idnits 2.17.1
draft-allen-dispatch-imei-urn-as-instanceid-12.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The abstract seems to contain references ([1]), which it shouldn't.
Please replace those with straight textual mentions of the documents in
question.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (November 20, 2013) is 3811 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Unused Reference: '9' is defined on line 362, but no explicit reference
was found in the text
== Outdated reference: A later version (-20) exists of
draft-montemurro-gsma-imei-urn-18
** Obsolete normative reference: RFC 2141 (ref. '4') (Obsoleted by RFC 8141)
** Obsolete normative reference: RFC 4346 (ref. '5') (Obsoleted by RFC 5246)
Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Dispatch Working Group A. Allen, Ed.
3 Internet-Draft Blackberry
4 Intended status: Informational November 20, 2013
5 Expires: May 24, 2014
7 Using the International Mobile station Equipment Identity (IMEI)
8 Uniform Resource Name (URN) as an Instance ID
9 draft-allen-dispatch-imei-urn-as-instanceid-12
11 Abstract
13 This specification specifies how the Uniform Resource Name (URN)
14 reserved for the GSMA (GSM Association) identities and its sub-
15 namespace for the IMEI (International Mobile station Equipment
16 Identity) can be used as an instance-id. Its purpose is to fulfil
17 the requirements in RFC 5626 [1] that state "If a URN scheme other
18 than UUID (Universally unique identifier) is used, the UA (User
19 Agent) MUST only use URNs for which an RFC (from the IETF stream)
20 defines how the specific URN needs to be constructed and used in the
21 "+sip.instance" Contact header field parameter for outbound
22 behavior."
24 Status of this Memo
26 This Internet-Draft is submitted in full conformance with the
27 provisions of BCP 78 and BCP 79.
29 Internet-Drafts are working documents of the Internet Engineering
30 Task Force (IETF). Note that other groups may also distribute
31 working documents as Internet-Drafts. The list of current Internet-
32 Drafts is at http://datatracker.ietf.org/drafts/current/.
34 Internet-Drafts are draft documents valid for a maximum of six months
35 and may be updated, replaced, or obsoleted by other documents at any
36 time. It is inappropriate to use Internet-Drafts as reference
37 material or to cite them other than as "work in progress."
39 This Internet-Draft will expire on May 24, 2014.
41 Copyright Notice
43 Copyright (c) 2013 IETF Trust and the persons identified as the
44 document authors. All rights reserved.
46 This document is subject to BCP 78 and the IETF Trust's Legal
47 Provisions Relating to IETF Documents
48 (http://trustee.ietf.org/license-info) in effect on the date of
49 publication of this document. Please review these documents
50 carefully, as they describe your rights and restrictions with respect
51 to this document. Code Components extracted from this document must
52 include Simplified BSD License text as described in Section 4.e of
53 the Trust Legal Provisions and are provided without warranty as
54 described in the Simplified BSD License.
56 Table of Contents
58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
62 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
64 4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
66 5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 6
68 6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6
70 7. 3GPP SIP Registrar Procedures . . . . . . . . . . . . . . . . . 7
72 8. IANA considerations . . . . . . . . . . . . . . . . . . . . . . 7
74 9. Security considerations . . . . . . . . . . . . . . . . . . . . 7
76 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
78 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
79 11.1. Normative references . . . . . . . . . . . . . . . . . . . 8
80 11.2. Informative references . . . . . . . . . . . . . . . . . . 9
82 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
84 1. Introduction
86 This specification specifies how the Uniform Resource Name reserved
87 for GSMA identities and its sub-namespace for the IMEI (International
88 Mobile station Equipment Identity) as specified in
89 draft-montemurro-gsma-imei-urn-18 [2] can be used as an instance-id
90 as specified in RFC 5626 [1] and also as used by RFC 5627 [3].
92 RFC 5626 [1] specifies the "+sip.instance" Contact header field
93 parameter that contains a URN as specified in RFC 2141 [4]. The
94 instance-id uniquely identifies a specific UA instance. This
95 instance-id is used as specified in RFC 5626 [1] so that the SIP
96 (Session Initiation Protocol) registrar (as specified in RFC 3261
97 [5]) can recognize that the contacts from multiple registrations
98 correspond to the same UA. The instance-id is also used as specified
99 by RFC 5627 [3] to create Globally Routable User Agent URIs (GRUUs)
100 that can be used to uniquely address a UA when multiple UAs are
101 registered with the same Address of Record (AoR).
103 RFC 5626 [1] requires that a UA SHOULD create a Universally Unique
104 Identifier (UUID) URN as specified in RFC 4122 [6] as its instance-id
105 but allows for the possibility to use other URN schemes. "If a URN
106 scheme other than UUID is used, the UA MUST only use URNs for which
107 an RFC (from the IETF stream) defines how the specific URN needs to
108 be constructed and used in the "+sip.instance" Contact header field
109 parameter for outbound behavior." This specification meets this
110 requirement by specifying how the GSMA IMEI URN is used in the
111 "+sip.instance" Contact header field parameter for outbound behavior,
112 and draft-montemurro-gsma-imei-urn-18 [2] specifies how the GSMA IMEI
113 URN is constructed.
115 The GSMA IMEI is a URN for the IMEI a globally unique identifier that
116 identifies mobile devices used in the Global System for Mobile
117 communications(GSM), Universal Mobile Telecommunications System
118 (UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI
119 allocation is managed by the GSMA to ensure that the IMEI values are
120 globally unique. Details of the formatting of the IMEI as a URN are
121 specified in draft-montemurro-gsma-imei-urn-18 [2] and the definition
122 of the IMEI is contained in 3GPP TS 23.003 [10]. Further details
123 about the GSMA role in allocating the IMEI and the IMEI allocation
124 guidelines can be found in GSMA PRD TS.06 [11].
126 2. Terminology
128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
130 document are to be interpreted as described in RFC 2119 [7].
132 3. Background
134 GSM, UMTS and LTE capable mobile devices represent 90% of the mobile
135 devices in use worldwide. Every manufactured GSM, UMTS or LTE mobile
136 device has an allocated IMEI that uniquely identifies this specific
137 mobile device. Amongst other things in some regulatory jurisdictions
138 the IMEI is used to identify that a stolen mobile device is being
139 used, to help to identify the subscription that is using it and to
140 prevent use of the mobile device. Whilst GSM was originally a
141 circuit switched system, enhancements such as GPRS (General Packet
142 Radio Service) and UMTS have added IP data capabilities which along
143 with the definition of the IP (Internet Protocol) Multimedia
144 Subsystem (IMS) have made SIP based calls and IP multimedia sessions
145 from mobile devices possible.
147 The latest enhancement known as LTE introduces even higher data rates
148 and dispenses with the circuit switched infrastructure completely.
149 This means that with LTE networks, voice calls will need to be
150 conducted using IP and IMS. However, the transition to all IP, SIP
151 based IMS networks worldwide will take a great many years and mobile
152 devices being mobile will need to operate in both IP/SIP/IMS mode and
153 circuit switched mode. This means that calls and sessions will need
154 to be handed over between IP/SIP/IMS mode and circuit switched mode
155 mid-call or mid-session. Also since many existing GSM and UMTS radio
156 access networks are unable to support IP/SIP/IMS based voice services
157 in a commercially acceptable manner, some sessions could have some
158 media types delivered via IP/IMS simultaneously with voice media
159 delivered via the circuit switched domain to the same mobile device.
160 To achieve this the mobile device is needs to be simultaneously
161 attached via both the IP/SIP/IMS domain and the circuit switched
162 domain.
164 To meet this need 3GPP has specified how to maintain session
165 continuity between the IP/SIP/IMS domain and the circuit switched
166 domain in 3GPP TS 24.237 [12] and how to access IMS hosted services
167 via both the IP/SIP/IMS domain and the circuit switched domain in
168 3GPP TS 24.292 [13].
170 In order for the mobile device to access SIP/IMS services via the
171 circuit switched domain 3GPP has specified a MSC (Mobile Switching
172 Center) server enhanced for ICS (IMS centralized services) and a MSC
173 server enhanced for SR-VCC (Single Radio Voice Call Continuity) that
174 control mobile voice call setup over the circuit switched radio
175 access while establishing the corresponding voice session in the core
176 network using SIP/IMS. To enable this, the MSC server enhanced for
177 ICS or MSC server enhanced for SR-VCC, perform SIP registration on
178 behalf of the mobile device which is also simultaneously directly
179 registered with the IP/SIP/IMS domain. The only mobile device
180 identifier that is transportable using GSM/UMTS/LTE signaling is the
181 IMEI therefore the instance-id included by the MSC server enhanced
182 for ICS or the MSC server enhanced for SR-VCC when acting on behalf
183 of the mobile device, and the instance-id directly included by the
184 mobile device both need to be based on the IMEI.
186 Additionally in order to meet the above requirements, the same IMEI
187 that is obtained from the circuit switched signaling by the MSC
188 server needs to be obtainable from SIP signaling so that that it can
189 be determined that both the SIP signaling and circuit switched
190 signaling originate from the same mobile device.
192 3GPP TS 24.237 [12] and 3GPP TS 24.292 [13] already specify the use
193 of the URN namespace for the GSMA IMEI URN as specified in
194 draft-montemurro-gsma-imei-urn-18 [2] as the instance-id used by GSM/
195 UMTS/LTE mobile devices, the MSC server enhanced for SR-VCC and the
196 MSC server enhanced for ICS, for SIP/IMS registrations and emergency
197 related SIP requests for these reasons.
199 4. 3GPP Use Cases
201 1. The mobile device includes its IMEI in the SIP REGISTER request
202 so that the SIP registrar can perform a check of the Equipment
203 Identity Register (EIR) to verify if this mobile device is allowed or
204 barred from accessing the network for non-emergency services (e.g.,
205 because it has been stolen). If the mobile device is not allowed to
206 access the network for non-emergency services the SIP registrar can
207 reject the registration. Thus a barred mobile device is prevented
208 from accesssing the network for non-emergency services.
210 2. The mobile device includes its IMEI in SIP INVITE requests used
211 to establish emergency sessions. This is so that the PSAP (Public
212 Safety Answering Point) can obtain the IMEI of the mobile device for
213 identification purposes if required by regulations.
215 3. The inclusion by the mobile device of its IMEI in SIP INVITE
216 requests used to establish emergency sessions is also used in the
217 cases of unauthenticated emergency sessions to enable the network to
218 identify the mobile device. This is especially important if the
219 unauthenticated emergency session is handed over from the packet
220 switched domain to the circuit switched domain. In this scenario the
221 IMEI is the only identifier that is common to both domains that the
222 Emergency Access Transfer Function (EATF) in the network, that
223 coordinates the transfer between domains, can use to identify that
224 the circuit switched call is from the same mobile device that was in
225 the emergency session in the packet switched domain.
227 5. User Agent Client Procedures
229 A UAC that has an IMEI as specified in 3GPP TS 23.003 [10] that is
230 registering with a 3GPP IMS network MUST include in the
231 "sip.instance" media feature tag the GSMA IMEI URN according to the
232 syntax specified in draft-montemurro-gsma-imei-urn-18 [2] when
233 performing the registration procedures specified in RFC 5626 [1] or
234 RFC 5627 [3] or any other procedure requiring the inclusion of the
235 "sip.instance" media feature tag. The UAC SHOULD NOT include the
236 optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
237 media feature tag, since the software version can change as a result
238 of upgrades to the device firmware which would create a new
239 instance-id. Any future non zero values of the "vers" parameter, or
240 the future definition of additional parameters for the GSMA IMEI URN
241 that are intended to be used as part of an instance-id will require
242 an update to be made to this RFC. The UAC MUST provide character-by-
243 character identical URNs in each registration according to RFC 5626
244 [1]. Hence, any optional or variable components of the URN (e.g.,
245 the "vers" parameter) MUST be presented with the same values and in
246 the same order in every registration as in the first registration.
248 A UAC MUST only use the GSMA IMEI URN as an instance-id when
249 registering with a 3GPP IMS network. When registering with a non-
250 3GPP IMS network a UAC SHOULD use a UUID as an instance-id as
251 specified in RFC 5626 [1].
253 A UAC MUST NOT include the "sip.instance" media feature tag
254 containing the GSMA IMEI URN in the Contact header field of non-
255 REGISTER requests except when the request is related to an emergency
256 session. Regulatory requirements can require the IMEI to be provided
257 to the Public Safety Answering Point (PSAP). Any future exceptions
258 to this prohibition require a RFC that addresses how privacy is not
259 violated by such a usage.
261 6. User Agent Server Procedures
263 A UAS MUST NOT include its "sip.instance" media feature tag
264 containing the GSMA IMEI URN in the Contact header field of responses
265 except when the response is related to an emergency session.
266 Regulatory requirements can require the IMEI to be provided to the
267 Public Safety Answering Point(PSAP). Any future exceptions to this
268 prohibition require a RFC that addresses how privacy is not violated
269 by such a usage.
271 7. 3GPP SIP Registrar Procedures
273 In 3GPP IMS when the SIP Registrar receives in the Contact header
274 field a "sip.instance" media feature tag containing the GSMA IMEI URN
275 according to the syntax specified in
276 draft-montemurro-gsma-imei-urn-18 [2] the SIP registrar follows the
277 procedures specified in RFC 5626 [1]. If the UA indicates that it
278 supports the extension in RFC 5627 [3] and the SIP Registrar
279 allocates a public GRUU according to the procedures specified in RFC
280 5627 [3] the instance-id MUST be obfuscated when creating the "gr"
281 parameter in order not to reveal the IMEI to other UAs when the
282 public GRUU is included in non-REGISTER requests and responses. 3GPP
283 TS 24.229 [8] subclause 5.4.7A.2 specifies the mechanism for
284 obfuscating the IMEI when creating the "gr" parameter.
286 8. IANA considerations
288 This document defines no items requiring action by IANA.
290 9. Security considerations
292 Because IMEIs like other formats of instance-ids can be loosely
293 correlated to a user, they need to be treated as any other personally
294 identifiable information. In particular, the "sip.instance" media
295 feature tag containing the GSMA IMEI URN MUST NOT be included in
296 requests or responses intended to convey any level of anonymity, as
297 this could violate the users privacy. RFC 5626 [1] states "One case
298 where a UA could prefer to omit the "sip.instance" media feature tag
299 is when it is making an anonymous request or some other privacy
300 concern requires that the UA not reveal its identity". The same
301 concerns apply when using the GSMA IMEI URN as an instance-id.
302 Publication of the GSMA IMEI URN to networks that the UA is not
303 attached to or the UA does not have a service relationship with is a
304 security breach and the "sip.instance" media feature tag MUST NOT be
305 forwarded by the service provider's network elements when forwarding
306 requests or responses towards the destination UA. Additionally, an
307 instance-id containing the GSMA IMEI URN identifies a mobile device
308 and not a user. The instance-id containing the GSMA IMEI URN MUST
309 NOT be used alone as an address for a user or as an identification
310 credential for a user. The GRUU mechanism specified in RFC 5627 [3]
311 provides a means to create URIs that address the user at a specific
312 device or User Agent.
314 In order to protect the "sip.instance" media feature tag containing
315 the GSMA IMEI URN from being tampered with, those REGISTER requests
316 containing the GSMA IMEI URN MUST be sent using a security mechanism
317 such as TLS (RFC 4346 [5]) or another security mechanism that
318 provides equivalent levels of protection.
320 10. Acknowledgements
322 The author would like to thank Paul Kyzivat, Dale Worley, Cullen
323 Jennings, Adam Roach, Keith Drage, Mary Barnes, Peter Leis, James Yu,
324 S. Moonesamy, Roni Even, and Tim Bray for reviewing this draft and
325 providing their comments.
327 11. References
329 11.1. Normative references
331 [1] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
332 Initiated Connections in the Session Initiation Protocol
333 (SIP)", RFC 5626, October 2009.
335 [2] Montemurro, M., "A Uniform Resource Name Namespace For The
336 Global System for Mobile communications Association (GSMA) and
337 the International Mobile station Equipment Identity(IMEI), work
338 in progress", Internet Draft draft-montemurro-gsma-imei-urn-18,
339 November 2013.
341 [3] Rosenberg, J., "Obtaining and Using Globally Routable User
342 Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
343 RFC 5627, October 2009.
345 [4] Moats, R., "URN Syntax", RFC 2141, May 1997.
347 [5] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
348 Protocol Version 1.1", RFC 4346, April 2006.
350 [6] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
351 IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
353 [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
354 Levels", BCP 14, RFC 2119, March 1997.
356 [8] 3GPP, "TS 24.229: IP multimedia call control protocol based on
357 Session Initiation Protocol (SIP) and Session Description
358 Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229,
359 September 2013,
360 .
362 [9] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
363 Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
364 Session Initiation Protocol", RFC 3261, June 2002.
366 11.2. Informative references
368 [10] 3GPP, "TS 23.003: Numbering, addressing and identification
369 (Release 8)", 3GPP 23.003, September 2013,
370 .
372 [11] GSMA Association, "IMEI Allocation and Approval Guidelines",
373 PRD TS.06 (DG06) version 6.0, July 2011, .
377 [12] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
378 Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
379 September 2013,
380 .
382 [13] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
383 subsystem Centralized Services (ICS); Stage 3 (Release 8)",
384 3GPP 24.292, June 2013,
385 .
387 Author's Address
389 Andrew Allen (editor)
390 Blackberry
391 1200 Sawgrass Corporate Parkway
392 Sunrise, Florida 33323
393 USA
395 Email: aallen@blackberry.com