idnits 2.17.1
draft-allen-dispatch-imei-urn-as-instanceid-06.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack an IANA Considerations section. (See Section
2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
when there are no actions for IANA.)
** The abstract seems to contain references ([2], [1]), which it shouldn't.
Please replace those with straight textual mentions of the documents in
question.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 319 has weird spacing: '... Mobile stati...'
-- The document date (October 12, 2012) is 4185 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Outdated reference: A later version (-20) exists of
draft-montemurro-gsma-imei-urn-11
** Obsolete normative reference: RFC 2141 (ref. '4') (Obsoleted by RFC 8141)
-- Obsolete informational reference (is this intentional?): RFC 2246 (ref.
'12') (Obsoleted by RFC 4346)
Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Dispatch Working Group A. Allen, Ed.
3 Internet-Draft Research in Motion (RIM)
4 Intended status: Informational October 12, 2012
5 Expires: April 15, 2013
7 Using the International Mobile station Equipment Identity(IMEI)URN as an
8 Instance ID
9 draft-allen-dispatch-imei-urn-as-instanceid-06
11 Abstract
13 This specification defines how the Uniform Resource Name namespace
14 reserved for GSMA (Global Sstandard for Mobiles Association)
15 identities and its sub namespace for the IMEI (International Mobile
16 station Equipment Identity) can be used as an instance-id as
17 specified in RFC 5626 [1] and also as used by RFC 5627 [2]. Its
18 purpose is to fulfil the requirements in RFC 5626 [1] that state "If
19 a URN scheme other than UUID is used, the UA MUST only use URNs for
20 which an RFC (from the IETF stream) defines how the specific URN
21 needs to be constructed and used in the "+sip.instance" Contact
22 header field parameter for outbound behavior."
24 Status of this Memo
26 This Internet-Draft is submitted in full conformance with the
27 provisions of BCP 78 and BCP 79.
29 Internet-Drafts are working documents of the Internet Engineering
30 Task Force (IETF). Note that other groups may also distribute
31 working documents as Internet-Drafts. The list of current Internet-
32 Drafts is at http://datatracker.ietf.org/drafts/current/.
34 Internet-Drafts are draft documents valid for a maximum of six months
35 and may be updated, replaced, or obsoleted by other documents at any
36 time. It is inappropriate to use Internet-Drafts as reference
37 material or to cite them other than as "work in progress."
39 This Internet-Draft will expire on April 15, 2013.
41 Copyright Notice
43 Copyright (c) 2012 IETF Trust and the persons identified as the
44 document authors. All rights reserved.
46 This document is subject to BCP 78 and the IETF Trust's Legal
47 Provisions Relating to IETF Documents
48 (http://trustee.ietf.org/license-info) in effect on the date of
49 publication of this document. Please review these documents
50 carefully, as they describe your rights and restrictions with respect
51 to this document. Code Components extracted from this document must
52 include Simplified BSD License text as described in Section 4.e of
53 the Trust Legal Provisions and are provided without warranty as
54 described in the Simplified BSD License.
56 Table of Contents
58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
62 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
64 4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
66 5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 5
68 6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6
70 7. 3GPP Registrar Procedures . . . . . . . . . . . . . . . . . . . 7
72 8. Security considerations . . . . . . . . . . . . . . . . . . . . 7
74 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
76 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
77 10.1. Normative references . . . . . . . . . . . . . . . . . . . 8
78 10.2. Informative references . . . . . . . . . . . . . . . . . . 8
80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
82 1. Introduction
84 This specification defines how the Uniform Resource Name namespace
85 reserved for GSMA identities and its sub namespace for the IMEI
86 (International Mobile station Equipment Identity) as defined in
87 draft-montemurro-gsma-imei-urn-11 [3] can be used as an instance-id
88 as specified in RFC 5626 [1] and also as used by RFC 5627 [2].
90 RFC 5626 [1] defines the "+sip.instance" Contact header field
91 parameter which contains a URN as per RFC 2141 [4] defined as an
92 instance-id that uniquely identifies a specific UA instance. This
93 instance-id is used as defined in RFC 5626 [1] so that registrar can
94 recognize that the contacts from multiple registrations correspond to
95 the same UA. The instance-ID is also used as defined by RFC 5627 [2]
96 to create Globally Routable User Agent URIs (GRUUs) that can be used
97 to uniquely address a UA when multiple UAs are registered with the
98 same Address of Record (AoR).
100 RFC 5626 [1] defines that a UA SHOULD create a Universally Unique
101 Identifier (UUID) URN as defined in RFC 4122 [7] as its instance-id
102 but allows for the possibility of other URN schemes to be used. "If
103 a URN scheme other than UUID is used, the UA MUST only use URNs for
104 which an RFC (from the IETF stream) defines how the specific URN
105 needs to be constructed and used in the "+sip.instance" Contact
106 header field parameter for outbound behavior." This specification
107 meets this requirement by specifying how the GSMA IEMEI URN is used
108 in the "+sip.instance" Contact header field parameter for outbound
109 behavior and draft-montemurro-gsma-imei-urn-11 [3] defines how the
110 GSMA IMEI URN is constructed
112 The GSMA IMEI is an identifier for a namespace for the IMEI a
113 globally unique identifier that identifies Mobile Equipment used in
114 Global System for Mobile (GSM), Universal Mobile Telecommunications
115 System (UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI
116 allocation is managed by the GSMA to ensure that the IMEI values are
117 globally unique. Details of the formatting of the IMEI as a URN are
118 defined in draft-montemurro-gsma-imei-urn-11 [3] and the definition
119 of the IMEI is contained in 3GPP TS 23.003 [8]. Further details
120 about the GSMA role in allocating the IMEI and the IMEI allocation
121 guidelines can be found in GSMA PRD DG.06 [9]
123 2. Terminology
125 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
126 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
127 document are to be interpreted as described in [5].
129 3. Background
131 GSM and UMTS capable mobile devices represent 90% of the mobile
132 devices in use worldwide. GSM and UMTS mobile devices each have an
133 IMEI allocated which uniquely identifies the mobile device from all
134 other GSM/UMTS mobile devices deployed. Amongst other things in some
135 regulatory jurisdictions the IMEI is used to identify a stolen mobile
136 is being used and help to identify the subscription that is using it
137 and to prevent its use. Whilst GSM was originally a circuit switched
138 system enhancements such as GPRS (General Packet Radio Service) and
139 UMTS have added IP data capabilities which along with the definition
140 of the IP Multimedia Subsystem (IMS) has made SIP based calls and IP
141 multimedia sessions from mobile devices possible. The latest
142 enhancment known as LTE will introduce even higher data rates and
143 dispenses with the circuit switched domain completely meaning that
144 with LTE voice calls will need to be conducted using IP and IMS.
145 However, the transition to all IP, SIP based IMS networks worldwide
146 will take a great many years and mobile devices being mobile will
147 need to operate in both IP/SIP/IMS mode and circuit switched mode.
148 In fact calls and sessions will need to be handed over between IP/
149 SIP/IMS mode and circuit switched mode during a call. Also as many
150 existing GSM and UMTS radio access networks are unable to support IP/
151 SIP/IMS based voice services in a commercially acceptable manner some
152 sessions can have some media types delivered via IP/IMS
153 simultaneously with voice media delivered via circuit switched with
154 the same mobile device simultaneously attached via both the IP/SIP/
155 IMS domain and the circuit switched domain. To meet this need 3GPP
156 has specified how to maintain session continuity between the IP/SIP/
157 IMS domain and the circuit switched domain in 3GPP TS 24.237 [10] and
158 how to access IMS hosted services via both the IP/SIP/IMS domain and
159 the circuit switched domain in 3GPP TS 24.292 [11].
161 In order for the the mobile device to access SIP/IMS services via the
162 circuit switched domain 3GPP has defined a MSC (Mobile Switching
163 Center) server enhanced for ICS which controls mobile voice call
164 setup over the circuit switched radio access while establishing the
165 corresponding voice session in the core network using SIP/IMS. To
166 enable this the MSC server enhanced for ICS (IMS centralized
167 services) performs SIP registration on behalf of the mobile device
168 which can be simultaneously also directly registered with the IP/SIP/
169 IMS domain. The only mobile device identifier that is transportable
170 using GSM/UMTS/LTE signaling is the IMEI therefore the instance-id
171 included by the MSC server enhanced for ICS when on behalf of the
172 mobile device and the instance-id used by the mobile device directly
173 needs to be based on the IMEI.
175 Additionally in order to meet the regulatory requirements to use the
176 IMEI to identify a stolen mobile is being used and help to identify
177 the subscription that is using it and to prevent its use the same
178 IMEI that is obtained from the circuit switched signaling needs to be
179 obtainable from SIP signaling.
181 3GPP TS 24.237 [10] and 3GPP TS 24.292 [11] already define the use of
182 the URN namespace for the GSMA and IMEI as defined in
183 draft-montemurro-gsma-imei-urn-11 [3] as the instance-id used by
184 mobile devices and the MSC server enhanced for ICS for SIP/IMS
185 registrations for these reasons.
187 4. 3GPP Use Cases
189 1. The mobile device includes its IMEI in the SIP REGISTER request
190 so that the registrar can perform a check of the Equipment Identity
191 Registry (EIR) to verify if the mobile device is allowed or barred
192 from using the network (e.g because it has been stolen). If the
193 mobile device is not allowed to use the network the registrar can
194 reject the registration. Thus a barred device is prevented from
195 using the network.
197 2. The mobile device includes its IMEI in SIP INVITE requests used
198 to establish emergency sessions. This so that the PSAP (Public
199 Safety Answering Point) can obtain the IMEI of the mobile device for
200 identification purposes if required by regulations.
202 3. The inclusion by the mobile device of its IMEI in SIP INVITE
203 requests used to establish emergency sessions is also used in the
204 cases of unauthenticated emergency sessions to enable the network to
205 identify the mobile device. This is especially important if the
206 unauthenticated emergency session is handed over from the packet
207 switched domain to circuit switched domain as in this scenario the
208 IMEI is the only common means for identifying the circuit switched
209 call as from the same mobile device that was in the emergency session
210 in the packet switched domain.
212 5. User Agent Client Procedures
214 A UAC that has an IMEI as defined in 3GPP TS 23.003 [8] that is
215 registering with a 3GPP IMS network MUST include in the
216 "sip.instance" media feature tag the GSMA IMEI URN according to the
217 syntax defined in draft-montemurro-gsma-imei-urn-11 [3] when
218 performing the registration procedures defined in RFC 5626 [1] or RFC
219 5627 [2] or any other procedure requiring including the
220 "sip.instance" media feature tag. The UAC SHOULD NOT include the
221 optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
222 media feature tag, since the software version can change as a result
223 of upgrades to the device firmware which would create a new instance
224 ID. The UAC MUST provide lexically equivalent URNs in each
225 registration [1]. Hence, any optional or variable components of the
226 URN (e.g., the "vers" parameter) MUST be presented with the same
227 values and in the same order in every registration as in the first
228 registration.
230 A UAC MUST only use the GSMA IMEI URN as an Instance ID when
231 registering with a 3GPP IMS network. When registering with a non
232 3GPP IMS network a UAC SHOULD use a UUID as an Instance ID as defined
233 in RFC 5626 [1].
235 A UAC MUST NOT include its "sip.instance" media feature tag
236 containing the GSMA IMEI URN in the Contact header field of non-
237 register requests unless the UAC is certain that the request will be
238 sent via a trusted intermediary that will remove the "sip.instance"
239 media feature tag prior to forwarding the request towards the
240 destination. In order to ensure that all requests containing the
241 "sip.instance" media feature tag are forwarded via the trusted
242 intermediary the UAC MUST first have verified that the trusted
243 intermediary is present (e.g. first contacted via a registration or
244 configuration procedure). The exception to this is when the request
245 is related to an emergency session when regulatory requirements can
246 require the IMEI to be provided to the Public Safety Answering Point
247 (PSAP).
249 6. User Agent Server Procedures
251 A UAS MUST NOT include its "sip.instance" media feature tag
252 containing the GSMA IMEI URN in the Contact header field of responses
253 unless the UAS is certain that the response will be sent via a
254 trusted intermediary that will remove the "sip.instance" media
255 feature tag prior to forwarding the response towards the destination.
256 In order to ensure that all responses containing the "sip.instance"
257 media feature tag are forwarded via the trusted intermediary the UAS
258 MUST first have verified that the trusted intermediary is present
259 (e.g. first contacted via a registration or configuration procedure).
260 The exception to this is when the response is related to an emergency
261 session when regulatory requirements can require the IMEI to be
262 provided to the Public Safety Answering Point(PSAP).
264 7. 3GPP Registrar Procedures
266 In 3GPP IMS when the Registrar receives in the Contact header field a
267 "sip.instance" media feature tag containing the GSMA IMEI URN
268 according to the syntax defined in draft-montemurro-gsma-imei-urn-11
269 [3] the registrar follows the procedures defined in RFC 5626 [1] and
270 RFC 5627 [2] if those extensions are supported and indicated as
271 supported by the UA. If the Registrar allocates a public GRUU
272 according to the procedures defined in RFC 5627 [2] the instance-id
273 MUST be obfuscated when creating the "gr" parameter in order not to
274 reveal the IMEI to other UAs when the public GRUU is included in non
275 register requests. 3GPP TS 24.229 [6] subclause 5.4.7A.2 defines the
276 mechanism for obfuscating the IMEI when creating the "gr" parameter.
278 8. Security considerations
280 Because IMEIs like other formats of instance IDs can be loosely
281 correlated to a user, they need to be treated as any other personally
282 identifiable information. In particular, the "sip.instance" media
283 feature tag containing the GSMA IMEI URN MUST NOT be included in
284 requests or responses intended to convey any level of anonymity. RFC
285 5626 [1] states "One case where a UA could prefer to omit the
286 "sip.instance" media feature tag is when it is making an anonymous
287 request or some other privacy concern requires that the UA not reveal
288 its identity". The same concerns apply when using the GSMA IMEI URN
289 as an instance ID. Publication of the GSMA IMEI URN to networks that
290 the UA is not attached to or the UA does not have a service
291 relationship with is a security breach and the "sip.instance" media
292 feature tag MUST NOT be forwarded by the service provider's network
293 elements when forwarding requests or responses towards the
294 destination UA.
296 In order to protect from tampering the REGISTER requests containing
297 the GSMA IMEI URN MUST be sent using a security mechanism such as TLS
298 [12] (or another security mechanism that provides equivalent levels
299 of protection).
301 9. Acknowledgements
303 The author would like to thank Paul Kyzivat, Dale Worley, Cullen
304 Jennings, Adam Roach, and Keith Drage for reviewing this draft and
305 providing their comments.
307 10. References
308 10.1. Normative references
310 [1] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
311 Initiated Connections in the Session Initiation Protocol
312 (SIP)", RFC 5626, October 2009.
314 [2] Rosenberg, J., "Obtaining and Using Globally Routable User
315 Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
316 RFC 5627, October 2009.
318 [3] Montemurro, M., "A Uniform Resource Name Namespace For The GSM
319 Association (GSMA) and the International Mobile station
320 Equipment Identity(IMEI), work in progress", Internet
321 Draft draft-montemurro-gsma-imei-urn-11, October 2012.
323 [4] Moats, R., "URN Syntax", RFC 2141, May 1997.
325 [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement
326 Levels", BCP 14, RFC 2119, March 1997.
328 [6] 3GPP, "TS 24.229: IP multimedia call control protocol based on
329 Session Initiation Protocol (SIP) and Session Description
330 Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229, March 2012,
331 .
333 10.2. Informative references
335 [7] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
336 IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
338 [8] 3GPP, "TS 23.003: Numbering, addressing and identification
339 (Release 8)", 3GPP 23.003, September 2008,
340 .
342 [9] GSMA Association, "IMEI Allocation and Approval Guidelines",
343 PRD TS.06 (DG06) version 6.0, July 2011, .
347 [10] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
348 Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
349 March 2009,
350 .
352 [11] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
353 subsystem Centralized Services (ICS); Stage 3 (Release 8)",
354 3GPP 24.292, March 2009,
355 .
357 [12] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
358 RFC 2246, January 1999.
360 Author's Address
362 Andrew Allen (editor)
363 Research in Motion (RIM)
364 1200 Sawgrass Corporate Parkway
365 Sunrise, Florida 33323
366 USA
368 Phone: unlisted
369 Fax: unlisted
370 Email: aallen@rim.com