| < draft-ietf-sip-acr-code-04.txt | draft-ietf-sip-acr-code-05.txt > | |||
|---|---|---|---|---|
| SIP J. Rosenberg | SIP J. Rosenberg | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco | |||
| Expires: September 1, 2007 February 28, 2007 | Intended status: Standards Track July 5, 2007 | |||
| Expires: January 6, 2008 | ||||
| Rejecting Anonymous Requests in the Session Initiation Protocol (SIP) | Rejecting Anonymous Requests in the Session Initiation Protocol (SIP) | |||
| draft-ietf-sip-acr-code-04 | draft-ietf-sip-acr-code-05 | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 33 ¶ | skipping to change at page 1, line 34 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on September 1, 2007. | This Internet-Draft will expire on January 6, 2008. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2007). | |||
| Abstract | Abstract | |||
| The Session Initiation Protocol (SIP) allows for users to make | The Session Initiation Protocol (SIP) allows for users to make | |||
| anonymous calls. However, users receiving such calls have the right | anonymous calls. However, users receiving such calls have the right | |||
| to reject them because they are anonymous. SIP has no way to | to reject them because they are anonymous. SIP has no way to | |||
| skipping to change at page 3, line 14 ¶ | skipping to change at page 3, line 14 ¶ | |||
| 1. Introduction | 1. Introduction | |||
| The Session Initiation Protocol (SIP) [1] allows for users to make | The Session Initiation Protocol (SIP) [1] allows for users to make | |||
| anonymous calls. In RFC 3261, this is done by including a From | anonymous calls. In RFC 3261, this is done by including a From | |||
| header field whose display name has the value of "Anonymous". | header field whose display name has the value of "Anonymous". | |||
| Greater levels of anonymity were subsequently defined in RFC 3323 | Greater levels of anonymity were subsequently defined in RFC 3323 | |||
| [2], which introduces the Privacy header field. The Privacy header | [2], which introduces the Privacy header field. The Privacy header | |||
| field allows a requesting UA to ask for various levels of anonymity, | field allows a requesting UA to ask for various levels of anonymity, | |||
| including user level anonymity, header level anonymity, and session | including user level anonymity, header level anonymity, and session | |||
| level anonymity. RFC 3325 [3] additionally defined the P-Asserted- | level anonymity. RFC 3325 [5] additionally defined the P-Asserted- | |||
| Identity header field, used to contain an asserted identity. RFC | Identity header field, used to contain an asserted identity. RFC | |||
| 3325 also defined the 'id' value for the Privacy header field, which | 3325 also defined the 'id' value for the Privacy header field, which | |||
| is used to request the network to remove the P-Asserted-Identity | is used to request the network to remove the P-Asserted-Identity | |||
| header field. | header field. | |||
| Though users need to be able to make anonymous calls, users that | Though users need to be able to make anonymous calls, users that | |||
| receive such calls retain the right to reject the call because it is | receive such calls retain the right to reject the call because it is | |||
| anonymous. SIP does not provide a response code that allows the UAS, | anonymous. SIP does not provide a response code that allows the UAS, | |||
| or a proxy acting on its behalf, to explicitly indicate that the | or a proxy acting on its behalf, to explicitly indicate that the | |||
| request was rejected because it was anonymous. The closest response | request was rejected because it was anonymous. The closest response | |||
| skipping to change at page 3, line 42 ¶ | skipping to change at page 3, line 42 ¶ | |||
| retries, or conversion to equivalent error codes in the Public | retries, or conversion to equivalent error codes in the Public | |||
| Switched Telephone Network (PSTN) when the client is a gateway. | Switched Telephone Network (PSTN) when the client is a gateway. | |||
| To remedy this, this specification defines the 433 (Anonymity | To remedy this, this specification defines the 433 (Anonymity | |||
| Disallowed) response code. | Disallowed) response code. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [4]. | document are to be interpreted as described in RFC 2119 [3]. | |||
| 3. Server Behavior | 3. Server Behavior | |||
| A server (generally acting on behalf of the called party, though this | A server (generally acting on behalf of the called party, though this | |||
| need not be the case) MAY generate a 433 (Anonymity Disallowed) | need not be the case) MAY generate a 433 (Anonymity Disallowed) | |||
| response when it receives an anonymous request, and the server | response when it receives an anonymous request, and the server | |||
| refuses to fulfill the request because the requestor is anonymous. A | refuses to fulfill the request because the requestor is anonymous. A | |||
| request SHOULD be considered anonymous when the identity of the | request SHOULD be considered anonymous when the identity of the | |||
| originator of the request has been explicitly withheld by the | originator of the request has been explicitly withheld by the | |||
| originator. This occurs in any one of the following cases: | originator. This occurs in any one of the following cases: | |||
| skipping to change at page 4, line 19 ¶ | skipping to change at page 4, line 19 ¶ | |||
| o The From header field contains a display name whose value is | o The From header field contains a display name whose value is | |||
| either 'Anonymous' or 'anonymous'. Note that display names make a | either 'Anonymous' or 'anonymous'. Note that display names make a | |||
| poor choice for indicating anonymity, since they are meant to be | poor choice for indicating anonymity, since they are meant to be | |||
| consumed by humans, not automata. Thus, language variations and | consumed by humans, not automata. Thus, language variations and | |||
| even misspelling can cause an automaton to miss a hint in the | even misspelling can cause an automaton to miss a hint in the | |||
| display name. Despite these problems, a check on the display name | display name. Despite these problems, a check on the display name | |||
| is included here because RFC 3261 explicitly calls out the usage | is included here because RFC 3261 explicitly calls out the usage | |||
| of the display name as a way to declare anonymity. | of the display name as a way to declare anonymity. | |||
| o The request contained a Privacy header field whose value was 'id' | o The request contained a Privacy header field whose value indicates | |||
| [3] or 'user'. | that the user wishes their identity withheld. Values meeting this | |||
| criteria are 'id' [5] or 'user'. | ||||
| o The From or P-Asserted-Identity header field contains a URI which | o The From header field contains a URI which has an explicit | |||
| has an explicit indication that it is anonymous. One such example | indication that it is anonymous. One such example of a mechanism | |||
| of a mechanism that would meet this criteria is [7]. This | that would meet this criteria is [7]. This criteria is true even | |||
| criteria is true even if the request has a validated Identity | if the request has a validated Identity header field [4], which | |||
| header field [5], which can be used in concert with anonymized | can be used in concert with anonymized From header fields. | |||
| From header fields. | ||||
| Lack of a P-Asserted-Identity header field, in and of itself, SHOULD | Lack of a network asserted identity (such as the P-Asserted-Identity | |||
| NOT be considered an indication of anonymity. Even though a Privacy | header field), in and of itself, SHOULD NOT be considered an | |||
| header field value of 'id' will cause the removal of the P-Asserted- | indication of anonymity. Even though a Privacy header field value of | |||
| Identity header field, there is no way to differentiate this case | 'id' will cause the removal of a network asserted identity, there is | |||
| from one in which P-Asserted-Identity was not supported by the | no way to differentiate this case from one in which a network | |||
| originating domain. As a consequence, a request without a | asserted identity was not supported by the originating domain. As a | |||
| P-Asserted-Identity is considered anonymous only when there is some | consequence, a request without a network asserted identity is | |||
| other indication of this, such as a From header field with a display | considered anonymous only when there is some other indication of | |||
| name of 'Anonymous'. | this, such as a From header field with a display name of 'Anonymous'. | |||
| In addition, requests where the identity of the requestor cannot be | In addition, requests where the identity of the requestor cannot be | |||
| determined or validated, but it is not a consequence of an explicit | determined or validated, but it is not a consequence of an explicit | |||
| action on the part of the requestor, are not consider anonymous. For | action on the part of the requestor, are not consider anonymous. For | |||
| example, if a request contains a non-anonymous From header field, | example, if a request contains a non-anonymous From header field, | |||
| along with the Identity and Identity-Info header fields [5], but the | along with the Identity and Identity-Info header fields [4], but the | |||
| certificate could not be obtained from the reference in the Identity- | certificate could not be obtained from the reference in the Identity- | |||
| Info header field, it is not considered an anonymous request, and the | Info header field, it is not considered an anonymous request, and the | |||
| 433 response code SHOULD NOT be used. | 433 response code SHOULD NOT be used. | |||
| 4. UAC Behavior | 4. UAC Behavior | |||
| A UAC receiving a 433 (Anonymity Disallowed) MUST NOT retry the | A UAC receiving a 433 (Anonymity Disallowed) MUST NOT retry the | |||
| request without anonymity unless it obtains confirmation from the | request without anonymity unless it obtains confirmation from the | |||
| user that this is desirable. Such confirmation could be obtained | user that this is desirable. Such confirmation could be obtained | |||
| through the user interface, or by accessing user defined policy. If | through the user interface, or by accessing user defined policy. If | |||
| skipping to change at page 6, line 42 ¶ | skipping to change at page 6, line 42 ¶ | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., | [1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., | |||
| Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: | Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: | |||
| Session Initiation Protocol", RFC 3261, June 2002. | Session Initiation Protocol", RFC 3261, June 2002. | |||
| [2] Peterson, J., "A Privacy Mechanism for the Session Initiation | [2] Peterson, J., "A Privacy Mechanism for the Session Initiation | |||
| Protocol (SIP)", RFC 3323, November 2002. | Protocol (SIP)", RFC 3323, November 2002. | |||
| [3] Jennings, C., Peterson, J., and M. Watson, "Private Extensions | [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
| to the Session Initiation Protocol (SIP) for Asserted Identity | ||||
| within Trusted Networks", RFC 3325, November 2002. | ||||
| [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement | ||||
| Levels", BCP 14, RFC 2119, March 1997. | Levels", BCP 14, RFC 2119, March 1997. | |||
| [5] Peterson, J. and C. Jennings, "Enhancements for Authenticated | [4] Peterson, J. and C. Jennings, "Enhancements for Authenticated | |||
| Identity Management in the Session Initiation Protocol (SIP)", | Identity Management in the Session Initiation Protocol (SIP)", | |||
| RFC 4474, August 2006. | RFC 4474, August 2006. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [5] Jennings, C., Peterson, J., and M. Watson, "Private Extensions | ||||
| to the Session Initiation Protocol (SIP) for Asserted Identity | ||||
| within Trusted Networks", RFC 3325, November 2002. | ||||
| [6] Sparks, R., "Multiple Dialog Usages in the Session Initiation | [6] Sparks, R., "Multiple Dialog Usages in the Session Initiation | |||
| Protocol", draft-ietf-sipping-dialogusage-06 (work in | Protocol", draft-ietf-sipping-dialogusage-06 (work in | |||
| progress), February 2007. | progress), February 2007. | |||
| [7] Rosenberg, J., "Coexistence of P-Asserted-ID and SIP Identity", | [7] Rosenberg, J., "Coexistence of P-Asserted-ID and SIP Identity", | |||
| draft-rosenberg-sip-identity-coexistence-00 (work in progress), | draft-rosenberg-sip-identity-coexistence-00 (work in progress), | |||
| June 2006. | June 2006. | |||
| [8] Hautakorpi, J. and G. Camarillo, "Extending the Session | [8] Hautakorpi, J. and G. Camarillo, "Extending the Session | |||
| Initiation Protocol Reason Header with Warning Codes", | Initiation Protocol Reason Header with Warning Codes", | |||
| draft-hautakorpi-reason-header-for-warnings-00 (work in | draft-hautakorpi-reason-header-for-warnings-00 (work in | |||
| progress), October 2005. | progress), October 2005. | |||
| [9] Jesske, R., "Input Requirements for the Session Initiation | [9] Jesske, R., "Input Requirements for the Session Initiation | |||
| Protocol (SIP) in support for the European Telecommunications | Protocol (SIP) in support for the European Telecommunications | |||
| Standards Institute", | Standards Institute", | |||
| draft-jesske-sipping-tispan-requirements-03 (work in progress), | draft-jesske-sipping-tispan-requirements-03 (work in progress), | |||
| June 2006. | June 2006. | |||
| [10] Jennings, C. and J. Rosenberg, "The Session Initiation Protocol | [10] Jennings, C. and J. Rosenberg, "The Session Initiation Protocol | |||
| (SIP) and Spam", draft-ietf-sipping-spam-03 (work in progress), | (SIP) and Spam", draft-ietf-sipping-spam-04 (work in progress), | |||
| October 2006. | February 2007. | |||
| Author's Address | Author's Address | |||
| Jonathan Rosenberg | Jonathan Rosenberg | |||
| Cisco Systems | Cisco | |||
| Edison, NJ | Edison, NJ | |||
| US | US | |||
| Phone: +1 973 952-5000 | ||||
| Email: jdrosen@cisco.com | Email: jdrosen@cisco.com | |||
| URI: http://www.jdrosen.net | URI: http://www.jdrosen.net | |||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2007). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| End of changes. 15 change blocks. | ||||
| 34 lines changed or deleted | 34 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||