| < draft-ietf-sip-ice-option-tag-01.txt | draft-ietf-sip-ice-option-tag-02.txt > | |||
|---|---|---|---|---|
| SIP J. Rosenberg | SIP J. Rosenberg | |||
| Internet-Draft Cisco | Internet-Draft Cisco | |||
| Intended status: Standards Track March 5, 2007 | Intended status: Standards Track June 19, 2007 | |||
| Expires: September 6, 2007 | Expires: December 21, 2007 | |||
| Indicating Support for Interactive Connectivity Establishment (ICE) in | Indicating Support for Interactive Connectivity Establishment (ICE) in | |||
| the Session Initiation Protocol (SIP) | the Session Initiation Protocol (SIP) | |||
| draft-ietf-sip-ice-option-tag-01 | draft-ietf-sip-ice-option-tag-02 | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on September 6, 2007. | This Internet-Draft will expire on December 21, 2007. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2007). | |||
| Abstract | Abstract | |||
| This specification defines a media feature tag and an option tag for | This specification defines a media feature tag and an option tag for | |||
| use with the Session Initiation Protocol (SIP). The media feature | use with the Session Initiation Protocol (SIP). The media feature | |||
| tag allows a UA to communicate to its registrar that it supports ICE. | tag allows a UA to communicate to its registrar that it supports ICE. | |||
| skipping to change at page 4, line 7 ¶ | skipping to change at page 4, line 7 ¶ | |||
| that do and do not support ICE. In order to facilitate deployment of | that do and do not support ICE. In order to facilitate deployment of | |||
| ICE, it is anticipated that domains will make use of gateways which | ICE, it is anticipated that domains will make use of gateways which | |||
| act as ICE agents on one side, an non-ICE agents on the other side. | act as ICE agents on one side, an non-ICE agents on the other side. | |||
| This would allow a call from domain A into domain B to make use of | This would allow a call from domain A into domain B to make use of | |||
| ICE, even if the device in domain B does not itself yet support ICE. | ICE, even if the device in domain B does not itself yet support ICE. | |||
| However, when domain B receives a call, it will need to know whether | However, when domain B receives a call, it will need to know whether | |||
| the call needs to pass through such a gateway, or whether it can go | the call needs to pass through such a gateway, or whether it can go | |||
| to the terminating UA directly. | to the terminating UA directly. | |||
| In order to make such a determination, this specification defines a | In order to make such a determination, this specification defines a | |||
| media feature tag, sip.ice, which can be included in the Contact | media feature tag, "sip.ice", which can be included in the Contact | |||
| header field of a REGISTER request [4]. This allows the registrar to | header field of a REGISTER request [4]. This allows the registrar to | |||
| track whether a UA supports ICE or not. This information can be | track whether a UA supports ICE or not. This information can be | |||
| accessed by a proxy in order to determine whether a call needs to | accessed by a proxy in order to determine whether a call needs to | |||
| route through a gateway or not. | route through a gateway or not. | |||
| 3.2. Mandating Support for ICE | 3.2. Mandating Support for ICE | |||
| Although ICE provides a built in fall back to non-ICE operation when | Although ICE provides a built in fall back to non-ICE operation when | |||
| the answerer doesn't support it, there are cases where the offerer | the answerer doesn't support it, there are cases where the offerer | |||
| would rather abort the call rather than proceed without ICE. | would rather abort the call rather than proceed without ICE. | |||
| Typically, this is because they would like to choose a different m/c- | Typically, this is because they would like to choose a different m/c- | |||
| line address for a non-ICE peer than they would for an ICE capable | line address for a non-ICE peer than they would for an ICE capable | |||
| peer. | peer. | |||
| To do this, the "ice" SIP option tag can be included in the Require | To do this, the "ice" SIP option tag can be included in the Require | |||
| header field of an INVITE request. | header field of an INVITE request. | |||
| 4. Media Feature Tag Definition | 4. Media Feature Tag Definition | |||
| The sip.ice media feature tag indicates support for ICE. An agent | The "sip.ice" media feature tag indicates support for ICE. An agent | |||
| supports ICE if it is either a lite or full implementation, and | supports ICE if it is either a lite or full implementation, and | |||
| consequently, is capable of including candidate attributes in an SDP | consequently, is capable of including candidate attributes in an SDP | |||
| offer or answer for at least one transport protocol. An agent that | offer or answer for at least one transport protocol. An agent that | |||
| supports ICE SHOULD include this media feature tag in the Contact | supports ICE SHOULD include this media feature tag in the Contact | |||
| header field of its REGISTER requests and OPTION responses. | header field of its REGISTER requests and OPTION responses. | |||
| An agent MAY include the media feature tag in the Contact header | An agent MAY include the media feature tag in the Contact header | |||
| field of an INVITE or INVITE response; however, doing so is redundant | field of an INVITE or INVITE response; however, doing so is redundant | |||
| with ICE attributes in the SDP which indicate the same thing. In | with ICE attributes in the SDP which indicate the same thing. In | |||
| cases where an INVITE omits an offer, the lack or presence of the | cases where an INVITE omits an offer, the lack or presence of the | |||
| media feature tag in the Contact header field cannot be used by the | media feature tag in the Contact header field cannot be used by the | |||
| callee (which will be the offerer) to determine whether the caller | callee (which will be the offerer) to determine whether the caller | |||
| supports ICE. In cases of third party call control [8], the caller | supports ICE. In cases of third party call control [8], the caller | |||
| may be a controller that supports (or doesn't) ICE, while the | may be a controller that supports (or doesn't) ICE, while the | |||
| answerer may be an agent which does (or doesn't) support ICE. | answerer may be an agent which does (or doesn't) support ICE. | |||
| 5. Option Tag Definition | 5. Option Tag Definition | |||
| This "ice" OPTION tag SHOULD NOT be used in conjunction with the | This "ice" OPTION tag SHOULD NOT be used in conjunction with the | |||
| Supported header field. The media feature tag is used as the one and | Supported header field (this SHOULD NOT includes responses to OPTIONS | |||
| only mechanism for indicating support for ICE. The option tag is | requests) The media feature tag is used as the one and only mechanism | |||
| meant to be used only with the Require header field. When placed in | for indicating support for ICE. The option tag is meant to be used | |||
| the Require header field of an INVITE request, it indicates that the | only with the Require header field. When placed in the Require | |||
| UAS must support ICE in order to process the call. An agent supports | header field of an INVITE request, it indicates that the UAS must | |||
| ICE if it is either a full or lite implementation, and consequently, | support ICE in order to process the call. An agent supports ICE if | |||
| is capable of including candidate attributes in an SDP offer or | it is either a full or lite implementation, and consequently, is | |||
| answer for at least one transport protocol. | capable of including candidate attributes in an SDP offer or answer | |||
| for at least one transport protocol. | ||||
| 6. Security Considerations | 6. Security Considerations | |||
| A malicious intermediary might attempt to modify a SIP message by | A malicious intermediary might attempt to modify a SIP message by | |||
| inserting a Require header field containing the "ice" option tag. If | inserting a Require header field containing the "ice" option tag. If | |||
| ICE were not supported on the UAS, this would cause the call to fail | ICE were not supported on the UAS, this would cause the call to fail | |||
| when it would otherwise succeed. Of course, this attack is not | when it would otherwise succeed. Of course, this attack is not | |||
| specific to ICE, and can be done using any option tag. This attack | specific to ICE, and can be done using any option tag. This attack | |||
| is prevented by usage of the SIPS mechanism as defined in RFC 3261. | is prevented by usage of the SIPS mechanism as defined in RFC 3261. | |||
| Similarly, an intermediary might attempt to remove the media feature | Similarly, an intermediary might attempt to remove the media feature | |||
| tag from a REGISTER request or OPTIONS request, which might cause a | tag from a REGISTER request or OPTIONS request, which might cause a | |||
| call to skip ICE processing when it otherwise might make use of it. | call to skip ICE processing when it otherwise might make use of it. | |||
| This attack is also prevented using the SIP mechanism. | This attack is also prevented using the SIPS mechanism. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This specification defines a new media feature tag and SIP option | This specification defines a new media feature tag and SIP option | |||
| tag. | tag. | |||
| 7.1. Option Tag | 7.1. Option Tag | |||
| This section defines a new SIP option tag per the guidelines in | This section defines a new SIP option tag per the guidelines in | |||
| Section 27.1 of RFC 3261. | Section 27.1 of RFC 3261. | |||
| End of changes. 7 change blocks. | ||||
| 15 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||