idnits 2.17.1 draft-wilde-sms-uri-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Aug 3, 2009) is 5377 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'HTML401' ** Obsolete normative reference: RFC 4395 (Obsoleted by RFC 7595) -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS' -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS-CHAR' -- Obsolete informational reference (is this intentional?): RFC 2368 (Obsoleted by RFC 6068) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Wilde 3 Internet-Draft UC Berkeley 4 Intended status: Standards Track A. Vaha-Sipila 5 Expires: February 4, 2010 Nokia 6 Aug 3, 2009 8 URI Scheme for GSM Short Message Service 9 draft-wilde-sms-uri-17 11 Status of this Memo 13 This Internet-Draft is submitted to IETF in full conformance with the 14 provisions of BCP 78 and BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on February 4, 2010. 34 Copyright Notice 36 Copyright (c) 2009 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents in effect on the date of 41 publication of this document (http://trustee.ietf.org/license-info). 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. 45 Abstract 47 This memo specifies the Uniform Resource Identifier (URI) scheme 48 "sms" for specifying one or more recipients for an SMS message. SMS 49 messages are two-way paging messages that can be sent from and 50 received by a mobile phone or a suitably equipped networked device. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. What is GSM? . . . . . . . . . . . . . . . . . . . . . . . 4 56 1.2. What is SMS? . . . . . . . . . . . . . . . . . . . . . . . 4 57 2. The "sms" URI Scheme . . . . . . . . . . . . . . . . . . . . . 8 58 2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 8 59 2.2. Formal Definition . . . . . . . . . . . . . . . . . . . . 8 60 2.3. Processing an "sms" URI . . . . . . . . . . . . . . . . . 9 61 2.4. Examples of Use . . . . . . . . . . . . . . . . . . . . . 10 62 2.5. Using "sms" URIs in HTML Forms . . . . . . . . . . . . . . 10 63 3. URI Scheme Registration . . . . . . . . . . . . . . . . . . . 11 64 3.1. URI Scheme Name . . . . . . . . . . . . . . . . . . . . . 11 65 3.2. Status . . . . . . . . . . . . . . . . . . . . . . . . . . 11 66 3.3. URI Scheme Syntax . . . . . . . . . . . . . . . . . . . . 11 67 3.4. URI Scheme Semantics . . . . . . . . . . . . . . . . . . . 11 68 3.5. Encoding Considerations . . . . . . . . . . . . . . . . . 12 69 3.6. Applications/Protocols that use this URI Scheme Name . . . 12 70 3.7. Interoperability Considerations . . . . . . . . . . . . . 12 71 3.8. Security Considerations . . . . . . . . . . . . . . . . . 12 72 3.9. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 12 73 4. Security Considerations . . . . . . . . . . . . . . . . . . . 12 74 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 75 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 14 76 6.1. From -16 to -17 . . . . . . . . . . . . . . . . . . . . . 14 77 6.2. From -15 to -16 . . . . . . . . . . . . . . . . . . . . . 15 78 6.3. From -14 to -15 . . . . . . . . . . . . . . . . . . . . . 15 79 6.4. From -13 to -14 . . . . . . . . . . . . . . . . . . . . . 15 80 6.5. From -12 to -13 . . . . . . . . . . . . . . . . . . . . . 16 81 6.6. From -11 to -12 . . . . . . . . . . . . . . . . . . . . . 16 82 6.7. From -10 to -11 . . . . . . . . . . . . . . . . . . . . . 16 83 6.8. From -09 to -10 . . . . . . . . . . . . . . . . . . . . . 16 84 6.9. From -08 to -09 . . . . . . . . . . . . . . . . . . . . . 17 85 6.10. From -07 to -08 . . . . . . . . . . . . . . . . . . . . . 17 86 6.11. From -06 to -07 . . . . . . . . . . . . . . . . . . . . . 17 87 6.12. From -05 to -06 . . . . . . . . . . . . . . . . . . . . . 17 88 6.13. From -04 to -05 . . . . . . . . . . . . . . . . . . . . . 17 89 6.14. From -03 to -04 . . . . . . . . . . . . . . . . . . . . . 17 90 6.15. From -02 to -03 . . . . . . . . . . . . . . . . . . . . . 17 91 6.16. From -01 to -02 . . . . . . . . . . . . . . . . . . . . . 17 92 6.17. From -00 to -01 . . . . . . . . . . . . . . . . . . . . . 18 93 6.18. Change Log of draft-wilde-sms-service . . . . . . . . . . 18 94 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19 95 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 96 8.1. Normative References . . . . . . . . . . . . . . . . . . . 20 97 8.2. Non-Normative References . . . . . . . . . . . . . . . . . 20 98 Appendix A. Syntax of 'telephone-subscriber' . . . . . . . . . . 21 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 101 1. Introduction 103 The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 104 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 105 "OPTIONAL" in this document are to be interpreted as described in RFC 106 2119 [RFC2119]. 108 1.1. What is GSM? 110 GSM (Global System for Mobile Communications) is a digital mobile 111 phone standard which is used extensively in many parts of the world. 112 First named after its frequency band around 900 MHz, GSM-900 has 113 provided the basis for several other networks utilizing GSM 114 technology, in particular GSM networks operating in the frequency 115 bands around 1800 MHz and 1900 MHz. When referring to "GSM" in this 116 document, we mean any of these GSM-based networks that operate a 117 short message service. 119 1.2. What is SMS? 121 The Short Message Service (SMS) [SMS] is an integral part of the GSM 122 network technology. It has been very successful and currently is a 123 major source of revenue for many GSM operators. SMS as a service is 124 so successful that other Global Switched Telephone Network (GSTN) 125 technologies have adapted it as well, in particular the Integrated 126 Services Digital Network (ISDN). Because of this development, this 127 memo uses the term "SMS client" to refer to user agents who are able 128 to send and/or receive SMS messages. 130 1.2.1. SMS content 132 GSM SMS messages are alphanumeric paging messages that can be sent to 133 and from SMS clients. SMS messages have a maximum length of 160 134 characters (7-bit characters from the GSM character set [SMS-CHAR]), 135 or 140 octets. Other character sets (such as UCS-2 16-bit 136 characters, resulting in 70 character messages) MAY also be supported 137 [SMS-CHAR], but are defined as being optional by the SMS 138 specification. Consequently, applications handling SMS messages as 139 part of a chain of character processing applications MUST make sure 140 that character sets are correctly mapped to and from the character 141 set used for SMS messages. 143 While the 160 character variety for SMS messages is by far the most 144 widely used one, there are numerous other content types for SMS 145 messages, such as small bitmaps ("operator logos") and simple formats 146 for musical notes ("ring tones"). However, these formats are 147 proprietary and are not considered in this memo. 149 SMS messages are limited in length (140 octets), and the first 150 versions of the SMS specification did not specify any standardized 151 methods for concatenating SMS messages. As a consequence, several 152 proprietary methods were invented, but the current SMS specification 153 does specify message concatenation. In order to deal with this 154 situation, SMS clients composing messages SHOULD use the standard 155 concatenation method based on the header in the TP-User Data field as 156 specified in the SMS specification [SMS]. When sending a message to 157 an SMS recipient whose support for concatenated messages is unknown, 158 the SMS client MAY opt to use the backwards-compatible (text-based) 159 concatenation method defined in the SMS specification [SMS]. 160 Proprietary concatenation methods SHOULD NOT be used except in closed 161 systems, where the capabilities of the recipient(s) are always known. 163 1.2.2. SMS infrastructure 165 SMS messages can be transmitted over an SMS client's network 166 interface using the signaling channels of the underlying GSTN 167 infrastructure, so there is no delay for call setup. Alternatively, 168 SMS messages may be submitted through other front-ends (for example 169 Web-based services), which makes it possible for SMS clients to run 170 on computers which are not directly connected to a GSTN network 171 supporting SMS. 173 SMS messages sent with the GSTN SMS service MUST be sent as class 1 174 SMS messages, if the client is able to specify the message class. 176 1.2.2.1. SMS Centers 178 For delivery within GSTN networks, SMS messages are stored by an 179 entity called SMS Center (SMSC), and sent to the recipient when the 180 subscriber connects to the network. The number of a cooperative SMSC 181 must be known to the SMS sender (i.e., the entity submitting the SMS 182 message to a GSTN infrastructure) when sending the message (usually, 183 the SMSC's number is configured in the SMS client and specific for 184 the network operator to which the sender has subscribed). In most 185 situations, the SMSC number is part of the sending SMS client's 186 configuration. However, in some special cases (such as when the SMS 187 recipient only accepts messages from a certain SMSC), it may be 188 necessary to send the SMS message over a specific SMSC. The scheme 189 specified in this memo does not support the specification of SMSC 190 numbers, so in case of scenarios where messages have to be sent 191 through a certain SMSC, there must be some other context establishing 192 this requirement, or message delivery may fail. 194 1.2.3. Uniform Resource Identifiers 196 One of the core specifications for identifying resources on the 197 Internet is RFC 3986 [RFC3986], specifying the syntax and semantics 198 of a Uniform Resource Identifier (URI). The most important notion of 199 URIs are "schemes", which define a framework within which resources 200 can be uniquely identified and addressed. URIs enable users to 201 access resources, and are used for very diverse schemes such as 202 access protocols (HTTP, FTP), broadcast media (TV channels 203 [RFC2838]), messaging (email [RFC2368]), and even telephone numbers 204 (voice [RFC3966]). 206 URIs often are mentioned together with Uniform Resource Names (URNs) 207 and/or Uniform Resource Locators (URLs), and it often is unclear how 208 to separate these concepts. For the purpose of this memo, only the 209 term URI will be used, referring to the most fundamental concept. 210 The World Wide Web Consortium (W3C) has issued a note 211 [uri-clarification] discussing the topic of URIs, URNs, and URLs in 212 detail. 214 1.2.4. SMS Messages and the Internet 216 One of the important reasons for the universal access of the Web is 217 the ability to access all information through a unique interface. 218 This kind of integration makes it easy to provide information as well 219 as to consume it. One aspect of this integration is the support of 220 user agents (in the case of the Web, commonly referred to as 221 browsers) for multiple content formats (such as HTML, GIF, JPEG) and 222 access schemes (such as HTTP, HTTPS, FTP). 224 The "mailto" scheme has proven to be very useful and popular, because 225 most user agents support it by providing an email composition 226 facility when the user selects (e.g., clicks on) the URI. Similarly, 227 the "sms" scheme can be supported by user agents by providing an SMS 228 message composition facility when the user selects the URI. In cases 229 where the user agent does not provide a built-in SMS message 230 composition facility, the scheme could still be supported by opening 231 a Web page which provides such a service. The specific Web page to 232 be used could be configured by the user, so that each user could use 233 the SMS message composition service of his choice. 235 The goal of this memo is to specify the "sms" URI scheme, so that 236 user agents (such as Web browsers and email clients) can start to 237 support it. The "sms" URI scheme identifies SMS message endpoints as 238 resources. When "sms" URIs are dereferenced, implementations MAY 239 create a message and present it to be edited before being sent, or 240 they MAY invoke additional services to provide the functionality 241 necessary for composing a message and sending it to the SMS message 242 endpoint. In either case, simply activating a link with an "sms" URI 243 SHOULD NOT cause a message to be sent without prior user 244 confirmation. 246 1.2.4.1. SMS Messages and the Web 248 SMS messages can provide an alternative to "mailto" URIs [RFC2368], 249 or "tel" or "fax" URIs [RFC3966]. When a "sms" URI is activated, the 250 user agent MAY start a program for sending an SMS message, just as 251 "mailto" may open a mail client. Unfortunately, most browsers do not 252 support the external handling of internally unsupported URI schemes 253 in the same generalized way as most of them support external handling 254 of content for media types which they do not support internally. 255 Ideally, user agents should implement generic URI parsers and provide 256 a way to associate unsupported schemes with external applications (or 257 Web-based services). 259 The recipient of an SMS message need not be a mobile phone. It can 260 be a server that can process SMS messages, either by gatewaying them 261 to another messaging system (such as regular electronic mail), or by 262 parsing them for supplementary services. 264 SMS messages can be used to transport almost any kind of data (even 265 though there is a very tight size limit), but the only standardized 266 data formats are character-based messages in different character 267 encodings. SMS messages have a maximum length of 160 characters 268 (when using 7-bit characters from the SMS character set), or 140 269 octets. However, SMS messages can be concatenated to form longer 270 messages. It is up to the user agent to decide whether to limit the 271 length of the message, and how to indicate this limit in its user 272 interface, if necessary. There is one exception to this, see 273 Section 2.5. 275 1.2.4.2. SMS Messages and Forms 277 The Hypertext Markup Language (HTML) [HTML401] provides a way to 278 collect information from a user and pass it to a server for 279 processing. This functionality is known as "HTML forms". A 280 filled-in form is usually sent to the destination using the Hypertext 281 Transfer Protocol (HTTP) or email. However, SMS messages can also be 282 used as the transport mechanism for these forms. As SMS transport is 283 "out-of-band" as far as normal HTTP over TCP/IP is concerned, this 284 provides a way to fill in forms offline, and send the data without 285 making a TCP connection to the server, as the set-up time, cost, and 286 overhead for a TCP connection are large compared to an SMS message. 287 Also, depending on the network configuration, the sender's telephone 288 number may be included in the SMS message, thus providing a weak form 289 of authentication. 291 2. The "sms" URI Scheme 293 Syntax definitions are given using the Augmented BNF (ABNF) for 294 syntax specifications [RFC5234]. 296 2.1. Applicability 298 This URI scheme provides information that can be used for sending an 299 SMS message to certain recipient(s). The functionality is comparable 300 to that of the "mailto" URI, which (as per RFC 2368 [RFC2368]) can 301 also be used with a comma-separated list of email addresses. 303 The notation for phone numbers is taken from [RFC3966] and its 304 Erratum 203. Appendix A provides a corrected syntax of the telephone 305 number. Refer to this document for information on why this 306 particular format was chosen. 308 How the SMS message is sent to the SMSC or other intermediaries is 309 outside the scope of this specification. SMS messages can be sent 310 over the GSM air interface, by using a modem and a suitable protocol, 311 or by accessing services over other protocols, such as a Web-based 312 service for sending SMS messages. Also, SMS message service options 313 like deferred delivery and delivery notification requests are not 314 within the scope of this document. Such services MAY be requested 315 from the network by the user agent if necessary. 317 SMS messages sent as a result of this URI MUST be sent as class 1 SMS 318 messages, if the user agent is able to specify the message class. 320 2.2. Formal Definition 322 The URI scheme's keywords specified in the following syntax 323 description are case-insensitive. The syntax of an "sms" URI is 324 formally described as follows, where the URI base syntax is taken 325 from RFC 3986 [RFC3986]: 327 sms-uri = scheme ":" sms-hier-part [ "?" sms-body ] 328 scheme = "sms" 329 sms-hier-part = sms-recipient *( "," sms-recipient ) 330 sms-recipient = telephone-subscriber ; defined in RFC 3966 331 sms-body = "body=" escaped-sms 332 escaped-sms = *( unreserved / pct-encoded ) ; defined in RFC 3986 334 Some illustrative examples using this syntax are given in 335 Section 2.4. 337 The syntax definition for is taken from RFC 338 3966 [RFC3966] (Section 5.1). Please consider Erratum 203 in that 339 specification. For the reader's convenience, Appendix A contains a 340 fixed syntax of the telephone number URI scheme including Erratum 341 203, but RFC 3966 (plus all applicable errata) is the normative 342 reference. The description of phone numbers in RFC 3966 states 343 (quoted from RFC 3966, Section 5.1): "The 'telephone-subscriber' part 344 of the URI indicates the number. The phone number can be represented 345 in either global (E.164) or local notation. All phone numbers MUST 346 use the global form unless they cannot be represented as such. 347 Numbers from private numbering plans, emergency ('911', '112'), and 348 some directory-assistance numbers (e.g., '411') and other 'service 349 codes' (numbers of the form N11 in the United States) cannot be 350 represented in global (E.164) form and need to be represented as a 351 local number with a context. Local numbers MUST be tagged with a 352 'phone-context'." 354 The syntax definition for refers to the text of an SMS 355 where all (as per RFC 3986 [RFC3986]) characters in the 356 SMS text are percent-encoded, please refer to RFC 3986 [RFC3986] for 357 the definition and , and the details about 358 percent-encoding. 360 The is used to define the body of the SMS message to be 361 composed. It consists of percent-encoded UTF-8 characters. 362 Implementations MUST make sure that the characters are 363 converted to a suitable character encoding before sending, the most 364 popular being the 7-bit SMS character encoding, another variant 365 (though not as universally supported as 7-bit SMS) is the UCS-2 366 character encoding (both specified in [SMS-CHAR]). Implementations 367 MAY choose to discard (or convert) characters in the that 368 are not supported by the SMS character set they are using to send the 369 SMS message. If they do discard or convert characters, they MUST 370 notify the user. 372 User agents SHOULD support multiple recipients, and SHOULD make it 373 clear to users what the entire list of recipients is, before 374 committing the user to sending all the messages. 376 2.3. Processing an "sms" URI 378 The following list describes the steps for processing an "sms" URI: 380 1. The phone number of the first is extracted. It 381 is the phone number of the final recipient and it MUST be written 382 in international form with country code, unless the number only 383 works from inside a certain geographical area or a network. Note 384 that some numbers may work from several networks but not from the 385 whole world - these SHOULD be written in international form. 387 According to RFC 3966 [RFC3966], all international numbers MUST 388 begin with a "+" character. Hyphens, dots, and parentheses 389 (referred to as "visual separators" in RFC 3966) are used only to 390 improve readability and MUST NOT convey any other meaning. 392 2. The is extracted, if present. 394 3. The user agent SHOULD provide some means for message composition, 395 either by implementing this itself, or by accessing a service 396 providing it. Message composition SHOULD start with the body 397 extracted from the , if present. 399 4. After message composition, a user agent SHOULD try to send the 400 message first using the default delivery method employed by that 401 user agent. If that fails, the user agent MAY try another 402 delivery method. 404 5. If the URI consists of a comma-separated list of recipients 405 (i.e., contains multiple parts), all of them are 406 processed in this manner. Exactly the same message SHOULD be 407 sent to all of the listed recipients, which means that the 408 message resulting from the message composition step for the first 409 recipient is used unaltered for all other recipients as well. 411 2.4. Examples of Use 413 sms:+17775555555 415 This indicates an SMS message capable recipient at the given 416 telephone number. The message is sent using the user agent's default 417 SMS delivery method. 419 sms:+17775555555,+15557777777 421 This indicates SMS message capable recipients at the given telephone 422 numbers. The identical message should be sent to both recipients 423 using the user agent's default SMS delivery method. 425 sms:+17775555555?body=hello%20there 427 In this case, a message (initially being set to "hello there", which 428 may be modified by the user before sending) will be sent via SMS 429 using the user agent's default SMS delivery method. 431 2.5. Using "sms" URIs in HTML Forms 433 When using a "sms" type URI as an action URI for HTML form submission 434 [HTML401], the form contents MUST be packaged in the SMS message just 435 as they are packaged when using a "mailto" URI [RFC2368], using the 436 "application/x-www-form-urlencoded" media type, effectively packaging 437 all form data into URI compliant syntax [RFC3986]. The SMS message 438 MUST NOT contain any HTTP headers, only the form data. The media 439 type is implicit. It MUST NOT be transferred in the SMS message. 440 Since the SMS message contains the form field values, the 441 of an "sms" type URI used for an HTML form will be ignored. 443 The character encoding used for form submissions MUST be UTF-8 444 [RFC3629]. It should be noted, however, that user agents MUST 445 percent-encode form submissions before sending them (this encoding is 446 specified by the URI syntax [RFC3986]). 448 The user agent SHOULD inform the user about the possible security 449 hazards involved when submitting the form (it is probably being sent 450 as plain text over an air interface). 452 If the form submission is longer than the maximum SMS message size, 453 the user agent MAY either concatenate SMS messages, if it is able to 454 do so, or it MAY refuse to send the message. The user agent MUST NOT 455 send out partial form submissions. 457 3. URI Scheme Registration 459 This memo requests the registration of the Uniform Resource 460 Identifier (URI) scheme "sms" for specifying one or more recipients 461 for an SMS message. The registration request complies with RFC 4395 462 [RFC4395]. 464 3.1. URI Scheme Name 466 sms 468 3.2. Status 470 Provisional 472 3.3. URI Scheme Syntax 474 See Section 2. 476 3.4. URI Scheme Semantics 478 The "sms" defines a way how a message may be composed which is then 479 transmitted using the SMS message transmission method. This scheme 480 can thus be compared to be "mailto" URI scheme [RFC2368]. See 481 Section 2.3 for the details of operation. 483 3.5. Encoding Considerations 485 The optional body field of "sms" URIs may contain a message text, but 486 this text uses percent-encoded UTF-8 characters and thus can always 487 be represented using URI characters. See Section 2 for the details 488 of encoding. 490 3.6. Applications/Protocols that use this URI Scheme Name 492 The "sms" URI scheme is intended to be used in a similar way as the 493 "mailto" URI scheme [RFC2368]. By using "sms" URIs, authors can 494 embed information into documents which can be used as a starting 495 point for initiating message composition. Whether the client is 496 sending the message itself (for example over a GSM air interface) or 497 redirecting the user to a third party for message composition (such 498 as a Web service for sending SMS messages) is outside of the scope of 499 the URI scheme definition. 501 3.7. Interoperability Considerations 503 No interoperability issues have been identified. 505 3.8. Security Considerations 507 See Section 4. 509 3.9. Contact 511 Erik Wilde 512 School of Information 513 UC Berkeley 514 Berkeley, CA 94720-4600 515 U.S.A. 516 tel:+1-510-6432252 517 mailto:dret@berkeley.edu 519 4. Security Considerations 521 SMS messages are transported without any provisions for privacy or 522 integrity, so SMS users should be aware of these inherent security 523 problems of SMS messages. Unlike electronic mail, where additional 524 mechanisms exist to layer security features on top of the basic 525 infrastructure, there currently is no such framework for SMS 526 messages. 528 SMS messages very often are delivered almost instantaneously (if the 529 receiving SMS client is online), but there is no guarantee for when 530 SMS messages will be delivered. In particular, SMS messages between 531 different network operators sometimes take a long time to be 532 delivered (hours or even days) or are not delivered at all, so 533 applications SHOULD NOT make any assumptions about the reliability 534 and performance of SMS message transmission. 536 In most networks, sending SMS messages is not a free service. 537 Therefore, SMS clients MUST make sure that any action that incurs 538 costs is acknowledged by the end user, unless explicitly instructed 539 otherwise by the end user. If an SMS client has different ways of 540 submitting an SMS message (such as a Web service and a phone line), 541 then the end user MUST have a way to control which way is chosen. 543 SMS clients often are limited devices (typically mobile phones), and 544 the sending SMS client SHOULD NOT make any assumptions about the 545 receiving SMS client supporting any non-standard services, such as 546 proprietary message concatenation or proprietary content types. 547 However, if the sending SMS client has prior knowledge about the 548 receiving SMS client, then he MAY use this knowledge to compose non- 549 standard SMS messages. 551 There are certain special SMS messages defined in the SMS 552 specification [SMS] that can be used, for example, to turn on 553 indicators on the phone display, or to send data to certain 554 communication ports (comparable to UDP ports) on the device. Certain 555 proprietary systems (for example, the Wireless Application Protocol 556 [WAP]) define configuration messages that may be used to reconfigure 557 the devices remotely. Any SMS client SHOULD make sure that malicious 558 use of such messages is not possible, for example by filtering out 559 certain SMS User Data headers. Gateways that accept SMS messages 560 e.g. in e-mail messages or Web forms and pass them on to an SMSC, 561 SHOULD implement this kind of "firewalling" approach as well. 563 Because the narrow bandwidth of the SMS communications channel, there 564 should also be checks in place for excessively long concatenated 565 messages. As an example, it may take two minutes to transfer thirty 566 concatenated text messages. 568 Unchecked input from a user MUST NOT be used to populate any other 569 fields in a SMS message other than the User Data field (not including 570 the User Data Header field). All other parts, including the User 571 Data Header, of the short message should only be generated by trusted 572 means. 574 By including "sms" URIs in unsolicited messages (a.k.a. "spam") or 575 other types of advertising, the originator of the "sms" URIs may 576 attempt to reveal an individual's phone number and/or to link the 577 identity (i.e., e-mail address) used for messaging with the identity 578 (i.e., phone number) used for the mobile phone. This attempt to 579 collect information may be a privacy issue, and user agents may make 580 users aware of that risk before composing or sending SMS messages. 581 Users agents which do not provide any feedback about this privacy 582 issue make users more vulnerable to this kind of attack. 584 A user agent SHOULD NOT send out SMS messages without the knowledge 585 of the user, because of associated risks, which include sending 586 masses of SMS messages to a subscriber without his consent, and the 587 costs involved in sending an SMS message. 589 As suggested functionality, the user agent MAY offer a possibility 590 for the user to filter out those phone numbers that are expressed in 591 local format, as most premium-rate numbers are expressed in local 592 format, and because determining the correct local context (and hence 593 the validity of the number to this specific user) may be very 594 difficult. 596 When using "sms" URIs as targets of forms (as described in 597 Section 2.5), the user agent SHOULD inform the user about the 598 possible security hazards involved when submitting the form (it is 599 probably being sent as plain text over an air interface). 601 5. IANA Considerations 603 Upon publication of this memo as an RFC, IANA has registered the 604 "sms" URI scheme, using the template in Section 3, in accordance with 605 RFC 4395 [RFC4395]. 607 6. Change Log 609 This section will not be part of the final RFC text, it serves as a 610 container to collect the history of the individual draft versions. 611 To the editor: Please remove this section before publication as RFC. 613 6.1. From -16 to -17 615 o Changed phone numbers in Section 2.4 to be clearly identifiable 616 example phone numbers. 618 o Changed syntax of to use (defined 619 internally) instead of (which had been reused from RFC 620 3986). 622 o Removed RFC 2822 from the references (unused). 624 o Moved Section 2 outside of Section 1, becoming a top-level 625 section. 627 o Renamed to to avoid confusion with RFC 628 3986 tokens. 630 o Removed unused tokens from Appendix A. 632 6.2. From -15 to -16 634 o Changed phone numbers to be defined by the 635 part of RFC 3966 [RFC3966] rather than being defined here. 637 o Removed the intermediate part and defined to directly use . 640 o Replaced reference to [RFC5234] in Section 5 with correct 641 reference to [RFC4395]. 643 6.3. From -14 to -15 645 o RFC 4234 (ABNF) has been obsoleted by [RFC5234]. 647 6.4. From -13 to -14 649 o Updated abstract of Section 3 to the new abstract of the complete 650 document (mentioning of gateway functionality removed). 652 o Removed the "smsc" qualifier which allowed the specification of an 653 SMSC to be used for SMS message delivery. 655 o Removed the section about interfacing between a user agent 656 processing an "sms" URI, and a Web-based service for SMS 657 composition and sending. 659 o Replaced "gstn-phone" with "sms-number" in Section 2.3 660 (inconsistency from earlier syntax revision). 662 o Replaced all quotes around ABNF symbols within text with <...> to 663 clearly identify them as ABNF. 665 o Updated all references to their complete XML version. 667 o Added Section 5. 669 6.5. From -12 to -13 671 o Updated [SMS] to point to the latest version of the SMS spec (3GPP 672 TS 23.040 V7.0.1). 674 o Removed support for telematic interworking from the draft. This 675 feature of SMS messaging is hard to understand, poorly supported 676 by clients as well as network operators, and for these reasons 677 would have been likely to see poor adoption in implementations 678 anyway. 680 o Added some text making it more clear that all recipients SHOULD be 681 sent the exact same message. 683 o Several small editorial changes. 685 6.6. From -11 to -12 687 o Integrated draft-wilde-sms-service-11 and 688 draft-wilde-sms-uri-registration-00 into this draft. This draft 689 is now self-contained. 691 o Changed the phone number notation to use the definition from RFC 692 3966 [RFC3966] rather than RFC 3601 (RFC 3966 is a simpler 693 notation disallowing some of the special characters allowed by RFC 694 3601). 696 o Rephrased various parts of Section 4. 698 o Removed Section "Author/Change Controller". 700 o RFC 2806 (tel URI scheme) has been obsoleted by [RFC3966]. 702 6.7. From -10 to -11 704 o RFC 2234 (ABNF) has been obsoleted by RFC4234. 706 o Updated reference information for [SMS] and [SMS-CHAR]. 708 o Minor textual changes. 710 6.8. From -09 to -10 712 o Added security consideration about filtering local format phone 713 numbers. 715 o Changed IPR clause from RFC 3667 to RFC 3978 (updated version of 716 RFC 3667). 718 6.9. From -08 to -09 720 o Fixed syntax error in hier-part and sms-recipient non-terminals, 721 which allowed sms-recipients to be concatenated without comma 722 separation. 724 6.10. From -07 to -08 726 o URIs are now defined by RFC 3986 [RFC3986], so the text (including 727 the syntax definitions) and the references have been updated. 729 6.11. From -06 to -07 731 o Changed IPR clause from RFC 2026 to RFC 3667 (updated version of 732 RFC 2026). 734 6.12. From -05 to -06 736 o Updated reference from draft-allocchio-gstn to RFC 3601. 738 6.13. From -04 to -05 740 o Updated reference to SMS spec to the version referenced in the SMS 741 service draft. 743 6.14. From -03 to -04 745 o Updated reference to draft-allocchio-gstn (to revision -05). 747 6.15. From -02 to -03 749 o Changed ordering of "change Log" section (descending to 750 ascending). 752 o Clarified the wording at the beginning of Section 2.2 about only 753 the keywords of the scheme being case-insensitive. 755 o Changed "sms-body" to be a URI query string. 757 o Added some text describing "sms" URIs as addressing resources. 759 6.16. From -01 to -02 761 o Changed the sms-body field to percent-encoded UTF-8 characters. 763 6.17. From -00 to -01 765 o Added the "sms-body" field and its processing rules. 767 o Added section about using "sms" URIs as query strings for SMS Web 768 services. 770 o Fixed typo in ABNF (said "global-phone" instead of "gstn-phone"). 772 o Added some explanatory text about form submissions using email 773 telematic interworking. 775 o Added some text about character encoding in form submissions. 777 6.18. Change Log of draft-wilde-sms-service 779 This section contains the change log of draft-wilde-sms-service-11 780 before it was incorporated into this document at version 781 draft-wilde-sms-uri-12. 783 6.18.1. From -10 to -11 785 o RFC 2234 (ABNF) has been obsoleted by RFC4234. 787 o Added new security issue in Section 4. 789 o Updated reference information for [SMS] and [SMS-CHAR]. 791 o Minor textual changes. 793 6.18.2. From -09 to -10 795 o Changed IPR clause from RFC 3667 to RFC 3978 (updated version of 796 RFC 3667). 798 6.18.3. From -08 to -09 800 o No changes, re-release for alignment with draft-wilde-sms-uri. 802 6.18.4. From -07 to -08 804 o No changes, re-release for alignment with draft-wilde-sms-uri. 806 6.18.5. From -06 to -07 808 o Changed IPR clause from RFC 2026 to RFC 3667 (updated version of 809 RFC 2026). 811 6.18.6. From -05 to -06 813 o Updated reference from draft-allocchio-gstn-05 to RFC 3601. 815 6.18.7. From -04 to -05 817 o No changes, re-release for alignment with draft-wilde-sms-uri. 819 6.18.8. From -03 to -04 821 o Updated reference to draft-allocchio-gstn (to revision -05). 823 6.18.9. From -02 to -03 825 o Changed ordering of "change Log" section (descending to 826 ascending). 828 o Fixed some spelling errors. 830 6.18.10. From -01 to -02 832 o Removed address specification for X.400 SMS from ABNF 833 (surprisingly not part of the SMS spec). 835 o Added some explanatory text about character set mapping for SMS 836 messages. 838 o Added text requiring the use of message class 1 for sending SMS 839 messages. 841 6.18.11. From -00 to -01 843 o Added a number of new security considerations. 845 o Added the "PID" qualif-type1 keyword and the section about "SMS 846 Telematic Interworking" (removed in -13, available as Section 847 1.2.3 in -12). 849 7. Acknowledgements 851 This document has been prepared using the IETF document DTD described 852 in RFC 2629 [RFC2629]. 854 Thanks to (listed alphabetically) Claudio Allocchio, Derek Atkins, 855 Leslie Daigle, Lisa Dusseault, Vijay Gurbani, Alfred Hoenes, Cullen 856 Jennings, Graham Klyne, Larry Masinter, Michael Patton, and Magnus 857 Westerlund for their comments. 859 8. References 861 8.1. Normative References 863 [HTML401] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 864 Specification", W3C REC-html401, December 1999, 865 . 867 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 868 Requirement Levels", BCP 14, RFC 2119, March 1997. 870 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 871 10646", STD 63, RFC 3629, November 2003. 873 [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", 874 RFC 3966, December 2004. 876 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 877 Resource Identifier (URI): Generic Syntax", STD 66, 878 RFC 3986, January 2005. 880 [RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and 881 Registration Procedures for New URI Schemes", BCP 115, 882 RFC 4395, February 2006. 884 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 885 Specifications: ABNF", RFC 5234, January 2008. 887 [SMS] European Telecommunications Standards Institute, "3GPP TS 888 23.040 V7.0.1 (2007-03): 3rd Generation Partnership 889 Project; Technical Specification Group Core Network and 890 Terminals; Technical realization of the Short Message 891 Service (SMS) (Release 7)", March 2007, . 895 [SMS-CHAR] 896 European Telecommunications Standards Institute, "TS 100 897 900 (GSM 03.38 version 7.2.0 Release 1998): Digital 898 Cellular Telecommunications System (Phase 2+); Alphabets 899 and language-specific information", July 1999, . 903 8.2. Non-Normative References 905 [RFC2368] Hoffmann, P., Masinter, L., and J. Zawinski, "The mailto 906 URL scheme", RFC 2368, June 1998. 908 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 909 June 1999. 911 [RFC2838] Zigmond, D. and M. Vickers, "Uniform Resource Identifiers 912 for Television Broadcasts", RFC 2838, May 2000. 914 [WAP] WAP Forum, "Wireless Application Protocol - Architecture 915 Specification (WAP-210-WAPArch-20010712)", July 2001. 917 [uri-clarification] 918 World Wide Web Consortium, "URIs, URLs, and URNs: 919 Clarifications and Recommendations 1.0", W3C uri- 920 clarification , September 2001, 921 . 923 Appendix A. Syntax of 'telephone-subscriber' 925 The following syntax is reproduced from Section 3 of RFC 3966 926 [RFC3966]. It defines the part used in the 927 SMS URI scheme syntax. Please note that it includes Erratum 203 for 928 RFC 3966, which changes the definition of . 930 telephone-subscriber = global-number / local-number 931 global-number = global-number-digits *par 932 local-number = local-number-digits *par context *par 933 par = parameter / extension / isdn-subaddress 934 isdn-subaddress = ";isub=" 1*paramchar 935 extension = ";ext=" 1*phonedigit 936 context = ";phone-context=" descriptor 937 descriptor = domainname / global-number-digits 938 global-number-digits = "+" *phonedigit DIGIT *phonedigit 939 local-number-digits = 940 *phonedigit-hex (HEXDIG / "*" / "#")*phonedigit-hex 941 domainname = *( domainlabel "." ) toplabel [ "." ] 942 domainlabel = alphanum 943 / alphanum *( alphanum / "-" ) alphanum 944 toplabel = ALPHA / ALPHA *( alphanum / "-" ) alphanum 945 parameter = ";" pname ["=" pvalue ] 946 pname = 1*( alphanum / "-" ) 947 pvalue = 1*paramchar 948 paramchar = param-unreserved / unreserved / pct-encoded 949 unreserved = alphanum / mark 950 mark = "-" / "_" / "." / "!" / "~" / "*" / 951 "'" / "(" / ")" 952 pct-encoded = "%" HEXDIG HEXDIG 953 param-unreserved = "[" / "]" / "/" / ":" / "&" / "+" / "$" 954 phonedigit = DIGIT / [ visual-separator ] 955 phonedigit-hex = HEXDIG / "*" / "#" / [ visual-separator ] 956 visual-separator = "-" / "." / "(" / ")" 957 alphanum = ALPHA / DIGIT 959 Authors' Addresses 961 Erik Wilde 962 UC Berkeley 963 Berkeley, CA 94720-4600 964 U.S.A. 966 Phone: +1-510-6432253 967 Email: dret@berkeley.edu 968 URI: http://dret.net/netdret/ 970 Antti Vaha-Sipila 971 Nokia 973 Email: antti.vaha-sipila@nokia.com 974 URI: http://www.iki.fi/avs/