--- 1/draft-ietf-speermint-requirements-02.txt 2007-11-19 16:18:24.000000000 +0100 +++ 2/draft-ietf-speermint-requirements-03.txt 2007-11-19 16:18:24.000000000 +0100 @@ -1,19 +1,18 @@ SPEERMINT Working Group J-F. Mule Internet-Draft CableLabs -Intended status: Best Current July 9, 2007 -Practice -Expires: January 10, 2008 +Intended status: Informational November 19, 2007 +Expires: May 22, 2008 SPEERMINT Requirements for SIP-based VoIP Interconnection - draft-ietf-speermint-requirements-02.txt + draft-ietf-speermint-requirements-03.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -24,69 +23,68 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on January 10, 2008. + This Internet-Draft will expire on May 22, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract - This memo defines Best Current Practices for session peering between - SIP Service Providers for voice or other types of multimedia traffic - exchanges. In its current state, this document describes high-level - guidelines and general requirements for session peering for - multimedia interconnect . It also defines a minimum set of - requirements applicable to session peering for voice over IP, - presence and instant messaging interconnects. It is intended to - become best current practices based on the use cases discussed in the - SPEERMINT working group. + A number of use cases have been identified for session peering of + voice and other types of multimedia traffic. This memo captures some + of the requirements that enable these use case scenarios. In its + current version, this document describes both general and use case + specific requirements for session peering for multimedia + interconnect. It is intended to become an informational document + linking the use cases with potential protocol solutions. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Session Peering Points . . . . . . . . . . . . . . . . . . 5 - 3.3. Session Establishment Data (SED) . . . . . . . . . . . . . 6 - 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 7 - 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 7 - 3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 8 - 4. Signaling and Media Guidelines for Session Peering . . . . . . 10 - 4.1. Protocol Specifications . . . . . . . . . . . . . . . . . 10 - 4.2. Minimum set of SIP-SDP-related requirements . . . . . . . 10 - 4.3. Media-related Requirements . . . . . . . . . . . . . . . . 11 - 4.4. Requirements for Presence and Instant Messaging . . . . . 11 - 4.5. Security Requirements . . . . . . . . . . . . . . . . . . 13 - 4.5.1. Security in today's VoIP networks . . . . . . . . . . 13 - 4.5.2. Signaling Security and TLS Considerations . . . . . . 13 - 4.5.3. Media Security . . . . . . . . . . . . . . . . . . . . 14 - 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 - 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 - 7.1. Normative References . . . . . . . . . . . . . . . . . . . 18 - 7.2. Informative References . . . . . . . . . . . . . . . . . . 18 - Appendix A. Policy Parameters for Session Peering . . . . . . . . 21 - A.1. Categories of Parameters and Justifications . . . . . . . 21 + 3.3. Session Establishment Data (SED) . . . . . . . . . . . . . 8 + 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8 + 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9 + 3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 10 + 4. Signaling and Media Guidelines for Session Peering . . . . . . 12 + 4.1. Protocol Specifications . . . . . . . . . . . . . . . . . 12 + 4.2. Minimum set of SIP-SDP-related requirements . . . . . . . 12 + 4.3. Media-related Requirements . . . . . . . . . . . . . . . . 12 + 4.4. Requirements for Presence and Instant Messaging . . . . . 13 + 4.5. Security Requirements . . . . . . . . . . . . . . . . . . 14 + 4.5.1. Security in today's VoIP networks . . . . . . . . . . 15 + 4.5.2. Signaling Security and TLS Considerations . . . . . . 15 + 4.5.3. Media Security . . . . . . . . . . . . . . . . . . . . 16 + 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 20 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 20 + Appendix A. Policy Parameters for Session Peering . . . . . . . . 24 + A.1. Categories of Parameters and Justifications . . . . . . . 24 A.2. Summary of Parameters for Consideration in Session - Peering Policies . . . . . . . . . . . . . . . . . . . . . 24 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25 - Intellectual Property and Copyright Statements . . . . . . . . . . 26 + Peering Policies . . . . . . . . . . . . . . . . . . . . . 27 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 28 + Intellectual Property and Copyright Statements . . . . . . . . . . 29 1. Introduction Peering at the session level represents an agreement between parties to allow the exchange of traffic according to a policy. It is assumed that these sessions use the Session Initiation Protocol (SIP) protocol to enable peering between two or more actors. The actors of SIP session peering are called SIP Service Providers (SSPs) and they are typically represented by users, user groups such as enterprises or real-time collaboration service communities, or other service @@ -101,220 +99,294 @@ has been or could be deployed based on the reference architecture ([I-D.ietf-speermint-voip-consolidated-usecases]) . Peering at the session layer can be achieved on a bilateral basis (direct peering with SIP sessions established directly between two SSPs), or on an indirect basis via an intermediary (indirect peering via a third-party SSP that has a trust relationship with the SSPs), or on a multilateral basis (assisted peering using a federation model between SSPs) - see the terminology document for more details. - This document describes guidelines and requirements that are intended - to become Best Current Practices for session peering (direct, - indirect or assisted). These requirements are also independent of - the type of media exchanged by the parties and should be applicable - to any type of multimedia session peering such as Voice over IP - (VoIP), video telephony, and instant messaging. The document also - defines a minimum set of specific requirements for VoIP, presence and - instant messaging interconnects. + This document first describes general guidelines that have been + derived from the working group discussions in the context of session + peering (direct, indirect or assisted). The use cases are then + analyzed in the spirit of extracting relevant protocol requirements + that must be met to accomplish the use cases. These requirements are + also independent of the type of media exchanged by the parties and + should be applicable to any type of multimedia session peering such + as Voice over IP (VoIP), video telephony, and instant messaging. In + the case where some requirements are media-specific, we define them + in a separate section. It is not the goal of this document to mandate any particular use of - any IETF protocols to establish session peering. However, when - protocol mechanisms are used, the document aims at providing - guidelines or best current practices on how they should be - implemented, configured or configurable in order to facilitate - session peering. + any IETF protocols on SIP Service Providers to establish session + peering. Instead, the document highlights what requirements should + be met and what protocols may be used to define the solution space. - Finally, a list of parameters for the definition of a session peering - policy is provided in an informative appendix. It should be - considered as an example of the information a SIP Service Provider - may require in order to connect to another using SIP. + Finally, we conclude with a list of parameters for the definition of + a session peering policy, provided in an informative appendix. It + should be considered as an example of the information SIP Service + Providers may have to discuss or agree on to connect to one another. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 [RFC2119]. - This memo makes use of the following terms and acronyms defined in +3. General Requirements + + The following sections illustrates general requirements applicable to + multiple session peering use cases for multimedia sessions. This + memo makes use of the following terms and acronyms defined in [I-D.ietf-speermint-terminology]: SIP Service Provider (SSP), Signaling Path Border Element (SBE), Data Path Border Element (DBE), Session Establishment Data (SED), Layer 3 and Layer 5 peering, session peering, federation, etc. It is assumed that the reader is familiar with the Session Description Protocol (SDP) [RFC4566] and the Session Initiation Protocol (SIP) [RFC3261]. -3. General Requirements - - The following sections define general guidelines and requirements - applicable to session peering for multimedia sessions. - 3.1. Scope SSPs desiring to establish session peering relationships have to reach an agreement on numerous aspects. - This document only addresses best current practice for certain - aspects of a session peering agreement, including the declaration, - advertisement and management of ingress and egress for session - signaling and media, information and conventions related to the - Session Establishment Data (SED), the security requirements each peer - may enforce on its network to accept and secure session exchanges, - and, the format and necessary details to determine the minimum set of - parameters required to achieve SIP and SDP interoperability. - Several other aspects of session peering are critical to reach a - successful agreement but they are considered out of scope of the - SPEERMINT working group and not addressed in this document. They + This document only addresses certain aspects of a session peering + agreement, mostly the requirements relevant to protocols, including + the declaration, advertisement and management of ingress and egress + for session signaling and media, information and conventions related + to the Session Establishment Data (SED), and the security mechanisms + a peer may use to accept and secure session exchanges. + Numerous other aspects of session peering arrangement are critical to + reach a successful agreement but they are considered out of scope of + the SPEERMINT working group and not addressed in this document. They include aspects such as media (e.g., type of media traffic to be exchanged, compatible media codecs and media transport protocols, mechanisms to ensure differentiated quality of service for media), layer-3 IP connectivity between the Signaling Path and Data Path Border Elements, traffic capacity control (e.g. maximum number of SIP sessions at each ingress point, maximum number of concurrent IM or VoIP sessions), and accounting. The primary focus of this document is on the requirements applicable to the boundaries of Layer 5 SIP networks: SIP UA or end-device requirements are also considered out of scope. - The informative Appendix A lists parameters that SPPs should consider - when discussing the technical aspects of SIP session peering. + The informative Appendix A lists parameters that SPPs may consider + when discussing the technical aspects of SIP session peering. The + purpose of this list which has evolved through the working group use + case discussions is to capture the parameters that are considered + outside the scope of the protocol requirements. 3.2. Session Peering Points For session peering to be scalable and operationally manageable by SSPs, maximum flexibility should be given for how signaling path and media path border elements are declared, dynamically advertised and - updated. Indeed, in any session peering environment, there is a need - for a SIP Service Provider to declare or dynamically advertise the - SIP and media entities that will face the peer's network. + updated. - An SSP SHOULD declare the signaling border elements responsible for - egress and ingress points so called Signaling Path Border Elements - (SBEs). If the SSP also provides media streams to its users, an SSP - SHOULD declare the media border elements responsible for egress and - ingress points so called Signaling Path Data Elements (SDEs); if such - an SSP relies on STUN servers ([RFC3489]) and STUN Relay extensions - to permit the traversal of NAT devices, the SSP SHOULD declare those - STUN servers as part of its SDEs. It is RECOMMENDED that SSPs use - DNS and provide one or more domain names to be used with [RFC3263] to - locate SBEs. - An SPP SHOULD also indicate if some restrictions exist on the type of - media traffic the SIP entities acting as SBEs are capable of - establishing. Ingress and egress SBE points MAY be peer-dependent, - and/or media-dependent. An SSP SHOULD be able to accomodate - multiple, media-dependent ingress points from a peer's network. The - mechanisms recommended for the declaration and advertisement of SBE - and SDE entities MUST allow for peer and media variability. + Indeed, in any session peering environment, there is a need for a SIP + Service Provider to declare or dynamically advertise the SIP entities + that will face the peer's network. The media path border elements + are typically signaled dynamically in the session messaging; some + SSPs may want to statically or dynamically announce these media paths + to do proper capacity planning, QoS mapping with lower layers, etc. - Motivations: - While there could be one single Signaling Path Border Element (SBE) - in some SSP networks that communicates with all SIP peer networks, an - SSP may choose to have one or more SBEs for receiving incoming SIP - session requests (ingress signaling points), and one or more SBEs for - outgoing SIP session requests (egress signaling points). Ingress and - egress signaling points may be distinct SIP entities and could be - media-dependent. Some providers deploy SIP entities specialized for - voice, real-time collaboration, etc. For example, within an SSP - network, some SBEs may be dedicated for certain types of media - traffic due to specific SIP extensions required for certain media - types (e.g. SIMPLE, the SIP MESSAGE Method for Instant Messaging - [RFC3428] or the Message Sessions Relay Protocol (MSRP)). + The use cases defined + ([I-D.ietf-speermint-voip-consolidated-usecases]) catalog the various + session peering points between SIP Service Providers; they include + the Session Managers (SM) or Signaling Path Border Elements (SBEs). - An SSP SHOULD communicate how authentication of the peer's SBEs will - occur (see the security requirements for more details). The use of - access control lists based on fixed IP addresses or fixed IP sub-nets - of the SBEs is NOT RECOMMENDED as it does not scale: it not only - involves an error-prone manual process to configure access control - lists but it also prevents peers from dynamically making IP network - addressing changes to their SBE egress points without advertising - those changes "manually". + Requirement #1: protocol mechanisms must exist for SSPs to + communicate the egress and ingress points of its service domain. + The session peering points may be advertized to session peers + using static mechanisms or they may be dynamically advertized. + + Notes on solution space: there seems to be general agreement that + [RFC3263] provides a solution for dynamic advertisements in most + cases of Direct, Indirect and Assistent peering use cases. There + continues to be discussion on how to best use this to advertize + peer-dependent SBEs (see below). + + If the SSP also provides media streams to its users as shown in the + use cases for the SSPs in the "Originating" and "Terminating" + Domains, a mechanism should exist to allow SSPs to advertize their + media border elements responsible for egress and ingress points so + called Signaling Path Data Elements (SDEs). While some SPPs may have + open policies and accept media traffic from anywhere to anywhere + inside their network, some SSPs may want to optimize media delivery + and identifying media paths between peers prior to traffic being + sent. + + Requirement #2: protocol mechanisms must exist for SSPs to + communicate the egress and ingress media points or SDEs of its + service domain. + + Notes on solution space: SSPs engaged in SIP interconnects do + exchange this information today in a static manner. + + Some SPP may impose some restrictions on the type of media traffic + the SIP entities acting as SBEs are capable of establishing. In + order to avoid a failed attempt to establish a session, a mechanism + may be provided to allow SSPs to indicate if some restrictions exist + on the type of media traffic; ingress and egress SBE points may be + peer-dependent, and/or media-dependent. + + Requirement #3: the mechanisms recommended for the declaration and + advertisement of SBE and SDE entities must allow for peer and + media variability. + + Notes on solution space: for advertising peer-dependent SBEs (peer + variability), the solution space based on is under specified and + there are no know best current practices. For advertising media- + dependent SBEs, solutions exist as long as URIs are protocol- + dependent URIs, and a protocol-dependent URI like a SIP URI can be + mapped to one type of media. First, some URIs like the IM URI are + abstract ([RFC3428]) and need to be translated to protocol + dependent URIs. Second, by using mechamisms available today, it + is not possible to know what media is supported by the SIP SBE + before initiating a query. + + Motivations for the media variability: + While there could be one single Signaling Path Border Element + (SBE) in some SSP networks that communicates with all SIP peer + networks, an SSP may choose to have one or more SBEs for receiving + incoming SIP session requests (ingress signaling points), and one + or more SBEs for outgoing SIP session requests (egress signaling + points). Ingress and egress signaling points may be distinct SIP + entities and could be media-dependent. Some providers deploy SIP + entities specialized for voice, real-time collaboration, etc. For + example, within an SSP network, some SBEs may be dedicated for + certain types of media traffic due to specific SIP extensions + required for certain media types (e.g. SIMPLE, the SIP MESSAGE + Method for Instant Messaging [RFC3428] or the Message Sessions + Relay Protocol (MSRP)). + + In the use cases provided as part of direct and indirect scenarios, + an SSP may deal with multiple Session Managers and multiple SBEs in + its own domain. There is often a many-to-many relationship between + Session Managers and Signaling path Border Elements. It should be + possible for an SSP to define which egress SBE a Session Manager must + use based on a given peer destination. For example, in the case of + an indirect peering scenario via Transit PSP (Figure 3 of + [I-D.ietf-speermint-voip-consolidated-usecases]), it should be + possible for the O-SM to choose the appropriate O-SBE based on the + information the O-SM receives in the response labeled (3)). Note + that this example also applies to the case of Direct Peering when a + service provider has multiple service areas and each service area + involves multiple Session Managers and a few SBEs. This is also + implied in the Direct Use Case (section 3.1 of + [I-D.ietf-speermint-voip-consolidated-usecases]), by the use of the + route terminology in step 3 "Routing database entity replies with + route to called party" (route in the sense of both target URI and SIP + Route or next hop SIP or SBE entity as defined in [RFC3261]). + + Requirement #4: the mechanisms recommended for the location + service must be capable or returning both a target URI destination + and a SIP Route. + + Notes on solution space: solutions exist if the protocol used + between the SM and the LS is SIP; if ENUM is used, the author of + this document does not know of any solution today. + + It is desirable for an SSP to be able to communicate how + authentication of the peer's SBEs will occur (see the security + requirements for more details). + + Requirement #5: the mechanisms recommended for locating a peer's + SBE must be able to convey how a peer should initiate secure + session establishment. + + Notes on the solution space: certain mechanisms exist, for e.g. + the required use of SIP over TLS may be discovered via RFC 3263. 3.3. Session Establishment Data (SED) The Session Establishment Data (SED) is defined as the data used to route a call or SIP session to the called domain's ingress point ([I-D.ietf-speermint-terminology]). Given that SED is the set of - parameters that the outgoing SBEs need to complete the session - establishment, some information must be shared between SSPs on - special requirements or conventions required for a successful session - establishment. The following paragraphs capture the recommended best - practices for the SED data. + parameters that the Session Managers and outgoing SBEs need to + complete the session establishment, some information is shared + between SSPs. The following paragraphs capture some general + requirements on the SED data. 3.3.1. User Identities and SIP URIs User identities used between peers can be represented in many - different formats. Session Establishment Data SHOULD rely on URIs + different formats. Session Establishment Data should rely on URIs (Uniform Resource Identifiers, RFC 3986 [RFC3986]) and SIP URIs - SHOULD be preferred over tel URIs (RFC 3966 [RFC3966]). - The use of DNS domain names and hostnames is RECOMMENDED in SIP URIs - and they MUST be resolvable on the public Internet. It is - RECOMMENDED that the host part of SIP URIs contain a fully-qualified + should be preferred over tel URIs (RFC 3966 [RFC3966]) for session + peering of VoIP traffic. + The use of DNS domain names and hostnames is recommended in SIP URIs + and they should be resolvable on the public Internet. It is + recommended that the host part of SIP URIs contain a fully-qualified domain name instead of a numeric IPv4 or IPv6 address. As for the - user part of the SIP URIs, an SSP SHOULD NOT need to be aware of - which individual user identities are valid within a peer's domain. + user part of the SIP URIs, the mechanisms for session peering should + not require an SSP to be aware of which individual user identities + are valid within its peer's domain. - Although SED data may be based on E.164-based SIP URIs for voice - interconnects, a generic peering methodology should not rely on such - E.164 numbers. As described in - [I-D.draft-elwell-speermint-enterprise-usecases], in some use cases - for enterprise to enterprise peering (even if a transit SSP is - involved), it should be possible to use user identity URIs that do - not map to E.164 numbers, e.g. for presence, instant messaging and - even for voice. + Requirement #6: the protocols used for session peering must + accomodate the use of different types of URIs. URIs with the same + domain-part should share the same set of peering policies, thus + the domain of the SIP URI may be used as the primary key to any + information regarding the reachability of that SIP URI. + + Requirement #7: the mechanisms for session peering should not + require a peer to be aware of which individual user identities are + valid within its peer's domain. + + Notes on the solution space for #6 and #7: generally well + understood in IETF. When telephone numbers are in tel URIs, SIP + requests cannot be routed in accordance with the traditional DNS + resolution procedures standardized for SIP as indicated in RFC + 3824 [RFC3824]. This means that the solutions built for session + peering must not solely use PSTN identifiers such as Service + Provider IDs (SPIDs) or Trunk Group IDs (these should not be + precluded but solutions should not be limited to these). Motivations: - When SSP support voice, telephone numbers commonly appear in the - username portion of a SIP URI. When telephone numbers are in tel - URIs, SIP requests cannot be routed in accordance with the - traditional DNS resolution procedures standardized for SIP as - indicated in RFC 3824 [RFC3824]. The recommendations defined in - [RFC3824] SHOULD be followed by implementers when using E.164 numbers - with SIP. Furthermore, it is commonly assumed that all SIP URIs with - the same domain-part share the same set of peering policies, thus the - domain of the SIP URI may be used as the primary key to any - information regarding the reachability of that SIP URI. + Although SED data may be based on E.164-based SIP URIs for voice + interconnects, a generic peering methodology should not rely on + such E.164 numbers. As described in + [I-D.draft-elwell-speermint-enterprise-usecases], in some use + cases for enterprise to enterprise peering (even if a transit SSP + is involved), it should be possible to use user identity URIs that + do not map to E.164 numbers, e.g. for presence, instant messaging + and even for voice. 3.3.2. URI Reachability Based on a well-known URI type (for e.g. sip, pres, or im URIs), it - MUST be possible to determine whether the SSP domain servicing the - URI allows for session peering, and if it does, it SHOULD be possible + must be possible to determine whether the SSP domain servicing the + URI allows for session peering, and if it does, it should be possible to locate and retrieve the domain's policy and SBE entities. For example, an originating service provider must be able to determine whether a SIP URI is open for direct interconnection without requiring an SBE to initiate a SIP request. Furthermore, since each call setup implies the execution of any proposed algorithm, the establishment of a SIP session via peering should incur minimal overhead and delay, and employ caching wherever possible to avoid extra protocol round trips. - The use of DNS domain names and hostnames is RECOMMENDED in SIP URIs - and they MUST be resolvable on the public Internet. The DNS - procedures specified in [RFC3263] SHOULD be followed to resolve a SIP - URI into a reachable host (IP address and port), and transport - protocol. Note that RFC 3263 relies on DNS SRV [RFC2782] and NAPTR - Resource Records [RFC2915]. + Requirement #8: the mechanisms for session peering must allow an + SBE to locate its peer SBE given a SSP hostname or domain name. - Motivations: - This requirement is important as unsuccessful call attempts are - highly undesirable since they can introduce high delays due to - timeouts and can act as an unintended denial of service attack (e.g., - by repeated TLS handshakes). There should be a high probability of - successful call completion for policy-conforming peers. + Notes on the solution space: generally well understood in IETF. + Open questions exist in how dynamic should the mechanism be to be + able to retrieve the domain's policy for secure signaling between + SBEs, peer-dependent/media-dependent policies. 3.4. Other Considerations The considerations listed below were gathered early on in the SPEERMINT working group as part of discussions to define the scope of - the working group. They are left here but have been re-written - without requirements verbs for the most part. + the working group. - o Session peering should be independent of lower layers. + o It is assumed that session peering is independent of lower layers. The mechanisms used to establish session peering should accommodate diverse supporting lower layers. It should not matter whether lower layers rely on the public Internet or are implemented by private L3 connectivity, using firewalls or L2/L3 Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer Security (TLS) connections [RFC3546]... o Session Peering Policies and Extensibility: Mechanisms developed for session peering should be flexible and extensible to cover existing and future session peering models. @@ -322,21 +394,21 @@ configuration choices in a distributed system like DNS rather than in a centralized system like a 'peering registry'. In the context of session peering, a policy is defined as the set of parameters and other information needed by an SPP to connect to another. Some of the session policy parameters may be statically exchanged and set throughout the lifetime of the peering relationship. Others parameters may be discovered and updated dynamically using by some explicit protocol mechanisms. These dynamic parameters may also relate to an SSP's session-dependent or session independent policies as defined in - [I-D.ietf-sipping-session-policy-framework]. + [I-D.ietf-sipping-session-policy]. o Administrative and Technical Policies: Various types of policy information may need to be discovered or exchanged in order to establish session peering. At a minimum, a policy should specify information related to session establishment data in order to avoid session establishment failures. A policy may also include information related to QoS, billing and accounting, layer-3 related interconnect requirements which are out of the scope of this document, see examples in Section Appendix A. @@ -347,85 +419,71 @@ (contractual, legal, commercial, or business decisions) and technical (certain QoS parameters, TLS keys, domain keys, ...). The objectives are to provide a baseline framework to define, publish and optionally retrieve policy information so that a session establishment does not need to be attempted to know that imcompatible policy parameters will cause the session to fail (this was originally referred to as "no blocked calls"). 4. Signaling and Media Guidelines for Session Peering - This section provides some guidelines for maximizing SIP-based - interconnections between SSPs. It should be considered as the - minimal set of requirements to be implemented to perform SIP - interconnects for presence, IM, or VoIP. + This section provides some guidelines for SIP-based interconnections. + This section should be partially or entirely removed from the next + revision of this document given the intent of this memo. 4.1. Protocol Specifications - A detailed list of SIP and SDP RFCs the session peers' SBEs must - conform to must be provided by SSPs. It is NOT RECOMMENDED to rely - on Internet-Drafts for commercial SIP interconnects, but if - applicable, a list of supported or required IETF Internet-Drafts - SHOULD be provided. Such specifications SHOULD include protocol - implementation compliance statements, indicate the minimal extensions - that MUST be supported, and the full details on what options and - protocol features MUST be supported, MUST NOT be supported or MAY be - supported. This specification SHOULD include a high-level - description of the services that are expected to be supported by the - peering relationship and it MAY include sample message flows. + While it is generally agreed that this is out of the scope of + speermint, a detailed list of SIP and SDP RFCs the session peers' + SBEs must conform to should be provided by SSPs. It is not + recommended to rely on Internet-Drafts for commercial SIP + interconnects, but if applicable, a list of supported or required + IETF Internet-Drafts should be provided. Such specifications should + include protocol implementation compliance statements, indicate the + minimal extensions that must be supported, and the full details on + what options and protocol features must be supported, must not be + supported or may be supported. This specification should include a + high-level description of the services that are expected to be + supported by the peering relationship and it may include sample + message flows. 4.2. Minimum set of SIP-SDP-related requirements The main objective of SIP interconnects being the establishment of successful SIP calls between peer SSPs, this section provides some - guidelines for the minimum set of SIP specifications that SHOULD be + guidelines for the minimum set of SIP specifications that should be supported by SBEs. The Core SIP Specifications as defined in [RFC3261] and [I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling Path Border Elements (SBEs) and any other SIP implementations involved in session peering. The specifications contained in the Core SIP group provide the fundamental and basic mechanisms required to enable SIP interconnects. The Hitchkiker's guide include specific sections for voice, instant message and presence. - Furthermore, SBE implementers MUST follow the recommendations + Furthermore, SBE implementers must follow the recommendations contained in RFC 3261 regarding the use of the Supported and Require - headers. Signaling Path Border Elements SHOULD include the supported + headers. Signaling Path Border Elements should include the supported SIP extensions in the Supported header and the use of the Require header must be configurable on a per SSP target domain basis in order to match a network peer's policy and to maximize interoperability. - In the cases of indirect or assisted peering, it is also important - that an adequate level of SIP message transparency is available. In - particular, the intermediary SBE MUST NOT modify or remove - information in the SIP or SDP parameters beyond what is required for - the purpose of call routing. In particular, intermediary SBE SHOULD - NOT: - - o Remove SIP header lines, SIP header fields and SIP message bodies - that are intended for the destination SBE, or the called SIP UA - irrespective of whether or not those header lines or parameters - are understood by the intermediary SBE; - - o Modify header fields and bodies in a way that may break any - integrity protection. - 4.3. Media-related Requirements - SSPs engaged in session peering SHOULD support of compatible codecs. - An SSP domain policy SHOULD specify media-related parameters that + Compatible codecs must be support by SSPs engaged in session peering. + An SSP domain policy should specify media-related parameters that their user's SIP entities support or that the SSP authorizes in its domain's policy. Direct media exchange between the SSPs' user - devices is preferred and media transcoding SHOULD be avoided by - proposing commonly agreed codecs. SSPs SHOULD discuss mechanisms - employed for IPv4-IPv6 translation of media, as well as solutions + devices is preferred and media transcoding should be avoided by + proposing commonly agreed codecs. Mechanisms employed for IPv4-IPv6 + translation of media should also be agreed upon, as well as solutions used for NAT traversal such as ICE [I-D.ietf-ice] and STUN ([RFC3489]). Motivations: The media capabilities of an SSP's network are either a property of the SIP end-devices, SIP applications, or, a combination of the property of end-devices and Data Path Border Elements that may provide media transcoding. The choice of one or more common media codecs for SIP sessions between SSPs is outside the scope of SPEERMINT. A list of media- @@ -532,64 +590,64 @@ 4.5.2. Signaling Security and TLS Considerations The Transport Layer Security (TLS) is a standard way to secure signaling between SIP entities. TLS can be used in direct peering to mutually authenticate SSPs and provide message confidentiality and integrity protection. The remaining paragraphs explore how TLS could be deployed and used between 2 SSPs to secure SIP exchanges. The intent is to capture what two SSPs should discuss and agree on in order to establish TLS connections for SIP session peering. - 1. SSPs SHOULD agree on one or more Certificate Authorities (CAs) + 1. SSPs should agree on one or more Certificate Authorities (CAs) to trust for securing session peering exchanges. Motivations: An SSP should have control over which root CAs it trusts for SIP communications. This may imply creating a certificate trust list and including the peer's CA for each authorized domain. In the case of a federation, This requirement allows for the initiating side to verify that the server certificate chains up to a trusted - root CA. This also means that SIP servers SHOULD allow the + root CA. This also means that SIP servers should allow the configuration of a certificate trust list in order to allow a VSP/ ASP to control which peer's CAs are trusted for TLS connections. Note that these considerations seem to be around two themes: one is trusting a root, the other is trusting intermediate CAs. - 2. Peers SHOULD indicate whether their domain policies require + 2. Peers should indicate whether their domain policies require proxy servers to inspect and verify the identity provided in SIP requests as defined in [RFC4474]. Federations supporting - [RFC4474] MUST specify the CA(s) permitted to issue certificates + [RFC4474] must specify the CA(s) permitted to issue certificates of the authentication service. 3. SIP and SBE servers involved in the secure session - establishment over TLS MUST have valid X.509 certificates and MUST + establishment over TLS must have valid X.509 certificates and must be able to receive a TLS connection on a well-known port. - 4. The following TLS/SIP Protocol parameters SHOULD be agreed + 4. The following SIP and TLS protocol parameters should be agreed upon as part of session peering policies: the version of TLS supported by Signaling Border Elements (TLSv1, TLSv1.1), the SIP TLS port (default 5061), the server-side session timeout (default 300 seconds), the list of supported or recommended ciphersuites, and the list of trusted root CAs. 5. SIP and SBE servers involved in the session establishment over - TLS MUST verify and validate the client certificates: the client - certificate MUST contain a DNS or URI choice type in the + TLS must verify and validate the client certificates: the client + certificate must contain a DNS or URI choice type in the subjectAltName which corresponds to the domain asserted in the host portion of the URI contained in the From header. It is also recommended that VSPs/ASPs convey the domain identity in the certificates using both a canonical name of the SIP server(s) and the SIP URI for the domain as described in section 4 of [I-D.gurbani-sip-domain-certs]. On the client side, it is also critical for the TLS client to authenticate the server as defined in [RFC3261] and in section 9 of [I-D.ietf-sip-certs]. - 6. A session peering policy SHOULD include details on SIP session + 6. A session peering policy should include details on SIP session establishment over TLS if TLS is supported. 4.5.3. Media Security Media security for session peering is as important as signaling security, especially for SSPs that want to continue to meet commonly assumed privacy and confidentiality requirements outside their networks. Media can be secured using secure media transport protocols (e.g. secure RTP or sRTP). The issues of key management protocols for sRTP are being raised in IETF and this continues to be @@ -600,94 +658,102 @@ references for more details. Some of these scenarios may be applicable to interdomain SSP session peering. 5. Acknowledgments This document is a work-in-progress and it is based on the input and contributions made by a large number of people in the SPEERMINT working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer, - Sriram Parameswar, Jason Livingood, Bob Natale, Benny Rodrig, Brian - Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing. Specials thanks go - to Rohan Mahy, Brian Rosen, John Elwell for their initial drafts - describing guidelines or best current practices in various - environments, and to Avshalom Houri, Edwin Aoki and Sriram Parameswar - for authoring the presence and instant messaging requirements. + Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny + Rodrig, Brian Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing. + Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their + initial drafts describing guidelines or best current practices in + various environments, and to Avshalom Houri, Edwin Aoki and Sriram + Parameswar for authoring the presence and instant messaging + requirements. -6. Security Considerations +6. IANA Considerations + + None. + +7. Security Considerations Securing session peering communications involves numerous protocol exchanges, first and foremost, the securing of SIP signaling and media sessions. The security considerations contained in [RFC3261], and [RFC4474] are applicable to the SIP protocol exchanges. A number of security considerations are also described in Section Section 4.5. -7. References +8. References -7.1. Normative References +8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. -7.2. Informative References +8.2. Informative References [I-D.Malas-sip-performance] Malas, D., "SIP End-to-End Performance Metrics", May 2007. [I-D.draft-elwell-speermint-enterprise-usecases] Elwell, J. and B. Rodrig, "Use cases for Enterprise Peering using the Session Initiation Protocol", draft-elwell-speermint-enterprise-usecases-00.txt (work in progress), February 2007. [I-D.draft-niccolini-speermint-voipthreats] Niccolini, S. and E. Chen, "VoIP Security Threats relevant to SPEERMINT", March 2007. [I-D.gurbani-sip-domain-certs] Gurbani, V., Jeffrey, A., and S. Lawrence, "Domain Certificates in the Session Initiation Protocol (SIP)", - draft-gurbani-sip-domain-certs-05 (work in progress), + draft-gurbani-sip-domain-certs-06 (work in progress), June 2007. [I-D.ietf-ice] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", June 2007. [I-D.ietf-sip-certs] Jennings, C., Peterson, J., and J. Fischl, "Certificate Management Service for The Session Initiation Protocol (SIP)", May 2007. [I-D.ietf-sip-hitchhikers-guide] Rosenberg, J., "A Hitchhikers Guide to the Session Initiation Protocol (SIP)", July 2007. - [I-D.ietf-sipping-session-policy-framework] - Hilt, V., "A Framework for Session Initiation Protocol - (SIP) Session Policies", - draft-ietf-sipping-session-policy-framework-01 (work in - progress), June 2006. + [I-D.ietf-sipping-session-policy] + Hilt, V. and G. Camarillo, "A Session Initiation Protocol + (SIP) Event Package for Session-Specific Session + Policies", draft-ietf-sipping-policy-package-04.txt (work + in progress), August 2007. [I-D.ietf-speermint-architecture] Penno et al., R., "SPEERMINT Peering Architecture", - April 2007. + draft-ietf-speermint-architecture-03.txt (work in + progress), April 2007. [I-D.ietf-speermint-terminology] Meyer, R. and D. Malas, "SPEERMINT Terminology", - July 2007. + draft-ietf-speermint-terminology-13.txt (work in + progress), November 2007. [I-D.ietf-speermint-voip-consolidated-usecases] Uzelac et al., A., "VoIP SIP Peering Use Cases", - June 2007. + draft-ietf-speermint-voip-consolidated-usecases-03.txt + (work in progress), July 2007. [I-D.ietf-wing-media-security-requirements] Wing, D., Fries, S., and H. Tschofenig, "Requirements for a Media Security Key Management Protocol", draft-wing-media-security-requirements (work in progress), June 2007. [I-D.presence-im-requirements] Houri, A., Aoki, E., and S. Parameswar, "Presence and IM Requirements", May 2007. @@ -788,60 +854,61 @@ its service description, server or device configurations and variable based on peer relationships. A.1. Categories of Parameters and Justifications The following list should be considered as an initial list of "discussion topics" to be addressed by peers when initiating a VoIP peering relationship. o IP Network Connectivity: - Session peers must define how the IP network connectivity between - their respective SBEs and SDEs. While this is out of scope of - session peering, SSPs must agree on a common mechanism for IP - transport of session signaling and media. This may be accomplish - via private (e.g. IPVPN, IPsec, etc.) or public IP networks. + Session peers should define how the IP network connectivity + between their respective SBEs and SDEs. While this is out of + scope of session peering, SSPs must agree on a common mechanism + for IP transport of session signaling and media. This may be + accomplish via private (e.g. IPVPN, IPsec, etc.) or public IP + networks. o Media-related Parameters: * Media Codecs: list of supported media codecs for audio, real- time fax (version of T.38, if applicable), real-time text (RFC 4103), DTMF transport, voice band data communications (as applicable) along with the supported or recommended codec packetization rates, level of RTP paylod redundancy, audio volume levels, etc. * Media Transport: level of support for RTP-RTCP [RFC3550], RTP Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) , T.38 transport over RTP, etc. * Other: support of the VoIP metric block as defined in RTP Control Protocol Extended Reports [RFC3611] , etc. o SIP: - * A session peering policy SHOULD include the list of supported + * A session peering policy should include the list of supported and required SIP RFCs, supported and required SIP methods (including private p headers if applicable), error response codes, supported or recommended format of some header field values , etc. * It should also be possible to describe the list of supported SIP RFCs by various functional groupings. A group of SIP RFCs may represent how a call feature is implemented (call hold, transfer, conferencing, etc.), or it may indicate a functional grouping as in [I-D.ietf-sip-hitchhikers-guide]. o Presence and Instant Messaging: TBD o Accounting: - Methods used for call or session accounting SHOULD be specified. + Methods used for call or session accounting should be specified. An SSP may require a peer to track session usage. It is critical for peers to determine whether the support of any SIP extensions for accounting is a pre-requisite for SIP interoperability. In some cases, call accounting may feed data for billing purposes but not always: some operators may decide to use accounting as a 'bill and keep' model to track session usage and monitor usage against service level agreements. [RFC3702] defines the terminology and basic requirements for accounting of SIP sessions. A few private SIP extensions have also been defined and used over the years to enable call @@ -859,21 +926,21 @@ SIP transactions per second on per domain basis, Session Completion Rate (SCR), Session Establishment Rate (SER), etc. Some SIP end-to-end performance metrics are defined in [I-D.Malas-sip-performance]; a subset of these may be applicable to session peering and interconnects. Some media-related metrics for monitoring VoIP calls have been defined in the VoIP Metrics Report Block, in Section 4.7 of [RFC3611]. o Security: - A SSP SHOULD describe the security requirements that other peers + An SSP should describe the security requirements that other peers must meet in order to terminate calls to its network. While such a list of security-related policy parameters often depends on the security models pre-agreed to by peers, it is expected that these parameters will be discoverable or signaled in the future to allow session peering outside SSP clubs. The list of security parameters may be long and composed of high-level requirements (e.g. authentication, privacy, secure transport) and low level protocol configuration elements like TLS parameters. The following list is not intended to be complete, it provides a preliminary list in the form of examples: @@ -882,27 +949,27 @@ only be admitted if certain criteria are met. For example, for some providers' networks, only incoming SIP sessions signaled over established IPSec tunnels or presented to the well-known TLS ports are admitted. Other call admission requirements may be related to some performance metrics as descrived above. Finally, it is possible that some requiremetns be imposed on lower layers, but these are considered out of scope of session peering. * Call authorization requirements and validation: the presence of - a caller or user identity MAY be required by an SSP. Indeed, + a caller or user identity may be required by an SSP. Indeed, some SSPs may further authorize an incoming session request by validating the caller's identity against white/black lists maintained by the service provider or users (traditional caller ID screening applications or IM white list). - * Privacy requirements: an SSP MAY demand that its SIP messages + * Privacy requirements: an SSP may demand that its SIP messages be securely transported by its peers for privacy reasons so that the calling/called party information be protected. Media sessions may also require privacy and some SSP policies may include requirements on the use of secure media transport protocols such as sRTP, along with some contraints on the minimum authentication/encryption options for use in sRTP. * Network-layer security parameters: this covers how IPSec security associated may be established, the IPSec key exchange mechanisms to be used and any keying materials, the lifetime of