SIPPING Working Group H. Schulzrinne Internet-Draft Columbia University Expires: January 10, 2006 E. Shim Panasonic July 9, 2005 Recommended Relationships between Different Types of Identifiers. draft-schulzrinne-sipping-id-relationships-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 10, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract Evolution of communications technologies brought us various types of identifiers or addresses that identify persons such as SIP URIs, email addresses, and telephone numbers. Proper relationships among different type of identifiers can enable various services, which, otherwise, are difficult to realize. This memo provides guidelines for managing relationships between SIP URIs other personal identifiers. Schulzrinne & Shim Expires January 10, 2006 [Page 1] Internet-Draft ID Relationships July 2005 1. Introduction In the absence of widely-deployed public directories, users often have only partial information about the various communication URI schemes for people they are trying to reach. They might have an old business card or RFC, typically containing a phone number or email address, but may need to contact the individual by some other means, such as via SIP or XMPP. Usage of newer protocols is facilitated if a communicating party is likely to be able to obtain such addresses. A number of communications-related URIs, such as for email [4] [5], SIP [1] and XMPP [6] use the basic 'user@host' form. Particularly since implementations often allow usage of such identifiers without prefixing it with the URI scheme, non-technical users expect these identifiers to work across different means of communication and, in particular, expect that they reach the same person if they do work. In some cases, if a SIP or other presence-related address such as an xmpp URI is known, one can try to subscribe to that address, with the presence object possibly returning the email address. However, this is not likely to work consistently, particularly since revealing presence information requires more trust than simply revealing one's email address. Thus, given the limitations of electronic means of relating different communications-related URI schemes for individuals and services, users are likely to guess. Communication is facilitated and communication failures are prevented if identifiers are constructed in a predictable and consistent manner. This document makes two core recommendations: (1) Individuals should be able to choose user identifiers across URI schemes that are the same. (2) Assignment policies within a domain should not assign the same user part in different URI schemes to different individuals. 2. Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 [2]. Schulzrinne & Shim Expires January 10, 2006 [Page 2] Internet-Draft ID Relationships July 2005 SIP URI: Uniform Resource Indicators identifyng communication resources for SIP as defined in Section 19, RFC 3261 [1]. Its general form is: sip:user:password@host:port;uri-parameters?headers. SIPS URI: Same as SIP URI except that the SIP protocol runs on top of the Transport Layer Security (TLS) protocol [3]. It is also defined in Section 19, RFC 3261 [1]. Its general form is the same as the SIP URI except that it starts with 'sips:' rather than 'sip:'. SIP address: A SIP URI or SIPS URI. telephone number: A string of decimal digits that uniquely indicates the network termination point. The string contains the information necessary to route the call to this point. There are two categories of telephone numbers: public telephone numbers and private telephone numbers. This definition is from RFC 3966 [7] which derived the definition from [11]. tel URI: A resource identifier from a telephone number as defined in RFC 3966[7]. email address: A character string that identifies a user to whom mail will be sent or a location into which mail will be deposited. The standard email address naming convention is defined to be "user@host". A more rigorous definition can be found in RFC2821 [4] and RFC2822 [5]. 3. Recommended Practices 3.1 A SIP address and an email address with the same user and domain parts A SIP address MUST NOT have the same user and domain parts as an email address unless both refer to the same person or service. Therefore, a SIP address and an email address with the same user and domain parts MUST refer to the same person or service. For example, the following SIP address and email address sip:bob@example.com:5060;transport=udp (mailto:)bob@example.com Schulzrinne & Shim Expires January 10, 2006 [Page 3] Internet-Draft ID Relationships July 2005 MUST refer to the same person. 3.2 Two SIP addresses with the same user and domain parts Any two SIP addresses MUST NOT have the same user and domain parts unless both refer to the same person or service. For example, the following SIP addresses sip:bob@example.com:5060;transport=udp sips:bob@example.com;transport=tcp MUST refer to the same person or service even though they are not equivalent according to the SIP specification [1] . 3.3 A SIP address and its email-equivalent All SIP addresses SHOULD have a working email-equivalent as long as the SIP addresses are referring to people. For example, for the following SIP address sip:bob@example.com:6000;transport=tcp a working email-equivalent SHOULD exist, such as (mailto:)bob_the_builder@example.net. The above example illustrates that the working email-equivalent does not have to have the same user and domain parts as the SIP address. How to find the email-equivalent for a given SIP address is out of scope. If a SIP address refers to a telephone (number), it MAY not have an email-equivalent. 3.4 A tel URI and its email-equivalent A tel URI MAY not have an email-equivalent. 3.5 An email address and its SIP-equivalent Some email addresses may not have SIP equivalents, e.g., because the domains don't support SIP services. Schulzrinne & Shim Expires January 10, 2006 [Page 4] Internet-Draft ID Relationships July 2005 3.6 Email user names and SIP user parts Providers of SIP services SHOULD allow all valid email user names as SIP address user parts. 3.7 A telephone number and its SIP-equivalent Telephone numbers are mapped to SIP URIs without visual separators (hyphen, etc.), as partially described in the tel URI RFC [7] and the SIP RFC [1]. The parameter 'user' with its value 'phone' SHOULD be included in the SIP URIs. For example, the following public telephone number +1-212-555-1234 is mapped to the following SIP URI sip:+12125551234;user=phone. 4. Use Cases Below are just two example use cases showing the benefits that can be accrued by the recommended relationships in the above. 4.1 Leaving voicemails using emails in P2P IP telephony systems Let say there are two identifiers, a SIP URI sip:bob@example.com and an email address bob@example.com. Imagine that there is no voicemail server associated with sip:bob@example.com and the human user owning the SIP URI could not take a call when another user called at the URI. It would be very useful if the caller can leave a voicemail by email. This scenario is particularly useful when SIP UAs are operating in a peer-to-peer fashion. Peer-to-peer networks for SIP- based communications were discussed recently in several drafts [8][9][10] . If the email address bob@example.com is assigned to the same person owning sip:bob@example.com by a global rule, it is straightforward to which email address the voicemail should be emailed. Instead, if the email address bob@example.com happens to be assigned to a different person, the caller will end up leaving the voicemail to a wrong person. 4.2 Common authentication for IP telephony and email systems An organization, in their deployment of a SIP-based IP telephony system, set a policy that the SIP URI and the email address with the same user information and the host information components, i.e. Schulzrinne & Shim Expires January 10, 2006 [Page 5] Internet-Draft ID Relationships July 2005 identical except the protocol component should be assigned only to the same user and let the users use their email system usernames and passwords for authentication with the IP telephony system, reducing the administration overhead and increasing the convenience of users at the same time. 5. Security Considerations One could argue that making identifiers the same across communication means is likely to increase undesirable communication, such as spam. However, communication identifiers are often short and easily guessable, so that those intent on sending spam can exhaustively search the namespace until a working address has been found. Similarly, a single instance of an address "leaked" on a web page is often sufficient to introduce the address into the pool of spam- receiving addresses. Thus, the protection of address hiding appears to be limited, but the negative impact on desirable communication is clear. It is not the role of this document to force users to make such a trade-off between the possible benefits of address hiding and easier reachability, but rather to facilitate such choice. This document therefore does not require that users choose the same 'user' part, but suggests that providers of such services make it easy for users to choose such a convention. Preventing two users to share the same identifiers across URIs increases security, as it makes it less likely that a user sends confidential information to the wrong destination, in the mistaken belief that they are owned by the same person. 6. Acknowledgments Arjun Roychowdhury's comments are appreciated. 7. References 7.1 Normative References [1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirements Levels", RFC 2119, March 1997. [3] Alen, C. and T. Dierks, "The TLS Protocol Version 1.0", RFC 2246, January 1999. Schulzrinne & Shim Expires January 10, 2006 [Page 6] Internet-Draft ID Relationships July 2005 [4] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [5] Resnick, P., "Internet Message Format", RFC 2822, April 2001. [6] Saint-Andre, Ed., P., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 3920, October 2004. [7] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004. 7.2 Informative References [8] Johnston, A., "SIP, P2P, and Internet Communications", draft-johnston-sipping-p2p-ipcom-01 (work in progress), March 2005. [9] Bryan, D. and C. Jennings, "A P2P Approach to SIP Registration", draft-bryan-sipping-p2p-00 (work in progress), January 2005. [10] Philip, P. and B. Poustchi, "Industrial-Strength P2P SIP", draft-matthews-sipping-p2p-industrial-strength-00 (work in progress), February 2005. [11] ITU-T, "The International Public Telecommunication Number Plan", Recommendation E.164, May 1997. Authors' Addresses Henning Schulzrinne Department of Computer Science Columbia University 1214 Amsterdam Avenue New York, NY 10027 USA Email: schulzrinne@cs.columbia.edu Schulzrinne & Shim Expires January 10, 2006 [Page 7] Internet-Draft ID Relationships July 2005 Eunsoo Shim Panasonic Digital Networking Laboratory Two Research Way, 3rd Floor Princeton, NJ 08540 USA Email: eunsoo@research.panasonic.com Schulzrinne & Shim Expires January 10, 2006 [Page 8] Internet-Draft ID Relationships July 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Schulzrinne & Shim Expires January 10, 2006 [Page 9]