idnits 2.17.1 draft-mahy-iptel-cpc-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 293. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 304. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 311. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 317. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 5, 2007) is 6259 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 4234 (ref. '3') (Obsoleted by RFC 5234) ** Obsolete normative reference: RFC 4474 (ref. '5') (Obsoleted by RFC 8224) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPTEL WG R. Mahy, Ed. 3 Internet-Draft Plantronics 4 Intended status: Informational March 5, 2007 5 Expires: September 6, 2007 7 The Calling Party's Category tel URI Parameter 8 draft-mahy-iptel-cpc-06.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on September 6, 2007. 35 Copyright Notice 37 Copyright (C) The IETF Trust (2007). 39 Abstract 41 This document specifies a new parameter for the tel URI that 42 represents the Calling Party's Category, a parameter used in SS7 ISUP 43 and other telephony signaling protocols. 45 1. Introduction 47 SS7 ISUP [4] defines a Calling Party's Category (CPC) parameter that 48 characterizes the station used to originate a call and carries other 49 important state that can describe the originating party. When 50 telephone numbers are contained in URIs, such as the tel URI [2], it 51 may be desirable to communicate any CPC associated with that 52 telephone number or, in the context of a call, the party calling from 53 it. 55 Note that in some networks (including North America), the Originating 56 Line Information (OLI) parameter is used to carry this information in 57 ANSI ISUP [9] rather than the CPC parameter. Legacy multifrequency 58 (MF) signaling networks carry this information in the ANI II 59 Digits [13]. The tel URI parameter specified in this document is 60 designed to carry data from these sources as well. 62 2. Terminology 64 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 65 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 66 document are to be interpreted as described in RFC 2119 [1]. 68 3. Parameter Definition 70 The Calling Party's Category is represented as a tel URI parameter. 71 The ABNF [3] syntax is as follows. The 'par' production is defined 72 in RFC3966 [2]. The "/=" syntax indicates an extension of the 73 production on the left-hand side: 75 par /= cpc 76 cpc = cpc-tag "=" cpc-value 77 cpc-tag = "cpc" 78 cpc-value = "ordinary" / "prison" / "police" / "test" 79 "operator" / "payphone" / "unknown" / 80 "hospital" / "cellular" / "cellular-roaming" / 81 genvalue 82 genvalue = 1*(alphanum / "-" / "." ) 84 The semantics of these Calling Party's Category values are described 85 below: 86 ordinary: The caller has been identified, and has no special 87 features. 88 test: This is a test call that has been originated as part of a 89 maintenance procedure. 91 operator: The call was generated by an operator position. 92 payphone: The calling station is a payphone. 93 prison: The calling station is in a prison. 94 hotel: The calling station is in a hotel or motel. 95 hospital: The calling station is in a medical facility. 96 police: The calling station is associated with a branch of law 97 enforcement. 98 cellular: The calling station is a radio-telephone operating in 99 its home network. 100 cellular-roaming: The calling station is a radio-telephone roaming 101 in another network 102 unknown: The CPC could not be ascertained. 104 An example of the syntax of the CPC parameter (in a small fragment of 105 a SIP [8] message) is given below: 107 INVITE sip:bob@biloxi.example.com SIP/2.0 108 To: "Bob" 109 From: ;tag=1928301774 111 4. Usage 113 The CPC is generally useful only when describing the originator of a 114 telephone call. Therefore, when this parameter is used in an 115 application such as SIP, it is recommended that the parameter be 116 applied to URIs that characterize the originator of a call (such as a 117 SIP URI or tel URI in the From header field of a SIP message). Note 118 that many Calling Party's Category values from the PSTN were 119 intentionally excluded from the cpc parameter as they are either 120 meaningless outside of the PSTN or can be represented using another 121 existing concept. For example, the language of an operator can be 122 expressed more richly using the Accept-Language header in SIP than in 123 the cpc parameter. Similarly the priority of a call is a 124 characteristic of the call and not the calling party. 126 It is anticipated that this URI parameter will be used primarily by 127 gateways that interwork ISUP or ANI II networks with SIP networks. 128 Various SIP network intermediaries might consult the CPC as they make 129 routing decisions, although no specific behavior is prescribed in 130 this document. While no specific mapping of the various ISUP 131 parameters that contain CPC data is offered in this document, 132 creating such a mapping would be trivial. 134 While the CPC could be conveyed using the ISUP tunnelling mechanism 135 described in RFC 3372 [10], this technique is widely regarded by the 136 implementation community as overkill for the problem of conveying CPC 137 information. For example, the CPC parameter provides a convenient 138 way for SIP intermediaries to make routing decisions based on the CPC 139 without having to implement an ISUP parser. The CPC paremeter 140 provides a simple, convenient form of CPC interoperability between 141 ISUP and ANI II, which is otherwise poorly addressed in RFC 3372. 142 Indeed when a SIP intermediary makes routing decisions for a call 143 where both the originating and the terminating gateways natively use 144 ANI II, the ISUP tunnelling approach is especially unattractive, 145 requiring each of the three devices to perform a translation into an 146 otherwise unneeded PSTN protocol. 148 If the CPC parameter is not present, consumers of the CPC should 149 treat the URI as if it specified a CPC of "ordinary". 151 At most, one instance of the CPC can be associated with a particular 152 URI. 154 5. Security Considerations 156 There are three potential risks specific to the information provided 157 by the Calling Party's Category: leakage of potentially private 158 information, the threat of tampering with the CPC to add false CPC 159 values, and the threat of tampering with the CPC to remove actual CPC 160 values. 162 The information contained in the CPC parameter may be of a private 163 nature, and it may not be appropriate for this value to be revealed 164 to the destination user (typically it would not be so revealed in the 165 PSTN). However, the calling party's category is often discoverable 166 or easily guessable from the calling party's phone number. For that 167 reason it is unlikely that this information is significantly more 168 privacy sensitive than the telephone number itself. The same 169 techniques used to provide complete or partial telephone number 170 privacy in SIP are appropriate to apply to the CPC parameter as well. 171 For more information about privacy issues in SIP see RFC3323 [6]. 172 The mechanism described in RFC 3325 [7] may also be relevant for 173 maintaining partial privacy or the CPC within a trusted 174 administrative domain or federation of domains as described in RFC 175 3324 [11]. 177 Making a call with a falsified CPC (ex: hospital, police, or 178 operator) could allow the caller to gain access to resources or 179 information not otherwise available. Likewise removing an 180 "undesirable" CPC value (ex: prison or hotel) could allow the caller 181 to bypass various restrictions in the telephone network. For that 182 reason, agents which expect CPC values SHOULD take care to insure the 183 integrity and authenticity of the CPC parameter. The RECOMMENDED 184 mechanism to protect the entire calling party address along with the 185 CPC parameter is the SIP Identity [5] mechanism. Alternatively, 186 agents within an adminstrative domain or federation of domains MAY 187 use the mechanism described in RFC 3325 [7] to place the CPC 188 parameter in a P-Asserted-Identity header field. 190 The SIP Identity mechanism provides a signature over the URI in the 191 From header field of a SIP request. It can sign a tel URI alone or a 192 tel URI embedded in a SIP or SIPS URI, but it provides stronger 193 protection against tampering when the tel URI is embedded in a SIP or 194 SIPS URI. Because there is no direct correlation between a tel URI 195 and an Internet domain, the receiver can use a list of domains from 196 which it will trust CPC information, or a list of root certificates 197 which are associated with trusting CPC information. 199 Otherwise, this mechanism adds no new security considerations to 200 those discussed in [2]. 202 6. IANA Considerations 204 This document extends the registry of tel URI parameters defined in 205 [12] with one new parameter described below. 207 Parameter Name: cpc 208 Predefined Values: Yes 209 Reference: This document 211 7. Contributors and Acknowledgments 213 The original version of this document was written by Jon Peterson. 215 Thanks to Takuya Sawada for a detailed review. 217 8. References 219 8.1. Normative References 221 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 222 Levels", BCP 14, RFC 2119, March 1997. 224 [2] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, 225 December 2004. 227 [3] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 228 Specifications: ABNF", RFC 4234, October 2005. 230 [4] International Telecommunications Union, "Recommendation Q.763: 231 Signalling System No. 7: ISDN user part formats and codes", 232 December 1999, . 234 [5] Peterson, J. and C. Jennings, "Enhancements for Authenticated 235 Identity Management in the Session Initiation Protocol (SIP)", 236 RFC 4474, August 2006. 238 [6] Peterson, J., "A Privacy Mechanism for the Session Initiation 239 Protocol (SIP)", RFC 3323, November 2002. 241 [7] Jennings, C., Peterson, J., and M. Watson, "Private Extensions 242 to the Session Initiation Protocol (SIP) for Asserted Identity 243 within Trusted Networks", RFC 3325, November 2002. 245 8.2. Informational References 247 [8] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., 248 Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: 249 Session Initiation Protocol", RFC 3261, June 2002. 251 [9] American National Standards Institute, "ANSI T1.113-2000, 252 Signaling System No. 7, ISDN User Part", 2000, 253 . 255 [10] Vemuri, A. and J. Peterson, "Session Initiation Protocol for 256 Telephones (SIP-T): Context and Architectures", BCP 63, 257 RFC 3372, September 2002. 259 [11] Watson, M., "Short Term Requirements for Network Asserted 260 Identity", RFC 3324, November 2002. 262 [12] Gurbani, V. and C. Jennings, "The Internet Assigned Number 263 Authority (IANA) tel Uniform Resource Identifier (URI) 264 Parameter Registry", draft-jennings-iptel-tel-reg-01 (work in 265 progress), December 2005. 267 URIs 269 [13] 272 Author's Address 274 Rohan Mahy (editor) 275 Plantronics 277 Email: rohan@ekabal.com 279 Full Copyright Statement 281 Copyright (C) The IETF Trust (2007). 283 This document is subject to the rights, licenses and restrictions 284 contained in BCP 78, and except as set forth therein, the authors 285 retain all their rights. 287 This document and the information contained herein are provided on an 288 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 289 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 290 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 291 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 292 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 293 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 295 Intellectual Property 297 The IETF takes no position regarding the validity or scope of any 298 Intellectual Property Rights or other rights that might be claimed to 299 pertain to the implementation or use of the technology described in 300 this document or the extent to which any license under such rights 301 might or might not be available; nor does it represent that it has 302 made any independent effort to identify any such rights. Information 303 on the procedures with respect to rights in RFC documents can be 304 found in BCP 78 and BCP 79. 306 Copies of IPR disclosures made to the IETF Secretariat and any 307 assurances of licenses to be made available, or the result of an 308 attempt made to obtain a general license or permission for the use of 309 such proprietary rights by implementers or users of this 310 specification can be obtained from the IETF on-line IPR repository at 311 http://www.ietf.org/ipr. 313 The IETF invites any interested party to bring to its attention any 314 copyrights, patents or patent applications, or other proprietary 315 rights that may cover technology that may be required to implement 316 this standard. Please address the information to the IETF at 317 ietf-ipr@ietf.org. 319 Acknowledgment 321 Funding for the RFC Editor function is provided by the IETF 322 Administrative Support Activity (IASA).