idnits 2.17.1 draft-allen-dispatch-imei-urn-as-instanceid-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The abstract seems to contain references ([2], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 319 has weird spacing: '... Mobile stati...' -- The document date (October 12, 2012) is 4185 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-20) exists of draft-montemurro-gsma-imei-urn-11 ** Obsolete normative reference: RFC 2141 (ref. '4') (Obsoleted by RFC 8141) -- Obsolete informational reference (is this intentional?): RFC 2246 (ref. '12') (Obsoleted by RFC 4346) Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Dispatch Working Group A. Allen, Ed. 3 Internet-Draft Research in Motion (RIM) 4 Intended status: Informational October 12, 2012 5 Expires: April 15, 2013 7 Using the International Mobile station Equipment Identity(IMEI)URN as an 8 Instance ID 9 draft-allen-dispatch-imei-urn-as-instanceid-06 11 Abstract 13 This specification defines how the Uniform Resource Name namespace 14 reserved for GSMA (Global Sstandard for Mobiles Association) 15 identities and its sub namespace for the IMEI (International Mobile 16 station Equipment Identity) can be used as an instance-id as 17 specified in RFC 5626 [1] and also as used by RFC 5627 [2]. Its 18 purpose is to fulfil the requirements in RFC 5626 [1] that state "If 19 a URN scheme other than UUID is used, the UA MUST only use URNs for 20 which an RFC (from the IETF stream) defines how the specific URN 21 needs to be constructed and used in the "+sip.instance" Contact 22 header field parameter for outbound behavior." 24 Status of this Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on April 15, 2013. 41 Copyright Notice 43 Copyright (c) 2012 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5 66 5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 5 68 6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6 70 7. 3GPP Registrar Procedures . . . . . . . . . . . . . . . . . . . 7 72 8. Security considerations . . . . . . . . . . . . . . . . . . . . 7 74 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 76 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 77 10.1. Normative references . . . . . . . . . . . . . . . . . . . 8 78 10.2. Informative references . . . . . . . . . . . . . . . . . . 8 80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9 82 1. Introduction 84 This specification defines how the Uniform Resource Name namespace 85 reserved for GSMA identities and its sub namespace for the IMEI 86 (International Mobile station Equipment Identity) as defined in 87 draft-montemurro-gsma-imei-urn-11 [3] can be used as an instance-id 88 as specified in RFC 5626 [1] and also as used by RFC 5627 [2]. 90 RFC 5626 [1] defines the "+sip.instance" Contact header field 91 parameter which contains a URN as per RFC 2141 [4] defined as an 92 instance-id that uniquely identifies a specific UA instance. This 93 instance-id is used as defined in RFC 5626 [1] so that registrar can 94 recognize that the contacts from multiple registrations correspond to 95 the same UA. The instance-ID is also used as defined by RFC 5627 [2] 96 to create Globally Routable User Agent URIs (GRUUs) that can be used 97 to uniquely address a UA when multiple UAs are registered with the 98 same Address of Record (AoR). 100 RFC 5626 [1] defines that a UA SHOULD create a Universally Unique 101 Identifier (UUID) URN as defined in RFC 4122 [7] as its instance-id 102 but allows for the possibility of other URN schemes to be used. "If 103 a URN scheme other than UUID is used, the UA MUST only use URNs for 104 which an RFC (from the IETF stream) defines how the specific URN 105 needs to be constructed and used in the "+sip.instance" Contact 106 header field parameter for outbound behavior." This specification 107 meets this requirement by specifying how the GSMA IEMEI URN is used 108 in the "+sip.instance" Contact header field parameter for outbound 109 behavior and draft-montemurro-gsma-imei-urn-11 [3] defines how the 110 GSMA IMEI URN is constructed 112 The GSMA IMEI is an identifier for a namespace for the IMEI a 113 globally unique identifier that identifies Mobile Equipment used in 114 Global System for Mobile (GSM), Universal Mobile Telecommunications 115 System (UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI 116 allocation is managed by the GSMA to ensure that the IMEI values are 117 globally unique. Details of the formatting of the IMEI as a URN are 118 defined in draft-montemurro-gsma-imei-urn-11 [3] and the definition 119 of the IMEI is contained in 3GPP TS 23.003 [8]. Further details 120 about the GSMA role in allocating the IMEI and the IMEI allocation 121 guidelines can be found in GSMA PRD DG.06 [9] 123 2. Terminology 125 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 126 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 127 document are to be interpreted as described in [5]. 129 3. Background 131 GSM and UMTS capable mobile devices represent 90% of the mobile 132 devices in use worldwide. GSM and UMTS mobile devices each have an 133 IMEI allocated which uniquely identifies the mobile device from all 134 other GSM/UMTS mobile devices deployed. Amongst other things in some 135 regulatory jurisdictions the IMEI is used to identify a stolen mobile 136 is being used and help to identify the subscription that is using it 137 and to prevent its use. Whilst GSM was originally a circuit switched 138 system enhancements such as GPRS (General Packet Radio Service) and 139 UMTS have added IP data capabilities which along with the definition 140 of the IP Multimedia Subsystem (IMS) has made SIP based calls and IP 141 multimedia sessions from mobile devices possible. The latest 142 enhancment known as LTE will introduce even higher data rates and 143 dispenses with the circuit switched domain completely meaning that 144 with LTE voice calls will need to be conducted using IP and IMS. 145 However, the transition to all IP, SIP based IMS networks worldwide 146 will take a great many years and mobile devices being mobile will 147 need to operate in both IP/SIP/IMS mode and circuit switched mode. 148 In fact calls and sessions will need to be handed over between IP/ 149 SIP/IMS mode and circuit switched mode during a call. Also as many 150 existing GSM and UMTS radio access networks are unable to support IP/ 151 SIP/IMS based voice services in a commercially acceptable manner some 152 sessions can have some media types delivered via IP/IMS 153 simultaneously with voice media delivered via circuit switched with 154 the same mobile device simultaneously attached via both the IP/SIP/ 155 IMS domain and the circuit switched domain. To meet this need 3GPP 156 has specified how to maintain session continuity between the IP/SIP/ 157 IMS domain and the circuit switched domain in 3GPP TS 24.237 [10] and 158 how to access IMS hosted services via both the IP/SIP/IMS domain and 159 the circuit switched domain in 3GPP TS 24.292 [11]. 161 In order for the the mobile device to access SIP/IMS services via the 162 circuit switched domain 3GPP has defined a MSC (Mobile Switching 163 Center) server enhanced for ICS which controls mobile voice call 164 setup over the circuit switched radio access while establishing the 165 corresponding voice session in the core network using SIP/IMS. To 166 enable this the MSC server enhanced for ICS (IMS centralized 167 services) performs SIP registration on behalf of the mobile device 168 which can be simultaneously also directly registered with the IP/SIP/ 169 IMS domain. The only mobile device identifier that is transportable 170 using GSM/UMTS/LTE signaling is the IMEI therefore the instance-id 171 included by the MSC server enhanced for ICS when on behalf of the 172 mobile device and the instance-id used by the mobile device directly 173 needs to be based on the IMEI. 175 Additionally in order to meet the regulatory requirements to use the 176 IMEI to identify a stolen mobile is being used and help to identify 177 the subscription that is using it and to prevent its use the same 178 IMEI that is obtained from the circuit switched signaling needs to be 179 obtainable from SIP signaling. 181 3GPP TS 24.237 [10] and 3GPP TS 24.292 [11] already define the use of 182 the URN namespace for the GSMA and IMEI as defined in 183 draft-montemurro-gsma-imei-urn-11 [3] as the instance-id used by 184 mobile devices and the MSC server enhanced for ICS for SIP/IMS 185 registrations for these reasons. 187 4. 3GPP Use Cases 189 1. The mobile device includes its IMEI in the SIP REGISTER request 190 so that the registrar can perform a check of the Equipment Identity 191 Registry (EIR) to verify if the mobile device is allowed or barred 192 from using the network (e.g because it has been stolen). If the 193 mobile device is not allowed to use the network the registrar can 194 reject the registration. Thus a barred device is prevented from 195 using the network. 197 2. The mobile device includes its IMEI in SIP INVITE requests used 198 to establish emergency sessions. This so that the PSAP (Public 199 Safety Answering Point) can obtain the IMEI of the mobile device for 200 identification purposes if required by regulations. 202 3. The inclusion by the mobile device of its IMEI in SIP INVITE 203 requests used to establish emergency sessions is also used in the 204 cases of unauthenticated emergency sessions to enable the network to 205 identify the mobile device. This is especially important if the 206 unauthenticated emergency session is handed over from the packet 207 switched domain to circuit switched domain as in this scenario the 208 IMEI is the only common means for identifying the circuit switched 209 call as from the same mobile device that was in the emergency session 210 in the packet switched domain. 212 5. User Agent Client Procedures 214 A UAC that has an IMEI as defined in 3GPP TS 23.003 [8] that is 215 registering with a 3GPP IMS network MUST include in the 216 "sip.instance" media feature tag the GSMA IMEI URN according to the 217 syntax defined in draft-montemurro-gsma-imei-urn-11 [3] when 218 performing the registration procedures defined in RFC 5626 [1] or RFC 219 5627 [2] or any other procedure requiring including the 220 "sip.instance" media feature tag. The UAC SHOULD NOT include the 221 optional "svn" parameter in the GSMA IMEI URN in the "sip.instance" 222 media feature tag, since the software version can change as a result 223 of upgrades to the device firmware which would create a new instance 224 ID. The UAC MUST provide lexically equivalent URNs in each 225 registration [1]. Hence, any optional or variable components of the 226 URN (e.g., the "vers" parameter) MUST be presented with the same 227 values and in the same order in every registration as in the first 228 registration. 230 A UAC MUST only use the GSMA IMEI URN as an Instance ID when 231 registering with a 3GPP IMS network. When registering with a non 232 3GPP IMS network a UAC SHOULD use a UUID as an Instance ID as defined 233 in RFC 5626 [1]. 235 A UAC MUST NOT include its "sip.instance" media feature tag 236 containing the GSMA IMEI URN in the Contact header field of non- 237 register requests unless the UAC is certain that the request will be 238 sent via a trusted intermediary that will remove the "sip.instance" 239 media feature tag prior to forwarding the request towards the 240 destination. In order to ensure that all requests containing the 241 "sip.instance" media feature tag are forwarded via the trusted 242 intermediary the UAC MUST first have verified that the trusted 243 intermediary is present (e.g. first contacted via a registration or 244 configuration procedure). The exception to this is when the request 245 is related to an emergency session when regulatory requirements can 246 require the IMEI to be provided to the Public Safety Answering Point 247 (PSAP). 249 6. User Agent Server Procedures 251 A UAS MUST NOT include its "sip.instance" media feature tag 252 containing the GSMA IMEI URN in the Contact header field of responses 253 unless the UAS is certain that the response will be sent via a 254 trusted intermediary that will remove the "sip.instance" media 255 feature tag prior to forwarding the response towards the destination. 256 In order to ensure that all responses containing the "sip.instance" 257 media feature tag are forwarded via the trusted intermediary the UAS 258 MUST first have verified that the trusted intermediary is present 259 (e.g. first contacted via a registration or configuration procedure). 260 The exception to this is when the response is related to an emergency 261 session when regulatory requirements can require the IMEI to be 262 provided to the Public Safety Answering Point(PSAP). 264 7. 3GPP Registrar Procedures 266 In 3GPP IMS when the Registrar receives in the Contact header field a 267 "sip.instance" media feature tag containing the GSMA IMEI URN 268 according to the syntax defined in draft-montemurro-gsma-imei-urn-11 269 [3] the registrar follows the procedures defined in RFC 5626 [1] and 270 RFC 5627 [2] if those extensions are supported and indicated as 271 supported by the UA. If the Registrar allocates a public GRUU 272 according to the procedures defined in RFC 5627 [2] the instance-id 273 MUST be obfuscated when creating the "gr" parameter in order not to 274 reveal the IMEI to other UAs when the public GRUU is included in non 275 register requests. 3GPP TS 24.229 [6] subclause 5.4.7A.2 defines the 276 mechanism for obfuscating the IMEI when creating the "gr" parameter. 278 8. Security considerations 280 Because IMEIs like other formats of instance IDs can be loosely 281 correlated to a user, they need to be treated as any other personally 282 identifiable information. In particular, the "sip.instance" media 283 feature tag containing the GSMA IMEI URN MUST NOT be included in 284 requests or responses intended to convey any level of anonymity. RFC 285 5626 [1] states "One case where a UA could prefer to omit the 286 "sip.instance" media feature tag is when it is making an anonymous 287 request or some other privacy concern requires that the UA not reveal 288 its identity". The same concerns apply when using the GSMA IMEI URN 289 as an instance ID. Publication of the GSMA IMEI URN to networks that 290 the UA is not attached to or the UA does not have a service 291 relationship with is a security breach and the "sip.instance" media 292 feature tag MUST NOT be forwarded by the service provider's network 293 elements when forwarding requests or responses towards the 294 destination UA. 296 In order to protect from tampering the REGISTER requests containing 297 the GSMA IMEI URN MUST be sent using a security mechanism such as TLS 298 [12] (or another security mechanism that provides equivalent levels 299 of protection). 301 9. Acknowledgements 303 The author would like to thank Paul Kyzivat, Dale Worley, Cullen 304 Jennings, Adam Roach, and Keith Drage for reviewing this draft and 305 providing their comments. 307 10. References 308 10.1. Normative references 310 [1] Jennings, C., Mahy, R., and F. Audet, "Managing Client- 311 Initiated Connections in the Session Initiation Protocol 312 (SIP)", RFC 5626, October 2009. 314 [2] Rosenberg, J., "Obtaining and Using Globally Routable User 315 Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)", 316 RFC 5627, October 2009. 318 [3] Montemurro, M., "A Uniform Resource Name Namespace For The GSM 319 Association (GSMA) and the International Mobile station 320 Equipment Identity(IMEI), work in progress", Internet 321 Draft draft-montemurro-gsma-imei-urn-11, October 2012. 323 [4] Moats, R., "URN Syntax", RFC 2141, May 1997. 325 [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement 326 Levels", BCP 14, RFC 2119, March 1997. 328 [6] 3GPP, "TS 24.229: IP multimedia call control protocol based on 329 Session Initiation Protocol (SIP) and Session Description 330 Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229, March 2012, 331 . 333 10.2. Informative references 335 [7] Leach, P., Mealling, M., and R. Salz, "A Universally Unique 336 IDentifier (UUID) URN Namespace", RFC 4122, July 2005. 338 [8] 3GPP, "TS 23.003: Numbering, addressing and identification 339 (Release 8)", 3GPP 23.003, September 2008, 340 . 342 [9] GSMA Association, "IMEI Allocation and Approval Guidelines", 343 PRD TS.06 (DG06) version 6.0, July 2011, . 347 [10] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification; 348 Core network protocols; Stage 3 (Release 8)", 3GPP 24.237, 349 March 2009, 350 . 352 [11] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN) 353 subsystem Centralized Services (ICS); Stage 3 (Release 8)", 354 3GPP 24.292, March 2009, 355 . 357 [12] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", 358 RFC 2246, January 1999. 360 Author's Address 362 Andrew Allen (editor) 363 Research in Motion (RIM) 364 1200 Sawgrass Corporate Parkway 365 Sunrise, Florida 33323 366 USA 368 Phone: unlisted 369 Fax: unlisted 370 Email: aallen@rim.com