SPEERMINT Working Group                                        J-F. Mule
Internet-Draft                                                 CableLabs
Expires: April 26,
Intended status: Best Current                               July 9, 2007                                 October 23, 2006
Practice
Expires: January 10, 2008

       SPEERMINT Requirements for SIP-based VoIP Interconnection
                draft-ietf-speermint-requirements-01.txt
                draft-ietf-speermint-requirements-02.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 26, 2007. January 10, 2008.

Copyright Notice

   Copyright (C) The Internet Society (2006). IETF Trust (2007).

Abstract

   This memo defines Best Current Practices for session peering between
   SIP Service Providers for voice or other types of multimedia traffic
   exchanges.  In its current state, this document describes high-level
   guidelines and general requirements for Session PEERing session peering for Multimedia INTerconnect.
   multimedia interconnect .  It also defines a minimum set of
   requirements applicable to session peering for Voice voice over IP IP,
   presence and instant messaging interconnects.  It is intended to
   become best current practices based on the use cases discussed in the
   speermint
   SPEERMINT working group.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  General Requirements . . . . . . . . . . . . . . . . . . . . .  5
   4.  Requirements for SIP-based VoIP Interconnection
     3.1.  Scope  . . . . . . .  8
     4.1.  DNS, Call Addressing Data (CAD) and ENUM . . . . . . . . .  8
     4.2.  Minimum set of SIP-SDP-related requirements . . . . . . .  8
     4.3.  Media-related Requirements . . .  5
     3.2.  Session Peering Points . . . . . . . . . . . . .  9
     4.4.  Security Requirements . . . . .  5
     3.3.  Session Establishment Data (SED) . . . . . . . . . . . . .  9
       4.4.1.  Security in today's VoIP networks  6
       3.3.1.  User Identities and SIP URIs . . . . . . . . . . . .  9
       4.4.2.  TLS Considerations for session peering .  7
       3.3.2.  URI Reachability . . . . . . . 10
   5.  Annex A - List of Policy Parameters for VoIP
       Interconnections . . . . . . . . . . . .  7
     3.4.  Other Considerations . . . . . . . . . . . 12
     5.1.  Categories of parameters and Justifications . . . . . . . 12
     5.2.  Summary of Parameters .  8
   4.  Signaling and Media Guidelines for Consideration in Session Peering Policies . . . . . . 10
     4.1.  Protocol Specifications  . . . . . . . . . . . . . . . . 14
   6.  Acknowledgments . 10
     4.2.  Minimum set of SIP-SDP-related requirements  . . . . . . . 10
     4.3.  Media-related Requirements . . . . . . . . . . . . . . . . 11
     4.4.  Requirements for Presence and Instant Messaging  . . . . . 16
   7. 11
     4.5.  Security Requirements  . . . . . . . . . . . . . . . . . . 13
       4.5.1.  Security in today's VoIP networks  . . . . . . . . . . 13
       4.5.2.  Signaling Security and TLS Considerations  . . . . . . 13
       4.5.3.  Media Security . . . . . . . . . . . . . . 17
   8.  References . . . . . . 14
   5.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . 18
     8.1.  Normative References . . . 16
   6.  Security Considerations  . . . . . . . . . . . . . . . . 18
     8.2.  Informative . . . 17
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
   Author's Address
     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 18
     7.2.  Informative References . . . . . . 21
   Intellectual Property and Copyright Statements . . . . . . . . . . 22

1.  Introduction

   The Session PEERing . . 18
   Appendix A.  Policy Parameters for Multimedia INTerconnect (SPEERMINT) Working
   Group is chartered to focus on architectures to identify, signal, and
   route delay-sensitive communication sessions.  These Session Peering . . . . . . . . 21
     A.1.  Categories of Parameters and Justifications  . . . . . . . 21
     A.2.  Summary of Parameters for Consideration in Session
           Peering Policies . . . . . . . . . . . . . . . . . . . . . 24
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25
   Intellectual Property and Copyright Statements . . . . . . . . . . 26

1.  Introduction

   Peering at the session level represents an agreement between parties
   to allow the exchange of traffic according to a policy.  It is
   assumed that these sessions use the Session Initiation Protocol (SIP)
   protocol to enable peering between two or more administrative domains over IP networks.

   This document describes high-level guidelines and general
   requirements for session peering; these requirements are applicable
   to any type of multimedia session peering such as Voice over IP
   (VoIP), video telephony, and instant messaging. actors.  The document also
   defines a minimum set of requirements for a sub-set actors of the
   SIP session peering use cases: VoIP interconnects.

   The intent of this version of this document is to describe what
   mechanisms are used called SIP Service Providers (SSPs) and they
   are typically represented by users, user groups such as enterprises
   or real-time collaboration service communities, or other service
   providers offering voice or multimedia services.

   Common terminology for establishing SIP session peering with a
   special look at VoIP interconnects, is defined
   ([I-D.ietf-speermint-terminology]) and a reference architecture is
   described in doing so, it defines some
   of requirements associated with [I-D.ietf-speermint-architecture].  As the secure traffic
   exchanged using SIP as the session establishment of VoIP
   interconnects protocol increases
   between parties, a large number of peers.
   The primary focus is on the requirements applicable to the boundaries
   of layer-5 SIP networks: use cases have been exposed by users of
   SIP UA services and various other actors for how session level peering
   has been or end-device could be deployed based on the reference architecture
   ([I-D.ietf-speermint-voip-consolidated-usecases]) .

   Peering at the session layer can be achieved on a bilateral basis
   (direct peering with SIP sessions established directly between two
   SSPs), or on an indirect basis via an intermediary (indirect peering
   via a third-party SSP that has a trust relationship with the SSPs),
   or on a multilateral basis (assisted peering using a federation model
   between SSPs) - see the terminology document for more details.

   This document describes guidelines and requirements that are
   considered out intended
   to become Best Current Practices for session peering (direct,
   indirect or assisted).  These requirements are also independent of scope.
   the type of media exchanged by the parties and should be applicable
   to any type of multimedia session peering such as Voice over IP
   (VoIP), video telephony, and instant messaging.  The document also
   defines a minimum set of specific requirements for VoIP, presence and
   instant messaging interconnects.
   It is also not the goal of this document to mandate any particular use of
   any IETF protocols to establish session peering by users or
   service providers. peering.  However, when
   protocol mechanisms are used, the document aims at providing
   guidelines or best current practices on how they should be
   implemented, or configured and enabled or configurable in order to facilitate
   session peering.

   Finally, a list of parameters for the definition of a session peering
   policy is provided in an informative annex. appendix.  It should be
   considered as an example of the information a Voice Service Provider, or
   Application SIP Service Provider
   may require in order to connect to another using SIP.

2.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in RFC 2119
   [RFC2119].

   This specification memo makes use of the following terms and acronyms defined in
   [I-D.ietf-speermint-terminology],
   [I-D.ietf-speermint-terminology]: SIP Service Provider (SSP),
   Signaling Path Border Element (SBE), Data Path Border Element (DBE),
   Session Establishment Data (SED), Layer 3 and Layer 5 peering,
   session peering, federation, etc.  It is assumed that the reader is
   familiar with the Session Description Protocol (SDP) [RFC4566] and
   the Session Initiation Protocol (SIP) [RFC3261].
   We also use the terms Voice Service Provider (VSP) and Application
   Service Provider (ASP) as defined in [I-D.ietf-ecrit-requirements].

3.  General Requirements

   The following section defines sections define general guidelines and requirements
   applicable to session peering for multimedia sessions.

   o  Session peering should be independent of lower layers.  The
      mechanisms used

3.1.  Scope

   SSPs desiring to establish session peering SHOULD accommodate
      diverse supporting lower layers.

      Motivations:
      Session peering is about layer 5 mechanisms.  It should not matter
      whether lower layers rely relationships have to
   reach an agreement on numerous aspects.
   This document only addresses best current practice for certain
   aspects of a session peering agreement, including the public Internet or are
      implemented by private L3 connectivity, using firewalls or L2/L3
      Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer
      Security (TLS) connections [RFC3546]...

   o  Session Peering Policies declaration,
   advertisement and Extensibility:
      Policies developed management of ingress and egress for session peering SHOULD be flexible
   signaling and
      extensible media, information and conventions related to cover existing the
   Session Establishment Data (SED), the security requirements each peer
   may enforce on its network to accept and future secure session peering models.
      It is also RECOMMENDED that policies be published via local
      configuration choices in a distributed system like DNS rather than
      in a centralized system like a 'peering registry'.
      In exchanges,
   and, the context of session peering, a policy is defined as format and necessary details to determine the minimum set of
   parameters required to achieve SIP and SDP interoperability.
   Several other information needed by one VSP/ASP to
      connect aspects of session peering are critical to another.  Some reach a
   successful agreement but they are considered out of scope of the session policy parameters may be
      statically exchanged
   SPEERMINT working group and set throughout the lifetime not addressed in this document.  They
   include aspects such as media (e.g., type of the
      peering relationship.  Others parameters may media traffic to be discovered
   exchanged, compatible media codecs and
      updated dynamically using by some explicit protocol mechanisms.
      These dynamic parameters may also relate media transport protocols,
   mechanisms to a VSP/ASP's session-
      dependent or session independent policies as defined in
      [I-D.ietf-sipping-session-policy-framework].

      Motivations:
      It is critical that ensure differentiated quality of service for media),
   layer-3 IP connectivity between the solutions be flexible Signaling Path and extensible given
      the various emerging models: layer 5 peering may involve open
      federations Data Path
   Border Elements, traffic capacity control (e.g. maximum number of SIP proxies,
   sessions at each ingress point, maximum number of concurrent IM or closed environments with systems
      that only accept incoming calls from selected peers based on a set
      of bilateral trust relationships.  Federations may also be based
      on memberships in peering fabrics or voice service provider clubs,
      etc.  Session peering may be direct or indirect.
   VoIP sessions), and accounting.  The maintenance of the "system" should scale beyond simple lists primary focus of peering partners.  In particular, it must incorporate
      aggregation mechanisms which avoid O(n^2) scaling (where n this document
   is on the
      number of participating peers).  The distributed management of the
      DNS is a good example for requirements applicable to the scalability of this approach.

   o  Administrative and Technical Policies:
      Various types boundaries of policy information may need to be discovered Layer 5 SIP
   networks: SIP UA or
      exchanged in order to establish session peering.  At a minimum, a
      policy SHOULD specify information related to call addressing data
      in order to avoid session establishment failures.  A policy MAY
      also include information related to QoS, billing and accounting,
      layer-3 related interconnect end-device requirements which are also considered out
   of scope.

   The informative Appendix A lists parameters that SPPs should consider
   when discussing the
      scope technical aspects of this document.

      Motivations:
      The reasons for declining or accepting incoming calls from a
      prospective SIP session peering.

3.2.  Session Peering Points

   For session peering partner can to be both administrative
      (contractual, legal, commercial, or business decisions) scalable and
      technical (certain QoS parameters, TLS keys, domain keys, ...).
      The objectives operationally manageable by
   SSPs, maximum flexibility should be given for how signaling path and
   media path border elements are to provide a baseline framework to define,
      publish declared, dynamically advertised and optionally retrieve policy information so that a
   updated.  Indeed, in any session establishment does not peering environment, there is a need
   for a SIP Service Provider to be attempted to know declare or dynamically advertise the
   SIP and media entities that
      imcompatible policy parameters will cause face the session to fail
      (this was originally referred to as "no blocked calls").

   o  URIs and Domain-Based Peering Context:
      Call Addressing Data peer's network.

   An SSP SHOULD rely on URIs (Uniform Resource
      Identifiers, RFC 3986 [RFC3986]) declare the signaling border elements responsible for call routing
   egress and SIP URIs ingress points so called Signaling Path Border Elements
   (SBEs).  If the SSP also provides media streams to its users, an SSP
   SHOULD be preferred over tel URIs (RFC 3966 [RFC3966]).  Although declare the initial call addressing data may be based on E.164 numbers media border elements responsible for
      voice interconnects, a generic peering methodology SHOULD NOT rely
      on egress and
   ingress points so called Signaling Path Data Elements (SDEs); if such E.164 numbers.

      Motivations:
      Telephone numbers commonly appear in
   an SSP relies on STUN servers ([RFC3489]) and STUN Relay extensions
   to permit the username portion traversal of a SIP
      URI.  When telephone numbers are in tel URIs, SIP requests cannot
      be routed in accordance with NAT devices, the traditional DNS resolution
      procedures standardized for SIP SSP SHOULD declare those
   STUN servers as indicated in RFC 3824
      [RFC3824].  Furthermore, we assume that all SIP URIs with the same
      domain-part share the same set part of peering policies, thus the its SDEs.  It is RECOMMENDED that SSPs use
   DNS and provide one or more domain of the SIP URI may names to be used as the primary key with [RFC3263] to any
      information regarding
   locate SBEs.
   An SPP SHOULD also indicate if some restrictions exist on the reachability type of that
   media traffic the SIP URI.

   o  URI Reachability entities acting as SBEs are capable of
   establishing.  Ingress and Minimal additional cost on call initiation:
      Based on a well-known URI (for e.g. sip, pres, or im URIs), it
      MUST egress SBE points MAY be possible to determine whether the domain servicing the URI
      (VSP/ASP) allows for session peering, and if it does, it peer-dependent,
   and/or media-dependent.  An SSP SHOULD be
      possible to locate and retrieve the domain's policy and signaling
      functions.  For example, an originating service provider must be able to determine whether accomodate
   multiple, media-dependent ingress points from a SIP URI is open peer's network.  The
   mechanisms recommended for direct
      interconnection without requiring to initiate a SIP request.
      Furthermore, since each call setup implies the execution of any
      proposed algorithm, the establishment declaration and advertisement of a SIP session via peering
      SHOULD incur minimal overhead SBE
   and delay, SDE entities MUST allow for peer and employ caching
      wherever possible to avoid extra protocol round trips. media variability.

   Motivations:
      This requirement is important as unsuccessful call attempts are
      highly undesirable since they can introduce high delays due
   While there could be one single Signaling Path Border Element (SBE)
   in some SSP networks that communicates with all SIP peer networks, an
   SSP may choose to
      timeouts have one or more SBEs for receiving incoming SIP
   session requests (ingress signaling points), and can act as one or more SBEs for
   outgoing SIP session requests (egress signaling points).  Ingress and
   egress signaling points may be distinct SIP entities and could be
   media-dependent.  Some providers deploy SIP entities specialized for
   voice, real-time collaboration, etc.  For example, within an unintended denial of service attack
      (e.g., by repeated TLS handshakes).  There should SSP
   network, some SBEs may be a high
      probability of successful call completion dedicated for policy-conforming
      peers.

   o  Variability certain types of media
   traffic due to specific SIP extensions required for certain media
   types (e.g.  SIMPLE, the Call Address Data:
      A terminating VSP/ASP SIP MESSAGE Method for Instant Messaging
   [RFC3428] or user SHOULD be able to indicate its
      domain ingress points (Signaling Path Border Element(s)) based on the identity Message Sessions Relay Protocol (MSRP)).

   An SSP SHOULD communicate how authentication of the originating VSP/ASP or user.
      The mechanisms recommended for peer's SBEs will
   occur (see the security requirements for more details).  The use and resolution of the call
      addressing data SHOULD allow for variability
   access control lists based on fixed IP addresses or customization fixed IP sub-nets
   of the response(s) depending on various elements, such SBEs is NOT RECOMMENDED as the
      identity of the originating or terminating user or user domain.

4.  Requirements for SIP-based VoIP Interconnection

   This section defines some requirements for SIP-based VoIP
   Interconnection.  It should be considered as the minimal set of
   requirements it does not scale: it not only
   involves an error-prone manual process to be implemented configure access control
   lists but it also prevents peers from dynamically making IP network
   addressing changes to perform SIP VoIP interconnects.

4.1.  DNS, Call Addressing their SBE egress points without advertising
   those changes "manually".

3.3.  Session Establishment Data (CAD) and ENUM

   Call Addressing (SED)

   The Session Establishment Data can be derived from various mechanisms available
   to the user, such (SED) is defined as ENUM when the input is data used to
   route a telephone number, call or
   other DNS queries using SRV and NAPTR resource records when the entry
   is a SIP URI for example.  The SPEERMINT Working Group session to the called domain's ingress point
   ([I-D.ietf-speermint-terminology]).  Given that SED is focused on the use set of CAD.
   parameters that the outgoing SBEs need to complete the session
   establishment, some information must be shared between SSPs on
   special requirements or conventions required for a successful session
   establishment.  The following requirements are paragraphs capture the recommended best current
   practices for VoIP
   session peering:

   o the SED data.

3.3.1.  User Identities and SIP URIs

   User identities used between peers can be represented in many
   different formats.  Session Establishment Data SHOULD rely on URIs
   (Uniform Resource Identifiers, RFC 3986 [RFC3986]) and SIP URIs
   SHOULD be preferred over tel URIs when establishing a SIP
      session for voice interconnects.

   o  The recommendations defined in [RFC3824] SHOULD be followed by
      implementers when using E.164 numbers with SIP, and by authors of
      NAPTR records for ENUM for records with an 'E2U+sip' service
      field.  Other ENUM implementation issues and experiences are
      described in [I-D.ietf-enum-experiences] that may be relevant for
      VoIP interconnects using ENUM.

   o (RFC 3966 [RFC3966]).
   The use of DNS domain names and hostnames is RECOMMENDED in SIP URIs
   and they MUST be resolvable on the public Internet.

   o  The DNS procedures specified in [RFC3263]  It is
   RECOMMENDED that the host part of SIP URIs contain a fully-qualified
   domain name instead of a numeric IPv4 or IPv6 address.  As for the
   user part of the SIP URIs, an SSP SHOULD be followed NOT need to
      resolve be aware of
   which individual user identities are valid within a peer's domain.

   Although SED data may be based on E.164-based SIP URI into URIs for voice
   interconnects, a reachable host (IP address and port), and
      transport protocol.  Note that RFC 3263 relies generic peering methodology should not rely on DNS SRV
      [RFC2782] such
   E.164 numbers.  As described in
   [I-D.draft-elwell-speermint-enterprise-usecases], in some use cases
   for enterprise to enterprise peering (even if a transit SSP is
   involved), it should be possible to use user identity URIs that do
   not map to E.164 numbers, e.g. for presence, instant messaging and NAPTR Resource Records [RFC2915].

4.2.  Minimum set of SIP-SDP-related requirements

   The main objective of VoIP interconnects being
   even for voice.

   Motivations:
   When SSP support voice, telephone numbers commonly appear in the establishment
   username portion of
   successful SIP calls between peer VSPs/ASPs, this section provides a
   minimum set of SIP-related requirements.

   o  The Core SIP Specifications as defined URI.  When telephone numbers are in [RFC3261] and
      [I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling
      Path Border Elements and any other tel
   URIs, SIP implementations involved in
      session peering.
      Justifications:
      The specifications contained requests cannot be routed in accordance with the Core SIP group provide the
      fundamental and basic mechanisms required to enable VoIP
      interconnects.  This includes: the SIP protocol
   traditional DNS resolution procedures standardized for session
      establishment and its updates such SIP as
   indicated in RFC 3853 and RFC 4320, SDP
      [RFC4566] and its Offer/Answer model [RFC3264] for VoIP media
      session descriptions and codec negotiations, SIP Asserted Identity
      for caller ID services, and various other extensions to support
      NAT traversal, etc.

   o 3824 [RFC3824].  The following RFCs recommendations defined in
   [RFC3824] SHOULD be supported: Reliability of Provisional
      Responses in SIP - PRACK [RFC3262], the followed by implementers when using E.164 numbers
   with SIP.  Furthermore, it is commonly assumed that all SIP UPDATE method (for
      e.g. for codec changes during a session) [RFC3311], URIs with
   the Reason
      header field [RFC3326].

   In same domain-part share the context same set of session peering where peers desire to maximize policies, thus the
   chances
   domain of successful call establishment, the recommendations
   contained in RFC 3261 SIP URI may be used as the primary key to any
   information regarding the use reachability of the Supported and Require
   headers that SIP URI.

3.3.2.  URI Reachability

   Based on a well-known URI type (for e.g. sip, pres, or im URIs), it
   MUST be followed.  Signaling Path Border Elements SHOULD
   include possible to determine whether the supported SIP extensions in SSP domain servicing the Supported header
   URI allows for session peering, and the
   use of the Require header must if it does, it SHOULD be configurable on a per target domain
   basis in order to match a network peer policy and possible
   to maximize
   interoperability.

4.3.  Media-related Requirements

   VSPs engaged in session peering SHOULD support of compatible codecs locate and include media-related parameters in their retrieve the domain's policy.
   Transcoding SHOULD policy and SBE entities.
   For example, an originating service provider must be avoided by proposing commonly agreed codecs.

   Motivations: The media capabilities of a VSP's network are either able to
   determine whether a
   property of the SIP end-devices, or, URI is open for direct interconnection
   without requiring an SBE to initiate a combination SIP request.  Furthermore,
   since each call setup implies the execution of any proposed
   algorithm, the property establishment of
   end-devices a SIP session via peering should
   incur minimal overhead and Data Path Border Elements that may provide media
   transcoding. delay, and employ caching wherever
   possible to avoid extra protocol round trips.

   The choice use of one or more common codecs for VoIP
   sessions between VSPs DNS domain names and hostnames is therefore outside RECOMMENDED in SIP URIs
   and they MUST be resolvable on the scope of speermint.
   Indeed, as stated public Internet.  The DNS
   procedures specified in introduction, requirements applicable [RFC3263] SHOULD be followed to end-
   devices of resolve a VSP are considered out of scope.  A list of media-
   related policy parameters SIP
   URI into a reachable host (IP address and port), and transport
   protocol.  Note that RFC 3263 relies on DNS SRV [RFC2782] and NAPTR
   Resource Records [RFC2915].

   Motivations:
   This requirement is important as unsuccessful call attempts are provided in the informative Section 5.

4.4.  Security Requirements

4.4.1.  Security in today's VoIP networks

   In today's VoIP deployments, various approaches exist
   highly undesirable since they can introduce high delays due to secure
   exchanges between VSPs/ASPs.  Signaling
   timeouts and media security are the
   two primary topics for consideration in most deployments.  A number can act as an unintended denial of transport-layer and network-layer mechanisms are widely used service attack (e.g.,
   by
   some categories of VSPs: repeated TLS handshakes).  There should be a high probability of
   successful call completion for policy-conforming peers.

3.4.  Other Considerations

   The considerations listed below were gathered early on in the enterprise networks for
   applications such
   SPEERMINT working group as VoIP and secure Instant Messaging, IPSec and
   L2/L3 VPNs in some VSP networks where there is a desire part of discussions to secure all
   signaling and media traffic at or below define the IP layer.  Media level
   security is not widely deployed scope of
   the working group.  They are left here but have been re-written
   without requirements verbs for RTP, even though it is in use in
   few deployments where the privacy of voice communications is
   critical.
   A detailed security threat analysis of session most part.

   o  Session peering exchanges
   should provide more guidance on what scalable and efficient methods should be independent of lower layers.
      The mechanisms used to help mitigate the the main security risks in large-
   scale establish session peering.

   A recent IETF BoF at IETF 66 (rtpsec) was organized to analyze SIP
   requirements for SRTP keying; a number of security requirements for
   VoIP were discussed.  A few Internet-Drafts have since been released
   and focus peering should
      accommodate diverse supporting lower layers.  It should not matter
      whether lower layers rely on media security requirements the public Internet or are
      implemented by private L3 connectivity, using firewalls or L2/L3
      Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer
      Security (TLS) connections [RFC3546]...

   o  Session Peering Policies and Extensibility:
      Mechanisms developed for SIP sessions
   ([I-D.ietf-wing-media-security-requirements]).  Some of these
   scenarios may session peering should be applicable flexible and
      extensible to interdomain VSP/ASP cover existing and future session peering or
   they may models.
      It is also recommended that SSP policies be augmented published via local
      configuration choices in a distributed system like DNS rather than
      in a centralized system like a 'peering registry'.
      In the future context of session peering, a policy is defined as the set
      of parameters and other information needed by interdomain scenarios.

4.4.2.  TLS Considerations for an SPP to connect to
      another.  Some of the session peering

   The remaining policy parameters may be statically
      exchanged and set throughout the lifetime of Section 4 covers some details on how TLS could the peering
      relationship.  Others parameters may be
   deployed discovered and used between 2 VSPs/ASPs to secure SIP exchanges.  The
   intent is updated
      dynamically using by some explicit protocol mechanisms.  These
      dynamic parameters may also relate to capture what two VSPs/ASPs should discuss an SSP's session-dependent
      or session independent policies as defined in
      [I-D.ietf-sipping-session-policy-framework].

   o  Administrative and agree on Technical Policies:
      Various types of policy information may need to be discovered or
      exchanged in order to establish TLS connections for SIP session peering.

      1.  Peers SHOULD agree on one or more Certificate Authorities
      (CAs) to trust for securing session peering exchanges.
      Motivations:
      A VSP/ASP should have control over which root CA it trusts for SIP
      communications.  This may imply creating a certificate trust list
      and including the peer's CA for each authorized domain.  This
      requirement allows for the initiating side to verify that the
      server certificate chains up to  At a trusted root CA.  This also
      means that SIP servers SHOULD allow the configuration of minimum, a
      certificate trust list
      policy should specify information related to session establishment
      data in order to allow a VSP/ASP avoid session establishment failures.  A policy
      may also include information related to control QoS, billing and
      accounting, layer-3 related interconnect requirements which peer's CAs are trusted
      out of the scope of this document, see examples in Section
      Appendix A.

      Motivations:
      The reasons for declining or accepting incoming calls from a
      prospective peering partner can be both administrative
      (contractual, legal, commercial, or business decisions) and
      technical (certain QoS parameters, TLS connections.  Note that these
      considerations seem keys, domain keys, ...).
      The objectives are to be around two themes: one is trusting provide a
      root, the other is trusting intermediate CAs.

      2.  Peers SHOULD indicate whether their domain policies require
      proxy servers baseline framework to inspect define,
      publish and verify the identity provided in SIP
      requests as defined in [RFC4474].

      3.  SIP servers involved in the secure optionally retrieve policy information so that a
      session establishment over
      TLS MUST have valid X.509 certificates and MUST does not need to be able attempted to receive
      a TLS connection on a well-known port.

      4.  The following TLS/SIP Protocol know that
      imcompatible policy parameters SHOULD be agreed
      upon as part of session peering policies: will cause the version of TLS
      supported by session to fail
      (this was originally referred to as "no blocked calls").

4.  Signaling Border Elements (TLSv1, TLSv1.1), and Media Guidelines for Session Peering

   This section provides some guidelines for maximizing SIP-based
   interconnections between SSPs.  It should be considered as the
   minimal set of requirements to be implemented to perform SIP
      TLS port (default 5061), the server-side session timeout (default
      300 seconds), the
   interconnects for presence, IM, or VoIP.

4.1.  Protocol Specifications

   A detailed list of supported or recommended ciphersuites, SIP and SDP RFCs the session peers' SBEs must
   conform to must be provided by SSPs.  It is NOT RECOMMENDED to rely
   on Internet-Drafts for commercial SIP interconnects, but if
   applicable, a list of trusted root CAs.

      5.  SIP servers involved in supported or required IETF Internet-Drafts
   SHOULD be provided.  Such specifications SHOULD include protocol
   implementation compliance statements, indicate the session establishment over TLS minimal extensions
   that MUST verify be supported, and validate the client certificates: the client
      certificate full details on what options and
   protocol features MUST contain a DNS be supported, MUST NOT be supported or URI choice type in the
      subjectAltName which corresponds to the domain asserted in the
      host portion MAY be
   supported.  This specification SHOULD include a high-level
   description of the URI contained in the From header.  It is also
      recommended services that VSPs/ASPs convey the domain identity in are expected to be supported by the
      certificates using both a canonical name
   peering relationship and it MAY include sample message flows.

4.2.  Minimum set of SIP-SDP-related requirements

   The main objective of the SIP server(s) and interconnects being the establishment of
   successful SIP URI calls between peer SSPs, this section provides some
   guidelines for the domain minimum set of SIP specifications that SHOULD be
   supported by SBEs.

   The Core SIP Specifications as described defined in [RFC3261] and
   [I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling Path
   Border Elements (SBEs) and any other SIP implementations involved in
   session peering.  The specifications contained in section 4 of
      [I-D.gurbani-sip-domain-certs].  On the client side, it is also
      critical for the TLS client to authenticate Core SIP group
   provide the server as defined
      in [RFC3261] fundamental and basic mechanisms required to enable SIP
   interconnects.  The Hitchkiker's guide include specific sections for
   voice, instant message and presence.

   Furthermore, SBE implementers MUST follow the recommendations
   contained in section 9 RFC 3261 regarding the use of draft-ietf-sip-certs-01.txt.

      6.  A session peering policy the Supported and Require
   headers.  Signaling Path Border Elements SHOULD include details on the supported
   SIP session
      establishment over TLS if TLS is supported.

5.  Annex A - List of Policy Parameters for VoIP Interconnections

   This informative annex lists extensions in the various types of parameters that
   should be considered when discussing Supported header and the technical aspects use of the Require
   header must be configurable on a VoIP
   Peering per SSP target domain basis in order
   to match a network peer's policy .

5.1.  Categories of parameters and Justifications

   It to maximize interoperability.

   In the cases of indirect or assisted peering, it is intended as also important
   that an initial list adequate level of topics that should be addressed
   by peers when establishing a VoIP peering relationship.

   o  IP Network Connectivity:
      It SIP message transparency is assumed that IP network connectivity exists between peers.
      While this available.  In
   particular, the intermediary SBE MUST NOT modify or remove
   information in the SIP or SDP parameters beyond what is out of scope of session peering, VSPs must agree
      upon a common mechanism required for IP transport
   the purpose of Layer 5 session
      signaling call routing.  In particular, intermediary SBE SHOULD
   NOT:

   o  Remove SIP header lines, SIP header fields and media.  This may be accomplish via private (e.g.
      IPVPN, IPSEC, etc.) SIP message bodies
      that are intended for the destination SBE, or public IP networks.

   o  Media-related Parameters:

      *  Media Codecs: list of supported media codecs for audio, real-
         time fax (version of T.38, if applicable), real-time text (RFC
         4103), DTMF transport, voice band data communications (as
         applicable) along with the supported or recommended codec
         packetization rates, level of RTP paylod redundancy, audio
         volume levels, etc.

      *  Media Transport: level of support for RTP-RTCP [RFC3550], RTP
         Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) ,
         T.38 transport over RTP, etc.

      *  Other: support called SIP UA
      irrespective of whether or not those header lines or parameters
      are understood by the VoIP metric block as defined in RTP
         Control Protocol Extended Reports [RFC3611] , etc. intermediary SBE;

   o  SIP:

      *  A  Modify header fields and bodies in a way that may break any
      integrity protection.

4.3.  Media-related Requirements

   SSPs engaged in session peering SHOULD support of compatible codecs.
   An SSP domain policy SHOULD include specify media-related parameters that
   their user's SIP entities support or that the list SSP authorizes in its
   domain's policy.  Direct media exchange between the SSPs' user
   devices is preferred and media transcoding SHOULD be avoided by
   proposing commonly agreed codecs.  SSPs SHOULD discuss mechanisms
   employed for IPv4-IPv6 translation of supported media, as well as solutions
   used for NAT traversal such as ICE [I-D.ietf-ice] and required STUN
   ([RFC3489]).

   Motivations: The media capabilities of an SSP's network are either a
   property of the SIP RFCs, supported and required end-devices, SIP methods
         (including p headers if applicable), error response codes,
         supported or recommended format applications, or, a combination
   of some header field values ,
         etc.

      *  It should also be possible to describe the list property of supported
         SIP RFCs by various functional groupings.  A group end-devices and Data Path Border Elements that may
   provide media transcoding.

   The choice of one or more common media codecs for SIP RFCs
         may represent how a call feature is implemented (call hold,
         transfer, conferencing, etc.), or it may indicate a functional
         grouping as in [I-D.ietf-sip-hitchhikers-guide].

   o  Accounting:
      Call accounting may be required for tracking session usage on a
      peer's network.  It sessions
   between SSPs is critical for peers to determine whether outside the
      support scope of any SIP extensions for accounting is a pre-requisite
      for SIP interoperability.  In some cases, call accounting may feed
      data SPEERMINT.  A list of media-
   related policy parameters are provided in the informative Appendix A.

   For media related security guidance, please refer to Section
   Section 4.5.

4.4.  Requirements for billing purposes but not always: Presence and Instant Messaging

   This section lists some operators may
      decide to use accounting as a 'bill presence and keep' model Instant Messaging requirements
   defined in [I-D.presence-im-requirements] and authored by A. Houri,
   E. Aoki and S. Parameswar.  Credits must go to track
      session usage A. Houri, E. Aoki and monitor usage against service level agreements.
      [RFC3702] defines
   S. Parameswar.

   It was requested to integrate [I-D.presence-im-requirements] into
   this draft since some of the terminology requirements are generic and basic non
   specific to any application type.  In particular, requirements for
      accounting of SIP sessions.  A few private SIP extensions have
      also been defined
   numbered PRES-IM-REQ-001, PRES-IM-REQ-002, PRES-IM-REQ-010, PRES-IM-
   REQ-011, PRES-IM-REQ-015 and used over PRES-IM_REQ-017 are covered by
   guidelines provided in other parts of this document.

   The numbering of the years to enable call
      accounting between VSP domains such requirements is as defined in the P-Charging* headers above
   mentioned ID.  It is expected that as more discussions occur and
   consensus is achieved in
      [RFC3455], the P-DCS-Billing-Info header working group, those requirements will
   be renumbered or re-written in [RFC3603], etc. the mindset of a BCP document.  The
   following list describes requirements for presence and instant
   messaging session peering:

   o  Performance Metrics:
      Layer-5 performance metrics should be defined  From (PRES-IM-REQ-003, PRES-IM-REQ-004 and shared between
      peers. PRES-IM-REQ-005): The performance metrics apply directly to signaling or
      media; they may be used pro-actively to help avoid congestion,
      call quality issues or call signaling failures, and as part of
      monitoring techniques, they can be used to evaluate
      mechanisms recommended for the
      performance exchange of peering exchanges.
      Examples presence information
      between SSPs MUST allow a user of SIP performance metrics include the maximum number one SSP's presence community to
      subscribe presentities served by another SSP via its local
      community, including subscriptions to a single presentity, a
      public or private (personal) list of
      SIP transactions per second on per domain basis, Session
      Completion Rate (SCR), Session Establishment Rate (SER), etc.
      Some SIP end-to-end performance metrics are defined in
      [I-D.Malas-sip-performance]; presentities.

   o  From (PRES-IM-REQ-006, PRES-IM-REQ-007, PRES-IM-REQ-008 and PRES-
      IM-REQ-009): The mechanisms recommended for Instant Messaging
      message exchanges between SSPs MUST allow a subset user of these may be applicable SSP's
      community to communicate with users of the other SSP community via
      their local community using various methods, including sending a
      one-time IM message, initiating a SIP session peering and interconnects.
      Some media-related metrics for monitoring VoIP calls have been
      defined transporting
      sessions of messages, participating in n-way chats using chat
      rooms with users from the VoIP Metrics Report Block, in Section 4.7 of
      [RFC3611]. peer SSPs, or sending a file.

   o  Security:
      A VSP/ASP SHOULD describe the security requirements that other
      peers must meet in  PRES-IM-REQ-012: Privacy Sharing - In order to terminate calls to its network.  While
      such enable sending less
      notifications between communities, there should be a list mechanism
      that will enable sharing privacy information of security-related policy parameters often depends on users between the security models pre-agreed to by peers, it is expected
      communities.  This will enable sending a single notification per
      presentity that
      these parameters will be discoverable or signaled in sent to the future appropriate watchers on the
      other community according to
      allow session peering outside VSP clubs. the presentity's privacy information.

   o  PRES-IM-REQ-013: Privacy Sharing Security - The list of security
      parameters may privacy sharing
      mechanism must be long and composed done in a way that will enable getting the
      consent of high-level requirements
      (e.g. authentication, privacy, secure transport) and low level
      protocol configuration elements like TLS parameters.
      The following list the user whose privacy will be sent to the other
      community prior to sending the privacy information. if user
      consent is not intended to be complete, give, it provides a
      preliminary list in should not be possible to this
      optimization.  In addition to getting the form consent of examples:

      *  Call admission requirements: for some providers, sessions can
         only users
      regarding privacy sharing, the privacy data must be admitted if certain criteria are met.  For example, for
         some providers' networks, sent only incoming SIP sessions signaled
         over established IPSec tunnels or presented to the well-known
         TLS ports are admitted.  Other call admission requirements may via
      secure channels between communities.

   o  PRES-IM-REQ-014: Multiple Recipients - It should be related to some performance metrics as descrived above.
         Finally, it is possible that some requiremetns be imposed to
      send a presence document with a list of watchers on
         lower layers, but these are considered out the other
      community that should receive the presence document notification.
      This will enable sending less presence document notifications
      between the communities while avoiding the need to share privacy
      information of scope presentities from one community to the other.

   o  PRES-IM-REQ-016: Mappings - A lot of session
         peering.

      *  Call authorization requirements and validation: the early deployments of SIP
      based presence and IM gateways are deployed in front of
         a caller or user identity MAY be required by a VSP/ASP.
         Indeed, some VSPs/ASPs legacy
      proprietary systems that use different names for different
      properties that exist in PIDF.  For example "Do Not Disturb" may further authorize an incoming
         session request by validating
      be translated to "Busy" in another system.  In order to make sure
      that the caller's identity against
         white/black lists maintained by meaning of the service provider or users
         (traditional caller ID screening applications or IM white
         list).

      *  Privacy requirements: status is preserved, there is a VSP/ASP MAY demand need that
      either each system will translate its SIP
         messages be securely transported by its peers for privacy
         reasons so that the calling/called party information internal statuses to
      standard PIDF based statuses of a translation table of proprietary
      statuses to standard based PIDF statuses will be
         protected.  Media sessions may also require privacy and some
         ASP/VSP policies may include requirements on provided from one
      system to the use of other.

4.5.  Security Requirements

4.5.1.  Security in today's VoIP networks

   In today's SIP deployments, various approaches exist to secure
   exchanges between SIP Service Providers.  Signaling and media transport protocols such as sRTP, along with some
         contraints on
   security are the minimum authentication/encryption options two primary topics for
         use consideration in sRTP.

      *  Network-layer security parameters: this covers how IPSec
         security associated may be established, the IPSec key exchange most
   deployments.  A number of transport-layer and network-layer
   mechanisms to be are widely used and any keying materials, the lifetime for SIP by some categories of
         timed Security Associated if applicable, etc.

      *  Transport-layer security parameters: this covers how SSPs: TLS
         connections should be established in
   the enterprise networks for applications such as described VoIP and secure
   Instant Messaging or in Section 4.4.2

5.2.  Summary of Parameters service provider networks for Consideration Instant
   Messaging and presence applications, IPsec and L2/L3 VPNs in Session Peering
      Policies

   The following some SSP
   networks where there is a summary of desire to secure all signaling and media
   traffic at or below the parameters mentioned IP layer.  Media level security is not widely
   used today between providers for media transported using the Real-
   Time Protocol (RTP) , even though it is in use in few deployments
   where the
   previous section.  They may be part privacy of a voice and other RTP media is critical.
   A security threat analysis provides guidance for VoIP session peering policy
   ([I-D.draft-niccolini-speermint-voipthreats]).  More discussions
   based on this threat analysis and
   appear with a level of requirement (mandatory, recommended,
   supported, ...).

   o  IP Network Connectivity (assumed, requirements out of scope of use cases is required in the
   working group to define best current practices that this document)

   o  Media session parameters:

      *  Codecs for audio, video, real time text, instant messaging
         media sessions
      *  Modes of communications document, or
   a separate memo should recommend for audio (voice, fax, DTMF), IM (page
         mode, MSRP)

      *  Media transport and means to establish secure media sessions

   o  SIP

      *  SIP RFCs, methods and error responses

      *  headers and header values

      *  possibly, list of SIP RFCs supported by groups (e.g. by call
         feature)

   o  Accounting

   o  Performance Metrics: SIP both signaling performance metrics; media-
      level VoIP metrics.

   o  Security: Call admission control, call authorization, network and
      transport layer security parameters, media security parameters

6.  Acknowledgments

   This document is a work-in-progress
   security.

4.5.2.  Signaling Security and it TLS Considerations

   The Transport Layer Security (TLS) is based on the input and
   contributions made by a large number of people standard way to secure
   signaling between SIP entities.  TLS can be used in the SPEERMINT
   working group, including: Scott Brim, Mike Hammer, Richard Shocky,
   Henry Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar Lendl,
   Daryl Malas, Dave Meyer, Jason Livingood, Bob Natale, Brian Rosen,
   Eric Rosenfeld and Adam Uzelac.

7.  Security Considerations

   Securing session direct peering communications involves numerous protocol
   exchanges, first to
   mutually authenticate SSPs and foremost, the securing of SIP signaling provide message confidentiality and
   media sessions.
   integrity protection.  The security considerations contained in RF 3261,
   RFC 4474 are applicable remaining paragraphs explore how TLS could
   be deployed and used between 2 SSPs to the secure SIP protocol exchanges.  A number of
   security considerations are also described  The
   intent is to capture what two SSPs should discuss and agree on in Section 4.4 for VoIP
   Interconnects.

8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs
   order to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

8.2.  Informative References

   [I-D.Malas-sip-performance]
              Malas, D., "SIP End-to-End Performance Metrics",
              September 2006.

   [I-D.gurbani-sip-domain-certs]
              Gurbani, V., Jeffrey, A., and S. Lawrence, "Domain
              Certificates in the Session Initiation Protocol (SIP)",
              draft-gurbani-sip-domain-certs-03 (work in progress),
              August 2006.

   [I-D.ietf-ecrit-requirements]
              Schulzrinne, H. and R. Marshall, "Requirements establish TLS connections for
              Emergency Context  Resolution with Internet Technologies",
              August 2006.

   [I-D.ietf-enum-experiences]
              Conroy, L. and K. Fujiwara, "ENUM Implementation Issues
              and Experiences", June 2006.

   [I-D.ietf-sip-hitchhikers-guide]
              Rosenberg, J., "A Hitchhikers Guide SIP session peering.

      1.  SSPs SHOULD agree on one or more Certificate Authorities (CAs)
      to the Session
              Initiation Protocol (SIP)", October 2006.

   [I-D.ietf-sipping-session-policy-framework]
              Hilt, V., "A Framework trust for Session Initiation Protocol
              (SIP) Session Policies",
              draft-ietf-sipping-session-policy-framework-01 (work in
              progress), June 2006.

   [I-D.ietf-speermint-terminology]
              Meyer, R., "SPEERMINT Terminology", September 2006.

   [I-D.ietf-wing-media-security-requirements]
              Wing, D., Fries, S., and H. Tschofenig, "A Framework securing session peering exchanges.
      Motivations:
      An SSP should have control over which root CAs it trusts for
              Session Initiation Protocol (SIP) Session Policies",
              draft-wing-media-security-requirements-00 (work in
              progress), October 2006.

   [RFC2198]  Perkins, C., Kouvelas, I., Hodson, O., Hardman, V.,
              Handley, M., Bolot, J., Vega-Garcia, A., SIP
      communications.  This may imply creating a certificate trust list
      and S. Fosse-
              Parisis, "RTP Payload including the peer's CA for Redundant Audio Data", RFC 2198,
              September 1997.

   [RFC2782]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR each authorized domain.  In the
      case of a federation, This requirement allows for
              specifying the location initiating
      side to verify that the server certificate chains up to a trusted
      root CA.  This also means that SIP servers SHOULD allow the
      configuration of services (DNS SRV)", RFC 2782,
              February 2000.

   [RFC2915]  Mealling, M. and R. Daniel, "The Naming Authority Pointer
              (NAPTR) DNS Resource Record", RFC 2915, September 2000.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [RFC3262]  Rosenberg, J. a certificate trust list in order to allow a VSP/
      ASP to control which peer's CAs are trusted for TLS connections.
      Note that these considerations seem to be around two themes: one
      is trusting a root, the other is trusting intermediate CAs.

      2.  Peers SHOULD indicate whether their domain policies require
      proxy servers to inspect and H. Schulzrinne, "Reliability verify the identity provided in SIP
      requests as defined in [RFC4474].  Federations supporting
      [RFC4474] MUST specify the CA(s) permitted to issue certificates
      of
              Provisional Responses the authentication service.

      3.  SIP and SBE servers involved in Session Initiation Protocol
              (SIP)", RFC 3262, June 2002.

   [RFC3263]  Rosenberg, J. the secure session
      establishment over TLS MUST have valid X.509 certificates and H. Schulzrinne, "Session Initiation MUST
      be able to receive a TLS connection on a well-known port.

      4.  The following TLS/SIP Protocol (SIP): Locating parameters SHOULD be agreed
      upon as part of session peering policies: the version of TLS
      supported by Signaling Border Elements (TLSv1, TLSv1.1), the SIP Servers", RFC 3263,
              June 2002.

   [RFC3264]  Rosenberg, J.
      TLS port (default 5061), the server-side session timeout (default
      300 seconds), the list of supported or recommended ciphersuites,
      and H. Schulzrinne, "An Offer/Answer Model
              with Session Description Protocol (SDP)", RFC 3264,
              June 2002.

   [RFC3311]  Rosenberg, J., "The Session Initiation Protocol (SIP)
              UPDATE Method", RFC 3311, October 2002.

   [RFC3326]  Schulzrinne, H., Oran, D., the list of trusted root CAs.

      5.  SIP and G. Camarillo, "The Reason
              Header Field SBE servers involved in the session establishment over
      TLS MUST verify and validate the client certificates: the client
      certificate MUST contain a DNS or URI choice type in the
      subjectAltName which corresponds to the domain asserted in the
      host portion of the URI contained in the From header.  It is also
      recommended that VSPs/ASPs convey the domain identity in the
      certificates using both a canonical name of the SIP server(s) and
      the SIP URI for the domain as described in section 4 of
      [I-D.gurbani-sip-domain-certs].  On the client side, it is also
      critical for the TLS client to authenticate the server as defined
      in [RFC3261] and in section 9 of [I-D.ietf-sip-certs].

      6.  A session peering policy SHOULD include details on SIP session
      establishment over TLS if TLS is supported.

4.5.3.  Media Security

   Media security for session peering is as important as signaling
   security, especially for SSPs that want to continue to meet commonly
   assumed privacy and confidentiality requirements outside their
   networks.  Media can be secured using secure media transport
   protocols (e.g. secure RTP or sRTP).  The issues of key management
   protocols for sRTP are being raised in IETF and this continues to be
   an area where requirements definition and protocol work is ongoing.
   More consensus is required outside SPEERMINT before best current
   practices can emerge.  See media security requirements for SIP
   sessions ([I-D.ietf-wing-media-security-requirements]) and its
   references for more details.  Some of these scenarios may be
   applicable to interdomain SSP session peering.

5.  Acknowledgments

   This document is a work-in-progress and it is based on the input and
   contributions made by a large number of people in the SPEERMINT
   working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike
   Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard
   Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer,
   Sriram Parameswar, Jason Livingood, Bob Natale, Benny Rodrig, Brian
   Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing.  Specials thanks go
   to Rohan Mahy, Brian Rosen, John Elwell for their initial drafts
   describing guidelines or best current practices in various
   environments, and to Avshalom Houri, Edwin Aoki and Sriram Parameswar
   for authoring the presence and instant messaging requirements.

6.  Security Considerations

   Securing session peering communications involves numerous protocol
   exchanges, first and foremost, the securing of SIP signaling and
   media sessions.  The security considerations contained in [RFC3261],
   and [RFC4474] are applicable to the SIP protocol exchanges.  A number
   of security considerations are also described in Section Section 4.5.

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

7.2.  Informative References

   [I-D.Malas-sip-performance]
              Malas, D., "SIP End-to-End Performance Metrics", May 2007.

   [I-D.draft-elwell-speermint-enterprise-usecases]
              Elwell, J. and B. Rodrig, "Use cases for Enterprise
              Peering using the Session Initiation Protocol",
              draft-elwell-speermint-enterprise-usecases-00.txt (work in
              progress), February 2007.

   [I-D.draft-niccolini-speermint-voipthreats]
              Niccolini, S. and E. Chen, "VoIP Security Threats relevant
              to SPEERMINT", March 2007.

   [I-D.gurbani-sip-domain-certs]
              Gurbani, V., Jeffrey, A., and S. Lawrence, "Domain
              Certificates in the Session Initiation Protocol (SIP)",
              draft-gurbani-sip-domain-certs-05 (work in progress),
              June 2007.

   [I-D.ietf-ice]
              Rosenberg, J., "Interactive Connectivity Establishment
              (ICE): A Protocol for Network Address Translator (NAT)
              Traversal for Offer/Answer Protocols", June 2007.

   [I-D.ietf-sip-certs]
              Jennings, C., Peterson, J., and J. Fischl, "Certificate
              Management Service for The Session Initiation Protocol
              (SIP)", May 2007.

   [I-D.ietf-sip-hitchhikers-guide]
              Rosenberg, J., "A Hitchhikers Guide to the Session
              Initiation Protocol (SIP)", July 2007.

   [I-D.ietf-sipping-session-policy-framework]
              Hilt, V., "A Framework for Session Initiation Protocol
              (SIP) Session Policies",
              draft-ietf-sipping-session-policy-framework-01 (work in
              progress), June 2006.

   [I-D.ietf-speermint-architecture]
              Penno et al., R., "SPEERMINT Peering Architecture",
              April 2007.

   [I-D.ietf-speermint-terminology]
              Meyer, R. and D. Malas, "SPEERMINT Terminology",
              July 2007.

   [I-D.ietf-speermint-voip-consolidated-usecases]
              Uzelac et al., A., "VoIP SIP Peering Use Cases",
              June 2007.

   [I-D.ietf-wing-media-security-requirements]
              Wing, D., Fries, S., and H. Tschofenig, "Requirements for
              a Media Security Key Management Protocol",
              draft-wing-media-security-requirements (work in progress),
              June 2007.

   [I-D.presence-im-requirements]
              Houri, A., Aoki, E., and S. Parameswar, "Presence and IM
              Requirements", May 2007.

   [RFC2198]  Perkins, C., Kouvelas, I., Hodson, O., Hardman, V.,
              Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse-
              Parisis, "RTP Payload for Redundant Audio Data", RFC 2198,
              September 1997.

   [RFC2782]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
              specifying the location of services (DNS SRV)", RFC 2782,
              February 2000.

   [RFC2915]  Mealling, M. and R. Daniel, "The Naming Authority Pointer
              (NAPTR) DNS Resource Record", RFC 2915, September 2000.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [RFC3263]  Rosenberg, J. and H. Schulzrinne, "Session Initiation
              Protocol (SIP): Locating SIP Servers", RFC 3263,
              June 2002.

   [RFC3428]  Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C.,
              and D. Gurle, "Session Initiation Protocol (SIP) Extension
              for Instant Messaging", RFC 3428, December 2002.

   [RFC3455]  Garcia-Martin, M., Henrikson, E., and D. Mills, "Private
              Header (P-Header) Extensions to the Session Initiation
              Protocol (SIP) for the 3rd-Generation Partnership Project
              (3GPP)", RFC 3455, January 2003.

   [RFC3489]  Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy,
              "STUN - Simple Traversal of User Datagram Protocol (UDP)
              Through Network Address Translators (NATs)", RFC 3489,
              March 2003.

   [RFC3546]  Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
              and T. Wright, "Transport Layer Security (TLS)
              Extensions", RFC 3546, June 2003.

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, July 2003.

   [RFC3603]  Marshall, W. and F. Andreasen, "Private Session Initiation
              Protocol (SIP) Proxy-to-Proxy Extensions for Supporting
              the PacketCable Distributed Call Signaling Architecture",
              RFC 3603, October 2003.

   [RFC3611]  Friedman, T., Caceres, R., and A. Clark, "RTP Control
              Protocol Extended Reports (RTCP XR)", RFC 3611,
              November 2003.

   [RFC3702]  Loughney, J. and G. Camarillo, "Authentication,
              Authorization, and Accounting Requirements for the Session
              Initiation Protocol (SIP)", RFC 3702, February 2004.

   [RFC3824]  Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using
              E.164 numbers with the Session Initiation Protocol (SIP)",
              RFC 3824, June 2004.

   [RFC3966]  Schulzrinne, H., "The tel URI for Telephone Numbers",
              RFC 3966, December 2004.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, January 2005.

   [RFC4474]  Peterson, J. and C. Jennings, "Enhancements for
              Authenticated Identity Management in the Session
              Initiation Protocol (SIP)", RFC 4474, August 2006.

   [RFC4566]  Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
              Description Protocol", RFC 4566, July 2006.

Appendix A.  Policy Parameters for Session Peering

   This informative section lists various types of parameters that
   should be first considered by implementers when deciding what
   configuration parameters to expose to system admins or management
   stations, and second, by SSPs or federations of SSPs when discussing
   the technical aspects of a session peering policy.

   Some aspects of session peering policies must be agreed to and
   manually implemented; they are static and are typically documented as
   part of a business contract, technical document or agreement between
   parties.  For some parameters linked to protocol support and
   capabilities, standard ways of expressing those policy parameters may
   be defined among SSP and exchanged dynamically.  For e.g., templates
   could be created in various document formats so that it could be
   possible to dynamically discover some of the domain policy.  Such
   templates could be initiated by implementers (for each software/
   hardware release, a list of supported RFCs, RFC parameters is
   provided in a standard format) and then adapted by each SSP based on
   its service description, server or device configurations and variable
   based on peer relationships.

A.1.  Categories of Parameters and Justifications

   The following list should be considered as an initial list of
   "discussion topics" to be addressed by peers when initiating a VoIP
   peering relationship.

   o  IP Network Connectivity:
      Session peers must define how the IP network connectivity between
      their respective SBEs and SDEs.  While this is out of scope of
      session peering, SSPs must agree on a common mechanism for IP
      transport of session signaling and media.  This may be accomplish
      via private (e.g.  IPVPN, IPsec, etc.) or public IP networks.

   o  Media-related Parameters:

      *  Media Codecs: list of supported media codecs for audio, real-
         time fax (version of T.38, if applicable), real-time text (RFC
         4103), DTMF transport, voice band data communications (as
         applicable) along with the supported or recommended codec
         packetization rates, level of RTP paylod redundancy, audio
         volume levels, etc.

      *  Media Transport: level of support for RTP-RTCP [RFC3550], RTP
         Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) ,
         T.38 transport over RTP, etc.

      *  Other: support of the VoIP metric block as defined in RTP
         Control Protocol Extended Reports [RFC3611] , etc.

   o  SIP:

      *  A session peering policy SHOULD include the list of supported
         and required SIP RFCs, supported and required SIP methods
         (including private p headers if applicable), error response
         codes, supported or recommended format of some header field
         values , etc.

      *  It should also be possible to describe the list of supported
         SIP RFCs by various functional groupings.  A group of SIP RFCs
         may represent how a call feature is implemented (call hold,
         transfer, conferencing, etc.), or it may indicate a functional
         grouping as in [I-D.ietf-sip-hitchhikers-guide].

   o  Presence and Instant Messaging: TBD

   o  Accounting:
      Methods used for call or session accounting SHOULD be specified.
      An SSP may require a peer to track session usage.  It is critical
      for peers to determine whether the support of any SIP extensions
      for accounting is a pre-requisite for SIP interoperability.  In
      some cases, call accounting may feed data for billing purposes but
      not always: some operators may decide to use accounting as a 'bill
      and keep' model to track session usage and monitor usage against
      service level agreements.
      [RFC3702] defines the terminology and basic requirements for
      accounting of SIP sessions.  A few private SIP extensions have
      also been defined and used over the years to enable call
      accounting between SSP domains such as the P-Charging* headers in
      [RFC3455], the P-DCS-Billing-Info header in [RFC3603], etc.

   o  Performance Metrics:
      Layer-5 performance metrics should be defined and shared between
      peers.  The performance metrics apply directly to signaling or
      media; they may be used pro-actively to help avoid congestion,
      call quality issues or call signaling failures, and as part of
      monitoring techniques, they can be used to evaluate the
      performance of peering exchanges.
      Examples of SIP performance metrics include the maximum number of
      SIP transactions per second on per domain basis, Session
      Completion Rate (SCR), Session Establishment Rate (SER), etc.
      Some SIP end-to-end performance metrics are defined in
      [I-D.Malas-sip-performance]; a subset of these may be applicable
      to session peering and interconnects.
      Some media-related metrics for monitoring VoIP calls have been
      defined in the VoIP Metrics Report Block, in Section 4.7 of
      [RFC3611].

   o  Security:
      A SSP SHOULD describe the security requirements that other peers
      must meet in order to terminate calls to its network.  While such
      a list of security-related policy parameters often depends on the
      security models pre-agreed to by peers, it is expected that these
      parameters will be discoverable or signaled in the future to allow
      session peering outside SSP clubs.  The list of security
      parameters may be long and composed of high-level requirements
      (e.g. authentication, privacy, secure transport) and low level
      protocol configuration elements like TLS parameters.
      The following list is not intended to be complete, it provides a
      preliminary list in the form of examples:

      *  Call admission requirements: for some providers, sessions can
         only be admitted if certain criteria are met.  For example, for
         some providers' networks, only incoming SIP sessions signaled
         over established IPSec tunnels or presented to the well-known
         TLS ports are admitted.  Other call admission requirements may
         be related to some performance metrics as descrived above.
         Finally, it is possible that some requiremetns be imposed on
         lower layers, but these are considered out of scope of session
         peering.

      *  Call authorization requirements and validation: the presence of
         a caller or user identity MAY be required by an SSP.  Indeed,
         some SSPs may further authorize an incoming session request by
         validating the caller's identity against white/black lists
         maintained by the service provider or users (traditional caller
         ID screening applications or IM white list).

      *  Privacy requirements: an SSP MAY demand that its SIP messages
         be securely transported by its peers for privacy reasons so
         that the Session Initiation Protocol (SIP)",
              RFC 3326, December 2002.

   [RFC3455]  Garcia-Martin, M., Henrikson, E., calling/called party information be protected.  Media
         sessions may also require privacy and D. Mills, "Private
              Header (P-Header) Extensions to some SSP policies may
         include requirements on the Session Initiation
              Protocol (SIP) use of secure media transport
         protocols such as sRTP, along with some contraints on the
         minimum authentication/encryption options for use in sRTP.

      *  Network-layer security parameters: this covers how IPSec
         security associated may be established, the 3rd-Generation Partnership Project
              (3GPP)", RFC 3455, January 2003.

   [RFC3546]  Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., IPSec key exchange
         mechanisms to be used and T. Wright, "Transport Layer any keying materials, the lifetime of
         timed Security (TLS)
              Extensions", RFC 3546, June 2003.

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol Associated if applicable, etc.

      *  Transport-layer security parameters: this covers how TLS
         connections should be established as described in Section
         Section 4.5.

A.2.  Summary of Parameters for Real-Time
              Applications", STD 64, RFC 3550, July 2003.

   [RFC3603]  Marshall, W. and F. Andreasen, "Private Consideration in Session Initiation
              Protocol (SIP) Proxy-to-Proxy Extensions Peering
      Policies

   The following is a summary of the parameters mentioned in the
   previous section.  They may be part of a session peering policy and
   appear with a level of requirement (mandatory, recommended,
   supported, ...).

   o  IP Network Connectivity (assumed, requirements out of scope of
      this document)

   o  Media session parameters:

      *  Codecs for audio, video, real time text, instant messaging
         media sessions

      *  Modes of communications for Supporting
              the PacketCable Distributed Call Signaling Architecture",
              RFC 3603, October 2003.

   [RFC3611]  Friedman, T., Caceres, R., audio (voice, fax, DTMF), IM (page
         mode, MSRP)

      *  Media transport and A. Clark, "RTP Control
              Protocol Extended Reports (RTCP XR)", RFC 3611,
              November 2003.

   [RFC3702]  Loughney, J. means to establish secure media sessions

      *  List of ingress and G. Camarillo, "Authentication,
              Authorization, egress SDEs where applicable, including
         STUN Relay servers if present

   o  SIP

      *  SIP RFCs, methods and error responses

      *  headers and header values

      *  possibly, list of SIP RFCs supported by groups (e.g. by call
         feature)

   o  Accounting Requirements for the Session
              Initiation Protocol (SIP)", RFC 3702, February 2004.

   [RFC3824]  Peterson, J., Liu, H., Yu, J.,

   o  Capacity Control and B. Campbell, "Using
              E.164 numbers with the Session Initiation Protocol (SIP)",
              RFC 3824, June 2004.

   [RFC3966]  Schulzrinne, H., "The tel URI for Telephone Numbers",
              RFC 3966, December 2004.

   [RFC3986]  Berners-Lee, T., Fielding, R., Performance Management: any limits on, or,
      means to measure and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, January 2005.

   [RFC4474]  Peterson, J. limit the maximum number of active calls to a
      peer or federation, maximum number of sessions and C. Jennings, "Enhancements messages per
      specified unit time, maximum number of active users or subscribers
      per specified unit time, the aggregate media bandwidth per peer or
      for
              Authenticated Identity Management in the Session
              Initiation Protocol (SIP)", RFC 4474, August 2006.

   [RFC4566]  Handley, M., Jacobson, V., federation, specified SIP signaling performance metrics to
      measure and C. Perkins, "SDP: Session
              Description Protocol", RFC 4566, July 2006. report; media-level VoIP metrics if applicable.

   o  Security: Call admission control, call authorization, network and
      transport layer security parameters, media security parameters

Author's Address

   Jean-Francois Mule
   CableLabs
   858 Coal Creek Circle
   Louisville, CO  80027
   USA

   Email: jf.mule@cablelabs.com

Full Copyright Statement

   Copyright (C) The Internet Society (2006). IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society. IETF
   Administrative Support Activity (IASA).