idnits 2.17.1 draft-wilde-sms-uri-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 918. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 929. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 936. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 942. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Dec 11, 2007) is 5980 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2822' is defined on line 817, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'HTML401' ** Obsolete normative reference: RFC 2822 (Obsoleted by RFC 5322) ** Obsolete normative reference: RFC 4234 (Obsoleted by RFC 5234) ** Obsolete normative reference: RFC 4395 (Obsoleted by RFC 7595) -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS' -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS-CHAR' -- Obsolete informational reference (is this intentional?): RFC 2368 (Obsoleted by RFC 6068) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Wilde 3 Internet-Draft UC Berkeley 4 Intended status: Standards Track A. Vaha-Sipila 5 Expires: June 13, 2008 Nokia 6 Dec 11, 2007 8 URI Scheme for GSM Short Message Service 9 draft-wilde-sms-uri-14 11 Status of this Memo 13 By submitting this Internet-Draft, each author represents that any 14 applicable patent or other IPR claims of which he or she is aware 15 have been or will be disclosed, and any of which he or she becomes 16 aware will be disclosed, in accordance with Section 6 of BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on June 13, 2008. 36 Copyright Notice 38 Copyright (C) The IETF Trust (2007). 40 Abstract 42 This memo specifies the Uniform Resource Identifier (URI) scheme 43 "sms" for specifying one or more recipients for an SMS message. SMS 44 messages are two-way paging messages that can be sent from and 45 received by a mobile phone or a suitably equipped networked device. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 50 1.1. What is GSM? . . . . . . . . . . . . . . . . . . . . . . . 3 51 1.2. What is SMS? . . . . . . . . . . . . . . . . . . . . . . . 3 52 1.3. The "sms" URI Scheme . . . . . . . . . . . . . . . . . . . 7 53 2. URI Scheme Registration . . . . . . . . . . . . . . . . . . . 10 54 2.1. URI Scheme Name . . . . . . . . . . . . . . . . . . . . . 10 55 2.2. Status . . . . . . . . . . . . . . . . . . . . . . . . . . 10 56 2.3. URI Scheme Syntax . . . . . . . . . . . . . . . . . . . . 10 57 2.4. URI Scheme Semantics . . . . . . . . . . . . . . . . . . . 10 58 2.5. Encoding Considerations . . . . . . . . . . . . . . . . . 11 59 2.6. Applications/Protocols that use this URI Scheme Name . . . 11 60 2.7. Interoperability Considerations . . . . . . . . . . . . . 11 61 2.8. Security Considerations . . . . . . . . . . . . . . . . . 11 62 2.9. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 11 63 3. Security Considerations . . . . . . . . . . . . . . . . . . . 11 64 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 65 5. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 13 66 5.1. From -13 to -14 . . . . . . . . . . . . . . . . . . . . . 13 67 5.2. From -12 to -13 . . . . . . . . . . . . . . . . . . . . . 14 68 5.3. From -11 to -12 . . . . . . . . . . . . . . . . . . . . . 14 69 5.4. From -10 to -11 . . . . . . . . . . . . . . . . . . . . . 15 70 5.5. From -09 to -10 . . . . . . . . . . . . . . . . . . . . . 15 71 5.6. From -08 to -09 . . . . . . . . . . . . . . . . . . . . . 15 72 5.7. From -07 to -08 . . . . . . . . . . . . . . . . . . . . . 15 73 5.8. From -06 to -07 . . . . . . . . . . . . . . . . . . . . . 15 74 5.9. From -05 to -06 . . . . . . . . . . . . . . . . . . . . . 15 75 5.10. From -04 to -05 . . . . . . . . . . . . . . . . . . . . . 15 76 5.11. From -03 to -04 . . . . . . . . . . . . . . . . . . . . . 15 77 5.12. From -02 to -03 . . . . . . . . . . . . . . . . . . . . . 16 78 5.13. From -01 to -02 . . . . . . . . . . . . . . . . . . . . . 16 79 5.14. From -00 to -01 . . . . . . . . . . . . . . . . . . . . . 16 80 5.15. Change Log of draft-wilde-sms-service . . . . . . . . . . 16 81 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 82 6.1. Normative References . . . . . . . . . . . . . . . . . . . 18 83 6.2. Non-Normative References . . . . . . . . . . . . . . . . . 19 84 Appendix A. Where to send Comments . . . . . . . . . . . . . . . 19 85 Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 19 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 87 Intellectual Property and Copyright Statements . . . . . . . . . . 21 89 1. Introduction 91 Compliant software MUST follow this specification. The capitalized 92 key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 93 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 94 document are to be interpreted as described in RFC 2119 [RFC2119]. 96 1.1. What is GSM? 98 GSM (Global System for Mobile Communications) is a digital mobile 99 phone standard which is used extensively in many parts of the world. 100 First named after its frequency band around 900 MHz, GSM-900 has 101 provided the basis for several other networks utilizing GSM 102 technology, in particular GSM networks operating in the frequency 103 bands around 1800 MHz and 1900 MHz. When referring to "GSM" in this 104 document, we mean any of these GSM-based networks that operate a 105 short message service. 107 1.2. What is SMS? 109 The Short Message Service (SMS) [SMS] is an integral part of the GSM 110 network technology. It has been very successful and currently is a 111 major source of revenue for many GSM operators. SMS as a service is 112 so successful that other Global Switched Telephone Network (GSTN) 113 technologies have adapted it as well, in particular the Integrated 114 Services Digital Network (ISDN). Because of this development, this 115 memo uses the term "SMS client" to refer to user agents who are able 116 to send and/or receive SMS messages. 118 1.2.1. SMS content 120 GSM SMS messages are alphanumeric paging messages that can be sent to 121 and from SMS clients. SMS messages have a maximum length of 160 122 characters (7-bit characters from the GSM character set [SMS-CHAR]), 123 or 140 octets. Other character sets (such as UCS-2 16-bit 124 characters, resulting in 70 character messages) MAY also be supported 125 [SMS-CHAR], but are defined as being optional by the SMS 126 specification. Consequently, applications handling SMS messages as 127 part of a chain of character processing applications MUST make sure 128 that character sets are correctly mapped to and from the character 129 set used for SMS messages. 131 While the 160 character variety for SMS messages is by far the most 132 widely used one, there are numerous other content types for SMS 133 messages, such as small bitmaps ("operator logos") and simple formats 134 for musical notes ("ring tones"). However, these formats are 135 proprietary and are not considered in this memo. 137 SMS messages are very limited in length (140 octets), and the first 138 versions of the SMS specification did not specify any standardized 139 methods for concatenating SMS messages. As a consequence, several 140 proprietary methods were invented, but the current SMS specification 141 does specify message concatenation. In order to deal with this 142 situation, SMS clients composing messages SHOULD use the standard 143 concatenation method based on the header in the TP-User Data field as 144 specified in the SMS specification [SMS]. When sending a message to 145 an SMS recipient whose support for concatenated messages is unknown, 146 the SMS client MAY opt to use the backwards-compatible (text-based) 147 concatenation method defined in the SMS specification [SMS]. 148 Proprietary concatenation methods SHOULD NOT be used except in closed 149 systems, where the capabilities of the recipient(s) are always known. 151 1.2.2. SMS infrastructure 153 SMS messages can be transmitted over an SMS client's network 154 interface using the signaling channels of the underlying GSTN 155 infrastructure, so there is no delay for call setup. Alternatively, 156 SMS messages MAY be submitted through other front-ends (for example 157 Web-based services), which makes it possible for SMS clients to run 158 on computers which are not directly connected to a GSTN network 159 supporting SMS. 161 SMS messages sent with the GSTN SMS service MUST be sent as class 1 162 SMS messages, if the client is able to specify the message class. 164 1.2.2.1. SMS Centers 166 For delivery within GSTN networks, SMS messages are stored by an 167 entity called SMS Center (SMSC), and sent to the recipient when the 168 subscriber connects to the network. The number of a cooperative SMSC 169 must be known to the SMS sender (i.e., the entity submitting the SMS 170 message to a GSTN infrastructure) when sending the message (usually, 171 the SMSC's number is configured in the SMS client and specific for 172 the network operator to which the sender has subscribed). In most 173 situations, the SMSC number is part of the sending SMS client's 174 configuration. However, in some special cases (such as when the SMS 175 recipient only accepts messages from a certain SMSC), it may be 176 necessary to send the SMS message over a specific SMSC. The scheme 177 specified in this memo does not support the specification of SMSC 178 numbers, so in case of scenarios where messages have to be sent 179 through a certain SMSC, there must be some other context establishing 180 this requirement, or message delivery may fail. 182 Short messages can be mobile terminated (MT) or mobile originated 183 (MO). MT messages are the ones that arrive at SMS clients; MO 184 messages are sent by SMS clients. Networks may support either, both, 185 or none of these. For the purpose of this memo, it is important that 186 the sending SMS client is allowed to submit MO messages, and that the 187 receiver is allowed to receive MT messages. 189 The exact setup of message submission and delivery is not subject of 190 this memo, it may incorporate additional hops in addition to the pure 191 SMS transport. For example, the sending SMS client may use a Web- 192 based service to submit the SMS message, and the receiving SMS client 193 may be set up to forward the SMS to an email account. For the 194 purpose of this memo, it is important that the receiver can be 195 addressed by a GSTN number, and that the sender can submit an SMS 196 message using this number. 198 1.2.3. Uniform Resource Identifiers 200 One of the core specifications for identifying resources on the 201 Internet is RFC 3986 [RFC3986], specifying the syntax and semantics 202 of a Uniform Resource Identifier (URI). The most important notion of 203 URIs are "schemes", which define a framework within which resources 204 can be uniquely identified and addressed. URIs enable users to 205 access resources, and are used for very diverse schemes such as 206 access protocols (HTTP, FTP), broadcast media (TV channels 207 [RFC2838]), messaging (email [RFC2368]), and even telephone numbers 208 (voice [RFC3966]). 210 URIs often are mentioned together with Uniform Resource Names (URNs) 211 and/or Uniform Resource Locators (URLs), and it often is unclear how 212 to separate these concepts. For the purpose of this memo, only the 213 term URI will be used, referring to the most fundamental concept. 214 The World Wide Web Consortium (W3C) has issued a note 215 [uri-clarification] discussing the topic of URIs, URNs, and URLs in 216 detail. 218 1.2.4. SMS Messages and the Internet 220 One of the important reasons for the universal access of the Web is 221 the ability to access all information through a unique interface. 222 This kind of integration makes it easy to provide information as well 223 as to consume it. One aspect of this integration is the support of 224 user agents (in the case of the Web, commonly referred to as 225 browsers) for multiple content formats (such as HTML, GIF, JPEG) and 226 access schemes (such as HTTP, HTTPS, FTP). 228 The "mailto" scheme has proven to be very useful and popular, because 229 most user agents support it by providing an email composition 230 facility when the user selects (e.g., clicks on) the URI. Similarly, 231 the "sms" scheme can be supported by user agents by providing an SMS 232 message composition facility when the user selects the URI. In cases 233 where the user agent does not provide a built-in SMS message 234 composition facility, the scheme could still be supported by opening 235 a Web page which provides such a service. The specific Web page to 236 be used could be configured by the user, so that each user could use 237 the SMS message composition service of his choice. 239 The goal of this memo is to specify the "sms" URI scheme, so that 240 user agents (such as Web browsers and email clients) can start to 241 support it. The "sms" URI scheme identifies SMS message endpoints as 242 resources. When "sms" URIs are dereferenced, implementations MAY 243 create a message and present it to be edited before being sent, or 244 they MAY invoke additional services to provide the functionality 245 necessary for composing a message and sending it to the SMS message 246 endpoint. In either case, simply activating a link with an "sms" URI 247 SHOULD NOT cause a message to be sent without prior user 248 confirmation. 250 1.2.4.1. SMS Messages and the Web 252 SMS messages can provide an alternative to "mailto" URIs [RFC2368], 253 or "tel" or "fax" URIs [RFC3966]. When a "sms" URI is activated, the 254 user agent MAY start a program for sending an SMS message, just as 255 "mailto" may open a mail client. Unfortunately, most browsers do not 256 support the external handling of internally unsupported URI schemes 257 in the same generalized way as most of them support external handling 258 of content for media types which they do not support internally. 259 Ideally, user agents should implement generic URI parsers and provide 260 a way to associate unsupported schemes with external applications (or 261 Web-based services). 263 The recipient of an SMS message need not be a mobile phone. It can 264 be a server that can process SMS messages, either by gatewaying them 265 to another messaging system (such as regular electronic mail), or by 266 parsing them for supplementary services. 268 SMS messages can be used to transport almost any kind of data (even 269 though there is a very tight size limit), but the only standardized 270 data formats are character-based messages in different character 271 encodings. SMS messages have a maximum length of 160 characters 272 (when using 7-bit characters from the SMS character set), or 140 273 octets. However, SMS messages can be concatenated to form longer 274 messages. It is up to the user agent to decide whether to limit the 275 length of the message, and how to indicate this limit in its user 276 interface, if necessary. There is one exception to this, see 277 Section 1.3.5. 279 1.2.4.2. SMS Messages and Forms 281 The Hypertext Markup Language (HTML) [HTML401] provides a way to 282 collect information from a user and pass it to a server for 283 processing. This functionality is known as "HTML forms". A 284 filled-in form is usually sent to the destination using the Hypertext 285 Transfer Protocol (HTTP) or email. However, SMS messages can also be 286 used as the transport mechanism for these forms. As SMS transport is 287 "out-of-band" as far as normal HTTP over TCP/IP is concerned, this 288 provides a way to fill in forms offline, and send the data without 289 making a TCP connection to the server, as the set-up time, cost, and 290 overhead for a TCP connection are large compared to an SMS message. 291 Also, depending on the network configuration, the sender's telephone 292 number may be included in the SMS message, thus providing a weak form 293 of authentication. 295 1.3. The "sms" URI Scheme 297 Syntax definitions are given using the Augmented BNF (ABNF) for 298 syntax specifications [RFC4234]. 300 1.3.1. Applicability 302 This URI scheme provides information that can be used for sending an 303 SMS message to certain recipient(s). The functionality is comparable 304 to that of the "mailto" URI, which (as per RFC 2368 [RFC2368]) can 305 also be used with a comma-separated list of email addresses. 307 The notation for phone numbers is taken from [RFC3966]. Refer to 308 this document for information on why this particular format was 309 chosen. 311 How the SMS message is sent to the SMSC or other intermediaries is 312 outside the scope of this specification. SMS messages can be sent 313 over the GSM air interface, by using a modem and a suitable protocol, 314 or by accessing services over other protocols, such as a Web-based 315 service for sending SMS messages. Also, SMS message service options 316 like deferred delivery and delivery notification requests are not 317 within the scope of this document. Such services MAY be requested 318 from the network by the user agent if necessary. 320 SMS messages sent as a result of this URI MUST be sent as class 1 SMS 321 messages, if the user agent is able to specify the message class. 323 1.3.2. Formal Definition 325 The URI scheme's keywords specified in the following syntax 326 description are case-insensitive. The syntax of an "sms" URI is 327 formally described as follows, where the URI base syntax is taken 328 from RFC 3986 [RFC3986]: 330 sms-uri = scheme ":" hier-part [ "?" sms-body ] 331 scheme = "sms" 332 hier-part = sms-recipient *( "," sms-recipient ) 333 sms-recipient = sms-number 334 sms-number = ( global-number / local-number ) 335 global-number = "+" local-number 336 local-number = *phonedigit DIGIT *phonedigit 337 sms-body = "body=" query 339 Some illustrative examples using this syntax are given in 340 Section 1.3.4. 342 The syntax definition for is taken from RFC 3966 343 [RFC3966]. 345 The syntax definition for is taken from RFC 3986 [RFC3986], 346 please refer to that document. 348 The is used to define the body of the SMS message to be 349 composed. It consists of percent-encoded UTF-8 characters. 350 Implementations MUST make sure that the characters are 351 converted to a suitable character encoding before sending, the most 352 popular being the 7-bit SMS character encoding, another variant 353 (though not as universally supported as 7-bit SMS) is the UCS-2 354 character encoding (both specified in [SMS-CHAR]). Implementations 355 MAY choose to discard (or convert) characters in the that 356 are not supported by the SMS character set they are using to send the 357 SMS message. If they do discard or convert characters, they MUST 358 notify the user. 360 User agents SHOULD support multiple recipients, and SHOULD make it 361 clear to users what the entire list of recipients is, before 362 committing the user to sending all the messages. 364 1.3.3. Processing an "sms" URI 366 The following list describes the steps for processing an "sms" URI: 368 1. The of the first is extracted. It 369 is the phone number of the final recipient and it MUST be written 370 in international form with country code, unless the number only 371 works from inside a certain geographical area or a network. Note 372 that some numbers may work from several networks but not from the 373 whole world - these SHOULD be written in international form. 375 According to RFC 3966 [RFC3966], all international numbers MUST 376 begin with a "+" character. Hyphens, dots, and parentheses 377 (referred to as "visual separators" in RFC 3966) are used only to 378 improve readability and MUST NOT convey any other meaning. 380 2. The is extracted, if present. 382 3. The user agent should provide some means for message composition, 383 either by implementing this itself, or by accessing a service 384 providing it. Message composition SHOULD start with the body 385 extracted from the , if present. 387 4. After message composition, a user agent SHOULD try to send the 388 message first using the the default delivery method employed by 389 that user agent. If that fails, the user agent MAY try another 390 delivery method. 392 5. If the URI consists of a comma-separated list of recipients 393 (i.e., contains multiple parts), all of them are 394 processed in this manner. Exactly the same message SHOULD be 395 sent to all of the listed recipients, which means that the 396 message resulting from the message composition step for the first 397 recipient is used unaltered for all other recipients as well. 399 1.3.4. Examples of Use 401 sms:+12024561111 403 This indicates an SMS message capable recipient at the given 404 telephone number. The message is sent using the user agent's default 405 SMS delivery method. 407 sms:+12024561111,+15102061079 409 This indicates SMS message capable recipients at the given telephone 410 numbers. The identical message should be sent to both recipients 411 using the user agent's default SMS delivery method. 413 sms:+12024561111?body=hello%20there 415 In this case, a message (initially being set to "hello there", which 416 may be modified by the user before sending) will be sent via SMS 417 using the user agent's default SMS delivery method. 419 1.3.5. Using "sms" URIs in HTML Forms 421 When using a "sms" type URI as an action URI for HTML form submission 422 [HTML401], the form contents MUST be packaged in the SMS message just 423 as they are packaged when using a "mailto" URI [RFC2368], using the 424 "application/x-www-form-urlencoded" media type, effectively packaging 425 all form data into URI compliant syntax [RFC3986]. The SMS message 426 MUST NOT contain any HTTP headers, only the form data. The media 427 type is implicit. It MUST NOT be transferred in the SMS message. 429 The character encoding used for form submissions MUST be UTF-8 430 [RFC3629]. It should be noted, however, that user agents MUST 431 percent-encode form submissions before sending them (this encoding is 432 specified by the URI syntax [RFC3986]). 434 The user agent SHOULD inform the user about the possible security 435 hazards involved when submitting the form (it is probably being sent 436 as plain text over an air interface). 438 If the form submission is longer than the maximum SMS message size, 439 the user agent MAY either concatenate SMS messages, if it is able to 440 do so, or it MAY refuse to send the message. The user agent MUST NOT 441 send out partial form submissions. 443 2. URI Scheme Registration 445 This memo requests the registration of the Uniform Resource 446 Identifier (URI) scheme "sms" for specifying one or more recipients 447 for an SMS message. The registration request complies with RFC 4395 448 [RFC4395]. 450 2.1. URI Scheme Name 452 sms 454 2.2. Status 456 Provisional 458 2.3. URI Scheme Syntax 460 See Section 1.3. 462 2.4. URI Scheme Semantics 464 The "sms" defines a way how a message may be composed which is then 465 transmitted using the SMS message transmission method. This scheme 466 can thus be compared to be "mailto" URI scheme [RFC2368]. See 467 Section 1.3.3 for the details of operation. 469 2.5. Encoding Considerations 471 The optional body field of "sms" URIs may contain a message text, but 472 this text uses percent-encoded UTF-8 characters and thus can always 473 be represented using URI characters. See Section 1.3 for the details 474 of encoding. 476 2.6. Applications/Protocols that use this URI Scheme Name 478 The "sms" URI scheme is intended to be used in a similar way as the 479 "mailto" URI scheme [RFC2368]. By using "sms" URIs, authors can 480 embed information into documents which can be used as a starting 481 point for initiating message composition. Whether the client is 482 sending the message itself (for example over a GSM air interface) or 483 redirecting the user to a third party for message composition (such 484 as a Web service for sending SMS messages) is outside of the scope of 485 the URI scheme definition. 487 2.7. Interoperability Considerations 489 No interoperability issues have been identified. 491 2.8. Security Considerations 493 See Section 3. 495 2.9. Contact 497 Erik Wilde 498 School of Information 499 UC Berkeley 500 Berkeley, CA 94720-4600 501 U.S.A. 502 tel:+1-510-6432252 503 mailto:dret@berkeley.edu 505 3. Security Considerations 507 SMS messages are transported without any provisions for privacy or 508 integrity, so SMS users should be aware of these inherent security 509 problems of SMS messages. Unlike electronic mail, where additional 510 mechanisms exist to layer security features on top of the basic 511 infrastructure, there currently is no such framework for SMS 512 messages. 514 SMS messages very often are delivered almost instantaneously (if the 515 receiving SMS client is online), but there is no guarantee for when 516 SMS messages will be delivered. In particular, SMS messages between 517 different network operators sometimes take a long time to be 518 delivered (hours or even days) or are not delivered at all, so 519 applications SHOULD NOT make any assumptions about the reliability 520 and performance of SMS message transmission. 522 In most networks, sending SMS messages is not a free service. 523 Therefore, SMS clients MUST make sure that any action that incurs 524 costs is acknowledged by the end user, unless explicitly instructed 525 otherwise by the end user. If an SMS client has different ways of 526 submitting an SMS message (such as a Web service and a phone line), 527 then the end user MUST have a way to control which way is chosen. 529 SMS clients often are limited devices (typically mobile phones), and 530 the sending SMS client SHOULD NOT make any assumptions about the 531 receiving SMS client supporting any non-standard services, such as 532 proprietary message concatenation or proprietary content types. 533 However, if the sending SMS client has prior knowledge about the 534 receiving SMS client, then he MAY use this knowledge to compose non- 535 standard SMS messages. 537 There are certain special SMS messages defined in the SMS 538 specification [SMS] that can be used, for example, to turn on 539 indicators on the phone display, or to send data to certain 540 communication ports (comparable to UDP ports) on the device. Certain 541 proprietary systems (for example, the Wireless Application Protocol 542 [WAP]) define configuration messages that may be used to reconfigure 543 the devices remotely. Any SMS client SHOULD make sure that malicious 544 use of such messages is not possible, for example by filtering out 545 certain SMS User Data headers. Gateways that accept SMS messages 546 e.g. in e-mail messages or Web forms and pass them on to an SMSC, 547 SHOULD implement this kind of "firewalling" approach as well. 549 Because the narrow bandwidth of the SMS communications channel, there 550 should also be checks in place for excessively long concatenated 551 messages. As an example, it may take two minutes to transfer thirty 552 concatenated text messages. 554 Unchecked input from a user MUST NOT be used to populate any other 555 fields in a SMS message other than the User Data field (not including 556 the User Data Header field). All other parts, including the User 557 Data Header, of the short message should only be generated by trusted 558 means. 560 By including "sms" URIs in unsolicited messages (a.k.a. "spam") or 561 other types of advertising, the originator of the "sms" URIs may 562 attempt to reveal an individual's phone number and/or to link the 563 identity (i.e., e-mail address) used for messaging with the identity 564 (i.e., phone number) used for the mobile phone. This attempt to 565 collect information may be a privacy issue, and user agents may make 566 users aware of that risk before composing or sending SMS messages. 567 Users agents which do not provide any feedback about this privacy 568 issue make users more vulnerable to this kind of attack. 570 A user agent SHOULD NOT send out SMS messages without the knowledge 571 of the user, because of associated risks, which include sending 572 masses of SMS messages to a subscriber without his consent, and the 573 costs involved in sending an SMS message. 575 The user agent SHOULD have some mechanism that the user can use to 576 filter out unwanted destinations for SMS messages. The user agent 577 SHOULD also have some means of restricting the number of SMS messages 578 being sent as the result of activating one "sms" URI. 580 As suggested functionality, the user agent MAY offer a possibility 581 for the user to filter out those phone numbers that are expressed in 582 local format, as most premium-rate numbers are expressed in local 583 format, and because determining the correct local context (and hence 584 the validity of the number to this specific user) may be very 585 difficult. 587 When using "sms" URIs as targets of forms (as described in 588 Section 1.3.5), the user agent SHOULD inform the user about the 589 possible security hazards involved when submitting the form (it is 590 probably being sent as plain text over an air interface). 592 4. IANA Considerations 594 Upon publication of this memo as an RFC, IANA has registered the SMS 595 URI scheme, using the template in Section 2, in accordance with RFC 596 4234 [RFC4234]. 598 5. Change Log 600 This section will not be part of the final RFC text, it serves as a 601 container to collect the history of the individual draft versions. 602 Please remove this section before publication as RFC 604 5.1. From -13 to -14 606 o Updated abstract of Section 2 to the new abstract of the complete 607 document (mentioning of gateway functionality removed). 609 o Removed the "smsc" qualifier which allowed the specification of an 610 SMSC to be used for SMS message delivery. 612 o Removed the section about interfacing between a user agent 613 processing an "sms" URI, and a Web-based service for SMS 614 composition and sending. 616 o Replaced "gstn-phone" with "sms-number" in Section 1.3.3 617 (inconsistency from earlier syntax revision). 619 o Replaced all quotes around ABNF symbols within text with <...> to 620 clearly identify them as ABNF. 622 o Updated all references to their complete XML version. 624 o Added Section 4. 626 5.2. From -12 to -13 628 o Updated [SMS] to point to the latest version of the SMS spec (3GPP 629 TS 23.040 V7.0.1). 631 o Removed support for telematic interworking from the draft. This 632 feature of SMS messaging is hard to understand, poorly supported 633 by clients as well as network operators, and for these reasons 634 would have been likely to see poor adoption in implementations 635 anyway. 637 o Added some text making it more clear that all recipients SHOULD be 638 sent the exact same message. 640 o Several small editorial changes. 642 5.3. From -11 to -12 644 o Integrated draft-wilde-sms-service-11 and 645 draft-wilde-sms-uri-registration-00 into this draft. This draft 646 is now self-contained. 648 o Changed the phone number notation to use the definition from RFC 649 3966 [RFC3966] rather than RFC 3601 (RFC 3966 is a simpler 650 notation disallowing some of the special characters allowed by RFC 651 3601). 653 o Rephrased various parts of Section 3. 655 o Removed Section "Author/Change Controller". 657 o RFC 2806 (tel URI scheme) has been obsoleted by [RFC3966]. 659 5.4. From -10 to -11 661 o RFC 2234 (ABNF) has been obsoleted by [RFC4234]. 663 o Updated reference information for [SMS] and [SMS-CHAR]. 665 o Minor textual changes. 667 5.5. From -09 to -10 669 o Added security consideration about filtering local format phone 670 numbers. 672 o Changed IPR clause from RFC 3667 to RFC 3978 (updated version of 673 RFC 3667). 675 5.6. From -08 to -09 677 o Fixed syntax error in hier-part and sms-recipient non-terminals, 678 which allowed sms-recipients to be concatenated without comma 679 separation. 681 5.7. From -07 to -08 683 o URIs are now defined by RFC 3986 [RFC3986], so the text (including 684 the syntax definitions) and the references have been updated. 686 5.8. From -06 to -07 688 o Changed IPR clause from RFC 2026 to RFC 3667 (updated version of 689 RFC 2026). 691 5.9. From -05 to -06 693 o Updated reference from draft-allocchio-gstn to RFC 3601. 695 5.10. From -04 to -05 697 o Updated reference to SMS spec to the version referenced in the SMS 698 service draft. 700 5.11. From -03 to -04 702 o Updated reference to draft-allocchio-gstn (to revision -05). 704 5.12. From -02 to -03 706 o Changed ordering of "change Log" section (descending to 707 ascending). 709 o Clarified the wording at the beginning of Section 1.3.2 about only 710 the keywords of the scheme being case-insensitive. 712 o Changed "sms-body" to be a URI query string. 714 o Added some text describing "sms" URIs as addressing resources. 716 5.13. From -01 to -02 718 o Changed the sms-body field to percent-encoded UTF-8 characters. 720 5.14. From -00 to -01 722 o Added the "sms-body" field and its processing rules. 724 o Added section about using "sms" URIs as query strings for SMS Web 725 services. 727 o Fixed typo in ABNF (said "global-phone" instead of "gstn-phone"). 729 o Added some explanatory text about form submissions using email 730 telematic interworking. 732 o Added some text about character encoding in form submissions. 734 5.15. Change Log of draft-wilde-sms-service 736 This section contains the change log of draft-wilde-sms-service-11 737 before it was incorporated into this document at version 738 draft-wilde-sms-uri-12. 740 5.15.1. From -10 to -11 742 o RFC 2234 (ABNF) has been obsoleted by [RFC4234]. 744 o Added new security issue in Section 3. 746 o Updated reference information for [SMS] and [SMS-CHAR]. 748 o Minor textual changes. 750 5.15.2. From -09 to -10 752 o Changed IPR clause from RFC 3667 to RFC 3978 (updated version of 753 RFC 3667). 755 5.15.3. From -08 to -09 757 o No changes, re-release for alignment with draft-wilde-sms-uri. 759 5.15.4. From -07 to -08 761 o No changes, re-release for alignment with draft-wilde-sms-uri. 763 5.15.5. From -06 to -07 765 o Changed IPR clause from RFC 2026 to RFC 3667 (updated version of 766 RFC 2026). 768 5.15.6. From -05 to -06 770 o Updated reference from draft-allocchio-gstn-05 to RFC 3601. 772 5.15.7. From -04 to -05 774 o No changes, re-release for alignment with draft-wilde-sms-uri. 776 5.15.8. From -03 to -04 778 o Updated reference to draft-allocchio-gstn (to revision -05). 780 5.15.9. From -02 to -03 782 o Changed ordering of "change Log" section (descending to 783 ascending). 785 o Fixed some spelling errors. 787 5.15.10. From -01 to -02 789 o Removed address specification for X.400 SMS from ABNF 790 (surprisingly not part of the SMS spec). 792 o Added some explanatory text about character set mapping for SMS 793 messages. 795 o Added text requiring the use of message class 1 for sending SMS 796 messages. 798 5.15.11. From -00 to -01 800 o Added a number of new security considerations. 802 o Added the "PID" qualif-type1 keyword and the section about "SMS 803 Telematic Interworking" (removed in -13, available as Section 804 1.2.3 in -12). 806 6. References 808 6.1. Normative References 810 [HTML401] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 811 Specification", W3C REC-html401, December 1999, 812 . 814 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 815 Requirement Levels", BCP 14, RFC 2119, March 1997. 817 [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, 818 April 2001. 820 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 821 10646", STD 63, RFC 3629, November 2003. 823 [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", 824 RFC 3966, December 2004. 826 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 827 Resource Identifier (URI): Generic Syntax", STD 66, 828 RFC 3986, January 2005. 830 [RFC4234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 831 Specifications: ABNF", RFC 4234, October 2005. 833 [RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and 834 Registration Procedures for New URI Schemes", BCP 115, 835 RFC 4395, February 2006. 837 [SMS] European Telecommunications Standards Institute, "3GPP TS 838 23.040 V7.0.1 (2007-03): 3rd Generation Partnership 839 Project; Technical Specification Group Core Network and 840 Terminals; Technical realization of the Short Message 841 Service (SMS) (Release 7)", March 2007, . 845 [SMS-CHAR] 846 European Telecommunications Standards Institute, "TS 100 847 900 (GSM 03.38 version 7.2.0 Release 1998): Digital 848 Cellular Telecommunications System (Phase 2+); Alphabets 849 and language-specific information", July 1999, . 853 6.2. Non-Normative References 855 [RFC2368] Hoffmann, P., Masinter, L., and J. Zawinski, "The mailto 856 URL scheme", RFC 2368, June 1998. 858 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 859 June 1999. 861 [RFC2838] Zigmond, D. and M. Vickers, "Uniform Resource Identifiers 862 for Television Broadcasts", RFC 2838, May 2000. 864 [WAP] WAP Forum, "Wireless Application Protocol - Architecture 865 Specification (WAP-210-WAPArch-20010712)", July 2001. 867 [uri-clarification] 868 World Wide Web Consortium, "URIs, URLs, and URNs: 869 Clarifications and Recommendations 1.0", W3C uri- 870 clarification , September 2001, 871 . 873 Appendix A. Where to send Comments 875 Please send all comments and questions concerning this document to 876 Erik Wilde. 878 Appendix B. Acknowledgements 880 This document has been prepared using the IETF document DTD described 881 in RFC 2629 [RFC2629]. 883 Thanks to Claudio Allocchio, Lisa Dusseault, Larry Masinter, Alfred 884 Hoenes, Graham Klyne, Derek Atkins, Michael Patton, and Vijay Gurbani 885 for their comments. 887 Authors' Addresses 889 Erik Wilde 890 UC Berkeley 891 Berkeley, CA 94720-4600 892 U.S.A. 894 Phone: +1-510-6432253 895 Email: dret@berkeley.edu 896 URI: http://dret.net/netdret/ 898 Antti Vaha-Sipila 899 Nokia 901 Email: antti.vaha-sipila@nokia.com 902 URI: http://www.iki.fi/avs/ 904 Full Copyright Statement 906 Copyright (C) The IETF Trust (2007). 908 This document is subject to the rights, licenses and restrictions 909 contained in BCP 78, and except as set forth therein, the authors 910 retain all their rights. 912 This document and the information contained herein are provided on an 913 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 914 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 915 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 916 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 917 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 918 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 920 Intellectual Property 922 The IETF takes no position regarding the validity or scope of any 923 Intellectual Property Rights or other rights that might be claimed to 924 pertain to the implementation or use of the technology described in 925 this document or the extent to which any license under such rights 926 might or might not be available; nor does it represent that it has 927 made any independent effort to identify any such rights. Information 928 on the procedures with respect to rights in RFC documents can be 929 found in BCP 78 and BCP 79. 931 Copies of IPR disclosures made to the IETF Secretariat and any 932 assurances of licenses to be made available, or the result of an 933 attempt made to obtain a general license or permission for the use of 934 such proprietary rights by implementers or users of this 935 specification can be obtained from the IETF on-line IPR repository at 936 http://www.ietf.org/ipr. 938 The IETF invites any interested party to bring to its attention any 939 copyrights, patents or patent applications, or other proprietary 940 rights that may cover technology that may be required to implement 941 this standard. Please address the information to the IETF at 942 ietf-ipr@ietf.org. 944 Acknowledgment 946 Funding for the RFC Editor function is provided by the IETF 947 Administrative Support Activity (IASA).