--- 1/draft-ietf-speermint-requirements-07.txt 2009-10-26 20:12:26.000000000 +0100 +++ 2/draft-ietf-speermint-requirements-08.txt 2009-10-26 20:12:26.000000000 +0100 @@ -1,99 +1,107 @@ SPEERMINT Working Group J-F. Mule Internet-Draft CableLabs -Intended status: Informational October 17, 2008 -Expires: April 20, 2009 +Intended status: Informational October 26, 2009 +Expires: April 29, 2010 SPEERMINT Requirements for SIP-based Session Peering - draft-ietf-speermint-requirements-07.txt + draft-ietf-speermint-requirements-08.txt Status of this Memo - By submitting this Internet-Draft, each author represents that any - applicable patent or other IPR claims of which he or she is aware - have been or will be disclosed, and any of which he or she becomes - aware will be disclosed, in accordance with Section 6 of BCP 79. + This Internet-Draft is submitted to IETF in full conformance with the + provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on April 20, 2009. + This Internet-Draft will expire on April 29, 2010. + +Copyright Notice + + Copyright (c) 2009 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents in effect on the date of + publication of this document (http://trustee.ietf.org/license-info). + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. Abstract This memo captures protocol requirements to enable session peering of voice, presence, instant messaging and other types of multimedia traffic. It is based on the use cases that have been described in the SPEERMINT working group. This informational document is intended to link the session peering use cases to protocol solutions. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Border Elements . . . . . . . . . . . . . . . . . . . . . 5 - 3.3. Session Establishment Data . . . . . . . . . . . . . . . . 8 - 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 8 - 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 9 + 3.3. Session Establishment Data . . . . . . . . . . . . . . . . 9 + 3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 9 + 3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 10 4. Requirements for Session Peering of Presence and Instant - Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 + Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 5.1. Security Properties for the Acquisition of Session - Establishment Data . . . . . . . . . . . . . . . . . . . . 12 - 5.2. Security Properties for the SIP signaling exchanges . . . 13 - 5.3. End-to-End Media Security . . . . . . . . . . . . . . . . 14 - 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 - 8.1. Normative References . . . . . . . . . . . . . . . . . . . 17 - 8.2. Informative References . . . . . . . . . . . . . . . . . . 17 - Appendix A. Policy Parameters for Session Peering . . . . . . . . 20 + Establishment Data . . . . . . . . . . . . . . . . . . . . 13 + 5.2. Security Properties for the SIP signaling exchanges . . . 14 + 5.3. End-to-End Media Security . . . . . . . . . . . . . . . . 15 + 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 18 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 18 + Appendix A. Policy Parameters for Session Peering . . . . . . . . 22 A.1. Categories of Parameters for VoIP Session Peering and - Justifications . . . . . . . . . . . . . . . . . . . . . . 20 + Justifications . . . . . . . . . . . . . . . . . . . . . . 22 A.2. Summary of Parameters for Consideration in Session - Peering Policies . . . . . . . . . . . . . . . . . . . . . 23 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25 - Intellectual Property and Copyright Statements . . . . . . . . . . 26 + Peering Policies . . . . . . . . . . . . . . . . . . . . . 25 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 27 1. Introduction Peering at the session level represents an agreement between parties - to exchange multimedia traffic. It is assumed that these sessions - use the Session Initiation Protocol (SIP) protocol to enable peering - between two or more actors. These actors are called SIP Service - Providers (SSPs) and they are typically represented by users, user - groups such as enterprises, real-time collaboration service + to exchange multimedia traffic. In this document, we assume that the + Session Initiation Protocol (SIP) is used to establish sessions + between SIP Service Providers (SSPs). SIP Service Providers are + referred to as peers and they are typically represented by users, + user groups, enterprises, real-time collaboration service communities, or other service providers offering voice or multimedia services using SIP. - A reference architecture for SIP session peering is described in - [I-D.ietf-speermint-architecture]. A number of use cases describe - how session peering has been or could be deployed based on the - reference architecture - ([I-D.ietf-speermint-voip-consolidated-usecases] and - [I-D.ietf-speermint-consolidated-presence-im-usecases]). + A number of documents have been developed to provide background + information about SIP session peering. It is expected that the + reader is familiar with the reference architecture described in + [I-D.ietf-speermint-architecture], use cases for voice + ([I-D.ietf-speermint-voip-consolidated-usecases]) and instant + messaging and presence ([RFC5344]). Peering at the session layer can be achieved on a bilateral basis (direct peering established directly between two SSPs), or on an indirect basis via a session intermediary (indirect peering via a third-party SSP that has a trust relationship with the SSPs) - see the terminology document for more details. This document first describes general requirements. The use cases are then analyzed in the spirit of extracting relevant protocol requirements that must be met to accomplish the use cases. These @@ -111,60 +119,59 @@ a session peering policy, provided in an informative appendix. It should be considered as an example of the information SIP Service Providers may have to discuss or agree on to exchange SIP traffic. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. - This document also reuses the terminology defined in - [I-D.ietf-speermint-terminology]. It is assumed that the reader is - familiar with the Session Description Protocol (SDP) [RFC4566] and - the Session Initiation Protocol (SIP) [RFC3261]. Finally, when used - with capital letters, the terms 'Authentication Service' are to be - understood as defined by SIP Identity [RFC4474]. + This document also reuses the terminology defined in [RFC5486]. It + is assumed that the reader is familiar with the Session Description + Protocol (SDP) [RFC4566] and the Session Initiation Protocol (SIP) + [RFC3261]. Finally, when used with capital letters, the terms + 'Authentication Service' are to be understood as defined by SIP + Identity [RFC4474]. 3. General Requirements The following sub-sections contain general requirements applicable to multiple use cases for multimedia session peering. 3.1. Scope The primary focus of this document is on the requirements applicable to the boundaries of Layer 5 SIP networks: SIP entities, Signaling path Border Elements (SBEs), and the associated protocol requirements for the look-up and location routing of the session establishment - data. The requirements applicable to SIP UAs or related to the - provisioning of the session data are considered out of scope. + data. The requirements applicable to SIP User Agents or related to + the provisioning of the session data are considered out of scope. - SSPs desiring to establish session peering relationships have to - reach an agreement on numerous points. + SIP Service Providers have to reach an agreement on numerous points + when establishing session peering relationships . This document highlights only certain aspects of a session peering agreement, mostly the requirements relevant to protocols: the declaration, advertisement and management of ingress and egress border elements for session signaling and media, information related to the Session Establishment Data (SED), and the security properties that may be desirable for secure session exchanges. Numerous other considerations of session peering arrangements are critical to reach a successful agreement but they are considered out - of scope of the SPEERMINT working group. They include information - about SIP protocol support (e.g. SIP extensions and field - conventions), media (e.g., type of media traffic to be exchanged, - compatible media codecs and transport protocols, mechanisms to ensure - differentiated quality of service for media), layer-3 IP connectivity - between the Signaling and Data path Border Elements, accounting and - traffic capacity control (e.g. the maximum number of SIP sessions at - each ingress point, or the maximum number of concurrent IM or VoIP - sessions). + of scope of this document. They include information about SIP + protocol support (e.g. SIP extensions and field conventions), media + (e.g., type of media traffic to be exchanged, compatible media codecs + and transport protocols, mechanisms to ensure differentiated quality + of service for media), layer-3 IP connectivity between the Signaling + and Data path Border Elements, accounting and traffic capacity + control (e.g. the maximum number of SIP sessions at each ingress + point, or the maximum number of concurrent IM or VoIP sessions). The informative Appendix A lists parameters that may be considered when discussing the technical parameters of SIP session peering. The purpose of this list is to capture the parameters that are considered outside the scope of the protocol requirements. 3.2. Border Elements For border elements to be operationally manageable, maximum flexibility should be given for how they are declared or dynamically @@ -183,23 +190,24 @@ o Requirement #1: Protocol mechanisms MUST be provided to enable a SIP Service Provider to communicate the ingress Signaling Path Border Elements of its service domain. Notes on solution space: The SBEs may be advertised to session peers using static mechanisms or they may be dynamically advertised. There is general agreement that [RFC3263] provides a solution for dynamically advertising ingress SBEs in most cases of Direct or - Indirect peering. However, this DNS-based solution may be limited - in cases where the DNS response varies based on who sends the - query (peer-dependent SBEs, see below). + Indirect peering. We discussed the DNS-based solution space + further in Requirement #4 below, especially in cases where the DNS + response varies based on who sends the query (peer-dependent + SBEs). o Requirement #2: Protocol mechanisms MUST be provided to enable a SIP Service Provider to communicate the egress SBEs of its service domain. Notes on motivations for this requirement: For the purposes of capacity planning, traffic engineering and call admission control, a SIP Service Provider may be asked where it will generate SIP calls from. The SSP accepting calls from a peer may wish to know where SIP calls will originate from (this @@ -215,69 +223,93 @@ policies and accept media traffic from anywhere outside their network to anywhere inside their network, some SSPs may want to optimize media delivery and identify media paths between peers prior to traffic being sent (layer 5 to layer 3 QoS mapping). o Requirement #3: Protocol mechanisms MUST be provided to allow a SIP Service Provider to communicate its DBEs to its peers. Notes: Some SSPs engaged in SIP interconnects do exchange this - type of DBE information today in a static manner. Some SSPs do - not. + type of DBE information in a static manner. Some SSPs do not. - In some SIP networks, SSPs operate the same border elements for all - peers. In other SIP networks, it is common for SSPs to advertise - specific SBEs and DBEs to certain peers: the advertisement of SBEs - and DBEs may be peer-dependent. + In some SIP networks, SSPs may expose the same border elements to all + peers. In other environments, it is common for SSPs to advertise + specific SBEs and DBEs to certain peers. This is done by SSPs to + meet specific objectives for a given peer: routing optimization of + the signaling and media exchanges, optimization of the latency or + throughput based on the 'best' SBE and DBE combination, and other + service provider policy parameters. These are some of the reasons + why advertisement of SBEs and DBEs may be peer-dependent. o Requirement #4: The mechanisms recommended for the declaration or advertisement of SBE and DBE entities MUST allow for peer variability. Notes on solution space: - For advertising peer-dependent SBEs (peer variability), the - solution space based on [RFC3263] is under specified and there are - no know best current practices. Is DNS the right place for - putting data that varies based on who asks? + A simple solution is to advertise SBE entities using DNS and + [RFC3263] by providing different DNS names to different peers. + This approach has some practical limitations because the SIP URIs + containing the DNS names used to resolve the SBEs may be + propagated by users, for example in the form of sip:user@domain. + It is impractical to ask users to use different target URIs based + upon their SIP service provider's desire to receive incoming + session signaling at different ingress SBEs based upon the + originator. The solution described in [RFC3263] and based on DNS + to advertise SBEs is therefore under-specified for this + requirement. + Other DNS mechanisms have been used extensively in other areas of + the Internet, in particular in Content Distribution + Internetworking to make the DNS responses vary based on the + originator of the DNS query (see [RFC3466], [RFC3568] and + [RFC3570]). The applicability of such solutions needs for session + peering needs further analysis. + Finally, other techniques such as Anycast services ([RFC4786]) may + be employed at lower layers than Layer 5 to provide a solution to + this requirement. For example, anycast nodes could be defined by + SIP service providers to expose a common address for SBEs into + DNS, allowing the resolution of the anycast node address to the + appropriate peer-dependent service address based on the routing + topology or other criteria gathered from the combined use of + anycast and DNS techniques. - Notes on media-variability of such advertisements: + Notes on variability of the SBE advertisements based on the media + capabilities: Some SSPs may have some restrictions on the type of media traffic their SBEs can accept. For SIP sessions however, it is not possible to communicate those restrictions in advance of the session initiation: a SIP target may support voice-only media, voice and video, or voice and instant messaging communications. While the inability to find out whether a particular type of SIP session can be terminated by a certain SBE can cause failed session establishment attempts, there is consensus to not add a - new requirement for this. These aspects are essentially covered - by SSPs when discussing traffic exchange policies (out of scope of - this document). + new requirement in this document. These aspects are essentially + covered by SSPs when discussing traffic exchange policies and are + deemed out of scope of this document. In the use cases provided as part of direct and indirect peering scenarios, an SSP deals with multiple SIP entities and multiple SBEs in its own domain. There is often a many-to-many relationship between the SIP Proxies considered inside the trusted network boundary of the SSP and its Signaling path Border Elements at the network boundaries. It should be possible for an SSP to define which egress SBE a SIP entity must use based on a given peer destination. For example, in the case of an indirect peering scenario (section 5. - of [I-D.ietf-speermint-voip-consolidated-usecases], Figure 5), it - should be possible for the SIP proxy in the originating network - (O-Proxy) to select the appropriate egress SBE (O-SBE) to reach the - SIP target based on the information the proxy receives from the - Lookup Function (O-LUF) and/or Location Routing Function (O-LRF) - - message response labeled (2). Note that this example also applies to - the case of Direct Peering when a service provider has multiple - service areas and each service area involves multiple SIP Proxies and - a few SBEs. + of [I-D.ietf-speermint-voip-consolidated-usecases]), it should be + possible for the SIP proxy in the originating network (O-Proxy) to + select the appropriate egress SBE (O-SBE) to reach the SIP target + based on the information the proxy receives from the Lookup Function + (O-LUF) and/or Location Routing Function (O-LRF) - message response + labeled (2). Note that this example also applies to the case of + Direct Peering when a service provider has multiple service areas and + each service area involves multiple SIP Proxies and a few SBEs. o Requirement #5: The mechanisms recommended for the Look-Up Function (LUF) and the Location Routing Functions (LRF) MUST be capable of returning both a target URI destination and a value providing the next SIP hop(s). Notes: solutions may exist depending on the choice of the protocol used between the Proxy and its LUF/LRF. The idea is for the O-Proxy to be provided with the next SIP hop and the equivalent of @@ -286,29 +318,30 @@ It is desirable for an SSP to be able to communicate how authentication of a peer's SBEs will occur (see the security requirements for more details). o Requirement #6: The mechanisms recommended for locating a peer's SBE MUST be able to convey how a peer should initiate secure session establishment. Notes : some mechanisms exist. For example, the required protocol - use of SIP over TLS may be discovered via [RFC3263]. + use of SIP over TLS may be discovered via [RFC3263] and guidelines + concerning the use of the SIPS URI scheme in SIP have been + documented in [RFC5630]. 3.3. Session Establishment Data - The Session Establishment Data (SED) is defined in - [I-D.ietf-speermint-terminology] as the data used to route a call to - the next hop associated with the called domain's ingress point. The - following paragraphs capture some general requirements on the SED - data. + The Session Establishment Data (SED) is defined in [RFC5486] as the + data used to route a call to the next hop associated with the called + domain's ingress point. The following paragraphs capture some + general requirements on the SED data. 3.3.1. User Identities and SIP URIs User identities used between peers can be represented in many different formats. Session Establishment Data should rely on URIs (Uniform Resource Identifiers, [RFC3986]) and SIP URIs should be preferred over tel URIs ([RFC3966]) for session peering of VoIP traffic. The use of DNS domain names and hostnames is recommended in SIP URIs and they should be resolvable on the public Internet. As for the @@ -359,91 +393,96 @@ possible to avoid extra protocol round trips. o Requirement #9: The mechanisms for session peering MUST allow an SBE to locate its peer SBE given a URI type and the target SSP domain name. 4. Requirements for Session Peering of Presence and Instant Messaging This section describes requirements for presence and instant messaging session peering. Several use cases for presence and - instant messaging peering are described in - [I-D.ietf-speermint-consolidated-presence-im-usecases], a document - authored by A. Houri, E. Aoki and S. Parameswar. Credits for this - section must go to A. Houri, E. Aoki and S. Parameswar. - - The following requirements for presence and instant messaging session - peering are derived from - [I-D.ietf-speermint-consolidated-presence-im-usecases] and an initial - set of related requirements published by A. Houri, E. Aoki and S. - Parameswar: + instant messaging peering are described in [RFC5344], a document + authored by A. Houri, E. Aoki and S. Parameswar. Credits for the + original content captured in this section must go to them. o Requirement #10: The mechanisms recommended for the exchange of presence - information between SSPs MUST allow a user of one SSP's presence - community to subscribe presentities served by another SSP via its - local community, including subscriptions to a single presentity, a - personal, public or ad-hoc group list of presentities. + information between SSPs SHOULD allow a user of one presence + community to send a presence subscription request to presentities + served by another SSP via its local community, including + subscriptions to a single presentity, a personal, public or ad-hoc + group list of presentities. - Notes: see section 2.2 of - [I-D.ietf-speermint-consolidated-presence-im-usecases]. + Notes: see section 2.2 of [RFC5344]. o Requirement #11: - The mechanisms recommended for Instant Messaging message exchanges - between SSPs MUST allow a user of one SSP's community to - communicate with users of the other SSP community via their local - community using various methods. Such methods include sending a - one-time IM message, initiating a SIP session for transporting - sessions of messages, participating in n-way chats using chat - rooms with users from the peer SSPs, sending a file or sharing a - document. + The mechanisms recommended for Instant Messaging exchanges between + SSPs SHOULD allow a user of one SSP's community to communicate + with users of the other SSP community via their local community + using the various methods. Note that some SSPs may exercise some + control over which methods are allowed based on service policies. + Such methods include sending a one-time IM message, initiating a + SIP session for transporting sessions of messages, participating + in n-way chats using chat rooms with users from the peer SSPs, + etc. - Notes: see section 2.6 of - [I-D.ietf-speermint-consolidated-presence-im-usecases]. + Notes: see section 2.6 of [RFC5344]. o Requirement #12: Privacy Sharing - In order to enable sending less notifications between communities, - there should be a mechanism that will enable sharing privacy - information of users between the communities. This will enable - sending a single notification per presentity that will be sent to - the appropriate watchers on the other community according to the + In some presence communities, users can define the list of + watchers that receive presence notifications for a given + presentity. Such privacy settings for watcher notifications per + presentity are typically not shared across SSPs causing multiple + notifications to be sent for one presentity change between SSPs. + The sharing of those privacy settings per presentity between SSPs + would allow fewer notifications: a single notification would be + sent per presentity and the terminating SSP would send + notifications to the appropriate watchers according to the presentity's privacy information. - The privacy sharing mechanism must be done in a way that will - enable getting the consent of the user whose privacy will be sent - to the other community prior to sending the privacy information. - - if user consent is not give, it should not be possible to this - optimization. In addition to getting the consent of users - regarding privacy sharing, the privacy data must be sent only via - secure channels between communities. + The mechanisms recommended for Presence information exchanges + between SSPs SHOULD allow the sharing of some user privacy + settings in order for users to convey the list of watchers that + can receive notification of presence information changes on a per + presentity basis. + The privacy sharing mechanism must be done with the express + consent of the user whose privacy settings will be shared with to + the other community. Because of the privacy-sensitive information + exchanged between SSPs, the protocols used for the exchange of + presence information must follow the security recommendations + defined in section 6 of [RFC3863]. - Notes: see section 2.3 of - [I-D.ietf-speermint-consolidated-presence-im-usecases]. + Notes: see section 2.3 of [RFC5344]. - o Requirement #13: Multiple Recipients + o Requirement #13: Multiple Watchers It should be possible to send a presence document with a list of watchers on the other community that should receive the presence document notification. This will enable sending less presence document notifications between the communities while avoiding the need to share privacy information of presentities from one community to the other. + The systems used to exchange presence documents between SSPs + SHOULD allow more than one watchers to be passed with a presence + document. - o Requirement #14: Mappings - Early deployments of SIP based presence and IM gateways are done - in front of legacy proprietary systems that use different names - for different properties that exist in PIDF. For example "Do Not - Disturb" may be translated to "Busy" in another system. In order - to make sure that the meaning of the status is preserved, there is - a need that either each system will translate its internal - statuses to standard PIDF based statuses of a translation table of - proprietary statuses to standard based PIDF statuses will be - provided from one system to the other. + o Requirement #14: Standard PIDF Documents and Mappings + Early deployments of SIP-based presence and Instant Messaging + gateways have been done in front of legacy proprietary systems + that use different naming schemes or name values for the elements + and properties defined in a Presence Information Data Format + (PIDF) document ([RFC3863]). For example the value "Do Not + Disturb" in one presence service may be mapped to "Busy" in + another system for the status element. Beyond this example of + status values, it is important to ensure that the meaning of the + presence information is preserved between SSPs. + The systems used to exchange presence documents between SSPs + SHOULD use standard PIDF documents and translate any non-standard + value of a PIDF element to a standard one. 5. Security Considerations This section describes the security properties that are desirable for the protocol exchanges in scope of session peering. Three types of information flows are described in the architecture and use case documents: the acquisition of the Session Establishment Data (SED) based on a destination target via the Lookup and Location Routing Functions (LUF and LRF), the SIP signaling between SIP Service Providers, and the associated media exchanges. @@ -454,28 +493,27 @@ security mechanisms as required by [RFC3365]; this is left for future protocol solutions that meet the requirements. A security threat analysis provides additional guidance for session peering ([I-D.niccolini-speermint-voipthreats]). 5.1. Security Properties for the Acquisition of Session Establishment Data The Look-Up Function (LUF) and Location Routing Function (LRF) are - defined in [I-D.ietf-speermint-terminology]. They provide mechanisms - for determining the SIP target address and domain the request should - be sent to, and the associated SED to route the request to that - domain. + defined in [RFC5486]. They provide mechanisms for determining the + SIP target address and domain the request should be sent to, and the + associated SED to route the request to that domain. o Requirement #15: The protocols used to query the Lookup and Location Routing - Functions MUST support mutual authentication. + Functions SHOULD support mutual authentication. Motivations: A mutual authentication service is desirable for the LUF and LRF protocol exchanges. The content of the response returned by the LUF and LRF may depend on the identity of the requestor: the authentication of the LUF & LRF requests is therefore a desirable property. Mutual authentication is also desirable: the requestor may verify the identity of the systems that provided the LUF & LRF responses given the nature of the data returned in those responses. Authentication also provides some protection for the @@ -546,44 +584,47 @@ The establishment of media security may be achieved along the media path and not over the signaling path given the indirect peering use cases. For example, media carried over the Real-Time Protocol (RTP) can be secured using secure RTP (SRTP [RFC3711]). A framework for establishing SRTP security using Datagram TLS [RFC4347] is described in [I-D.ietf-sip-dtls-srtp-framework]: it allows for end-to-end media security establishment using extensions to DTLS ([I-D.ietf-avt-dtls-srtp]). It should also be noted that media can be carried in numerous - protocols other than RTP such as SIP (SIP MESSAGE method), MSRP, - XMPP, etc., over TCP ([RFC4571]), and that it can be encrypted over - secure connection-oriented transport sessions over TLS ([RFC4572]). + protocols other than RTP such as SIP (SIP MESSAGE method), MSRP (the + Message Session Relay Protocol, [RFC4975], XMPP (the Extensible + Messaging and Presence Protocol, [RFC3920]) and many others. Media + may also be carried over TCP ([RFC4571]), and it can be encrypted + over secure connection-oriented transport sessions over TLS + ([RFC4572]). A desirable security property for session peering is for SIP entities to be transparent to the end-to-end media security negotiations: SIP entities should not intervene in the Session Description Protocol (SDP) exchanges for end-to-end media security. o Requirement #17: The protocols used to enable session peering MUST NOT interfere with the exchanges of media security attributes in SDP. Media attribute lines that are not understood by SBEs MUST be ignored and passed along the signaling path untouched. 6. Acknowledgments This document is based on the input and contributions made by a large - number of people in the SPEERMINT working group, including: Edwin - Aoki, Scott Brim, John Elwell, Mike Hammer, Avshalom Houri, Richard - Shocky, Henry Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar - Lendl, Daryl Malas, Dave Meyer, Sriram Parameswar, Jon Peterson, - Jason Livingood, Bob Natale, Benny Rodrig, Brian Rosen, Eric - Rosenfeld, Adam Uzelac, and David Schwartz. + number of people including: Bernard Aboba, Edwin Aoki, Scott Brim, + John Elwell, Mike Hammer, Avshalom Houri, Richard Shocky, Henry + Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar Lendl, Daryl + Malas, Dave Meyer, Sriram Parameswar, Jon Peterson, Jason Livingood, + Bob Natale, Benny Rodrig, Brian Rosen, Eric Rosenfeld, Peter Saint- + Andre, David Schwartz and Adam Uzelac. Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their initial drafts describing guidelines or best current practices in various environments, to Avshalom Houri, Edwin Aoki and Sriram Parameswar for authoring the presence and instant messaging requirements and to Dan Wing for providing detailed feedback on the security consideration sections. 7. IANA Considerations @@ -595,72 +636,55 @@ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 8.2. Informative References [I-D.ietf-avt-dtls-srtp] McGrew, D. and E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP)", - draft-ietf-avt-dtls-srtp-05 (work in progress), - September 2008. + draft-ietf-avt-dtls-srtp-07 (work in progress), + February 2009. [I-D.ietf-pmol-sip-perf-metrics] - Malas, D., "SIP End-to-End Performance Metrics", - draft-ietf-pmol-sip-perf-metrics-01 (work in progress), - June 2008. + Malas, D. and A. Morton, "SIP End-to-End Performance + Metrics", draft-ietf-pmol-sip-perf-metrics-04 (work in + progress), September 2009. [I-D.ietf-sip-connect-reuse] - Mahy, R., Gurbani, V., and B. Tate, "Connection Reuse in + Gurbani, V., Mahy, R., and B. Tate, "Connection Reuse in the Session Initiation Protocol (SIP)", - draft-ietf-sip-connect-reuse-11 (work in progress), - July 2008. + draft-ietf-sip-connect-reuse-14 (work in progress), + August 2009. [I-D.ietf-sip-dtls-srtp-framework] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework for Establishing an SRTP Security Context using DTLS", - draft-ietf-sip-dtls-srtp-framework-04 (work in progress), - October 2008. - - [I-D.ietf-sip-hitchhikers-guide] - Rosenberg, J., "A Hitchhiker's Guide to the Session - Initiation Protocol (SIP)", - draft-ietf-sip-hitchhikers-guide-05 (work in progress), - February 2008. + draft-ietf-sip-dtls-srtp-framework-07 (work in progress), + March 2009. [I-D.ietf-speermint-architecture] - Penno, R., "SPEERMINT Peering Architecture", - draft-ietf-speermint-architecture-06 (work in progress), - May 2008. - - [I-D.ietf-speermint-consolidated-presence-im-usecases] - Houri, A., "Presence & Instant Messaging Peering Use - Cases", - draft-ietf-speermint-consolidated-presence-im-usecases-05 - (work in progress), July 2008. - - [I-D.ietf-speermint-terminology] - Malas, D. and D. Meyer, "SPEERMINT Terminology", - draft-ietf-speermint-terminology-16 (work in progress), - February 2008. + Penno, R. and S. Khan, "SPEERMINT Peering Architecture", + draft-ietf-speermint-architecture-08 (work in progress), + March 2009. [I-D.ietf-speermint-voip-consolidated-usecases] Uzelac, A. and Y. Lee, "VoIP SIP Peering Use Cases", - draft-ietf-speermint-voip-consolidated-usecases-10 (work - in progress), August 2008. + draft-ietf-speermint-voip-consolidated-usecases-14 (work + in progress), August 2009. [I-D.niccolini-speermint-voipthreats] - Niccolini, S., Chen, E., and J. Seedorf, "SPEERMINT - Security Threats and Suggested Countermeasures", - draft-niccolini-speermint-voipthreats-04 (work in - progress), July 2008. + Niccolini, S., Chen, E., Seedorf, J., and H. Scholz, + "SPEERMINT Security Threats and Suggested + Countermeasures", draft-niccolini-speermint-voipthreats-05 + (work in progress), October 2008. [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, September 1997. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. @@ -671,45 +695,58 @@ [RFC3365] Schiller, J., "Strong Security Requirements for Internet Engineering Task Force Standard Protocols", BCP 61, RFC 3365, August 2002. [RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd-Generation Partnership Project (3GPP)", RFC 3455, January 2003. + [RFC3466] Day, M., Cain, B., Tomlinson, G., and P. Rzewski, "A Model + for Content Internetworking (CDI)", RFC 3466, + February 2003. + [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003. - [RFC3603] Marshall, W. and F. Andreasen, "Private Session Initiation - Protocol (SIP) Proxy-to-Proxy Extensions for Supporting - the PacketCable Distributed Call Signaling Architecture", - RFC 3603, October 2003. + [RFC3568] Barbir, A., Cain, B., Nair, R., and O. Spatscheck, "Known + Content Network (CN) Request-Routing Mechanisms", + RFC 3568, July 2003. + + [RFC3570] Rzewski, P., Day, M., and D. Gilletti, "Content + Internetworking (CDI) Scenarios", RFC 3570, July 2003. [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control Protocol Extended Reports (RTCP XR)", RFC 3611, November 2003. [RFC3702] Loughney, J. and G. Camarillo, "Authentication, Authorization, and Accounting Requirements for the Session Initiation Protocol (SIP)", RFC 3702, February 2004. [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, March 2004. [RFC3824] Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using E.164 numbers with the Session Initiation Protocol (SIP)", RFC 3824, June 2004. + [RFC3863] Sugano, H., Fujimoto, S., Klyne, G., Bateman, A., Carr, + W., and J. Peterson, "Presence Information Data Format + (PIDF)", RFC 3863, August 2004. + + [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence + Protocol (XMPP): Core", RFC 3920, October 2004. + [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security", RFC 4347, April 2006. @@ -721,23 +758,48 @@ Description Protocol", RFC 4566, July 2006. [RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) Packets over Connection- Oriented Transport", RFC 4571, July 2006. [RFC4572] Lennox, J., "Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)", RFC 4572, July 2006. + [RFC4786] Abley, J. and K. Lindqvist, "Operation of Anycast + Services", BCP 126, RFC 4786, December 2006. + [RFC4916] Elwell, J., "Connected Identity in the Session Initiation Protocol (SIP)", RFC 4916, June 2007. + [RFC4975] Campbell, B., Mahy, R., and C. Jennings, "The Message + Session Relay Protocol (MSRP)", RFC 4975, September 2007. + + [RFC5344] Houri, A., Aoki, E., and S. Parameswar, "Presence and + Instant Messaging Peering Use Cases", RFC 5344, + October 2008. + + [RFC5411] Rosenberg, J., "A Hitchhiker's Guide to the Session + Initiation Protocol (SIP)", RFC 5411, February 2009. + + [RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia + Interconnect (SPEERMINT) Terminology", RFC 5486, + March 2009. + + [RFC5503] Andreasen, F., McKibben, B., and B. Marshall, "Private + Session Initiation Protocol (SIP) Proxy-to-Proxy + Extensions for Supporting the PacketCable Distributed Call + Signaling Architecture", RFC 5503, March 2009. + + [RFC5630] Audet, F., "The Use of the SIPS URI Scheme in the Session + Initiation Protocol (SIP)", RFC 5630, October 2009. + Appendix A. Policy Parameters for Session Peering This informative section lists various types of parameters that should be considered by implementers when deciding what configuration variables to expose to system administrators or management stations, as well as SSPs or federations of SSPs when discussing the technical part of a session peering policy. In the context of session peering, a policy can be defined as the set of parameters and other information needed by an SSP to exchange @@ -810,36 +872,36 @@ * A session peering policy should include the list of supported and required SIP RFCs, supported and required SIP methods (including private p headers if applicable), error response codes, supported or recommended format of some header field values , etc. * It should also be possible to describe the list of supported SIP RFCs by various functional groupings. A group of SIP RFCs may represent how a call feature is implemented (call hold, transfer, conferencing, etc.), or it may indicate a functional - grouping as in [I-D.ietf-sip-hitchhikers-guide]. + grouping as in [RFC5411]. o Accounting: Methods used for call or session accounting should be specified. An SSP may require a peer to track session usage. It is critical for peers to determine whether the support of any SIP extensions for accounting is a pre-requisite for SIP interoperability. In some cases, call accounting may feed data for billing purposes but not always: some operators may decide to use accounting as a 'bill and keep' model to track session usage and monitor usage against service level agreements. [RFC3702] defines the terminology and basic requirements for accounting of SIP sessions. A few private SIP extensions have also been defined and used over the years to enable call accounting between SSP domains such as the P-Charging* headers in - [RFC3455], the P-DCS-Billing-Info header in [RFC3603], etc. + [RFC3455], the P-DCS-Billing-Info header in [RFC5503], etc. o Performance Metrics: Layer-5 performance metrics should be defined and shared between peers. The performance metrics apply directly to signaling or media; they may be used pro-actively to help avoid congestion, call quality issues or call signaling failures, and as part of monitoring techniques, they can be used to evaluate the performance of peering exchanges. Examples of SIP performance metrics include the maximum number of SIP transactions per second on per domain basis, Session @@ -946,50 +1008,10 @@ Author's Address Jean-Francois Mule CableLabs 858 Coal Creek Circle Louisville, CO 80027 USA Email: jf.mule@cablelabs.com - -Full Copyright Statement - - Copyright (C) The IETF Trust (2008). - - This document is subject to the rights, licenses and restrictions - contained in BCP 78, and except as set forth therein, the authors - retain all their rights. - - This document and the information contained herein are provided on an - "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS - OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND - THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS - OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF - THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED - WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -Intellectual Property - - The IETF takes no position regarding the validity or scope of any - Intellectual Property Rights or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; nor does it represent that it has - made any independent effort to identify any such rights. Information - on the procedures with respect to rights in RFC documents can be - found in BCP 78 and BCP 79. - - Copies of IPR disclosures made to the IETF Secretariat and any - assurances of licenses to be made available, or the result of an - attempt made to obtain a general license or permission for the use of - such proprietary rights by implementers or users of this - specification can be obtained from the IETF on-line IPR repository at - http://www.ietf.org/ipr. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights that may cover technology that may be required to implement - this standard. Please address the information to the IETF at - ietf-ipr@ietf.org.