draft-ietf-speermint-requirements-03.txt   draft-ietf-speermint-requirements-04.txt 
SPEERMINT Working Group J-F. Mule SPEERMINT Working Group J-F. Mule
Internet-Draft CableLabs Internet-Draft CableLabs
Intended status: Informational November 19, 2007 Intended status: Informational February 25, 2008
Expires: May 22, 2008 Expires: August 28, 2008
SPEERMINT Requirements for SIP-based VoIP Interconnection SPEERMINT Requirements for SIP-based VoIP Interconnection
draft-ietf-speermint-requirements-03.txt draft-ietf-speermint-requirements-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 22, 2008. This Internet-Draft will expire on August 28, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
Abstract Abstract
A number of use cases have been identified for session peering of A number of use cases have been described for session peering of
voice and other types of multimedia traffic. This memo captures some voice, presence, instant messaging and other types of multimedia
of the requirements that enable these use case scenarios. In its traffic. This memo captures some of the requirements identified by
current version, this document describes both general and use case these use case scenarios. It is intended to become an informational
specific requirements for session peering for multimedia document linking the use cases to potential protocol solutions.
interconnect. It is intended to become an informational document
linking the use cases with potential protocol solutions.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5
3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Session Peering Points . . . . . . . . . . . . . . . . . . 5 3.2. Session Peering Points . . . . . . . . . . . . . . . . . . 5
3.3. Session Establishment Data (SED) . . . . . . . . . . . . . 8 3.3. Session Establishment Data . . . . . . . . . . . . . . . . 8
3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8
3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9
3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 10 3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 10
4. Signaling and Media Guidelines for Session Peering . . . . . . 12 4. Considerations and Requirements for Session Peering of
4.1. Protocol Specifications . . . . . . . . . . . . . . . . . 12 Presence and Instant Messaging . . . . . . . . . . . . . . . . 12
4.2. Minimum set of SIP-SDP-related requirements . . . . . . . 12 5. Security Requirements . . . . . . . . . . . . . . . . . . . . 14
4.3. Media-related Requirements . . . . . . . . . . . . . . . . 12 5.1. Security in SIP networks in the context of session
4.4. Requirements for Presence and Instant Messaging . . . . . 13 peering . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.5. Security Requirements . . . . . . . . . . . . . . . . . . 14 5.2. Security Requirements for the Lookup and Location
4.5.1. Security in today's VoIP networks . . . . . . . . . . 15 Routing Data . . . . . . . . . . . . . . . . . . . . . . . 14
4.5.2. Signaling Security and TLS Considerations . . . . . . 15 5.3. Hop-by-hop Security for SIP Signaling and TLS
4.5.3. Media Security . . . . . . . . . . . . . . . . . . . . 16 Considerations . . . . . . . . . . . . . . . . . . . . . . 15
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 5.4. End-to-End Media Security . . . . . . . . . . . . . . . . 16
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17
7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19
8.1. Normative References . . . . . . . . . . . . . . . . . . . 20 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
8.2. Informative References . . . . . . . . . . . . . . . . . . 20 9.1. Normative References . . . . . . . . . . . . . . . . . . . 20
Appendix A. Policy Parameters for Session Peering . . . . . . . . 24 9.2. Informative References . . . . . . . . . . . . . . . . . . 20
A.1. Categories of Parameters and Justifications . . . . . . . 24 Appendix A. Policy Parameters for Session Peering . . . . . . . . 23
A.1. Categories of Parameters and Justifications . . . . . . . 23
A.2. Summary of Parameters for Consideration in Session A.2. Summary of Parameters for Consideration in Session
Peering Policies . . . . . . . . . . . . . . . . . . . . . 27 Peering Policies . . . . . . . . . . . . . . . . . . . . . 26
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 28 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 27
Intellectual Property and Copyright Statements . . . . . . . . . . 29 Intellectual Property and Copyright Statements . . . . . . . . . . 28
1. Introduction 1. Introduction
Peering at the session level represents an agreement between parties Peering at the session level represents an agreement between parties
to allow the exchange of traffic according to a policy. It is to allow the exchange of multimedia traffic. It is assumed that
assumed that these sessions use the Session Initiation Protocol (SIP) these sessions use the Session Initiation Protocol (SIP) protocol to
protocol to enable peering between two or more actors. The actors of enable peering between two or more actors. These actors are called
SIP session peering are called SIP Service Providers (SSPs) and they SIP Service Providers (SSPs) and they are typically represented by
are typically represented by users, user groups such as enterprises users, user groups such as enterprises, real-time collaboration
or real-time collaboration service communities, or other service service communities, or other service providers offering voice or
providers offering voice or multimedia services. multimedia services.
Common terminology for SIP session peering is defined Common terminology for SIP session peering is defined
([I-D.ietf-speermint-terminology]) and a reference architecture is ([I-D.ietf-speermint-terminology]) and a reference architecture is
described in [I-D.ietf-speermint-architecture]. As the traffic described in [I-D.ietf-speermint-architecture]. A number of use
exchanged using SIP as the session establishment protocol increases cases have been exposed by users of SIP services and various other
between parties, a number of use cases have been exposed by users of actors describing how layer-5 peering has been or could be deployed
SIP services and various other actors for how session level peering based on the reference architecture
has been or could be deployed based on the reference architecture ([I-D.ietf-speermint-voip-consolidated-usecases] and
([I-D.ietf-speermint-voip-consolidated-usecases]). [I-D.ietf-speermint-consolidated-presence-im-usecases]).
Peering at the session layer can be achieved on a bilateral basis Peering at the session layer can be achieved on a bilateral basis
(direct peering with SIP sessions established directly between two (direct peering established directly between two SSPs), or on an
SSPs), or on an indirect basis via an intermediary (indirect peering indirect basis via an intermediary (indirect peering via a third-
via a third-party SSP that has a trust relationship with the SSPs), party SSP that has a trust relationship with the SSPs) - see the
or on a multilateral basis (assisted peering using a federation model terminology document for more details.
between SSPs) - see the terminology document for more details.
This document first describes general guidelines that have been This document first describes general requirements that have been
derived from the working group discussions in the context of session derived from the working group discussions. The use cases are then
peering (direct, indirect or assisted). The use cases are then
analyzed in the spirit of extracting relevant protocol requirements analyzed in the spirit of extracting relevant protocol requirements
that must be met to accomplish the use cases. These requirements are that must be met to accomplish the use cases. These requirements are
also independent of the type of media exchanged by the parties and intended to be independent of the type of media exchanged such as
should be applicable to any type of multimedia session peering such Voice over IP (VoIP), video telephony, and instant messaging. In the
as Voice over IP (VoIP), video telephony, and instant messaging. In case where some requirements are media-specific, we define them in a
the case where some requirements are media-specific, we define them separate section.
in a separate section.
It is not the goal of this document to mandate any particular use of It is not the goal of this document to mandate any particular use of
any IETF protocols on SIP Service Providers to establish session IETF protocols by SIP Service Providers in order to establish session
peering. Instead, the document highlights what requirements should peering. Instead, the document highlights what requirements should
be met and what protocols may be used to define the solution space. be met and what protocols may be used to define the solution space.
Finally, we conclude with a list of parameters for the definition of Finally, we conclude with a list of parameters for the definition of
a session peering policy, provided in an informative appendix. It a session peering policy, provided in an informative appendix. It
should be considered as an example of the information SIP Service should be considered as an example of the information SIP Service
Providers may have to discuss or agree on to connect to one another. Providers may have to discuss or agree on to exchange SIP traffic.
2. Terminology 2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
and "OPTIONAL" are to be interpreted as described in RFC 2119 this document are to be interpreted as described in RFC 2119
[RFC2119]. [RFC2119].
This document also reuses the SIP terminology defined in [I-D.ietf-
speermint-terminology]. It is assumed that the reader is familiar
with the Session Description Protocol (SDP) [RFC4566] and the Session
Initiation Protocol (SIP) [RFC3261].
3. General Requirements 3. General Requirements
The following sections illustrates general requirements applicable to The following sub-sections contain general requirements applicable to
multiple session peering use cases for multimedia sessions. This multiple use cases for multimedia session peering.
memo makes use of the following terms and acronyms defined in
[I-D.ietf-speermint-terminology]: SIP Service Provider (SSP),
Signaling Path Border Element (SBE), Data Path Border Element (DBE),
Session Establishment Data (SED), Layer 3 and Layer 5 peering,
session peering, federation, etc. It is assumed that the reader is
familiar with the Session Description Protocol (SDP) [RFC4566] and
the Session Initiation Protocol (SIP) [RFC3261].
3.1. Scope 3.1. Scope
The primary focus of this document is on the requirements applicable
to the boundaries of Layer 5 SIP networks: SIP entities and Signaling
path Border Elements (SBEs); any requirements touching SIP UA or end-
devices are considered out of scope.
SSPs desiring to establish session peering relationships have to SSPs desiring to establish session peering relationships have to
reach an agreement on numerous aspects. reach an agreement on numerous aspects.
This document only addresses certain aspects of a session peering
This document highlights only certain aspects of a session peering
agreement, mostly the requirements relevant to protocols, including agreement, mostly the requirements relevant to protocols, including
the declaration, advertisement and management of ingress and egress the declaration, advertisement and management of ingress and egress
for session signaling and media, information and conventions related for session signaling and media, information related to the Session
to the Session Establishment Data (SED), and the security mechanisms Establishment Data (SED), and the security mechanisms a peer may use
a peer may use to accept and secure session exchanges. to accept and secure session exchanges.
Numerous other aspects of session peering arrangement are critical to Numerous other aspects of session peering arrangement are critical to
reach a successful agreement but they are considered out of scope of reach a successful agreement but they are considered out of scope of
the SPEERMINT working group and not addressed in this document. They the SPEERMINT working group. They include aspects such as SIP
include aspects such as media (e.g., type of media traffic to be protocol support (e.g. SIP extensions and field conventions), media
exchanged, compatible media codecs and media transport protocols, (e.g., type of media traffic to be exchanged, compatible media codecs
mechanisms to ensure differentiated quality of service for media), and media transport protocols, mechanisms to ensure differentiated
layer-3 IP connectivity between the Signaling Path and Data Path quality of service for media), SIP layer-3 IP connectivity between
Border Elements, traffic capacity control (e.g. maximum number of SIP the Signaling Path and Data Path Border Elements, traffic capacity
sessions at each ingress point, maximum number of concurrent IM or control (e.g. maximum number of SIP sessions at each ingress point,
VoIP sessions), and accounting. The primary focus of this document maximum number of concurrent IM or VoIP sessions), and accounting.
is on the requirements applicable to the boundaries of Layer 5 SIP
networks: SIP UA or end-device requirements are also considered out
of scope.
The informative Appendix A lists parameters that SPPs may consider The informative Appendix A lists parameters that SPPs may consider
when discussing the technical aspects of SIP session peering. The when discussing the technical aspects of SIP session peering. The
purpose of this list which has evolved through the working group use purpose of this list which has evolved through the working group use
case discussions is to capture the parameters that are considered case discussions is to capture the parameters that are considered
outside the scope of the protocol requirements. outside the scope of the protocol requirements.
3.2. Session Peering Points 3.2. Session Peering Points
For session peering to be scalable and operationally manageable by For session peering to be scalable and operationally manageable,
SSPs, maximum flexibility should be given for how signaling path and maximum flexibility should be given for how signaling path and media
media path border elements are declared, dynamically advertised and path border elements are declared, dynamically advertised and
updated. updated.
Indeed, in any session peering environment, there is a need for a SIP Indeed, in any session peering environment, there is a need for a SIP
Service Provider to declare or dynamically advertise the SIP entities Service Provider to declare or dynamically advertise the SIP entities
that will face the peer's network. The media path border elements that will face the peer's network. The media or data path border
are typically signaled dynamically in the session messaging; some elements are typically signaled dynamically in the session
SSPs may want to statically or dynamically announce these media paths description.
to do proper capacity planning, QoS mapping with lower layers, etc.
The use cases defined The use cases defined
([I-D.ietf-speermint-voip-consolidated-usecases]) catalog the various ([I-D.ietf-speermint-voip-consolidated-usecases]) catalog the various
session peering points between SIP Service Providers; they include session peering points between SIP Service Providers; they include
the Session Managers (SM) or Signaling Path Border Elements (SBEs). Signaling Path Border Elements (SBEs) and SIP proxies (or any SIP
entity at the boundary of the Layer 5 network).
Requirement #1: protocol mechanisms must exist for SSPs to o Requirement #1:
communicate the egress and ingress points of its service domain. Protocol mechanisms must exist for a SIP Service Provider (SSP) to
The session peering points may be advertized to session peers communicate the ingress Signaling Path Border Elements of its
using static mechanisms or they may be dynamically advertized. service domain.
Notes on solution space: there seems to be general agreement that Notes on solution space:
[RFC3263] provides a solution for dynamic advertisements in most The SBEs may be advertised to session peers using static
cases of Direct, Indirect and Assistent peering use cases. There mechanisms or they may be dynamically advertised. There seems to
continues to be discussion on how to best use this to advertize be general agreement that [RFC3263] provides a solution for
peer-dependent SBEs (see below). dynamically advertising ingress SBEs in most cases of Direct or
Indirect peering. However, this DNS-based solution may be limited
in cases where the DNS response varies based on who sends the
query (peer-dependent SBEs, see below).
o Requirement #2:
Protocol mechanisms should exist for a SIP Service Provider (SSP)
to communicate the egress SBEs of its service domain.
Notes on motivations for this requirement:
For the purposes of capacity planning, traffic engineering and
call admission control, a SIP Service Provider may be asked where
it will generate SIP calls from. Note that this may not be
applicable to all types of session peering (voice may be a
particular case where this is needed -- at least based on current
practices).
If the SSP also provides media streams to its users as shown in the If the SSP also provides media streams to its users as shown in the
use cases for the SSPs in the "Originating" and "Terminating" use cases for "Originating" and "Terminating" SSPs, a mechanism
Domains, a mechanism should exist to allow SSPs to advertize their should exist to allow SSPs to advertise their media border elements
media border elements responsible for egress and ingress points so responsible for egress and ingress data path border elements (DBEs),
called Signaling Path Data Elements (SDEs). While some SPPs may have if applicable. While some SPPs may have open policies and accept
open policies and accept media traffic from anywhere to anywhere media traffic from anywhere outside their network to anywhere inside
inside their network, some SSPs may want to optimize media delivery their network, some SSPs may want to optimize media delivery and
and identifying media paths between peers prior to traffic being identify media paths between peers prior to traffic being sent (layer
sent. 5 to layer 3 QoS mapping).
Requirement #2: protocol mechanisms must exist for SSPs to o Requirement #3:
communicate the egress and ingress media points or SDEs of its Protocol mechanisms should be available to allow a SIP Service
service domain. Provider to communicate its DBEs to its peers.
Notes on solution space: SSPs engaged in SIP interconnects do Notes: Some SSPs engaged in SIP interconnects do exchange this
exchange this information today in a static manner. type of DBE information today in a static manner. Some SSPs do
not.
Some SPP may impose some restrictions on the type of media traffic Some SSPs may have some restrictions on the type of media traffic
the SIP entities acting as SBEs are capable of establishing. In their SIP entities acting as SBEs are capable of establishing. In
order to avoid a failed attempt to establish a session, a mechanism order to avoid a failed attempt to establish a session, a mechanism
may be provided to allow SSPs to indicate if some restrictions exist may be provided to allow SSPs to indicate if some restrictions exist
on the type of media traffic; ingress and egress SBE points may be on the type of media traffic: ingress and egress SBE points may be
peer-dependent, and/or media-dependent. peer-dependent, and/or media-dependent.
Requirement #3: the mechanisms recommended for the declaration and o Requirement #4:
advertisement of SBE and SDE entities must allow for peer and The mechanisms recommended for the declaration or advertisement of
media variability. SBE and DBE entities must allow for peer and media variability.
Notes on solution space: for advertising peer-dependent SBEs (peer Notes on solution space:
variability), the solution space based on is under specified and For advertising peer-dependent SBEs (peer variability), the
there are no know best current practices. For advertising media- solution space based on [RFC3263] is under specified and there are
dependent SBEs, solutions exist as long as URIs are protocol- no know best current practices. Is DNS the right place for
dependent URIs, and a protocol-dependent URI like a SIP URI can be putting data that varies based on who asks?
mapped to one type of media. First, some URIs like the IM URI are For advertising media-dependent SBEs, solutions exist as long as
abstract ([RFC3428]) and need to be translated to protocol URIs are protocol-dependent URIs. A protocol-dependent URI like a
dependent URIs. Second, by using mechamisms available today, it SIP URI can be mapped to more than one types of media. It should
is not possible to know what media is supported by the SIP SBE be noted that some URIs like the IM URI are abstract ([RFC3428])
before initiating a query. and need to be translated to protocol dependent URIs. It is also
not possible to know what media is supported by the SIP SBE before
initiating a query by using mechanisms like [RFC3263].
Motivations for the media variability: The following example provides some additional motivations for the
While there could be one single Signaling Path Border Element above requirement on advertising media-dependent SBEs to peers.
(SBE) in some SSP networks that communicates with all SIP peer In large multi-service SIP networks, an SSP chooses to have several
networks, an SSP may choose to have one or more SBEs for receiving SBEs for receiving incoming SIP session requests (ingress SBEs), and
incoming SIP session requests (ingress signaling points), and one several SBEs for outgoing SIP session requests (egress SBEs). In
or more SBEs for outgoing SIP session requests (egress signaling order to facilitate the operations, feature management, and
points). Ingress and egress signaling points may be distinct SIP maintenance of its SBEs, the SSP opts for having distinct SBEs for
entities and could be media-dependent. Some providers deploy SIP voice, real-time collaboration, etc. Some SBEs are therefore
entities specialized for voice, real-time collaboration, etc. For dedicated to exchanging certain types of media traffic due to
example, within an SSP network, some SBEs may be dedicated for specific SIP extensions required for certain media types (e.g.
certain types of media traffic due to specific SIP extensions SIMPLE, the SIP MESSAGE Method for Instant Messaging [RFC3428] or the
required for certain media types (e.g. SIMPLE, the SIP MESSAGE Message Sessions Relay Protocol (MSRP)). Note that this example is
Method for Instant Messaging [RFC3428] or the Message Sessions applicable to some enterprise networks where IP voice traffic hits
Relay Protocol (MSRP)). different SIP gateways and voice servers (e.g. IP-PBX) than Instant
Messaging and real-time collaboration servers (e.g. real-time
collaboration and IM server supporting SIMPLE and XMPP).
In the use cases provided as part of direct and indirect scenarios, In the use cases provided as part of direct and indirect scenarios,
an SSP may deal with multiple Session Managers and multiple SBEs in an SSP deals with multiple SIP entities and multiple SBEs in its own
its own domain. There is often a many-to-many relationship between domain. There is often a many-to-many relationship between SIP
Session Managers and Signaling path Border Elements. It should be Proxies and Signaling path Border Elements.
possible for an SSP to define which egress SBE a Session Manager must It should be possible for an SSP to define which egress SBE a SIP
use based on a given peer destination. For example, in the case of entity must use based on a given peer destination. For example, in
an indirect peering scenario via Transit PSP (Figure 3 of the case of an indirect peering scenario (section 5.1.5 of
[I-D.ietf-speermint-voip-consolidated-usecases]), it should be [I-D.ietf-speermint-voip-consolidated-usecases], Figure 5), it should
possible for the O-SM to choose the appropriate O-SBE based on the be possible for the O-Proxy to choose the appropriate O-SBE based on
information the O-SM receives in the response labeled (3)). Note the information the O-Proxy receives from the Lookup Function (LUF)
that this example also applies to the case of Direct Peering when a or Location Routing Function (LRF) - message response labeled (3).
service provider has multiple service areas and each service area Note that this example also applies to the case of Direct Peering
involves multiple Session Managers and a few SBEs. This is also when a service provider has multiple service areas and each service
implied in the Direct Use Case (section 3.1 of area involves multiple SIP Proxies and a few SBEs.
[I-D.ietf-speermint-voip-consolidated-usecases]), by the use of the
route terminology in step 3 "Routing database entity replies with
route to called party" (route in the sense of both target URI and SIP
Route or next hop SIP or SBE entity as defined in [RFC3261]).
Requirement #4: the mechanisms recommended for the location o Requirement #5:
The mechanisms recommended for the lookup and location routing
service must be capable or returning both a target URI destination service must be capable or returning both a target URI destination
and a SIP Route. and a SIP Route.
Notes on solution space: solutions exist if the protocol used Notes: solutions exist if the protocol used between the Proxy and
between the SM and the LS is SIP; if ENUM is used, the author of the LUF/LRF is SIP; if ENUM is used, the author of this document
this document does not know of any solution today. does not know of any solution today.
It is desirable for an SSP to be able to communicate how It is desirable for an SSP to be able to communicate how
authentication of the peer's SBEs will occur (see the security authentication of a peer's SBEs will occur (see the security
requirements for more details). requirements for more details).
Requirement #5: the mechanisms recommended for locating a peer's o Requirement #6:
SBE must be able to convey how a peer should initiate secure The mechanisms recommended for locating a peer's SBE must be able
session establishment. to convey how a peer should initiate secure session establishment.
Notes on the solution space: certain mechanisms exist, for e.g. Notes : certain mechanisms exist; for example, the required
the required use of SIP over TLS may be discovered via RFC 3263. protocol use of SIP over TLS may be discovered via [RFC3263].
3.3. Session Establishment Data (SED) 3.3. Session Establishment Data
The Session Establishment Data (SED) is defined as the data used to The Session Establishment Data (SED) is defined in
route a call or SIP session to the called domain's ingress point [I-D.ietf-speermint-terminology] as the data used to route a call to
([I-D.ietf-speermint-terminology]). Given that SED is the set of the next hop associated with the called domain's ingress point. The
parameters that the Session Managers and outgoing SBEs need to following paragraphs capture some general requirements on the SED
complete the session establishment, some information is shared data.
between SSPs. The following paragraphs capture some general
requirements on the SED data.
3.3.1. User Identities and SIP URIs 3.3.1. User Identities and SIP URIs
User identities used between peers can be represented in many User identities used between peers can be represented in many
different formats. Session Establishment Data should rely on URIs different formats. Session Establishment Data should rely on URIs
(Uniform Resource Identifiers, RFC 3986 [RFC3986]) and SIP URIs (Uniform Resource Identifiers, [RFC3986]) and SIP URIs should be
should be preferred over tel URIs (RFC 3966 [RFC3966]) for session preferred over tel URIs ([RFC3966]) for session peering of VoIP
peering of VoIP traffic. traffic.
The use of DNS domain names and hostnames is recommended in SIP URIs The use of DNS domain names and hostnames is recommended in SIP URIs
and they should be resolvable on the public Internet. It is and they should be resolvable on the public Internet. It is
recommended that the host part of SIP URIs contain a fully-qualified recommended that the host part of SIP URIs contain a fully-qualified
domain name instead of a numeric IPv4 or IPv6 address. As for the domain name instead of a numeric IPv4 or IPv6 address. As for the
user part of the SIP URIs, the mechanisms for session peering should user part of the SIP URIs, the mechanisms for session peering should
not require an SSP to be aware of which individual user identities not require an SSP to be aware of which individual user identities
are valid within its peer's domain. are valid within its peer's domain.
Requirement #6: the protocols used for session peering must o Requirement #7:
accomodate the use of different types of URIs. URIs with the same The protocols used for session peering must accommodate the use of
domain-part should share the same set of peering policies, thus different types of URIs. URIs with the same domain-part should
the domain of the SIP URI may be used as the primary key to any share the same set of peering policies, thus the domain of the SIP
information regarding the reachability of that SIP URI. URI may be used as the primary key to any information regarding
the reachability of that SIP URI.
Requirement #7: the mechanisms for session peering should not
require a peer to be aware of which individual user identities are
valid within its peer's domain.
Notes on the solution space for #6 and #7: generally well o Requirement #8:
understood in IETF. When telephone numbers are in tel URIs, SIP The mechanisms for session peering should not require an SSP to be
requests cannot be routed in accordance with the traditional DNS aware of which individual user identities are valid within its
resolution procedures standardized for SIP as indicated in RFC peer's domain.
3824 [RFC3824]. This means that the solutions built for session
peering must not solely use PSTN identifiers such as Service
Provider IDs (SPIDs) or Trunk Group IDs (these should not be
precluded but solutions should not be limited to these).
o Notes on the solution space for #7 and #8:
This is generally well supported by IETF protocols. When
telephone numbers are in tel URIs, SIP requests cannot be routed
in accordance with the traditional DNS resolution procedures
standardized for SIP as indicated in [RFC3824]. This means that
the solutions built for session peering must not solely use PSTN
identifiers such as Service Provider IDs (SPIDs) or Trunk Group
IDs (they should not be precluded but solutions should not be
limited to these).
Motivations: Motivations:
Although SED data may be based on E.164-based SIP URIs for voice Although SED data may be based on E.164-based SIP URIs for voice
interconnects, a generic peering methodology should not rely on interconnects, a generic peering methodology should not rely on
such E.164 numbers. As described in such E.164 numbers.
[I-D.draft-elwell-speermint-enterprise-usecases], in some use
cases for enterprise to enterprise peering (even if a transit SSP
is involved), it should be possible to use user identity URIs that
do not map to E.164 numbers, e.g. for presence, instant messaging
and even for voice.
3.3.2. URI Reachability 3.3.2. URI Reachability
Based on a well-known URI type (for e.g. sip, pres, or im URIs), it Based on a well-known URI type (for e.g. sip, pres, or im URIs), it
must be possible to determine whether the SSP domain servicing the must be possible to determine whether the SSP domain servicing the
URI allows for session peering, and if it does, it should be possible URI allows for session peering, and if it does, it should be possible
to locate and retrieve the domain's policy and SBE entities. to locate and retrieve the domain's policy and SBE entities.
For example, an originating service provider must be able to For example, an originating service provider must be able to
determine whether a SIP URI is open for direct interconnection determine whether a SIP URI is open for direct interconnection
without requiring an SBE to initiate a SIP request. Furthermore, without requiring an SBE to initiate a SIP request. Furthermore,
since each call setup implies the execution of any proposed since each call setup implies the execution of any proposed
algorithm, the establishment of a SIP session via peering should algorithm, the establishment of a SIP session via peering should
incur minimal overhead and delay, and employ caching wherever incur minimal overhead and delay, and employ caching wherever
possible to avoid extra protocol round trips. possible to avoid extra protocol round trips.
Requirement #8: the mechanisms for session peering must allow an o Requirement #9:
SBE to locate its peer SBE given a SSP hostname or domain name. The mechanisms for session peering must allow an SBE to locate its
peer SBE given a URI type and the target SSP domain name.
Notes on the solution space: generally well understood in IETF.
Open questions exist in how dynamic should the mechanism be to be
able to retrieve the domain's policy for secure signaling between
SBEs, peer-dependent/media-dependent policies.
3.4. Other Considerations 3.4. Other Considerations
The considerations listed below were gathered early on in the The considerations listed below were gathered early on in the
SPEERMINT working group as part of discussions to define the scope of SPEERMINT working group as part of discussions to define the scope of
the working group. the working group. They have not been updated in this revision of
the draft.
o It is assumed that session peering is independent of lower layers. o It is assumed that session peering is independent of lower layers.
The mechanisms used to establish session peering should The mechanisms used to establish session peering should
accommodate diverse supporting lower layers. It should not matter accommodate diverse supporting lower layers. It should not matter
whether lower layers rely on the public Internet or are whether lower layers rely on the public Internet or are
implemented by private L3 connectivity, using firewalls or L2/L3 implemented by private L3 connectivity, using firewalls or L2/L3
Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer
Security (TLS) connections [RFC3546]... Security (TLS) connections [RFC3546]...
o Session Peering Policies and Extensibility: o Session Peering Policies and Extensibility:
skipping to change at page 11, line 4 skipping to change at page 11, line 9
Appendix A. Appendix A.
Motivations: Motivations:
The reasons for declining or accepting incoming calls from a The reasons for declining or accepting incoming calls from a
prospective peering partner can be both administrative prospective peering partner can be both administrative
(contractual, legal, commercial, or business decisions) and (contractual, legal, commercial, or business decisions) and
technical (certain QoS parameters, TLS keys, domain keys, ...). technical (certain QoS parameters, TLS keys, domain keys, ...).
The objectives are to provide a baseline framework to define, The objectives are to provide a baseline framework to define,
publish and optionally retrieve policy information so that a publish and optionally retrieve policy information so that a
session establishment does not need to be attempted to know that session establishment does not need to be attempted to know that
imcompatible policy parameters will cause the session to fail incompatible policy parameters will cause the session to fail
(this was originally referred to as "no blocked calls"). (this was originally referred to as "no blocked calls").
4. Signaling and Media Guidelines for Session Peering 4. Considerations and Requirements for Session Peering of Presence and
Instant Messaging
This section provides some guidelines for SIP-based interconnections.
This section should be partially or entirely removed from the next
revision of this document given the intent of this memo.
4.1. Protocol Specifications
While it is generally agreed that this is out of the scope of
speermint, a detailed list of SIP and SDP RFCs the session peers'
SBEs must conform to should be provided by SSPs. It is not
recommended to rely on Internet-Drafts for commercial SIP
interconnects, but if applicable, a list of supported or required
IETF Internet-Drafts should be provided. Such specifications should
include protocol implementation compliance statements, indicate the
minimal extensions that must be supported, and the full details on
what options and protocol features must be supported, must not be
supported or may be supported. This specification should include a
high-level description of the services that are expected to be
supported by the peering relationship and it may include sample
message flows.
4.2. Minimum set of SIP-SDP-related requirements This section describes requirements for presence and instant
messaging session peering. Several use cases for presence and
instant messaging peering are described in
[I-D.ietf-speermint-consolidated-presence-im-usecases], a document
authored by A. Houri, E. Aoki and S. Parameswar. Credits for this
section must go to A. Houri, E. Aoki and S. Parameswar.
The main objective of SIP interconnects being the establishment of The following requirements for presence and instant messaging session
successful SIP calls between peer SSPs, this section provides some peering are derived from
guidelines for the minimum set of SIP specifications that should be [I-D.ietf-speermint-consolidated-presence-im-usecases] and
supported by SBEs. [I-D.houri-speermint-presence-im-requirements]:
The Core SIP Specifications as defined in [RFC3261] and o Requirement #10:
[I-D.ietf-sip-hitchhikers-guide] MUST be supported by Signaling Path The mechanisms recommended for the exchange of presence
Border Elements (SBEs) and any other SIP implementations involved in information between SSPs MUST allow a user of one SSP's presence
session peering. The specifications contained in the Core SIP group community to subscribe presentities served by another SSP via its
provide the fundamental and basic mechanisms required to enable SIP local community, including subscriptions to a single presentity, a
interconnects. The Hitchkiker's guide include specific sections for personal, public or ad-hoc group list of presentities.
voice, instant message and presence.
Furthermore, SBE implementers must follow the recommendations Notes: see section 2.2 of
contained in RFC 3261 regarding the use of the Supported and Require [I-D.ietf-speermint-consolidated-presence-im-usecases].
headers. Signaling Path Border Elements should include the supported
SIP extensions in the Supported header and the use of the Require
header must be configurable on a per SSP target domain basis in order
to match a network peer's policy and to maximize interoperability.
4.3. Media-related Requirements o Requirement #11:
The mechanisms recommended for Instant Messaging message exchanges
between SSPs MUST allow a user of one SSP's community to
communicate with users of the other SSP community via their local
community using various methods. Such methods include sending a
one-time IM message, initiating a SIP session for transporting
sessions of messages, participating in n-way chats using chat
rooms with users from the peer SSPs, sending a file or sharing a
document.
Compatible codecs must be support by SSPs engaged in session peering. Notes: see section 2.6 of
An SSP domain policy should specify media-related parameters that [I-D.ietf-speermint-consolidated-presence-im-usecases].
their user's SIP entities support or that the SSP authorizes in its
domain's policy. Direct media exchange between the SSPs' user
devices is preferred and media transcoding should be avoided by
proposing commonly agreed codecs. Mechanisms employed for IPv4-IPv6
translation of media should also be agreed upon, as well as solutions
used for NAT traversal such as ICE [I-D.ietf-ice] and STUN
([RFC3489]).
Motivations: The media capabilities of an SSP's network are either a o Requirement #12: Privacy Sharing
property of the SIP end-devices, SIP applications, or, a combination In order to enable sending less notifications between communities,
of the property of end-devices and Data Path Border Elements that may there should be a mechanism that will enable sharing privacy
provide media transcoding. information of users between the communities. This will enable
sending a single notification per presentity that will be sent to
the appropriate watchers on the other community according to the
presentity's privacy information.
The privacy sharing mechanism must be done in a way that will
enable getting the consent of the user whose privacy will be sent
to the other community prior to sending the privacy information.
The choice of one or more common media codecs for SIP sessions if user consent is not give, it should not be possible to this
between SSPs is outside the scope of SPEERMINT. A list of media- optimization. In addition to getting the consent of users
related policy parameters are provided in the informative Appendix A. regarding privacy sharing, the privacy data must be sent only via
secure channels between communities.
For media related security guidance, please refer to Section Notes: see section 2.3 of
Section 4.5. [I-D.ietf-speermint-consolidated-presence-im-usecases].
4.4. Requirements for Presence and Instant Messaging o Requirement #13: Multiple Recipients
It should be possible to send a presence document with a list of
watchers on the other community that should receive the presence
document notification. This will enable sending less presence
document notifications between the communities while avoiding the
need to share privacy information of presentities from one
community to the other.
This section lists some presence and Instant Messaging requirements o Requirement #14: Mappings
defined in [I-D.presence-im-requirements] and authored by A. Houri, Early deployments of SIP based presence and IM gateways are done
E. Aoki and S. Parameswar. Credits must go to A. Houri, E. Aoki and in front of legacy proprietary systems that use different names
S. Parameswar. for different properties that exist in PIDF. For example "Do Not
Disturb" may be translated to "Busy" in another system. In order
to make sure that the meaning of the status is preserved, there is
a need that either each system will translate its internal
statuses to standard PIDF based statuses of a translation table of
proprietary statuses to standard based PIDF statuses will be
provided from one system to the other.
It was requested to integrate [I-D.presence-im-requirements] into 5. Security Requirements
this draft since some of the requirements are generic and non
specific to any application type. In particular, requirements
numbered PRES-IM-REQ-001, PRES-IM-REQ-002, PRES-IM-REQ-010, PRES-IM-
REQ-011, PRES-IM-REQ-015 and PRES-IM_REQ-017 are covered by
guidelines provided in other parts of this document.
The numbering of the requirements is as defined in the above Session peering does bring a new environment in which security
mentioned ID. It is expected that as more discussions occur and requirements should be analyzed but the fundamental mechanisms for
consensus is achieved in the working group, those requirements will securing SIP and media exchanges remain applicable (see Section 26.2
be renumbered or re-written in the mindset of a BCP document. The of [RFC3261]. The issues are less in the mechanisms that do exist
following list describes requirements for presence and instant and can be used to mitigate threats than they are in getting two SSPs
messaging session peering: to agree on which ones to use.
o From (PRES-IM-REQ-003, PRES-IM-REQ-004 and PRES-IM-REQ-005): The This section first provides a broad picture of the various mechanisms
mechanisms recommended for the exchange of presence information used today in the context of SIP session peering. We then describe
between SSPs MUST allow a user of one SSP's presence community to security considerations for the three types of information flows
subscribe presentities served by another SSP via its local described in the use cases: the data queried from the Lookup or
community, including subscriptions to a single presentity, a Location Routing Functions, data exchanged in the SIP signaling
public or private (personal) list of presentities. between SSPs (directly and indirectly), and media.
o From (PRES-IM-REQ-006, PRES-IM-REQ-007, PRES-IM-REQ-008 and PRES- 5.1. Security in SIP networks in the context of session peering
IM-REQ-009): The mechanisms recommended for Instant Messaging
message exchanges between SSPs MUST allow a user of SSP's
community to communicate with users of the other SSP community via
their local community using various methods, including sending a
one-time IM message, initiating a SIP session for transporting
sessions of messages, participating in n-way chats using chat
rooms with users from the peer SSPs, or sending a file.
o PRES-IM-REQ-012: Privacy Sharing - In order to enable sending less In today's SIP deployments, various approaches exist to secure
notifications between communities, there should be a mechanism exchanges between SIP Service Providers. Lookup, signaling and media
that will enable sharing privacy information of users between the security are the three primary topics for consideration in most
communities. This will enable sending a single notification per deployments.
presentity that will be sent to the appropriate watchers on the A number of transport, network and session-level mechanisms are used
other community according to the presentity's privacy information. for SIP by some categories of SSPs. TLS is used in the enterprise
networks for applications such as VoIP and secure Instant Messaging
and session-level security is used end-to-end for some instant
messaging systems or in service provider networks for Instant
Messaging and presence applications. At the network-level, IPsec and
L2/L3 VPNs are widely used in some SSP networks where there is a
desire to secure all signaling and media traffic at or below the IP
layer.
Media level security between providers is not widely used today for
media transported using the Real-Time Protocol (RTP), even though it
is in use in few deployments where the privacy of voice and other RTP
media is critical.
o PRES-IM-REQ-013: Privacy Sharing Security - The privacy sharing A security threat analysis provides guidance for session peering
mechanism must be done in a way that will enable getting the ([I-D.draft-niccolini-speermint-voipthreats]). More discussions
consent of the user whose privacy will be sent to the other based on this threat analysis and use cases continue to be required
community prior to sending the privacy information. if user in the working group to define what hop-by-hop or end-to-end security
consent is not give, it should not be possible to this requirements are necessary in the context of session peering.
optimization. In addition to getting the consent of users
regarding privacy sharing, the privacy data must be sent only via
secure channels between communities.
o PRES-IM-REQ-014: Multiple Recipients - It should be possible to 5.2. Security Requirements for the Lookup and Location Routing Data
send a presence document with a list of watchers on the other
community that should receive the presence document notification.
This will enable sending less presence document notifications
between the communities while avoiding the need to share privacy
information of presentities from one community to the other.
o PRES-IM-REQ-016: Mappings - A lot of the early deployments of SIP The Look-Up Function (LUF) and Location Routing Function (LRF) are
based presence and IM gateways are deployed in front of legacy defined in [I-D.ietf-speermint-terminology]. They provide a
proprietary systems that use different names for different mechanism for determining for a given request the target domain to
properties that exist in PIDF. For example "Do Not Disturb" may which the request should be routed, and SED required to route the
be translated to "Busy" in another system. In order to make sure request to that domain.
that the meaning of the status is preserved, there is a need that
either each system will translate its internal statuses to
standard PIDF based statuses of a translation table of proprietary
statuses to standard based PIDF statuses will be provided from one
system to the other.
4.5. Security Requirements Requirement #15:
The protocols used for the LUF and LRF must allow the look-up and SED
data to be exchanged securely (authentication and encryption services
should be provided).
4.5.1. Security in today's VoIP networks Notes on the solution space: ENUM, SIP and proprietary protocols are
typically used today for accessing these functions.
In today's SIP deployments, various approaches exist to secure 5.3. Hop-by-hop Security for SIP Signaling and TLS Considerations
exchanges between SIP Service Providers. Signaling and media
security are the two primary topics for consideration in most
deployments. A number of transport-layer and network-layer
mechanisms are widely used for SIP by some categories of SSPs: TLS in
the enterprise networks for applications such as VoIP and secure
Instant Messaging or in service provider networks for Instant
Messaging and presence applications, IPsec and L2/L3 VPNs in some SSP
networks where there is a desire to secure all signaling and media
traffic at or below the IP layer. Media level security is not widely
used today between providers for media transported using the Real-
Time Protocol (RTP) , even though it is in use in few deployments
where the privacy of voice and other RTP media is critical.
A security threat analysis provides guidance for VoIP session peering
([I-D.draft-niccolini-speermint-voipthreats]). More discussions
based on this threat analysis and use cases is required in the
working group to define best current practices that this document, or
a separate memo should recommend for both signaling and media
security.
4.5.2. Signaling Security and TLS Considerations Given the direct and indirect peering uses cases referenced in the
previous sections of this document, hop-by-hop security between two
SSPs using Transport Layer Security (TLS) is desirable.
The Transport Layer Security (TLS) is a standard way to secure The Transport Layer Security (TLS) is a standard way to secure
signaling between SIP entities. TLS can be used in direct peering to signaling between SIP entities. TLS can be used in direct peering to
mutually authenticate SSPs and provide message confidentiality and mutually authenticate SSPs and provide message confidentiality and
integrity protection. The remaining paragraphs explore how TLS could integrity protection. The remaining paragraphs explore how TLS could
be deployed and used between 2 SSPs to secure SIP exchanges. The be deployed and used between 2 SSPs to secure SIP exchanges. The
intent is to capture what two SSPs should discuss and agree on in intent is to capture what two SSPs should discuss and agree on in
order to establish TLS connections for SIP session peering. order to establish TLS connections for SIP session peering.
1. SSPs should agree on one or more Certificate Authorities (CAs) 1. One or more Certificate Authorities (CAs) should be agreed
to trust for securing session peering exchanges. between SSPs for securing session peering exchanges.
Alternatively, self-signed certificates may also be used.
Motivations: Motivations:
An SSP should have control over which root CAs it trusts for SIP An SSP should have control over which root CAs it trusts for SIP
communications. This may imply creating a certificate trust list communications. This may imply creating a certificate trust list
and including the peer's CA for each authorized domain. In the and including the peer's CA for each authorized domain. In the
case of a federation, This requirement allows for the initiating case of a federation, this requirement allows for the initiating
side to verify that the server certificate chains up to a trusted side to verify that the server certificate chains up to a trusted
root CA. This also means that SIP servers should allow the root CA. This also means that SIP servers should allow the
configuration of a certificate trust list in order to allow a VSP/ configuration of a certificate trust list in order to allow an SSP
ASP to control which peer's CAs are trusted for TLS connections. to control which peer's CAs are trusted for TLS connections. Note
Note that these considerations seem to be around two themes: one that these considerations seem to be around two themes: one is
is trusting a root, the other is trusting intermediate CAs. trusting a root, the other is trusting intermediate CAs.
There are various use cases of direct peering where there is no
pre-established trust relationship that can rely on self-signed
certificates.
2. Peers should indicate whether their domain policies require 2. Peers should indicate whether their domain policies require
proxy servers to inspect and verify the identity provided in SIP proxy servers to inspect and verify the identity provided in SIP
requests as defined in [RFC4474]. Federations supporting requests as defined in [RFC4474]. Federations supporting
[RFC4474] must specify the CA(s) permitted to issue certificates [RFC4474] and CA(s) must specify the CA(s) permitted to issue
of the authentication service. certificates of the authentication service.
3. SIP and SBE servers involved in the secure session 3. SIP entities and SBEs involved in the secure session
establishment over TLS must have valid X.509 certificates and must establishment over TLS must have valid X.509 certificates and must
be able to receive a TLS connection on a well-known port. be able to receive a TLS connection on a well-known port as
defined in [RFC3261].
4. The following SIP and TLS protocol parameters should be agreed 4. The following SIP and TLS protocol parameters should be agreed
upon as part of session peering policies: the version of TLS upon as part of session peering policies: the version of TLS
supported by Signaling Border Elements (TLSv1, TLSv1.1), the SIP supported by SIP entities and SBEs (TLSv1, TLSv1.1), the SIP TLS
TLS port (default 5061), the server-side session timeout (default port (default 5061), the server-side session timeout (default 300
300 seconds), the list of supported or recommended ciphersuites, seconds), the list of supported or recommended ciphersuites, the
and the list of trusted root CAs. list of trusted root CAs if applicable or whether self-signed
certs are acceptable.
5. SIP and SBE servers involved in the session establishment over 5. SIP entities and SBEs involved in the session establishment
TLS must verify and validate the client certificates: the client over TLS must verify and validate the client certificates. See
certificate must contain a DNS or URI choice type in the section 9 and 9.3 of [I-D.ietf-sip-certs].
subjectAltName which corresponds to the domain asserted in the
host portion of the URI contained in the From header. It is also
recommended that VSPs/ASPs convey the domain identity in the
certificates using both a canonical name of the SIP server(s) and
the SIP URI for the domain as described in section 4 of
[I-D.gurbani-sip-domain-certs]. On the client side, it is also
critical for the TLS client to authenticate the server as defined
in [RFC3261] and in section 9 of [I-D.ietf-sip-certs].
6. A session peering policy should include details on SIP session 6. A session peering policy should include details on SIP session
establishment over TLS if TLS is supported. establishment over TLS if TLS is supported.
4.5.3. Media Security 5.4. End-to-End Media Security
Media security for session peering is as important as signaling Media security is critical to guarantee end-to-end confidentiality of
security, especially for SSPs that want to continue to meet commonly the communication between the end-users' devices, independently of
assumed privacy and confidentiality requirements outside their how many direct or indirect peers are along the signaling path.
networks. Media can be secured using secure media transport
protocols (e.g. secure RTP or sRTP). The issues of key management
protocols for sRTP are being raised in IETF and this continues to be
an area where requirements definition and protocol work is ongoing.
More consensus is required outside SPEERMINT before best current
practices can emerge. See media security requirements for SIP
sessions ([I-D.ietf-wing-media-security-requirements]) and its
references for more details. Some of these scenarios may be
applicable to interdomain SSP session peering.
5. Acknowledgments o Requirement #16:
It is recommended that the establishment of media security be
provided along the media path and not over the signaling path
given the indirect peering use cases.
Notes on the solution space:
Media carried over the Real-Time Protocol (RTP) can be secured
using secure RTP or sRTP ([RFC3711]). A framework for
establishing sRTP security using Datagram TLS [RFC4347] is
described in [I-D.ietf-sip-dtls-srtp-framework]: it allows for
end-to-end media security establishment using extensions to DTLS
([I-D.ietf-avt-dtls-srtp]). This DTLS-SRTP framework meets the
above requirement.
Note that media can also be carried in numerous protocols other than
RTP such as SIP (SIP MESSAGE method), MSRP, XMPP, etc. In these
cases, the above requirement is also met given the security features
of these protocols.
6. Acknowledgments
This document is a work-in-progress and it is based on the input and This document is a work-in-progress and it is based on the input and
contributions made by a large number of people in the SPEERMINT contributions made by a large number of people in the SPEERMINT
working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike
Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard
Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer, Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer,
Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny
Rodrig, Brian Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing. Rodrig, Brian Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing.
Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their
initial drafts describing guidelines or best current practices in initial drafts describing guidelines or best current practices in
various environments, and to Avshalom Houri, Edwin Aoki and Sriram various environments, and to Avshalom Houri, Edwin Aoki and Sriram
Parameswar for authoring the presence and instant messaging Parameswar for authoring the presence and instant messaging
requirements. requirements.
6. IANA Considerations 7. IANA Considerations
None. None.
7. Security Considerations 8. Security Considerations
Securing session peering communications involves numerous protocol Securing session peering communications involves numerous protocol
exchanges, first and foremost, the securing of SIP signaling and exchanges, first and foremost, the securing of SIP signaling and
media sessions. The security considerations contained in [RFC3261], media sessions. The security considerations contained in [RFC3261],
and [RFC4474] are applicable to the SIP protocol exchanges. A number and [RFC4474] are applicable to the SIP protocol exchanges. A number
of security considerations are also described in Section Section 4.5. of security considerations are also described in Section Section 5.
8. References 9. References
8.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References 9.2. Informative References
[I-D.Malas-sip-performance]
Malas, D., "SIP End-to-End Performance Metrics", May 2007.
[I-D.draft-elwell-speermint-enterprise-usecases] [I-D.draft-malas-performance-metrics]
Elwell, J. and B. Rodrig, "Use cases for Enterprise Malas, D., "SIP End-to-End Performance Metrics",
Peering using the Session Initiation Protocol", December 2007.
draft-elwell-speermint-enterprise-usecases-00.txt (work in
progress), February 2007.
[I-D.draft-niccolini-speermint-voipthreats] [I-D.draft-niccolini-speermint-voipthreats]
Niccolini, S. and E. Chen, "VoIP Security Threats relevant Niccolini, S., Chen, E., and J. Seedorf, "VoIP Security
to SPEERMINT", March 2007. Threats relevant to SPEERMINT",
draft-niccolini-speermint-voipthreats-03.txt (work in
progress), February 2008.
[I-D.gurbani-sip-domain-certs] [I-D.houri-speermint-presence-im-requirements]
Gurbani, V., Jeffrey, A., and S. Lawrence, "Domain Houri, A., Aoki, E., and S. Parameswar, "Presence and IM
Certificates in the Session Initiation Protocol (SIP)", Requirements", May 2007.
draft-gurbani-sip-domain-certs-06 (work in progress),
June 2007.
[I-D.ietf-ice] [I-D.ietf-avt-dtls-srtp]
Rosenberg, J., "Interactive Connectivity Establishment McGrew, D. and E. Rescorla, "DTLS Extensions to Establish
(ICE): A Protocol for Network Address Translator (NAT) Keys for SRTP", draft-ietf-avt-dtls-srtp-01.txt (work in
Traversal for Offer/Answer Protocols", June 2007. progress), November 2007.
[I-D.ietf-sip-certs] [I-D.ietf-sip-certs]
Jennings, C., Peterson, J., and J. Fischl, "Certificate Jennings, C., Peterson, J., and J. Fischl, "Certificate
Management Service for The Session Initiation Protocol Management Service for The Session Initiation Protocol
(SIP)", May 2007. (SIP)", draft-ietf-sip-certs-05.txt (work in progress),
January 2008.
[I-D.ietf-sip-dtls-srtp-framework]
Fischl, J., Tschofenig, H., and E. Rescorla, "DTLS-SRTP
Framework", draft-ietf-sip-dtls-srtp-framework-01 (work in
progress), February 2008.
[I-D.ietf-sip-hitchhikers-guide] [I-D.ietf-sip-hitchhikers-guide]
Rosenberg, J., "A Hitchhikers Guide to the Session Rosenberg, J., "A Hitchhikers Guide to the Session
Initiation Protocol (SIP)", July 2007. Initiation Protocol (SIP)", July 2007.
[I-D.ietf-sipping-session-policy] [I-D.ietf-sipping-session-policy]
Hilt, V. and G. Camarillo, "A Session Initiation Protocol Hilt, V. and G. Camarillo, "A Session Initiation Protocol
(SIP) Event Package for Session-Specific Session (SIP) Event Package for Session-Specific Session
Policies", draft-ietf-sipping-policy-package-04.txt (work Policies", draft-ietf-sipping-policy-package-04.txt (work
in progress), August 2007. in progress), August 2007.
[I-D.ietf-speermint-architecture] [I-D.ietf-speermint-architecture]
Penno et al., R., "SPEERMINT Peering Architecture", Penno et al., R., "SPEERMINT Peering Architecture",
draft-ietf-speermint-architecture-03.txt (work in draft-ietf-speermint-architecture-04.txt (work in
progress), April 2007. progress), August 2007.
[I-D.ietf-speermint-consolidated-presence-im-usecases]
Houri, A., Aoki, E., and S. Parameswar, "Presence &
Instant Messaging Peering Use Cases",
draft-ietf-speermint-consolidated-presence-im-usecases-04
(work in progress), February 2008.
[I-D.ietf-speermint-terminology] [I-D.ietf-speermint-terminology]
Meyer, R. and D. Malas, "SPEERMINT Terminology", Meyer, R. and D. Malas, "SPEERMINT Terminology",
draft-ietf-speermint-terminology-13.txt (work in draft-ietf-speermint-terminology-16.txt (work in
progress), November 2007. progress), February 2008.
[I-D.ietf-speermint-voip-consolidated-usecases] [I-D.ietf-speermint-voip-consolidated-usecases]
Uzelac et al., A., "VoIP SIP Peering Use Cases", Uzelac et al., A., "VoIP SIP Peering Use Cases",
draft-ietf-speermint-voip-consolidated-usecases-03.txt draft-ietf-speermint-voip-consolidated-usecases-05.txt
(work in progress), July 2007. (work in progress), February 2008.
[I-D.ietf-wing-media-security-requirements]
Wing, D., Fries, S., and H. Tschofenig, "Requirements for
a Media Security Key Management Protocol",
draft-wing-media-security-requirements (work in progress),
June 2007.
[I-D.presence-im-requirements]
Houri, A., Aoki, E., and S. Parameswar, "Presence and IM
Requirements", May 2007.
[RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V.,
Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse-
Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, Parisis, "RTP Payload for Redundant Audio Data", RFC 2198,
September 1997. September 1997.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
February 2000.
[RFC2915] Mealling, M. and R. Daniel, "The Naming Authority Pointer
(NAPTR) DNS Resource Record", RFC 2915, September 2000.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation
Protocol (SIP): Locating SIP Servers", RFC 3263, Protocol (SIP): Locating SIP Servers", RFC 3263,
June 2002. June 2002.
[RFC3428] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., [RFC3428] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C.,
and D. Gurle, "Session Initiation Protocol (SIP) Extension and D. Gurle, "Session Initiation Protocol (SIP) Extension
for Instant Messaging", RFC 3428, December 2002. for Instant Messaging", RFC 3428, December 2002.
[RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private [RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private
Header (P-Header) Extensions to the Session Initiation Header (P-Header) Extensions to the Session Initiation
Protocol (SIP) for the 3rd-Generation Partnership Project Protocol (SIP) for the 3rd-Generation Partnership Project
(3GPP)", RFC 3455, January 2003. (3GPP)", RFC 3455, January 2003.
[RFC3489] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy,
"STUN - Simple Traversal of User Datagram Protocol (UDP)
Through Network Address Translators (NATs)", RFC 3489,
March 2003.
[RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., [RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
and T. Wright, "Transport Layer Security (TLS) and T. Wright, "Transport Layer Security (TLS)
Extensions", RFC 3546, June 2003. Extensions", RFC 3546, June 2003.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003. Applications", STD 64, RFC 3550, July 2003.
[RFC3603] Marshall, W. and F. Andreasen, "Private Session Initiation [RFC3603] Marshall, W. and F. Andreasen, "Private Session Initiation
Protocol (SIP) Proxy-to-Proxy Extensions for Supporting Protocol (SIP) Proxy-to-Proxy Extensions for Supporting
skipping to change at page 22, line 37 skipping to change at page 22, line 22
RFC 3603, October 2003. RFC 3603, October 2003.
[RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control
Protocol Extended Reports (RTCP XR)", RFC 3611, Protocol Extended Reports (RTCP XR)", RFC 3611,
November 2003. November 2003.
[RFC3702] Loughney, J. and G. Camarillo, "Authentication, [RFC3702] Loughney, J. and G. Camarillo, "Authentication,
Authorization, and Accounting Requirements for the Session Authorization, and Accounting Requirements for the Session
Initiation Protocol (SIP)", RFC 3702, February 2004. Initiation Protocol (SIP)", RFC 3702, February 2004.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004.
[RFC3824] Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using [RFC3824] Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using
E.164 numbers with the Session Initiation Protocol (SIP)", E.164 numbers with the Session Initiation Protocol (SIP)",
RFC 3824, June 2004. RFC 3824, June 2004.
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers",
RFC 3966, December 2004. RFC 3966, December 2004.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005.
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security", RFC 4347, April 2006.
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for [RFC4474] Peterson, J. and C. Jennings, "Enhancements for
Authenticated Identity Management in the Session Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 4474, August 2006. Initiation Protocol (SIP)", RFC 4474, August 2006.
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
Description Protocol", RFC 4566, July 2006. Description Protocol", RFC 4566, July 2006.
Appendix A. Policy Parameters for Session Peering Appendix A. Policy Parameters for Session Peering
This informative section lists various types of parameters that This informative section lists various types of parameters that
skipping to change at page 24, line 35 skipping to change at page 23, line 35
based on peer relationships. based on peer relationships.
A.1. Categories of Parameters and Justifications A.1. Categories of Parameters and Justifications
The following list should be considered as an initial list of The following list should be considered as an initial list of
"discussion topics" to be addressed by peers when initiating a VoIP "discussion topics" to be addressed by peers when initiating a VoIP
peering relationship. peering relationship.
o IP Network Connectivity: o IP Network Connectivity:
Session peers should define how the IP network connectivity Session peers should define how the IP network connectivity
between their respective SBEs and SDEs. While this is out of between their respective SBEs and DBEs. While this is out of
scope of session peering, SSPs must agree on a common mechanism scope of session peering, SSPs must agree on a common mechanism
for IP transport of session signaling and media. This may be for IP transport of session signaling and media. This may be
accomplish via private (e.g. IPVPN, IPsec, etc.) or public IP accomplish via private (e.g. IPVPN, IPsec, etc.) or public IP
networks. networks.
o Media-related Parameters: o Media-related Parameters:
* Media Codecs: list of supported media codecs for audio, real- * Media Codecs: list of supported media codecs for audio, real-
time fax (version of T.38, if applicable), real-time text (RFC time fax (version of T.38, if applicable), real-time text (RFC
4103), DTMF transport, voice band data communications (as 4103), DTMF transport, voice band data communications (as
skipping to change at page 25, line 50 skipping to change at page 24, line 50
Layer-5 performance metrics should be defined and shared between Layer-5 performance metrics should be defined and shared between
peers. The performance metrics apply directly to signaling or peers. The performance metrics apply directly to signaling or
media; they may be used pro-actively to help avoid congestion, media; they may be used pro-actively to help avoid congestion,
call quality issues or call signaling failures, and as part of call quality issues or call signaling failures, and as part of
monitoring techniques, they can be used to evaluate the monitoring techniques, they can be used to evaluate the
performance of peering exchanges. performance of peering exchanges.
Examples of SIP performance metrics include the maximum number of Examples of SIP performance metrics include the maximum number of
SIP transactions per second on per domain basis, Session SIP transactions per second on per domain basis, Session
Completion Rate (SCR), Session Establishment Rate (SER), etc. Completion Rate (SCR), Session Establishment Rate (SER), etc.
Some SIP end-to-end performance metrics are defined in Some SIP end-to-end performance metrics are defined in
[I-D.Malas-sip-performance]; a subset of these may be applicable [I-D.draft-malas-performance-metrics]; a subset of these may be
to session peering and interconnects. applicable to session peering and interconnects.
Some media-related metrics for monitoring VoIP calls have been Some media-related metrics for monitoring VoIP calls have been
defined in the VoIP Metrics Report Block, in Section 4.7 of defined in the VoIP Metrics Report Block, in Section 4.7 of
[RFC3611]. [RFC3611].
o Security: o Security:
An SSP should describe the security requirements that other peers An SSP should describe the security requirements that other peers
must meet in order to terminate calls to its network. While such must meet in order to terminate calls to its network. While such
a list of security-related policy parameters often depends on the a list of security-related policy parameters often depends on the
security models pre-agreed to by peers, it is expected that these security models pre-agreed to by peers, it is expected that these
parameters will be discoverable or signaled in the future to allow parameters will be discoverable or signaled in the future to allow
skipping to change at page 27, line 4 skipping to change at page 26, line 4
protocols such as sRTP, along with some contraints on the protocols such as sRTP, along with some contraints on the
minimum authentication/encryption options for use in sRTP. minimum authentication/encryption options for use in sRTP.
* Network-layer security parameters: this covers how IPSec * Network-layer security parameters: this covers how IPSec
security associated may be established, the IPSec key exchange security associated may be established, the IPSec key exchange
mechanisms to be used and any keying materials, the lifetime of mechanisms to be used and any keying materials, the lifetime of
timed Security Associated if applicable, etc. timed Security Associated if applicable, etc.
* Transport-layer security parameters: this covers how TLS * Transport-layer security parameters: this covers how TLS
connections should be established as described in Section connections should be established as described in Section
Section 4.5. Section 5.
A.2. Summary of Parameters for Consideration in Session Peering A.2. Summary of Parameters for Consideration in Session Peering
Policies Policies
The following is a summary of the parameters mentioned in the The following is a summary of the parameters mentioned in the
previous section. They may be part of a session peering policy and previous section. They may be part of a session peering policy and
appear with a level of requirement (mandatory, recommended, appear with a level of requirement (mandatory, recommended,
supported, ...). supported, ...).
o IP Network Connectivity (assumed, requirements out of scope of o IP Network Connectivity (assumed, requirements out of scope of
skipping to change at page 27, line 27 skipping to change at page 26, line 27
o Media session parameters: o Media session parameters:
* Codecs for audio, video, real time text, instant messaging * Codecs for audio, video, real time text, instant messaging
media sessions media sessions
* Modes of communications for audio (voice, fax, DTMF), IM (page * Modes of communications for audio (voice, fax, DTMF), IM (page
mode, MSRP) mode, MSRP)
* Media transport and means to establish secure media sessions * Media transport and means to establish secure media sessions
* List of ingress and egress SDEs where applicable, including * List of ingress and egress DBEs where applicable, including
STUN Relay servers if present STUN Relay servers if present
o SIP o SIP
* SIP RFCs, methods and error responses * SIP RFCs, methods and error responses
* headers and header values * headers and header values
* possibly, list of SIP RFCs supported by groups (e.g. by call * possibly, list of SIP RFCs supported by groups (e.g. by call
feature) feature)
skipping to change at page 29, line 7 skipping to change at page 28, line 7
Jean-Francois Mule Jean-Francois Mule
CableLabs CableLabs
858 Coal Creek Circle 858 Coal Creek Circle
Louisville, CO 80027 Louisville, CO 80027
USA USA
Email: jf.mule@cablelabs.com Email: jf.mule@cablelabs.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
 End of changes. 109 change blocks. 
459 lines changed or deleted 443 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/