draft-ietf-speermint-requirements-11.txt   rfc6271.txt 
SPEERMINT Working Group J-F. Mule Internet Engineering Task Force (IETF) J-F. Mule
Internet-Draft CableLabs Request for Comments: 6271 CableLabs
Intended status: Informational March 11, 2011 Category: Informational June 2011
Expires: September 12, 2011 ISSN: 2070-1721
Requirements for SIP-based Session Peering Requirements for SIP-Based Session Peering
draft-ietf-speermint-requirements-11.txt
Abstract Abstract
This memo captures protocol requirements to enable session peering of This memo captures protocol requirements to enable session peering of
voice, presence, instant messaging and other types of multimedia voice, presence, instant messaging, and other types of multimedia
traffic. This informational document is intended to link the various traffic. This informational document is intended to link the various
use cases described for session peering to protocol solutions. use cases described for session peering to protocol solutions.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This document is not an Internet Standards Track specification; it is
Task Force (IETF). Note that other groups may also distribute published for informational purposes.
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
This Internet-Draft will expire on September 12, 2011. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6271.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology .....................................................3
3. General Requirements . . . . . . . . . . . . . . . . . . . . . 5 3. General Requirements ............................................3
3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Scope ......................................................4
3.2. Border Elements . . . . . . . . . . . . . . . . . . . . . 5 3.2. Border Elements ............................................4
3.3. Session Establishment Data . . . . . . . . . . . . . . . . 9 3.3. Session Establishment Data .................................8
3.3.1. User Identities and SIP URIs . . . . . . . . . . . . . 9 3.3.1. User Identities and SIP URIs ........................8
3.3.2. URI Reachability . . . . . . . . . . . . . . . . . . . 10 3.3.2. URI Reachability ....................................9
4. Requirements for Session Peering of Presence and Instant 4. Requirements for Session Peering of Presence and
Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Instant Messaging ..............................................10
5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 5. Security Considerations ........................................12
5.1. Security Properties for the Acquisition of Session 5.1. Security Properties for the Acquisition of Session
Establishment Data . . . . . . . . . . . . . . . . . . . . 13 Establishment Data ........................................12
5.2. Security Properties for the SIP signaling exchanges . . . 14 5.2. Security Properties for the SIP Signaling Exchanges .......13
5.3. End-to-End Media Security . . . . . . . . . . . . . . . . 15 5.3. End-to-End Media Security .................................14
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 6. Acknowledgments ................................................15
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 7. References .....................................................15
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 7.1. Normative References ......................................15
8.1. Normative References . . . . . . . . . . . . . . . . . . . 18 7.2. Informative References ....................................15
8.2. Informative References . . . . . . . . . . . . . . . . . . 18 Appendix A. Policy Parameters for Session Peering .................19
Appendix A. Policy Parameters for Session Peering . . . . . . . . 22 A.1. Categories of Parameters for VoIP Session Peering and
A.1. Categories of Parameters for VoIP Session Peering and Justifications .............................................19
Justifications . . . . . . . . . . . . . . . . . . . . . . 22 A.2. Summary of Parameters for Consideration in Session
A.2. Summary of Parameters for Consideration in Session Peering Policies ...........................................22
Peering Policies . . . . . . . . . . . . . . . . . . . . . 25
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
Peering at the session level represents an agreement between parties Peering at the session level represents an agreement between parties
to exchange multimedia traffic. In this document, we assume that the to exchange multimedia traffic. In this document, we assume that the
Session Initiation Protocol (SIP) is used to establish sessions Session Initiation Protocol (SIP) is used to establish sessions
between SIP Service Providers (SSPs). SIP Service Providers are between SIP Service Providers (SSPs). SIP Service Providers are
referred to as peers and they are typically represented by users, referred to as peers, and they are typically represented by users,
user groups, enterprises, real-time collaboration service user groups, enterprises, real-time collaboration service
communities, or other service providers offering voice or multimedia communities, or other service providers offering voice or multimedia
services using SIP. services using SIP.
A number of documents have been developed to provide background A number of documents have been developed to provide background
information about SIP session peering. It is expected that the information about SIP session peering. It is expected that the
reader is familiar with the reference architecture described in reader is familiar with the reference architecture described in
[I-D.ietf-speermint-architecture], use cases for voice [ARCHITECTURE], use cases for voice ([VOIP]), and instant messaging
([I-D.ietf-speermint-voip-consolidated-usecases]) and instant and presence ([RFC5344]).
messaging and presence ([RFC5344]).
Peering at the session layer can be achieved on a bilateral basis Peering at the session layer can be achieved on a bilateral basis
(direct peering established directly between two SSPs), or on an (direct peering established directly between two SSPs), or on an
indirect basis via a session intermediary (indirect peering via a indirect basis via a session intermediary (indirect peering via a
third-party SSP that has a trust relationship with the SSPs) - see third-party SSP that has a trust relationship with the SSPs) -- see
the terminology document [RFC5486] for more details. the terminology document [RFC5486] for more details.
This document first describes general requirements. The use cases This document first describes general requirements. The use cases
are then analyzed in the spirit of extracting relevant protocol are then analyzed in the spirit of extracting relevant protocol
requirements that must be met to accomplish the use cases. These requirements that must be met to accomplish the use cases. These
requirements are intended to be independent of the type of media requirements are intended to be independent of the type of media
exchanged such as Voice over IP (VoIP), video telephony, and instant exchanged such as Voice over IP (VoIP), video telephony, and instant
messaging. Requirements specific to presence and instant messaging messaging (IM). Requirements specific to presence and instant
are defined in Section 4. messaging are defined in Section 4.
It is not the goal of this document to mandate any particular use of It is not the goal of this document to mandate any particular use of
IETF protocols other than SIP by SIP Service Providers in order to IETF protocols other than SIP by SIP Service Providers in order to
establish session peering. Instead, the document highlights what establish session peering. Instead, the document highlights what
requirements should be met and what protocols might be used to define requirements should be met and what protocols might be used to define
the solution space. the solution space.
Finally, we conclude with a list of parameters for the definition of Finally, we conclude with a list of parameters for the definition of
a session peering policy, provided in an informative appendix. It a session peering policy, provided in an informative appendix. It
should be considered as an example of the information SIP Service should be considered as an example of the information SIP Service
skipping to change at page 4, line 16 skipping to change at page 3, line 41
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
This document also reuses the terminology defined in [RFC5486]. This document also reuses the terminology defined in [RFC5486].
It is assumed that the reader is familiar with the Session It is assumed that the reader is familiar with the Session
Description Protocol (SDP) [RFC4566] and the Session Initiation Description Protocol (SDP) [RFC4566] and the Session Initiation
Protocol (SIP) [RFC3261]. Finally, when used with capital letters, Protocol (SIP) [RFC3261]. Finally, when used with capital letters,
the terms 'Authentication Service' are to be understood as defined by the term 'Authentication Service' is to be understood as defined by
SIP Identity [RFC4474]. SIP Identity [RFC4474].
3. General Requirements 3. General Requirements
The following sub-sections contain general requirements applicable to The following sub-sections contain general requirements applicable to
multiple use cases for multimedia session peering. multiple use cases for multimedia session peering.
3.1. Scope 3.1. Scope
The primary focus of this document is on the requirements applicable The primary focus of this document is on the requirements applicable
to the boundaries of Layer 5 SIP networks: SIP entities, Signaling to the boundaries of Layer 5 SIP networks: SIP entities, signaling
path Border Elements (SBEs), and the associated protocol requirements path border elements (SBEs), and the associated protocol requirements
for the look-up and location routing of the session establishment for the look-up and location routing of the session establishment
data. The requirements applicable to SIP User Agents or related to data. The requirements applicable to SIP User Agents or related to
the provisioning of the session data are considered out of scope. the provisioning of the session data are considered out of scope.
SIP Service Providers have to reach an agreement on numerous points SIP Service Providers have to reach an agreement on numerous points
when establishing session peering relationships . when establishing session peering relationships.
This document highlights only certain aspects of a session peering This document highlights only certain aspects of a session peering
agreement. It describes the requirements relevant to protocols in agreement. It describes the requirements relevant to protocols in
four areas: the declaration, advertisement and management of ingress four areas: the declaration, advertisement and management of ingress
and egress border elements for session signaling and media (section and egress border elements for session signaling and media
Section 3.2), the information exchange related to the Session (Section 3.2), the information exchange related to the Session
Establishment Data (SED, section Section 3.3), specific requirements Establishment Data (SED, Section 3.3), specific requirements for
for presence and instant message (section Section 4) and the security presence and instant message (Section 4), and the security properties
properties that may be desirable to secure session exchanges (section that may be desirable to secure session exchanges (Section 5).
Section 5).
Numerous other considerations of session peering arrangements are Numerous other considerations of session peering arrangements are
critical to reach a successful agreement but they are considered out critical to reach a successful agreement, but they are considered out
of scope of this document. They include information about SIP of scope of this document. They include information about SIP
protocol support (e.g. SIP extensions and field conventions), media protocol support (e.g., SIP extensions and field conventions), media
(e.g. type of media traffic to be exchanged, compatible media codecs (e.g., type of media traffic to be exchanged, compatible media codecs
and transport protocols, mechanisms to ensure differentiated quality and transport protocols, mechanisms to ensure differentiated quality
of service for media), layer-3 IP connectivity between the Signaling of service for media), Layer 3 IP connectivity between the signaling
and Data path Border Elements, accounting and traffic capacity and data path border elements, and accounting and traffic capacity
control (e.g. the maximum number of SIP sessions at each ingress control (e.g., the maximum number of SIP sessions at each ingress
point, or the maximum number of concurrent IM or VoIP sessions). point, or the maximum number of concurrent IM or VoIP sessions).
The informative Appendix A lists parameters that may be considered The informative Appendix A lists parameters that may be considered
when discussing the technical parameters of SIP session peering. The when discussing the technical parameters of SIP session peering. The
purpose of this list is to capture the parameters that are considered purpose of this list is to capture the parameters that are considered
outside the scope of the protocol requirements. outside the scope of the protocol requirements.
3.2. Border Elements 3.2. Border Elements
For border elements to be operationally manageable, maximum For border elements to be operationally manageable, maximum
flexibility should be given for how they are declared or dynamically flexibility should be given for how they are declared or dynamically
advertised. Indeed, in any session peering environment, there is a advertised. Indeed, in any session peering environment, there is a
need for a SIP Service Provider to declare or dynamically advertise need for a SIP Service Provider to declare or dynamically advertise
the SIP entities that will face the peer's network. The data path the SIP entities that will face the peer's network. The data path
border elements are typically signaled dynamically in the session border elements are typically signaled dynamically in the session
description. description.
The use cases defined in The use cases defined in [VOIP] catalog the various border elements
[I-D.ietf-speermint-voip-consolidated-usecases] catalog the various between SIP Service Providers; they include signaling path border
border elements between SIP Service Providers; they include Signaling elements (SBEs) and SIP proxies (or any SIP entity at the boundary of
path Border Elements (SBEs) and SIP proxies (or any SIP entity at the the Layer 5 network).
boundary of the Layer 5 network).
o Requirement #1: o Requirement #1:
Protocol mechanisms MUST be provided to enable a SIP Service Protocol mechanisms MUST be provided to enable a SIP Service
Provider to communicate the ingress Signaling Path Border Elements Provider to communicate the ingress signaling path border elements
of its service domain. of its service domain.
Notes on solution space: Notes on solution space:
The SBEs may be advertised to session peers using static The SBEs may be advertised to session peers using static
mechanisms or they may be dynamically advertised. There is mechanisms, or they may be dynamically advertised. There is
general agreement that [RFC3263] provides a solution for general agreement that [RFC3263] provides a solution for
dynamically advertising ingress SBEs in most cases of Direct or dynamically advertising ingress SBEs in most cases of direct or
Indirect peering. We discuss the DNS-based solution space further indirect peering. We discuss the DNS-based solution space further
in Requirement #4 below, especially in cases where the DNS in Requirement #4 below, especially in cases where the DNS
response varies based on who sends the query (peer-dependent response varies based on who sends the query (peer-dependent
SBEs). SBEs).
o Requirement #2: o Requirement #2:
Protocol mechanisms MUST be provided to enable a SIP Service Protocol mechanisms MUST be provided to enable a SIP Service
Provider to communicate the egress SBEs of its service domain. Provider to communicate the egress SBEs of its service domain.
Notes on motivations for this requirement: Notes on motivations for this requirement:
For the purposes of capacity planning, traffic engineering and
call admission control, a SIP Service Provider may be asked where For the purposes of capacity planning, traffic engineering, and
it will generate SIP calls from. The SSP accepting calls from a call admission control, a SIP Service Provider may be asked from
peer may wish to know where SIP calls will originate from (this where it will generate SIP calls. The SSP accepting calls from a
peer may wish to know from where SIP calls will originate (this
information is typically used by the terminating SSP). information is typically used by the terminating SSP).
While provisioning requirements are out-of-scope, some SSPs may
While provisioning requirements are out of scope, some SSPs may
find use for a mechanism to dynamically advertise or discover the find use for a mechanism to dynamically advertise or discover the
egress SBEs of a peer. egress SBEs of a peer.
If the SSP also provides media streams to its users as shown in the If the SSP also provides media streams to its users as shown in the
use cases for "Originating" and "Terminating" SSPs, a mechanism must use cases for "originating" and "terminating" SSPs, a mechanism must
exist to allow SSPs to advertise their egress and ingress data path exist to allow SSPs to advertise their egress and ingress data path
border elements (DBEs), if applicable. While some SSPs may have open border elements (DBEs), if applicable. While some SSPs may have open
policies and accept media traffic from anywhere outside their network policies and accept media traffic from anywhere outside their network
to anywhere inside their network, some SSPs may want to optimize to anywhere inside their network, some SSPs may want to optimize
media delivery and identify media paths between peers prior to media delivery and identify media paths between peers prior to
traffic being sent (layer 5 to layer 3 QoS mapping). traffic being sent (Layer 5 to Layer 3 Quality of Service (QoS)
mapping).
o Requirement #3: o Requirement #3:
Protocol mechanisms MUST be provided to allow a SIP Service Protocol mechanisms MUST be provided to allow a SIP Service
Provider to communicate its DBEs to its peers. Provider to communicate its DBEs to its peers.
Notes: Some SSPs engaged in SIP interconnects do exchange this Notes: Some SSPs engaged in SIP interconnects do exchange this
type of DBE information in a static manner. Some SSPs do not. type of DBE information in a static manner. Some SSPs do not.
In some SIP networks, SSPs may expose the same border elements to all In some SIP networks, SSPs may expose the same border elements to all
peers. In other environments, it is common for SSPs to advertise peers. In other environments, it is common for SSPs to advertise
specific SBEs and DBEs to certain peers. This is done by SSPs to specific SBEs and DBEs to certain peers. This is done by SSPs to
meet specific objectives for a given peer: routing optimization of meet specific objectives for a given peer: routing optimization of
skipping to change at page 7, line 19 skipping to change at page 6, line 20
Notes: Some SSPs engaged in SIP interconnects do exchange this Notes: Some SSPs engaged in SIP interconnects do exchange this
type of DBE information in a static manner. Some SSPs do not. type of DBE information in a static manner. Some SSPs do not.
In some SIP networks, SSPs may expose the same border elements to all In some SIP networks, SSPs may expose the same border elements to all
peers. In other environments, it is common for SSPs to advertise peers. In other environments, it is common for SSPs to advertise
specific SBEs and DBEs to certain peers. This is done by SSPs to specific SBEs and DBEs to certain peers. This is done by SSPs to
meet specific objectives for a given peer: routing optimization of meet specific objectives for a given peer: routing optimization of
the signaling and media exchanges, optimization of the latency or the signaling and media exchanges, optimization of the latency or
throughput based on the 'best' SBE and DBE combination, and other throughput based on the 'best' SBE and DBE combination, and other
service provider policy parameters. These are some of the reasons service provider policy parameters. These are some of the reasons
why advertisement of SBEs and DBEs may be peer-dependent. why advertisement of SBEs and DBEs may be peer dependent.
o Requirement #4: o Requirement #4:
The mechanisms recommended for the declaration or advertisement of The mechanisms recommended for the declaration or advertisement of
SBE and DBE entities MUST allow for peer variability. SBE and DBE entities MUST allow for peer variability.
Notes on solution space: Notes on solution space:
A simple solution is to advertise SBE entities using DNS and A simple solution is to advertise SBE entities using DNS and
[RFC3263] by providing different DNS names to different peers. [RFC3263] by providing different DNS names to different peers.
This approach has some practical limitations because the SIP URIs This approach has some practical limitations because the SIP URIs
containing the DNS names used to resolve the SBEs may be containing the DNS names used to resolve the SBEs may be
propagated by users, for example in the form of sip:user@domain. propagated by users, for example, in the form of sip:user@domain.
It is impractical to ask users to use different target URIs based It is impractical to ask users to implement different target URIs
upon their SIP service provider's desire to receive incoming based upon their SIP Service Provider's desire to receive incoming
session signaling at different ingress SBEs based upon the session signaling at different ingress SBEs based upon the
originator. The solution described in [RFC3263] and based on DNS originator. The solution described in [RFC3263] and based on DNS
to advertise SBEs is therefore under-specified for this to advertise SBEs is therefore under specified for this
requirement. requirement.
Other DNS mechanisms have been used extensively in other areas of Other DNS mechanisms have been used extensively in other areas of
the Internet, in particular in Content Distribution the Internet, in particular in Content Distribution
Internetworking to make the DNS responses vary based on the Internetworking to make the DNS responses vary based on the
originator of the DNS query (see [RFC3466], [RFC3568] and originator of the DNS query (see [RFC3466], [RFC3568], and
[RFC3570]). The applicability of such solutions for session [RFC3570]). The applicability of such solutions for session
peering needs further analysis. peering needs further analysis.
Finally, other techniques such as Anycast services ([RFC4786]) may Finally, other techniques such as Anycast services ([RFC4786]) may
be employed at lower layers than Layer 5 to provide a solution to be employed at lower layers than Layer 5 to provide a solution to
this requirement. For example, anycast nodes could be defined by this requirement. For example, anycast nodes could be defined by
SIP service providers to expose a common address for SBEs into SIP service providers to expose a common address for SBEs into
DNS, allowing the resolution of the anycast node address to the DNS, allowing the resolution of the anycast node address to the
appropriate peer-dependent service address based on the routing appropriate peer-dependent service address based on the routing
topology or other criteria gathered from the combined use of topology or other criteria gathered from the combined use of
anycast and DNS techniques. anycast and DNS techniques.
Notes on variability of the SBE advertisements based on the media Notes on variability of the SBE advertisements based on the media
skipping to change at page 8, line 20 skipping to change at page 7, line 26
While the inability to find out whether a particular type of SIP While the inability to find out whether a particular type of SIP
session can be terminated by a certain SBE can cause session session can be terminated by a certain SBE can cause session
attempts to fail, there is consensus to not add a new requirement attempts to fail, there is consensus to not add a new requirement
in this document. These aspects are essentially covered by SSPs in this document. These aspects are essentially covered by SSPs
when discussing traffic exchange policies and are deemed out of when discussing traffic exchange policies and are deemed out of
scope of this document. scope of this document.
In the use cases provided as part of direct and indirect peering In the use cases provided as part of direct and indirect peering
scenarios, an SSP deals with multiple SIP entities and multiple SBEs scenarios, an SSP deals with multiple SIP entities and multiple SBEs
in its own domain. There is often a many-to-many relationship in its own domain. There is often a many-to-many relationship
between the SIP Proxies considered inside the trusted network between the SIP proxies considered inside the trusted network
boundary of the SSP and its Signaling path Border Elements at the boundary of the SSP and its signaling path border elements at the
network boundaries. network boundaries.
It should be possible for an SSP to define which egress SBE a SIP It should be possible for an SSP to define which egress SBE a SIP
entity must use based on a given peer destination. entity must use based on a given peer destination.
For example, in the case of a static direct peering scenario (Figure For example, in the case of a static direct peering scenario (Figure
2 in section 5.2. of 2 in Section 5.2. of [VOIP]), it should be possible for the SIP proxy
[I-D.ietf-speermint-voip-consolidated-usecases]), it should be in the originating network (O-Proxy) to select the appropriate egress
possible for the SIP proxy in the originating network (O-Proxy) to SBE (O-SBE) to reach the SIP target based on the information the
select the appropriate egress SBE (O-SBE) to reach the SIP target proxy receives from the Look-Up Function (O-LUF), and/or Location
based on the information the proxy receives from the Lookup Function Routing Function (O-LRF) -- message response labeled (2). Note that
(O-LUF) and/or Location Routing Function (O-LRF) - message response this example also applies to the case of indirect peering when a
labeled (2). Note that this example also applies to the case of service provider has multiple service areas and each service area
indirect peering when a service provider has multiple service areas involves multiple SIP proxies and a few SBEs.
and each service area involves multiple SIP Proxies and a few SBEs.
o Requirement #5: o Requirement #5:
The mechanisms recommended for the Look-Up Function (LUF) and the The mechanisms recommended for the Look-Up Function (LUF) and the
Location Routing Functions (LRF) MUST be capable of returning both Location Routing Functions (LRF) MUST be capable of returning both
a target URI destination and a value providing the next SIP a target URI destination and a value providing the next SIP
hop(s). hop(s).
Notes: solutions may exist depending on the choice of the protocol Notes: solutions may exist depending on the choice of the protocol
used between the Proxy and its LUF/LRF. The idea is for the used between the Proxy and its LUF/LRF. The idea is for the
O-Proxy to be provided with the next SIP hop and the equivalent of O-Proxy to be provided with the next SIP hop and the equivalent of
one or more SIP Route header values. If ENUM is used as a one or more SIP Route header values. If ENUM is used as a
protocol for the LUF, the solution space is undefined. protocol for the LUF, the solution space is undefined.
skipping to change at page 9, line 6 skipping to change at page 8, line 16
used between the Proxy and its LUF/LRF. The idea is for the used between the Proxy and its LUF/LRF. The idea is for the
O-Proxy to be provided with the next SIP hop and the equivalent of O-Proxy to be provided with the next SIP hop and the equivalent of
one or more SIP Route header values. If ENUM is used as a one or more SIP Route header values. If ENUM is used as a
protocol for the LUF, the solution space is undefined. protocol for the LUF, the solution space is undefined.
It is desirable for an SSP to be able to communicate how It is desirable for an SSP to be able to communicate how
authentication of a peer's SBEs will occur (see the security authentication of a peer's SBEs will occur (see the security
requirements for more details). requirements for more details).
o Requirement #6: o Requirement #6:
The mechanisms recommended for locating a peer's SBE MUST be able The mechanisms recommended for locating a peer's SBE MUST be able
to convey how a peer should initiate secure session establishment. to convey how a peer should initiate secure session establishment.
Notes: some mechanisms exist. For example, the required use of Notes: some mechanisms exist. For example, the required use of
SIP over TLS may be discovered via [RFC3263] and guidelines SIP over TLS may be discovered via [RFC3263], and guidelines
concerning the use of the SIPS URI scheme in SIP have been concerning the use of the SIPS URI scheme in SIP have been
documented in [RFC5630]. documented in [RFC5630].
3.3. Session Establishment Data 3.3. Session Establishment Data
The Session Establishment Data (SED) is defined in [RFC5486] as the The Session Establishment Data (SED) is defined in [RFC5486] as the
data used to route a call to the next hop associated with the called data used to route a call to the next hop associated with the called
domain's ingress point. The following paragraphs capture some domain's ingress point. The following paragraphs capture some
general requirements on the SED data. general requirements on the SED data.
skipping to change at page 9, line 28 skipping to change at page 8, line 39
domain's ingress point. The following paragraphs capture some domain's ingress point. The following paragraphs capture some
general requirements on the SED data. general requirements on the SED data.
3.3.1. User Identities and SIP URIs 3.3.1. User Identities and SIP URIs
User identities used between peers can be represented in many User identities used between peers can be represented in many
different formats. Session Establishment Data should rely on URIs different formats. Session Establishment Data should rely on URIs
(Uniform Resource Identifiers, [RFC3986]) and SIP URIs should be (Uniform Resource Identifiers, [RFC3986]) and SIP URIs should be
preferred over tel URIs ([RFC3966]) for session peering of VoIP preferred over tel URIs ([RFC3966]) for session peering of VoIP
traffic. traffic.
The use of DNS domain names and hostnames is recommended in SIP URIs The use of DNS domain names and hostnames is recommended in SIP URIs
and they should be resolvable on the public Internet. As for the and they should be resolvable on the public Internet. As for the
user part of the SIP URIs, the mechanisms for session peering should user part of the SIP URIs, the mechanisms for session peering should
not require an SSP to be aware of which individual user identities not require an SSP to be aware of which individual user identities
are valid within its peer's domain. are valid within its peer's domain.
o Requirement #7: o Requirement #7:
The protocols used for session peering MUST accommodate the use of The protocols used for session peering MUST accommodate the use of
different types of URIs. URIs with the same domain-part SHOULD different types of URIs. URIs with the same domain-part SHOULD
share the same set of peering policies, thus the domain of the SIP share the same set of peering policies; thus, the domain of the
URI may be used as the primary key to any information regarding SIP URI may be used as the primary key to any information
the reachability of that SIP URI. The host part of SIP URIs regarding the reachability of that SIP URI. The host part of SIP
SHOULD contain a fully-qualified domain name instead of a numeric URIs SHOULD contain a fully qualified domain name instead of a
IPv4 or IPv6 address. numeric IPv4 or IPv6 address.
o Requirement #8: o Requirement #8:
The mechanisms for session peering should not require an SSP to be The mechanisms for session peering should not require an SSP to be
aware of which individual user identities are valid within its aware of which individual user identities are valid within its
peer's domain. peer's domain.
o Notes on the solution space for #7 and #8: o Notes on the solution space for Requirements #7 and #8:
This is generally well supported by IETF protocols. When This is generally well supported by IETF protocols. When
telephone numbers are in tel URIs, SIP requests cannot be routed telephone numbers are in tel URIs, SIP requests cannot be routed
in accordance with the traditional DNS resolution procedures in accordance with the traditional DNS resolution procedures
standardized for SIP as indicated in [RFC3824]. This means that standardized for SIP as indicated in [RFC3824]. This means that
the solutions built for session peering must not solely use PSTN the solutions built for session peering must not solely use Public
identifiers such as Service Provider IDs (SPIDs) or Trunk Group Switched Telephone Network (PSTN) identifiers such as Service
IDs (they should not be precluded but solutions should not be Provider IDs (SPIDs) or Trunk Group IDs (they should not be
limited to these). precluded but solutions should not be limited to these).
Motivations: Motivations:
Although SED data may be based on E.164-based SIP URIs for voice Although SED data may be based on E.164-based SIP URIs for voice
interconnects, a generic peering methodology should not rely on interconnects, a generic peering methodology should not rely on
such E.164 numbers. such E.164 numbers.
3.3.2. URI Reachability 3.3.2. URI Reachability
Based on a well-known URI type (for e.g. sip:, pres:, or im: URIs), Based on a well-known URI type (e.g., sip:, pres:, or im: URIs), it
it must be possible to determine whether the SSP domain servicing the must be possible to determine whether the SSP domain servicing the
URI allows for session peering, and if it does, it should be possible URI allows for session peering, and if it does, it should be possible
to locate and retrieve the domain's policy and SBE entities. to locate and retrieve the domain's policy and SBE entities.
For example, an originating service provider must be able to For example, an originating service provider must be able to
determine whether a SIP URI is open for direct interconnection determine whether a SIP URI is open for direct interconnection
without requiring an SBE to initiate a SIP request. Furthermore, without requiring an SBE to initiate a SIP request. Furthermore,
since each call setup implies the execution of any proposed since each call setup implies the execution of any proposed
algorithm, the establishment of a SIP session via peering should algorithm, the establishment of a SIP session via peering should
incur minimal overhead and delay, and employ caching wherever incur minimal overhead and delay, and employ caching wherever
possible to avoid extra protocol round trips. possible to avoid extra protocol round trips.
o Requirement #9: o Requirement #9:
The mechanisms for session peering MUST allow an SBE to locate its The mechanisms for session peering MUST allow an SBE to locate its
peer SBE given a URI type and the target SSP domain name. peer SBE given a URI type and the target SSP domain name.
4. Requirements for Session Peering of Presence and Instant Messaging 4. Requirements for Session Peering of Presence and Instant Messaging
This section describes requirements for presence and instant This section describes requirements for presence and instant
messaging session peering. messaging session peering.
Two SSPs create a peering relationship to enable their IM and Two SSPs create a peering relationship to enable their IM and
presence users to collaborate with users on the other SSP network. presence users to collaborate with users on the other SSP network.
skipping to change at page 11, line 13 skipping to change at page 10, line 13
peer SBE given a URI type and the target SSP domain name. peer SBE given a URI type and the target SSP domain name.
4. Requirements for Session Peering of Presence and Instant Messaging 4. Requirements for Session Peering of Presence and Instant Messaging
This section describes requirements for presence and instant This section describes requirements for presence and instant
messaging session peering. messaging session peering.
Two SSPs create a peering relationship to enable their IM and Two SSPs create a peering relationship to enable their IM and
presence users to collaborate with users on the other SSP network. presence users to collaborate with users on the other SSP network.
We focus the requirements on inter-domain subscriptions to presence We focus the requirements on inter-domain subscriptions to presence
information, the exchange of messages and privacy settings and the information, the exchange of messages and privacy settings, and the
use of standard presence document formats across domains. use of standard presence document formats across domains.
Several use cases for presence and instant messaging peering are Several use cases for presence and instant messaging peering are
described in [RFC5344], a document authored by A. Houri, E. Aoki and described in [RFC5344], a document authored by A. Houri, E. Aoki, and
S. Parameswar. Credits for the original content captured from these S. Parameswar. Credits for the original content captured from these
use cases into requirements in this section must go to them. use cases into requirements in this section must go to them.
o Requirement #10: o Requirement #10:
The mechanisms recommended for the exchange of presence The mechanisms recommended for the exchange of presence
information between SSPs SHOULD allow a user of one presence information between SSPs SHOULD allow a user of one presence
community to send a presence subscription request to presentities community to send a presence subscription request to presentities
served by another SSP via its local community, including served by another SSP via its local community, including
subscriptions to a single presentity, a personal, public or ad-hoc subscriptions to a single presentity, a personal, public or ad hoc
group list of presentities. group list of presentities.
Notes: see sections 2.1 and 2.2 of [RFC5344]. Notes: see Sections 2.1 and 2.2 of [RFC5344].
o Requirement #11: o Requirement #11:
The mechanisms recommended for Instant Messaging exchanges between
The mechanisms recommended for instant messaging exchanges between
SSPs SHOULD allow a user of one SSP's community to communicate SSPs SHOULD allow a user of one SSP's community to communicate
with users of the other SSP community via their local community with users of the other SSP community via their local community
using the various methods. Note that some SSPs may exercise some using the various methods. Note that some SSPs may exercise some
control over which methods are allowed based on service policies. control over which methods are allowed based on service policies.
Such methods include sending a one-time IM message, initiating a Such methods include sending a one-time IM message, initiating a
SIP session for transporting sessions of messages, participating SIP session for transporting sessions of messages, participating
in n-way chats using chat rooms with users from the peer SSPs, in n-way chats using chat rooms with users from the peer SSPs,
etc. etc.
Notes: see sections 2.4, 2.5 and 2.6 of [RFC5344]. Notes: see Sections 2.4, 2.5, and 2.6 of [RFC5344].
o Requirement #12:
o Requirement #12: Privacy Sharing
In some presence communities, users can define the list of In some presence communities, users can define the list of
watchers that receive presence notifications for a given watchers that receive presence notifications for a given
presentity. Such privacy settings for watcher notifications per presentity. Such privacy settings for watcher notifications per
presentity are typically not shared across SSPs causing multiple presentity are typically not shared across SSPs causing multiple
notifications to be sent for one presentity change between SSPs. notifications to be sent for one presentity change between SSPs.
The sharing of those privacy settings per presentity between SSPs The sharing of those privacy settings per presentity between SSPs
would allow fewer notifications: a single notification would be would allow fewer notifications: a single notification would be
sent per presentity and the terminating SSP would send sent per presentity and the terminating SSP would send
notifications to the appropriate watchers according to the notifications to the appropriate watchers according to the
presentity's privacy information. presentity's privacy information.
The mechanisms recommended for Presence information exchanges
The mechanisms recommended for presence information exchanges
between SSPs SHOULD allow the sharing of some user privacy between SSPs SHOULD allow the sharing of some user privacy
settings in order for users to convey the list of watchers that settings in order for users to convey the list of watchers that
can receive notification of presence information changes on a per can receive notification of presence information changes on a per-
presentity basis. presentity basis.
The privacy sharing mechanism must be done with the express The privacy sharing mechanism must be done with the express
consent of the user whose privacy settings will be shared with the consent of the user whose privacy settings will be shared with the
other community. Because of the privacy-sensitive information other community. Because of the privacy-sensitive information
exchanged between SSPs, the protocols used for the exchange of exchanged between SSPs, the protocols used for the exchange of
presence information must follow the security recommendations presence information must follow the security recommendations
defined in section 6 of [RFC3863]. defined in Section 6 of [RFC3863].
Notes: see section 2.3 of [RFC5344]. Notes: see Section 2.3 of [RFC5344].
o Requirement #13: Multiple Watchers o Requirement #13:
It should be possible for an SPP to associate a presence document
It should be possible for an SSP to associate a presence document
with a list of watchers in the peer SSP community so that the peer with a list of watchers in the peer SSP community so that the peer
watchers can receive the presence document notifications. This watchers can receive the presence document notifications. This
will enable sending less presence document notifications between will enable sending less presence document notifications between
the communities while avoiding the need to share privacy the communities while avoiding the need to share privacy
information of presentities from one community to the other. information of presentities from one community to the other.
The systems used to exchange presence documents between SSPs The systems used to exchange presence documents between SSPs
SHOULD allow a presence document to be delivered to one or more SHOULD allow a presence document to be delivered to one or more
watchers. watchers.
Note: The presence document and the list of authorized watchers in Note: The presence document and the list of authorized watchers in
the peer SSP may be sent separately. Also, the privacy sharing the peer SSP may be sent separately. Also, the privacy-sharing
mechanisms defined in Requirement #12 also apply to this mechanisms defined in Requirement #12 also apply to this
requirement. requirement.
o Requirement #14: Standard PIDF Documents and Mappings o Requirement #14:
Early deployments of SIP-based presence and Instant Messaging
Early deployments of SIP-based presence and instant messaging
gateways have been done in front of legacy proprietary systems gateways have been done in front of legacy proprietary systems
that use different naming schemes or name values for the elements that use different naming schemes or name values for the elements
and properties defined in a Presence Information Data Format and properties defined in a Presence Information Data Format
(PIDF) document ([RFC3863]). For example the value "Do Not (PIDF) document ([RFC3863]). For example, the value "Do Not
Disturb" in one presence service may be mapped to "Busy" in Disturb" in one presence service may be mapped to "Busy" in
another system for the status element. Beyond this example of another system for the status element. Beyond this example of
status values, it is important to ensure that the meaning of the status values, it is important to ensure that the meaning of the
presence information is preserved between SSPs. presence information is preserved between SSPs.
The systems used to exchange presence documents between SSPs The systems used to exchange presence documents between SSPs
SHOULD use standard PIDF documents and translate any non-standard SHOULD use standard PIDF documents and translate any non-standard
value of a PIDF element to a standard one. value of a PIDF element to a standard one.
5. Security Considerations 5. Security Considerations
This section describes the security properties that are desirable for This section describes the security properties that are desirable for
the protocol exchanges in scope of session peering. Three types of the protocol exchanges in scope of session peering. Three types of
information flows are described in the architecture and use case information flows are described in the architecture and use case
documents: the acquisition of the Session Establishment Data (SED) documents: the acquisition of the Session Establishment Data (SED)
skipping to change at page 13, line 11 skipping to change at page 12, line 18
The systems used to exchange presence documents between SSPs The systems used to exchange presence documents between SSPs
SHOULD use standard PIDF documents and translate any non-standard SHOULD use standard PIDF documents and translate any non-standard
value of a PIDF element to a standard one. value of a PIDF element to a standard one.
5. Security Considerations 5. Security Considerations
This section describes the security properties that are desirable for This section describes the security properties that are desirable for
the protocol exchanges in scope of session peering. Three types of the protocol exchanges in scope of session peering. Three types of
information flows are described in the architecture and use case information flows are described in the architecture and use case
documents: the acquisition of the Session Establishment Data (SED) documents: the acquisition of the Session Establishment Data (SED)
based on a destination target via the Lookup and Location Routing based on a destination target via the Look-Up and Location Routing
Functions (LUF and LRF), the SIP signaling between SIP Service Functions (LUF and LRF), the SIP signaling between SIP Service
Providers, and the associated media exchanges. Providers, and the associated media exchanges.
This section is focused on three security services, authentication, This section is focused on three security services: authentication,
data confidentiality and data integrity as summarized in [RFC3365]. data confidentiality, and data integrity as summarized in [RFC3365].
However, this text does not specify the mandatory-to-implement However, this text does not specify the mandatory-to-implement
security mechanisms as required by [RFC3365]; this is left for future security mechanisms as required by [RFC3365]; this is left for future
protocol solutions that meet the requirements. protocol solutions that meet the requirements.
A security threat analysis provides additional guidance for session A security threat analysis provides additional guidance for session
peering ([I-D.ietf-speermint-voipthreats]). peering ([VOIPTHREATS]).
5.1. Security Properties for the Acquisition of Session Establishment 5.1. Security Properties for the Acquisition of Session Establishment
Data Data
The Look-Up Function (LUF) and Location Routing Function (LRF) are The Look-Up Function (LUF) and Location Routing Function (LRF) are
defined in [RFC5486]. They provide mechanisms for determining the defined in [RFC5486]. They provide mechanisms for determining the
SIP target address and domain the request should be sent to, and the SIP target address and domain the request should be sent to, and the
associated SED to route the request to that domain. associated SED to route the request to that domain.
o Requirement #15: o Requirement #15:
The protocols used to query the Lookup and Location Routing
The protocols used to query the Look-Up and Location Routing
Functions SHOULD support mutual authentication. Functions SHOULD support mutual authentication.
Motivations: Motivations:
A mutual authentication service should be provided for the LUF and A mutual authentication service should be provided for the LUF and
LRF protocol exchanges. The content of the response returned by LRF protocol exchanges. The content of the response returned by
the LUF and LRF may depend on the identity of the requestor: the the LUF and LRF may depend on the identity of the requestor: the
authentication of the LUF & LRF requests is therefore a desirable authentication of the LUF and LRF requests is therefore a
property. Mutual authentication is also desirable: the requestor desirable property. Mutual authentication is also desirable: the
may verify the identity of the systems that provided the LUF & LRF requestor may verify the identity of the systems that provided the
responses given the nature of the data returned in those LUF and LRF responses given the nature of the data returned in
responses. Authentication also provides some protection for the those responses. Authentication also provides some protection for
availability of the LUF and LRF against attackers that would the availability of the LUF and LRF against attackers that would
attempt to launch DoS attacks by sending bogus requests causing attempt to launch Denial-of-Service (DoS) attacks by sending bogus
the LUF to perform a lookup and consume resources. requests causing the LUF to perform a lookup and consume
resources.
o Requirement #16: o Requirement #16:
The protocols used to query the Lookup and Location Routing
The protocols used to query the Look-Up and Location Routing
Functions SHOULD provide support for data confidentiality and Functions SHOULD provide support for data confidentiality and
integrity. integrity.
Motivations: Motivations:
Given the sensitive nature of the session establishment data Given the sensitive nature of the session establishment data
exchanged with the LUF and LRF functions, the protocol mechanisms exchanged with the LUF and LRF functions, the protocol mechanisms
chosen for the lookup and location routing should offer data chosen for the look-up and location routing should offer data
confidentiality and integrity protection (SED data may contain confidentiality and integrity protection (SED data may contain
user addresses, SIP URI, location of SIP entities at the user addresses, SIP URI, location of SIP entities at the
boundaries of SIP Service Provider domains, etc.). boundaries of SIP Service Provider domains, etc.).
o Notes on the solution space for Requirements #15 and #16: ENUM, o Notes on the solution space for Requirements #15 and #16:
SIP and proprietary protocols are typically used today for
accessing these functions. Even though SSPs may use lower layer ENUM, SIP, and proprietary protocols are typically used today for
accessing these functions. Even though SSPs may use lower-layer
security mechanisms to guarantee some of those security security mechanisms to guarantee some of those security
properties, candidate protocols for the LUF and LRF should meet properties, candidate protocols for the LUF and LRF should meet
the above requirements. the above requirements.
5.2. Security Properties for the SIP signaling exchanges 5.2. Security Properties for the SIP Signaling Exchanges
The SIP signaling exchanges are out of scope of this document. This The SIP signaling exchanges are out of scope of this document. This
section describes some of the security properties that are desirable section describes some of the security properties that are desirable
in the context of SIP interconnects between SSPs without formulating in the context of SIP interconnects between SSPs without formulating
any normative requirements. any normative requirements.
In general, the security properties desirable for the SIP exchanges In general, the security properties desirable for the SIP exchanges
in an inter-domain context apply to session peering. These include: in an inter-domain context apply to session peering. These include:
o securing the transport of SIP messages between the peers' SBEs. o securing the transport of SIP messages between the peers' SBEs.
skipping to change at page 15, line 16 skipping to change at page 14, line 29
Media security is critical to guarantee end-to-end confidentiality of Media security is critical to guarantee end-to-end confidentiality of
the communication between the end-users' devices, independently of the communication between the end-users' devices, independently of
how many direct or indirect peers are present along the signaling how many direct or indirect peers are present along the signaling
path. A number of desirable security properties emerge from this path. A number of desirable security properties emerge from this
goal. goal.
The establishment of media security may be achieved along the media The establishment of media security may be achieved along the media
path and not over the signaling path given the indirect peering use path and not over the signaling path given the indirect peering use
cases. cases.
For example, media carried over the Real-Time Protocol (RTP) can be For example, media carried over the Real-Time Protocol (RTP) can be
secured using secure RTP (SRTP [RFC3711]). A framework for secured using secure RTP (SRTP [RFC3711]). A framework for
establishing SRTP security using Datagram TLS [RFC4347] is described establishing SRTP security using Datagram TLS (DTLS) [RFC4347] is
in [RFC5763]: it allows for end-to-end media security establishment described in [RFC5763]: it allows for end-to-end media security
using extensions to DTLS ([RFC5764]). establishment using extensions to DTLS ([RFC5764]).
It should also be noted that media can be carried in numerous It should also be noted that media can be carried in numerous
protocols other than RTP such as SIP (SIP MESSAGE method), MSRP (the protocols other than RTP such as SIP (SIP MESSAGE method), MSRP (the
Message Session Relay Protocol, [RFC4975], XMPP (the Extensible Message Session Relay Protocol, [RFC4975], XMPP (the Extensible
Messaging and Presence Protocol, [RFC3920]) and many others. Media Messaging and Presence Protocol, [RFC6120]), and many others. Media
may also be carried over TCP ([RFC4571]), and it can be encrypted may also be carried over TCP ([RFC4571]), and it can be encrypted
over secure connection-oriented transport sessions over TLS over secure connection-oriented transport sessions over TLS
([RFC4572]). ([RFC4572]).
A desirable security property for session peering is for SIP entities A desirable security property for session peering is for SIP entities
to be transparent to the end-to-end media security negotiations: SIP to be transparent to the end-to-end media security negotiations: SIP
entities should not intervene in the Session Description Protocol entities should not intervene in the Session Description Protocol
(SDP) exchanges for end-to-end media security. (SDP) exchanges for end-to-end media security.
o Requirement #17: o Requirement #17:
skipping to change at page 15, line 35 skipping to change at page 15, line 6
may also be carried over TCP ([RFC4571]), and it can be encrypted may also be carried over TCP ([RFC4571]), and it can be encrypted
over secure connection-oriented transport sessions over TLS over secure connection-oriented transport sessions over TLS
([RFC4572]). ([RFC4572]).
A desirable security property for session peering is for SIP entities A desirable security property for session peering is for SIP entities
to be transparent to the end-to-end media security negotiations: SIP to be transparent to the end-to-end media security negotiations: SIP
entities should not intervene in the Session Description Protocol entities should not intervene in the Session Description Protocol
(SDP) exchanges for end-to-end media security. (SDP) exchanges for end-to-end media security.
o Requirement #17: o Requirement #17:
The protocols used to enable session peering MUST NOT interfere The protocols used to enable session peering MUST NOT interfere
with the exchanges of media security attributes in SDP. Media with the exchanges of media security attributes in SDP. Media
attribute lines that are not understood by SBEs MUST be ignored attribute lines that are not understood by SBEs MUST be ignored
and passed along the signaling path untouched. and passed along the signaling path untouched.
6. Acknowledgments 6. Acknowledgments
This document is based on the input and contributions made by a large This document is based on the input and contributions made by a large
number of people including: Bernard Aboba, Edwin Aoki, Scott Brim, number of people including: Bernard Aboba, Edwin Aoki, Scott Brim,
John Elwell, Mike Hammer, Avshalom Houri, Richard Shocky, Henry John Elwell, Patrik Faltstrom, Mike Hammer, Avshalom Houri, Otmar
Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Lendl, Jason Livingood, Daryl Malas, Dave Meyer, Bob Natale, Sriram
Malas, Dave Meyer, Sriram Parameswar, Jon Peterson, Jason Livingood, Parameswar, Jon Peterson, Benny Rodrig, Brian Rosen, Eric Rosenfeld,
Bob Natale, Benny Rodrig, Brian Rosen, Eric Rosenfeld, Peter Saint- Peter Saint-Andre, David Schwartz, Richard Shocky, Henry Sinnreich,
Andre, David Schwartz and Adam Uzelac. Richard Stastny, and Adam Uzelac.
Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their
initial drafts describing guidelines or best current practices in
various environments, to Avshalom Houri, Edwin Aoki and Sriram
Parameswar for authoring the presence and instant messaging
requirements and to Dan Wing for providing detailed feedback on the
security consideration sections.
7. IANA Considerations
This document does not register any values in IANA registries. Specials thanks go to Rohan Mahy, Brian Rosen, and John Elwell for
their initial documents describing guidelines or best current
practices in various environments, to Avshalom Houri, Edwin Aoki, and
Sriram Parameswar for authoring the presence and instant messaging
requirements, and to Dan Wing for providing detailed feedback on the
Security Consideration sections.
8. References 7. References
8.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References 7.2. Informative References
[I-D.ietf-speermint-architecture] [ARCHITECTURE] Malas, D. and J. Livingood, "Session PEERing for
Malas, D. and J. Livingood, "Session PEERing for Multimedia INTerconnect Architecture", Work
Multimedia INTerconnect Architecture", in Progress, February 2011.
draft-ietf-speermint-architecture-19 (work in progress),
February 2011.
[I-D.ietf-speermint-voip-consolidated-usecases] [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V.,
Uzelac, A. and Y. Lee, "VoIP SIP Peering Use Cases", Handley, M., Bolot, J., Vega-Garcia, A., and S.
draft-ietf-speermint-voip-consolidated-usecases-18 (work Fosse-Parisis, "RTP Payload for Redundant Audio
in progress), April 2010. Data", RFC 2198, September 1997.
[I-D.ietf-speermint-voipthreats] [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G.,
Seedorf, J., Niccolini, S., Chen, E., and H. Scholz, Johnston, A., Peterson, J., Sparks, R., Handley, M.,
"Session Peering for Multimedia Interconnect (SPEERMINT) and E. Schooler, "SIP: Session Initiation Protocol",
Security Threats and Suggested Countermeasures", RFC 3261, June 2002.
draft-ietf-speermint-voipthreats-07 (work in progress),
January 2011.
[RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., [RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation
Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- Protocol (SIP): Locating SIP Servers", RFC 3263,
Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, June 2002.
September 1997.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3365] Schiller, J., "Strong Security Requirements for
A., Peterson, J., Sparks, R., Handley, M., and E. Internet Engineering Task Force Standard Protocols",
Schooler, "SIP: Session Initiation Protocol", RFC 3261, BCP 61, RFC 3365, August 2002.
June 2002.
[RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation [RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills,
Protocol (SIP): Locating SIP Servers", RFC 3263, "Private Header (P-Header) Extensions to the Session
June 2002. Initiation Protocol (SIP) for the 3rd-Generation
Partnership Project (3GPP)", RFC 3455, January 2003.
[RFC3365] Schiller, J., "Strong Security Requirements for Internet [RFC3466] Day, M., Cain, B., Tomlinson, G., and P. Rzewski, "A
Engineering Task Force Standard Protocols", BCP 61, Model for Content Internetworking (CDI)", RFC 3466,
RFC 3365, August 2002. February 2003.
[RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Header (P-Header) Extensions to the Session Initiation Jacobson, "RTP: A Transport Protocol for Real-Time
Protocol (SIP) for the 3rd-Generation Partnership Project Applications", STD 64, RFC 3550, July 2003.
(3GPP)", RFC 3455, January 2003.
[RFC3466] Day, M., Cain, B., Tomlinson, G., and P. Rzewski, "A Model [RFC3568] Barbir, A., Cain, B., Nair, R., and O. Spatscheck,
for Content Internetworking (CDI)", RFC 3466, "Known Content Network (CN) Request-Routing
February 2003. Mechanisms", RFC 3568, July 2003.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3570] Rzewski, P., Day, M., and D. Gilletti, "Content
Jacobson, "RTP: A Transport Protocol for Real-Time Internetworking (CDI) Scenarios", RFC 3570,
Applications", STD 64, RFC 3550, July 2003. July 2003.
[RFC3568] Barbir, A., Cain, B., Nair, R., and O. Spatscheck, "Known [RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control
Content Network (CN) Request-Routing Mechanisms", Protocol Extended Reports (RTCP XR)", RFC 3611,
RFC 3568, July 2003. November 2003.
[RFC3570] Rzewski, P., Day, M., and D. Gilletti, "Content [RFC3702] Loughney, J. and G. Camarillo, "Authentication,
Internetworking (CDI) Scenarios", RFC 3570, July 2003. Authorization, and Accounting Requirements for the
Session Initiation Protocol (SIP)", RFC 3702,
February 2004.
[RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E.,
Protocol Extended Reports (RTCP XR)", RFC 3611, and K. Norrman, "The Secure Real-time Transport
November 2003. Protocol (SRTP)", RFC 3711, March 2004.
[RFC3702] Loughney, J. and G. Camarillo, "Authentication, [RFC3824] Peterson, J., Liu, H., Yu, J., and B. Campbell,
Authorization, and Accounting Requirements for the Session "Using E.164 numbers with the Session Initiation
Initiation Protocol (SIP)", RFC 3702, February 2004. Protocol (SIP)", RFC 3824, June 2004.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. [RFC3863] Sugano, H., Fujimoto, S., Klyne, G., Bateman, A.,
Norrman, "The Secure Real-time Transport Protocol (SRTP)", Carr, W., and J. Peterson, "Presence Information Data
RFC 3711, March 2004. Format (PIDF)", RFC 3863, August 2004.
[RFC3824] Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers",
E.164 numbers with the Session Initiation Protocol (SIP)", RFC 3966, December 2004.
RFC 3824, June 2004.
[RFC3863] Sugano, H., Fujimoto, S., Klyne, G., Bateman, A., Carr, [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter,
W., and J. Peterson, "Presence Information Data Format "Uniform Resource Identifier (URI): Generic Syntax",
(PIDF)", RFC 3863, August 2004. STD 66, RFC 3986, January 2005.
[RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport
Protocol (XMPP): Core", RFC 3920, October 2004. Layer Security", RFC 4347, April 2006.
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", [RFC4474] Peterson, J. and C. Jennings, "Enhancements for
RFC 3966, December 2004. Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 4474, August 2006.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP:
Resource Identifier (URI): Generic Syntax", STD 66, Session Description Protocol", RFC 4566, July 2006.
RFC 3986, January 2005.
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol
Security", RFC 4347, April 2006. (RTP) and RTP Control Protocol (RTCP) Packets over
Connection-Oriented Transport", RFC 4571, July 2006.
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for [RFC4572] Lennox, J., "Connection-Oriented Media Transport over
Authenticated Identity Management in the Session the Transport Layer Security (TLS) Protocol in the
Initiation Protocol (SIP)", RFC 4474, August 2006. Session Description Protocol (SDP)", RFC 4572,
July 2006.
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session [RFC4786] Abley, J. and K. Lindqvist, "Operation of Anycast
Description Protocol", RFC 4566, July 2006. Services", BCP 126, RFC 4786, December 2006.
[RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP) [RFC4916] Elwell, J., "Connected Identity in the Session
and RTP Control Protocol (RTCP) Packets over Connection- Initiation Protocol (SIP)", RFC 4916, June 2007.
Oriented Transport", RFC 4571, July 2006.
[RFC4572] Lennox, J., "Connection-Oriented Media Transport over the [RFC4975] Campbell, B., Mahy, R., and C. Jennings, "The Message
Transport Layer Security (TLS) Protocol in the Session Session Relay Protocol (MSRP)", RFC 4975,
Description Protocol (SDP)", RFC 4572, July 2006. September 2007.
[RFC4786] Abley, J. and K. Lindqvist, "Operation of Anycast [RFC5344] Houri, A., Aoki, E., and S. Parameswar, "Presence and
Services", BCP 126, RFC 4786, December 2006. Instant Messaging Peering Use Cases", RFC 5344,
October 2008.
[RFC4916] Elwell, J., "Connected Identity in the Session Initiation [RFC5411] Rosenberg, J., "A Hitchhiker's Guide to the Session
Protocol (SIP)", RFC 4916, June 2007. Initiation Protocol (SIP)", RFC 5411, February 2009.
[RFC4975] Campbell, B., Mahy, R., and C. Jennings, "The Message [RFC5486] Malas, D. and D. Meyer, "Session Peering for
Session Relay Protocol (MSRP)", RFC 4975, September 2007. Multimedia Interconnect (SPEERMINT) Terminology",
RFC 5486, March 2009.
[RFC5344] Houri, A., Aoki, E., and S. Parameswar, "Presence and [RFC5503] Andreasen, F., McKibben, B., and B. Marshall,
Instant Messaging Peering Use Cases", RFC 5344, "Private Session Initiation Protocol (SIP) Proxy-to-
October 2008. Proxy Extensions for Supporting the PacketCable
Distributed Call Signaling Architecture", RFC 5503,
March 2009.
[RFC5411] Rosenberg, J., "A Hitchhiker's Guide to the Session [RFC5630] Audet, F., "The Use of the SIPS URI Scheme in the
Initiation Protocol (SIP)", RFC 5411, February 2009. Session Initiation Protocol (SIP)", RFC 5630,
October 2009.
[RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla,
Interconnect (SPEERMINT) Terminology", RFC 5486, "Framework for Establishing a Secure Real-time
March 2009. Transport Protocol (SRTP) Security Context Using
Datagram Transport Layer Security (DTLS)", RFC 5763,
May 2010.
[RFC5503] Andreasen, F., McKibben, B., and B. Marshall, "Private [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer
Session Initiation Protocol (SIP) Proxy-to-Proxy Security (DTLS) Extension to Establish Keys for the
Extensions for Supporting the PacketCable Distributed Call Secure Real-time Transport Protocol (SRTP)",
Signaling Architecture", RFC 5503, March 2009. RFC 5764, May 2010.
[RFC5630] Audet, F., "The Use of the SIPS URI Scheme in the Session [RFC5923] Gurbani, V., Mahy, R., and B. Tate, "Connection Reuse
Initiation Protocol (SIP)", RFC 5630, October 2009. in the Session Initiation Protocol (SIP)", RFC 5923,
June 2010.
[RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework [RFC6076] Malas, D. and A. Morton, "Basic Telephony SIP End-to-
for Establishing a Secure Real-time Transport Protocol End Performance Metrics", RFC 6076, January 2011.
(SRTP) Security Context Using Datagram Transport Layer
Security (DTLS)", RFC 5763, May 2010.
[RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence
Security (DTLS) Extension to Establish Keys for the Secure Protocol (XMPP): Core", RFC 6120, March 2011.
Real-time Transport Protocol (SRTP)", RFC 5764, May 2010.
[RFC5923] Gurbani, V., Mahy, R., and B. Tate, "Connection Reuse in [VOIP] Uzelac, A. and Y. Lee, "VoIP SIP Peering Use Cases",
the Session Initiation Protocol (SIP)", RFC 5923, Work in Progress, April 2010.
June 2010.
[RFC6076] Malas, D. and A. Morton, "Basic Telephony SIP End-to-End [VOIPTHREATS] Seedorf, J., Niccolini, S., Chen, E., and H. Scholz,
Performance Metrics", RFC 6076, January 2011. "Session Peering for Multimedia Interconnect
(SPEERMINT) Security Threats and Suggested
Countermeasures", Work in Progress, March 2011.
Appendix A. Policy Parameters for Session Peering Appendix A. Policy Parameters for Session Peering
This informative section lists various types of parameters that This informative appendix lists various types of parameters that
should be considered by implementers when deciding what configuration should be considered by implementers when deciding what configuration
variables to expose to system administrators or management stations, variables to expose to system administrators or management stations,
as well as SSPs or federations of SSPs when discussing the technical as well as SSPs or federations of SSPs when discussing the technical
part of a session peering policy. part of a session peering policy.
In the context of session peering, a policy can be defined as the set In the context of session peering, a policy can be defined as the set
of parameters and other information needed by an SSP to exchange of parameters and other information needed by an SSP to exchange
traffic with another peer. Some of the session policy parameters may traffic with another peer. Some of the session policy parameters may
be statically exchanged and set throughout the lifetime of the be statically exchanged and set throughout the lifetime of the
peering relationship. Others parameters may be discovered and peering relationship. Other parameters may be discovered and updated
updated dynamically using by some explicit protocol mechanisms. dynamically using some explicit protocol mechanisms. These dynamic
These dynamic parameters may be session-dependent, or the may apply parameters may be session dependent, or they may apply over multiple
over multiple sessions or peers. sessions or peers.
Various types of policy information may need to be discovered or Various types of policy information may need to be discovered or
exchanged in order to establish session peering. At a minimum, a exchanged in order to establish session peering. At a minimum, a
policy should specify information related to session establishment policy should specify information related to session establishment
data in order to avoid session establishment failures. A policy may data in order to avoid session establishment failures. A policy may
also include information related to QoS, billing and accounting, also include information related to QoS, billing and accounting, and
layer-3 related interconnect requirements which are out of the scope Layer 3 related interconnect requirements, which are out of the scope
of this document. of this document.
Some aspects of session peering policies must be agreed to and Some aspects of session peering policies must be agreed to and
manually implemented; they are static and are typically documented as manually implemented; they are static and are typically documented as
part of a business contract, technical document or agreement between part of a business contract, technical document, or agreement between
parties. For some parameters linked to protocol support and parties. For some parameters linked to protocol support and
capabilities, standard ways of expressing those policy parameters may capabilities, standard ways of expressing those policy parameters may
be defined among SSP and exchanged dynamically. For e.g., templates be defined among SSPs and exchanged dynamically. For example,
could be created in various document formats so that it could be templates could be created in various document formats so that it
possible to dynamically discover some of the domain policy. Such could be possible to dynamically discover some of the domain policy.
templates could be initiated by implementers (for each software/ Such templates could be initiated by implementers. For each software
hardware release, a list of supported RFCs, RFC parameters is or hardware release, the template could list supported RFCs, and the
provided in a standard format) and then adapted by each SSP based on associated RFC parameters implemented in the given release in a
its service description, server or device configurations and variable standard format. Each SSP would then complete the template and adapt
based on peer relationships. its content based on its service description, the deployed server or
device configurations and the variation of these configurations based
on peer relationships.
A.1. Categories of Parameters for VoIP Session Peering and A.1. Categories of Parameters for VoIP Session Peering and
Justifications Justifications
The following list should be considered as an initial list of The following list should be considered as an initial list of
"discussion topics" to be addressed by peers when initiating a VoIP "discussion topics" to be addressed by peers when initiating a VoIP
peering relationship. peering relationship.
o IP Network Connectivity: o IP Network Connectivity:
Session peers should define the IP network connectivity between Session peers should define the IP network connectivity between
their respective SBEs and DBEs. While this is out of scope of their respective SBEs and DBEs. While this is out of scope of
session peering, SSPs must agree on a common mechanism for IP session peering, SSPs must agree on a common mechanism for IP
transport of session signaling and media. This may be accomplish transport of session signaling and media. This may be
via private (e.g. IPVPN, IPsec, etc.) or public IP networks. accomplished via private (e.g., IPVPN, IPsec, etc.) or public IP
networks.
o Media-related Parameters: o Media-related Parameters:
* Media Codecs: list of supported media codecs for audio, real- * Media Codecs: list of supported media codecs for audio, real-
time fax (version of T.38, if applicable), real-time text (RFC time fax (version of T.38, if applicable), real-time text (RFC
4103), DTMF transport, voice band data communications (as 4103), dual-tone multi-frequency (DTMF) transport voice band
applicable) along with the supported or recommended codec data communications (as applicable) along with the supported or
packetization rates, level of RTP payload redundancy, audio recommended codec packetization rates, level of RTP payload
volume levels, etc. redundancy, audio volume levels, etc.
* Media Transport: level of support for RTP-RTCP [RFC3550], RTP * Media Transport: level of support for RTP-RTCP [RFC3550], RTP
Redundancy (RTP Payload for Redundant Audio Data - [RFC2198]) , Redundancy (RTP Payload for Redundant Audio Data [RFC2198]),
T.38 transport over RTP, etc. T.38 transport over RTP, etc.
* Media variability at the Signaling path Border Elements: list * Media variability at the signaling path border elements: list
of media types supported by the various ingress points of a of media types supported by the various ingress points of a
peer's network. peer's network.
* Other: support of the VoIP metric block as defined in RTP * Other: support of the VoIP metric block as defined in RTP
Control Protocol Extended Reports [RFC3611] , etc. Control Protocol Extended Reports [RFC3611], etc.
o SIP: o SIP:
* A session peering policy should include the list of supported * A session peering policy should include the list of supported
and required SIP RFCs, supported and required SIP methods and required SIP RFCs, supported and required SIP methods
(including private p headers if applicable), error response (including private p headers if applicable), error response
codes, supported or recommended format of some header field codes, supported or recommended format of some header field
values , etc. values, etc.
* It should also be possible to describe the list of supported * It should also be possible to describe the list of supported
SIP RFCs by various functional groupings. A group of SIP RFCs SIP RFCs by various functional groupings. A group of SIP RFCs
may represent how a call feature is implemented (call hold, may represent how a call feature is implemented (call hold,
transfer, conferencing, etc.), or it may indicate a functional transfer, conferencing, etc.), or it may indicate a functional
grouping as in [RFC5411]. grouping as in [RFC5411].
o Accounting: o Accounting:
Methods used for call or session accounting should be specified. Methods used for call or session accounting should be specified.
An SSP may require a peer to track session usage. It is critical An SSP may require a peer to track session usage. It is critical
for peers to determine whether the support of any SIP extensions for peers to determine whether the support of any SIP extensions
for accounting is a pre-requisite for SIP interoperability. In for accounting is a pre-requisite for SIP interoperability. In
some cases, call accounting may feed data for billing purposes but some cases, call accounting may feed data for billing purposes,
not always: some operators may decide to use accounting as a 'bill but not always: some operators may decide to use accounting as a
and keep' model to track session usage and monitor usage against 'bill and keep' model to track session usage and monitor usage
service level agreements. against service level agreements.
[RFC3702] defines the terminology and basic requirements for [RFC3702] defines the terminology and basic requirements for
accounting of SIP sessions. A few private SIP extensions have accounting of SIP sessions. A few private SIP extensions have
also been defined and used over the years to enable call also been defined and used over the years to enable call
accounting between SSP domains such as the P-Charging* headers in accounting between SSP domains such as the P-Charging* headers in
[RFC3455], the P-DCS-Billing-Info header in [RFC5503], etc. [RFC3455], the P-DCS-Billing-Info header in [RFC5503], etc.
o Performance Metrics: o Performance Metrics:
Layer-5 performance metrics should be defined and shared between
Layer 5 performance metrics should be defined and shared between
peers. The performance metrics apply directly to signaling or peers. The performance metrics apply directly to signaling or
media; they may be used pro-actively to help avoid congestion, media; they may be used proactively to help avoid congestion, call
call quality issues or call signaling failures, and as part of quality issues, or call signaling failures, and as part of
monitoring techniques, they can be used to evaluate the monitoring techniques, they can be used to evaluate the
performance of peering exchanges. performance of peering exchanges.
Examples of SIP performance metrics include the maximum number of Examples of SIP performance metrics include the maximum number of
SIP transactions per second on per domain basis, Session SIP transactions per second on per-domain basis, Session
Completion Rate (SCR), Session Establishment Rate (SER), etc. Completion Rate (SCR), Session Establishment Rate (SER), etc.
Some SIP end-to-end performance metrics are defined in [RFC6076]; Some SIP end-to-end performance metrics are defined in [RFC6076];
a subset of these may be applicable to session peering and a subset of these may be applicable to session peering and
interconnects. interconnects.
Some media-related metrics for monitoring VoIP calls have been Some media-related metrics for monitoring VoIP calls have been
defined in the VoIP Metrics Report Block, in Section 4.7 of defined in the VoIP Metrics Report Block, in Section 4.7 of
[RFC3611]. [RFC3611].
o Security: o Security:
An SSP should describe the security requirements that other peers An SSP should describe the security requirements that other peers
must meet in order to terminate calls to its network. While such must meet in order to terminate calls to its network. While such
a list of security-related policy parameters often depends on the a list of security-related policy parameters often depends on the
security models pre-agreed to by peers, it is expected that these security models pre-agreed to by peers, it is expected that these
parameters will be discoverable or signaled in the future to allow parameters will be discoverable or signaled in the future to allow
session peering outside SSP clubs. The list of security session peering outside SSP clubs. The list of security
parameters may be long and composed of high-level requirements parameters may be long and composed of high-level requirements
(e.g. authentication, privacy, secure transport) and low level (e.g., authentication, privacy, secure transport) and low-level
protocol configuration elements like TLS parameters. protocol configuration elements like TLS parameters.
The following list is not intended to be complete, it provides a The following list is not intended to be complete, it provides a
preliminary list in the form of examples: preliminary list in the form of examples:
* Call admission requirements: for some providers, sessions can * Call admission requirements: for some providers, sessions can
only be admitted if certain criteria are met. For example, for only be admitted if certain criteria are met. For example, for
some providers' networks, only incoming SIP sessions signaled some providers' networks, only incoming SIP sessions signaled
over established IPsec tunnels or presented to the well-known over established IPsec tunnels or presented to the well-known
TLS ports are admitted. Other call admission requirements may TLS ports are admitted. Other call admission requirements may
be related to some performance metrics as described above. be related to some performance metrics as described above.
Finally, it is possible that some requirements be imposed on Finally, it is possible that some requirements be imposed on
lower layers, but these are considered out of scope of session lower layers, but these are considered out of scope of session
peering. peering.
* Call authorization requirements and validation: the presence of * Call authorization requirements and validation: the presence of
a caller or user identity may be required by an SSP. Indeed, a caller or user identity may be required by an SSP. Indeed,
some SSPs may further authorize an incoming session request by some SSPs may further authorize an incoming session request by
validating the caller's identity against white/black lists validating the caller's identity against white/black lists
maintained by the service provider or users (traditional caller maintained by the service provider or users (traditional caller
ID screening applications or IM white list). ID screening applications or IM white lists).
* Privacy requirements: an SSP may demand that its SIP messages * Privacy requirements: an SSP may demand that its SIP messages
be securely transported by its peers for privacy reasons so be securely transported by its peers for privacy reasons so
that the calling/called party information be protected. Media that the calling/called party information be protected. Media
sessions may also require privacy and some SSP policies may sessions may also require privacy, and some SSP policies may
include requirements on the use of secure media transport include requirements on the use of secure media transport
protocols such as SRTP, along with some constraints on the protocols such as SRTP, along with some constraints on the
minimum authentication/encryption options for use in SRTP. minimum authentication/encryption options for use in SRTP.
* Network-layer security parameters: this covers how IPsec * Network-layer security parameters: this covers how IPsec
security associated may be established, the IPsec key exchange security associations may be established, the IPsec key
mechanisms to be used and any keying materials, the lifetime of exchange mechanisms should be used, and any details on keying
timed Security Associated if applicable, etc. materials, the lifetime of timed security associations if
applicable, etc.
* Transport-layer security parameters: this covers how TLS * Transport-layer security parameters: this covers how TLS
connections should be established as described in section connections should be established, as described in Section 5.
Section 5.
A.2. Summary of Parameters for Consideration in Session Peering A.2. Summary of Parameters for Consideration in Session Peering
Policies Policies
The following is a summary of the parameters mentioned in the The following is a summary of the parameters mentioned in the
previous section. They may be part of a session peering policy and previous section. They may be part of a session peering policy and
appear with a level of requirement (mandatory, recommended, appear with a level of requirement (mandatory, recommended,
supported, ...). supported, etc.).
o IP Network Connectivity (assumed, requirements out of scope of o IP Network Connectivity (assumed, requirements out of scope of
this document) this document)
o Media session parameters: o Media session parameters:
* Codecs for audio, video, real time text, instant messaging * Codecs for audio, video, real time text, instant messaging
media sessions media sessions
* Modes of communications for audio (voice, fax, DTMF), IM (page * Modes of communications for audio (voice, fax, DTMF), IM (page
skipping to change at page 26, line 11 skipping to change at page 23, line 24
* List of ingress and egress DBEs where applicable, including * List of ingress and egress DBEs where applicable, including
STUN Relay servers if present STUN Relay servers if present
o SIP o SIP
* SIP RFCs, methods and error responses * SIP RFCs, methods and error responses
* headers and header values * headers and header values
* possibly, list of SIP RFCs supported by groups (e.g. by call * possibly, list of SIP RFCs supported by groups (e.g., by call
feature) feature)
o Accounting o Accounting
o Capacity Control and Performance Management: any limits on, or, o Capacity Control and Performance Management: any limits on, or,
means to measure and limit the maximum number of active calls to a means to measure and limit the maximum number of active calls to a
peer or federation, maximum number of sessions and messages per peer or federation, maximum number of sessions and messages per
specified unit time, maximum number of active users or subscribers specified unit time, maximum number of active users or subscribers
per specified unit time, the aggregate media bandwidth per peer or per specified unit time, the aggregate media bandwidth per peer or
for the federation, specified SIP signaling performance metrics to for the federation, specified SIP signaling performance metrics to
skipping to change at page 27, line 13 skipping to change at page 23, line 48
transport layer security parameters, media security parameters transport layer security parameters, media security parameters
Author's Address Author's Address
Jean-Francois Mule Jean-Francois Mule
CableLabs CableLabs
858 Coal Creek Circle 858 Coal Creek Circle
Louisville, CO 80027 Louisville, CO 80027
USA USA
Email: jf.mule@cablelabs.com EMail: jf.mule@cablelabs.com
 End of changes. 166 change blocks. 
330 lines changed or deleted 378 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/