idnits 2.17.1
draft-allen-dispatch-imei-urn-as-instanceid-10.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The abstract seems to contain references ([2], [1]), which it shouldn't.
Please replace those with straight textual mentions of the documents in
question.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 324 has weird spacing: '... Mobile stati...'
-- The document date (July 6, 2013) is 3940 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Outdated reference: A later version (-20) exists of
draft-montemurro-gsma-imei-urn-15
** Obsolete normative reference: RFC 2141 (ref. '4') (Obsoleted by RFC 8141)
-- Obsolete informational reference (is this intentional?): RFC 4346 (ref.
'12') (Obsoleted by RFC 5246)
Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Dispatch Working Group A. Allen, Ed.
3 Internet-Draft Blackberry
4 Intended status: Informational July 6, 2013
5 Expires: January 7, 2014
7 Using the International Mobile station Equipment Identity(IMEI)URN as an
8 Instance ID
9 draft-allen-dispatch-imei-urn-as-instanceid-10
11 Abstract
13 This specification defines how the Uniform Resource Name namespace
14 reserved for the GSMA (GSM Association) identities and its sub-
15 namespace for the IMEI (International Mobile station Equipment
16 Identity) can be used as an instance-id as specified in RFC 5626 [1]
17 and also as used by RFC 5627 [2]. Its purpose is to fulfil the
18 requirements in RFC 5626 [1] that state "If a URN scheme other than
19 UUID is used, the UA MUST only use URNs for which an RFC (from the
20 IETF stream) defines how the specific URN needs to be constructed and
21 used in the "+sip.instance" Contact header field parameter for
22 outbound behavior."
24 Status of this Memo
26 This Internet-Draft is submitted in full conformance with the
27 provisions of BCP 78 and BCP 79.
29 Internet-Drafts are working documents of the Internet Engineering
30 Task Force (IETF). Note that other groups may also distribute
31 working documents as Internet-Drafts. The list of current Internet-
32 Drafts is at http://datatracker.ietf.org/drafts/current/.
34 Internet-Drafts are draft documents valid for a maximum of six months
35 and may be updated, replaced, or obsoleted by other documents at any
36 time. It is inappropriate to use Internet-Drafts as reference
37 material or to cite them other than as "work in progress."
39 This Internet-Draft will expire on January 7, 2014.
41 Copyright Notice
43 Copyright (c) 2013 IETF Trust and the persons identified as the
44 document authors. All rights reserved.
46 This document is subject to BCP 78 and the IETF Trust's Legal
47 Provisions Relating to IETF Documents
48 (http://trustee.ietf.org/license-info) in effect on the date of
49 publication of this document. Please review these documents
50 carefully, as they describe your rights and restrictions with respect
51 to this document. Code Components extracted from this document must
52 include Simplified BSD License text as described in Section 4.e of
53 the Trust Legal Provisions and are provided without warranty as
54 described in the Simplified BSD License.
56 Table of Contents
58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
62 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
64 4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
66 5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 5
68 6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6
70 7. 3GPP Registrar Procedures . . . . . . . . . . . . . . . . . . . 6
72 8. IANA considerations . . . . . . . . . . . . . . . . . . . . . . 7
74 9. Security considerations . . . . . . . . . . . . . . . . . . . . 7
76 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
78 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
79 11.1. Normative references . . . . . . . . . . . . . . . . . . . 8
80 11.2. Informative references . . . . . . . . . . . . . . . . . . 8
82 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
84 1. Introduction
86 This specification defines how the Uniform Resource Name namespace
87 reserved for GSMA identities and its sub namespace for the IMEI
88 (International Mobile station Equipment Identity) as defined in
89 draft-montemurro-gsma-imei-urn-15 [3] can be used as an instance-id
90 as specified in RFC 5626 [1] and also as used by RFC 5627 [2].
92 RFC 5626 [1] defines the "+sip.instance" Contact header field
93 parameter which contains a URN as per RFC 2141 [4] defined as an
94 instance-id that uniquely identifies a specific UA instance. This
95 instance-id is used as defined in RFC 5626 [1] so that registrar can
96 recognize that the contacts from multiple registrations correspond to
97 the same UA. The instance-id is also used as defined by RFC 5627 [2]
98 to create Globally Routable User Agent URIs (GRUUs) that can be used
99 to uniquely address a UA when multiple UAs are registered with the
100 same Address of Record (AoR).
102 RFC 5626 [1] defines that a UA SHOULD create a Universally Unique
103 Identifier (UUID) URN as defined in RFC 4122 [7] as its instance-id
104 but allows for the possibility of other URN schemes to be used. "If
105 a URN scheme other than UUID is used, the UA MUST only use URNs for
106 which an RFC (from the IETF stream) defines how the specific URN
107 needs to be constructed and used in the "+sip.instance" Contact
108 header field parameter for outbound behavior." This specification
109 meets this requirement by specifying how the GSMA IMEI URN is used in
110 the "+sip.instance" Contact header field parameter for outbound
111 behavior and draft-montemurro-gsma-imei-urn-15 [3] defines how the
112 GSMA IMEI URN is constructed.
114 The GSMA IMEI URN is a namespace for the IMEI a globally unique
115 identifier that identifies mobile devices used in the Global System
116 for Mobile communications(GSM), Universal Mobile Telecommunications
117 System (UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI
118 allocation is managed by the GSMA to ensure that the IMEI values are
119 globally unique. Details of the formatting of the IMEI as a URN are
120 defined in draft-montemurro-gsma-imei-urn-15 [3] and the definition
121 of the IMEI is contained in 3GPP TS 23.003 [8]. Further details
122 about the GSMA role in allocating the IMEI and the IMEI allocation
123 guidelines can be found in GSMA PRD TS.06 [9].
125 2. Terminology
127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
129 document are to be interpreted as described in [5].
131 3. Background
133 GSM, UMTS and LTE capable mobile devices represent 90% of the mobile
134 devices in use worldwide. Every manufactured GSM, UMTS or LTE mobile
135 device has an allocated IMEI which uniquely identifies this specific
136 mobile device. Amongst other things in some regulatory jurisdictions
137 the IMEI is used to identify that a stolen mobile is being used to
138 help to identify the subscription that is using it and to prevent its
139 use. Whilst GSM was originally a circuit switched system,
140 enhancements such as GPRS (General Packet Radio Service) and UMTS
141 have added IP data capabilities which along with the definition of
142 the IP Multimedia Subsystem (IMS) have made SIP based calls and IP
143 multimedia sessions from mobile devices possible. The latest
144 enhancement known as LTE will introduce even higher data rates and
145 dispenses with the circuit switched infrastructure completely meaning
146 that with LTE voice calls will need to be conducted using IP and IMS.
147 However, the transition to all IP, SIP based IMS networks worldwide
148 will take a great many years and mobile devices being mobile will
149 need to operate in both IP/SIP/IMS mode and circuit switched mode.
150 In fact calls and sessions will need to be handed over between IP/
151 SIP/IMS mode and circuit switched mode during a call. Also as many
152 existing GSM and UMTS radio access networks are unable to support IP/
153 SIP/IMS based voice services in a commercially acceptable manner some
154 sessions can have some media types delivered via IP/IMS
155 simultaneously with voice media delivered via the circuit switched
156 domain with the same mobile device simultaneously attached via both
157 the IP/SIP/IMS domain and the circuit switched domain. To meet this
158 need 3GPP has specified how to maintain session continuity between
159 the IP/SIP/IMS domain and the circuit switched domain in 3GPP TS
160 24.237 [10] and how to access IMS hosted services via both the IP/
161 SIP/IMS domain and the circuit switched domain in 3GPP TS 24.292
162 [11].
164 In order for the mobile device to access SIP/IMS services via the
165 circuit switched domain 3GPP has defined a MSC (Mobile Switching
166 Center) server enhanced for ICS (IMS centralized services) and a MSC
167 server enhanced for SR-VCC (Single Radio Voice Call Continuity) which
168 control mobile voice call setup over the circuit switched radio
169 access while establishing the corresponding voice session in the core
170 network using SIP/IMS. To enable this, the MSC server enhanced for
171 ICS or MSC server enhanced for SR-VCC perform SIP registration on
172 behalf of the mobile device which can also be simultaneously directly
173 registered with the IP/SIP/IMS domain. The only mobile device
174 identifier that is transportable using GSM/UMTS/LTE signaling is the
175 IMEI therefore the instance-id included by the MSC server enhanced
176 for ICS or the MSC server enhanced for SR-VCC when acting on behalf
177 of the mobile device and the instance-id included by the mobile
178 device directly both need to be based on the IMEI.
180 Additionally in order to meet the above requirements, the same IMEI
181 that is obtained from the circuit switched signaling by the MSC
182 server needs to be obtainable from SIP signaling so that that it can
183 be determined that both the SIP signaling and circuit switched
184 signaling originate from the same mobile device.
186 3GPP TS 24.237 [10] and 3GPP TS 24.292 [11] already define the use of
187 the URN namespace for the GSMA IMEI URN as defined in
188 draft-montemurro-gsma-imei-urn-15 [3] as the instance-id used by GSM/
189 UMTS/LTE mobile devices, the MSC server enhanced for SR-VCC and the
190 MSC server enhanced for ICS for SIP/IMS registrations and emergency
191 related SIP requests for these reasons.
193 4. 3GPP Use Cases
195 1. The mobile device includes its IMEI in the SIP REGISTER request
196 so that the registrar can perform a check of the Equipment Identity
197 Register (EIR) to verify if this mobile device is allowed or barred
198 from accessing the network for non-emergency services (e.g., because
199 it has been stolen). If the mobile device is not allowed to access
200 the network for non-emergency services the registrar can reject the
201 registration. Thus a barred mobile device is prevented from
202 accesssing the network for non-emergency services.
204 2. The mobile device includes its IMEI in SIP INVITE requests used
205 to establish emergency sessions. This is so that the PSAP (Public
206 Safety Answering Point) can obtain the IMEI of the mobile device for
207 identification purposes if required by regulations.
209 3. The inclusion by the mobile device of its IMEI in SIP INVITE
210 requests used to establish emergency sessions is also used in the
211 cases of unauthenticated emergency sessions to enable the network to
212 identify the mobile device. This is especially important if the
213 unauthenticated emergency session is handed over from the packet
214 switched domain to circuit switched domain as in this scenario the
215 IMEI is the only common means for identifying the circuit switched
216 call is from the same mobile device that was in the emergency session
217 in the packet switched domain.
219 5. User Agent Client Procedures
221 A UAC that has an IMEI as defined in 3GPP TS 23.003 [8] that is
222 registering with a 3GPP IMS network MUST include in the
223 "sip.instance" media feature tag the GSMA IMEI URN according to the
224 syntax defined in draft-montemurro-gsma-imei-urn-15 [3] when
225 performing the registration procedures defined in RFC 5626 [1] or RFC
226 5627 [2] or any other procedure requiring the inclusion of the
227 "sip.instance" media feature tag. The UAC SHOULD NOT include the
228 optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
229 media feature tag, since the software version can change as a result
230 of upgrades to the device firmware which would create a new
231 instance-id. Any future value of the "vers" parameter other than
232 equal to 0 or the future definition of additional parameters for the
233 GSMA IMEI URN that are intended to be used as part of an instance-id
234 will require an update to be made to this RFC. The UAC MUST provide
235 lexically equivalent URNs in each registration [1]. Hence, any
236 optional or variable components of the URN (e.g., the "vers"
237 parameter) MUST be presented with the same values and in the same
238 order in every registration as in the first registration.
240 A UAC MUST only use the GSMA IMEI URN as an instance-id when
241 registering with a 3GPP IMS network. When registering with a non-
242 3GPP IMS network a UAC SHOULD use a UUID as an instance-id as defined
243 in RFC 5626 [1].
245 A UAC MUST NOT include the "sip.instance" media feature tag
246 containing the GSMA IMEI URN in the Contact header field of non-
247 REGISTER requests except when the request is related to an emergency
248 session. Regulatory requirements can require the IMEI to be provided
249 to the Public Safety Answering Point (PSAP). Any future exceptions
250 to this prohibition require a RFC that addresses how privacy is not
251 violated by such a usage.
253 6. User Agent Server Procedures
255 A UAS MUST NOT include its "sip.instance" media feature tag
256 containing the GSMA IMEI URN in the Contact header field of responses
257 except when the response is related to an emergency session.
258 Regulatory requirements can require the IMEI to be provided to the
259 Public Safety Answering Point(PSAP). Any future exceptions to this
260 prohibition require a RFC that addresses how privacy is not violated
261 by such a usage.
263 7. 3GPP Registrar Procedures
265 In 3GPP IMS when the Registrar receives in the Contact header field a
266 "sip.instance" media feature tag containing the GSMA IMEI URN
267 according to the syntax defined in draft-montemurro-gsma-imei-urn-15
269 [3] the registrar follows the procedures defined in RFC 5626 [1]. If
270 the UA indicates that it supports the extension in RFC 5627 [2] and
271 the Registrar allocates a public GRUU according to the procedures
272 defined in RFC 5627 [2] the instance-id MUST be obfuscated when
273 creating the "gr" parameter in order not to reveal the IMEI to other
274 UAs when the public GRUU is included in non-REGISTER requests and
275 responses. 3GPP TS 24.229 [6] subclause 5.4.7A.2 defines the
276 mechanism for obfuscating the IMEI when creating the "gr" parameter.
278 8. IANA considerations
280 This document defines no items requiring action by IANA.
282 9. Security considerations
284 Because IMEIs like other formats of instance-ids can be loosely
285 correlated to a user, they need to be treated as any other personally
286 identifiable information. In particular, the "sip.instance" media
287 feature tag containing the GSMA IMEI URN MUST NOT be included in
288 requests or responses intended to convey any level of anonymity. RFC
289 5626 [1] states "One case where a UA could prefer to omit the
290 "sip.instance" media feature tag is when it is making an anonymous
291 request or some other privacy concern requires that the UA not reveal
292 its identity". The same concerns apply when using the GSMA IMEI URN
293 as an instance-id. Publication of the GSMA IMEI URN to networks that
294 the UA is not attached to or the UA does not have a service
295 relationship with is a security breach and the "sip.instance" media
296 feature tag MUST NOT be forwarded by the service provider's network
297 elements when forwarding requests or responses towards the
298 destination UA.
300 In order to protect the "sip.instance" media feature tag containing
301 the GSMA IMEI URN from being tampered with, those REGISTER requests
302 containing the GSMA IMEI URN MUST be sent using a security mechanism
303 such as TLS [12] (or another security mechanism that provides
304 equivalent levels of protection).
306 10. Acknowledgements
308 The author would like to thank Paul Kyzivat, Dale Worley, Cullen
309 Jennings, Adam Roach, Keith Drage, Mary Barnes, Peter Leis and James
310 Yu for reviewing this draft and providing their comments.
312 11. References
313 11.1. Normative references
315 [1] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
316 Initiated Connections in the Session Initiation Protocol
317 (SIP)", RFC 5626, October 2009.
319 [2] Rosenberg, J., "Obtaining and Using Globally Routable User
320 Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
321 RFC 5627, October 2009.
323 [3] Montemurro, M., "A Uniform Resource Name Namespace For The GSM
324 Association (GSMA) and the International Mobile station
325 Equipment Identity(IMEI), work in progress", Internet
326 Draft draft-montemurro-gsma-imei-urn-15, July 2013.
328 [4] Moats, R., "URN Syntax", RFC 2141, May 1997.
330 [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement
331 Levels", BCP 14, RFC 2119, March 1997.
333 [6] 3GPP, "TS 24.229: IP multimedia call control protocol based on
334 Session Initiation Protocol (SIP) and Session Description
335 Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229, June 2013,
336 .
338 11.2. Informative references
340 [7] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
341 IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
343 [8] 3GPP, "TS 23.003: Numbering, addressing and identification
344 (Release 8)", 3GPP 23.003, December 2012,
345 .
347 [9] GSMA Association, "IMEI Allocation and Approval Guidelines",
348 PRD TS.06 (DG06) version 6.0, July 2011, .
352 [10] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
353 Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
354 June 2013,
355 .
357 [11] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
358 subsystem Centralized Services (ICS); Stage 3 (Release 8)",
359 3GPP 24.292, June 2013,
360 .
362 [12] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
363 Protocol Version 1.1", RFC 4346, April 2006.
365 Author's Address
367 Andrew Allen (editor)
368 Blackberry
369 1200 Sawgrass Corporate Parkway
370 Sunrise, Florida 33323
371 USA
373 Phone: unlisted
374 Fax: unlisted
375 Email: aallen@blackberry.com