draft-ietf-speermint-requirements-02.txt   draft-ietf-speermint-requirements-03.txt 
SPEERMINT Working Group J-F. Mule SPEERMINT Working Group J-F. Mule
Internet-Draft CableLabs Internet-Draft CableLabs
Intended status: Best Current July 9, 2007 Intended status: Informational November 19, 2007
Practice Expires: May 22, 2008
Expires: January 10, 2008
SPEERMINT Requirements for SIP-based VoIP Interconnection SPEERMINT Requirements for SIP-based VoIP Interconnection
draft-ietf-speermint-requirements-02.txt draft-ietf-speermint-requirements-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 10, 2008. This Internet-Draft will expire on May 22, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This memo defines Best Current Practices for session peering between A number of use cases have been identified for session peering of
SIP Service Providers for voice or other types of multimedia traffic voice and other types of multimedia traffic. This memo captures some
exchanges. In its current state, this document describes high-level of the requirements that enable these use case scenarios. In its
guidelines and general requirements for session peering for current version, this document describes both general and use case
multimedia interconnect . It also defines a minimum set of specific requirements for session peering for multimedia
requirements applicable to session peering for voice over IP, interconnect. It is intended to become an informational document
presence and instant messaging interconnects. It is intended to linking the use cases with potential protocol solutions.
become best current practices based on the use cases discussed in the
SPEERMINT working group.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5
3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Session Peering Points . . . . . . . . . . . . . . . . . . 5 3.2. Session Peering Points . . . . . . . . . . . . . . . . . . 5
3.3. Session Establishment Data (SED) . . . . . . . . . . . . . 6 3.3. Session Establishment Data (SED) . . . . . . . . . . . . . 8
3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 7 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8
3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 7 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9
3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 8 3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 10
4. Signaling and Media Guidelines for Session Peering . . . . . . 10 4. Signaling and Media Guidelines for Session Peering . . . . . . 12
4.1. Protocol Specifications . . . . . . . . . . . . . . . . . 10 4.1. Protocol Specifications . . . . . . . . . . . . . . . . . 12
4.2. Minimum set of SIP-SDP-related requirements . . . . . . . 10 4.2. Minimum set of SIP-SDP-related requirements . . . . . . . 12
4.3. Media-related Requirements . . . . . . . . . . . . . . . . 11 4.3. Media-related Requirements . . . . . . . . . . . . . . . . 12
4.4. Requirements for Presence and Instant Messaging . . . . . 11 4.4. Requirements for Presence and Instant Messaging . . . . . 13
4.5. Security Requirements . . . . . . . . . . . . . . . . . . 13 4.5. Security Requirements . . . . . . . . . . . . . . . . . . 14
4.5.1. Security in today's VoIP networks . . . . . . . . . . 13 4.5.1. Security in today's VoIP networks . . . . . . . . . . 15
4.5.2. Signaling Security and TLS Considerations . . . . . . 13 4.5.2. Signaling Security and TLS Considerations . . . . . . 15
4.5.3. Media Security . . . . . . . . . . . . . . . . . . . . 14 4.5.3. Media Security . . . . . . . . . . . . . . . . . . . . 16
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17
6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19
7.1. Normative References . . . . . . . . . . . . . . . . . . . 18 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
7.2. Informative References . . . . . . . . . . . . . . . . . . 18 8.1. Normative References . . . . . . . . . . . . . . . . . . . 20
Appendix A. Policy Parameters for Session Peering . . . . . . . . 21 8.2. Informative References . . . . . . . . . . . . . . . . . . 20
A.1. Categories of Parameters and Justifications . . . . . . . 21 Appendix A. Policy Parameters for Session Peering . . . . . . . . 24
A.1. Categories of Parameters and Justifications . . . . . . . 24
A.2. Summary of Parameters for Consideration in Session A.2. Summary of Parameters for Consideration in Session
Peering Policies . . . . . . . . . . . . . . . . . . . . . 24 Peering Policies . . . . . . . . . . . . . . . . . . . . . 27
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 28
Intellectual Property and Copyright Statements . . . . . . . . . . 26 Intellectual Property and Copyright Statements . . . . . . . . . . 29
1. Introduction 1. Introduction
Peering at the session level represents an agreement between parties Peering at the session level represents an agreement between parties
to allow the exchange of traffic according to a policy. It is to allow the exchange of traffic according to a policy. It is
assumed that these sessions use the Session Initiation Protocol (SIP) assumed that these sessions use the Session Initiation Protocol (SIP)
protocol to enable peering between two or more actors. The actors of protocol to enable peering between two or more actors. The actors of
SIP session peering are called SIP Service Providers (SSPs) and they SIP session peering are called SIP Service Providers (SSPs) and they
are typically represented by users, user groups such as enterprises are typically represented by users, user groups such as enterprises
or real-time collaboration service communities, or other service or real-time collaboration service communities, or other service
skipping to change at page 3, line 32 skipping to change at page 3, line 32
has been or could be deployed based on the reference architecture has been or could be deployed based on the reference architecture
([I-D.ietf-speermint-voip-consolidated-usecases]) . ([I-D.ietf-speermint-voip-consolidated-usecases]) .
Peering at the session layer can be achieved on a bilateral basis Peering at the session layer can be achieved on a bilateral basis
(direct peering with SIP sessions established directly between two (direct peering with SIP sessions established directly between two
SSPs), or on an indirect basis via an intermediary (indirect peering SSPs), or on an indirect basis via an intermediary (indirect peering
via a third-party SSP that has a trust relationship with the SSPs), via a third-party SSP that has a trust relationship with the SSPs),
or on a multilateral basis (assisted peering using a federation model or on a multilateral basis (assisted peering using a federation model
between SSPs) - see the terminology document for more details. between SSPs) - see the terminology document for more details.
This document describes guidelines and requirements that are intended This document first describes general guidelines that have been
to become Best Current Practices for session peering (direct, derived from the working group discussions in the context of session
indirect or assisted). These requirements are also independent of peering (direct, indirect or assisted). The use cases are then
the type of media exchanged by the parties and should be applicable analyzed in the spirit of extracting relevant protocol requirements
to any type of multimedia session peering such as Voice over IP that must be met to accomplish the use cases. These requirements are
(VoIP), video telephony, and instant messaging. The document also also independent of the type of media exchanged by the parties and
defines a minimum set of specific requirements for VoIP, presence and should be applicable to any type of multimedia session peering such
instant messaging interconnects. as Voice over IP (VoIP), video telephony, and instant messaging. In
the case where some requirements are media-specific, we define them
in a separate section.
It is not the goal of this document to mandate any particular use of It is not the goal of this document to mandate any particular use of
any IETF protocols to establish session peering. However, when any IETF protocols on SIP Service Providers to establish session
protocol mechanisms are used, the document aims at providing peering. Instead, the document highlights what requirements should
guidelines or best current practices on how they should be be met and what protocols may be used to define the solution space.
implemented, configured or configurable in order to facilitate
session peering.
Finally, a list of parameters for the definition of a session peering Finally, we conclude with a list of parameters for the definition of
policy is provided in an informative appendix. It should be a session peering policy, provided in an informative appendix. It
considered as an example of the information a SIP Service Provider should be considered as an example of the information SIP Service
may require in order to connect to another using SIP. Providers may have to discuss or agree on to connect to one another.
2. Terminology 2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are to be interpreted as described in RFC 2119 and "OPTIONAL" are to be interpreted as described in RFC 2119
[RFC2119]. [RFC2119].
This memo makes use of the following terms and acronyms defined in 3. General Requirements
The following sections illustrates general requirements applicable to
multiple session peering use cases for multimedia sessions. This
memo makes use of the following terms and acronyms defined in
[I-D.ietf-speermint-terminology]: SIP Service Provider (SSP), [I-D.ietf-speermint-terminology]: SIP Service Provider (SSP),
Signaling Path Border Element (SBE), Data Path Border Element (DBE), Signaling Path Border Element (SBE), Data Path Border Element (DBE),
Session Establishment Data (SED), Layer 3 and Layer 5 peering, Session Establishment Data (SED), Layer 3 and Layer 5 peering,
session peering, federation, etc. It is assumed that the reader is session peering, federation, etc. It is assumed that the reader is
familiar with the Session Description Protocol (SDP) [RFC4566] and familiar with the Session Description Protocol (SDP) [RFC4566] and
the Session Initiation Protocol (SIP) [RFC3261]. the Session Initiation Protocol (SIP) [RFC3261].
3. General Requirements
The following sections define general guidelines and requirements
applicable to session peering for multimedia sessions.
3.1. Scope 3.1. Scope
SSPs desiring to establish session peering relationships have to SSPs desiring to establish session peering relationships have to
reach an agreement on numerous aspects. reach an agreement on numerous aspects.
This document only addresses best current practice for certain This document only addresses certain aspects of a session peering
aspects of a session peering agreement, including the declaration, agreement, mostly the requirements relevant to protocols, including
advertisement and management of ingress and egress for session the declaration, advertisement and management of ingress and egress
signaling and media, information and conventions related to the for session signaling and media, information and conventions related
Session Establishment Data (SED), the security requirements each peer to the Session Establishment Data (SED), and the security mechanisms
may enforce on its network to accept and secure session exchanges, a peer may use to accept and secure session exchanges.
and, the format and necessary details to determine the minimum set of Numerous other aspects of session peering arrangement are critical to
parameters required to achieve SIP and SDP interoperability. reach a successful agreement but they are considered out of scope of
Several other aspects of session peering are critical to reach a the SPEERMINT working group and not addressed in this document. They
successful agreement but they are considered out of scope of the
SPEERMINT working group and not addressed in this document. They
include aspects such as media (e.g., type of media traffic to be include aspects such as media (e.g., type of media traffic to be
exchanged, compatible media codecs and media transport protocols, exchanged, compatible media codecs and media transport protocols,
mechanisms to ensure differentiated quality of service for media), mechanisms to ensure differentiated quality of service for media),
layer-3 IP connectivity between the Signaling Path and Data Path layer-3 IP connectivity between the Signaling Path and Data Path
Border Elements, traffic capacity control (e.g. maximum number of SIP Border Elements, traffic capacity control (e.g. maximum number of SIP
sessions at each ingress point, maximum number of concurrent IM or sessions at each ingress point, maximum number of concurrent IM or
VoIP sessions), and accounting. The primary focus of this document VoIP sessions), and accounting. The primary focus of this document
is on the requirements applicable to the boundaries of Layer 5 SIP is on the requirements applicable to the boundaries of Layer 5 SIP
networks: SIP UA or end-device requirements are also considered out networks: SIP UA or end-device requirements are also considered out
of scope. of scope.
The informative Appendix A lists parameters that SPPs should consider The informative Appendix A lists parameters that SPPs may consider
when discussing the technical aspects of SIP session peering. when discussing the technical aspects of SIP session peering. The
purpose of this list which has evolved through the working group use
case discussions is to capture the parameters that are considered
outside the scope of the protocol requirements.
3.2. Session Peering Points 3.2. Session Peering Points
For session peering to be scalable and operationally manageable by For session peering to be scalable and operationally manageable by
SSPs, maximum flexibility should be given for how signaling path and SSPs, maximum flexibility should be given for how signaling path and
media path border elements are declared, dynamically advertised and media path border elements are declared, dynamically advertised and
updated. Indeed, in any session peering environment, there is a need updated.
for a SIP Service Provider to declare or dynamically advertise the
SIP and media entities that will face the peer's network.
An SSP SHOULD declare the signaling border elements responsible for Indeed, in any session peering environment, there is a need for a SIP
egress and ingress points so called Signaling Path Border Elements Service Provider to declare or dynamically advertise the SIP entities
(SBEs). If the SSP also provides media streams to its users, an SSP that will face the peer's network. The media path border elements
SHOULD declare the media border elements responsible for egress and are typically signaled dynamically in the session messaging; some
ingress points so called Signaling Path Data Elements (SDEs); if such SSPs may want to statically or dynamically announce these media paths
an SSP relies on STUN servers ([RFC3489]) and STUN Relay extensions to do proper capacity planning, QoS mapping with lower layers, etc.
to permit the traversal of NAT devices, the SSP SHOULD declare those
STUN servers as part of its SDEs. It is RECOMMENDED that SSPs use
DNS and provide one or more domain names to be used with [RFC3263] to
locate SBEs.
An SPP SHOULD also indicate if some restrictions exist on the type of
media traffic the SIP entities acting as SBEs are capable of
establishing. Ingress and egress SBE points MAY be peer-dependent,
and/or media-dependent. An SSP SHOULD be able to accomodate
multiple, media-dependent ingress points from a peer's network. The
mechanisms recommended for the declaration and advertisement of SBE
and SDE entities MUST allow for peer and media variability.
Motivations: The use cases defined
While there could be one single Signaling Path Border Element (SBE) ([I-D.ietf-speermint-voip-consolidated-usecases]) catalog the various
in some SSP networks that communicates with all SIP peer networks, an session peering points between SIP Service Providers; they include
SSP may choose to have one or more SBEs for receiving incoming SIP the Session Managers (SM) or Signaling Path Border Elements (SBEs).
session requests (ingress signaling points), and one or more SBEs for
outgoing SIP session requests (egress signaling points). Ingress and
egress signaling points may be distinct SIP entities and could be
media-dependent. Some providers deploy SIP entities specialized for
voice, real-time collaboration, etc. For example, within an SSP
network, some SBEs may be dedicated for certain types of media
traffic due to specific SIP extensions required for certain media
types (e.g. SIMPLE, the SIP MESSAGE Method for Instant Messaging
[RFC3428] or the Message Sessions Relay Protocol (MSRP)).
An SSP SHOULD communicate how authentication of the peer's SBEs will Requirement #1: protocol mechanisms must exist for SSPs to
occur (see the security requirements for more details). The use of communicate the egress and ingress points of its service domain.
access control lists based on fixed IP addresses or fixed IP sub-nets The session peering points may be advertized to session peers
of the SBEs is NOT RECOMMENDED as it does not scale: it not only using static mechanisms or they may be dynamically advertized.
involves an error-prone manual process to configure access control
lists but it also prevents peers from dynamically making IP network Notes on solution space: there seems to be general agreement that
addressing changes to their SBE egress points without advertising [RFC3263] provides a solution for dynamic advertisements in most
those changes "manually". cases of Direct, Indirect and Assistent peering use cases. There
continues to be discussion on how to best use this to advertize
peer-dependent SBEs (see below).
If the SSP also provides media streams to its users as shown in the
use cases for the SSPs in the "Originating" and "Terminating"
Domains, a mechanism should exist to allow SSPs to advertize their
media border elements responsible for egress and ingress points so
called Signaling Path Data Elements (SDEs). While some SPPs may have
open policies and accept media traffic from anywhere to anywhere
inside their network, some SSPs may want to optimize media delivery
and identifying media paths between peers prior to traffic being
sent.
Requirement #2: protocol mechanisms must exist for SSPs to
communicate the egress and ingress media points or SDEs of its
service domain.
Notes on solution space: SSPs engaged in SIP interconnects do
exchange this information today in a static manner.
Some SPP may impose some restrictions on the type of media traffic
the SIP entities acting as SBEs are capable of establishing. In
order to avoid a failed attempt to establish a session, a mechanism
may be provided to allow SSPs to indicate if some restrictions exist
on the type of media traffic; ingress and egress SBE points may be
peer-dependent, and/or media-dependent.
Requirement #3: the mechanisms recommended for the declaration and
advertisement of SBE and SDE entities must allow for peer and
media variability.
Notes on solution space: for advertising peer-dependent SBEs (peer
variability), the solution space based on is under specified and
there are no know best current practices. For advertising media-
dependent SBEs, solutions exist as long as URIs are protocol-
dependent URIs, and a protocol-dependent URI like a SIP URI can be
mapped to one type of media. First, some URIs like the IM URI are
abstract ([RFC3428]) and need to be translated to protocol
dependent URIs. Second, by using mechamisms available today, it
is not possible to know what media is supported by the SIP SBE
before initiating a query.
Motivations for the media variability:
While there could be one single Signaling Path Border Element
(SBE) in some SSP networks that communicates with all SIP peer
networks, an SSP may choose to have one or more SBEs for receiving
incoming SIP session requests (ingress signaling points), and one
or more SBEs for outgoing SIP session requests (egress signaling
points). Ingress and egress signaling points may be distinct SIP
entities and could be media-dependent. Some providers deploy SIP
entities specialized for voice, real-time collaboration, etc. For
example, within an SSP network, some SBEs may be dedicated for
certain types of media traffic due to specific SIP extensions
required for certain media types (e.g. SIMPLE, the SIP MESSAGE
Method for Instant Messaging [RFC3428] or the Message Sessions
Relay Protocol (MSRP)).
In the use cases provided as part of direct and indirect scenarios,
an SSP may deal with multiple Session Managers and multiple SBEs in
its own domain. There is often a many-to-many relationship between
Session Managers and Signaling path Border Elements. It should be
possible for an SSP to define which egress SBE a Session Manager must
use based on a given peer destination. For example, in the case of
an indirect peering scenario via Transit PSP (Figure 3 of
[I-D.ietf-speermint-voip-consolidated-usecases]), it should be
possible for the O-SM to choose the appropriate O-SBE based on the
information the O-SM receives in the response labeled (3)). Note
that this example also applies to the case of Direct Peering when a
service provider has multiple service areas and each service area
involves multiple Session Managers and a few SBEs. This is also
implied in the Direct Use Case (section 3.1 of
[I-D.ietf-speermint-voip-consolidated-usecases]), by the use of the
route terminology in step 3 "Routing database entity replies with
route to called party" (route in the sense of both target URI and SIP
Route or next hop SIP or SBE entity as defined in [RFC3261]).
Requirement #4: the mechanisms recommended for the location
service must be capable or returning both a target URI destination
and a SIP Route.
Notes on solution space: solutions exist if the protocol used
between the SM and the LS is SIP; if ENUM is used, the author of
this document does not know of any solution today.
It is desirable for an SSP to be able to communicate how
authentication of the peer's SBEs will occur (see the security
requirements for more details).
Requirement #5: the mechanisms recommended for locating a peer's
SBE must be able to convey how a peer should initiate secure
session establishment.
Notes on the solution space: certain mechanisms exist, for e.g.
the required use of SIP over TLS may be discovered via RFC 3263.
3.3. Session Establishment Data (SED) 3.3. Session Establishment Data (SED)
The Session Establishment Data (SED) is defined as the data used to The Session Establishment Data (SED) is defined as the data used to
route a call or SIP session to the called domain's ingress point route a call or SIP session to the called domain's ingress point
([I-D.ietf-speermint-terminology]). Given that SED is the set of ([I-D.ietf-speermint-terminology]). Given that SED is the set of
parameters that the outgoing SBEs need to complete the session parameters that the Session Managers and outgoing SBEs need to
establishment, some information must be shared between SSPs on complete the session establishment, some information is shared
special requirements or conventions required for a successful session between SSPs. The following paragraphs capture some general
establishment. The following paragraphs capture the recommended best requirements on the SED data.
practices for the SED data.
3.3.1. User Identities and SIP URIs 3.3.1. User Identities and SIP URIs
User identities used between peers can be represented in many User identities used between peers can be represented in many
different formats. Session Establishment Data SHOULD rely on URIs different formats. Session Establishment Data should rely on URIs
(Uniform Resource Identifiers, RFC 3986 [RFC3986]) and SIP URIs (Uniform Resource Identifiers, RFC 3986 [RFC3986]) and SIP URIs
SHOULD be preferred over tel URIs (RFC 3966 [RFC3966]). should be preferred over tel URIs (RFC 3966 [RFC3966]) for session
The use of DNS domain names and hostnames is RECOMMENDED in SIP URIs peering of VoIP traffic.
and they MUST be resolvable on the public Internet. It is The use of DNS domain names and hostnames is recommended in SIP URIs
RECOMMENDED that the host part of SIP URIs contain a fully-qualified and they should be resolvable on the public Internet. It is
recommended that the host part of SIP URIs contain a fully-qualified
domain name instead of a numeric IPv4 or IPv6 address. As for the domain name instead of a numeric IPv4 or IPv6 address. As for the
user part of the SIP URIs, an SSP SHOULD NOT need to be aware of user part of the SIP URIs, the mechanisms for session peering should
which individual user identities are valid within a peer's domain. not require an SSP to be aware of which individual user identities
are valid within its peer's domain.
Although SED data may be based on E.164-based SIP URIs for voice Requirement #6: the protocols used for session peering must
interconnects, a generic peering methodology should not rely on such accomodate the use of different types of URIs. URIs with the same
E.164 numbers. As described in domain-part should share the same set of peering policies, thus
[I-D.draft-elwell-speermint-enterprise-usecases], in some use cases the domain of the SIP URI may be used as the primary key to any
for enterprise to enterprise peering (even if a transit SSP is information regarding the reachability of that SIP URI.
involved), it should be possible to use user identity URIs that do
not map to E.164 numbers, e.g. for presence, instant messaging and Requirement #7: the mechanisms for session peering should not
even for voice. require a peer to be aware of which individual user identities are
valid within its peer's domain.
Notes on the solution space for #6 and #7: generally well
understood in IETF. When telephone numbers are in tel URIs, SIP
requests cannot be routed in accordance with the traditional DNS
resolution procedures standardized for SIP as indicated in RFC
3824 [RFC3824]. This means that the solutions built for session
peering must not solely use PSTN identifiers such as Service
Provider IDs (SPIDs) or Trunk Group IDs (these should not be
precluded but solutions should not be limited to these).
Motivations: Motivations:
When SSP support voice, telephone numbers commonly appear in the Although SED data may be based on E.164-based SIP URIs for voice
username portion of a SIP URI. When telephone numbers are in tel interconnects, a generic peering methodology should not rely on
URIs, SIP requests cannot be routed in accordance with the such E.164 numbers. As described in
traditional DNS resolution procedures standardized for SIP as [I-D.draft-elwell-speermint-enterprise-usecases], in some use
indicated in RFC 3824 [RFC3824]. The recommendations defined in cases for enterprise to enterprise peering (even if a transit SSP
[RFC3824] SHOULD be followed by implementers when using E.164 numbers is involved), it should be possible to use user identity URIs that
with SIP. Furthermore, it is commonly assumed that all SIP URIs with do not map to E.164 numbers, e.g. for presence, instant messaging
the same domain-part share the same set of peering policies, thus the and even for voice.
domain of the SIP URI may be used as the primary key to any
information regarding the reachability of that SIP URI.
3.3.2. URI Reachability 3.3.2. URI Reachability
Based on a well-known URI type (for e.g. sip, pres, or im URIs), it Based on a well-known URI type (for e.g. sip, pres, or im URIs), it
MUST be possible to determine whether the SSP domain servicing the must be possible to determine whether the SSP domain servicing the
URI allows for session peering, and if it does, it SHOULD be possible URI allows for session peering, and if it does, it should be possible
to locate and retrieve the domain's policy and SBE entities. to locate and retrieve the domain's policy and SBE entities.
For example, an originating service provider must be able to For example, an originating service provider must be able to
determine whether a SIP URI is open for direct interconnection determine whether a SIP URI is open for direct interconnection
without requiring an SBE to initiate a SIP request. Furthermore, without requiring an SBE to initiate a SIP request. Furthermore,
since each call setup implies the execution of any proposed since each call setup implies the execution of any proposed
algorithm, the establishment of a SIP session via peering should algorithm, the establishment of a SIP session via peering should
incur minimal overhead and delay, and employ caching wherever incur minimal overhead and delay, and employ caching wherever
possible to avoid extra protocol round trips. possible to avoid extra protocol round trips.
The use of DNS domain names and hostnames is RECOMMENDED in SIP URIs Requirement #8: the mechanisms for session peering must allow an
and they MUST be resolvable on the public Internet. The DNS SBE to locate its peer SBE given a SSP hostname or domain name.
procedures specified in [RFC3263] SHOULD be followed to resolve a SIP
URI into a reachable host (IP address and port), and transport
protocol. Note that RFC 3263 relies on DNS SRV [RFC2782] and NAPTR
Resource Records [RFC2915].
Motivations: Notes on the solution space: generally well understood in IETF.
This requirement is important as unsuccessful call attempts are Open questions exist in how dynamic should the mechanism be to be
highly undesirable since they can introduce high delays due to able to retrieve the domain's policy for secure signaling between
timeouts and can act as an unintended denial of service attack (e.g., SBEs, peer-dependent/media-dependent policies.
by repeated TLS handshakes). There should be a high probability of
successful call completion for policy-conforming peers.
3.4. Other Considerations 3.4. Other Considerations
The considerations listed below were gathered early on in the The considerations listed below were gathered early on in the
SPEERMINT working group as part of discussions to define the scope of SPEERMINT working group as part of discussions to define the scope of
the working group. They are left here but have been re-written the working group.
without requirements verbs for the most part.
o Session peering should be independent of lower layers. o It is assumed that session peering is independent of lower layers.
The mechanisms used to establish session peering should The mechanisms used to establish session peering should
accommodate diverse supporting lower layers. It should not matter accommodate diverse supporting lower layers. It should not matter
whether lower layers rely on the public Internet or are whether lower layers rely on the public Internet or are
implemented by private L3 connectivity, using firewalls or L2/L3 implemented by private L3 connectivity, using firewalls or L2/L3
Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer
Security (TLS) connections [RFC3546]... Security (TLS) connections [RFC3546]...
o Session Peering Policies and Extensibility: o Session Peering Policies and Extensibility:
Mechanisms developed for session peering should be flexible and Mechanisms developed for session peering should be flexible and
extensible to cover existing and future session peering models. extensible to cover existing and future session peering models.
skipping to change at page 8, line 48 skipping to change at page 10, line 33
configuration choices in a distributed system like DNS rather than configuration choices in a distributed system like DNS rather than
in a centralized system like a 'peering registry'. in a centralized system like a 'peering registry'.
In the context of session peering, a policy is defined as the set In the context of session peering, a policy is defined as the set
of parameters and other information needed by an SPP to connect to of parameters and other information needed by an SPP to connect to
another. Some of the session policy parameters may be statically another. Some of the session policy parameters may be statically
exchanged and set throughout the lifetime of the peering exchanged and set throughout the lifetime of the peering
relationship. Others parameters may be discovered and updated relationship. Others parameters may be discovered and updated
dynamically using by some explicit protocol mechanisms. These dynamically using by some explicit protocol mechanisms. These
dynamic parameters may also relate to an SSP's session-dependent dynamic parameters may also relate to an SSP's session-dependent
or session independent policies as defined in or session independent policies as defined in
[I-D.ietf-sipping-session-policy-framework]. [I-D.ietf-sipping-session-policy].
o Administrative and Technical Policies: o Administrative and Technical Policies:
Various types of policy information may need to be discovered or Various types of policy information may need to be discovered or
exchanged in order to establish session peering. At a minimum, a exchanged in order to establish session peering. At a minimum, a
policy should specify information related to session establishment policy should specify information related to session establishment
data in order to avoid session establishment failures. A policy data in order to avoid session establishment failures. A policy
may also include information related to QoS, billing and may also include information related to QoS, billing and
accounting, layer-3 related interconnect requirements which are accounting, layer-3 related interconnect requirements which are
out of the scope of this document, see examples in Section out of the scope of this document, see examples in Section
Appendix A. Appendix A.
skipping to change at page 10, line 7 skipping to change at page 12, line 7
(contractual, legal, commercial, or business decisions) and (contractual, legal, commercial, or business decisions) and
technical (certain QoS parameters, TLS keys, domain keys, ...). technical (certain QoS parameters, TLS keys, domain keys, ...).
The objectives are to provide a baseline framework to define, The objectives are to provide a baseline framework to define,
publish and optionally retrieve policy information so that a publish and optionally retrieve policy information so that a
session establishment does not need to be attempted to know that session establishment does not need to be attempted to know that
imcompatible policy parameters will cause the session to fail imcompatible policy parameters will cause the session to fail
(this was originally referred to as "no blocked calls"). (this was originally referred to as "no blocked calls").
4. Signaling and Media Guidelines for Session Peering 4. Signaling and Media Guidelines for Session Peering
This section provides some guidelines for maximizing SIP-based This section provides some guidelines for SIP-based interconnections.
interconnections between SSPs. It should be considered as the This section should be partially or entirely removed from the next
minimal set of requirements to be implemented to perform SIP revision of this document given the intent of this memo.
interconnects for presence, IM, or VoIP.
4.1. Protocol Specifications 4.1. Protocol Specifications
A detailed list of SIP and SDP RFCs the session peers' SBEs must While it is generally agreed that this is out of the scope of
conform to must be provided by SSPs. It is NOT RECOMMENDED to rely speermint, a detailed list of SIP and SDP RFCs the session peers'
on Internet-Drafts for commercial SIP interconnects, but if SBEs must conform to should be provided by SSPs. It is not
applicable, a list of supported or required IETF Internet-Drafts recommended to rely on Internet-Drafts for commercial SIP
SHOULD be provided. Such specifications SHOULD include protocol interconnects, but if applicable, a list of supported or required
implementation compliance statements, indicate the minimal extensions IETF Internet-Drafts should be provided. Such specifications should
that MUST be supported, and the full details on what options and include protocol implementation compliance statements, indicate the
protocol features MUST be supported, MUST NOT be supported or MAY be minimal extensions that must be supported, and the full details on
supported. This specification SHOULD include a high-level what options and protocol features must be supported, must not be
description of the services that are expected to be supported by the supported or may be supported. This specification should include a
peering relationship and it MAY include sample message flows. high-level description of the services that are expected to be
supported by the peering relationship and it may include sample
message flows.
4.2. Minimum set of SIP-SDP-related requirements 4.2. Minimum set of SIP-SDP-related requirements
The main objective of SIP interconnects being the establishment of The main objective of SIP interconnects being the establishment of
successful SIP calls between peer SSPs, this section provides some successful SIP calls between peer SSPs, this section provides some
guidelines for the minimum set of SIP specifications that SHOULD be guidelines for the minimum set of SIP specifications that should be
supported by SBEs. supported by SBEs.
The Core SIP Specifications as defined in [RFC3261] and The Core SIP Specifications as defined in [RFC3261] and
[I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling Path [I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling Path
Border Elements (SBEs) and any other SIP implementations involved in Border Elements (SBEs) and any other SIP implementations involved in
session peering. The specifications contained in the Core SIP group session peering. The specifications contained in the Core SIP group
provide the fundamental and basic mechanisms required to enable SIP provide the fundamental and basic mechanisms required to enable SIP
interconnects. The Hitchkiker's guide include specific sections for interconnects. The Hitchkiker's guide include specific sections for
voice, instant message and presence. voice, instant message and presence.
Furthermore, SBE implementers MUST follow the recommendations Furthermore, SBE implementers must follow the recommendations
contained in RFC 3261 regarding the use of the Supported and Require contained in RFC 3261 regarding the use of the Supported and Require
headers. Signaling Path Border Elements SHOULD include the supported headers. Signaling Path Border Elements should include the supported
SIP extensions in the Supported header and the use of the Require SIP extensions in the Supported header and the use of the Require
header must be configurable on a per SSP target domain basis in order header must be configurable on a per SSP target domain basis in order
to match a network peer's policy and to maximize interoperability. to match a network peer's policy and to maximize interoperability.
In the cases of indirect or assisted peering, it is also important
that an adequate level of SIP message transparency is available. In
particular, the intermediary SBE MUST NOT modify or remove
information in the SIP or SDP parameters beyond what is required for
the purpose of call routing. In particular, intermediary SBE SHOULD
NOT:
o Remove SIP header lines, SIP header fields and SIP message bodies
that are intended for the destination SBE, or the called SIP UA
irrespective of whether or not those header lines or parameters
are understood by the intermediary SBE;
o Modify header fields and bodies in a way that may break any
integrity protection.
4.3. Media-related Requirements 4.3. Media-related Requirements
SSPs engaged in session peering SHOULD support of compatible codecs. Compatible codecs must be support by SSPs engaged in session peering.
An SSP domain policy SHOULD specify media-related parameters that An SSP domain policy should specify media-related parameters that
their user's SIP entities support or that the SSP authorizes in its their user's SIP entities support or that the SSP authorizes in its
domain's policy. Direct media exchange between the SSPs' user domain's policy. Direct media exchange between the SSPs' user
devices is preferred and media transcoding SHOULD be avoided by devices is preferred and media transcoding should be avoided by
proposing commonly agreed codecs. SSPs SHOULD discuss mechanisms proposing commonly agreed codecs. Mechanisms employed for IPv4-IPv6
employed for IPv4-IPv6 translation of media, as well as solutions translation of media should also be agreed upon, as well as solutions
used for NAT traversal such as ICE [I-D.ietf-ice] and STUN used for NAT traversal such as ICE [I-D.ietf-ice] and STUN
([RFC3489]). ([RFC3489]).
Motivations: The media capabilities of an SSP's network are either a Motivations: The media capabilities of an SSP's network are either a
property of the SIP end-devices, SIP applications, or, a combination property of the SIP end-devices, SIP applications, or, a combination
of the property of end-devices and Data Path Border Elements that may of the property of end-devices and Data Path Border Elements that may
provide media transcoding. provide media transcoding.
The choice of one or more common media codecs for SIP sessions The choice of one or more common media codecs for SIP sessions
between SSPs is outside the scope of SPEERMINT. A list of media- between SSPs is outside the scope of SPEERMINT. A list of media-
skipping to change at page 13, line 47 skipping to change at page 15, line 37
4.5.2. Signaling Security and TLS Considerations 4.5.2. Signaling Security and TLS Considerations
The Transport Layer Security (TLS) is a standard way to secure The Transport Layer Security (TLS) is a standard way to secure
signaling between SIP entities. TLS can be used in direct peering to signaling between SIP entities. TLS can be used in direct peering to
mutually authenticate SSPs and provide message confidentiality and mutually authenticate SSPs and provide message confidentiality and
integrity protection. The remaining paragraphs explore how TLS could integrity protection. The remaining paragraphs explore how TLS could
be deployed and used between 2 SSPs to secure SIP exchanges. The be deployed and used between 2 SSPs to secure SIP exchanges. The
intent is to capture what two SSPs should discuss and agree on in intent is to capture what two SSPs should discuss and agree on in
order to establish TLS connections for SIP session peering. order to establish TLS connections for SIP session peering.
1. SSPs SHOULD agree on one or more Certificate Authorities (CAs) 1. SSPs should agree on one or more Certificate Authorities (CAs)
to trust for securing session peering exchanges. to trust for securing session peering exchanges.
Motivations: Motivations:
An SSP should have control over which root CAs it trusts for SIP An SSP should have control over which root CAs it trusts for SIP
communications. This may imply creating a certificate trust list communications. This may imply creating a certificate trust list
and including the peer's CA for each authorized domain. In the and including the peer's CA for each authorized domain. In the
case of a federation, This requirement allows for the initiating case of a federation, This requirement allows for the initiating
side to verify that the server certificate chains up to a trusted side to verify that the server certificate chains up to a trusted
root CA. This also means that SIP servers SHOULD allow the root CA. This also means that SIP servers should allow the
configuration of a certificate trust list in order to allow a VSP/ configuration of a certificate trust list in order to allow a VSP/
ASP to control which peer's CAs are trusted for TLS connections. ASP to control which peer's CAs are trusted for TLS connections.
Note that these considerations seem to be around two themes: one Note that these considerations seem to be around two themes: one
is trusting a root, the other is trusting intermediate CAs. is trusting a root, the other is trusting intermediate CAs.
2. Peers SHOULD indicate whether their domain policies require 2. Peers should indicate whether their domain policies require
proxy servers to inspect and verify the identity provided in SIP proxy servers to inspect and verify the identity provided in SIP
requests as defined in [RFC4474]. Federations supporting requests as defined in [RFC4474]. Federations supporting
[RFC4474] MUST specify the CA(s) permitted to issue certificates [RFC4474] must specify the CA(s) permitted to issue certificates
of the authentication service. of the authentication service.
3. SIP and SBE servers involved in the secure session 3. SIP and SBE servers involved in the secure session
establishment over TLS MUST have valid X.509 certificates and MUST establishment over TLS must have valid X.509 certificates and must
be able to receive a TLS connection on a well-known port. be able to receive a TLS connection on a well-known port.
4. The following TLS/SIP Protocol parameters SHOULD be agreed 4. The following SIP and TLS protocol parameters should be agreed
upon as part of session peering policies: the version of TLS upon as part of session peering policies: the version of TLS
supported by Signaling Border Elements (TLSv1, TLSv1.1), the SIP supported by Signaling Border Elements (TLSv1, TLSv1.1), the SIP
TLS port (default 5061), the server-side session timeout (default TLS port (default 5061), the server-side session timeout (default
300 seconds), the list of supported or recommended ciphersuites, 300 seconds), the list of supported or recommended ciphersuites,
and the list of trusted root CAs. and the list of trusted root CAs.
5. SIP and SBE servers involved in the session establishment over 5. SIP and SBE servers involved in the session establishment over
TLS MUST verify and validate the client certificates: the client TLS must verify and validate the client certificates: the client
certificate MUST contain a DNS or URI choice type in the certificate must contain a DNS or URI choice type in the
subjectAltName which corresponds to the domain asserted in the subjectAltName which corresponds to the domain asserted in the
host portion of the URI contained in the From header. It is also host portion of the URI contained in the From header. It is also
recommended that VSPs/ASPs convey the domain identity in the recommended that VSPs/ASPs convey the domain identity in the
certificates using both a canonical name of the SIP server(s) and certificates using both a canonical name of the SIP server(s) and
the SIP URI for the domain as described in section 4 of the SIP URI for the domain as described in section 4 of
[I-D.gurbani-sip-domain-certs]. On the client side, it is also [I-D.gurbani-sip-domain-certs]. On the client side, it is also
critical for the TLS client to authenticate the server as defined critical for the TLS client to authenticate the server as defined
in [RFC3261] and in section 9 of [I-D.ietf-sip-certs]. in [RFC3261] and in section 9 of [I-D.ietf-sip-certs].
6. A session peering policy SHOULD include details on SIP session 6. A session peering policy should include details on SIP session
establishment over TLS if TLS is supported. establishment over TLS if TLS is supported.
4.5.3. Media Security 4.5.3. Media Security
Media security for session peering is as important as signaling Media security for session peering is as important as signaling
security, especially for SSPs that want to continue to meet commonly security, especially for SSPs that want to continue to meet commonly
assumed privacy and confidentiality requirements outside their assumed privacy and confidentiality requirements outside their
networks. Media can be secured using secure media transport networks. Media can be secured using secure media transport
protocols (e.g. secure RTP or sRTP). The issues of key management protocols (e.g. secure RTP or sRTP). The issues of key management
protocols for sRTP are being raised in IETF and this continues to be protocols for sRTP are being raised in IETF and this continues to be
skipping to change at page 16, line 12 skipping to change at page 17, line 12
references for more details. Some of these scenarios may be references for more details. Some of these scenarios may be
applicable to interdomain SSP session peering. applicable to interdomain SSP session peering.
5. Acknowledgments 5. Acknowledgments
This document is a work-in-progress and it is based on the input and This document is a work-in-progress and it is based on the input and
contributions made by a large number of people in the SPEERMINT contributions made by a large number of people in the SPEERMINT
working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike
Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard
Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer, Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer,
Sriram Parameswar, Jason Livingood, Bob Natale, Benny Rodrig, Brian Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny
Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing. Specials thanks go Rodrig, Brian Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing.
to Rohan Mahy, Brian Rosen, John Elwell for their initial drafts Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their
describing guidelines or best current practices in various initial drafts describing guidelines or best current practices in
environments, and to Avshalom Houri, Edwin Aoki and Sriram Parameswar various environments, and to Avshalom Houri, Edwin Aoki and Sriram
for authoring the presence and instant messaging requirements. Parameswar for authoring the presence and instant messaging
requirements.
6. Security Considerations 6. IANA Considerations
None.
7. Security Considerations
Securing session peering communications involves numerous protocol Securing session peering communications involves numerous protocol
exchanges, first and foremost, the securing of SIP signaling and exchanges, first and foremost, the securing of SIP signaling and
media sessions. The security considerations contained in [RFC3261], media sessions. The security considerations contained in [RFC3261],
and [RFC4474] are applicable to the SIP protocol exchanges. A number and [RFC4474] are applicable to the SIP protocol exchanges. A number
of security considerations are also described in Section Section 4.5. of security considerations are also described in Section Section 4.5.
7. References 8. References
7.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
7.2. Informative References 8.2. Informative References
[I-D.Malas-sip-performance] [I-D.Malas-sip-performance]
Malas, D., "SIP End-to-End Performance Metrics", May 2007. Malas, D., "SIP End-to-End Performance Metrics", May 2007.
[I-D.draft-elwell-speermint-enterprise-usecases] [I-D.draft-elwell-speermint-enterprise-usecases]
Elwell, J. and B. Rodrig, "Use cases for Enterprise Elwell, J. and B. Rodrig, "Use cases for Enterprise
Peering using the Session Initiation Protocol", Peering using the Session Initiation Protocol",
draft-elwell-speermint-enterprise-usecases-00.txt (work in draft-elwell-speermint-enterprise-usecases-00.txt (work in
progress), February 2007. progress), February 2007.
[I-D.draft-niccolini-speermint-voipthreats] [I-D.draft-niccolini-speermint-voipthreats]
Niccolini, S. and E. Chen, "VoIP Security Threats relevant Niccolini, S. and E. Chen, "VoIP Security Threats relevant
to SPEERMINT", March 2007. to SPEERMINT", March 2007.
[I-D.gurbani-sip-domain-certs] [I-D.gurbani-sip-domain-certs]
Gurbani, V., Jeffrey, A., and S. Lawrence, "Domain Gurbani, V., Jeffrey, A., and S. Lawrence, "Domain
Certificates in the Session Initiation Protocol (SIP)", Certificates in the Session Initiation Protocol (SIP)",
draft-gurbani-sip-domain-certs-05 (work in progress), draft-gurbani-sip-domain-certs-06 (work in progress),
June 2007. June 2007.
[I-D.ietf-ice] [I-D.ietf-ice]
Rosenberg, J., "Interactive Connectivity Establishment Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", June 2007. Traversal for Offer/Answer Protocols", June 2007.
[I-D.ietf-sip-certs] [I-D.ietf-sip-certs]
Jennings, C., Peterson, J., and J. Fischl, "Certificate Jennings, C., Peterson, J., and J. Fischl, "Certificate
Management Service for The Session Initiation Protocol Management Service for The Session Initiation Protocol
(SIP)", May 2007. (SIP)", May 2007.
[I-D.ietf-sip-hitchhikers-guide] [I-D.ietf-sip-hitchhikers-guide]
Rosenberg, J., "A Hitchhikers Guide to the Session Rosenberg, J., "A Hitchhikers Guide to the Session
Initiation Protocol (SIP)", July 2007. Initiation Protocol (SIP)", July 2007.
[I-D.ietf-sipping-session-policy-framework] [I-D.ietf-sipping-session-policy]
Hilt, V., "A Framework for Session Initiation Protocol Hilt, V. and G. Camarillo, "A Session Initiation Protocol
(SIP) Session Policies", (SIP) Event Package for Session-Specific Session
draft-ietf-sipping-session-policy-framework-01 (work in Policies", draft-ietf-sipping-policy-package-04.txt (work
progress), June 2006. in progress), August 2007.
[I-D.ietf-speermint-architecture] [I-D.ietf-speermint-architecture]
Penno et al., R., "SPEERMINT Peering Architecture", Penno et al., R., "SPEERMINT Peering Architecture",
April 2007. draft-ietf-speermint-architecture-03.txt (work in
progress), April 2007.
[I-D.ietf-speermint-terminology] [I-D.ietf-speermint-terminology]
Meyer, R. and D. Malas, "SPEERMINT Terminology", Meyer, R. and D. Malas, "SPEERMINT Terminology",
July 2007. draft-ietf-speermint-terminology-13.txt (work in
progress), November 2007.
[I-D.ietf-speermint-voip-consolidated-usecases] [I-D.ietf-speermint-voip-consolidated-usecases]
Uzelac et al., A., "VoIP SIP Peering Use Cases", Uzelac et al., A., "VoIP SIP Peering Use Cases",
June 2007. draft-ietf-speermint-voip-consolidated-usecases-03.txt
(work in progress), July 2007.
[I-D.ietf-wing-media-security-requirements] [I-D.ietf-wing-media-security-requirements]
Wing, D., Fries, S., and H. Tschofenig, "Requirements for Wing, D., Fries, S., and H. Tschofenig, "Requirements for
a Media Security Key Management Protocol", a Media Security Key Management Protocol",
draft-wing-media-security-requirements (work in progress), draft-wing-media-security-requirements (work in progress),
June 2007. June 2007.
[I-D.presence-im-requirements] [I-D.presence-im-requirements]
Houri, A., Aoki, E., and S. Parameswar, "Presence and IM Houri, A., Aoki, E., and S. Parameswar, "Presence and IM
Requirements", May 2007. Requirements", May 2007.
skipping to change at page 21, line 34 skipping to change at page 24, line 34
its service description, server or device configurations and variable its service description, server or device configurations and variable
based on peer relationships. based on peer relationships.
A.1. Categories of Parameters and Justifications A.1. Categories of Parameters and Justifications
The following list should be considered as an initial list of The following list should be considered as an initial list of
"discussion topics" to be addressed by peers when initiating a VoIP "discussion topics" to be addressed by peers when initiating a VoIP
peering relationship. peering relationship.
o IP Network Connectivity: o IP Network Connectivity:
Session peers must define how the IP network connectivity between Session peers should define how the IP network connectivity
their respective SBEs and SDEs. While this is out of scope of between their respective SBEs and SDEs. While this is out of
session peering, SSPs must agree on a common mechanism for IP scope of session peering, SSPs must agree on a common mechanism
transport of session signaling and media. This may be accomplish for IP transport of session signaling and media. This may be
via private (e.g. IPVPN, IPsec, etc.) or public IP networks. accomplish via private (e.g. IPVPN, IPsec, etc.) or public IP
networks.
o Media-related Parameters: o Media-related Parameters:
* Media Codecs: list of supported media codecs for audio, real- * Media Codecs: list of supported media codecs for audio, real-
time fax (version of T.38, if applicable), real-time text (RFC time fax (version of T.38, if applicable), real-time text (RFC
4103), DTMF transport, voice band data communications (as 4103), DTMF transport, voice band data communications (as
applicable) along with the supported or recommended codec applicable) along with the supported or recommended codec
packetization rates, level of RTP paylod redundancy, audio packetization rates, level of RTP paylod redundancy, audio
volume levels, etc. volume levels, etc.
* Media Transport: level of support for RTP-RTCP [RFC3550], RTP * Media Transport: level of support for RTP-RTCP [RFC3550], RTP
Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) , Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) ,
T.38 transport over RTP, etc. T.38 transport over RTP, etc.
* Other: support of the VoIP metric block as defined in RTP * Other: support of the VoIP metric block as defined in RTP
Control Protocol Extended Reports [RFC3611] , etc. Control Protocol Extended Reports [RFC3611] , etc.
o SIP: o SIP:
* A session peering policy SHOULD include the list of supported * A session peering policy should include the list of supported
and required SIP RFCs, supported and required SIP methods and required SIP RFCs, supported and required SIP methods
(including private p headers if applicable), error response (including private p headers if applicable), error response
codes, supported or recommended format of some header field codes, supported or recommended format of some header field
values , etc. values , etc.
* It should also be possible to describe the list of supported * It should also be possible to describe the list of supported
SIP RFCs by various functional groupings. A group of SIP RFCs SIP RFCs by various functional groupings. A group of SIP RFCs
may represent how a call feature is implemented (call hold, may represent how a call feature is implemented (call hold,
transfer, conferencing, etc.), or it may indicate a functional transfer, conferencing, etc.), or it may indicate a functional
grouping as in [I-D.ietf-sip-hitchhikers-guide]. grouping as in [I-D.ietf-sip-hitchhikers-guide].
o Presence and Instant Messaging: TBD o Presence and Instant Messaging: TBD
o Accounting: o Accounting:
Methods used for call or session accounting SHOULD be specified. Methods used for call or session accounting should be specified.
An SSP may require a peer to track session usage. It is critical An SSP may require a peer to track session usage. It is critical
for peers to determine whether the support of any SIP extensions for peers to determine whether the support of any SIP extensions
for accounting is a pre-requisite for SIP interoperability. In for accounting is a pre-requisite for SIP interoperability. In
some cases, call accounting may feed data for billing purposes but some cases, call accounting may feed data for billing purposes but
not always: some operators may decide to use accounting as a 'bill not always: some operators may decide to use accounting as a 'bill
and keep' model to track session usage and monitor usage against and keep' model to track session usage and monitor usage against
service level agreements. service level agreements.
[RFC3702] defines the terminology and basic requirements for [RFC3702] defines the terminology and basic requirements for
accounting of SIP sessions. A few private SIP extensions have accounting of SIP sessions. A few private SIP extensions have
also been defined and used over the years to enable call also been defined and used over the years to enable call
skipping to change at page 23, line 8 skipping to change at page 26, line 8
SIP transactions per second on per domain basis, Session SIP transactions per second on per domain basis, Session
Completion Rate (SCR), Session Establishment Rate (SER), etc. Completion Rate (SCR), Session Establishment Rate (SER), etc.
Some SIP end-to-end performance metrics are defined in Some SIP end-to-end performance metrics are defined in
[I-D.Malas-sip-performance]; a subset of these may be applicable [I-D.Malas-sip-performance]; a subset of these may be applicable
to session peering and interconnects. to session peering and interconnects.
Some media-related metrics for monitoring VoIP calls have been Some media-related metrics for monitoring VoIP calls have been
defined in the VoIP Metrics Report Block, in Section 4.7 of defined in the VoIP Metrics Report Block, in Section 4.7 of
[RFC3611]. [RFC3611].
o Security: o Security:
A SSP SHOULD describe the security requirements that other peers An SSP should describe the security requirements that other peers
must meet in order to terminate calls to its network. While such must meet in order to terminate calls to its network. While such
a list of security-related policy parameters often depends on the a list of security-related policy parameters often depends on the
security models pre-agreed to by peers, it is expected that these security models pre-agreed to by peers, it is expected that these
parameters will be discoverable or signaled in the future to allow parameters will be discoverable or signaled in the future to allow
session peering outside SSP clubs. The list of security session peering outside SSP clubs. The list of security
parameters may be long and composed of high-level requirements parameters may be long and composed of high-level requirements
(e.g. authentication, privacy, secure transport) and low level (e.g. authentication, privacy, secure transport) and low level
protocol configuration elements like TLS parameters. protocol configuration elements like TLS parameters.
The following list is not intended to be complete, it provides a The following list is not intended to be complete, it provides a
preliminary list in the form of examples: preliminary list in the form of examples:
skipping to change at page 23, line 31 skipping to change at page 26, line 31
only be admitted if certain criteria are met. For example, for only be admitted if certain criteria are met. For example, for
some providers' networks, only incoming SIP sessions signaled some providers' networks, only incoming SIP sessions signaled
over established IPSec tunnels or presented to the well-known over established IPSec tunnels or presented to the well-known
TLS ports are admitted. Other call admission requirements may TLS ports are admitted. Other call admission requirements may
be related to some performance metrics as descrived above. be related to some performance metrics as descrived above.
Finally, it is possible that some requiremetns be imposed on Finally, it is possible that some requiremetns be imposed on
lower layers, but these are considered out of scope of session lower layers, but these are considered out of scope of session
peering. peering.
* Call authorization requirements and validation: the presence of * Call authorization requirements and validation: the presence of
a caller or user identity MAY be required by an SSP. Indeed, a caller or user identity may be required by an SSP. Indeed,
some SSPs may further authorize an incoming session request by some SSPs may further authorize an incoming session request by
validating the caller's identity against white/black lists validating the caller's identity against white/black lists
maintained by the service provider or users (traditional caller maintained by the service provider or users (traditional caller
ID screening applications or IM white list). ID screening applications or IM white list).
* Privacy requirements: an SSP MAY demand that its SIP messages * Privacy requirements: an SSP may demand that its SIP messages
be securely transported by its peers for privacy reasons so be securely transported by its peers for privacy reasons so
that the calling/called party information be protected. Media that the calling/called party information be protected. Media
sessions may also require privacy and some SSP policies may sessions may also require privacy and some SSP policies may
include requirements on the use of secure media transport include requirements on the use of secure media transport
protocols such as sRTP, along with some contraints on the protocols such as sRTP, along with some contraints on the
minimum authentication/encryption options for use in sRTP. minimum authentication/encryption options for use in sRTP.
* Network-layer security parameters: this covers how IPSec * Network-layer security parameters: this covers how IPSec
security associated may be established, the IPSec key exchange security associated may be established, the IPSec key exchange
mechanisms to be used and any keying materials, the lifetime of mechanisms to be used and any keying materials, the lifetime of
 End of changes. 61 change blocks. 
238 lines changed or deleted 305 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/