summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc7255.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc7255.txt')
-rw-r--r--doc/rfc/rfc7255.txt507
1 files changed, 507 insertions, 0 deletions
diff --git a/doc/rfc/rfc7255.txt b/doc/rfc/rfc7255.txt
new file mode 100644
index 0000000..9411fb9
--- /dev/null
+++ b/doc/rfc/rfc7255.txt
@@ -0,0 +1,507 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) A. Allen, Ed.
+Request for Comments: 7255 Blackberry
+Category: Informational May 2014
+ISSN: 2070-1721
+
+
+ Using the International Mobile station Equipment Identity (IMEI)
+ Uniform Resource Name (URN) as an Instance ID
+
+Abstract
+
+ This specification defines how the Uniform Resource Name (URN)
+ reserved for the Global System for Mobile Communications Association
+ (GSMA) identities and its sub-namespace for the International Mobile
+ station Equipment Identity (IMEI) can be used as an instance-id. Its
+ purpose is to fulfill the requirements for defining how a specific
+ URN needs to be constructed and used in the '+sip.instance' Contact
+ header field parameter for outbound behavior.
+
+Status of This Memo
+
+ This document is not an Internet Standards Track specification; it is
+ published for informational purposes.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Not all documents
+ approved by the IESG are a candidate for any level of Internet
+ Standard; see Section 2 of RFC 5741.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc7255.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Allen Informational [Page 1]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+Copyright Notice
+
+ Copyright (c) 2014 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. Terminology .....................................................3
+ 3. Background ......................................................3
+ 4. 3GPP Use Cases ..................................................5
+ 5. User Agent Client Procedures ....................................5
+ 6. User Agent Server Procedures ....................................6
+ 7. 3GPP SIP Registrar Procedures ...................................6
+ 8. Security Considerations .........................................7
+ 9. Acknowledgements ................................................7
+ 10. References .....................................................8
+ 10.1. Normative References ......................................8
+ 10.2. Informative References ....................................8
+
+1. Introduction
+
+ This specification defines how the Uniform Resource Name (URN)
+ reserved for the Global System for Mobile Communications Association
+ (GSMA) identities and its sub-namespace for the International Mobile
+ station Equipment Identity (IMEI) as specified in RFC 7254 [1] can be
+ used as an instance-id as specified in RFC 5626 [2] and also as used
+ by RFC 5627 [3].
+
+ RFC 5626 [2] specifies the '+sip.instance' Contact header field
+ parameter that contains a URN as specified in RFC 2141 [4]. The
+ instance-id uniquely identifies a specific User Agent (UA) instance.
+ This instance-id is used as specified in RFC 5626 [2] so that the
+ Session Initiation Protocol (SIP) registrar (as specified in RFC 3261
+ [9]) can recognize that the contacts from multiple registrations
+ correspond to the same UA. The instance-id is also used as specified
+
+
+
+
+
+Allen Informational [Page 2]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+ by RFC 5627 [3] to create Globally Routable User Agent URIs (GRUUs)
+ that can be used to uniquely address a UA when multiple UAs are
+ registered with the same Address of Record (AoR).
+
+ RFC 5626 [2] requires that a UA SHOULD create a Universally Unique
+ Identifier (UUID) URN as specified in RFC 4122 [6] as its instance-id
+ but allows for the possibility to use other URN schemes. Per
+ RFC 5626, "If a URN scheme other than UUID is used, the UA MUST only
+ use URNs for which an RFC (from the IETF stream) defines how the
+ specific URN needs to be constructed and used in the "+sip.instance"
+ Contact header field parameter for outbound behavior". This
+ specification meets this requirement by specifying how the GSMA IMEI
+ URN is used in the '+sip.instance' Contact header field parameter for
+ outbound behavior, and RFC 7254 [1] specifies how the GSMA IMEI URN
+ is constructed.
+
+ The GSMA IMEI is a URN for the IMEI -- a globally unique identifier
+ that identifies mobile devices used in the GSM, Universal Mobile
+ Telecommunications System (UMTS), and 3rd Generation Partnership
+ Project (3GPP) Long Term Evolution (LTE) networks. The IMEI
+ allocation is managed by the GSMA to ensure that the IMEI values are
+ globally unique. Details of the formatting of the IMEI as a URN are
+ specified in RFC 7254 [1], and the definition of the IMEI is
+ contained in 3GPP TS 23.003 [10]. Further details about the GSMA's
+ role in allocating the IMEI, and the IMEI allocation guidelines, can
+ be found in GSMA PRD TS.06 [11].
+
+2. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [7].
+
+3. Background
+
+ GSM, UMTS, and LTE capable mobile devices represent 90% of the mobile
+ devices in use worldwide. Every manufactured GSM, UMTS, or LTE
+ mobile device has an allocated IMEI that uniquely identifies this
+ specific mobile device. Among other things, in some regulatory
+ jurisdictions the IMEI is used to identify that a stolen mobile
+ device is being used, to help to identify the subscription that is
+ using it, and to prevent use of the mobile device. While GSM was
+ originally a circuit switched system, enhancements such as the
+ General Packet Radio Service (GPRS) and UMTS have added IP data
+ capabilities that, along with the definition of the IP Multimedia
+ Subsystem (IMS), have made SIP-based calls and IP multimedia sessions
+ from mobile devices possible.
+
+
+
+
+Allen Informational [Page 3]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+ The latest enhancement, known as LTE, introduces even higher data
+ rates and dispenses with the circuit switched infrastructure
+ completely. This means that with LTE networks, voice calls will need
+ to be conducted using IP and IMS. However, the transition to all IP
+ SIP-based IMS networks worldwide will take a great many years, and
+ mobile devices, being mobile, will need to operate in both IP/SIP/IMS
+ mode and circuit switched mode. This means that calls and sessions
+ will need to be handed over between IP/SIP/IMS mode and circuit
+ switched mode mid-call or mid-session. Also, since many existing GSM
+ and UMTS radio access networks are unable to support IP/SIP/IMS-based
+ voice services in a commercially acceptable manner, some sessions
+ could have some media types delivered via IP/IMS simultaneously with
+ voice media delivered via the circuit switched domain to the same
+ mobile device. To achieve this, the mobile device needs to be
+ simultaneously attached via both the IP/SIP/IMS domain and the
+ circuit switched domain.
+
+ To meet this need, the 3GPP has specified how to maintain session
+ continuity between the IP/SIP/IMS domain and the circuit switched
+ domain in 3GPP TS 24.237 [12], and in 3GPP TS 24.292 [13] has
+ specified how to access IMS hosted services via both the IP/SIP/IMS
+ domain and the circuit switched domain.
+
+ In order for the mobile device to access SIP/IMS services via the
+ circuit switched domain, the 3GPP has specified a Mobile Switching
+ Center (MSC) server enhanced for IMS Centralized Services (ICS) and a
+ MSC server enhanced for Single Radio Voice Call Continuity (SR-VCC)
+ that control mobile voice call setup over the circuit switched radio
+ access while establishing the corresponding voice session in the core
+ network using SIP/IMS. To enable this, the MSC server enhanced for
+ ICS or the MSC server enhanced for SR-VCC performs SIP registration
+ on behalf of the mobile device, which is also simultaneously directly
+ registered with the IP/SIP/IMS domain. The only mobile device
+ identifier that is transportable using GSM/UMTS/LTE signaling is the
+ IMEI; therefore, the instance-id included by the MSC server enhanced
+ for ICS or the MSC server enhanced for SR-VCC when acting on behalf
+ of the mobile device, and the instance-id directly included by the
+ mobile device, both need to be based on the IMEI.
+
+ Additionally, in order to meet the above requirements, the same IMEI
+ that is obtained from the circuit switched signaling by the MSC
+ server needs to be obtainable from SIP signaling so that it can be
+ determined that both the SIP signaling and circuit switched signaling
+ originate from the same mobile device.
+
+ For these reasons, 3GPP TS 24.237 [12] and 3GPP TS 24.292 [13]
+ already specify the use of the URN namespace for the GSMA IMEI URN as
+ specified in RFC 7254 [1] as the instance-id used by GSM/UMTS/LTE
+
+
+
+Allen Informational [Page 4]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+ mobile devices, the MSC server enhanced for SR-VCC, and the MSC
+ server enhanced for ICS, for SIP/IMS registrations and emergency-
+ related SIP requests.
+
+4. 3GPP Use Cases
+
+ 1. The mobile device includes its IMEI in the SIP REGISTER request
+ so that the SIP registrar can perform a check of the Equipment
+ Identity Register (EIR) to verify whether this mobile device is
+ allowed to access the network for non-emergency services or is
+ barred from doing so (e.g., because the device has been stolen).
+ If the mobile device is not allowed to access the network for
+ non-emergency services, the SIP registrar can reject the
+ registration and thus prevent a barred mobile device from
+ accessing the network for non-emergency services.
+
+ 2. The mobile device includes its IMEI in SIP INVITE requests used
+ to establish emergency sessions. This is so that the Public
+ Safety Answering Point (PSAP) can obtain the IMEI of the mobile
+ device for identification purposes if required by regulations.
+
+ 3. The IMEI that is included in SIP INVITE requests by the mobile
+ device and used to establish emergency sessions is also used in
+ cases of unauthenticated emergency sessions to enable the network
+ to identify the mobile device. This is especially important if
+ the unauthenticated emergency session is handed over from the
+ packet switched domain to the circuit switched domain. In this
+ scenario, the IMEI is the only identifier that is common to both
+ domains, so the Emergency Access Transfer Function (EATF) in the
+ network, which in such cases coordinates the transfer between
+ domains, can use the IMEI to determine that the circuit switched
+ call is from the same mobile device that was in the emergency
+ session in the packet switched domain.
+
+5. User Agent Client Procedures
+
+ A User Agent Client (UAC) that has an IMEI as specified in 3GPP TS
+ 23.003 [10] and that is registering with a 3GPP IMS network MUST
+ include in the "sip.instance" media feature tag the GSMA IMEI URN
+ according to the syntax specified in RFC 7254 [1] when performing the
+ registration procedures specified in RFC 5626 [2] or RFC 5627 [3], or
+ any other procedure requiring the inclusion of the "sip.instance"
+ media feature tag. The UAC SHOULD NOT include the optional 'svn'
+ parameter in the GSMA IMEI URN in the "sip.instance" media feature
+ tag, since the software version can change as a result of upgrades to
+ the device firmware that would create a new instance-id. Any future
+ non-zero values of the 'vers' parameter, or the future definition of
+ additional parameters for the GSMA IMEI URN that are intended to be
+
+
+
+Allen Informational [Page 5]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+ used as part of an instance-id, will require that an update be made
+ to this RFC. The UAC MUST provide character-by-character identical
+ URNs in each registration according to RFC 5626 [2]. Hence, any
+ optional or variable components of the URN (e.g., the 'vers'
+ parameter) MUST be presented with the same values and in the same
+ order in every registration as in the first registration.
+
+ A UAC MUST NOT use the GSMA IMEI URN as an instance-id, except when
+ registering with a 3GPP IMS network. When a UAC is operating in IMS
+ mode, it will obtain from the Universal Integrated Circuit Card
+ (UICC) (commonly known as the SIM card) the domain of the network
+ with which to register. This is a carrier's IMS network domain. The
+ UAC will also obtain the address of the IMS edge proxy to send the
+ REGISTER request containing the IMEI using information elements in
+ the Attach response when it attempts to connect to the carrier's
+ packet data network. When registering with a non-3GPP IMS network, a
+ UAC SHOULD use a UUID as an instance-id as specified in RFC 5626 [2].
+
+ A UAC MUST NOT include the "sip.instance" media feature tag
+ containing the GSMA IMEI URN in the Contact header field of non-
+ REGISTER requests, except when the request is related to an emergency
+ session. Regulatory requirements can require that the IMEI be
+ provided to the PSAP. Any future exceptions to this prohibition will
+ require the publication of an RFC that addresses how privacy is not
+ violated by such usage.
+
+6. User Agent Server Procedures
+
+ A User Agent Server (UAS) MUST NOT include its "sip.instance" media
+ feature tag containing the GSMA IMEI URN in the Contact header field
+ of responses, except when the response is related to an emergency
+ session. Regulatory requirements can require that the IMEI be
+ provided to the PSAP. Any future exceptions to this prohibition will
+ require the publication of an RFC that addresses how privacy is not
+ violated by such usage.
+
+7. 3GPP SIP Registrar Procedures
+
+ In 3GPP IMS, when the SIP registrar receives in the Contact header
+ field a "sip.instance" media feature tag containing the GSMA IMEI URN
+ according to the syntax specified in RFC 7254 [1] the SIP registrar
+ follows the procedures specified in RFC 5626 [2]. The IMEI URN MAY
+ be validated as described in RFC 7254 [1]. If the UA indicates that
+ it supports the extension in RFC 5627 [3] and the SIP registrar
+ allocates a public GRUU according to the procedures specified in
+ RFC 5627 [3], the instance-id MUST be obfuscated when creating the
+ 'gr' parameter in order not to reveal the IMEI to other UAs when the
+
+
+
+
+Allen Informational [Page 6]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+ public GRUU is included in non-REGISTER requests and responses. 3GPP
+ TS 24.229 [8] subclause 5.4.7A.2 specifies the mechanism for
+ obfuscating the IMEI when creating the 'gr' parameter.
+
+8. Security Considerations
+
+ Because IMEIs, like other formats of instance-ids, can be correlated
+ to a user, they are personally identifiable information and therefore
+ MUST be treated in the same way as any other personally identifiable
+ information. In particular, the "sip.instance" media feature tag
+ containing the GSMA IMEI URN MUST NOT be included in requests or
+ responses intended to convey any level of anonymity, as this could
+ violate the user's privacy. RFC 5626 [2] states that "One case where
+ a UA could prefer to omit the "sip.instance" media feature tag is
+ when it is making an anonymous request or some other privacy concern
+ requires that the UA not reveal its identity". The same concerns
+ apply when using the GSMA IMEI URN as an instance-id. Publication of
+ the GSMA IMEI URN to networks to which the UA is not attached, or
+ with which the UA does not have a service relationship, is a security
+ breach, and the "sip.instance" media feature tag MUST NOT be
+ forwarded by the service provider's network elements when forwarding
+ requests or responses towards the destination UA. Additionally, an
+ instance-id containing the GSMA IMEI URN identifies a mobile device
+ and not a user. The instance-id containing the GSMA IMEI URN MUST
+ NOT be used alone as an address for a user or as an identification
+ credential for a user. The GRUU mechanism specified in RFC 5627 [3]
+ provides a means to create URIs that address the user at a specific
+ device or User Agent.
+
+ Entities that log the instance-id need to protect them as personally
+ identifiable information. Regulatory requirements can require that
+ carriers log SIP IMEIs.
+
+ In order to protect the "sip.instance" media feature tag containing
+ the GSMA IMEI URN from being tampered with, those REGISTER requests
+ containing the GSMA IMEI URN MUST be sent using a security mechanism
+ such as Transport Layer Security (TLS) (RFC 5246 [5]) or another
+ security mechanism that provides equivalent levels of protection such
+ as hop-by-hop security based upon IPsec.
+
+9. Acknowledgements
+
+ The author would like to thank Paul Kyzivat, Dale Worley, Cullen
+ Jennings, Adam Roach, Keith Drage, Mary Barnes, Peter Leis, James Yu,
+ S. Moonesamy, Roni Even, and Tim Bray for reviewing this document and
+ providing their comments.
+
+
+
+
+
+Allen Informational [Page 7]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+10. References
+
+10.1. Normative References
+
+ [1] Montemurro, M., Ed., Allen, A., McDonald, D., and P. Gosden, "A
+ Uniform Resource Name Namespace for the Global System for Mobile
+ Communications Association (GSMA) and the International Mobile
+ station Equipment Identity (IMEI)", RFC 7254, May 2014.
+
+ [2] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
+ Initiated Connections in the Session Initiation Protocol (SIP)",
+ RFC 5626, October 2009.
+
+ [3] Rosenberg, J., "Obtaining and Using Globally Routable User Agent
+ URIs (GRUUs) in the Session Initiation Protocol (SIP)", RFC
+ 5627, October 2009.
+
+ [4] Moats, R., "URN Syntax", RFC 2141, May 1997.
+
+ [5] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
+ Protocol Version 1.2", RFC 5246, August 2008.
+
+ [6] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
+ IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
+
+ [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [8] 3GPP, "IP multimedia call control protocol based on Session
+ Initiation Protocol (SIP) and Session Description Protocol
+ (SDP); Stage 3", 3GPP TS 24.229 (Release 8), March 2014,
+ <ftp://ftp.3gpp.org/Specs/archive/24_series/ 24.229/>.
+
+ [9] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
+ Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
+ Session Initiation Protocol", RFC 3261, June 2002.
+
+10.2. Informative References
+
+ [10] 3GPP, "Numbering, addressing and identification", 3GPP TS 23.003
+ (Release 8), March 2014, <ftp://ftp.3gpp.org/Specs/
+ archive/23_series/23.003/>.
+
+ [11] GSM Association, "IMEI Allocation and Approval Guidelines", PRD
+ TS.06 (DG06) Version 6.0, July 2011,
+ <http://www.gsma.com/newsroom/wp-content/uploads/2012/06/
+ ts0660tacallocationprocessapproved.pdf>.
+
+
+
+
+Allen Informational [Page 8]
+
+RFC 7255 Using IMEI URN as an Instance ID May 2014
+
+
+ [12] 3GPP, "Mobile radio interface Layer 3 specification; Core
+ network protocols; Stage 3", 3GPP TS 24.237 (Release 8),
+ September 2013, <ftp://ftp.3gpp.org/Specs/archive/
+ 24_series/24.237/>.
+
+ [13] 3GPP, "IP Multimedia (IM) Core Network (CN) subsystem
+ Centralized Services (ICS); Stage 3", 3GPP TS 24.292 (Release
+ 8), December 2013, <ftp://ftp.3gpp.org/Specs/
+ archive/24_series/24.292/>.
+
+Author's Address
+
+ Andrew Allen (editor)
+ Blackberry
+ 1200 Sawgrass Corporate Parkway
+ Sunrise, Florida 33323
+ USA
+
+ EMail: aallen@blackberry.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Allen Informational [Page 9]
+