idnits 2.17.1 

draft-wilde-sms-uri-16.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 16.

  -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on
     line 974.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 985.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 992.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 998.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust Copyright Line does not match the
     current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (Aug 29, 2008) is 5719 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: 'RFC2822' is defined on line 834, but no explicit
     reference was found in the text

  -- Possible downref: Non-RFC (?) normative reference: ref. 'HTML401'

  ** Obsolete normative reference: RFC 2822 (Obsoleted by RFC 5322)

  ** Obsolete normative reference: RFC 4395 (Obsoleted by RFC 7595)

  -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS-CHAR'

  -- Obsolete informational reference (is this intentional?): RFC 2368
     (Obsoleted by RFC 6068)

  -- Obsolete informational reference (is this intentional?): RFC 2629
     (Obsoleted by RFC 7749)


     Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 12 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                           E. Wilde
3	Internet-Draft                                               UC Berkeley
4	Intended status: Standards Track                          A. Vaha-Sipila
5	Expires: March 2, 2009                                             Nokia
6	                                                            Aug 29, 2008

8	                URI Scheme for GSM Short Message Service
9	                         draft-wilde-sms-uri-16

11	Status of this Memo

13	   By submitting this Internet-Draft, each author represents that any
14	   applicable patent or other IPR claims of which he or she is aware
15	   have been or will be disclosed, and any of which he or she becomes
16	   aware will be disclosed, in accordance with Section 6 of BCP 79.

18	   Internet-Drafts are working documents of the Internet Engineering
19	   Task Force (IETF), its areas, and its working groups.  Note that
20	   other groups may also distribute working documents as Internet-
21	   Drafts.

23	   Internet-Drafts are draft documents valid for a maximum of six months
24	   and may be updated, replaced, or obsoleted by other documents at any
25	   time.  It is inappropriate to use Internet-Drafts as reference
26	   material or to cite them other than as "work in progress."

28	   The list of current Internet-Drafts can be accessed at
29	   http://www.ietf.org/ietf/1id-abstracts.txt.

31	   The list of Internet-Draft Shadow Directories can be accessed at
32	   http://www.ietf.org/shadow.html.

34	   This Internet-Draft will expire on March 2, 2009.

36	Abstract

38	   This memo specifies the Uniform Resource Identifier (URI) scheme
39	   "sms" for specifying one or more recipients for an SMS message.  SMS
40	   messages are two-way paging messages that can be sent from and
41	   received by a mobile phone or a suitably equipped networked device.

43	Table of Contents

45	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
46	     1.1.  What is GSM? . . . . . . . . . . . . . . . . . . . . . . .  3
47	     1.2.  What is SMS? . . . . . . . . . . . . . . . . . . . . . . .  3
48	     1.3.  The "sms" URI Scheme . . . . . . . . . . . . . . . . . . .  7
49	   2.  URI Scheme Registration  . . . . . . . . . . . . . . . . . . . 10
50	     2.1.  URI Scheme Name  . . . . . . . . . . . . . . . . . . . . . 10
51	     2.2.  Status . . . . . . . . . . . . . . . . . . . . . . . . . . 10
52	     2.3.  URI Scheme Syntax  . . . . . . . . . . . . . . . . . . . . 11
53	     2.4.  URI Scheme Semantics . . . . . . . . . . . . . . . . . . . 11
54	     2.5.  Encoding Considerations  . . . . . . . . . . . . . . . . . 11
55	     2.6.  Applications/Protocols that use this URI Scheme Name . . . 11
56	     2.7.  Interoperability Considerations  . . . . . . . . . . . . . 11
57	     2.8.  Security Considerations  . . . . . . . . . . . . . . . . . 11
58	     2.9.  Contact  . . . . . . . . . . . . . . . . . . . . . . . . . 11
59	   3.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
60	   4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
61	   5.  Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 13
62	     5.1.  From -15 to -16  . . . . . . . . . . . . . . . . . . . . . 14
63	     5.2.  From -14 to -15  . . . . . . . . . . . . . . . . . . . . . 14
64	     5.3.  From -13 to -14  . . . . . . . . . . . . . . . . . . . . . 14
65	     5.4.  From -12 to -13  . . . . . . . . . . . . . . . . . . . . . 14
66	     5.5.  From -11 to -12  . . . . . . . . . . . . . . . . . . . . . 15
67	     5.6.  From -10 to -11  . . . . . . . . . . . . . . . . . . . . . 15
68	     5.7.  From -09 to -10  . . . . . . . . . . . . . . . . . . . . . 15
69	     5.8.  From -08 to -09  . . . . . . . . . . . . . . . . . . . . . 15
70	     5.9.  From -07 to -08  . . . . . . . . . . . . . . . . . . . . . 16
71	     5.10. From -06 to -07  . . . . . . . . . . . . . . . . . . . . . 16
72	     5.11. From -05 to -06  . . . . . . . . . . . . . . . . . . . . . 16
73	     5.12. From -04 to -05  . . . . . . . . . . . . . . . . . . . . . 16
74	     5.13. From -03 to -04  . . . . . . . . . . . . . . . . . . . . . 16
75	     5.14. From -02 to -03  . . . . . . . . . . . . . . . . . . . . . 16
76	     5.15. From -01 to -02  . . . . . . . . . . . . . . . . . . . . . 16
77	     5.16. From -00 to -01  . . . . . . . . . . . . . . . . . . . . . 16
78	     5.17. Change Log of draft-wilde-sms-service  . . . . . . . . . . 17
79	   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
80	     6.1.  Normative References . . . . . . . . . . . . . . . . . . . 18
81	     6.2.  Non-Normative References . . . . . . . . . . . . . . . . . 19
82	   Appendix A.  Syntax of 'telephone-subscriber'  . . . . . . . . . . 20
83	   Appendix B.  Where to send Comments  . . . . . . . . . . . . . . . 20
84	   Appendix C.  Acknowledgements  . . . . . . . . . . . . . . . . . . 21
85	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21
86	   Intellectual Property and Copyright Statements . . . . . . . . . . 22

88	1.  Introduction

90	   Compliant software MUST follow this specification.  The capitalized
91	   key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
92	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
93	   document are to be interpreted as described in RFC 2119 [RFC2119].

95	1.1.  What is GSM?

97	   GSM (Global System for Mobile Communications) is a digital mobile
98	   phone standard which is used extensively in many parts of the world.
99	   First named after its frequency band around 900 MHz, GSM-900 has
100	   provided the basis for several other networks utilizing GSM
101	   technology, in particular GSM networks operating in the frequency
102	   bands around 1800 MHz and 1900 MHz.  When referring to "GSM" in this
103	   document, we mean any of these GSM-based networks that operate a
104	   short message service.

106	1.2.  What is SMS?

108	   The Short Message Service (SMS) [SMS] is an integral part of the GSM
109	   network technology.  It has been very successful and currently is a
110	   major source of revenue for many GSM operators.  SMS as a service is
111	   so successful that other Global Switched Telephone Network (GSTN)
112	   technologies have adapted it as well, in particular the Integrated
113	   Services Digital Network (ISDN).  Because of this development, this
114	   memo uses the term "SMS client" to refer to user agents who are able
115	   to send and/or receive SMS messages.

117	1.2.1.  SMS content

119	   GSM SMS messages are alphanumeric paging messages that can be sent to
120	   and from SMS clients.  SMS messages have a maximum length of 160
121	   characters (7-bit characters from the GSM character set [SMS-CHAR]),
122	   or 140 octets.  Other character sets (such as UCS-2 16-bit
123	   characters, resulting in 70 character messages) MAY also be supported
124	   [SMS-CHAR], but are defined as being optional by the SMS
125	   specification.  Consequently, applications handling SMS messages as
126	   part of a chain of character processing applications MUST make sure
127	   that character sets are correctly mapped to and from the character
128	   set used for SMS messages.

130	   While the 160 character variety for SMS messages is by far the most
131	   widely used one, there are numerous other content types for SMS
132	   messages, such as small bitmaps ("operator logos") and simple formats
133	   for musical notes ("ring tones").  However, these formats are
134	   proprietary and are not considered in this memo.

136	   SMS messages are very limited in length (140 octets), and the first
137	   versions of the SMS specification did not specify any standardized
138	   methods for concatenating SMS messages.  As a consequence, several
139	   proprietary methods were invented, but the current SMS specification
140	   does specify message concatenation.  In order to deal with this
141	   situation, SMS clients composing messages SHOULD use the standard
142	   concatenation method based on the header in the TP-User Data field as
143	   specified in the SMS specification [SMS].  When sending a message to
144	   an SMS recipient whose support for concatenated messages is unknown,
145	   the SMS client MAY opt to use the backwards-compatible (text-based)
146	   concatenation method defined in the SMS specification [SMS].
147	   Proprietary concatenation methods SHOULD NOT be used except in closed
148	   systems, where the capabilities of the recipient(s) are always known.

150	1.2.2.  SMS infrastructure

152	   SMS messages can be transmitted over an SMS client's network
153	   interface using the signaling channels of the underlying GSTN
154	   infrastructure, so there is no delay for call setup.  Alternatively,
155	   SMS messages may be submitted through other front-ends (for example
156	   Web-based services), which makes it possible for SMS clients to run
157	   on computers which are not directly connected to a GSTN network
158	   supporting SMS.

160	   SMS messages sent with the GSTN SMS service MUST be sent as class 1
161	   SMS messages, if the client is able to specify the message class.

163	1.2.2.1.  SMS Centers

165	   For delivery within GSTN networks, SMS messages are stored by an
166	   entity called SMS Center (SMSC), and sent to the recipient when the
167	   subscriber connects to the network.  The number of a cooperative SMSC
168	   must be known to the SMS sender (i.e., the entity submitting the SMS
169	   message to a GSTN infrastructure) when sending the message (usually,
170	   the SMSC's number is configured in the SMS client and specific for
171	   the network operator to which the sender has subscribed).  In most
172	   situations, the SMSC number is part of the sending SMS client's
173	   configuration.  However, in some special cases (such as when the SMS
174	   recipient only accepts messages from a certain SMSC), it may be
175	   necessary to send the SMS message over a specific SMSC.  The scheme
176	   specified in this memo does not support the specification of SMSC
177	   numbers, so in case of scenarios where messages have to be sent
178	   through a certain SMSC, there must be some other context establishing
179	   this requirement, or message delivery may fail.

181	   Short messages can be mobile terminated (MT) or mobile originated
182	   (MO).  MT messages are the ones that arrive at SMS clients; MO
183	   messages are sent by SMS clients.  Networks may support either, both,
184	   or none of these.  For the purpose of this memo, it is important that
185	   the sending SMS client is allowed to submit MO messages, and that the
186	   receiver is allowed to receive MT messages.

188	   The exact setup of message submission and delivery is outside the
189	   scope of this memo, it may incorporate additional hops in addition to
190	   the pure SMS transport.  For example, the sending SMS client may use
191	   a Web-based service to submit the SMS message, and the receiving SMS
192	   client may be set up to forward the SMS to an email account.  For the
193	   purpose of this memo, it is important that the receiver can be
194	   addressed by a GSTN number, and that the sender can submit an SMS
195	   message using this number.

197	1.2.3.  Uniform Resource Identifiers

199	   One of the core specifications for identifying resources on the
200	   Internet is RFC 3986 [RFC3986], specifying the syntax and semantics
201	   of a Uniform Resource Identifier (URI).  The most important notion of
202	   URIs are "schemes", which define a framework within which resources
203	   can be uniquely identified and addressed.  URIs enable users to
204	   access resources, and are used for very diverse schemes such as
205	   access protocols (HTTP, FTP), broadcast media (TV channels
206	   [RFC2838]), messaging (email [RFC2368]), and even telephone numbers
207	   (voice [RFC3966]).

209	   URIs often are mentioned together with Uniform Resource Names (URNs)
210	   and/or Uniform Resource Locators (URLs), and it often is unclear how
211	   to separate these concepts.  For the purpose of this memo, only the
212	   term URI will be used, referring to the most fundamental concept.
213	   The World Wide Web Consortium (W3C) has issued a note
214	   [uri-clarification] discussing the topic of URIs, URNs, and URLs in
215	   detail.

217	1.2.4.  SMS Messages and the Internet

219	   One of the important reasons for the universal access of the Web is
220	   the ability to access all information through a unique interface.
221	   This kind of integration makes it easy to provide information as well
222	   as to consume it.  One aspect of this integration is the support of
223	   user agents (in the case of the Web, commonly referred to as
224	   browsers) for multiple content formats (such as HTML, GIF, JPEG) and
225	   access schemes (such as HTTP, HTTPS, FTP).

227	   The "mailto" scheme has proven to be very useful and popular, because
228	   most user agents support it by providing an email composition
229	   facility when the user selects (e.g., clicks on) the URI.  Similarly,
230	   the "sms" scheme can be supported by user agents by providing an SMS
231	   message composition facility when the user selects the URI.  In cases
232	   where the user agent does not provide a built-in SMS message
233	   composition facility, the scheme could still be supported by opening
234	   a Web page which provides such a service.  The specific Web page to
235	   be used could be configured by the user, so that each user could use
236	   the SMS message composition service of his choice.

238	   The goal of this memo is to specify the "sms" URI scheme, so that
239	   user agents (such as Web browsers and email clients) can start to
240	   support it.  The "sms" URI scheme identifies SMS message endpoints as
241	   resources.  When "sms" URIs are dereferenced, implementations MAY
242	   create a message and present it to be edited before being sent, or
243	   they MAY invoke additional services to provide the functionality
244	   necessary for composing a message and sending it to the SMS message
245	   endpoint.  In either case, simply activating a link with an "sms" URI
246	   SHOULD NOT cause a message to be sent without prior user
247	   confirmation.

249	1.2.4.1.  SMS Messages and the Web

251	   SMS messages can provide an alternative to "mailto" URIs [RFC2368],
252	   or "tel" or "fax" URIs [RFC3966].  When a "sms" URI is activated, the
253	   user agent MAY start a program for sending an SMS message, just as
254	   "mailto" may open a mail client.  Unfortunately, most browsers do not
255	   support the external handling of internally unsupported URI schemes
256	   in the same generalized way as most of them support external handling
257	   of content for media types which they do not support internally.
258	   Ideally, user agents should implement generic URI parsers and provide
259	   a way to associate unsupported schemes with external applications (or
260	   Web-based services).

262	   The recipient of an SMS message need not be a mobile phone.  It can
263	   be a server that can process SMS messages, either by gatewaying them
264	   to another messaging system (such as regular electronic mail), or by
265	   parsing them for supplementary services.

267	   SMS messages can be used to transport almost any kind of data (even
268	   though there is a very tight size limit), but the only standardized
269	   data formats are character-based messages in different character
270	   encodings.  SMS messages have a maximum length of 160 characters
271	   (when using 7-bit characters from the SMS character set), or 140
272	   octets.  However, SMS messages can be concatenated to form longer
273	   messages.  It is up to the user agent to decide whether to limit the
274	   length of the message, and how to indicate this limit in its user
275	   interface, if necessary.  There is one exception to this, see
276	   Section 1.3.5.

278	1.2.4.2.  SMS Messages and Forms

280	   The Hypertext Markup Language (HTML) [HTML401] provides a way to
281	   collect information from a user and pass it to a server for
282	   processing.  This functionality is known as "HTML forms".  A
283	   filled-in form is usually sent to the destination using the Hypertext
284	   Transfer Protocol (HTTP) or email.  However, SMS messages can also be
285	   used as the transport mechanism for these forms.  As SMS transport is
286	   "out-of-band" as far as normal HTTP over TCP/IP is concerned, this
287	   provides a way to fill in forms offline, and send the data without
288	   making a TCP connection to the server, as the set-up time, cost, and
289	   overhead for a TCP connection are large compared to an SMS message.
290	   Also, depending on the network configuration, the sender's telephone
291	   number may be included in the SMS message, thus providing a weak form
292	   of authentication.

294	1.3.  The "sms" URI Scheme

296	   Syntax definitions are given using the Augmented BNF (ABNF) for
297	   syntax specifications [RFC5234].

299	1.3.1.  Applicability

301	   This URI scheme provides information that can be used for sending an
302	   SMS message to certain recipient(s).  The functionality is comparable
303	   to that of the "mailto" URI, which (as per RFC 2368 [RFC2368]) can
304	   also be used with a comma-separated list of email addresses.

306	   The notation for phone numbers is taken from [RFC3966].  Refer to
307	   this document for information on why this particular format was
308	   chosen.

310	   How the SMS message is sent to the SMSC or other intermediaries is
311	   outside the scope of this specification.  SMS messages can be sent
312	   over the GSM air interface, by using a modem and a suitable protocol,
313	   or by accessing services over other protocols, such as a Web-based
314	   service for sending SMS messages.  Also, SMS message service options
315	   like deferred delivery and delivery notification requests are not
316	   within the scope of this document.  Such services MAY be requested
317	   from the network by the user agent if necessary.

319	   SMS messages sent as a result of this URI MUST be sent as class 1 SMS
320	   messages, if the user agent is able to specify the message class.

322	1.3.2.  Formal Definition

324	   The URI scheme's keywords specified in the following syntax
325	   description are case-insensitive.  The syntax of an "sms" URI is
326	   formally described as follows, where the URI base syntax is taken
327	   from RFC 3986 [RFC3986]:

329	   sms-uri         =  scheme ":" hier-part [ "?" sms-body ]
330	   scheme          =  "sms"
331	   hier-part       =  sms-recipient *( "," sms-recipient )
332	   sms-recipient   =  telephone-subscriber
333	   sms-body        =  "body=" query

335	   Some illustrative examples using this syntax are given in
336	   Section 1.3.4.

338	   The syntax definition for <telephone-subscriber> is taken from RFC
339	   3966 [RFC3966], please refer to Section 5.1 of that document (the
340	   syntax is given in Appendix A for easier reference, but RFC 3966 is
341	   the normative reference).  The description of phone numbers in RFC
342	   3966 states (quoted from RFC 3966, Section 5.1): "The 'telephone-
343	   subscriber' part of the URI indicates the number.  The phone number
344	   can be represented in either global (E.164) or local notation.  All
345	   phone numbers MUST use the global form unless they cannot be
346	   represented as such.  Numbers from private numbering plans, emergency
347	   ('911', '112'), and some directory-assistance numbers (e.g., '411')
348	   and other 'service codes' (numbers of the form N11 in the United
349	   States) cannot be represented in global (E.164) form and need to be
350	   represented as a local number with a context.  Local numbers MUST be
351	   tagged with a 'phone-context'."

353	   The syntax definition for <query> is taken from RFC 3986 [RFC3986],
354	   please refer to that document.

356	   The <sms-body> is used to define the body of the SMS message to be
357	   composed.  It consists of percent-encoded UTF-8 characters.
358	   Implementations MUST make sure that the <sms-body> characters are
359	   converted to a suitable character encoding before sending, the most
360	   popular being the 7-bit SMS character encoding, another variant
361	   (though not as universally supported as 7-bit SMS) is the UCS-2
362	   character encoding (both specified in [SMS-CHAR]).  Implementations
363	   MAY choose to discard (or convert) characters in the <sms-body> that
364	   are not supported by the SMS character set they are using to send the
365	   SMS message.  If they do discard or convert characters, they MUST
366	   notify the user.

368	   User agents SHOULD support multiple recipients, and SHOULD make it
369	   clear to users what the entire list of recipients is, before
370	   committing the user to sending all the messages.

372	1.3.3.  Processing an "sms" URI

374	   The following list describes the steps for processing an "sms" URI:

376	   1.  The phone number of the first <sms-recipient> is extracted.  It
377	       is the phone number of the final recipient and it MUST be written
378	       in international form with country code, unless the number only
379	       works from inside a certain geographical area or a network.  Note
380	       that some numbers may work from several networks but not from the
381	       whole world - these SHOULD be written in international form.
382	       According to RFC 3966 [RFC3966], all international numbers MUST
383	       begin with a "+" character.  Hyphens, dots, and parentheses
384	       (referred to as "visual separators" in RFC 3966) are used only to
385	       improve readability and MUST NOT convey any other meaning.

387	   2.  The <sms-body> is extracted, if present.

389	   3.  The user agent should provide some means for message composition,
390	       either by implementing this itself, or by accessing a service
391	       providing it.  Message composition SHOULD start with the body
392	       extracted from the <sms-body>, if present.

394	   4.  After message composition, a user agent SHOULD try to send the
395	       message first using the default delivery method employed by that
396	       user agent.  If that fails, the user agent MAY try another
397	       delivery method.

399	   5.  If the URI consists of a comma-separated list of recipients
400	       (i.e., contains multiple <sms-recipient> parts), all of them are
401	       processed in this manner.  Exactly the same message SHOULD be
402	       sent to all of the listed recipients, which means that the
403	       message resulting from the message composition step for the first
404	       recipient is used unaltered for all other recipients as well.

406	1.3.4.  Examples of Use

408	   sms:+12024561111

410	   This indicates an SMS message capable recipient at the given
411	   telephone number.  The message is sent using the user agent's default
412	   SMS delivery method.

414	   sms:+12024561111,+15102061079

416	   This indicates SMS message capable recipients at the given telephone
417	   numbers.  The identical message should be sent to both recipients
418	   using the user agent's default SMS delivery method.

420	   sms:+12024561111?body=hello%20there

422	   In this case, a message (initially being set to "hello there", which
423	   may be modified by the user before sending) will be sent via SMS
424	   using the user agent's default SMS delivery method.

426	1.3.5.  Using "sms" URIs in HTML Forms

428	   When using a "sms" type URI as an action URI for HTML form submission
429	   [HTML401], the form contents MUST be packaged in the SMS message just
430	   as they are packaged when using a "mailto" URI [RFC2368], using the
431	   "application/x-www-form-urlencoded" media type, effectively packaging
432	   all form data into URI compliant syntax [RFC3986].  The SMS message
433	   MUST NOT contain any HTTP headers, only the form data.  The media
434	   type is implicit.  It MUST NOT be transferred in the SMS message.

436	   The character encoding used for form submissions MUST be UTF-8
437	   [RFC3629].  It should be noted, however, that user agents MUST
438	   percent-encode form submissions before sending them (this encoding is
439	   specified by the URI syntax [RFC3986]).

441	   The user agent SHOULD inform the user about the possible security
442	   hazards involved when submitting the form (it is probably being sent
443	   as plain text over an air interface).

445	   If the form submission is longer than the maximum SMS message size,
446	   the user agent MAY either concatenate SMS messages, if it is able to
447	   do so, or it MAY refuse to send the message.  The user agent MUST NOT
448	   send out partial form submissions.

450	2.  URI Scheme Registration

452	   This memo requests the registration of the Uniform Resource
453	   Identifier (URI) scheme "sms" for specifying one or more recipients
454	   for an SMS message.  The registration request complies with RFC 4395
455	   [RFC4395].

457	2.1.  URI Scheme Name

459	   sms

461	2.2.  Status

463	   Provisional

465	2.3.  URI Scheme Syntax

467	   See Section 1.3.

469	2.4.  URI Scheme Semantics

471	   The "sms" defines a way how a message may be composed which is then
472	   transmitted using the SMS message transmission method.  This scheme
473	   can thus be compared to be "mailto" URI scheme [RFC2368].  See
474	   Section 1.3.3 for the details of operation.

476	2.5.  Encoding Considerations

478	   The optional body field of "sms" URIs may contain a message text, but
479	   this text uses percent-encoded UTF-8 characters and thus can always
480	   be represented using URI characters.  See Section 1.3 for the details
481	   of encoding.

483	2.6.  Applications/Protocols that use this URI Scheme Name

485	   The "sms" URI scheme is intended to be used in a similar way as the
486	   "mailto" URI scheme [RFC2368].  By using "sms" URIs, authors can
487	   embed information into documents which can be used as a starting
488	   point for initiating message composition.  Whether the client is
489	   sending the message itself (for example over a GSM air interface) or
490	   redirecting the user to a third party for message composition (such
491	   as a Web service for sending SMS messages) is outside of the scope of
492	   the URI scheme definition.

494	2.7.  Interoperability Considerations

496	   No interoperability issues have been identified.

498	2.8.  Security Considerations

500	   See Section 3.

502	2.9.  Contact

504	   Erik Wilde
505	   School of Information
506	   UC Berkeley
507	   Berkeley, CA 94720-4600
508	   U.S.A.
509	   tel:+1-510-6432252
510	   mailto:dret@berkeley.edu

512	3.  Security Considerations

514	   SMS messages are transported without any provisions for privacy or
515	   integrity, so SMS users should be aware of these inherent security
516	   problems of SMS messages.  Unlike electronic mail, where additional
517	   mechanisms exist to layer security features on top of the basic
518	   infrastructure, there currently is no such framework for SMS
519	   messages.

521	   SMS messages very often are delivered almost instantaneously (if the
522	   receiving SMS client is online), but there is no guarantee for when
523	   SMS messages will be delivered.  In particular, SMS messages between
524	   different network operators sometimes take a long time to be
525	   delivered (hours or even days) or are not delivered at all, so
526	   applications SHOULD NOT make any assumptions about the reliability
527	   and performance of SMS message transmission.

529	   In most networks, sending SMS messages is not a free service.
530	   Therefore, SMS clients MUST make sure that any action that incurs
531	   costs is acknowledged by the end user, unless explicitly instructed
532	   otherwise by the end user.  If an SMS client has different ways of
533	   submitting an SMS message (such as a Web service and a phone line),
534	   then the end user MUST have a way to control which way is chosen.

536	   SMS clients often are limited devices (typically mobile phones), and
537	   the sending SMS client SHOULD NOT make any assumptions about the
538	   receiving SMS client supporting any non-standard services, such as
539	   proprietary message concatenation or proprietary content types.
540	   However, if the sending SMS client has prior knowledge about the
541	   receiving SMS client, then he MAY use this knowledge to compose non-
542	   standard SMS messages.

544	   There are certain special SMS messages defined in the SMS
545	   specification [SMS] that can be used, for example, to turn on
546	   indicators on the phone display, or to send data to certain
547	   communication ports (comparable to UDP ports) on the device.  Certain
548	   proprietary systems (for example, the Wireless Application Protocol
549	   [WAP]) define configuration messages that may be used to reconfigure
550	   the devices remotely.  Any SMS client SHOULD make sure that malicious
551	   use of such messages is not possible, for example by filtering out
552	   certain SMS User Data headers.  Gateways that accept SMS messages
553	   e.g. in e-mail messages or Web forms and pass them on to an SMSC,
554	   SHOULD implement this kind of "firewalling" approach as well.

556	   Because the narrow bandwidth of the SMS communications channel, there
557	   should also be checks in place for excessively long concatenated
558	   messages.  As an example, it may take two minutes to transfer thirty
559	   concatenated text messages.

561	   Unchecked input from a user MUST NOT be used to populate any other
562	   fields in a SMS message other than the User Data field (not including
563	   the User Data Header field).  All other parts, including the User
564	   Data Header, of the short message should only be generated by trusted
565	   means.

567	   By including "sms" URIs in unsolicited messages (a.k.a. "spam") or
568	   other types of advertising, the originator of the "sms" URIs may
569	   attempt to reveal an individual's phone number and/or to link the
570	   identity (i.e., e-mail address) used for messaging with the identity
571	   (i.e., phone number) used for the mobile phone.  This attempt to
572	   collect information may be a privacy issue, and user agents may make
573	   users aware of that risk before composing or sending SMS messages.
574	   Users agents which do not provide any feedback about this privacy
575	   issue make users more vulnerable to this kind of attack.

577	   A user agent SHOULD NOT send out SMS messages without the knowledge
578	   of the user, because of associated risks, which include sending
579	   masses of SMS messages to a subscriber without his consent, and the
580	   costs involved in sending an SMS message.

582	   As suggested functionality, the user agent MAY offer a possibility
583	   for the user to filter out those phone numbers that are expressed in
584	   local format, as most premium-rate numbers are expressed in local
585	   format, and because determining the correct local context (and hence
586	   the validity of the number to this specific user) may be very
587	   difficult.

589	   When using "sms" URIs as targets of forms (as described in
590	   Section 1.3.5), the user agent SHOULD inform the user about the
591	   possible security hazards involved when submitting the form (it is
592	   probably being sent as plain text over an air interface).

594	4.  IANA Considerations

596	   Upon publication of this memo as an RFC, IANA has registered the
597	   "sms" URI scheme, using the template in Section 2, in accordance with
598	   RFC 4395 [RFC4395].

600	5.  Change Log

602	   This section will not be part of the final RFC text, it serves as a
603	   container to collect the history of the individual draft versions.
604	   To the editor: Please remove this section before publication as RFC.

606	5.1.  From -15 to -16

608	   o  Changed phone numbers to be defined by the <telephone-subscriber>
609	      part of RFC 3966 [RFC3966] rather than being defined here.

611	   o  Removed the intermediate <sms-number> part and defined <sms-
612	      recipient> to directly use <telephone-subscriber>.

614	   o  Replaced reference to [RFC5234] in Section 4 with correct
615	      reference to [RFC4395].

617	5.2.  From -14 to -15

619	   o  RFC 4234 (ABNF) has been obsoleted by [RFC5234].

621	5.3.  From -13 to -14

623	   o  Updated abstract of Section 2 to the new abstract of the complete
624	      document (mentioning of gateway functionality removed).

626	   o  Removed the "smsc" qualifier which allowed the specification of an
627	      SMSC to be used for SMS message delivery.

629	   o  Removed the section about interfacing between a user agent
630	      processing an "sms" URI, and a Web-based service for SMS
631	      composition and sending.

633	   o  Replaced "gstn-phone" with "sms-number" in Section 1.3.3
634	      (inconsistency from earlier syntax revision).

636	   o  Replaced all quotes around ABNF symbols within text with <...> to
637	      clearly identify them as ABNF.

639	   o  Updated all references to their complete XML version.

641	   o  Added Section 4.

643	5.4.  From -12 to -13

645	   o  Updated [SMS] to point to the latest version of the SMS spec (3GPP
646	      TS 23.040 V7.0.1).

648	   o  Removed support for telematic interworking from the draft.  This
649	      feature of SMS messaging is hard to understand, poorly supported
650	      by clients as well as network operators, and for these reasons
651	      would have been likely to see poor adoption in implementations
652	      anyway.

654	   o  Added some text making it more clear that all recipients SHOULD be
655	      sent the exact same message.

657	   o  Several small editorial changes.

659	5.5.  From -11 to -12

661	   o  Integrated draft-wilde-sms-service-11 and
662	      draft-wilde-sms-uri-registration-00 into this draft.  This draft
663	      is now self-contained.

665	   o  Changed the phone number notation to use the definition from RFC
666	      3966 [RFC3966] rather than RFC 3601 (RFC 3966 is a simpler
667	      notation disallowing some of the special characters allowed by RFC
668	      3601).

670	   o  Rephrased various parts of Section 3.

672	   o  Removed Section "Author/Change Controller".

674	   o  RFC 2806 (tel URI scheme) has been obsoleted by [RFC3966].

676	5.6.  From -10 to -11

678	   o  RFC 2234 (ABNF) has been obsoleted by RFC4234.

680	   o  Updated reference information for [SMS] and [SMS-CHAR].

682	   o  Minor textual changes.

684	5.7.  From -09 to -10

686	   o  Added security consideration about filtering local format phone
687	      numbers.

689	   o  Changed IPR clause from RFC 3667 to RFC 3978 (updated version of
690	      RFC 3667).

692	5.8.  From -08 to -09

694	   o  Fixed syntax error in hier-part and sms-recipient non-terminals,
695	      which allowed sms-recipients to be concatenated without comma
696	      separation.

698	5.9.  From -07 to -08

700	   o  URIs are now defined by RFC 3986 [RFC3986], so the text (including
701	      the syntax definitions) and the references have been updated.

703	5.10.  From -06 to -07

705	   o  Changed IPR clause from RFC 2026 to RFC 3667 (updated version of
706	      RFC 2026).

708	5.11.  From -05 to -06

710	   o  Updated reference from draft-allocchio-gstn to RFC 3601.

712	5.12.  From -04 to -05

714	   o  Updated reference to SMS spec to the version referenced in the SMS
715	      service draft.

717	5.13.  From -03 to -04

719	   o  Updated reference to draft-allocchio-gstn (to revision -05).

721	5.14.  From -02 to -03

723	   o  Changed ordering of "change Log" section (descending to
724	      ascending).

726	   o  Clarified the wording at the beginning of Section 1.3.2 about only
727	      the keywords of the scheme being case-insensitive.

729	   o  Changed "sms-body" to be a URI query string.

731	   o  Added some text describing "sms" URIs as addressing resources.

733	5.15.  From -01 to -02

735	   o  Changed the sms-body field to percent-encoded UTF-8 characters.

737	5.16.  From -00 to -01

739	   o  Added the "sms-body" field and its processing rules.

741	   o  Added section about using "sms" URIs as query strings for SMS Web
742	      services.

744	   o  Fixed typo in ABNF (said "global-phone" instead of "gstn-phone").

746	   o  Added some explanatory text about form submissions using email
747	      telematic interworking.

749	   o  Added some text about character encoding in form submissions.

751	5.17.  Change Log of draft-wilde-sms-service

753	   This section contains the change log of draft-wilde-sms-service-11
754	   before it was incorporated into this document at version
755	   draft-wilde-sms-uri-12.

757	5.17.1.  From -10 to -11

759	   o  RFC 2234 (ABNF) has been obsoleted by RFC4234.

761	   o  Added new security issue in Section 3.

763	   o  Updated reference information for [SMS] and [SMS-CHAR].

765	   o  Minor textual changes.

767	5.17.2.  From -09 to -10

769	   o  Changed IPR clause from RFC 3667 to RFC 3978 (updated version of
770	      RFC 3667).

772	5.17.3.  From -08 to -09

774	   o  No changes, re-release for alignment with draft-wilde-sms-uri.

776	5.17.4.  From -07 to -08

778	   o  No changes, re-release for alignment with draft-wilde-sms-uri.

780	5.17.5.  From -06 to -07

782	   o  Changed IPR clause from RFC 2026 to RFC 3667 (updated version of
783	      RFC 2026).

785	5.17.6.  From -05 to -06

787	   o  Updated reference from draft-allocchio-gstn-05 to RFC 3601.

789	5.17.7.  From -04 to -05

791	   o  No changes, re-release for alignment with draft-wilde-sms-uri.

793	5.17.8.  From -03 to -04

795	   o  Updated reference to draft-allocchio-gstn (to revision -05).

797	5.17.9.  From -02 to -03

799	   o  Changed ordering of "change Log" section (descending to
800	      ascending).

802	   o  Fixed some spelling errors.

804	5.17.10.  From -01 to -02

806	   o  Removed address specification for X.400 SMS from ABNF
807	      (surprisingly not part of the SMS spec).

809	   o  Added some explanatory text about character set mapping for SMS
810	      messages.

812	   o  Added text requiring the use of message class 1 for sending SMS
813	      messages.

815	5.17.11.  From -00 to -01

817	   o  Added a number of new security considerations.

819	   o  Added the "PID" qualif-type1 keyword and the section about "SMS
820	      Telematic Interworking" (removed in -13, available as Section
821	      1.2.3 in -12).

823	6.  References

825	6.1.  Normative References

827	   [HTML401]  Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01
828	              Specification", W3C REC-html401, December 1999,
829	              <http://www.w3.org/TR/html401/>.

831	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
832	              Requirement Levels", BCP 14, RFC 2119, March 1997.

834	   [RFC2822]  Resnick, P., "Internet Message Format", RFC 2822,
835	              April 2001.

837	   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
838	              10646", STD 63, RFC 3629, November 2003.

840	   [RFC3966]  Schulzrinne, H., "The tel URI for Telephone Numbers",
841	              RFC 3966, December 2004.

843	   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
844	              Resource Identifier (URI): Generic Syntax", STD 66,
845	              RFC 3986, January 2005.

847	   [RFC4395]  Hansen, T., Hardie, T., and L. Masinter, "Guidelines and
848	              Registration Procedures for New URI Schemes", BCP 115,
849	              RFC 4395, February 2006.

851	   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
852	              Specifications: ABNF", RFC 5234, January 2008.

854	   [SMS]      European Telecommunications Standards Institute, "3GPP TS
855	              23.040 V7.0.1 (2007-03): 3rd Generation Partnership
856	              Project; Technical Specification Group Core Network and
857	              Terminals; Technical realization of the Short Message
858	              Service (SMS) (Release 7)", March 2007, <http://
859	              www.3gpp.org/ftp/Specs/archive/23_series/23.040/
860	              23040-701.zip>.

862	   [SMS-CHAR]
863	              European Telecommunications Standards Institute, "TS 100
864	              900 (GSM 03.38 version 7.2.0 Release 1998): Digital
865	              Cellular Telecommunications System (Phase 2+); Alphabets
866	              and language-specific information", July 1999, <http://
867	              www.3gpp.org/ftp/Specs/archive/03_series/03.38/
868	              0338-720.zip>.

870	6.2.  Non-Normative References

872	   [RFC2368]  Hoffmann, P., Masinter, L., and J. Zawinski, "The mailto
873	              URL scheme", RFC 2368, June 1998.

875	   [RFC2629]  Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
876	              June 1999.

878	   [RFC2838]  Zigmond, D. and M. Vickers, "Uniform Resource Identifiers
879	              for Television Broadcasts", RFC 2838, May 2000.

881	   [WAP]      WAP Forum, "Wireless Application Protocol - Architecture
882	              Specification (WAP-210-WAPArch-20010712)", July 2001.

884	   [uri-clarification]
885	              World Wide Web Consortium, "URIs, URLs, and URNs:
886	              Clarifications and Recommendations 1.0", W3C uri-
887	              clarification , September 2001,
888	              <http://www.w3.org/TR/uri-clarification/>.

890	Appendix A.  Syntax of 'telephone-subscriber'

892	   The following syntax is reproduced from Section 3 of RFC 3966
893	   [RFC3966].  It defines the <telephone-subscriber> part used in the
894	   SMS URI scheme syntax.  Please note that it includes erratum 203 for
895	   RFC 3966, which changes the definition of <isdn-subsddress>.

897	   telephone-subscriber = global-number / local-number
898	   global-number        = global-number-digits *par
899	   local-number         = local-number-digits *par context *par
900	   par                  = parameter / extension / isdn-subaddress
901	   isdn-subaddress      = ";isub=" 1*paramchar
902	   extension            = ";ext=" 1*phonedigit
903	   context              = ";phone-context=" descriptor
904	   descriptor           = domainname / global-number-digits
905	   global-number-digits = "+" *phonedigit DIGIT *phonedigit
906	   local-number-digits  =
907	      *phonedigit-hex (HEXDIG / "*" / "#")*phonedigit-hex
908	   domainname           = *( domainlabel "." ) toplabel [ "." ]
909	   domainlabel          = alphanum
910	                          / alphanum *( alphanum / "-" ) alphanum
911	   toplabel             = ALPHA / ALPHA *( alphanum / "-" ) alphanum
912	   parameter            = ";" pname ["=" pvalue ]
913	   pname                = 1*( alphanum / "-" )
914	   pvalue               = 1*paramchar
915	   paramchar            = param-unreserved / unreserved / pct-encoded
916	   unreserved           = alphanum / mark
917	   mark                 = "-" / "_" / "." / "!" / "~" / "*" /
918	                          "'" / "(" / ")"
919	   pct-encoded          = "%" HEXDIG HEXDIG
920	   param-unreserved     = "[" / "]" / "/" / ":" / "&" / "+" / "$"
921	   phonedigit           = DIGIT / [ visual-separator ]
922	   phonedigit-hex       = HEXDIG / "*" / "#" / [ visual-separator ]
923	   visual-separator     = "-" / "." / "(" / ")"
924	   alphanum             = ALPHA / DIGIT
925	   reserved             = ";" / "/" / "?" / ":" / "@" / "&" /
926	                          "=" / "+" / "$" / ","
927	   uric                 = reserved / unreserved / pct-encoded

929	Appendix B.  Where to send Comments

931	   Please send all comments and questions concerning this document to
932	   Erik Wilde.

934	Appendix C.  Acknowledgements

936	   This document has been prepared using the IETF document DTD described
937	   in RFC 2629 [RFC2629].

939	   Thanks to Claudio Allocchio, Lisa Dusseault, Larry Masinter, Alfred
940	   Hoenes, Graham Klyne, Derek Atkins, Michael Patton, and Vijay Gurbani
941	   for their comments.

943	Authors' Addresses

945	   Erik Wilde
946	   UC Berkeley
947	   Berkeley, CA 94720-4600
948	   U.S.A.

950	   Phone: +1-510-6432253
951	   Email: dret@berkeley.edu
952	   URI:   http://dret.net/netdret/

954	   Antti Vaha-Sipila
955	   Nokia

957	   Email: antti.vaha-sipila@nokia.com
958	   URI:   http://www.iki.fi/avs/

960	Full Copyright Statement

962	   Copyright (C) The IETF Trust (2008).

964	   This document is subject to the rights, licenses and restrictions
965	   contained in BCP 78, and except as set forth therein, the authors
966	   retain all their rights.

968	   This document and the information contained herein are provided on an
969	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
970	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
971	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
972	   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
973	   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
974	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

976	Intellectual Property

978	   The IETF takes no position regarding the validity or scope of any
979	   Intellectual Property Rights or other rights that might be claimed to
980	   pertain to the implementation or use of the technology described in
981	   this document or the extent to which any license under such rights
982	   might or might not be available; nor does it represent that it has
983	   made any independent effort to identify any such rights.  Information
984	   on the procedures with respect to rights in RFC documents can be
985	   found in BCP 78 and BCP 79.

987	   Copies of IPR disclosures made to the IETF Secretariat and any
988	   assurances of licenses to be made available, or the result of an
989	   attempt made to obtain a general license or permission for the use of
990	   such proprietary rights by implementers or users of this
991	   specification can be obtained from the IETF on-line IPR repository at
992	   http://www.ietf.org/ipr.

994	   The IETF invites any interested party to bring to its attention any
995	   copyrights, patents or patent applications, or other proprietary
996	   rights that may cover technology that may be required to implement
997	   this standard.  Please address the information to the IETF at
998	   ietf-ipr@ietf.org.