idnits 2.17.1
draft-allen-dispatch-imei-urn-as-instanceid-13.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (February 26, 2014) is 3704 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Unused Reference: '9' is defined on line 371, but no explicit reference
was found in the text
** Obsolete normative reference: RFC 2141 (ref. '4') (Obsoleted by RFC 8141)
** Obsolete normative reference: RFC 4346 (ref. '5') (Obsoleted by RFC 5246)
Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Dispatch Working Group A. Allen, Ed.
3 Internet-Draft Blackberry
4 Intended status: Informational February 26, 2014
5 Expires: August 30, 2014
7 Using the International Mobile station Equipment Identity (IMEI)
8 Uniform Resource Name (URN) as an Instance ID
9 draft-allen-dispatch-imei-urn-as-instanceid-13
11 Abstract
13 This specification specifies how the Uniform Resource Name (URN)
14 reserved for the GSMA (GSM Association) identities and its sub-
15 namespace for the IMEI (International Mobile station Equipment
16 Identity) can be used as an instance-id. Its purpose is to fulfil
17 the requirements for defining how a specific URN needs to be
18 constructed and used in the "+sip.instance" Contact header field
19 parameter for outbound behavior.
21 Status of this Memo
23 This Internet-Draft is submitted in full conformance with the
24 provisions of BCP 78 and BCP 79.
26 Internet-Drafts are working documents of the Internet Engineering
27 Task Force (IETF). Note that other groups may also distribute
28 working documents as Internet-Drafts. The list of current Internet-
29 Drafts is at http://datatracker.ietf.org/drafts/current/.
31 Internet-Drafts are draft documents valid for a maximum of six months
32 and may be updated, replaced, or obsoleted by other documents at any
33 time. It is inappropriate to use Internet-Drafts as reference
34 material or to cite them other than as "work in progress."
36 This Internet-Draft will expire on August 30, 2014.
38 Copyright Notice
40 Copyright (c) 2014 IETF Trust and the persons identified as the
41 document authors. All rights reserved.
43 This document is subject to BCP 78 and the IETF Trust's Legal
44 Provisions Relating to IETF Documents
45 (http://trustee.ietf.org/license-info) in effect on the date of
46 publication of this document. Please review these documents
47 carefully, as they describe your rights and restrictions with respect
48 to this document. Code Components extracted from this document must
49 include Simplified BSD License text as described in Section 4.e of
50 the Trust Legal Provisions and are provided without warranty as
51 described in the Simplified BSD License.
53 Table of Contents
55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
59 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
61 4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
63 5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 6
65 6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 7
67 7. 3GPP SIP Registrar Procedures . . . . . . . . . . . . . . . . . 7
69 8. IANA considerations . . . . . . . . . . . . . . . . . . . . . . 7
71 9. Security considerations . . . . . . . . . . . . . . . . . . . . 7
73 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
75 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
76 11.1. Normative references . . . . . . . . . . . . . . . . . . . 8
77 11.2. Informative references . . . . . . . . . . . . . . . . . . 9
79 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
81 1. Introduction
83 This specification specifies how the Uniform Resource Name reserved
84 for GSMA identities and its sub-namespace for the IMEI (International
85 Mobile station Equipment Identity) as specified in
86 draft-montemurro-gsma-imei-urn-20 [1] can be used as an instance-id
87 as specified in RFC 5626 [2] and also as used by RFC 5627 [3].
89 RFC 5626 [2] specifies the "+sip.instance" Contact header field
90 parameter that contains a URN as specified in RFC 2141 [4]. The
91 instance-id uniquely identifies a specific UA instance. This
92 instance-id is used as specified in RFC 5626 [2] so that the SIP
93 (Session Initiation Protocol) registrar (as specified in RFC 3261
94 [5]) can recognize that the contacts from multiple registrations
95 correspond to the same UA. The instance-id is also used as specified
96 by RFC 5627 [3] to create Globally Routable User Agent URIs (GRUUs)
97 that can be used to uniquely address a UA when multiple UAs are
98 registered with the same Address of Record (AoR).
100 RFC 5626 [2] requires that a UA SHOULD create a Universally Unique
101 Identifier (UUID) URN as specified in RFC 4122 [6] as its instance-id
102 but allows for the possibility to use other URN schemes. "If a URN
103 scheme other than UUID is used, the UA MUST only use URNs for which
104 an RFC (from the IETF stream) defines how the specific URN needs to
105 be constructed and used in the "+sip.instance" Contact header field
106 parameter for outbound behavior." This specification meets this
107 requirement by specifying how the GSMA IMEI URN is used in the
108 "+sip.instance" Contact header field parameter for outbound behavior,
109 and draft-montemurro-gsma-imei-urn-20 [1] specifies how the GSMA IMEI
110 URN is constructed.
112 The GSMA IMEI is a URN for the IMEI a globally unique identifier that
113 identifies mobile devices used in the Global System for Mobile
114 communications(GSM), Universal Mobile Telecommunications System
115 (UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI
116 allocation is managed by the GSMA to ensure that the IMEI values are
117 globally unique. Details of the formatting of the IMEI as a URN are
118 specified in draft-montemurro-gsma-imei-urn-20 [1] and the definition
119 of the IMEI is contained in 3GPP TS 23.003 [10]. Further details
120 about the GSMA role in allocating the IMEI and the IMEI allocation
121 guidelines can be found in GSMA PRD TS.06 [11].
123 2. Terminology
125 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
126 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
127 document are to be interpreted as described in RFC 2119 [7].
129 3. Background
131 GSM, UMTS and LTE capable mobile devices represent 90% of the mobile
132 devices in use worldwide. Every manufactured GSM, UMTS or LTE mobile
133 device has an allocated IMEI that uniquely identifies this specific
134 mobile device. Amongst other things in some regulatory jurisdictions
135 the IMEI is used to identify that a stolen mobile device is being
136 used, to help to identify the subscription that is using it and to
137 prevent use of the mobile device. Whilst GSM was originally a
138 circuit switched system, enhancements such as GPRS (General Packet
139 Radio Service) and UMTS have added IP data capabilities which along
140 with the definition of the IP (Internet Protocol) Multimedia
141 Subsystem (IMS) have made SIP based calls and IP multimedia sessions
142 from mobile devices possible.
144 The latest enhancement known as LTE introduces even higher data rates
145 and dispenses with the circuit switched infrastructure completely.
146 This means that with LTE networks, voice calls will need to be
147 conducted using IP and IMS. However, the transition to all IP, SIP
148 based IMS networks worldwide will take a great many years and mobile
149 devices being mobile will need to operate in both IP/SIP/IMS mode and
150 circuit switched mode. This means that calls and sessions will need
151 to be handed over between IP/SIP/IMS mode and circuit switched mode
152 mid-call or mid-session. Also since many existing GSM and UMTS radio
153 access networks are unable to support IP/SIP/IMS based voice services
154 in a commercially acceptable manner, some sessions could have some
155 media types delivered via IP/IMS simultaneously with voice media
156 delivered via the circuit switched domain to the same mobile device.
157 To achieve this the mobile device is needs to be simultaneously
158 attached via both the IP/SIP/IMS domain and the circuit switched
159 domain.
161 To meet this need 3GPP has specified how to maintain session
162 continuity between the IP/SIP/IMS domain and the circuit switched
163 domain in 3GPP TS 24.237 [12] and how to access IMS hosted services
164 via both the IP/SIP/IMS domain and the circuit switched domain in
165 3GPP TS 24.292 [13].
167 In order for the mobile device to access SIP/IMS services via the
168 circuit switched domain 3GPP has specified a MSC (Mobile Switching
169 Center) server enhanced for ICS (IMS centralized services) and a MSC
170 server enhanced for SR-VCC (Single Radio Voice Call Continuity) that
171 control mobile voice call setup over the circuit switched radio
172 access while establishing the corresponding voice session in the core
173 network using SIP/IMS. To enable this, the MSC server enhanced for
174 ICS or MSC server enhanced for SR-VCC, perform SIP registration on
175 behalf of the mobile device which is also simultaneously directly
176 registered with the IP/SIP/IMS domain. The only mobile device
177 identifier that is transportable using GSM/UMTS/LTE signaling is the
178 IMEI therefore the instance-id included by the MSC server enhanced
179 for ICS or the MSC server enhanced for SR-VCC when acting on behalf
180 of the mobile device, and the instance-id directly included by the
181 mobile device both need to be based on the IMEI.
183 Additionally in order to meet the above requirements, the same IMEI
184 that is obtained from the circuit switched signaling by the MSC
185 server needs to be obtainable from SIP signaling so that that it can
186 be determined that both the SIP signaling and circuit switched
187 signaling originate from the same mobile device.
189 3GPP TS 24.237 [12] and 3GPP TS 24.292 [13] already specify the use
190 of the URN namespace for the GSMA IMEI URN as specified in
191 draft-montemurro-gsma-imei-urn-20 [1] as the instance-id used by GSM/
192 UMTS/LTE mobile devices, the MSC server enhanced for SR-VCC and the
193 MSC server enhanced for ICS, for SIP/IMS registrations and emergency
194 related SIP requests for these reasons.
196 4. 3GPP Use Cases
198 1. The mobile device includes its IMEI in the SIP REGISTER request
199 so that the SIP registrar can perform a check of the Equipment
200 Identity Register (EIR) to verify if this mobile device is allowed or
201 barred from accessing the network for non-emergency services (e.g.,
202 because it has been stolen). If the mobile device is not allowed to
203 access the network for non-emergency services the SIP registrar can
204 reject the registration. Thus a barred mobile device is prevented
205 from accesssing the network for non-emergency services.
207 2. The mobile device includes its IMEI in SIP INVITE requests used
208 to establish emergency sessions. This is so that the PSAP (Public
209 Safety Answering Point) can obtain the IMEI of the mobile device for
210 identification purposes if required by regulations.
212 3. The inclusion by the mobile device of its IMEI in SIP INVITE
213 requests used to establish emergency sessions is also used in the
214 cases of unauthenticated emergency sessions to enable the network to
215 identify the mobile device. This is especially important if the
216 unauthenticated emergency session is handed over from the packet
217 switched domain to the circuit switched domain. In this scenario the
218 IMEI is the only identifier that is common to both domains that the
219 Emergency Access Transfer Function (EATF) in the network, that
220 coordinates the transfer between domains, can use to identify that
221 the circuit switched call is from the same mobile device that was in
222 the emergency session in the packet switched domain.
224 5. User Agent Client Procedures
226 A UAC that has an IMEI as specified in 3GPP TS 23.003 [10] that is
227 registering with a 3GPP IMS network MUST include in the
228 "sip.instance" media feature tag the GSMA IMEI URN according to the
229 syntax specified in draft-montemurro-gsma-imei-urn-20 [1] when
230 performing the registration procedures specified in RFC 5626 [2] or
231 RFC 5627 [3] or any other procedure requiring the inclusion of the
232 "sip.instance" media feature tag. The UAC SHOULD NOT include the
233 optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
234 media feature tag, since the software version can change as a result
235 of upgrades to the device firmware which would create a new
236 instance-id. Any future non zero values of the "vers" parameter, or
237 the future definition of additional parameters for the GSMA IMEI URN
238 that are intended to be used as part of an instance-id will require
239 an update to be made to this RFC. The UAC MUST provide character-by-
240 character identical URNs in each registration according to RFC 5626
241 [2]. Hence, any optional or variable components of the URN (e.g.,
242 the "vers" parameter) MUST be presented with the same values and in
243 the same order in every registration as in the first registration.
245 A UAC MUST NOT use the GSMA IMEI URN as an instance-id except when
246 registering with a 3GPP IMS network. When a UAC is operating in IMS
247 mode it will obtain the domain of the network to register with from
248 the UICC (commonly known as the SIM card). This is a carrier's IMS
249 network domain. The UAC will also obtain the address of the IMS edge
250 proxy to send the REGISTER request containing the IMEI using
251 information elelments in the Attach response when it attepts to
252 connect to the carriers packet data network. When registering with a
253 non-3GPP IMS network a UAC SHOULD use a UUID as an instance-id as
254 specified in RFC 5626 [2].
256 A UAC MUST NOT include the "sip.instance" media feature tag
257 containing the GSMA IMEI URN in the Contact header field of non-
258 REGISTER requests except when the request is related to an emergency
259 session. Regulatory requirements can require the IMEI to be provided
260 to the Public Safety Answering Point (PSAP). Any future exceptions
261 to this prohibition require a RFC that addresses how privacy is not
262 violated by such a usage.
264 6. User Agent Server Procedures
266 A UAS MUST NOT include its "sip.instance" media feature tag
267 containing the GSMA IMEI URN in the Contact header field of responses
268 except when the response is related to an emergency session.
269 Regulatory requirements can require the IMEI to be provided to the
270 Public Safety Answering Point(PSAP). Any future exceptions to this
271 prohibition require a RFC that addresses how privacy is not violated
272 by such a usage.
274 7. 3GPP SIP Registrar Procedures
276 In 3GPP IMS when the SIP Registrar receives in the Contact header
277 field a "sip.instance" media feature tag containing the GSMA IMEI URN
278 according to the syntax specified in
279 draft-montemurro-gsma-imei-urn-20 [1] the SIP registrar follows the
280 procedures specified in RFC 5626 [2]. The IMEI URN MAY be validated
281 as described in draft-montemurro-gsma-imei-urn-20 [1]. If the UA
282 indicates that it supports the extension in RFC 5627 [3] and the SIP
283 Registrar allocates a public GRUU according to the procedures
284 specified in RFC 5627 [3] the instance-id MUST be obfuscated when
285 creating the "gr" parameter in order not to reveal the IMEI to other
286 UAs when the public GRUU is included in non-REGISTER requests and
287 responses. 3GPP TS 24.229 [8] subclause 5.4.7A.2 specifies the
288 mechanism for obfuscating the IMEI when creating the "gr" parameter.
290 8. IANA considerations
292 This document defines no items requiring action by IANA.
294 9. Security considerations
296 Because IMEIs like other formats of instance-ids can be correlated to
297 a user, they are they are personally identifiable informationneed and
298 MUST be treated as any other personally identifiable information. In
299 particular, the "sip.instance" media feature tag containing the GSMA
300 IMEI URN MUST NOT be included in requests or responses intended to
301 convey any level of anonymity, as this could violate the users
302 privacy. RFC 5626 [2] states "One case where a UA could prefer to
303 omit the "sip.instance" media feature tag is when it is making an
304 anonymous request or some other privacy concern requires that the UA
305 not reveal its identity". The same concerns apply when using the
306 GSMA IMEI URN as an instance-id. Publication of the GSMA IMEI URN to
307 networks that the UA is not attached to or the UA does not have a
308 service relationship with is a security breach and the "sip.instance"
309 media feature tag MUST NOT be forwarded by the service provider's
310 network elements when forwarding requests or responses towards the
311 destination UA. Additionally, an instance-id containing the GSMA
312 IMEI URN identifies a mobile device and not a user. The instance-id
313 containing the GSMA IMEI URN MUST NOT be used alone as an address for
314 a user or as an identification credential for a user. The GRUU
315 mechanism specified in RFC 5627 [3] provides a means to create URIs
316 that address the user at a specific device or User Agent.
318 Entities that log the instance ID need to protect them as personally
319 identifiable information. Regulatory requirements can require
320 carriers to log SIP IMEIs.
322 In order to protect the "sip.instance" media feature tag containing
323 the GSMA IMEI URN from being tampered with, those REGISTER requests
324 containing the GSMA IMEI URN MUST be sent using a security mechanism
325 such as TLS (RFC 4346 [5]) or another security mechanism that
326 provides equivalent levels of protection such as hop-by-hop security
327 based upon IPSec.
329 10. Acknowledgements
331 The author would like to thank Paul Kyzivat, Dale Worley, Cullen
332 Jennings, Adam Roach, Keith Drage, Mary Barnes, Peter Leis, James Yu,
333 S. Moonesamy, Roni Even, and Tim Bray for reviewing this draft and
334 providing their comments.
336 11. References
338 11.1. Normative references
340 [1] Montemurro, M., "A Uniform Resource Name Namespace For The
341 Global System for Mobile communications Association (GSMA) and
342 the International Mobile station Equipment Identity(IMEI), work
343 in progress", Internet Draft draft-montemurro-gsma-imei-urn-20,
344 February 2014.
346 [2] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
347 Initiated Connections in the Session Initiation Protocol
348 (SIP)", RFC 5626, October 2009.
350 [3] Rosenberg, J., "Obtaining and Using Globally Routable User
351 Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
352 RFC 5627, October 2009.
354 [4] Moats, R., "URN Syntax", RFC 2141, May 1997.
356 [5] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
357 Protocol Version 1.1", RFC 4346, April 2006.
359 [6] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
360 IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
362 [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
363 Levels", BCP 14, RFC 2119, March 1997.
365 [8] 3GPP, "TS 24.229: IP multimedia call control protocol based on
366 Session Initiation Protocol (SIP) and Session Description
367 Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229,
368 September 2013,
369 .
371 [9] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
372 Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
373 Session Initiation Protocol", RFC 3261, June 2002.
375 11.2. Informative references
377 [10] 3GPP, "TS 23.003: Numbering, addressing and identification
378 (Release 8)", 3GPP 23.003, September 2013,
379 .
381 [11] GSMA Association, "IMEI Allocation and Approval Guidelines",
382 PRD TS.06 (DG06) version 6.0, July 2011, .
386 [12] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
387 Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
388 September 2013,
389 .
391 [13] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
392 subsystem Centralized Services (ICS); Stage 3 (Release 8)",
393 3GPP 24.292, June 2013,
394 .
396 Author's Address
398 Andrew Allen (editor)
399 Blackberry
400 1200 Sawgrass Corporate Parkway
401 Sunrise, Florida 33323
402 USA
404 Email: aallen@blackberry.com