idnits 2.17.1 draft-ietf-impp-im-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 28, 2003) is 7728 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '6' is defined on line 390, but no explicit reference was found in the text == Outdated reference: A later version (-04) exists of draft-ietf-impp-srv-02 ** Obsolete normative reference: RFC 2822 (ref. '3') (Obsoleted by RFC 5322) ** Downref: Normative reference to an Informational RFC: RFC 2778 (ref. '5') ** Downref: Normative reference to an Informational RFC: RFC 2779 (ref. '6') == Outdated reference: A later version (-09) exists of draft-ietf-smime-rfc2633bis-03 ** Obsolete normative reference: RFC 3369 (ref. '9') (Obsoleted by RFC 3852) == Outdated reference: A later version (-07) exists of draft-ietf-smime-aes-alg-06 Summary: 6 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IMPP WG D. Crocker 3 Internet-Draft Brandenburg 4 Expires: August 29, 2003 J. Peterson 5 NeuStar 6 February 28, 2003 8 Common Profile for Instant Messaging (CPIM) 9 draft-ietf-impp-im-02 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with 14 all provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at http:// 27 www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on August 29, 2003. 34 Copyright Notice 36 Copyright (C) The Internet Society (2003). All Rights Reserved. 38 Abstract 40 Instant messaging is defined in RFC2778 [5]. Today, numerous instant 41 messaging protocols are in use, and little interoperability between 42 services based on these protocols has been achieved. This 43 specification defines common semantics and data formats for instant 44 messaging to facilitate the creation of gateways between instant 45 messaging services. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 50 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 51 3. Abstract Instant Messaging Service . . . . . . . . . . . . . 4 52 3.1 Overview of Instant Messaging Service . . . . . . . . . . . 4 53 3.2 Identification of INSTANT INBOXes . . . . . . . . . . . . . 5 54 3.2.1 Address Resolution . . . . . . . . . . . . . . . . . . . . . 5 55 3.3 Format of Instant Messages . . . . . . . . . . . . . . . . . 5 56 3.4 The Messaging Service . . . . . . . . . . . . . . . . . . . 6 57 3.4.1 The Message Operation . . . . . . . . . . . . . . . . . . . 6 58 3.4.2 Looping . . . . . . . . . . . . . . . . . . . . . . . . . . 7 59 4. Security Considerations . . . . . . . . . . . . . . . . . . 7 60 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 8 61 5.1 The IM URI Scheme . . . . . . . . . . . . . . . . . . . . . 8 62 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 10 64 A. IM URI IANA Registration Template . . . . . . . . . . . . . 10 65 A.1 URI scheme name . . . . . . . . . . . . . . . . . . . . . . 10 66 A.2 URI scheme syntax . . . . . . . . . . . . . . . . . . . . . 10 67 A.3 Character encoding considerations . . . . . . . . . . . . . 10 68 A.4 Intended usage . . . . . . . . . . . . . . . . . . . . . . . 11 69 A.5 Applications and/or protocols which use this URI scheme 70 name . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 71 A.6 Security considerations . . . . . . . . . . . . . . . . . . 11 72 A.7 Relevant publications . . . . . . . . . . . . . . . . . . . 11 73 A.8 Person & email address to contact for further information . 11 74 A.9 Author/Change controller . . . . . . . . . . . . . . . . . . 11 75 A.10 Applications and/or protocols which use this URI scheme 76 name . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 77 B. Issues of Interest . . . . . . . . . . . . . . . . . . . . . 11 78 B.1 Address Mapping . . . . . . . . . . . . . . . . . . . . . . 11 79 B.2 Source-Route Mapping . . . . . . . . . . . . . . . . . . . . 12 80 Normative References . . . . . . . . . . . . . . . . . . . . 9 81 Informative References . . . . . . . . . . . . . . . . . . . 9 82 C. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 12 83 Full Copyright Statement . . . . . . . . . . . . . . . . . . 13 85 1. Introduction 87 Instant messaging is defined in RFC2778 [5]. Today, numerous instant 88 messaging protocols are in use, and little interoperability between 89 services based on these protocols has been achieved. This 90 specification defines semantics and data formats for common services 91 of instant messaging to facilitate the creation of gateways between 92 instant messaging services: a common profile for instant messaging 93 (CPIM). 95 Service behavior is described abstractly in terms of operations 96 invoked between the consumer and provider of a service. Accordingly, 97 each IM service must specify how this behavior is mapped onto its own 98 protocol interactions. The choice of strategy is a local matter, 99 providing that there is a clear relation between the abstract 100 behaviors of the service (as specified in this memo) and how it is 101 faithfully realized by a particular instant messaging service. For 102 example, one strategy might transmit an instant message as textual 103 key/value pairs, another might use a compact binary representation, 104 and a third might use nested containers. 106 The attributes for each operation are defined using an abstract 107 syntax. Although the syntax specifies the range of possible data 108 values, each IM service must specify how well-formed instances of the 109 abstract representation are encoded as a concrete series of bits. 111 In order to provide a means for the preservation of end-to-end 112 features (especially security) to pass through instant messaging 113 interoperability gateways, this specification also provides 114 recommendations for instant messaging document formats that could be 115 employed by instant messaging protocols. 117 2. Terminology 119 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 120 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT 121 RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as 122 described in RFC2119 [1] and indicate requirement levels for 123 compliant implementations. 125 This memos makes use of the vocabulary defined in RFC2778 [5]. Terms 126 such as CLOSED, INSTANT INBOX, INSTANT MESSAGE, and OPEN are used in 127 the same meaning as defined therein. 129 The term 'gateway' used in this draft denotes a network element 130 responsible for interworking between diverse instant messaging 131 protocols. Although the instant messaging protocols themselves are 132 diverse, under the model used in this document these protocols can 133 carry a common payload that is relayed by the gateway. Whether these 134 interworking intermediaries should be called 'gateways' or 'relays' 135 is therefore somewhat debatable; for the purposes of this document, 136 they are called 'CPIM gateways'. 138 The term 'instant messaging service' also derives from RFC2778, but 139 its meaning changes slightly due to the existence of gateways in the 140 CPIM model. When a client sends a operation to an instant messaging 141 service, that service might either be an endpoint or an intermediary 142 such as a CPIM gateway - in fact, the client should not have to be 143 aware which it is addressing, as responses from either will appear 144 the same. 146 This document defines operations and attributes of an abstract 147 instant messaging protocol. In order for a compliant protocol to 148 interface with an instant messaging gateway, it must support all of 149 the operations described in this document (i.e. the instant 150 messaging protocol must have some message or capability that provides 151 the function described by all given operations). Similarly, the 152 attributes defined for these operations must correspond to 153 information available in the instant messaging protocol in order for 154 the protocol to interface with gateways defined by this 155 specification. Note that these attributes provide only the minimum 156 possible information that needs to be specified for interoperability 157 - the functions in an instant messaging protocol that correspond to 158 the operations described in this document can contain additional 159 information that will not be mapped by CPIM. 161 3. Abstract Instant Messaging Service 163 3.1 Overview of Instant Messaging Service 165 When an application wants to send a message to an INSTANT INBOX, it 166 invokes the message operation, e.g., 168 +-------+ +-------+ 169 | | | | 170 | appl. | -- message ------> | IM | 171 | | | svc. | 172 +-------+ +-------+ 174 The message operation has the following attributes: source, 175 destination, MaxForwards and TransID. 'source' and 'destination' 176 identify the originator and recipient of an instant message, 177 respectively, and consist of an INSTANT INBOX identifier (as 178 described in Section 3.2). The MaxForwards is a hop counter to avoid 179 loops through gateways, with usage detailed defined in Section 3.4.2; 180 its initial value is set by the originator. The TransID is a unique 181 identifier used to correlate message operations to response 182 operations; gateways should be capable of handling TransIDs up to 40 183 bytes in length. 185 The message operation also has some content, the instant message 186 itself, which may be textual, or which may consist of other data. 187 Content details are specified in Section 3.3. 189 Note that this specification assumes that instant messaging protocols 190 provide reliable message delivery; there are no application-layer 191 message delivery assurance provisions in this specification. 193 Upon receiving a message operation, the service immediately responds 194 by invoking the response operation containing the same transaction- 195 identifier, e.g., 197 +-------+ +-------+ 198 | | | | 199 | appl. | <----- response -- | IM | 200 | | | svc. | 201 +-------+ +-------+ 203 The response operation contains the following attributes: TransID and 204 status. The TransID is used to correlate the response to a 205 particular instant message. Status indicates whether the delivery of 206 the message succeeded or failed. Valid status values are described 207 in Section 3.4.1. 209 3.2 Identification of INSTANT INBOXes 211 An INSTANT INBOX is specified using an instant messaging URI with the 212 'im:' URI scheme. The full syntax of the IM URI scheme is given in 213 Appendix A. An example would be: "im:fred@example.com" 215 3.2.1 Address Resolution 217 An IM service client determines the next hop to forward the IM to by 218 resolving the domain name portion of the service destination. 219 Compliant implementations SHOULD follow the guidelines for 220 dereferencing URIs given in [2]. 222 3.3 Format of Instant Messages 224 This specification defines an abstract interoperability mechanism for 225 instant messaging protocols; the message content definition given 226 here pertains to semantics rather than syntax. However, some 227 important properties for interoperability can only be provided if a 228 common end-to-end format for instant messaging is employed by the 229 interoperating instant messaging protocols, especially with respect 230 to security. In order to maintain end-to-end security properties, 231 applications that send message operations to a CPIM gateway MUST 232 implement the format defined in MSGFMT [4]. Applications MAY support 233 other content formats. 235 CPIM gateways MUST be capable of relaying the content of a message 236 operation between supported instant messaging protocols without 237 needing to modify or inspect the content. 239 3.4 The Messaging Service 241 3.4.1 The Message Operation 243 When an application wants to send an INSTANT MESSAGE, it invokes the 244 message operation. 246 When an instant messaging service receives the message operation, it 247 performs the following preliminary checks: 249 1. If the source or destination does not refer to a syntactically 250 valid INSTANT INBOX, a response operation having status "failure" 251 is invoked. 253 2. If the destination of the operation cannot be resolved by the 254 recipient, and the recipient is not the final recipient, a 255 response operation with the status "failure" is invoked. 257 3. If access control does not permit the application to request this 258 operation, a response operation having status "failure" is 259 invoked. 261 4. Provided these checks are successful: 263 If the instant messaging service is able to successfully 264 deliver the message, a response operation having status 265 "success" is invoked. 267 If the service is unable to successfully deliver the message, 268 a response operation having status "failure" is invoked. 270 If the service must delegate responsibility for delivery (i.e. 271 if it is acting as a gateway or proxying the operation), and 272 if the delegation will not result in a future authoritative 273 indication to the service, a response operation having status 274 "indeterminant" is invoked. 276 If the service must delegate responsibility for delivery, and 277 if the delegation will result in a future authoritative 278 indication to the service, then a response operation is 279 invoked immediately after the indication is received. 281 When the service invokes the response operation, the transID 282 parameter is identical to the value found in the message operation 283 invoked by the application. 285 3.4.2 Looping 287 The dynamic routing of instant messages can result in looping of a 288 message through a relay. Detection of loops is not always obvious, 289 since aliasing and group list expansions can legitimately cause a 290 message to pass through a relay more than one time. 292 This document assumes that instant messaging protocols that can be 293 gatewayed by CPIM support some semantic equivalent to an integer 294 value that indicates the maximum number of hops through which a 295 message can pass. When that number of hops has been reached, the 296 message is assumed to have looped. 298 When a CPIM gateway relays an instant message, it decrements the 299 value of the MaxForwards attribute. This document does not mandate 300 any particular initial setting for the MaxForwards element in instant 301 messaging protocols, but it is recommended that the value be 302 reasonably large (over one hundred). 304 If a CPIM gateway receives an instant message operation that has a 305 MaxForwards attribute of 0, it discards the message and invokes a 306 failure operation. 308 4. Security Considerations 310 Detailed security considerations for instant messaging protocols are 311 given in RFC2779 (in particular, requirements are given in section 312 5.4 and some motivating discussion with 8.1). 314 CPIM defines an interoperability function that is employed by 315 gateways between instant messaging protocols. CPIM gateways MUST be 316 compliant with the minimum security requirements of the instant 317 messaging protocols with which they interface. 319 The introduction of gateways to the security model of instant 320 messaging in RFC2779 also introduces some new risks. End-to-end 321 security properties (especially confidentiality and integrity) 322 between instant messaging user agents that interface through a CPIM 323 gateway can only be provided if a common instant message format (such 324 as the format described in MSGFMT [4]) is supported by the protocols 325 interfacing with the CPIM gateway. 327 When end-to-end security is required, the message operation MUST use 328 MSGFMT, and MUST secure the MSGFMT MIME body with S/MIME [8], with 329 encryption (CMS EnvelopeData) and/or S/MIME signatures (CMS 330 SignedData). 332 The S/MIME algorithms are set by CMS [9]. The AES [10] algorithm 333 should be preferred, as it is expected that AES best suits the 334 capabilities of many platforms. However, an IETF specificationfor 335 this is still incomplete as of the time of this writing. 337 When IM URIs are placed in instant messaging protocols, they convey 338 the identity of the sender and/or the recipient. In some cases, 339 anonymous messaging may be desired. Such a capability is beyond the 340 scope of this specification. 342 5. IANA Considerations 344 The IANA assigns the "im" scheme. 346 5.1 The IM URI Scheme 348 The Instant Messaging (IM) URI scheme designates an Internet 349 resource, namely an INSTANT INBOX. 351 The syntax of an IM URI is given in Appendix A. 353 6. Contributors 355 The following individuals made substantial textual contributions to 356 this document: 358 Athanassios Diacakis (thanos.diacakis@openwave.com) 360 Florencio Mazzoldi (flo@networkprojects.com) 362 Christian Huitema (huitema@microsoft.com) 364 Graham Klyne (gk@ninebynine.org) 366 Jonathan Rosenberg (jdrosen@dynamicsoft.com) 368 Robert Sparks (rsparks@dynamicsoft.com) 369 Hiroyasu Sugano (suga@flab.fujitsu.co.jp) 371 Normative References 373 [1] Bradner, S., "Key words for use in RFCs to indicate requirement 374 levels", RFC 2119, March 1997. 376 [2] Crocker, D. and J. Peterson, "Address resolution for Instant 377 Messaging and Presence", draft-ietf-impp-srv-02 (work in 378 progress), February 2003. 380 [3] Resnick, P., "Internet Message Format", RFC 2822, STD 11, April 381 2001. 383 [4] Atkins, D. and G. Klyne, "Common Presence and Instant Messaging: 384 Message Format", draft-ietf-impp-cpim-msgfmt-08 (work in 385 progress), January 2003. 387 [5] Day, M., Rosenberg, J. and H. Sugano, "A Model for Presence and 388 Instant Messaging", RFC 2778, February 2000. 390 [6] Day, M., Aggarwal, S. and J. Vincent, "Instant Messaging / 391 Presence Protocol Requirements", RFC 2779, February 2000. 393 [7] Allocchio, C., "GSTN Address Element Extensions in Email 394 Services", RFC 2846, June 2000. 396 [8] Ramsdell, B., "S/MIME Version 3 Message Specification", draft- 397 ietf-smime-rfc2633bis-03 (work in progress), January 2003. 399 [9] Housley, R., "Cryptographic Message Syntax", RFC 3369, August 400 2002. 402 Informative References 404 [10] Schaad, J. and R. Housley, "Use of the AES Encryption Algorithm 405 and RSA-OAEP Key Transport in CMS", draft-ietf-smime-aes-alg-06 406 (work in progress), January 2003. 408 Authors' Addresses 410 Dave Crocker 411 Brandenburg InternetWorking 412 675 Spruce Drive 413 Sunnyvale, CA 94086 414 US 416 Phone: +1 408/246-8253 417 EMail: dcrocker@brandenburg.com 419 Jon Peterson 420 NeuStar, Inc. 421 1800 Sutter St 422 Suite 570 423 Concord, CA 94520 424 US 426 Phone: +1 925/363-8720 427 EMail: jon.peterson@neustar.biz 429 Appendix A. IM URI IANA Registration Template 431 This section provides the information to register the im: instant 432 messaging URI. 434 A.1 URI scheme name 436 im 438 A.2 URI scheme syntax 440 The syntax follows the existing mailto: URI syntax specified in 441 RFC2368. The ABNF is: 443 IM-URI = "im:" [ to ] [ headers ] 444 to = #mailbox 445 headers = "?" header *( "&" header ) 446 header = hname "=" hvalue 447 hname = *urlc 448 hvalue = *urlc 450 A.3 Character encoding considerations 452 Representation of non-ASCII character sets in local-part strings is 453 limited to the standard methods provided as extensions to RFC2822 455 [3]. 457 A.4 Intended usage 459 Use of the im: URI follows closely usage of the mailto: URI. That 460 is, invocation of an IM URI will cause the user's instant messaging 461 application to start, with destination address and message headers 462 fill-in according to the information supplied in the URI. 464 A.5 Applications and/or protocols which use this URI scheme name 466 It is anticipated that protocols compliant with RFC2779, and meeting 467 the interoperability requirements specified here, will make use of 468 this URI scheme name. 470 A.6 Security considerations 472 See Section 4. 474 A.7 Relevant publications 476 RFC2779, RFC2778 478 A.8 Person & email address to contact for further information 480 Jon Peterson [mailto:jon.peterson@neustar.biz] 482 A.9 Author/Change controller 484 This scheme is registered under the IETF tree. As such, IETF 485 maintains change control. 487 A.10 Applications and/or protocols which use this URI scheme name 489 Instant messaging service 491 Appendix B. Issues of Interest 493 This appendix briefly discusses issues that may be of interest when 494 designing an interoperation gateway. 496 B.1 Address Mapping 498 When mapping the service described in this memo, mappings that place 499 special information into the im: address local-part MUST use the 500 meta-syntax defined in RFC2846 [7]. 502 B.2 Source-Route Mapping 504 The easiest mapping technique is a form of source- routing and 505 usually is the least friendly to humans having to type the string. 506 Source-routing also has a history of operational problems. 508 Use of source-routing for exchanges between different services is by 509 a transformation that places the entire, original address string into 510 the im: address local part and names the gateway in the domain part. 512 For example, if the destination INSTANT INBOX is "pepp://example.com/ 513 fred", then, after performing the necessary character conversions, 514 the resulting mapping is: 516 im:pepp=example.com/fred@relay-domain 518 where "relay-domain" is derived from local configuration information. 520 Experience shows that it is vastly preferable to hide this mapping 521 from end-users - if possible, the underlying software should perform 522 the mapping automatically. 524 Appendix C. Acknowledgments 526 The authors would like to acknowledge John Ramsdell for his comments, 527 suggestions and enthusiasm. Thanks to Derek Atkins for editorial 528 fixes. 530 Full Copyright Statement 532 Copyright (C) The Internet Society (2003). All Rights Reserved. 534 This document and translations of it may be copied and furnished to 535 others, and derivative works that comment on or otherwise explain it 536 or assist in its implementation may be prepared, copied, published 537 and distributed, in whole or in part, without restriction of any 538 kind, provided that the above copyright notice and this paragraph are 539 included on all such copies and derivative works. However, this 540 document itself may not be modified in any way, such as by removing 541 the copyright notice or references to the Internet Society or other 542 Internet organizations, except as needed for the purpose of 543 developing Internet standards in which case the procedures for 544 copyrights defined in the Internet Standards process must be 545 followed, or as required to translate it into languages other than 546 English. 548 The limited permissions granted above are perpetual and will not be 549 revoked by the Internet Society or its successors or assigns. 551 This document and the information contained herein is provided on an 552 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 553 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 554 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 555 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 556 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 558 Acknowledgement 560 Funding for the RFC Editor function is currently provided by the 561 Internet Society.