idnits 2.17.1
draft-allen-dispatch-imei-urn-as-instanceid-08.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack an IANA Considerations section. (See Section
2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
when there are no actions for IANA.)
** The abstract seems to contain references ([2], [1]), which it shouldn't.
Please replace those with straight textual mentions of the documents in
question.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 319 has weird spacing: '... Mobile stati...'
-- The document date (February 23, 2013) is 4072 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Outdated reference: A later version (-20) exists of
draft-montemurro-gsma-imei-urn-13
** Obsolete normative reference: RFC 2141 (ref. '4') (Obsoleted by RFC 8141)
-- Obsolete informational reference (is this intentional?): RFC 2246 (ref.
'12') (Obsoleted by RFC 4346)
Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Dispatch Working Group A. Allen, Ed.
3 Internet-Draft Research in Motion (RIM)
4 Intended status: Informational February 23, 2013
5 Expires: August 27, 2013
7 Using the International Mobile station Equipment Identity(IMEI)URN as an
8 Instance ID
9 draft-allen-dispatch-imei-urn-as-instanceid-08
11 Abstract
13 This specification defines how the Uniform Resource Name namespace
14 reserved for the GSMA (GSM Association) identities and its sub-
15 namespace for the IMEI (International Mobile station Equipment
16 Identity) can be used as an instance-id as specified in RFC 5626 [1]
17 and also as used by RFC 5627 [2]. Its purpose is to fulfil the
18 requirements in RFC 5626 [1] that state "If a URN scheme other than
19 UUID is used, the UA MUST only use URNs for which an RFC (from the
20 IETF stream) defines how the specific URN needs to be constructed and
21 used in the "+sip.instance" Contact header field parameter for
22 outbound behavior."
24 Status of this Memo
26 This Internet-Draft is submitted in full conformance with the
27 provisions of BCP 78 and BCP 79.
29 Internet-Drafts are working documents of the Internet Engineering
30 Task Force (IETF). Note that other groups may also distribute
31 working documents as Internet-Drafts. The list of current Internet-
32 Drafts is at http://datatracker.ietf.org/drafts/current/.
34 Internet-Drafts are draft documents valid for a maximum of six months
35 and may be updated, replaced, or obsoleted by other documents at any
36 time. It is inappropriate to use Internet-Drafts as reference
37 material or to cite them other than as "work in progress."
39 This Internet-Draft will expire on August 27, 2013.
41 Copyright Notice
43 Copyright (c) 2013 IETF Trust and the persons identified as the
44 document authors. All rights reserved.
46 This document is subject to BCP 78 and the IETF Trust's Legal
47 Provisions Relating to IETF Documents
48 (http://trustee.ietf.org/license-info) in effect on the date of
49 publication of this document. Please review these documents
50 carefully, as they describe your rights and restrictions with respect
51 to this document. Code Components extracted from this document must
52 include Simplified BSD License text as described in Section 4.e of
53 the Trust Legal Provisions and are provided without warranty as
54 described in the Simplified BSD License.
56 Table of Contents
58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
62 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
64 4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
66 5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 5
68 6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6
70 7. 3GPP Registrar Procedures . . . . . . . . . . . . . . . . . . . 7
72 8. Security considerations . . . . . . . . . . . . . . . . . . . . 7
74 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
76 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
77 10.1. Normative references . . . . . . . . . . . . . . . . . . . 8
78 10.2. Informative references . . . . . . . . . . . . . . . . . . 8
80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
82 1. Introduction
84 This specification defines how the Uniform Resource Name namespace
85 reserved for GSMA identities and its sub namespace for the IMEI
86 (International Mobile station Equipment Identity) as defined in
87 draft-montemurro-gsma-imei-urn-13 [3] can be used as an instance-id
88 as specified in RFC 5626 [1] and also as used by RFC 5627 [2].
90 RFC 5626 [1] defines the "+sip.instance" Contact header field
91 parameter which contains a URN as per RFC 2141 [4] defined as an
92 instance-id that uniquely identifies a specific UA instance. This
93 instance-id is used as defined in RFC 5626 [1] so that registrar can
94 recognize that the contacts from multiple registrations correspond to
95 the same UA. The instance-ID is also used as defined by RFC 5627 [2]
96 to create Globally Routable User Agent URIs (GRUUs) that can be used
97 to uniquely address a UA when multiple UAs are registered with the
98 same Address of Record (AoR).
100 RFC 5626 [1] defines that a UA SHOULD create a Universally Unique
101 Identifier (UUID) URN as defined in RFC 4122 [7] as its instance-id
102 but allows for the possibility of other URN schemes to be used. "If
103 a URN scheme other than UUID is used, the UA MUST only use URNs for
104 which an RFC (from the IETF stream) defines how the specific URN
105 needs to be constructed and used in the "+sip.instance" Contact
106 header field parameter for outbound behavior." This specification
107 meets this requirement by specifying how the GSMA IMEI URN is used in
108 the "+sip.instance" Contact header field parameter for outbound
109 behavior and draft-montemurro-gsma-imei-urn-13 [3] defines how the
110 GSMA IMEI URN is constructed
112 The GSMA IMEI is an identifier for a namespace for the IMEI a
113 globally unique identifier that identifies Mobile Equipment used in
114 Global System for Mobile communications(GSM), Universal Mobile
115 Telecommunications System (UMTS) and 3GPP LTE (Long Term
116 Evolution)networks. The IMEI allocation is managed by the GSMA to
117 ensure that the IMEI values are globally unique. Details of the
118 formatting of the IMEI as a URN are defined in
119 draft-montemurro-gsma-imei-urn-13 [3] and the definition of the IMEI
120 is contained in 3GPP TS 23.003 [8]. Further details about the GSMA
121 role in allocating the IMEI and the IMEI allocation guidelines can be
122 found in GSMA PRD DG.06 [9]
124 2. Terminology
126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
128 document are to be interpreted as described in [5].
130 3. Background
132 GSM and UMTS capable mobile devices represent 90% of the mobile
133 devices in use worldwide. GSM and UMTS mobile devices each have an
134 IMEI allocated which uniquely identifies the mobile device from all
135 other GSM/UMTS mobile devices deployed. Amongst other things in some
136 regulatory jurisdictions the IMEI is used to identify that a stolen
137 mobile is being used to help to identify the subscription that is
138 using it and to prevent its use. Whilst GSM was originally a circuit
139 switched system, enhancements such as GPRS (General Packet Radio
140 Service) and UMTS have added IP data capabilities which along with
141 the definition of the IP Multimedia Subsystem (IMS) has made SIP
142 based calls and IP multimedia sessions from mobile devices possible.
143 The latest enhancment known as LTE will introduce even higher data
144 rates and dispenses with the circuit switched domain completely
145 meaning that with LTE voice calls will need to be conducted using IP
146 and IMS. However, the transition to all IP, SIP based IMS networks
147 worldwide will take a great many years and mobile devices being
148 mobile will need to operate in both IP/SIP/IMS mode and circuit
149 switched mode. In fact calls and sessions will need to be handed
150 over between IP/SIP/IMS mode and circuit switched mode during a call.
151 Also as many existing GSM and UMTS radio access networks are unable
152 to support IP/SIP/IMS based voice services in a commercially
153 acceptable manner some sessions can have some media types delivered
154 via IP/IMS simultaneously with voice media delivered via circuit
155 switched with the same mobile device simultaneously attached via both
156 the IP/SIP/IMS domain and the circuit switched domain. To meet this
157 need 3GPP has specified how to maintain session continuity between
158 the IP/SIP/IMS domain and the circuit switched domain in 3GPP TS
159 24.237 [10] and how to access IMS hosted services via both the IP/
160 SIP/IMS domain and the circuit switched domain in 3GPP TS 24.292
161 [11].
163 In order for the the mobile device to access SIP/IMS services via the
164 circuit switched domain 3GPP has defined a MSC (Mobile Switching
165 Center) server enhanced for ICS (IMS centralized services)which
166 controls mobile voice call setup over the circuit switched radio
167 access while establishing the corresponding voice session in the core
168 network using SIP/IMS. To enable this the MSC server enhanced for
169 ICS performs SIP registration on behalf of the mobile device which
170 can also be simultaneously directly registered with the IP/SIP/IMS
171 domain. The only mobile device identifier that is transportable
172 using GSM/UMTS/LTE signaling is the IMEI therefore both the
173 instance-id included by the MSC server enhanced for ICS when acting
174 on behalf of the mobile device and the instance-id included by the
175 mobile device directly needs to be based on the IMEI.
177 Additionally in order to meet the above regulatory requirements, the
178 IMEI that is obtained from the circuit switched signaling needs to be
179 obtainable from SIP signaling.
181 3GPP TS 24.237 [10] and 3GPP TS 24.292 [11] already define the use of
182 the URN namespace for the GSMA and IMEI as defined in
183 draft-montemurro-gsma-imei-urn-13 [3] as the instance-id used by
184 mobile devices and the MSC server enhanced for ICS for SIP/IMS
185 registrations for these reasons.
187 4. 3GPP Use Cases
189 1. The mobile device includes its IMEI in the SIP REGISTER request
190 so that the registrar can perform a check of the Equipment Identity
191 Registry (EIR) to verify if the mobile device is allowed or barred
192 from using the network (e.g because it has been stolen). If the
193 mobile device is not allowed to use the network the registrar can
194 reject the registration. Thus a barred device is prevented from
195 using the network.
197 2. The mobile device includes its IMEI in SIP INVITE requests used
198 to establish emergency sessions. This so that the PSAP (Public
199 Safety Answering Point) can obtain the IMEI of the mobile device for
200 identification purposes if required by regulations.
202 3. The inclusion by the mobile device of its IMEI in SIP INVITE
203 requests used to establish emergency sessions is also used in the
204 cases of unauthenticated emergency sessions to enable the network to
205 identify the mobile device. This is especially important if the
206 unauthenticated emergency session is handed over from the packet
207 switched domain to circuit switched domain as in this scenario the
208 IMEI is the only common means for identifying the circuit switched
209 call is from the same mobile device that was in the emergency session
210 in the packet switched domain.
212 5. User Agent Client Procedures
214 A UAC that has an IMEI as defined in 3GPP TS 23.003 [8] that is
215 registering with a 3GPP IMS network MUST include in the
216 "sip.instance" media feature tag the GSMA IMEI URN according to the
217 syntax defined in draft-montemurro-gsma-imei-urn-13 [3] when
218 performing the registration procedures defined in RFC 5626 [1] or RFC
219 5627 [2] or any other procedure requiring including the
220 "sip.instance" media feature tag. The UAC SHOULD NOT include the
221 optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
222 media feature tag, since the software version can change as a result
223 of upgrades to the device firmware which would create a new instance
224 ID. The UAC MUST provide lexically equivalent URNs in each
225 registration [1]. Hence, any optional or variable components of the
226 URN (e.g., the "vers" parameter) MUST be presented with the same
227 values and in the same order in every registration as in the first
228 registration.
230 A UAC MUST only use the GSMA IMEI URN as an Instance ID when
231 registering with a 3GPP IMS network. When registering with a non-
232 3GPP IMS network a UAC SHOULD use a UUID as an Instance ID as defined
233 in RFC 5626 [1].
235 A UAC MUST NOT include its "sip.instance" media feature tag
236 containing the GSMA IMEI URN in the Contact header field of non-
237 register requests unless the UAC is certain that the request will be
238 sent via a trusted intermediary that will remove the "sip.instance"
239 media feature tag prior to forwarding the request towards the
240 destination. In order to ensure that all requests containing the
241 "sip.instance" media feature tag are forwarded via the trusted
242 intermediary the UAC MUST first have verified that the trusted
243 intermediary is present (e.g. first contacted via a registration or
244 configuration procedure). The exception to this is when the request
245 is related to an emergency session when regulatory requirements can
246 require the IMEI to be provided to the Public Safety Answering Point
247 (PSAP).
249 6. User Agent Server Procedures
251 A UAS MUST NOT include its "sip.instance" media feature tag
252 containing the GSMA IMEI URN in the Contact header field of responses
253 unless the UAS is certain that the response will be sent via a
254 trusted intermediary that will remove the "sip.instance" media
255 feature tag prior to forwarding the response towards the destination.
256 In order to ensure that all responses containing the "sip.instance"
257 media feature tag are forwarded via the trusted intermediary the UAS
258 MUST first have verified that the trusted intermediary is present
259 (e.g. first contacted via a registration or configuration procedure).
260 The exception to this is when the response is related to an emergency
261 session when regulatory requirements can require the IMEI to be
262 provided to the Public Safety Answering Point(PSAP).
264 7. 3GPP Registrar Procedures
266 In 3GPP IMS when the Registrar receives in the Contact header field a
267 "sip.instance" media feature tag containing the GSMA IMEI URN
268 according to the syntax defined in draft-montemurro-gsma-imei-urn-13
269 [3] the registrar follows the procedures defined in RFC 5626 [1] and
270 RFC 5627 [2] if those extensions are supported and indicated as
271 supported by the UA. If the Registrar allocates a public GRUU
272 according to the procedures defined in RFC 5627 [2] the instance-id
273 MUST be obfuscated when creating the "gr" parameter in order not to
274 reveal the IMEI to other UAs when the public GRUU is included in non-
275 register requests. 3GPP TS 24.229 [6] subclause 5.4.7A.2 defines the
276 mechanism for obfuscating the IMEI when creating the "gr" parameter.
278 8. Security considerations
280 Because IMEIs like other formats of instance IDs can be loosely
281 correlated to a user, they need to be treated as any other personally
282 identifiable information. In particular, the "sip.instance" media
283 feature tag containing the GSMA IMEI URN MUST NOT be included in
284 requests or responses intended to convey any level of anonymity. RFC
285 5626 [1] states "One case where a UA could prefer to omit the
286 "sip.instance" media feature tag is when it is making an anonymous
287 request or some other privacy concern requires that the UA not reveal
288 its identity". The same concerns apply when using the GSMA IMEI URN
289 as an instance ID. Publication of the GSMA IMEI URN to networks that
290 the UA is not attached to or the UA does not have a service
291 relationship with is a security breach and the "sip.instance" media
292 feature tag MUST NOT be forwarded by the service provider's network
293 elements when forwarding requests or responses towards the
294 destination UA.
296 In order to protect from tampering the REGISTER requests containing
297 the GSMA IMEI URN MUST be sent using a security mechanism such as TLS
298 [12] (or another security mechanism that provides equivalent levels
299 of protection).
301 9. Acknowledgements
303 The author would like to thank Paul Kyzivat, Dale Worley, Cullen
304 Jennings, Adam Roach, and Keith Drage for reviewing this draft and
305 providing their comments.
307 10. References
308 10.1. Normative references
310 [1] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
311 Initiated Connections in the Session Initiation Protocol
312 (SIP)", RFC 5626, October 2009.
314 [2] Rosenberg, J., "Obtaining and Using Globally Routable User
315 Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
316 RFC 5627, October 2009.
318 [3] Montemurro, M., "A Uniform Resource Name Namespace For The GSM
319 Association (GSMA) and the International Mobile station
320 Equipment Identity(IMEI), work in progress", Internet
321 Draft draft-montemurro-gsma-imei-urn-13, February 2013.
323 [4] Moats, R., "URN Syntax", RFC 2141, May 1997.
325 [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement
326 Levels", BCP 14, RFC 2119, March 1997.
328 [6] 3GPP, "TS 24.229: IP multimedia call control protocol based on
329 Session Initiation Protocol (SIP) and Session Description
330 Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229,
331 December 2012,
332 .
334 10.2. Informative references
336 [7] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
337 IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
339 [8] 3GPP, "TS 23.003: Numbering, addressing and identification
340 (Release 8)", 3GPP 23.003, December 2012,
341 .
343 [9] GSMA Association, "IMEI Allocation and Approval Guidelines",
344 PRD TS.06 (DG06) version 6.0, July 2011, .
348 [10] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
349 Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
350 December 2012,
351 .
353 [11] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
354 subsystem Centralized Services (ICS); Stage 3 (Release 8)",
355 3GPP 24.292, December 2012,
356 .
358 [12] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
359 RFC 2246, January 1999.
361 Author's Address
363 Andrew Allen (editor)
364 Research in Motion (RIM)
365 1200 Sawgrass Corporate Parkway
366 Sunrise, Florida 33323
367 USA
369 Phone: unlisted
370 Fax: unlisted
371 Email: aallen@rim.com