idnits 2.17.1 draft-ietf-sipcore-name-addr-guidance-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 92: '... MUST be used if the "addr-spec" ...' RFC 2119 keyword, line 102: '...ion mark or semicolon, the URI MUST be...' RFC 2119 keyword, line 134: '...ion mark or semicolon, the URI MUST be...' RFC 2119 keyword, line 145: '... MUST NOT be used if its value woul...' RFC 2119 keyword, line 148: '... header field, any URI parameters MUST...' (1 more instance...) -- The draft header indicates that this document updates RFC4508, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3325, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3892, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3515, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3261, updated by this document, for RFC5378 checks: 2000-07-17) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 10, 2017) is 2543 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 3325 ** Downref: Normative reference to an Informational RFC: RFC 5002 ** Downref: Normative reference to an Informational RFC: RFC 5318 ** Downref: Normative reference to an Informational RFC: RFC 5502 Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Sparks 3 Internet-Draft Oracle 4 Updates: 3261, 3325, 3515, 3892, 4508, May 10, 2017 5 5002, 5318, 5360, 5502 (if 6 approved) 7 Intended status: Standards Track 8 Expires: November 11, 2017 10 Clarifications for when to use the name-addr production in SIP messages 11 draft-ietf-sipcore-name-addr-guidance-01 13 Abstract 15 RFC3261 constrained several SIP header fields whose grammar contains 16 the "name-addr / addr-spec" alternative to use name-addr when certain 17 characters appear. Unfortunately it expressed the constraints with 18 prose copied into each header field definition, and at least one 19 header field was missed. Further, the constraint has not been copied 20 into documents defining extension headers whose grammar contains the 21 alternative. 23 This document updates RFC3261 to state the constraint generically, 24 and clarifies that the constraint applies to all SIP header fields 25 where there is a choice between using name-addr or addr-spec. It 26 also updates the RFCs that define extension SIP header fields using 27 the alternative to clarify that the constraint applies (RFCs 3325, 28 3515, 3892, 4508, 5002, 5318, 5360, and 5502). 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at http://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on November 11, 2017. 47 Copyright Notice 49 Copyright (c) 2017 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Updates to RFC3261 . . . . . . . . . . . . . . . . . . . . . 3 66 3. Updates to RFCs defining SIP Extension header fields . . . . 4 67 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 68 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 69 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 70 7. Instructions to the RFC Editor . . . . . . . . . . . . . . . 5 71 8. Normative References . . . . . . . . . . . . . . . . . . . . 5 72 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 74 1. Introduction 76 [RFC3261] defines several header fields that contain URIs to allow 77 both a form that contains the bare URI (addr-spec) and one that 78 provides a name and the URI (name-addr). This subset, taken from the 79 ABNF [RFC5234] specified in [RFC3261] shows the relevant part of the 80 definition of the syntax of the "From" header field: 82 From = ( "From" / "f" ) HCOLON from-spec 83 from-spec = ( name-addr / addr-spec ) 84 *( SEMI from-param ) 85 name-addr = [ display-name ] LAQUOT addr-spec RAQUOT 86 addr-spec = SIP-URI / SIPS-URI / absoluteURI 88 The prose in section 20.20 of [RFC3261], which discusses the "From" 89 header field, constrains how the production may be used by saying: 91 Even if the "display-name" is empty, the "name-addr" form 92 MUST be used if the "addr-spec" contains a comma, question 93 mark, or semicolon. 95 Section 20.39, which discusses the "To" header field contains no such 96 constraining text. 98 This constraint is specified slightly differently, but with the same 99 intent, in the introduction to section 20: 101 The Contact, From, and To header fields contain a URI. If the URI 102 contains a comma, question mark or semicolon, the URI MUST be 103 enclosed in angle brackets (< and >). 105 Unfortunately, this can be read to only apply to the Contact, From, 106 and To header fields, making it necessary to provide the constraint 107 explicitly in the prose discussing any other header field using the 108 name-addr or addr-spec alternative. 110 As extension header fields were standardized, the specifications 111 sometimes failed to include the constraint. Many errata have been 112 entered to correct this omission. When the constraint was called 113 out, the form has not been consistent. 115 This memo updates the specifications of SIP and its extensions to 116 clarify that the constraint to use the name-addr form applies 117 anywhere there is a choice between the name-addr and addr-spec 118 production rules in the grammar for SIP header fields. 120 It is important to note that a message formed without honoring the 121 constraint will still be syntactically valid, but would very likely 122 be interpreted differently. The characters after the comma, question 123 mark, or semicolon will, in most cases, be interpreted as header 124 field parameters or additional header field values as discussed in 125 section 7.3.1 of [RFC3261]. (An exception is the degenerate case of 126 a URL like sip:10.0.0.1,@10.0.0.0 where it is possible to parse the 127 comma via the 'user' production). 129 2. Updates to RFC3261 131 This text from the introduction to section 20 of [RFC3261]: 133 The Contact, From, and To header fields contain a URI. If the URI 134 contains a comma, question mark or semicolon, the URI MUST be 135 enclosed in angle brackets (< and >). Any URI parameters are 136 contained within these brackets. If the URI is not enclosed in 137 angle brackets, any semicolon-delimited parameters are 138 header-parameters, not URI parameters. 140 is replaced with: 142 When constructing the value of any SIP header field whose grammar 143 allows choosing between name-addr and addr-spec, such as those 144 that use the form '(name-addr / addr-spec)', the "addr-spec" form 145 MUST NOT be used if its value would contain a comma, semicolon, 146 or question mark. 148 When a URI appears in such a header field, any URI parameters MUST 149 be contained within angle brackets (< and >). If the URI is not 150 enclosed in angle brackets, any semicolon-delimited parameters are 151 header-parameters, not URI parameters. 153 The header fields defined in this specification that allow this 154 choice are "To", "From", "Contact", and "Reply-To". 156 3. Updates to RFCs defining SIP Extension header fields 158 The following standards track RFCs: [RFC3515], [RFC3892], [RFC4508], 159 and [RFC5360] 161 and the following informational RFCS: [RFC3325], [RFC5002], 162 [RFC5318], and [RFC5502] 164 are updated to include: 166 This RFC contains the definition of one or more SIP header fields 167 that allow choosing between addr-spec and name-addr when 168 constructing header field values. As specified in RFCxxxx, 169 the "addr-spec" form MUST NOT be used if its value would contain 170 a comma, semicolon, or question mark. 172 The status of the Informational RFCs remains Informational. 174 4. IANA Considerations 176 This memo has no considerations for IANA. 178 5. Security Considerations 180 The updates specified in this memo clarify a constraint on the 181 grammar for producing SIP messages. It introduces no new security 182 considerations. One pre-existing consideration is worth reiterating: 183 messages produced without honoring the constraint will very likely be 184 mis-interpreted by the receiving element. 186 6. Acknowledgments 188 Brett Tate identified this issue in several extension documents, 189 submitted several corresponding errata, and drove the discussion that 190 led to this memo. Substantive comments leading to this text were 191 provided by Paul Kyzivat, Gonzalo Camarillo, Dale Worley, and 192 Yehoshua Gev. 194 7. Instructions to the RFC Editor 196 Please remove this section in its entirety before publication as an 197 RFC. 199 Please replace any instances of RFCxxxx with the RFC number assigned 200 to this memo. 202 This memo, if it is approved, obviates Errata 3744, 3894, and 203 4648-4652 inclusive. 205 8. Normative References 207 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 208 A., Peterson, J., Sparks, R., Handley, M., and E. 209 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 210 DOI 10.17487/RFC3261, June 2002, 211 . 213 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 214 Specifications: ABNF", STD 68, RFC 5234, 215 DOI 10.17487/RFC5234, January 2008, 216 . 218 [RFC3515] Sparks, R., "The Session Initiation Protocol (SIP) Refer 219 Method", RFC 3515, DOI 10.17487/RFC3515, April 2003, 220 . 222 [RFC3892] Sparks, R., "The Session Initiation Protocol (SIP) 223 Referred-By Mechanism", RFC 3892, DOI 10.17487/RFC3892, 224 September 2004, . 226 [RFC4508] Levin, O. and A. Johnston, "Conveying Feature Tags with 227 the Session Initiation Protocol (SIP) REFER Method", 228 RFC 4508, DOI 10.17487/RFC4508, May 2006, 229 . 231 [RFC5360] Rosenberg, J., Camarillo, G., Ed., and D. Willis, "A 232 Framework for Consent-Based Communications in the Session 233 Initiation Protocol (SIP)", RFC 5360, 234 DOI 10.17487/RFC5360, October 2008, 235 . 237 [RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private 238 Extensions to the Session Initiation Protocol (SIP) for 239 Asserted Identity within Trusted Networks", RFC 3325, 240 DOI 10.17487/RFC3325, November 2002, 241 . 243 [RFC5002] Camarillo, G. and G. Blanco, "The Session Initiation 244 Protocol (SIP) P-Profile-Key Private Header (P-Header)", 245 RFC 5002, DOI 10.17487/RFC5002, August 2007, 246 . 248 [RFC5318] Hautakorpi, J. and G. Camarillo, "The Session Initiation 249 Protocol (SIP) P-Refused-URI-List Private-Header 250 (P-Header)", RFC 5318, DOI 10.17487/RFC5318, December 251 2008, . 253 [RFC5502] van Elburg, J., "The SIP P-Served-User Private-Header 254 (P-Header) for the 3GPP IP Multimedia (IM) Core Network 255 (CN) Subsystem", RFC 5502, DOI 10.17487/RFC5502, April 256 2009, . 258 Author's Address 260 Robert Sparks 261 Oracle 263 Email: rjsparks@nostrum.com