idnits 2.17.1 

draft-camarillo-sipping-exploders-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3667, Section 5.1 on line 14.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 329.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 313.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 319.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     335), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 35.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document seems to lack an RFC 3979 Section 5, para. 1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        By submitting this Internet-Draft, I certify that any applicable patent
        or other IPR claims of which I am aware have been disclosed, or
        will be disclosed, and any of which I become aware will be
        disclosed, in accordance with RFC 3668.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (February 2004) is 7369 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Outdated reference: A later version (-02) exists of
     draft-camarillo-sipping-uri-list-01

  == Outdated reference: A later version (-07) exists of
     draft-ietf-simple-event-list-04

  == Outdated reference: A later version (-05) exists of
     draft-ietf-simple-xcap-list-usage-02

  == Outdated reference: A later version (-03) exists of
     draft-ietf-sip-authid-body-02

  == Outdated reference: A later version (-12) exists of
     draft-ietf-sipping-conference-package-03


     Summary: 8 errors (**), 0 flaws (~~), 8 warnings (==), 6 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	SIPPING Working Group                                       G. Camarillo
2	Internet-Draft                                                  Ericsson
3	Expires: August 1, 2004                                    February 2004

5	    Requirements and Framework for Session Initiation Protocol (SIP)
6	                          Exploder Invocation
7	                draft-camarillo-sipping-exploders-03.txt

9	Status of this Memo

11	   By submitting this Internet-Draft, I certify that any applicable
12	   patent or other IPR claims of which I am aware have been disclosed,
13	   and any of which I become aware will be disclosed, in accordance with
14	   RFC 3668.

16	   Internet-Drafts are working documents of the Internet Engineering
17	   Task Force (IETF), its areas, and its working groups. Note that other
18	   groups may also distribute working documents as Internet-Drafts.

20	   Internet-Drafts are draft documents valid for a maximum of six months
21	   and may be updated, replaced, or obsoleted by other documents at any
22	   time. It is inappropriate to use Internet-Drafts as reference
23	   material or to cite them other than as "work in progress."

25	   The list of current Internet-Drafts can be accessed at http://
26	   www.ietf.org/ietf/1id-abstracts.txt.

28	   The list of Internet-Draft Shadow Directories can be accessed at
29	   http://www.ietf.org/shadow.html.

31	   This Internet-Draft will expire on August 1, 2004.

33	Copyright Notice

35	   Copyright (C) The Internet Society (2004). All Rights Reserved.

37	Abstract

39	   This document describes the need for SIP exploders and provides
40	   requirements for their invocation. Additionaly, it defines a
41	   framework which includes all the SIP extensions needed to meet these
42	   requirements.

44	Table of Contents

46	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
47	   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
48	   3.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . .  3
49	   4.  Framework  . . . . . . . . . . . . . . . . . . . . . . . . . .  4
50	     4.1   Carrying URI Lists in SIP  . . . . . . . . . . . . . . . .  4
51	     4.2   Exploder Processing of URI Lists . . . . . . . . . . . . .  4
52	     4.3   Explosion's Results  . . . . . . . . . . . . . . . . . . .  5
53	   5.  Security Considerations  . . . . . . . . . . . . . . . . . . .  5
54	   6.  Acknowledges . . . . . . . . . . . . . . . . . . . . . . . . .  6
55	   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  6
56	   7.1   Normative References . . . . . . . . . . . . . . . . . . . .  6
57	   7.2   Informational References . . . . . . . . . . . . . . . . . .  7
58	       Author's Address . . . . . . . . . . . . . . . . . . . . . . .  7
59	       Intellectual Property and Copyright Statements . . . . . . . .  8

61	1.  Introduction

63	   Some applications require that, at a given moment, a SIP [2] UA (User
64	   Agent) performs a similar transaction with a number of remote UAs.
65	   For example, an instant messaging application that needs to send a
66	   particular message (e.g., "Hello folks") to n receivers needs to send
67	   n MESSAGE requests; one to each receiver.

69	   When the transacton that needs to be repeated consists of a large
70	   request, or the number of recipients is high, or both, the access
71	   network of the UA needs to carry a considerable amount of traffic.
72	   Completing all the transactions on a low-bandwidth access would
73	   require a long time. This is unacceptable for a number of
74	   applications.

76	   A solution to this problem consists of introducing exploders in the
77	   network. The task of an exploder is to receive a request from a UA
78	   and send a number of similar requests to a number of destinations.
79	   Once the requests are sent, the exploder typically informs the UA
80	   about their status. Effectively, the exploder behaves as a B2BUA
81	   (Back-To-Back-User-Agent).

83	   Note that resource lists, as described in [4], already use SIP
84	   exploders for SUBSCRIBE transactions. Still, the set of destinations
85	   needs to be preconfigured using out-of-band mechanisms (e.g., XCAP).

87	   The Advanced Instant Messaging Requirements for SIP  [5] also
88	   mentions the need for exploders for MESSAGE transactions:

90	   "REQ-GROUP-3: It MUST be possible for a user to send to an ad-hoc
91	   group, where the identities of the recipients are carried in the
92	   message itself."

94	   The remainder of this document provides requirements to invoke
95	   exploders in an efficient manner and a framework that meets these
96	   requirements.

98	2.  Terminology

100	   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
101	   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
102	   RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
103	   described in BCP 14, RFC 2119 [1] and indicate requirement levels for
104	   compliant implementations.

106	3.  Requirements

108	   This section contains the requirements:

110	   1.  The invocation mechanism MUST allow the invoker to provide a list
111	       of destination URIs to the exploder. This URI list MAY consist of
112	       one or more URIs.
113	   2.  The mechanism to provide the URI list to the exploder MUST NOT be
114	       request specific.
115	   3.  The invocation mechanism SHOULD NOT require more than one RTT
116	       (Round-Trip Time).
117	   4.  An exploder MAY provide services beyond request explosion. That
118	       is, exploders can be modelled as application servers. For
119	       example, an exploder handling INVITE requests may behave as a
120	       conference server and perform media mixing for all the
121	       participants.
122	   5.  The interpretation of the meaning of the URI list sent by the
123	       invoker MUST be at the discretion of the application to which the
124	       list is sent.
125	   6.  It MUST be possible for the invoker to find out about the result
126	       of the operations performed by the application server with the
127	       URI list. An invoker may, for instance, be interested in the
128	       status of the transactions initiated by the exploder.
129	   7.  Exploders MUST NOT perform any request explosion without
130	       authenticating the invoker.

132	4.  Framework

134	   Although Section 3 contains specific requirements for SIP exploders,
135	   this framework is not restricted to application servers that only
136	   provide request explosion services. Per requirement number 4, we also
137	   deal with application servers that provide a particular service that
138	   includes a request explosion (e.g., a conference server that INVITEs
139	   several participants which are chosen by a user agent).

141	4.1  Carrying URI Lists in SIP

143	   Requirements 1 through 3 indentify the need for a request-independent
144	   mechanism to provide a SIP exploder with a URI list in a single RTT.
145	   The mechanism described in [3] meets these three requirements.

147	   UAs (User Agents) add a "list" SIP and SIPS URI parameter to the
148	   Request-URI of the request. This "list" parameter points to a body
149	   part which contains the URI list. The default URI list format for SIP
150	   entities is the XCAP resource list format defined in [6].

152	4.2  Exploder Processing of URI Lists

154	   According to Requirement 4 and 5, exploders can behave as application
155	   servers. That is, taking a URI list as an input, they can provide
156	   arbitrary services.

158	   So, the interpretation of the URI list by the server depends on the
159	   service to be provided. For example, for a conference server, the
160	   URIs in the list may identify the initial set of participants. On the
161	   other hand, for a MESSAGE exploder, the URIs in the list may identify
162	   the recipients of an instant message.

164	   At the SIP level, this implies that the behavior of application
165	   servers receiving requests with URI lists SHOULD be specified on a
166	   per method basis. Examples of such specifications are
167	   [draft-camarillo-sipping-adhoc-conferencing-00.txt] for INVITE,
168	   [draft-garcia-sipping-message-exploder-00.txt] for MESSAGE, and
169	   [draft-camarillo-sipping-adhoc-simple-00.txt] for SUBSCRIBE.

171	4.3  Explosion's Results

173	   According to requirement 6, user agents should have a way to obtain
174	   information about the operations performed by the application server.
175	   Since these operations are service specific, the way user agents are
176	   kept informed is also service specific. For example, a user agent
177	   establishing an adhoc conference with an INVITE with a URI list may
178	   discover which participants were successfully brought in into the
179	   conference by using the conference package [8].

181	5.  Security Considerations

183	   Security plays an important role in the implementation of any
184	   exploder. By definition, and exploder takes one request in and sends
185	   a potentially large number of them out. Attackers may attempt to use
186	   exploders as traffic amplifiers to launch DoS attacks. In addition,
187	   malicious users may attempt to use exploders to distribute
188	   unsolicited messages (i.e., SPAM) or to make unsolicited VoIP calls.
189	   This section provides guidelines to avoid these attacks.

191	   Exploders MUST NOT perform any request explosion for an unauthorized
192	   user. So, exploders MUST authenticate users and check whether they
193	   are authorized to request the exploder's services before performing
194	   any request explosion.

196	   Even though the previous rule keeps unauthorized users from using
197	   exploders, authorized users may still launch attacks using a
198	   exploder. If an exploder is used to send unsolicited requests to one
199	   or several destinations, it should be possible to track down the
200	   sender of such requests. To do that, exploders MAY provide
201	   information about the identity of the original sender of the request
202	   in their outgoing requests. Exploders can use Authenticated Identity
203	   Bodies (AIB) [7] or P-Asserted-Identity header fields [9] to provide
204	   this information. Furthermore, it is RECOMMENDED that exploders keep
205	   a log of all the transactions they handle (for a reasonable period of
206	   time), so that SPAMMERS can be tracked down.

208	   The previous rule allows exploders to track down attackers once an
209	   attack has taken place. Nevertheless, it is often desirable to
210	   prevent the attack in the first place, instead of taking measures
211	   afterwards. Providing the identify of the original sender in outgoing
212	   requests is not enough to prevent attacks because victims may consist
213	   of non-SIP nodes which would not be able to decline SIP requests
214	   using SIP error responses.

216	   Exploders MUST NOT explode a request to a destination which has not
217	   agreed to receive requests from the exploder beforehand. Users can
218	   agree to receive requests from an exploder in several ways, such as
219	   filling a web page, sending an email, or signing a contract.
220	   Additionally, users MUST be able to further describe the explosions
221	   they are willing to receive. For example, a user may only want to
222	   receive explosions performed by a particular exploder on behalf of a
223	   particular user. Effectively, these rules make URI lists used by
224	   exploders opt-in.

226	   Exploders MAY have policies that limit the number of URIs in the
227	   list, as a very long list could be used in a denial of service attack
228	   to place a large burden on the exploder to send a large number of SIP
229	   requests.

231	   Requirement 7, which states that exploders need to authenticate
232	   requesters of request explosions, and the previous rules apply to
233	   exploders in general. In addition, specifications dealing with
234	   individual methods MUST describe the security issues that relate to
235	   each particular method.

237	6.  Acknowledges

239	   Duncan Mills and Miguel A. Garcia-Martin supported the idea of 1 to n
240	   MESSAGEs. Jon Peterson provided useful comments.

242	7.  References

244	7.1  Normative References

246	   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
247	        Levels", BCP 14, RFC 2119, March 1997.

249	   [2]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
250	        Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP:
251	        Session Initiation Protocol", RFC 3261, June 2002.

253	7.2  Informational References

255	   [3]  Camarillo, G., "Providing a Session Initiation Protocol (SIP)
256	        Application Server with a  List of URIs",
257	        draft-camarillo-sipping-uri-list-01 (work in progress), February
258	        2004.

260	   [4]  Roach, A., Rosenberg, J. and B. Campbell, "A Session Initiation
261	        Protocol (SIP) Event Notification Extension for  Resource
262	        Lists", draft-ietf-simple-event-list-04 (work in progress), June
263	        2003.

265	   [5]  Rosenberg, J., "Advanced Instant Messaging Requirements for the
266	        Session Initiation Protocol  (SIP)",
267	        draft-rosenberg-simple-messaging-requirements-01 (work in
268	        progress), February 2004.

270	   [6]  Rosenberg, J., "An Extensible Markup Language (XML)
271	        Configuration Access Protocol (XCAP)  Usage for Presence Lists",
272	        draft-ietf-simple-xcap-list-usage-02 (work in progress),
273	        February 2004.

275	   [7]  Peterson, J., "SIP Authenticated Identity Body (AIB) Format",
276	        draft-ietf-sip-authid-body-02 (work in progress), July 2003.

278	   [8]  Rosenberg, J. and H. Schulzrinne, "A Session Initiation Protocol
279	        (SIP) Event Package for Conference State",
280	        draft-ietf-sipping-conference-package-03 (work in progress),
281	        February 2004.

283	   [9]  Jennings, C., Peterson, J. and M. Watson, "Private Extensions to
284	        the Session Initiation Protocol (SIP) for Asserted Identity
285	        within Trusted Networks", RFC 3325, November 2002.

287	Author's Address

289	   Gonzalo Camarillo
290	   Ericsson
291	   Hirsalantie 11
292	   Jorvas  02420
293	   Finland

295	   EMail: Gonzalo.Camarillo@ericsson.com

297	Intellectual Property Statement

299	   The IETF takes no position regarding the validity or scope of any
300	   Intellectual Property Rights or other rights that might be claimed to
301	   pertain to the implementation or use of the technology described in
302	   this document or the extent to which any license under such rights
303	   might or might not be available; nor does it represent that it has
304	   made any independent effort to identify any such rights. Information
305	   on the IETF's procedures with respect to rights in IETF Documents can
306	   be found in BCP 78 and BCP 79.

308	   Copies of IPR disclosures made to the IETF Secretariat and any
309	   assurances of licenses to be made available, or the result of an
310	   attempt made to obtain a general license or permission for the use of
311	   such proprietary rights by implementers or users of this
312	   specification can be obtained from the IETF on-line IPR repository at
313	   http://www.ietf.org/ipr.

315	   The IETF invites any interested party to bring to its attention any
316	   copyrights, patents or patent applications, or other proprietary
317	   rights that may cover technology that may be required to implement
318	   this standard. Please address the information to the IETF at
319	   ietf-ipr@ietf.org.

321	Disclaimer of Validity

323	   This document and the information contained herein are provided on an
324	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
325	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
326	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
327	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
328	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
329	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

331	Copyright Statement

333	   Copyright (C) The Internet Society (2004). This document is subject
334	   to the rights, licenses and restrictions contained in BCP 78, and
335	   except as set forth therein, the authors retain all their rights.

337	Acknowledgment

339	   Funding for the RFC Editor function is currently provided by the
340	   Internet Society.