.4.  Security Requirements

4.4.1.  Security in today's VoIP networks

   In today's VoIP deployments, various approaches exist to secure
   exchanges between VSPs/ASPs.  Signaling and media security are the
   two primary topics for consideration in most deployments.  A number
   of transport-layer and network-layer mechanisms are widely used by
   some categories of VSPs: TLS in the enterprise networks for
   applications such as VoIP and secure Instant Messaging, IPSec and
   L2/L3 VPNs in some VSP networks where there is a desire to secure all
   signaling and media traffic at or below the IP layer.  Media level
   security is not widely deployed for RTP, even though it is in use in
   few deployments where the privacy of voice communications is
   critical.
   A detailed security threat analysis of the SIP URI may session peering exchanges
   should provide more guidance on what scalable and efficient methods
   should be used as the primary key to any
   information regarding help mitigate the reachability of that SIP URI.

2.3.  No blocked calls

   An originating service provider must be able the main security risks in large-
   scale session peering.

   A recent IETF BoF at IETF 66 (rtpsec) was organized to determine whether a analyze SIP URI is open
   requirements for direct interconnection without actually sending SRTP keying; a
   SIP INVITE.  This is important as unsuccessful call attempts are
   highly undesirable number of security requirements for
   VoIP were discussed.  A few Internet-Drafts have since they can introduce high delays due to
   timeouts been released
   and can act as an unintended denial focus on media security requirements for SIP sessions
   ([I-D.ietf-wing-media-security-requirements]).  Some of service attack.
   (e.g., these
   scenarios may be applicable to interdomain VSP/ASP session peering or
   they may be augmented in the future by repeated interdomain scenarios.

4.4.2.  TLS handshakes).

2.4.  Scaling Considerations for session peering

   The maintenance remaining of the system needs Section 4 covers some details on how TLS could be
   deployed and used between 2 VSPs/ASPs to scale beyond simple lists of secure SIP exchanges.  The
   intent is to capture what two VSPs/ASPs should discuss and agree on
   in order to establish TLS connections for SIP session peering.

      1.  Peers SHOULD agree on one or more Certificate Authorities
      (CAs) to trust for securing session peering partners.  In particular, it must incorporate aggregation
   mechanisms exchanges.
      Motivations:
      A VSP/ASP should have control over which avoid O(n^2) scaling (where n is the number of
   participating service providers).  Per-service provider opt-in
   without consultation of root CA it trusts for SIP
      communications.  This may imply creating a centralized 'peering registry', but rather
   by publishing local configuration choices only is highly desirable.
   The distributed management of certificate trust list
      and including the DNS is a good example peer's CA for each authorized domain.  This
      requirement allows for the
   scalability of this approach.

2.5.  Independence of lower layers

   The system needs initiating side to be independent of details on what technologies
   are used route verify that the call and
      server certificate chains up to a trusted root CA.  This also
      means that SIP servers SHOULD allow the configuration of a
      certificate trust list in order to allow a VSP/ASP to control
      which peer's CAs are used to ensure trusted for TLS connections.  Note that only
   approved peering partner actually connect these
      considerations seem to be around two themes: one is trusting a
      root, the destination SIP
   proxy.  It should not matter other is trusting intermediate CAs.

      2.  Peers SHOULD indicate whether restrictions are implemented by
   private L3 connectivity ("walled gardens"), firewalls, TLS their domain policies
   or SIP require
      proxy configuration.

2.6.  Administrative servers to inspect and technical policies

   The reasons for declining vs. accepting incoming calls from verify the identity provided in SIP
      requests as defined in [RFC4474].

      3.  SIP servers involved in the secure session establishment over
      TLS MUST have valid X.509 certificates and MUST be able to receive
      a
   prospective peering partner can TLS connection on a well-known port.

      4.  The following TLS/SIP Protocol parameters SHOULD be both administrative (contractual,
   legal, commercial, or business decisions) and technical (certain QoS
   parameters, agreed
      upon as part of session peering policies: the version of TLS keys, domain keys, ...).  Methodologies developed
      supported by Signaling Border Elements (TLSv1, TLSv1.1), the SPEERMINT working group should accommodate all policies.

2.7.  Minimal additional cost on call initiation

   Since each call setup implies execution SIP
      TLS port (default 5061), the server-side session timeout (default
      300 seconds), the list of any proposed algorithm, it
   should incur minimal overhead supported or recommended ciphersuites,
      and delay, the list of trusted root CAs.

      5.  SIP servers involved in the session establishment over TLS
      MUST verify and employ caching wherever
   possible validate the client certificates: the client
      certificate MUST contain a DNS or URI choice type in the
      subjectAltName which corresponds to avoid extra protocol round trips.

2.8.  Look beyond SIP

   The problem the domain asserted in the
      host portion of selective peering the URI contained in the From header.  It is not limited to SIP-based
   communication.  Other protocols may benefit from also
      recommended that VSPs/ASPs convey the domain identity in the
      certificates using both a generic framework
   as well, such canonical name of the SIP server(s) and
      the SIP URI for the domain as SMTP mail.  Any solutions proposed by described in section 4 of
      [I-D.gurbani-sip-domain-certs].  On the SPEERMINT
   working group must be generic enough client side, it is also
      critical for the TLS client to encompass other protocols authenticate the server as
   well.

3.  Requirements for SIP-based VoIP Interconnection

   This defined
      in [RFC3261] and in section defines some requirements 9 of draft-ietf-sip-certs-01.txt.

      6.  A session peering policy SHOULD include details on SIP session
      establishment over TLS if TLS is supported.

5.  Annex A - List of Policy Parameters for SIP-based VoIP
   Interconnection.  It Interconnections

   This informative annex lists the various types of parameters that
   should be considered as when discussing the minimal set technical aspects of
   recommendations or requirements to be met to perform SIP a VoIP
   interconnects.

3.1.  DNS, Call Routing Data (CRD)
   Peering policy .

5.1.  Categories of parameters and ENUM

   Call Routing Data can be derived from ENUM or other mechanism
   available to the user.  While the SPEERMINT Working Group Justifications

   It is focused
   on the use of CRD, a number of recommendations are captured here.

   Editor's Note:
   After reviewing the mailing intended as an initial list threads, it seems of topics that some folks
   suggest some pointers to ENUM.  Do any requirements belong here
   because they would 'facilitate' the VoIP interconnects?

   o  SIP URIs SHOULD should be preferred addressed
   by peers when establishing a SIP session. VoIP peering relationship.

   o  The recommendations defined in [RFC3824] SHOULD be followed  IP Network Connectivity:
      It is assumed that IP network connectivity exists between peers.
      While this is out of scope of session peering, VSPs must agree
      upon a common mechanism for
      using E.164 numbers with SIP.

   o  The use IP transport of DNS domain names and hostnames is RECOMMENDED in SIP
      URIs Layer 5 session
      signaling and they MUST media.  This may be resolvable on the accomplish via private (e.g.
      IPVPN, IPSEC, etc.) or public Internet. IP networks.

   o  The DNS procedures specified in [RFC3263] SHOULD be followed to
      resolve a SIP URI into a reachable host (IP address and port), and  Media-related Parameters:

      *  Media Codecs: list of supported media codecs for audio, real-
         time fax (version of T.38, if applicable), real-time text (RFC
         4103), DTMF transport, voice band data communications (as
         applicable) along with the supported or recommended codec
         packetization rates, level of RTP paylod redundancy, audio
         volume levels, etc.

      *  Media Transport: level of support for RTP-RTCP [RFC3550], RTP
         Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) ,
         T.38 transport protocol.  Note that RFC 3263 relies on DNS SRV
      [RFC2782] and NAPTR Resource Records [RFC2915]. over RTP, etc.

      *  Other: support of the VoIP metric block as defined in RTP
         Control Protocol Extended Reports [RFC3611] , etc.

   o  Editor's Note:
      For BCP and for  SIP:

      *  A session peering policy SHOULD include the sake list of discussions, some service providers supported
         and required SIP RFCs, supported and required SIP methods
         (including p headers if applicable), error response codes,
         supported or
      enterprises skip the dynamic determination recommended format of some header field values ,
         etc.

      *  It should also be possible to describe the transport
      protocol in 3263 (this list of supported
         SIP RFCs by various functional groupings.  A group of SIP RFCs
         may represent how a call feature is very often statically configured and implemented (call hold,
         transfer, conferencing, etc.), or it
      is viewed may indicate a functional
         grouping as costly to do in [I-D.ietf-sip-hitchhikers-guide].

   o  Accounting:
      Call accounting may be required for tracking session usage on a per URI basis) and they only use
      SRV RRs
      peer's network.  It is critical for finding peers to determine whether the target.
      The implications
      support of RFC3263 are NAPTR any SIP extensions for accounting is a pre-requisite
      for SIP interoperability.  In some cases, call accounting may feed
      data for billing purposes but not always: some operators may
      decide to use accounting as a 'bill and SRV RRs must be
      supported on keep' model to track
      session usage and monitor usage against service level agreements.
      [RFC3702] defines the DNS clients terminology and basic requirements for
      accounting of SIP sessions.  A few private SIP extensions have
      also been defined and used over the systems facing years to enable call
      accounting between VSP domains such as the session
      peering interconnect points: should we make these types of
      requirements more visible P-Charging* headers in this document as attempted above?

   o  Editor's Note:
      While
      [RFC3455], the use of User or Carrier ENUM to resolve an E.164 address
      into a set of URIs is generally considered out of scope of
      SPEERMINT and this document, P-DCS-Billing-Info header in [RFC3603], etc.

   o  Performance Metrics:
      Layer-5 performance metrics should this section contain a few
      recommendations like the use of RFC 3824 per the aboce, be defined and shared between
      peers.  The performance metrics apply directly to signaling or the
      Enumservice types that SHOULD
      media; they may be supported used pro-actively to help avoid congestion,
      call quality issues or call signaling failures, and requested when
      doing lookups for SIP-based VoIP interconnect as a few email
      exchanges have shown? for e.g.  E2U+sip per RFC 3764? what about
      recommendations w.r.t.  RFC 4415 and part of
      monitoring techniques, they can be used to evaluate the handling or use
      performance of "E2U+
      voice:tel" or does peering exchanges.
      Examples of SIP performance metrics include the above suffice?

3.2.  Minimum set maximum number of SIP-SDP-related requirements

   The following are session-related requirements for establishing
      SIP
   sessions for VoIP interconnections:

   o  The Core transactions per second on per domain basis, Session
      Completion Rate (SCR), Session Establishment Rate (SER), etc.
      Some SIP Specifications as end-to-end performance metrics are defined in [RFC3261] and
      [SIP-GUIDE] MUST
      [I-D.Malas-sip-performance]; a subset of these may be supported by any SIP implementations involved
      in SPEERMINT applicable
      to session peering.

   o  In addition, the following RFCs MUST be supported: the Session
      Description Protocol (SDP) [RFC2327], peering and interconnects.
      Some media-related metrics for monitoring VoIP calls have been
      defined in the Offer/Answer
      mechanism with SDP [RFC3264]. VoIP Metrics Report Block, in Section 4.7 of
      [RFC3611].

   o  The following RFCs  Security:
      A VSP/ASP SHOULD be supported: Reliability of Provisional
      Responses in SIP - PRACK [RFC3262], the SIP UPDATE method (for
      e.g. for codec changes during a session) [RFC3311], describe the Reason
      header field [RFC3326].

   The recommendations contained security requirements that other
      peers must meet in RFC 3261 regarding the use order to terminate calls to its network.  While
      such a list of security-related policy parameters often depends on
      the
   Supported and Require headers MUST security models pre-agreed to by peers, it is expected that
      these parameters will be followed: any SIP entity
   involved discoverable or signaled in the future to
      allow session peering SHOULD include the supported SIP
   extensions in the Supported header outside VSP clubs.  The list of security
      parameters may be long and the use composed of high-level requirements
      (e.g. authentication, privacy, secure transport) and low level
      protocol configuration elements like TLS parameters.
      The following list is not intended to be complete, it provides a
      preliminary list in the Require header
   must form of examples:

      *  Call admission requirements: for some providers, sessions can
         only be flexbile admitted if certain criteria are met.  For example, for
         some providers' networks, only incoming SIP sessions signaled
         over established IPSec tunnels or presented to maximize interoperability.

3.3.  Media-related the well-known
         TLS ports are admitted.  Other call admission requirements

   The minimum may
         be related to some performance metrics as descrived above.
         Finally, it is possible that some requiremetns be imposed on
         lower layers, but these are considered out of scope of session
         peering.

      *  Call authorization requirements to allow a successful VoIP interconnection
   include:

   o and validation: the mandatory support presence of RTP *and* RTCP as defined in [RFC3550],

   o
         a caller or user identity MAY be required by a VSP/ASP.
         Indeed, some VSPs/ASPs may further authorize an incoming
         session request by validating the support of compatible codecs between communication peers, caller's identity against
         white/black lists maintained by the
      G.711 MUST service provider or users
         (traditional caller ID screening applications or IM white
         list).

      *  Privacy requirements: a VSP/ASP MAY demand that its SIP
         messages be supported, the IETF iLBC [RFC3951] codec and securely transported by its RTP
      payload format [RFC3952] SHOULD peers for privacy
         reasons so that the calling/called party information be supported.

   o
         protected.  Media sessions may also require privacy and some
         ASP/VSP policies may include requirements on the support use of the VoIP metric block secure
         media transport protocols such as defined in RTP Control
      Protocol Extended Reports [RFC3611] MAY be supported.

   Editor's Notes:

   o  Should sRTP, along with some
         contraints on the minimum set of requirements authentication/encryption options for VoIP interconnect
      include any media-related requirements at all?

   o  The speerming charter defines "VoIP" as
         use in voice calls.  Does
      voice communication mean audio only or more? audio, DTMF tones,
      real-time fax, voiceband data?

3.4.  Security requirements

   All SIP messages MUST sRTP.

      *  Network-layer security parameters: this covers how IPSec
         security associated may be sent over TLS [RFC3546] established, the IPSec key exchange
         mechanisms to provide
   transport-layer be used and any keying materials, the lifetime of
         timed Security Associated if applicable, etc.

      *  Transport-layer security parameters: this covers how TLS
         connections should be established as defined described in RFC 3261, at Section 4.4.2

5.2.  Summary of Parameters for Consideration in Session Peering
      Policies

   The following is a minimum to
   provide message authentication and based on summary of the mechanisms defined parameters mentioned in
   SIP Identity [SIP-IDENTITY]to identify the peer originating SIP
   messages.

   Editor's Note:
   RTP
   previous section.  They may be part of a session peering policy and
   appear with a level of requirement (mandatory, recommended,
   supported, ...).

   o  IP Network Connectivity (assumed, requirements out of scope of
      this document)

   o  Media session parameters:

      *  Codecs for audio, video, real time text, instant messaging
         media sessions SHOULD also make use
      *  Modes of communications for audio (voice, fax, DTMF), IM (page
         mode, MSRP)

      *  Media transport and means to establish secure RTP - For Futher
   Study.

4.  Open Questions

   This section documents some media sessions

   o  SIP

      *  SIP RFCs, methods and error responses

      *  headers and header values

      *  possibly, list of the open questions not resolved yet on
   the wg mailing list.

5. SIP RFCs supported by groups (e.g. by call
         feature)

   o  Accounting

   o  Performance Metrics: SIP signaling performance metrics; media-
      level VoIP metrics.

   o  Security: Call admission control, call authorization, network and
      transport layer security parameters, media security parameters

6.  Acknowledgments

   This document is a work-in-progress and it is based on the input and
   contributions made by a large number of people in the SPEERMINT ,
   working group, including: Scott Brim, Mike Hammer, Richard Shocky,
   Henry Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar Lendl,
   Daryl Malas, Dave Meyer, Jason Livingood, Bob Natale and Natale, Brian Rosen.

6. Rosen,
   Eric Rosenfeld and Adam Uzelac.

7.  Security Considerations

   This requirement document itself introduces no new

   Securing session peering communications involves numerous protocol
   mechanisms,
   exchanges, first and as such, no new foremost, the securing of SIP signaling and
   media sessions.  The security considerations. considerations contained in RF 3261,
   RFC 4474 are applicable to the SIP protocol exchanges.  A number of
   security requirements considerations are also described in a separate section.

7. Section 4.4 for VoIP
   Interconnects.

8.  References

7.1.

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2327]  Handley, M.

8.2.  Informative References

   [I-D.Malas-sip-performance]
              Malas, D., "SIP End-to-End Performance Metrics",
              September 2006.

   [I-D.gurbani-sip-domain-certs]
              Gurbani, V., Jeffrey, A., and V. Jacobson, "SDP: S. Lawrence, "Domain
              Certificates in the Session Description
              Protocol", Initiation Protocol (SIP)",
              draft-gurbani-sip-domain-certs-03 (work in progress),
              August 2006.

   [I-D.ietf-ecrit-requirements]
              Schulzrinne, H. and R. Marshall, "Requirements for
              Emergency Context  Resolution with Internet Technologies",
              August 2006.

   [I-D.ietf-enum-experiences]
              Conroy, L. and K. Fujiwara, "ENUM Implementation Issues
              and Experiences", June 2006.

   [I-D.ietf-sip-hitchhikers-guide]
              Rosenberg, J., "A Hitchhikers Guide to the Session
              Initiation Protocol (SIP)", October 2006.

   [I-D.ietf-sipping-session-policy-framework]
              Hilt, V., "A Framework for Session Initiation Protocol
              (SIP) Session Policies",
              draft-ietf-sipping-session-policy-framework-01 (work in
              progress), June 2006.

   [I-D.ietf-speermint-terminology]
              Meyer, R., "SPEERMINT Terminology", September 2006.

   [I-D.ietf-wing-media-security-requirements]
              Wing, D., Fries, S., and H. Tschofenig, "A Framework for
              Session Initiation Protocol (SIP) Session Policies",
              draft-wing-media-security-requirements-00 (work in
              progress), October 2006.

   [RFC2198]  Perkins, C., Kouvelas, I., Hodson, O., Hardman, V.,
              Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse-
              Parisis, "RTP Payload for Redundant Audio Data", RFC 2327, April 1998. 2198,
              September 1997.

   [RFC2782]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
              specifying the location of services (DNS SRV)", RFC 2782,
              February 2000.

   [RFC2915]  Mealling, M. and R. Daniel, "The Naming Authority Pointer
              (NAPTR) DNS Resource Record", RFC 2915, September 2000.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [RFC3262]  Rosenberg, J. and H. Schulzrinne, "Reliability of
              Provisional Responses in Session Initiation Protocol
              (SIP)", RFC 3262, June 2002.

   [RFC3263]  Rosenberg, J. and H. Schulzrinne, "Session Initiation
              Protocol (SIP): Locating SIP Servers", RFC 3263,
              June 2002.

   [RFC3264]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
              with Session Description Protocol (SDP)", RFC 3264,
              June 2002.

   [RFC3311]  Rosenberg, J., "The Session Initiation Protocol (SIP)
              UPDATE Method", RFC 3311, October 2002.

   [RFC3326]  Schulzrinne, H., Oran, D., and G. Camarillo, "The Reason
              Header Field for the Session Initiation Protocol (SIP)",
              RFC 3326, December 2002.

   [RFC3455]  Garcia-Martin, M., Henrikson, E., and D. Mills, "Private
              Header (P-Header) Extensions to the Session Initiation
              Protocol (SIP) for the 3rd-Generation Partnership Project
              (3GPP)", RFC 3455, January 2003.

   [RFC3546]  Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
              and T. Wright, "Transport Layer Security (TLS)
              Extensions", RFC 3546, June 2003.

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, July 2003.

   [RFC3603]  Marshall, W. and F. Andreasen, "Private Session Initiation
              Protocol (SIP) Proxy-to-Proxy Extensions for Supporting
              the PacketCable Distributed Call Signaling Architecture",
              RFC 3603, October 2003.

   [RFC3611]  Friedman, T., Caceres, R., and A. Clark, "RTP Control
              Protocol Extended Reports (RTCP XR)", RFC 3611,
              November 2003.

   [RFC3702]  Loughney, J. and G. Camarillo, "Authentication,
              Authorization, and Accounting Requirements for the Session
              Initiation Protocol (SIP)", RFC 3702, February 2004.

   [RFC3824]  Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using
              E.164 numbers with the Session Initiation Protocol (SIP)",
              RFC 3824, June 2004.

   [RFC3951]  Andersen, S., Duric, A., Astrom,

   [RFC3966]  Schulzrinne, H., Hagen, R., Kleijn,
              W., and J. Linden, "Internet Low Bit Rate Codec (iLBC)", "The tel URI for Telephone Numbers",
              RFC 3951, 3966, December 2004.

   [RFC3952]  Duric, A.

   [RFC3986]  Berners-Lee, T., Fielding, R., and S. Andersen, "Real-time Transport Protocol
              (RTP) Payload Format for internet Low Bit Rate Codec
              (iLBC) Speech", L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3952, December 2004.

7.2.  Informative References

   [SIP-GUIDE]
              Rosenberg, J., "A Hitchhikers Guide to the Session
              Initiation Protocol (SIP)", February 2006.

   [SIP-IDENTITY] 3986, January 2005.

   [RFC4474]  Peterson, J. and C. Jennings, "A Hitchhikers Guide to "Enhancements for
              Authenticated Identity Management in the Session
              Initiation Protocol (SIP)", October 2005.

   [SPEERMINT-TERM]
              Meyer, R., "SPEERMINT Terminology", May RFC 4474, August 2006.

   [RFC4566]  Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
              Description Protocol", RFC 4566, July 2006.

Author's Address

   Jean-Francois Mule
   CableLabs
   858 Coal Creek Circle
   Louisville, CO  80027
   USA

   Email: jfm@cablelabs.com jf.mule@cablelabs.com

Full Copyright Statement

   Copyright (C) The Internet Society (2006).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.