idnits 2.17.1 draft-sparks-sipcore-name-addr-guidance-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 92: '... MUST be used if the "addr-spec" ...' RFC 2119 keyword, line 102: '...ion mark or semicolon, the URI MUST be...' RFC 2119 keyword, line 132: '...ion mark or semicolon, the URI MUST be...' RFC 2119 keyword, line 140: '... MUST NOT be used if its value wou...' RFC 2119 keyword, line 159: '..."addr-spec" form MUST NOT be used if i...' -- The draft header indicates that this document updates RFC4508, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3325, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3892, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3515, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3261, updated by this document, for RFC5378 checks: 2000-07-17) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 27, 2016) is 2768 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 3325 ** Downref: Normative reference to an Informational RFC: RFC 5002 ** Downref: Normative reference to an Informational RFC: RFC 5318 ** Downref: Normative reference to an Informational RFC: RFC 5502 Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Sparks 3 Internet-Draft Oracle 4 Updates: 3261, 3325, 3515, 3892, 4508, September 27, 2016 5 5002, 5318, 5360, 5502 (if 6 approved) 7 Intended status: Standards Track 8 Expires: March 31, 2017 10 Clarifications for when to use the name-addr production in SIP messages 11 draft-sparks-sipcore-name-addr-guidance-01 13 Abstract 15 RFC3261 constrained several SIP header fields whose grammar contains 16 the "name-addr / addr-spec" alternative to use name-addr when certain 17 characters appear. Unfortunately it expressed the constraints with 18 prose copied into each header field definition, and at least one 19 header field was missed. Further, the constraint has not been copied 20 into documents defining extension headers whose grammar contains the 21 alternative. 23 This document updates RFC3261 to state the constraint generically, 24 and clarifies that the constraint applies to all SIP header fields 25 where there is a choice between using name-addr or addr-spec. It 26 also updates those extension SIP header fields that use the 27 alternative to clarify that the constraint applies (RFCs 3325, 3515, 28 3892, 4508, 5002, 5318, 5360, and 5502). 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at http://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on March 31, 2017. 47 Copyright Notice 49 Copyright (c) 2016 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Updates to RFC3261 . . . . . . . . . . . . . . . . . . . . . 3 66 3. Updates to RFCs defining SIP Extension header fields . . . . 4 67 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 68 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 69 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 4 70 7. Instructions to the RFC Editor . . . . . . . . . . . . . . . 5 71 8. Normative References . . . . . . . . . . . . . . . . . . . . 5 72 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 74 1. Introduction 76 [RFC3261] defines several header fields that contain URIs to allow 77 both a form that contains the bare URI (addr-spec) and one that 78 provides a name and the URI (name-addr). This subset, taken from the 79 ABNF [RFC5234] specified in [RFC3261] shows the relevant part of the 80 definition of the syntax of the "From" header field: 82 From = ( "From" / "f" ) HCOLON from-spec 83 from-spec = ( name-addr / addr-spec ) 84 *( SEMI from-param ) 85 name-addr = [ display-name ] LAQUOT addr-spec RAQUOT 86 addr-spec = SIP-URI / SIPS-URI / absoluteURI 88 The prose in section 20.20 of [RFC3261], which discusses the "From" 89 header field, constrains how the production may be used by saying: 91 Even if the "display-name" is empty, the "name-addr" form 92 MUST be used if the "addr-spec" contains a comma, question 93 mark, or semicolon. 95 Section 20.39, which discusses the "To" header field contains no such 96 constraining text. 98 This constraint is specified slightly differently, but with the same 99 intent, in the introduction to section 20: 101 The Contact, From, and To header fields contain a URI. If the URI 102 contains a comma, question mark or semicolon, the URI MUST be 103 enclosed in angle brackets (< and >). 105 Unfortunately, this can be read to only apply to the Contact, From, 106 and To header fields, making it necessary to provide the constraint 107 explicitly in the prose discussing any other header field using the 108 name-addr or addr-spec alternative. 110 As extension header fields were standardized, the specifications 111 sometimes failed to include the constraint. Many errata have been 112 entered to correct this omission. When the constraint was called 113 out, the form has not been consistent. 115 This memo updates the specifications of SIP and its extensions to 116 clarify that the constraint to use the name-addr form applies 117 anywhere there is a choice between the name-addr and addr-spec 118 production rules in the grammar for SIP header fields. 120 It is important to note that a message formed without honoring the 121 constraint will still be syntactically valid, but would be 122 interpreted differently. The characters after the comma, question 123 mark, or semicolon would be interpreted as header field parameters or 124 additional header field values as discussed in section 7.3.1 of 125 [RFC3261]. 127 2. Updates to RFC3261 129 This text from the introduction to section 20 of [RFC3261]: 131 The Contact, From, and To header fields contain a URI. If the URI 132 contains a comma, question mark or semicolon, the URI MUST be 133 enclosed in angle brackets (< and >). 135 is replaced with: 137 When constructing the value of any SIP header field whose grammar 138 allows choosing between name-addr and addr-spec, such as those 139 that use the form '(name-addr / addr-spec)', the "addr-spec" form 140 MUST NOT be used if its value would contain a comma, semicolon, 141 or question mark. 143 The header fields defined in this specification that allow this 144 choice are "To", "From", "Contact", and "Reply-To". 146 3. Updates to RFCs defining SIP Extension header fields 148 The following standards track RFCs: [RFC3515], [RFC3892], [RFC4508], 149 and [RFC5360] 151 and the following informational RFCS: [RFC3325], [RFC5002], 152 [RFC5318], and [RFC5502] 154 are updated to include: 156 This RFC contains the definition of one or more SIP header fields 157 that allow choosing between addr-spec and name-addr when 158 constructing header field values. As specified in RFCxxxx, 159 the "addr-spec" form MUST NOT be used if its value would contain 160 a comma, semicolon, or question mark. 162 The status of the Informational RFCs remains Informational. 164 4. IANA Considerations 166 This memo has no considerations for IANA. 168 5. Security Considerations 170 The updates specified in this memo clarify a constraint on the 171 grammar for producing SIP messages. It introduces no new security 172 considerations. One pre-existing consideration is worth reiterating: 173 messages produced without honoring the constraint will be mis- 174 interpreted by the receiving element. 176 6. Acknowledgments 178 Brett Tate identified this issue in several extension documents, 179 submitted several corresponding errata, and drove the discussion that 180 led to this memo. Substantive comments leading to this text were 181 provided by Paul Kyzivat, Gonzalo Camarillo, and Dale Worley. 183 7. Instructions to the RFC Editor 185 Please remove this section in its entirety before publication as an 186 RFC. 188 Please replace any instances of RFCxxxx with the RFC number assigned 189 to this memo. 191 This memo, if it is approved, obviates Errata 3744, 3894, and 192 4648-4652 inclusive. 194 8. Normative References 196 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 197 A., Peterson, J., Sparks, R., Handley, M., and E. 198 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 199 DOI 10.17487/RFC3261, June 2002, 200 . 202 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 203 Specifications: ABNF", STD 68, RFC 5234, 204 DOI 10.17487/RFC5234, January 2008, 205 . 207 [RFC3515] Sparks, R., "The Session Initiation Protocol (SIP) Refer 208 Method", RFC 3515, DOI 10.17487/RFC3515, April 2003, 209 . 211 [RFC3892] Sparks, R., "The Session Initiation Protocol (SIP) 212 Referred-By Mechanism", RFC 3892, DOI 10.17487/RFC3892, 213 September 2004, . 215 [RFC4508] Levin, O. and A. Johnston, "Conveying Feature Tags with 216 the Session Initiation Protocol (SIP) REFER Method", 217 RFC 4508, DOI 10.17487/RFC4508, May 2006, 218 . 220 [RFC5360] Rosenberg, J., Camarillo, G., Ed., and D. Willis, "A 221 Framework for Consent-Based Communications in the Session 222 Initiation Protocol (SIP)", RFC 5360, 223 DOI 10.17487/RFC5360, October 2008, 224 . 226 [RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private 227 Extensions to the Session Initiation Protocol (SIP) for 228 Asserted Identity within Trusted Networks", RFC 3325, 229 DOI 10.17487/RFC3325, November 2002, 230 . 232 [RFC5002] Camarillo, G. and G. Blanco, "The Session Initiation 233 Protocol (SIP) P-Profile-Key Private Header (P-Header)", 234 RFC 5002, DOI 10.17487/RFC5002, August 2007, 235 . 237 [RFC5318] Hautakorpi, J. and G. Camarillo, "The Session Initiation 238 Protocol (SIP) P-Refused-URI-List Private-Header 239 (P-Header)", RFC 5318, DOI 10.17487/RFC5318, December 240 2008, . 242 [RFC5502] van Elburg, J., "The SIP P-Served-User Private-Header 243 (P-Header) for the 3GPP IP Multimedia (IM) Core Network 244 (CN) Subsystem", RFC 5502, DOI 10.17487/RFC5502, April 245 2009, . 247 Author's Address 249 Robert Sparks 250 Oracle 252 Email: rjsparks@nostrum.com