idnits 2.17.1 draft-ietf-sipcore-name-addr-guidance-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC4508, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3325, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3892, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3515, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3261, updated by this document, for RFC5378 checks: 2000-07-17) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 01, 2017) is 2520 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 3325 ** Downref: Normative reference to an Informational RFC: RFC 5002 ** Downref: Normative reference to an Informational RFC: RFC 5318 ** Downref: Normative reference to an Informational RFC: RFC 5502 Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Sparks 3 Internet-Draft Oracle 4 Updates: 3261, 3325, 3515, 3892, 4508, June 01, 2017 5 5002, 5318, 5360, 5502 (if 6 approved) 7 Intended status: Standards Track 8 Expires: December 3, 2017 10 Clarifications for when to use the name-addr production in SIP messages 11 draft-ietf-sipcore-name-addr-guidance-02 13 Abstract 15 RFC3261 constrained several SIP header fields whose grammar contains 16 the "name-addr / addr-spec" alternative to use name-addr when certain 17 characters appear. Unfortunately it expressed the constraints with 18 prose copied into each header field definition, and at least one 19 header field was missed. Further, the constraint has not been copied 20 into documents defining extension headers whose grammar contains the 21 alternative. 23 This document updates RFC3261 to state the constraint generically, 24 and clarifies that the constraint applies to all SIP header fields 25 where there is a choice between using name-addr or addr-spec. It 26 also updates the RFCs that define extension SIP header fields using 27 the alternative to clarify that the constraint applies (RFCs 3325, 28 3515, 3892, 4508, 5002, 5318, 5360, and 5502). 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at http://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on December 3, 2017. 47 Copyright Notice 49 Copyright (c) 2017 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 3. Updates to RFC3261 . . . . . . . . . . . . . . . . . . . . . 3 67 4. Updates to RFCs defining SIP Extension header fields . . . . 4 68 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 70 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 71 8. Instructions to the RFC Editor . . . . . . . . . . . . . . . 5 72 9. Normative References . . . . . . . . . . . . . . . . . . . . 5 73 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 75 1. Introduction 77 [RFC3261] defines several header fields that contain URIs to allow 78 both a form that contains the bare URI (addr-spec) and one that 79 provides a name and the URI (name-addr). This subset, taken from the 80 ABNF [RFC5234] specified in [RFC3261] shows the relevant part of the 81 definition of the syntax of the "From" header field: 83 From = ( "From" / "f" ) HCOLON from-spec 84 from-spec = ( name-addr / addr-spec ) 85 *( SEMI from-param ) 86 name-addr = [ display-name ] LAQUOT addr-spec RAQUOT 87 addr-spec = SIP-URI / SIPS-URI / absoluteURI 89 The prose in section 20.20 of [RFC3261], which discusses the "From" 90 header field, constrains how the production may be used by saying: 92 Even if the "display-name" is empty, the "name-addr" form 93 MUST be used if the "addr-spec" contains a comma, question 94 mark, or semicolon. 96 Section 20.39, which discusses the "To" header field contains no such 97 constraining text. 99 This constraint is specified slightly differently, but with the same 100 intent, in the introduction to section 20: 102 The Contact, From, and To header fields contain a URI. If the URI 103 contains a comma, question mark or semicolon, the URI MUST be 104 enclosed in angle brackets (< and >). 106 Unfortunately, this can be read to only apply to the Contact, From, 107 and To header fields, making it necessary to provide the constraint 108 explicitly in the prose discussing any other header field using the 109 name-addr or addr-spec alternative. 111 As extension header fields were standardized, the specifications 112 sometimes failed to include the constraint. Many errata have been 113 entered to correct this omission. When the constraint was called 114 out, the form has not been consistent. 116 This memo updates the specifications of SIP and its extensions to 117 clarify that the constraint to use the name-addr form applies 118 anywhere there is a choice between the name-addr and addr-spec 119 production rules in the grammar for SIP header fields. 121 It is important to note that a message formed without honoring the 122 constraint will still be syntactically valid, but would very likely 123 be interpreted differently. The characters after the comma, question 124 mark, or semicolon will, in most cases, be interpreted as header 125 field parameters or additional header field values as discussed in 126 section 7.3.1 of [RFC3261]. (An exception is the degenerate case of 127 a URL like sip:10.0.0.1,@10.0.0.0 where it is possible to parse the 128 comma via the 'user' production). 130 2. Terminology 132 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 133 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 134 "OPTIONAL" in this document are to be interpreted as described in BCP 135 14 [RFC2119] [RFC8174] when, and only when, they appear in all 136 capitals, as shown here. 138 3. Updates to RFC3261 140 This text from the introduction to section 20 of [RFC3261]: 142 The Contact, From, and To header fields contain a URI. If the URI 143 contains a comma, question mark or semicolon, the URI MUST be 144 enclosed in angle brackets (< and >). Any URI parameters are 145 contained within these brackets. If the URI is not enclosed in 146 angle brackets, any semicolon-delimited parameters are 147 header-parameters, not URI parameters. 149 is replaced with: 151 When constructing the value of any SIP header field whose grammar 152 allows choosing between name-addr and addr-spec, such as those 153 that use the form '(name-addr / addr-spec)', the "addr-spec" form 154 MUST NOT be used if its value would contain a comma, semicolon, 155 or question mark. 157 When a URI appears in such a header field, any URI parameters MUST 158 be contained within angle brackets (< and >). If the URI is not 159 enclosed in angle brackets, any semicolon-delimited parameters are 160 header-parameters, not URI parameters. 162 The header fields defined in this specification that allow this 163 choice are "To", "From", "Contact", and "Reply-To". 165 4. Updates to RFCs defining SIP Extension header fields 167 The following standards track RFCs: [RFC3515], [RFC3892], [RFC4508], 168 and [RFC5360] 170 and the following informational RFCS: [RFC3325], [RFC5002], 171 [RFC5318], and [RFC5502] 173 are updated to include: 175 This RFC contains the definition of one or more SIP header fields 176 that allow choosing between addr-spec and name-addr when 177 constructing header field values. As specified in RFCxxxx, 178 the "addr-spec" form MUST NOT be used if its value would contain 179 a comma, semicolon, or question mark. 181 The status of the Informational RFCs remains Informational. 183 5. IANA Considerations 185 This memo has no considerations for IANA. 187 6. Security Considerations 189 The updates specified in this memo clarify a constraint on the 190 grammar for producing SIP messages. It introduces no new security 191 considerations. One pre-existing consideration is worth reiterating: 192 messages produced without honoring the constraint will very likely be 193 mis-interpreted by the receiving element. 195 7. Acknowledgments 197 Brett Tate identified this issue in several extension documents, 198 submitted several corresponding errata, and drove the discussion that 199 led to this memo. Substantive comments leading to this text were 200 provided by Paul Kyzivat, Gonzalo Camarillo, Dale Worley, and 201 Yehoshua Gev. 203 8. Instructions to the RFC Editor 205 Please remove this section in its entirety before publication as an 206 RFC. 208 Please replace any instances of RFCxxxx with the RFC number assigned 209 to this memo. 211 This memo, if it is approved, obviates Errata 3744, 3894, and 212 4648-4652 inclusive. 214 9. Normative References 216 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 217 A., Peterson, J., Sparks, R., Handley, M., and E. 218 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 219 DOI 10.17487/RFC3261, June 2002, 220 . 222 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 223 Specifications: ABNF", STD 68, RFC 5234, 224 DOI 10.17487/RFC5234, January 2008, 225 . 227 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 228 Requirement Levels", BCP 14, RFC 2119, 229 DOI 10.17487/RFC2119, March 1997, 230 . 232 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 233 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 234 May 2017, . 236 [RFC3515] Sparks, R., "The Session Initiation Protocol (SIP) Refer 237 Method", RFC 3515, DOI 10.17487/RFC3515, April 2003, 238 . 240 [RFC3892] Sparks, R., "The Session Initiation Protocol (SIP) 241 Referred-By Mechanism", RFC 3892, DOI 10.17487/RFC3892, 242 September 2004, . 244 [RFC4508] Levin, O. and A. Johnston, "Conveying Feature Tags with 245 the Session Initiation Protocol (SIP) REFER Method", 246 RFC 4508, DOI 10.17487/RFC4508, May 2006, 247 . 249 [RFC5360] Rosenberg, J., Camarillo, G., Ed., and D. Willis, "A 250 Framework for Consent-Based Communications in the Session 251 Initiation Protocol (SIP)", RFC 5360, 252 DOI 10.17487/RFC5360, October 2008, 253 . 255 [RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private 256 Extensions to the Session Initiation Protocol (SIP) for 257 Asserted Identity within Trusted Networks", RFC 3325, 258 DOI 10.17487/RFC3325, November 2002, 259 . 261 [RFC5002] Camarillo, G. and G. Blanco, "The Session Initiation 262 Protocol (SIP) P-Profile-Key Private Header (P-Header)", 263 RFC 5002, DOI 10.17487/RFC5002, August 2007, 264 . 266 [RFC5318] Hautakorpi, J. and G. Camarillo, "The Session Initiation 267 Protocol (SIP) P-Refused-URI-List Private-Header 268 (P-Header)", RFC 5318, DOI 10.17487/RFC5318, December 269 2008, . 271 [RFC5502] van Elburg, J., "The SIP P-Served-User Private-Header 272 (P-Header) for the 3GPP IP Multimedia (IM) Core Network 273 (CN) Subsystem", RFC 5502, DOI 10.17487/RFC5502, April 274 2009, . 276 Author's Address 278 Robert Sparks 279 Oracle 281 Email: rjsparks@nostrum.com