| draft-ietf-speermint-requirements-04.txt | draft-ietf-speermint-requirements-05.txt | |||
|---|---|---|---|---|
| SPEERMINT Working Group J-F. Mule | SPEERMINT Working Group J-F. Mule | |||
| Internet-Draft CableLabs | Internet-Draft CableLabs | |||
| Intended status: Informational February 25, 2008 | Intended status: Informational June 27, 2008 | |||
| Expires: August 28, 2008 | Expires: December 29, 2008 | |||
| SPEERMINT Requirements for SIP-based VoIP Interconnection | SPEERMINT Requirements for SIP-based Session Peering | |||
| draft-ietf-speermint-requirements-04.txt | draft-ietf-speermint-requirements-05.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on August 28, 2008. | This Internet-Draft will expire on December 29, 2008. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
| Abstract | Abstract | |||
| A number of use cases have been described for session peering of | This memo captures protocol requirements identified for enabling | |||
| voice, presence, instant messaging and other types of multimedia | session peering of voice, presence, instant messaging and other types | |||
| traffic. This memo captures some of the requirements identified by | of multimedia traffic. It is an informational document linking the | |||
| these use case scenarios. It is intended to become an informational | session peering use cases to protocol solutions. | |||
| document linking the use cases to potential protocol solutions. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 | 3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. Session Peering Points . . . . . . . . . . . . . . . . . . 5 | 3.2. Border Elements . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.3. Session Establishment Data . . . . . . . . . . . . . . . . 8 | 3.3. Session Establishment Data . . . . . . . . . . . . . . . . 8 | |||
| 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8 | 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8 | |||
| 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9 | 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.4. Other Considerations . . . . . . . . . . . . . . . . . . . 10 | ||||
| 4. Considerations and Requirements for Session Peering of | 4. Considerations and Requirements for Session Peering of | |||
| Presence and Instant Messaging . . . . . . . . . . . . . . . . 12 | Presence and Instant Messaging . . . . . . . . . . . . . . . . 10 | |||
| 5. Security Requirements . . . . . . . . . . . . . . . . . . . . 14 | 5. Security Requirements . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.1. Security in SIP networks in the context of session | 5.1. Security Properties for the Acquisition of Session | |||
| peering . . . . . . . . . . . . . . . . . . . . . . . . . 14 | Establishment Data . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.2. Security Requirements for the Lookup and Location | 5.2. Security Properties for the SIP exchanges . . . . . . . . 13 | |||
| Routing Data . . . . . . . . . . . . . . . . . . . . . . . 14 | 5.3. End-to-End Media Security . . . . . . . . . . . . . . . . 13 | |||
| 5.3. Hop-by-hop Security for SIP Signaling and TLS | 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| Considerations . . . . . . . . . . . . . . . . . . . . . . 15 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.4. End-to-End Media Security . . . . . . . . . . . . . . . . 16 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 17 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 17 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 | Appendix A. Policy Parameters for Session Peering . . . . . . . . 20 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 20 | A.1. Categories of Parameters and Justifications . . . . . . . 20 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 20 | ||||
| Appendix A. Policy Parameters for Session Peering . . . . . . . . 23 | ||||
| A.1. Categories of Parameters and Justifications . . . . . . . 23 | ||||
| A.2. Summary of Parameters for Consideration in Session | A.2. Summary of Parameters for Consideration in Session | |||
| Peering Policies . . . . . . . . . . . . . . . . . . . . . 26 | Peering Policies . . . . . . . . . . . . . . . . . . . . . 23 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 27 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 28 | Intellectual Property and Copyright Statements . . . . . . . . . . 26 | |||
| 1. Introduction | 1. Introduction | |||
| Peering at the session level represents an agreement between parties | Peering at the session level represents an agreement between parties | |||
| to allow the exchange of multimedia traffic. It is assumed that | to allow the exchange of multimedia traffic. It is assumed that | |||
| these sessions use the Session Initiation Protocol (SIP) protocol to | these sessions use the Session Initiation Protocol (SIP) protocol to | |||
| enable peering between two or more actors. These actors are called | enable peering between two or more actors. These actors are called | |||
| SIP Service Providers (SSPs) and they are typically represented by | SIP Service Providers (SSPs) and they are typically represented by | |||
| users, user groups such as enterprises, real-time collaboration | users, user groups such as enterprises, real-time collaboration | |||
| service communities, or other service providers offering voice or | service communities, or other service providers offering voice or | |||
| multimedia services. | multimedia services. | |||
| Common terminology for SIP session peering is defined | Common terminology for SIP session peering is defined in | |||
| ([I-D.ietf-speermint-terminology]) and a reference architecture is | [I-D.ietf-speermint-terminology] and a reference architecture is | |||
| described in [I-D.ietf-speermint-architecture]. A number of use | described in [I-D.ietf-speermint-architecture]. A number of use | |||
| cases have been exposed by users of SIP services and various other | cases describe how session peering has been or could be deployed | |||
| actors describing how layer-5 peering has been or could be deployed | ||||
| based on the reference architecture | based on the reference architecture | |||
| ([I-D.ietf-speermint-voip-consolidated-usecases] and | ([I-D.ietf-speermint-voip-consolidated-usecases] and | |||
| [I-D.ietf-speermint-consolidated-presence-im-usecases]). | [I-D.ietf-speermint-consolidated-presence-im-usecases]). | |||
| Peering at the session layer can be achieved on a bilateral basis | Peering at the session layer can be achieved on a bilateral basis | |||
| (direct peering established directly between two SSPs), or on an | (direct peering established directly between two SSPs), or on an | |||
| indirect basis via an intermediary (indirect peering via a third- | indirect basis via a session intermediary (indirect peering via a | |||
| party SSP that has a trust relationship with the SSPs) - see the | third-party SSP that has a trust relationship with the SSPs) - see | |||
| terminology document for more details. | the terminology document for more details. | |||
| This document first describes general requirements that have been | This document first describes general requirements. The use cases | |||
| derived from the working group discussions. The use cases are then | are then analyzed in the spirit of extracting relevant protocol | |||
| analyzed in the spirit of extracting relevant protocol requirements | requirements that must be met to accomplish the use cases. These | |||
| that must be met to accomplish the use cases. These requirements are | requirements are intended to be independent of the type of media | |||
| intended to be independent of the type of media exchanged such as | exchanged such as Voice over IP (VoIP), video telephony, and instant | |||
| Voice over IP (VoIP), video telephony, and instant messaging. In the | messaging. Media-specific requirements are defined in separate | |||
| case where some requirements are media-specific, we define them in a | sections. | |||
| separate section. | ||||
| It is not the goal of this document to mandate any particular use of | It is not the goal of this document to mandate any particular use of | |||
| IETF protocols by SIP Service Providers in order to establish session | IETF protocols by SIP Service Providers in order to establish session | |||
| peering. Instead, the document highlights what requirements should | peering. Instead, the document highlights what requirements should | |||
| be met and what protocols may be used to define the solution space. | be met and what protocols may be used to define the solution space. | |||
| Finally, we conclude with a list of parameters for the definition of | Finally, we conclude with a list of parameters for the definition of | |||
| a session peering policy, provided in an informative appendix. It | a session peering policy, provided in an informative appendix. It | |||
| should be considered as an example of the information SIP Service | should be considered as an example of the information SIP Service | |||
| Providers may have to discuss or agree on to exchange SIP traffic. | Providers may have to discuss or agree on to exchange SIP traffic. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| this document are to be interpreted as described in RFC 2119 | document are to be interpreted as described in [RFC2119]. | |||
| [RFC2119]. | ||||
| This document also reuses the SIP terminology defined in [I-D.ietf- | This document also reuses the terminology defined in [I-D.ietf- | |||
| speermint-terminology]. It is assumed that the reader is familiar | speermint-terminology]. It is assumed that the reader is familiar | |||
| with the Session Description Protocol (SDP) [RFC4566] and the Session | with the Session Description Protocol (SDP) [RFC4566] and the Session | |||
| Initiation Protocol (SIP) [RFC3261]. | Initiation Protocol (SIP) [RFC3261]. | |||
| 3. General Requirements | 3. General Requirements | |||
| The following sub-sections contain general requirements applicable to | The following sub-sections contain general requirements applicable to | |||
| multiple use cases for multimedia session peering. | multiple use cases for multimedia session peering. | |||
| 3.1. Scope | 3.1. Scope | |||
| skipping to change at page 5, line 38 | skipping to change at page 5, line 36 | |||
| reach a successful agreement but they are considered out of scope of | reach a successful agreement but they are considered out of scope of | |||
| the SPEERMINT working group. They include aspects such as SIP | the SPEERMINT working group. They include aspects such as SIP | |||
| protocol support (e.g. SIP extensions and field conventions), media | protocol support (e.g. SIP extensions and field conventions), media | |||
| (e.g., type of media traffic to be exchanged, compatible media codecs | (e.g., type of media traffic to be exchanged, compatible media codecs | |||
| and media transport protocols, mechanisms to ensure differentiated | and media transport protocols, mechanisms to ensure differentiated | |||
| quality of service for media), SIP layer-3 IP connectivity between | quality of service for media), SIP layer-3 IP connectivity between | |||
| the Signaling Path and Data Path Border Elements, traffic capacity | the Signaling Path and Data Path Border Elements, traffic capacity | |||
| control (e.g. maximum number of SIP sessions at each ingress point, | control (e.g. maximum number of SIP sessions at each ingress point, | |||
| maximum number of concurrent IM or VoIP sessions), and accounting. | maximum number of concurrent IM or VoIP sessions), and accounting. | |||
| The informative Appendix A lists parameters that SPPs may consider | The informative Appendix A lists parameters that may considered when | |||
| when discussing the technical aspects of SIP session peering. The | discussing the technical aspects of SIP session peering. The purpose | |||
| purpose of this list which has evolved through the working group use | of this list which has evolved through the working group use case | |||
| case discussions is to capture the parameters that are considered | discussions is to capture the parameters that are considered outside | |||
| outside the scope of the protocol requirements. | the scope of the protocol requirements. | |||
| 3.2. Session Peering Points | 3.2. Border Elements | |||
| For session peering to be scalable and operationally manageable, | For border elements to be operationally manageable, maximum | |||
| maximum flexibility should be given for how signaling path and media | flexibility should be given for how border elements are declared or | |||
| path border elements are declared, dynamically advertised and | dynamically advertised. | |||
| updated. | ||||
| Indeed, in any session peering environment, there is a need for a SIP | Indeed, in any session peering environment, there is a need for a SIP | |||
| Service Provider to declare or dynamically advertise the SIP entities | Service Provider to declare or dynamically advertise the SIP entities | |||
| that will face the peer's network. The media or data path border | that will face the peer's network. The data path border elements are | |||
| elements are typically signaled dynamically in the session | typically signaled dynamically in the session description. | |||
| description. | ||||
| The use cases defined | The use cases defined | |||
| ([I-D.ietf-speermint-voip-consolidated-usecases]) catalog the various | ([I-D.ietf-speermint-voip-consolidated-usecases]) catalog the various | |||
| session peering points between SIP Service Providers; they include | border elements between SIP Service Providers; they include Signaling | |||
| Signaling Path Border Elements (SBEs) and SIP proxies (or any SIP | Path Border Elements (SBEs) and SIP proxies (or any SIP entity at the | |||
| entity at the boundary of the Layer 5 network). | boundary of the Layer 5 network). | |||
| o Requirement #1: | o Requirement #1: | |||
| Protocol mechanisms must exist for a SIP Service Provider (SSP) to | Protocol mechanisms must exist for a SIP Service Provider (SSP) to | |||
| communicate the ingress Signaling Path Border Elements of its | communicate the ingress Signaling Path Border Elements of its | |||
| service domain. | service domain. | |||
| Notes on solution space: | Notes on solution space: | |||
| The SBEs may be advertised to session peers using static | The SBEs may be advertised to session peers using static | |||
| mechanisms or they may be dynamically advertised. There seems to | mechanisms or they may be dynamically advertised. There seems to | |||
| be general agreement that [RFC3263] provides a solution for | be general agreement that [RFC3263] provides a solution for | |||
| skipping to change at page 6, line 35 | skipping to change at page 6, line 32 | |||
| in cases where the DNS response varies based on who sends the | in cases where the DNS response varies based on who sends the | |||
| query (peer-dependent SBEs, see below). | query (peer-dependent SBEs, see below). | |||
| o Requirement #2: | o Requirement #2: | |||
| Protocol mechanisms should exist for a SIP Service Provider (SSP) | Protocol mechanisms should exist for a SIP Service Provider (SSP) | |||
| to communicate the egress SBEs of its service domain. | to communicate the egress SBEs of its service domain. | |||
| Notes on motivations for this requirement: | Notes on motivations for this requirement: | |||
| For the purposes of capacity planning, traffic engineering and | For the purposes of capacity planning, traffic engineering and | |||
| call admission control, a SIP Service Provider may be asked where | call admission control, a SIP Service Provider may be asked where | |||
| it will generate SIP calls from. Note that this may not be | it will generate SIP calls from. The SSP accepting calls from a | |||
| applicable to all types of session peering (voice may be a | peer may wish to know where SIP calls will originate from (this | |||
| particular case where this is needed -- at least based on current | information is typically used by the terminating SSP). | |||
| practices). | Note that this may not be applicable to all types of session | |||
| peering (voice may be a particular case where this is needed -- at | ||||
| least based on current practices). | ||||
| While provisioning requirements are out-of-scope of this document, | ||||
| some SSPs may find use for a mechanism to dynamically advertise or | ||||
| discover the egress SBEs of a peer. | ||||
| If the SSP also provides media streams to its users as shown in the | If the SSP also provides media streams to its users as shown in the | |||
| use cases for "Originating" and "Terminating" SSPs, a mechanism | use cases for "Originating" and "Terminating" SSPs, a mechanism | |||
| should exist to allow SSPs to advertise their media border elements | should exist to allow SSPs to advertise their egress and ingress data | |||
| responsible for egress and ingress data path border elements (DBEs), | path border elements (DBEs), if applicable. While some SSPs may have | |||
| if applicable. While some SPPs may have open policies and accept | open policies and accept media traffic from anywhere outside their | |||
| media traffic from anywhere outside their network to anywhere inside | network to anywhere inside their network, some SSPs may want to | |||
| their network, some SSPs may want to optimize media delivery and | optimize media delivery and identify media paths between peers prior | |||
| identify media paths between peers prior to traffic being sent (layer | to traffic being sent (layer 5 to layer 3 QoS mapping). | |||
| 5 to layer 3 QoS mapping). | ||||
| o Requirement #3: | o Requirement #3: | |||
| Protocol mechanisms should be available to allow a SIP Service | Protocol mechanisms should be available to allow a SIP Service | |||
| Provider to communicate its DBEs to its peers. | Provider to communicate its DBEs to its peers. | |||
| Notes: Some SSPs engaged in SIP interconnects do exchange this | Notes: Some SSPs engaged in SIP interconnects do exchange this | |||
| type of DBE information today in a static manner. Some SSPs do | type of DBE information today in a static manner. Some SSPs do | |||
| not. | not. | |||
| Some SSPs may have some restrictions on the type of media traffic | Some SSPs may have some restrictions on the type of media traffic | |||
| their SIP entities acting as SBEs are capable of establishing. In | their SIP entities acting as SBEs are capable of establishing. In | |||
| order to avoid a failed attempt to establish a session, a mechanism | order to avoid a failed attempt to establish a session, a mechanism | |||
| may be provided to allow SSPs to indicate if some restrictions exist | may be provided to allow SSPs to indicate if some restrictions exist | |||
| on the type of media traffic: ingress and egress SBE points may be | on the type of media traffic: ingress and egress SBE points may be | |||
| peer-dependent, and/or media-dependent. | peer-dependent, and/or media-dependent. | |||
| o Requirement #4: | o Requirement #4: | |||
| The mechanisms recommended for the declaration or advertisement of | The mechanisms recommended for the declaration or advertisement of | |||
| SBE and DBE entities must allow for peer and media variability. | SBE and DBE entities must allow for peer variability. | |||
| Notes on solution space: | Notes on solution space: | |||
| For advertising peer-dependent SBEs (peer variability), the | For advertising peer-dependent SBEs (peer variability), the | |||
| solution space based on [RFC3263] is under specified and there are | solution space based on [RFC3263] is under specified and there are | |||
| no know best current practices. Is DNS the right place for | no know best current practices. Is DNS the right place for | |||
| putting data that varies based on who asks? | putting data that varies based on who asks? | |||
| For advertising media-dependent SBEs, solutions exist as long as | ||||
| URIs are protocol-dependent URIs. A protocol-dependent URI like a | ||||
| SIP URI can be mapped to more than one types of media. It should | ||||
| be noted that some URIs like the IM URI are abstract ([RFC3428]) | ||||
| and need to be translated to protocol dependent URIs. It is also | ||||
| not possible to know what media is supported by the SIP SBE before | ||||
| initiating a query by using mechanisms like [RFC3263]. | ||||
| The following example provides some additional motivations for the | ||||
| above requirement on advertising media-dependent SBEs to peers. | ||||
| In large multi-service SIP networks, an SSP chooses to have several | ||||
| SBEs for receiving incoming SIP session requests (ingress SBEs), and | ||||
| several SBEs for outgoing SIP session requests (egress SBEs). In | ||||
| order to facilitate the operations, feature management, and | ||||
| maintenance of its SBEs, the SSP opts for having distinct SBEs for | ||||
| voice, real-time collaboration, etc. Some SBEs are therefore | ||||
| dedicated to exchanging certain types of media traffic due to | ||||
| specific SIP extensions required for certain media types (e.g. | ||||
| SIMPLE, the SIP MESSAGE Method for Instant Messaging [RFC3428] or the | ||||
| Message Sessions Relay Protocol (MSRP)). Note that this example is | ||||
| applicable to some enterprise networks where IP voice traffic hits | ||||
| different SIP gateways and voice servers (e.g. IP-PBX) than Instant | ||||
| Messaging and real-time collaboration servers (e.g. real-time | ||||
| collaboration and IM server supporting SIMPLE and XMPP). | ||||
| In the use cases provided as part of direct and indirect scenarios, | In the use cases provided as part of direct and indirect scenarios, | |||
| an SSP deals with multiple SIP entities and multiple SBEs in its own | an SSP deals with multiple SIP entities and multiple SBEs in its own | |||
| domain. There is often a many-to-many relationship between SIP | domain. There is often a many-to-many relationship between SIP | |||
| Proxies and Signaling path Border Elements. | Proxies and Signaling path Border Elements. | |||
| It should be possible for an SSP to define which egress SBE a SIP | It should be possible for an SSP to define which egress SBE a SIP | |||
| entity must use based on a given peer destination. For example, in | entity must use based on a given peer destination. For example, in | |||
| the case of an indirect peering scenario (section 5.1.5 of | the case of an indirect peering scenario (section 5.1.5 of | |||
| [I-D.ietf-speermint-voip-consolidated-usecases], Figure 5), it should | [I-D.ietf-speermint-voip-consolidated-usecases], Figure 5), it should | |||
| be possible for the O-Proxy to choose the appropriate O-SBE based on | be possible for the O-Proxy to choose the appropriate O-SBE based on | |||
| the information the O-Proxy receives from the Lookup Function (LUF) | the information the O-Proxy receives from the Lookup Function (LUF) | |||
| or Location Routing Function (LRF) - message response labeled (3). | and/or Location Routing Function (LRF) - message response labeled | |||
| Note that this example also applies to the case of Direct Peering | (3). Note that this example also applies to the case of Direct | |||
| when a service provider has multiple service areas and each service | Peering when a service provider has multiple service areas and each | |||
| area involves multiple SIP Proxies and a few SBEs. | service area involves multiple SIP Proxies and a few SBEs. | |||
| o Requirement #5: | o Requirement #5: | |||
| The mechanisms recommended for the lookup and location routing | The mechanisms recommended for the lookup and location routing | |||
| service must be capable or returning both a target URI destination | service must be capable or returning both a target URI destination | |||
| and a SIP Route. | and a value for the SIP Route header. | |||
| Notes: solutions exist if the protocol used between the Proxy and | Notes: solutions exist if the protocol used between the Proxy and | |||
| the LUF/LRF is SIP; if ENUM is used, the author of this document | the LUF/LRF is SIP; if ENUM is used, the author of this document | |||
| does not know of any solution today. | does not know of any solution today. | |||
| It is desirable for an SSP to be able to communicate how | It is desirable for an SSP to be able to communicate how | |||
| authentication of a peer's SBEs will occur (see the security | authentication of a peer's SBEs will occur (see the security | |||
| requirements for more details). | requirements for more details). | |||
| o Requirement #6: | o Requirement #6: | |||
| skipping to change at page 10, line 9 | skipping to change at page 10, line 5 | |||
| without requiring an SBE to initiate a SIP request. Furthermore, | without requiring an SBE to initiate a SIP request. Furthermore, | |||
| since each call setup implies the execution of any proposed | since each call setup implies the execution of any proposed | |||
| algorithm, the establishment of a SIP session via peering should | algorithm, the establishment of a SIP session via peering should | |||
| incur minimal overhead and delay, and employ caching wherever | incur minimal overhead and delay, and employ caching wherever | |||
| possible to avoid extra protocol round trips. | possible to avoid extra protocol round trips. | |||
| o Requirement #9: | o Requirement #9: | |||
| The mechanisms for session peering must allow an SBE to locate its | The mechanisms for session peering must allow an SBE to locate its | |||
| peer SBE given a URI type and the target SSP domain name. | peer SBE given a URI type and the target SSP domain name. | |||
| 3.4. Other Considerations | ||||
| The considerations listed below were gathered early on in the | ||||
| SPEERMINT working group as part of discussions to define the scope of | ||||
| the working group. They have not been updated in this revision of | ||||
| the draft. | ||||
| o It is assumed that session peering is independent of lower layers. | ||||
| The mechanisms used to establish session peering should | ||||
| accommodate diverse supporting lower layers. It should not matter | ||||
| whether lower layers rely on the public Internet or are | ||||
| implemented by private L3 connectivity, using firewalls or L2/L3 | ||||
| Virtual Private Networks (VPNs), IPSec tunnels or Transport Layer | ||||
| Security (TLS) connections [RFC3546]... | ||||
| o Session Peering Policies and Extensibility: | ||||
| Mechanisms developed for session peering should be flexible and | ||||
| extensible to cover existing and future session peering models. | ||||
| It is also recommended that SSP policies be published via local | ||||
| configuration choices in a distributed system like DNS rather than | ||||
| in a centralized system like a 'peering registry'. | ||||
| In the context of session peering, a policy is defined as the set | ||||
| of parameters and other information needed by an SPP to connect to | ||||
| another. Some of the session policy parameters may be statically | ||||
| exchanged and set throughout the lifetime of the peering | ||||
| relationship. Others parameters may be discovered and updated | ||||
| dynamically using by some explicit protocol mechanisms. These | ||||
| dynamic parameters may also relate to an SSP's session-dependent | ||||
| or session independent policies as defined in | ||||
| [I-D.ietf-sipping-session-policy]. | ||||
| o Administrative and Technical Policies: | ||||
| Various types of policy information may need to be discovered or | ||||
| exchanged in order to establish session peering. At a minimum, a | ||||
| policy should specify information related to session establishment | ||||
| data in order to avoid session establishment failures. A policy | ||||
| may also include information related to QoS, billing and | ||||
| accounting, layer-3 related interconnect requirements which are | ||||
| out of the scope of this document, see examples in Section | ||||
| Appendix A. | ||||
| Motivations: | ||||
| The reasons for declining or accepting incoming calls from a | ||||
| prospective peering partner can be both administrative | ||||
| (contractual, legal, commercial, or business decisions) and | ||||
| technical (certain QoS parameters, TLS keys, domain keys, ...). | ||||
| The objectives are to provide a baseline framework to define, | ||||
| publish and optionally retrieve policy information so that a | ||||
| session establishment does not need to be attempted to know that | ||||
| incompatible policy parameters will cause the session to fail | ||||
| (this was originally referred to as "no blocked calls"). | ||||
| 4. Considerations and Requirements for Session Peering of Presence and | 4. Considerations and Requirements for Session Peering of Presence and | |||
| Instant Messaging | Instant Messaging | |||
| This section describes requirements for presence and instant | This section describes requirements for presence and instant | |||
| messaging session peering. Several use cases for presence and | messaging session peering. Several use cases for presence and | |||
| instant messaging peering are described in | instant messaging peering are described in | |||
| [I-D.ietf-speermint-consolidated-presence-im-usecases], a document | [I-D.ietf-speermint-consolidated-presence-im-usecases], a document | |||
| authored by A. Houri, E. Aoki and S. Parameswar. Credits for this | authored by A. Houri, E. Aoki and S. Parameswar. Credits for this | |||
| section must go to A. Houri, E. Aoki and S. Parameswar. | section must go to A. Houri, E. Aoki and S. Parameswar. | |||
| skipping to change at page 14, line 7 | skipping to change at page 12, line 7 | |||
| for different properties that exist in PIDF. For example "Do Not | for different properties that exist in PIDF. For example "Do Not | |||
| Disturb" may be translated to "Busy" in another system. In order | Disturb" may be translated to "Busy" in another system. In order | |||
| to make sure that the meaning of the status is preserved, there is | to make sure that the meaning of the status is preserved, there is | |||
| a need that either each system will translate its internal | a need that either each system will translate its internal | |||
| statuses to standard PIDF based statuses of a translation table of | statuses to standard PIDF based statuses of a translation table of | |||
| proprietary statuses to standard based PIDF statuses will be | proprietary statuses to standard based PIDF statuses will be | |||
| provided from one system to the other. | provided from one system to the other. | |||
| 5. Security Requirements | 5. Security Requirements | |||
| Session peering does bring a new environment in which security | This section describes the security properties that are desirable for | |||
| requirements should be analyzed but the fundamental mechanisms for | the protocol exchanges in scope of session peering. Three types of | |||
| securing SIP and media exchanges remain applicable (see Section 26.2 | information flows are described in the architecture and use case | |||
| of [RFC3261]. The issues are less in the mechanisms that do exist | documents: the acquisition of the Session Establishment Data (SED) | |||
| and can be used to mitigate threats than they are in getting two SSPs | based on a destination target via the Lookup and Location Routing | |||
| to agree on which ones to use. | Functions (LUF and LRF), the SIP signaling between SIP Service | |||
| Providers, and the associated media exchanges. | ||||
| This section first provides a broad picture of the various mechanisms | ||||
| used today in the context of SIP session peering. We then describe | ||||
| security considerations for the three types of information flows | ||||
| described in the use cases: the data queried from the Lookup or | ||||
| Location Routing Functions, data exchanged in the SIP signaling | ||||
| between SSPs (directly and indirectly), and media. | ||||
| 5.1. Security in SIP networks in the context of session peering | ||||
| In today's SIP deployments, various approaches exist to secure | This section is focused on three security services, authentication, | |||
| exchanges between SIP Service Providers. Lookup, signaling and media | data confidentiality and data integrity as summarized in [RFC3365]. | |||
| security are the three primary topics for consideration in most | However, this text does not specify the mandatory-to-implement | |||
| deployments. | security mechanisms as required by [RFC3365]; this is left for future | |||
| A number of transport, network and session-level mechanisms are used | protocol solutions that meet the requirements. | |||
| for SIP by some categories of SSPs. TLS is used in the enterprise | ||||
| networks for applications such as VoIP and secure Instant Messaging | ||||
| and session-level security is used end-to-end for some instant | ||||
| messaging systems or in service provider networks for Instant | ||||
| Messaging and presence applications. At the network-level, IPsec and | ||||
| L2/L3 VPNs are widely used in some SSP networks where there is a | ||||
| desire to secure all signaling and media traffic at or below the IP | ||||
| layer. | ||||
| Media level security between providers is not widely used today for | ||||
| media transported using the Real-Time Protocol (RTP), even though it | ||||
| is in use in few deployments where the privacy of voice and other RTP | ||||
| media is critical. | ||||
| A security threat analysis provides guidance for session peering | A security threat analysis provides guidance for session peering | |||
| ([I-D.draft-niccolini-speermint-voipthreats]). More discussions | ([I-D.draft-niccolini-speermint-voipthreats]). | |||
| based on this threat analysis and use cases continue to be required | ||||
| in the working group to define what hop-by-hop or end-to-end security | ||||
| requirements are necessary in the context of session peering. | ||||
| 5.2. Security Requirements for the Lookup and Location Routing Data | 5.1. Security Properties for the Acquisition of Session Establishment | |||
| Data | ||||
| The Look-Up Function (LUF) and Location Routing Function (LRF) are | The Look-Up Function (LUF) and Location Routing Function (LRF) are | |||
| defined in [I-D.ietf-speermint-terminology]. They provide a | defined in [I-D.ietf-speermint-terminology]. They provide mechanisms | |||
| mechanism for determining for a given request the target domain to | for determining the SIP target address and domain the request should | |||
| which the request should be routed, and SED required to route the | be sent to, and the associated SED to route the request to that | |||
| request to that domain. | domain. | |||
| Requirement #15: | ||||
| The protocols used for the LUF and LRF must allow the look-up and SED | ||||
| data to be exchanged securely (authentication and encryption services | ||||
| should be provided). | ||||
| Notes on the solution space: ENUM, SIP and proprietary protocols are | ||||
| typically used today for accessing these functions. | ||||
| 5.3. Hop-by-hop Security for SIP Signaling and TLS Considerations | ||||
| Given the direct and indirect peering uses cases referenced in the | ||||
| previous sections of this document, hop-by-hop security between two | ||||
| SSPs using Transport Layer Security (TLS) is desirable. | ||||
| The Transport Layer Security (TLS) is a standard way to secure | ||||
| signaling between SIP entities. TLS can be used in direct peering to | ||||
| mutually authenticate SSPs and provide message confidentiality and | ||||
| integrity protection. The remaining paragraphs explore how TLS could | ||||
| be deployed and used between 2 SSPs to secure SIP exchanges. The | ||||
| intent is to capture what two SSPs should discuss and agree on in | ||||
| order to establish TLS connections for SIP session peering. | ||||
| 1. One or more Certificate Authorities (CAs) should be agreed | A mutual authentication service is desirable for the LUF and LRF | |||
| between SSPs for securing session peering exchanges. | protocol exchanges. The response from the LUF and LRF may depend on | |||
| Alternatively, self-signed certificates may also be used. | the identity of the requestor: the authentication of the LUF/LRF | |||
| requests is therefore a desirable property. Mutual authentication is | ||||
| also desirable: the requestor may verify the identity of the systems | ||||
| that provided the LUF/LRF responses given the nature of the data | ||||
| returned in those responses. Authentication also provides some | ||||
| protection for the availability of the LUF and LRF against attackers | ||||
| that would attempt to launch DoS attacks by sending bogus requests | ||||
| causing the LUF to perform a lookup and consume resources. | ||||
| Motivations: | Given the sensitive nature of the session establishment data | |||
| An SSP should have control over which root CAs it trusts for SIP | exchanged with the LUF and LRF functions, the protocol mechanisms | |||
| communications. This may imply creating a certificate trust list | chosen for the lookup and location routing should offer data | |||
| and including the peer's CA for each authorized domain. In the | confidentiality and integrity protection (SED data may contain user | |||
| case of a federation, this requirement allows for the initiating | addresses, SIP URI, location of SIP entities at the boundaries of SIP | |||
| side to verify that the server certificate chains up to a trusted | Service Provider domains, etc.). | |||
| root CA. This also means that SIP servers should allow the | ||||
| configuration of a certificate trust list in order to allow an SSP | ||||
| to control which peer's CAs are trusted for TLS connections. Note | ||||
| that these considerations seem to be around two themes: one is | ||||
| trusting a root, the other is trusting intermediate CAs. | ||||
| There are various use cases of direct peering where there is no | ||||
| pre-established trust relationship that can rely on self-signed | ||||
| certificates. | ||||
| 2. Peers should indicate whether their domain policies require | Requirement #15: | |||
| proxy servers to inspect and verify the identity provided in SIP | The data exchanges for the lookup and location routing MUST support | |||
| requests as defined in [RFC4474]. Federations supporting | mutual authentication, data confidentiality and integrity. | |||
| [RFC4474] and CA(s) must specify the CA(s) permitted to issue | ||||
| certificates of the authentication service. | ||||
| 3. SIP entities and SBEs involved in the secure session | Notes on the solution space: ENUM, SIP and proprietary protocols are | |||
| establishment over TLS must have valid X.509 certificates and must | typically used today for accessing these functions. SSPs may use | |||
| be able to receive a TLS connection on a well-known port as | lower layer security mechanisms to guarantee some of those security | |||
| defined in [RFC3261]. | properties. | |||
| 4. The following SIP and TLS protocol parameters should be agreed | 5.2. Security Properties for the SIP exchanges | |||
| upon as part of session peering policies: the version of TLS | ||||
| supported by SIP entities and SBEs (TLSv1, TLSv1.1), the SIP TLS | ||||
| port (default 5061), the server-side session timeout (default 300 | ||||
| seconds), the list of supported or recommended ciphersuites, the | ||||
| list of trusted root CAs if applicable or whether self-signed | ||||
| certs are acceptable. | ||||
| 5. SIP entities and SBEs involved in the session establishment | The fundamental mechanisms for securing SIP are applicable (see | |||
| over TLS must verify and validate the client certificates. See | Section 26.2 of [RFC3261], and [RFC4474]). | |||
| section 9 and 9.3 of [I-D.ietf-sip-certs]. | ||||
| 6. A session peering policy should include details on SIP session | Authentication of SIP communications are desirable, especially in the | |||
| establishment over TLS if TLS is supported. | context of session peering involving SIP intermediaries. Data | |||
| confidentiality and integrity of the SIP message body may be | ||||
| desirable given some of the levels of session peering indirection | ||||
| (indirect/assisted peering), but they could be harmful as they may | ||||
| prevent intermediary SSPs from "inserting" SBEs/DBEs along the | ||||
| signaling and data paths. | ||||
| 5.4. End-to-End Media Security | 5.3. End-to-End Media Security | |||
| Media security is critical to guarantee end-to-end confidentiality of | Media security is critical to guarantee end-to-end confidentiality of | |||
| the communication between the end-users' devices, independently of | the communication between the end-users' devices, independently of | |||
| how many direct or indirect peers are along the signaling path. | how many direct or indirect peers are along the signaling path. | |||
| o Requirement #16: | ||||
| It is recommended that the establishment of media security be | It is recommended that the establishment of media security be | |||
| provided along the media path and not over the signaling path | provided along the media path and not over the signaling path given | |||
| given the indirect peering use cases. | the indirect peering use cases. | |||
| Notes on the solution space: | Notes on the solution space: | |||
| Media carried over the Real-Time Protocol (RTP) can be secured | Media carried over the Real-Time Protocol (RTP) can be secured using | |||
| using secure RTP or sRTP ([RFC3711]). A framework for | secure RTP or sRTP ([RFC3711]). A framework for establishing sRTP | |||
| establishing sRTP security using Datagram TLS [RFC4347] is | security using Datagram TLS [RFC4347] is described in | |||
| described in [I-D.ietf-sip-dtls-srtp-framework]: it allows for | [I-D.ietf-sip-dtls-srtp-framework]: it allows for end-to-end media | |||
| end-to-end media security establishment using extensions to DTLS | security establishment using extensions to DTLS | |||
| ([I-D.ietf-avt-dtls-srtp]). This DTLS-SRTP framework meets the | ([I-D.ietf-avt-dtls-srtp]). This DTLS-SRTP framework meets the above | |||
| above requirement. | requirement. | |||
| Note that media can also be carried in numerous protocols other than | Note that media can also be carried in numerous protocols other than | |||
| RTP such as SIP (SIP MESSAGE method), MSRP, XMPP, etc. In these | RTP such as SIP (SIP MESSAGE method), MSRP, XMPP, etc. In these | |||
| cases, the above requirement is also met given the security features | cases, it is desirable those those protocols offer data | |||
| of these protocols. | confidentiality protection at a minimum. | |||
| 6. Acknowledgments | 6. Acknowledgments | |||
| This document is a work-in-progress and it is based on the input and | This document is a work-in-progress and it is based on the input and | |||
| contributions made by a large number of people in the SPEERMINT | contributions made by a large number of people in the SPEERMINT | |||
| working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike | working group, including: Edwin Aoki, Scott Brim, John Elwell, Mike | |||
| Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard | Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard | |||
| Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer, | Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer, | |||
| Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny | Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny | |||
| Rodrig, Brian Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing. | Rodrig, Brian Rosen, Eric Rosenfeld, Adam Uzelac and Dan Wing. | |||
| Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their | Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their | |||
| initial drafts describing guidelines or best current practices in | initial drafts describing guidelines or best current practices in | |||
| various environments, and to Avshalom Houri, Edwin Aoki and Sriram | various environments, and to Avshalom Houri, Edwin Aoki and Sriram | |||
| Parameswar for authoring the presence and instant messaging | Parameswar for authoring the presence and instant messaging | |||
| requirements. | requirements. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| None. | This document does not register any values in IANA registries. | |||
| 8. Security Considerations | 8. Security Considerations | |||
| Securing session peering communications involves numerous protocol | Securing session peering communications involves numerous protocol | |||
| exchanges, first and foremost, the securing of SIP signaling and | exchanges, first and foremost, the securing of SIP signaling and | |||
| media sessions. The security considerations contained in [RFC3261], | media sessions. The security considerations contained in [RFC3261], | |||
| and [RFC4474] are applicable to the SIP protocol exchanges. A number | and [RFC4474] are applicable to the SIP protocol exchanges. A number | |||
| of security considerations are also described in Section Section 5. | of security considerations are also described in Section Section 5. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [I-D.draft-malas-performance-metrics] | [I-D.draft-ietf-pmol-sip-perf-metrics] | |||
| Malas, D., "SIP End-to-End Performance Metrics", | Malas, D., "SIP End-to-End Performance Metrics", | |||
| December 2007. | draft-ietf-pmol-sip-perf-metrics-01.txt (work in | |||
| progress), June 2008. | ||||
| [I-D.draft-niccolini-speermint-voipthreats] | [I-D.draft-niccolini-speermint-voipthreats] | |||
| Niccolini, S., Chen, E., and J. Seedorf, "VoIP Security | Niccolini, S., Chen, E., and J. Seedorf, "VoIP Security | |||
| Threats relevant to SPEERMINT", | Threats relevant to SPEERMINT", | |||
| draft-niccolini-speermint-voipthreats-03.txt (work in | draft-niccolini-speermint-voipthreats-03.txt (work in | |||
| progress), February 2008. | progress), February 2008. | |||
| [I-D.houri-speermint-presence-im-requirements] | [I-D.houri-speermint-presence-im-requirements] | |||
| Houri, A., Aoki, E., and S. Parameswar, "Presence and IM | Houri, A., Aoki, E., and S. Parameswar, "Presence and IM | |||
| Requirements", May 2007. | Requirements", May 2007. | |||
| [I-D.ietf-avt-dtls-srtp] | [I-D.ietf-avt-dtls-srtp] | |||
| McGrew, D. and E. Rescorla, "DTLS Extensions to Establish | McGrew, D. and E. Rescorla, "DTLS Extensions to Establish | |||
| Keys for SRTP", draft-ietf-avt-dtls-srtp-01.txt (work in | Keys for SRTP", draft-ietf-avt-dtls-srtp-02.txt (work in | |||
| progress), November 2007. | progress), February 2008. | |||
| [I-D.ietf-sip-certs] | ||||
| Jennings, C., Peterson, J., and J. Fischl, "Certificate | ||||
| Management Service for The Session Initiation Protocol | ||||
| (SIP)", draft-ietf-sip-certs-05.txt (work in progress), | ||||
| January 2008. | ||||
| [I-D.ietf-sip-dtls-srtp-framework] | [I-D.ietf-sip-dtls-srtp-framework] | |||
| Fischl, J., Tschofenig, H., and E. Rescorla, "DTLS-SRTP | Fischl, J., Tschofenig, H., and E. Rescorla, "DTLS-SRTP | |||
| Framework", draft-ietf-sip-dtls-srtp-framework-01 (work in | Framework", draft-ietf-sip-dtls-srtp-framework-01 (work in | |||
| progress), February 2008. | progress), February 2008. | |||
| [I-D.ietf-sip-hitchhikers-guide] | [I-D.ietf-sip-hitchhikers-guide] | |||
| Rosenberg, J., "A Hitchhikers Guide to the Session | Rosenberg, J., "A Hitchhikers Guide to the Session | |||
| Initiation Protocol (SIP)", July 2007. | Initiation Protocol (SIP)", July 2007. | |||
| [I-D.ietf-sipping-session-policy] | ||||
| Hilt, V. and G. Camarillo, "A Session Initiation Protocol | ||||
| (SIP) Event Package for Session-Specific Session | ||||
| Policies", draft-ietf-sipping-policy-package-04.txt (work | ||||
| in progress), August 2007. | ||||
| [I-D.ietf-speermint-architecture] | [I-D.ietf-speermint-architecture] | |||
| Penno et al., R., "SPEERMINT Peering Architecture", | Penno et al., R., "SPEERMINT Peering Architecture", | |||
| draft-ietf-speermint-architecture-04.txt (work in | draft-ietf-speermint-architecture-06.txt (work in | |||
| progress), August 2007. | progress), May 2008. | |||
| [I-D.ietf-speermint-consolidated-presence-im-usecases] | [I-D.ietf-speermint-consolidated-presence-im-usecases] | |||
| Houri, A., Aoki, E., and S. Parameswar, "Presence & | Houri, A., Aoki, E., and S. Parameswar, "Presence & | |||
| Instant Messaging Peering Use Cases", | Instant Messaging Peering Use Cases", | |||
| draft-ietf-speermint-consolidated-presence-im-usecases-04 | draft-ietf-speermint-consolidated-presence-im-usecases-04 | |||
| (work in progress), February 2008. | (work in progress), February 2008. | |||
| [I-D.ietf-speermint-terminology] | [I-D.ietf-speermint-terminology] | |||
| Meyer, R. and D. Malas, "SPEERMINT Terminology", | Meyer, R. and D. Malas, "SPEERMINT Terminology", | |||
| draft-ietf-speermint-terminology-16.txt (work in | draft-ietf-speermint-terminology-16.txt (work in | |||
| progress), February 2008. | progress), February 2008. | |||
| [I-D.ietf-speermint-voip-consolidated-usecases] | [I-D.ietf-speermint-voip-consolidated-usecases] | |||
| Uzelac et al., A., "VoIP SIP Peering Use Cases", | Uzelac et al., A., "VoIP SIP Peering Use Cases", | |||
| draft-ietf-speermint-voip-consolidated-usecases-05.txt | draft-ietf-speermint-voip-consolidated-usecases-08.txt | |||
| (work in progress), February 2008. | (work in progress), May 2008. | |||
| [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., | [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., | |||
| Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- | Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- | |||
| Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, | Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, | |||
| September 1997. | September 1997. | |||
| [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, | [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, | |||
| A., Peterson, J., Sparks, R., Handley, M., and E. | A., Peterson, J., Sparks, R., Handley, M., and E. | |||
| Schooler, "SIP: Session Initiation Protocol", RFC 3261, | Schooler, "SIP: Session Initiation Protocol", RFC 3261, | |||
| June 2002. | June 2002. | |||
| [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation | [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation | |||
| Protocol (SIP): Locating SIP Servers", RFC 3263, | Protocol (SIP): Locating SIP Servers", RFC 3263, | |||
| June 2002. | June 2002. | |||
| [RFC3428] Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., | [RFC3365] Schiller, J., "Strong Security Requirements for Internet | |||
| and D. Gurle, "Session Initiation Protocol (SIP) Extension | Engineering Task Force Standard Protocols", BCP 61, | |||
| for Instant Messaging", RFC 3428, December 2002. | RFC 3365, August 2002. | |||
| [RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private | [RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private | |||
| Header (P-Header) Extensions to the Session Initiation | Header (P-Header) Extensions to the Session Initiation | |||
| Protocol (SIP) for the 3rd-Generation Partnership Project | Protocol (SIP) for the 3rd-Generation Partnership Project | |||
| (3GPP)", RFC 3455, January 2003. | (3GPP)", RFC 3455, January 2003. | |||
| [RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., | ||||
| and T. Wright, "Transport Layer Security (TLS) | ||||
| Extensions", RFC 3546, June 2003. | ||||
| [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. | [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. | |||
| Jacobson, "RTP: A Transport Protocol for Real-Time | Jacobson, "RTP: A Transport Protocol for Real-Time | |||
| Applications", STD 64, RFC 3550, July 2003. | Applications", STD 64, RFC 3550, July 2003. | |||
| [RFC3603] Marshall, W. and F. Andreasen, "Private Session Initiation | [RFC3603] Marshall, W. and F. Andreasen, "Private Session Initiation | |||
| Protocol (SIP) Proxy-to-Proxy Extensions for Supporting | Protocol (SIP) Proxy-to-Proxy Extensions for Supporting | |||
| the PacketCable Distributed Call Signaling Architecture", | the PacketCable Distributed Call Signaling Architecture", | |||
| RFC 3603, October 2003. | RFC 3603, October 2003. | |||
| [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control | [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control | |||
| skipping to change at page 23, line 8 | skipping to change at page 20, line 8 | |||
| [RFC4474] Peterson, J. and C. Jennings, "Enhancements for | [RFC4474] Peterson, J. and C. Jennings, "Enhancements for | |||
| Authenticated Identity Management in the Session | Authenticated Identity Management in the Session | |||
| Initiation Protocol (SIP)", RFC 4474, August 2006. | Initiation Protocol (SIP)", RFC 4474, August 2006. | |||
| [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session | [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session | |||
| Description Protocol", RFC 4566, July 2006. | Description Protocol", RFC 4566, July 2006. | |||
| Appendix A. Policy Parameters for Session Peering | Appendix A. Policy Parameters for Session Peering | |||
| This informative section lists various types of parameters that | This informative section lists various types of parameters that | |||
| should be first considered by implementers when deciding what | should be considered by implementers when deciding what configuration | |||
| configuration parameters to expose to system admins or management | parameters to expose to system administrators or management stations, | |||
| stations, and second, by SSPs or federations of SSPs when discussing | as well as SSPs or federations of SSPs when discussing the technical | |||
| the technical aspects of a session peering policy. | aspects of a session peering policy. | |||
| In the context of session peering, a policy can be defined as the set | ||||
| of parameters and other information needed by an SSP to exchange | ||||
| traffic with another peer. Some of the session policy parameters may | ||||
| be statically exchanged and set throughout the lifetime of the | ||||
| peering relationship. Others parameters may be discovered and | ||||
| updated dynamically using by some explicit protocol mechanisms. | ||||
| These dynamic parameters may also relate to an SSP's session- | ||||
| dependent or session independent policies as defined in [I-D.ietf- | ||||
| sipping-session-policy]. | ||||
| Various types of policy information may need to be discovered or | ||||
| exchanged in order to establish session peering. At a minimum, a | ||||
| policy should specify information related to session establishment | ||||
| data in order to avoid session establishment failures. A policy may | ||||
| also include information related to QoS, billing and accounting, | ||||
| layer-3 related interconnect requirements which are out of the scope | ||||
| of this document. | ||||
| Some aspects of session peering policies must be agreed to and | Some aspects of session peering policies must be agreed to and | |||
| manually implemented; they are static and are typically documented as | manually implemented; they are static and are typically documented as | |||
| part of a business contract, technical document or agreement between | part of a business contract, technical document or agreement between | |||
| parties. For some parameters linked to protocol support and | parties. For some parameters linked to protocol support and | |||
| capabilities, standard ways of expressing those policy parameters may | capabilities, standard ways of expressing those policy parameters may | |||
| be defined among SSP and exchanged dynamically. For e.g., templates | be defined among SSP and exchanged dynamically. For e.g., templates | |||
| could be created in various document formats so that it could be | could be created in various document formats so that it could be | |||
| possible to dynamically discover some of the domain policy. Such | possible to dynamically discover some of the domain policy. Such | |||
| templates could be initiated by implementers (for each software/ | templates could be initiated by implementers (for each software/ | |||
| skipping to change at page 24, line 50 | skipping to change at page 22, line 22 | |||
| Layer-5 performance metrics should be defined and shared between | Layer-5 performance metrics should be defined and shared between | |||
| peers. The performance metrics apply directly to signaling or | peers. The performance metrics apply directly to signaling or | |||
| media; they may be used pro-actively to help avoid congestion, | media; they may be used pro-actively to help avoid congestion, | |||
| call quality issues or call signaling failures, and as part of | call quality issues or call signaling failures, and as part of | |||
| monitoring techniques, they can be used to evaluate the | monitoring techniques, they can be used to evaluate the | |||
| performance of peering exchanges. | performance of peering exchanges. | |||
| Examples of SIP performance metrics include the maximum number of | Examples of SIP performance metrics include the maximum number of | |||
| SIP transactions per second on per domain basis, Session | SIP transactions per second on per domain basis, Session | |||
| Completion Rate (SCR), Session Establishment Rate (SER), etc. | Completion Rate (SCR), Session Establishment Rate (SER), etc. | |||
| Some SIP end-to-end performance metrics are defined in | Some SIP end-to-end performance metrics are defined in | |||
| [I-D.draft-malas-performance-metrics]; a subset of these may be | [I-D.draft-ietf-pmol-sip-perf-metrics]; a subset of these may be | |||
| applicable to session peering and interconnects. | applicable to session peering and interconnects. | |||
| Some media-related metrics for monitoring VoIP calls have been | Some media-related metrics for monitoring VoIP calls have been | |||
| defined in the VoIP Metrics Report Block, in Section 4.7 of | defined in the VoIP Metrics Report Block, in Section 4.7 of | |||
| [RFC3611]. | [RFC3611]. | |||
| o Security: | o Security: | |||
| An SSP should describe the security requirements that other peers | An SSP should describe the security requirements that other peers | |||
| must meet in order to terminate calls to its network. While such | must meet in order to terminate calls to its network. While such | |||
| a list of security-related policy parameters often depends on the | a list of security-related policy parameters often depends on the | |||
| security models pre-agreed to by peers, it is expected that these | security models pre-agreed to by peers, it is expected that these | |||
| End of changes. 54 change blocks. | ||||
| 308 lines changed or deleted | 179 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||