idnits 2.17.1 draft-wilde-sms-uri-19.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: The "body" is used to define the body of the SMS message to be composed. It MUST not appear more than once in an "sms" URI. It consists of percent-encoded UTF-8 characters. Implementations MUST make sure that the "body" characters are converted to a suitable character encoding before sending, the most popular being the 7-bit SMS character encoding, another variant (though not as universally supported as 7-bit SMS) is the UCS-2 character encoding (both specified in [SMS-CHAR]). Implementations MAY choose to discard (or convert) characters in the that are not supported by the SMS character set they are using to send the SMS message. If they do discard or convert characters, they MUST notify the user. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Aug 23, 2009) is 5331 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'HTML401' ** Obsolete normative reference: RFC 4395 (Obsoleted by RFC 7595) -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS' -- Possible downref: Non-RFC (?) normative reference: ref. 'SMS-CHAR' -- Obsolete informational reference (is this intentional?): RFC 2368 (Obsoleted by RFC 6068) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Wilde 3 Internet-Draft UC Berkeley 4 Intended status: Standards Track A. Vaha-Sipila 5 Expires: February 24, 2010 Nokia 6 Aug 23, 2009 8 URI Scheme for GSM Short Message Service 9 draft-wilde-sms-uri-19 11 Status of this Memo 13 This Internet-Draft is submitted to IETF in full conformance with the 14 provisions of BCP 78 and BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on February 24, 2010. 34 Copyright Notice 36 Copyright (c) 2009 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents in effect on the date of 41 publication of this document (http://trustee.ietf.org/license-info). 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. 45 Abstract 47 This memo specifies the Uniform Resource Identifier (URI) scheme 48 "sms" for specifying one or more recipients for an SMS message. SMS 49 messages are two-way paging messages that can be sent from and 50 received by a mobile phone or a suitably equipped networked device. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. What is GSM? . . . . . . . . . . . . . . . . . . . . . . . 4 56 1.2. What is SMS? . . . . . . . . . . . . . . . . . . . . . . . 4 57 2. The "sms" URI Scheme . . . . . . . . . . . . . . . . . . . . . 7 58 2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 8 59 2.2. Formal Definition . . . . . . . . . . . . . . . . . . . . 8 60 2.3. Processing an "sms" URI . . . . . . . . . . . . . . . . . 10 61 2.4. Examples of Use . . . . . . . . . . . . . . . . . . . . . 10 62 2.5. Using "sms" URIs in HTML Forms . . . . . . . . . . . . . . 11 63 3. URI Scheme Registration . . . . . . . . . . . . . . . . . . . 11 64 3.1. URI Scheme Name . . . . . . . . . . . . . . . . . . . . . 11 65 3.2. Status . . . . . . . . . . . . . . . . . . . . . . . . . . 12 66 3.3. URI Scheme Syntax . . . . . . . . . . . . . . . . . . . . 12 67 3.4. URI Scheme Semantics . . . . . . . . . . . . . . . . . . . 12 68 3.5. Encoding Considerations . . . . . . . . . . . . . . . . . 12 69 3.6. Applications/Protocols that use this URI Scheme Name . . . 12 70 3.7. Interoperability Considerations . . . . . . . . . . . . . 12 71 3.8. Security Considerations . . . . . . . . . . . . . . . . . 12 72 3.9. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 13 73 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 74 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 75 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 15 76 6.1. From -18 to -19 . . . . . . . . . . . . . . . . . . . . . 15 77 6.2. From -17 to -18 . . . . . . . . . . . . . . . . . . . . . 15 78 6.3. From -16 to -17 . . . . . . . . . . . . . . . . . . . . . 15 79 6.4. From -15 to -16 . . . . . . . . . . . . . . . . . . . . . 16 80 6.5. From -14 to -15 . . . . . . . . . . . . . . . . . . . . . 16 81 6.6. From -13 to -14 . . . . . . . . . . . . . . . . . . . . . 16 82 6.7. From -12 to -13 . . . . . . . . . . . . . . . . . . . . . 17 83 6.8. From -11 to -12 . . . . . . . . . . . . . . . . . . . . . 17 84 6.9. From -10 to -11 . . . . . . . . . . . . . . . . . . . . . 17 85 6.10. From -09 to -10 . . . . . . . . . . . . . . . . . . . . . 17 86 6.11. From -08 to -09 . . . . . . . . . . . . . . . . . . . . . 18 87 6.12. From -07 to -08 . . . . . . . . . . . . . . . . . . . . . 18 88 6.13. From -06 to -07 . . . . . . . . . . . . . . . . . . . . . 18 89 6.14. From -05 to -06 . . . . . . . . . . . . . . . . . . . . . 18 90 6.15. From -04 to -05 . . . . . . . . . . . . . . . . . . . . . 18 91 6.16. From -03 to -04 . . . . . . . . . . . . . . . . . . . . . 18 92 6.17. From -02 to -03 . . . . . . . . . . . . . . . . . . . . . 18 93 6.18. From -01 to -02 . . . . . . . . . . . . . . . . . . . . . 19 94 6.19. From -00 to -01 . . . . . . . . . . . . . . . . . . . . . 19 95 6.20. Change Log of draft-wilde-sms-service . . . . . . . . . . 19 97 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 98 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 99 8.1. Normative References . . . . . . . . . . . . . . . . . . . 21 100 8.2. Informative References . . . . . . . . . . . . . . . . . . 22 101 Appendix A. Syntax of 'telephone-subscriber' . . . . . . . . . . 22 102 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 23 104 1. Introduction 106 The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 107 "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 108 "OPTIONAL" in this document are to be interpreted as described in RFC 109 2119 [RFC2119]. 111 1.1. What is GSM? 113 GSM (Global System for Mobile Communications) is a digital mobile 114 phone standard which is used extensively in many parts of the world. 115 First named after its frequency band around 900 MHz, GSM-900 has 116 provided the basis for several other networks utilizing GSM 117 technology, in particular GSM networks operating in the frequency 118 bands around 1800 MHz and 1900 MHz. When referring to "GSM" in this 119 document, we mean any of these GSM-based networks that operate a 120 short message service. 122 1.2. What is SMS? 124 The Short Message Service (SMS) [SMS] is an integral part of the GSM 125 network technology. It has been very successful and currently is a 126 major source of revenue for many GSM operators. SMS as a service is 127 so successful that other Global Switched Telephone Network (GSTN) 128 technologies have adapted it as well, in particular the Integrated 129 Services Digital Network (ISDN). Because of this development, this 130 memo uses the term "SMS client" to refer to user agents who are able 131 to send and/or receive SMS messages. 133 1.2.1. SMS content 135 GSM SMS messages are alphanumeric paging messages that can be sent to 136 and from SMS clients. SMS messages have a maximum length of 160 137 characters (7-bit characters from the GSM character set [SMS-CHAR]), 138 or 140 octets. Other character sets (such as UCS-2 16-bit 139 characters, resulting in 70 character messages) MAY also be supported 140 [SMS-CHAR], but are defined as being optional by the SMS 141 specification. Consequently, applications handling SMS messages as 142 part of a chain of character processing applications MUST make sure 143 that character sets are correctly mapped to and from the character 144 set used for SMS messages. 146 While the 160 character variety for SMS messages is by far the most 147 widely used one, there are numerous other content types for SMS 148 messages, such as small bitmaps ("operator logos") and simple formats 149 for musical notes ("ring tones"). However, these formats are 150 proprietary and are not considered in this memo. 152 SMS messages are limited in length (140 octets), and the first 153 versions of the SMS specification did not specify any standardized 154 methods for concatenating SMS messages. As a consequence, several 155 proprietary methods were invented, but the current SMS specification 156 does specify message concatenation. In order to deal with this 157 situation, SMS clients composing messages SHOULD use the standard 158 concatenation method based on the header in the TP-User Data field as 159 specified in the SMS specification [SMS]. When sending a message to 160 an SMS recipient whose support for concatenated messages is unknown, 161 the SMS client MAY opt to use the backwards-compatible (text-based) 162 concatenation method defined in the SMS specification [SMS]. 163 Proprietary concatenation methods SHOULD NOT be used except in closed 164 systems, where the capabilities of the recipient(s) are always known. 166 1.2.2. SMS infrastructure 168 SMS messages can be transmitted over an SMS client's network 169 interface using the signaling channels of the underlying GSTN 170 infrastructure, so there is no delay for call setup. Alternatively, 171 SMS messages may be submitted through other front-ends (for example 172 Web-based services), which makes it possible for SMS clients to run 173 on computers which are not directly connected to a GSTN network 174 supporting SMS. 176 SMS messages sent with the GSTN SMS service MUST be sent as class 1 177 SMS messages, if the client is able to specify the message class. 179 1.2.2.1. SMS Centers 181 For delivery within GSTN networks, SMS messages are stored by an 182 entity called SMS Center (SMSC), and sent to the recipient when the 183 subscriber connects to the network. The number of a cooperative SMSC 184 must be known to the SMS sender (i.e., the entity submitting the SMS 185 message to a GSTN infrastructure) when sending the message (usually, 186 the SMSC's number is configured in the SMS client and specific for 187 the network operator to which the sender has subscribed). In most 188 situations, the SMSC number is part of the sending SMS client's 189 configuration. However, in some special cases (such as when the SMS 190 recipient only accepts messages from a certain SMSC), it may be 191 necessary to send the SMS message over a specific SMSC. The scheme 192 specified in this memo does not support the specification of SMSC 193 numbers, so in case of scenarios where messages have to be sent 194 through a certain SMSC, there must be some other context establishing 195 this requirement, or message delivery may fail. 197 1.2.3. Uniform Resource Identifiers 199 One of the core specifications for identifying resources on the 200 Internet is RFC 3986 [RFC3986], specifying the syntax and semantics 201 of a Uniform Resource Identifier (URI). The most important notion of 202 URIs are "schemes", which define a framework within which resources 203 can be uniquely identified and addressed. URIs enable users to 204 access resources, and are used for very diverse schemes such as 205 access protocols (HTTP, FTP), broadcast media (TV channels 206 [RFC2838]), messaging (email [RFC2368]), and even telephone numbers 207 (voice [RFC3966]). 209 URIs often are mentioned together with Uniform Resource Names (URNs) 210 and/or Uniform Resource Locators (URLs), and it often is unclear how 211 to separate these concepts. For the purpose of this memo, only the 212 term URI will be used, referring to the most fundamental concept. 213 The World Wide Web Consortium (W3C) has issued a note 214 [uri-clarification] discussing the topic of URIs, URNs, and URLs in 215 detail. 217 1.2.4. SMS Messages and the Internet 219 One of the important reasons for the universal access of the Web is 220 the ability to access all information through a unique interface. 221 This kind of integration makes it easy to provide information as well 222 as to consume it. One aspect of this integration is the support of 223 user agents (in the case of the Web, commonly referred to as 224 browsers) for multiple content formats (such as HTML, GIF, JPEG) and 225 access schemes (such as HTTP, HTTPS, FTP). 227 The "mailto" scheme has proven to be very useful and popular, because 228 most user agents support it by providing an email composition 229 facility when the user selects (e.g., clicks on) the URI. Similarly, 230 the "sms" scheme can be supported by user agents by providing an SMS 231 message composition facility when the user selects the URI. In cases 232 where the user agent does not provide a built-in SMS message 233 composition facility, the scheme could still be supported by opening 234 a Web page which provides such a service. The specific Web page to 235 be used could be configured by the user, so that each user could use 236 the SMS message composition service of his choice. 238 The goal of this memo is to specify the "sms" URI scheme, so that 239 user agents (such as Web browsers and email clients) can start to 240 support it. The "sms" URI scheme identifies SMS message endpoints as 241 resources. When "sms" URIs are dereferenced, implementations MAY 242 create a message and present it to be edited before being sent, or 243 they MAY invoke additional services to provide the functionality 244 necessary for composing a message and sending it to the SMS message 245 endpoint. In either case, simply activating a link with an "sms" URI 246 SHOULD NOT cause a message to be sent without prior user 247 confirmation. 249 1.2.4.1. SMS Messages and the Web 251 SMS messages can provide an alternative to "mailto" URIs [RFC2368], 252 or "tel" or "fax" URIs [RFC3966]. When a "sms" URI is activated, the 253 user agent MAY start a program for sending an SMS message, just as 254 "mailto" may open a mail client. Unfortunately, most browsers do not 255 support the external handling of internally unsupported URI schemes 256 in the same generalized way as most of them support external handling 257 of content for media types which they do not support internally. 258 Ideally, user agents should implement generic URI parsers and provide 259 a way to associate unsupported schemes with external applications (or 260 Web-based services). 262 The recipient of an SMS message need not be a mobile phone. It can 263 be a server that can process SMS messages, either by gatewaying them 264 to another messaging system (such as regular electronic mail), or by 265 parsing them for supplementary services. 267 SMS messages can be used to transport almost any kind of data (even 268 though there is a very tight size limit), but the only standardized 269 data formats are character-based messages in different character 270 encodings. SMS messages have a maximum length of 160 characters 271 (when using 7-bit characters from the SMS character set), or 140 272 octets. However, SMS messages can be concatenated to form longer 273 messages. It is up to the user agent to decide whether to limit the 274 length of the message, and how to indicate this limit in its user 275 interface, if necessary. There is one exception to this, see 276 Section 2.5. 278 1.2.4.2. SMS Messages and Forms 280 The Hypertext Markup Language (HTML) [HTML401] provides a way to 281 collect information from a user and pass it to a server for 282 processing. This functionality is known as "HTML forms". A 283 filled-in form is usually sent to the destination using the Hypertext 284 Transfer Protocol (HTTP) or email. However, SMS messages can also be 285 used as the transport mechanism for these forms. Depending on the 286 network configuration, the sender's telephone number may be included 287 in the SMS message, thus providing a weak form of authentication. 289 2. The "sms" URI Scheme 291 Syntax definitions are given using the Augmented BNF (ABNF) for 292 syntax specifications [RFC5234]. 294 2.1. Applicability 296 This URI scheme provides information that can be used for sending an 297 SMS message to certain recipient(s). The functionality is comparable 298 to that of the "mailto" URI, which (as per RFC 2368 [RFC2368]) can 299 also be used with a comma-separated list of email addresses. 301 The notation for phone numbers is taken from [RFC3966] and its 302 Erratum 203. Appendix A provides a corrected syntax of the telephone 303 number. Refer to this document for information on why this 304 particular format was chosen. 306 How the SMS message is sent to the SMSC or other intermediaries is 307 outside the scope of this specification. SMS messages can be sent 308 over the GSM air interface, by using a modem and a suitable protocol, 309 or by accessing services over other protocols, such as a Web-based 310 service for sending SMS messages. Also, SMS message service options 311 like deferred delivery and delivery notification requests are not 312 within the scope of this document. Such services MAY be requested 313 from the network by the user agent if necessary. 315 SMS messages sent as a result of this URI MUST be sent as class 1 SMS 316 messages, if the user agent is able to specify the message class. 318 2.2. Formal Definition 320 The URI scheme's keywords specified in the following syntax 321 description are case-insensitive. The syntax of an "sms" URI is 322 formally described as follows, where the URI base syntax is taken 323 from RFC 3986 [RFC3986]: 325 sms-uri = scheme ":" sms-hier-part [ "?" sms-fields ] 326 scheme = "sms" 327 sms-hier-part = sms-recipient *( "," sms-recipient ) 328 sms-recipient = telephone-subscriber ; defined in RFC 3966 329 sms-fields = sms-field *( "&" sms-field ) 330 sms-field = sms-field-name "=" escaped-value 331 sms-field-name = "body" / sms-field-ext ; "body" MUST only appear once 332 sms-field-ext = 1*( unreserved ) 333 escaped-value = *( unreserved / pct-encoded ) ; defined in RFC 3986 335 Some illustrative examples using this syntax are given in 336 Section 2.4. 338 The syntax definition for is taken from RFC 339 3966 [RFC3966] (Section 5.1). Please consider Erratum 203 in that 340 specification. For the reader's convenience, Appendix A contains a 341 fixed syntax of the telephone number URI scheme including Erratum 342 203, but RFC 3966 (plus all applicable errata) is the normative 343 reference. The description of phone numbers in RFC 3966 states 344 (quoted from RFC 3966, Section 5.1): "The 'telephone-subscriber' part 345 of the URI indicates the number. The phone number can be represented 346 in either global (E.164) or local notation. All phone numbers MUST 347 use the global form unless they cannot be represented as such. 348 Numbers from private numbering plans, emergency ('911', '112'), and 349 some directory-assistance numbers (e.g., '411') and other 'service 350 codes' (numbers of the form N11 in the United States) cannot be 351 represented in global (E.164) form and need to be represented as a 352 local number with a context. Local numbers MUST be tagged with a 353 'phone-context'." 355 This specification defines a single : "body". Extensions 356 to this specification MAY define additional fields. Extensions MUST 357 NOT change the semantics of the specifications they are extending. 358 Unknown fields encountered in "sms" URIs MUST be ignored by 359 implementations. 361 The "body" is used to define the body of the SMS message 362 to be composed. It MUST not appear more than once in an "sms" URI. 363 It consists of percent-encoded UTF-8 characters. Implementations 364 MUST make sure that the "body" characters are converted 365 to a suitable character encoding before sending, the most popular 366 being the 7-bit SMS character encoding, another variant (though not 367 as universally supported as 7-bit SMS) is the UCS-2 character 368 encoding (both specified in [SMS-CHAR]). Implementations MAY choose 369 to discard (or convert) characters in the that are not 370 supported by the SMS character set they are using to send the SMS 371 message. If they do discard or convert characters, they MUST notify 372 the user. 374 The syntax definition for refers to the text of an 375 SMS where all (as per RFC 3986 [RFC3986]) characters in 376 the SMS text are percent-encoded, please refer to RFC 3986 [RFC3986] 377 for the definition and , and the details 378 about percent-encoding. 380 User agents SHOULD support multiple recipients, and SHOULD make it 381 clear to users what the entire list of recipients is, before 382 committing the user to sending all the messages. 384 2.3. Processing an "sms" URI 386 The following list describes the steps for processing an "sms" URI: 388 1. The phone number of the first is extracted. It 389 is the phone number of the final recipient and it MUST be written 390 in international form with country code, unless the number only 391 works from inside a certain geographical area or a network. Note 392 that some numbers may work from several networks but not from the 393 whole world - these SHOULD be written in international form. 394 According to RFC 3966 [RFC3966], all international numbers MUST 395 begin with a "+" character. Hyphens, dots, and parentheses 396 (referred to as "visual separators" in RFC 3966) are used only to 397 improve readability and MUST NOT convey any other meaning. 399 2. The "body" is extracted, if present. 401 3. The user agent SHOULD provide some means for message composition, 402 either by implementing this itself, or by accessing a service 403 providing it. Message composition SHOULD start with the body 404 extracted from the "body" , if present. 406 4. After message composition, a user agent SHOULD try to send the 407 message first using the default delivery method employed by that 408 user agent. If that fails, the user agent MAY try another 409 delivery method. 411 5. If the URI consists of a comma-separated list of recipients 412 (i.e., contains multiple parts), all of them are 413 processed in this manner. Exactly the same message SHOULD be 414 sent to all of the listed recipients, which means that the 415 message resulting from the message composition step for the first 416 recipient is used unaltered for all other recipients as well. 418 2.4. Examples of Use 420 sms:+15105550101 422 This indicates an SMS message capable recipient at the given 423 telephone number. The message is sent using the user agent's default 424 SMS delivery method. 426 sms:+15105550101,+15105550102 428 This indicates SMS message capable recipients at the given telephone 429 numbers. The identical message should be sent to both recipients 430 using the user agent's default SMS delivery method. 432 sms:+15105550101?body=hello%20there 434 In this case, a message (initially being set to "hello there", which 435 may be modified by the user before sending) will be sent via SMS 436 using the user agent's default SMS delivery method. 438 2.5. Using "sms" URIs in HTML Forms 440 When using a "sms" type URI as an action URI for HTML form submission 441 [HTML401], the form contents MUST be packaged in the SMS message just 442 as they are packaged when using a "mailto" URI [RFC2368], using the 443 "application/x-www-form-urlencoded" media type (as defined by HTML 444 [HTML401]), effectively packaging all form data into URI compliant 445 syntax [RFC3986]. The SMS message MUST NOT contain any HTTP headers, 446 only the form data. The media type is implicit. It MUST NOT be 447 transferred in the SMS message. Since the SMS message contains the 448 form field values, the body of an "sms" type URI used for 449 an HTML form will be ignored. 451 The character encoding used for form submissions MUST be UTF-8 452 [RFC3629]. It should be noted, however, that user agents MUST 453 percent-encode form submissions before sending them (this encoding is 454 specified by the URI syntax [RFC3986]). 456 The user agent SHOULD inform the user about the possible security 457 hazards involved when submitting the form (it is probably being sent 458 as plain text over an air interface). 460 If the form submission is longer than the maximum SMS message size, 461 the user agent MAY either concatenate SMS messages, if it is able to 462 do so, or it MAY refuse to send the message. The user agent MUST NOT 463 send out partial form submissions. 465 3. URI Scheme Registration 467 This memo requests the registration of the Uniform Resource 468 Identifier (URI) scheme "sms" for specifying one or more recipients 469 for an SMS message. The registration request complies with RFC 4395 470 [RFC4395]. 472 3.1. URI Scheme Name 474 sms 476 3.2. Status 478 Permanent 480 3.3. URI Scheme Syntax 482 See Section 2. 484 3.4. URI Scheme Semantics 486 The "sms" defines a way how a message may be composed which is then 487 transmitted using the SMS message transmission method. This scheme 488 can thus be compared to be "mailto" URI scheme [RFC2368]. See 489 Section 2.3 for the details of operation. 491 3.5. Encoding Considerations 493 The optional body field of "sms" URIs may contain a message text, but 494 this text uses percent-encoded UTF-8 characters and thus can always 495 be represented using URI characters. See Section 2 for the details 496 of encoding. 498 3.6. Applications/Protocols that use this URI Scheme Name 500 The "sms" URI scheme is intended to be used in a similar way as the 501 "mailto" URI scheme [RFC2368]. By using "sms" URIs, authors can 502 embed information into documents which can be used as a starting 503 point for initiating message composition. Whether the client is 504 sending the message itself (for example over a GSM air interface) or 505 redirecting the user to a third party for message composition (such 506 as a Web service for sending SMS messages) is outside of the scope of 507 the URI scheme definition. 509 3.7. Interoperability Considerations 511 No interoperability issues have been identified. 513 3.8. Security Considerations 515 See Section 4. 517 3.9. Contact 519 Erik Wilde 520 School of Information 521 UC Berkeley 522 Berkeley, CA 94720-4600 523 U.S.A. 524 tel:+1-510-6432252 525 mailto:dret@berkeley.edu 527 4. Security Considerations 529 SMS messages are transported without any provisions for privacy or 530 integrity, so SMS users should be aware of these inherent security 531 problems of SMS messages. Unlike electronic mail, where additional 532 mechanisms exist to layer security features on top of the basic 533 infrastructure, there currently is no such framework for SMS 534 messages. 536 SMS messages very often are delivered almost instantaneously (if the 537 receiving SMS client is online), but there is no guarantee for when 538 SMS messages will be delivered. In particular, SMS messages between 539 different network operators sometimes take a long time to be 540 delivered (hours or even days) or are not delivered at all, so 541 applications SHOULD NOT make any assumptions about the reliability 542 and performance of SMS message transmission. 544 In most networks, sending SMS messages is not a free service. 545 Therefore, SMS clients MUST make sure that any action that incurs 546 costs is acknowledged by the end user, unless explicitly instructed 547 otherwise by the end user. If an SMS client has different ways of 548 submitting an SMS message (such as a Web service and a phone line), 549 then the end user MUST have a way to control which way is chosen. 551 SMS clients often are limited devices (typically mobile phones), and 552 the sending SMS client SHOULD NOT make any assumptions about the 553 receiving SMS client supporting any non-standard services, such as 554 proprietary message concatenation or proprietary content types. 555 However, if the sending SMS client has prior knowledge about the 556 receiving SMS client, then he MAY use this knowledge to compose non- 557 standard SMS messages. 559 There are certain special SMS messages defined in the SMS 560 specification [SMS] that can be used, for example, to turn on 561 indicators on the phone display, or to send data to certain 562 communication ports (comparable to UDP ports) on the device. Certain 563 proprietary systems (for example, the Wireless Application Protocol 565 [WAP]) define configuration messages that may be used to reconfigure 566 the devices remotely. Any SMS client SHOULD make sure that malicious 567 use of such messages is not possible, for example by filtering out 568 certain SMS User Data headers. Gateways that accept SMS messages 569 e.g. in e-mail messages or Web forms and pass them on to an SMSC, 570 SHOULD implement this kind of "firewalling" approach as well. 572 Because the narrow bandwidth of the SMS communications channel, there 573 should also be checks in place for excessively long concatenated 574 messages. As an example, it may take two minutes to transfer thirty 575 concatenated text messages. 577 Unchecked input from a user MUST NOT be used to populate any other 578 fields in a SMS message other than the User Data field (not including 579 the User Data Header field). All other parts, including the User 580 Data Header, of the short message should only be generated by trusted 581 means. 583 By including "sms" URIs in unsolicited messages (a.k.a. "spam") or 584 other types of advertising, the originator of the "sms" URIs may 585 attempt to reveal an individual's phone number and/or to link the 586 identity (i.e., e-mail address) used for messaging with the identity 587 (i.e., phone number) used for the mobile phone. This attempt to 588 collect information may be a privacy issue, and user agents may make 589 users aware of that risk before composing or sending SMS messages. 590 Users agents which do not provide any feedback about this privacy 591 issue make users more vulnerable to this kind of attack. 593 A user agent SHOULD NOT send out SMS messages without the knowledge 594 of the user, because of associated risks, which include sending 595 masses of SMS messages to a subscriber without his consent, and the 596 costs involved in sending an SMS message. 598 As suggested functionality, the user agent MAY offer a possibility 599 for the user to filter out those phone numbers that are expressed in 600 local format, as most premium-rate numbers are expressed in local 601 format, and because determining the correct local context (and hence 602 the validity of the number to this specific user) may be very 603 difficult. 605 When using "sms" URIs as targets of forms (as described in 606 Section 2.5), the user agent SHOULD inform the user about the 607 possible security hazards involved when submitting the form (it is 608 probably being sent as plain text over an air interface). 610 5. IANA Considerations 612 Upon publication of this memo as an RFC, IANA has registered the 613 "sms" URI scheme, using the template in Section 3, in accordance with 614 RFC 4395 [RFC4395]. 616 6. Change Log 618 This section will not be part of the final RFC text, it serves as a 619 container to collect the history of the individual draft versions. 620 To the editor: Please remove this section before publication as RFC. 622 6.1. From -18 to -19 624 o Changed phone numbers in Section 2.4 to match the rules for 625 reserved phone numbers in the +1 country code (as given by http:// 626 www.nanpa.com/nas/public/ 627 form555MasterReport.do?method=display555MasterReport). 629 o Changed "sms-field-ext = *( unreserved )" to "sms-field-ext = 1*( 630 unreserved )" (i.e., field name cannot be empty). 632 o Changed the registration request from "Provisional" to 633 "Permanent". 635 o Renamed [8.2] from "Non-Normative References" to "Informative 636 References". 638 o Minor text changes. 640 6.2. From -17 to -18 642 o Added normative reference to [HTML401] for the "application/ 643 x-www-form-urlencoded" media type. 645 o Changed to become (with "body" as the only 646 predefined field name) and to become , to allow extensions and defined extension model to be 648 mustIgnore. 650 6.3. From -16 to -17 652 o Changed phone numbers in Section 2.4 to be clearly identifiable 653 example phone numbers. 655 o Changed syntax of to use (defined 656 internally) instead of (which had been reused from RFC 657 3986). 659 o Removed RFC 2822 from the references (unused). 661 o Moved Section 2 outside of Section 1, becoming a top-level 662 section. 664 o Renamed to to avoid confusion with RFC 665 3986 tokens. 667 o Removed unused tokens from Appendix A. 669 6.4. From -15 to -16 671 o Changed phone numbers to be defined by the 672 part of RFC 3966 [RFC3966] rather than being defined here. 674 o Removed the intermediate part and defined to directly use . 677 o Replaced reference to [RFC5234] in Section 5 with correct 678 reference to [RFC4395]. 680 6.5. From -14 to -15 682 o RFC 4234 (ABNF) has been obsoleted by [RFC5234]. 684 6.6. From -13 to -14 686 o Updated abstract of Section 3 to the new abstract of the complete 687 document (mentioning of gateway functionality removed). 689 o Removed the "smsc" qualifier which allowed the specification of an 690 SMSC to be used for SMS message delivery. 692 o Removed the section about interfacing between a user agent 693 processing an "sms" URI, and a Web-based service for SMS 694 composition and sending. 696 o Replaced "gstn-phone" with "sms-number" in Section 2.3 697 (inconsistency from earlier syntax revision). 699 o Replaced all quotes around ABNF symbols within text with <...> to 700 clearly identify them as ABNF. 702 o Updated all references to their complete XML version. 704 o Added Section 5. 706 6.7. From -12 to -13 708 o Updated [SMS] to point to the latest version of the SMS spec (3GPP 709 TS 23.040 V7.0.1). 711 o Removed support for telematic interworking from the draft. This 712 feature of SMS messaging is hard to understand, poorly supported 713 by clients as well as network operators, and for these reasons 714 would have been likely to see poor adoption in implementations 715 anyway. 717 o Added some text making it more clear that all recipients SHOULD be 718 sent the exact same message. 720 o Several small editorial changes. 722 6.8. From -11 to -12 724 o Integrated draft-wilde-sms-service-11 and 725 draft-wilde-sms-uri-registration-00 into this draft. This draft 726 is now self-contained. 728 o Changed the phone number notation to use the definition from RFC 729 3966 [RFC3966] rather than RFC 3601 (RFC 3966 is a simpler 730 notation disallowing some of the special characters allowed by RFC 731 3601). 733 o Rephrased various parts of Section 4. 735 o Removed Section "Author/Change Controller". 737 o RFC 2806 (tel URI scheme) has been obsoleted by [RFC3966]. 739 6.9. From -10 to -11 741 o RFC 2234 (ABNF) has been obsoleted by RFC4234. 743 o Updated reference information for [SMS] and [SMS-CHAR]. 745 o Minor textual changes. 747 6.10. From -09 to -10 749 o Added security consideration about filtering local format phone 750 numbers. 752 o Changed IPR clause from RFC 3667 to RFC 3978 (updated version of 753 RFC 3667). 755 6.11. From -08 to -09 757 o Fixed syntax error in hier-part and sms-recipient non-terminals, 758 which allowed sms-recipients to be concatenated without comma 759 separation. 761 6.12. From -07 to -08 763 o URIs are now defined by RFC 3986 [RFC3986], so the text (including 764 the syntax definitions) and the references have been updated. 766 6.13. From -06 to -07 768 o Changed IPR clause from RFC 2026 to RFC 3667 (updated version of 769 RFC 2026). 771 6.14. From -05 to -06 773 o Updated reference from draft-allocchio-gstn to RFC 3601. 775 6.15. From -04 to -05 777 o Updated reference to SMS spec to the version referenced in the SMS 778 service draft. 780 6.16. From -03 to -04 782 o Updated reference to draft-allocchio-gstn (to revision -05). 784 6.17. From -02 to -03 786 o Changed ordering of "change Log" section (descending to 787 ascending). 789 o Clarified the wording at the beginning of Section 2.2 about only 790 the keywords of the scheme being case-insensitive. 792 o Changed "sms-body" to be a URI query string. 794 o Added some text describing "sms" URIs as addressing resources. 796 6.18. From -01 to -02 798 o Changed the sms-body field to percent-encoded UTF-8 characters. 800 6.19. From -00 to -01 802 o Added the "sms-body" field and its processing rules. 804 o Added section about using "sms" URIs as query strings for SMS Web 805 services. 807 o Fixed typo in ABNF (said "global-phone" instead of "gstn-phone"). 809 o Added some explanatory text about form submissions using email 810 telematic interworking. 812 o Added some text about character encoding in form submissions. 814 6.20. Change Log of draft-wilde-sms-service 816 This section contains the change log of draft-wilde-sms-service-11 817 before it was incorporated into this document at version 818 draft-wilde-sms-uri-12. 820 6.20.1. From -10 to -11 822 o RFC 2234 (ABNF) has been obsoleted by RFC4234. 824 o Added new security issue in Section 4. 826 o Updated reference information for [SMS] and [SMS-CHAR]. 828 o Minor textual changes. 830 6.20.2. From -09 to -10 832 o Changed IPR clause from RFC 3667 to RFC 3978 (updated version of 833 RFC 3667). 835 6.20.3. From -08 to -09 837 o No changes, re-release for alignment with draft-wilde-sms-uri. 839 6.20.4. From -07 to -08 841 o No changes, re-release for alignment with draft-wilde-sms-uri. 843 6.20.5. From -06 to -07 845 o Changed IPR clause from RFC 2026 to RFC 3667 (updated version of 846 RFC 2026). 848 6.20.6. From -05 to -06 850 o Updated reference from draft-allocchio-gstn-05 to RFC 3601. 852 6.20.7. From -04 to -05 854 o No changes, re-release for alignment with draft-wilde-sms-uri. 856 6.20.8. From -03 to -04 858 o Updated reference to draft-allocchio-gstn (to revision -05). 860 6.20.9. From -02 to -03 862 o Changed ordering of "change Log" section (descending to 863 ascending). 865 o Fixed some spelling errors. 867 6.20.10. From -01 to -02 869 o Removed address specification for X.400 SMS from ABNF 870 (surprisingly not part of the SMS spec). 872 o Added some explanatory text about character set mapping for SMS 873 messages. 875 o Added text requiring the use of message class 1 for sending SMS 876 messages. 878 6.20.11. From -00 to -01 880 o Added a number of new security considerations. 882 o Added the "PID" qualif-type1 keyword and the section about "SMS 883 Telematic Interworking" (removed in -13, available as Section 884 1.2.3 in -12). 886 7. Acknowledgements 888 This document has been prepared using the IETF document DTD described 889 in RFC 2629 [RFC2629]. 891 Thanks to (listed alphabetically) Claudio Allocchio, Derek Atkins, 892 Leslie Daigle, Lisa Dusseault, Vijay Gurbani, Alfred Hoenes, Cullen 893 Jennings, Graham Klyne, Larry Masinter, Michael Patton, and Magnus 894 Westerlund for their comments. 896 8. References 898 8.1. Normative References 900 [HTML401] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 901 Specification", W3C REC-html401, December 1999, 902 . 904 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 905 Requirement Levels", BCP 14, RFC 2119, March 1997. 907 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 908 10646", STD 63, RFC 3629, November 2003. 910 [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", 911 RFC 3966, December 2004. 913 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 914 Resource Identifier (URI): Generic Syntax", STD 66, 915 RFC 3986, January 2005. 917 [RFC4395] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and 918 Registration Procedures for New URI Schemes", BCP 115, 919 RFC 4395, February 2006. 921 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 922 Specifications: ABNF", RFC 5234, January 2008. 924 [SMS] European Telecommunications Standards Institute, "3GPP TS 925 23.040 V7.0.1 (2007-03): 3rd Generation Partnership 926 Project; Technical Specification Group Core Network and 927 Terminals; Technical realization of the Short Message 928 Service (SMS) (Release 7)", March 2007, . 932 [SMS-CHAR] 933 European Telecommunications Standards Institute, "TS 100 934 900 (GSM 03.38 version 7.2.0 Release 1998): Digital 935 Cellular Telecommunications System (Phase 2+); Alphabets 936 and language-specific information", July 1999, . 940 8.2. Informative References 942 [RFC2368] Hoffmann, P., Masinter, L., and J. Zawinski, "The mailto 943 URL scheme", RFC 2368, June 1998. 945 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 946 June 1999. 948 [RFC2838] Zigmond, D. and M. Vickers, "Uniform Resource Identifiers 949 for Television Broadcasts", RFC 2838, May 2000. 951 [WAP] WAP Forum, "Wireless Application Protocol - Architecture 952 Specification (WAP-210-WAPArch-20010712)", July 2001. 954 [uri-clarification] 955 World Wide Web Consortium, "URIs, URLs, and URNs: 956 Clarifications and Recommendations 1.0", W3C uri- 957 clarification , September 2001, 958 . 960 Appendix A. Syntax of 'telephone-subscriber' 962 The following syntax is reproduced from Section 3 of RFC 3966 963 [RFC3966]. It defines the part used in the 964 "sms" URI scheme syntax. Please note that it includes Erratum 203 965 for RFC 3966, which changes the definition of . 967 telephone-subscriber = global-number / local-number 968 global-number = global-number-digits *par 969 local-number = local-number-digits *par context *par 970 par = parameter / extension / isdn-subaddress 971 isdn-subaddress = ";isub=" 1*paramchar 972 extension = ";ext=" 1*phonedigit 973 context = ";phone-context=" descriptor 974 descriptor = domainname / global-number-digits 975 global-number-digits = "+" *phonedigit DIGIT *phonedigit 976 local-number-digits = 977 *phonedigit-hex (HEXDIG / "*" / "#")*phonedigit-hex 978 domainname = *( domainlabel "." ) toplabel [ "." ] 979 domainlabel = alphanum 980 / alphanum *( alphanum / "-" ) alphanum 981 toplabel = ALPHA / ALPHA *( alphanum / "-" ) alphanum 982 parameter = ";" pname ["=" pvalue ] 983 pname = 1*( alphanum / "-" ) 984 pvalue = 1*paramchar 985 paramchar = param-unreserved / unreserved / pct-encoded 986 unreserved = alphanum / mark 987 mark = "-" / "_" / "." / "!" / "~" / "*" / 988 "'" / "(" / ")" 989 pct-encoded = "%" HEXDIG HEXDIG 990 param-unreserved = "[" / "]" / "/" / ":" / "&" / "+" / "$" 991 phonedigit = DIGIT / [ visual-separator ] 992 phonedigit-hex = HEXDIG / "*" / "#" / [ visual-separator ] 993 visual-separator = "-" / "." / "(" / ")" 994 alphanum = ALPHA / DIGIT 996 Authors' Addresses 998 Erik Wilde 999 UC Berkeley 1000 Berkeley, CA 94720-4600 1001 U.S.A. 1003 Phone: +1-510-6432253 1004 Email: dret@berkeley.edu 1005 URI: http://dret.net/netdret/ 1007 Antti Vaha-Sipila 1008 Nokia 1010 Email: antti.vaha-sipila@nokia.com 1011 URI: http://www.iki.fi/avs/