From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc4916.txt | 1347 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1347 insertions(+) create mode 100644 doc/rfc/rfc4916.txt (limited to 'doc/rfc/rfc4916.txt') diff --git a/doc/rfc/rfc4916.txt b/doc/rfc/rfc4916.txt new file mode 100644 index 0000000..a0ab5b6 --- /dev/null +++ b/doc/rfc/rfc4916.txt @@ -0,0 +1,1347 @@ + + + + + + +Network Working Group J. Elwell +Request for Comments: 4916 Siemens Enterprise Communications Limited +Updates: 3261 June 2007 +Category: Standards Track + + + Connected Identity in the Session Initiation Protocol (SIP) + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The IETF Trust (2007). + +Abstract + + This document provides a means for a Session Initiation Protocol + (SIP) User Agent (UA) that receives a dialog-forming request to + supply its identity to the peer UA by means of a request in the + reverse direction, and for that identity to be signed by an + Authentication Service. Because of retargeting of a dialog-forming + request (changing the value of the Request-URI), the UA that receives + it (the User Agent Server, UAS) can have a different identity from + that in the To header field. The same mechanism can be used to + indicate a change of identity during a dialog, e.g., because of some + action in the Public Switched Telephone Network (PSTN) behind a + gateway. This document normatively updates RFC 3261 (SIP). + + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 1] + +RFC 4916 SIP Connected ID June 2007 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 3. Overview of Solution . . . . . . . . . . . . . . . . . . . . . 4 + 4. Behaviour . . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 4.1. Behaviour of a UA that Issues an INVITE Request + Outside the Context of an Existing Dialog . . . . . . . . 6 + 4.2. Behaviour of a UA that Receives an INVITE Request + outside the Context of an Existing Dialog . . . . . . . . 6 + 4.3. Behaviour of a UA Whose Identity Changes during an + Established INVITE-initiated Dialog . . . . . . . . . . . 7 + 4.4. General UA Behaviour . . . . . . . . . . . . . . . . . . . 7 + 4.4.1. Sending a Mid-Dialog Request . . . . . . . . . . . . . 7 + 4.4.2. Receiving a Mid-Dialog Request . . . . . . . . . . . . 8 + 4.5. Authentication Service Behaviour . . . . . . . . . . . . . 8 + 4.6. Verifier Behaviour . . . . . . . . . . . . . . . . . . . . 9 + 4.7. Proxy Behaviour . . . . . . . . . . . . . . . . . . . . . 9 + 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 5.1. Sending Connected Identity after Answering a Call . . . . 10 + 5.2. Sending Revised Connected Identity during a Call . . . . . 16 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 + 7. Security considerations . . . . . . . . . . . . . . . . . . . 21 + 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 + 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 + 9.1. Normative References . . . . . . . . . . . . . . . . . . . 23 + 9.2. Informative References . . . . . . . . . . . . . . . . . . 23 + + + + + + + + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 2] + +RFC 4916 SIP Connected ID June 2007 + + +1. Introduction + + The Session Initiation Protocol (SIP) (RFC 3261 [1]) initiates + sessions but also provides information on the identities of the + parties at both ends of a session. Users need this information to + help determine how to deal with communications initiated by a SIP. + The identity of the party who answers a call can differ from that of + the initial called party for various reasons such as call forwarding, + call distribution and call pick-up. Furthermore, once a call has + been answered, a party can be replaced by a different party with a + different identity for reasons such as call transfer, call park and + retrieval, etc. Although in some cases there can be reasons for not + disclosing these identities, it is desirable to have a mechanism for + providing this information. + + This document extends the use of the From header field to allow it to + convey what is commonly called "connected identity" information (the + identity of the connected user) in either direction within the + context of an existing INVITE-initiated dialog. It can be used to + convey: + + o the callee identity to a caller when a call is answered; + + o the identity of a potential callee prior to answer; or + + o the identity of a user that replaces the caller or callee + following a call rearrangement such as call transfer carried out + within the PSTN or within a back-to-back user agent (B2BUA) using + third party call control techniques. + + Note that the use of standard SIP call transfer techniques, + involving the REFER method, leads to the establishment of a new + dialog and hence normal mechanisms for caller and callee identity + apply. + + The provision of the identity of the responder in a response + (commonly called "response identity") is outside the scope of this + document. + + Note that even if identity were to be conveyed somehow in a + response, there would in general be difficulty authenticating the + UAS. Providing identity in a separate request allows normal + authentication techniques to be used. + + + + + + + + +Elwell Standards Track [Page 3] + +RFC 4916 SIP Connected ID June 2007 + + +2. Terminology + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [2]. + + This specification defines the following additional terms: + + caller: the user of the UA that issues an INVITE request to initiate + a call. + + caller identity: the identity (Address of Record) of a caller. + + callee: the user of the UA that answers a call by issuing a 2xx + response to an INVITE request. + + callee identity: the identity (Address of Record) of a callee. + + potential callee: the user of any UA to which an INVITE request is + targeted resulting in formation of an early dialog, but because + of parallel or serial forking of the request, not necessarily + the user that answers the call. + + connected user: any user involved in an established call, including + the caller, the callee or any user that replaces the caller or + callee following a call re-arrangement such as call transfer. + + connected identity: the identity (Address of Record) of a connected + user. + +3. Overview of Solution + + A mid-dialog request is used to provide connected identity. The User + Agent Client (UAC) for that request inserts its identity in the From + header field of the request. To provide authentication, the Identity + header field (RFC 4474 [3]) is inserted by a suitable Authentication + Service on the path of the mid-dialog request. Unless provided at + the UAC, the Authentication Service is expected to be at a proxy that + record routes and is able to authenticate the UAC. + + A request in the opposite direction to the INVITE request prior to or + at the time the call is answered can indicate the identity of the + potential callee or callee respectively. A request in the same + direction as the INVITE request prior to answer can indicate a change + of caller. A request in either direction after answering can + indicate a change of the connected user. In all cases, a dialog + (early or confirmed) has to be established before such a request can + be sent. + + + +Elwell Standards Track [Page 4] + +RFC 4916 SIP Connected ID June 2007 + + + This solution uses the UPDATE method (RFC 3311 [4]) for the request, + or in some circumstances the re-INVITE method. To send the callee + identity, the UAS for the INVITE request sends the UPDATE request + after sending the 2xx response to the INVITE request and after + receiving an ACK request. To send the potential callee identity, RFC + 3262 [5] is expected to be supported. In this case, the UAS for the + INVITE request sends the UPDATE request after receiving and + responding to a PRACK request (which occurs after sending a reliable + 1xx response to the INVITE request). The UPDATE request could + conceivably be used for other purposes too, e.g., it could be used + during an early dialog to send the potential callee identity at the + same time as a Session Description Protocol (SDP) offer for early + media. To indicate a connected identity change during an established + call, either the UPDATE method or the re-INVITE method can be used. + The re-INVITE method would be used if required for other purposes + (e.g., when a B2BUA performs transfer using Third Party Call Control + (3PCC) techniques it has to issue a re-INVITE request without an SDP + offer to solicit an SDP offer from the UA). + + This solution involves changing the URI (not the tags) in the To and + From header fields of mid-dialog requests and their responses, + compared with the corresponding values in the dialog forming request + and response. Changing the To and From header field URIs was + contemplated in Section 12.2.1.1 of RFC 3261 [1], which says: + + "Usage of the URI from the To and From fields in the original + request within subsequent requests is done for backwards + compatibility with RFC 2543 [6], which used the URI for dialog + identification. In this specification, only the tags are used for + dialog identification. It is expected that mandatory reflection + of the original To and From URI in mid-dialog requests will be + deprecated in a subsequent revision of this specification." + + This document therefore deprecates mandatory reflection of the + original To and From URIs in mid-dialog requests and their responses, + which constitutes a change to RFC 3261 [1]. This document makes no + provision for proxies that are unable to tolerate a change of URI, + since changing the URI has been expected for a considerable time. To + cater for any UAs that are not able to tolerate a change of URI, a + new option tag "from-change" is introduced for providing a positive + indication of support in the Supported header field. By sending a + request with a changed From header field URI only to targets that + have indicated support for this option, there is no need to send this + option tag in a Require header field. + + In addition to allowing the From header field URI to change during a + dialog to reflect the connected identity, this document also requires + a UA that has received a connected identity in the URI of the From + + + +Elwell Standards Track [Page 5] + +RFC 4916 SIP Connected ID June 2007 + + + header field of a mid-dialog request to use that URI in the To header + field of any subsequent mid-dialog request sent by that UA. + + In the absence of a suitable Authentication Service on the path of + the mid-dialog request, the UAS will receive an unauthenticated + connected identity (i.e., without a corresponding Identity header + field). The implications of this are discussed in Section 7 + +4. Behaviour + +4.1. Behaviour of a UA that Issues an INVITE Request Outside the + Context of an Existing Dialog + + When issuing an INVITE request, a UA compliant with this + specification MUST include the "from-change" option tag in the + Supported header field. + + Note that sending the "from-change" option tag does not guarantee + that connected identity will be received in subsequent requests. + +4.2. Behaviour of a UA that Receives an INVITE Request outside the + Context of an Existing Dialog + + After receiving an INVITE request, a UA compliant with this + specification MUST include the "from-change" option tag in the + Supported header field of any dialog-forming response. + + Note that sending the "from-change" option tag does not guarantee + that connected identity will be received in the event of a change + of caller. + + After an early dialog has been formed, if the "from-change" option + tag has been received in a Supported header field, the UA MAY issue + an UPDATE request (RFC 3311 [4]) on the same dialog, subject to + having sent a reliable provisional response to the INVITE request and + having received and responded to a PRACK request. After a full + dialog has been formed (after sending a 2xx final response to the + INVITE request), if the "from-change" option tag has been received in + a Supported header field and an UPDATE request has not already been + sent on the early dialog, the UA MUST issue an UPDATE request on the + same dialog. In either case, the UPDATE request MUST contain the + callee's (or potential callee's) identity in the URI of the From + header field (or an anonymous identity if anonymity is required). + + Note that even if the URI does not differ from that in the To + header field URI of the INVITE request, sending a new request + allows the Authentication Service to assert authentication of this + identity and confirms to the peer UA that the connected identity + + + +Elwell Standards Track [Page 6] + +RFC 4916 SIP Connected ID June 2007 + + + is the same as that in the To header field URI of the INVITE + request. + +4.3. Behaviour of a UA Whose Identity Changes during an Established + INVITE-initiated Dialog + + If the "from-change" option tag has been received in a Supported + header field during an INVITE-initiated dialog and if the identity + associated with the UA changes (e.g., due to transfer) compared to + the last identity indicated in the From header field of a request + sent by that UA, the UA MUST issue a request on the same dialog + containing the new identity in the URI of the From header field (or + an anonymous identity if anonymity is required). For this purpose + the UA MUST use the UPDATE method unless for other reasons the re- + INVITE method is being used at the same time. + +4.4. General UA Behaviour + +4.4.1. Sending a Mid-Dialog Request + + When sending a mid-dialog request, a UA MUST observe the requirements + of RFC 4474 [3] when populating the From header field URI, including + provisions for achieving anonymity. + + This will allow an Authentication Service on the path of the mid- + dialog request to insert an Identity header field. + + When sending a mid-dialog request, a UA MUST populate the To header + field URI with the current value of the remote URI for that dialog, + where this is subject to update in accordance with the rules of + Section 4.4.2 of this document rather than being fixed at the + beginning of the dialog in accordance with RFC 3261 [1]. + + After sending a request with a revised From header field URI (i.e., + revised compared to the URI sent in the From header field of the + previous request on this dialog or in the To header field of the + received dialog-forming INVITE request if no request has been sent), + the UA MUST send the same URI in the From header field of any future + requests on the same dialog, unless the identity changes again. + Also, the UA MUST be prepared to receive the revised URI in the To + header field of subsequent mid-dialog requests and MUST also continue + to be prepared to receive the old URI at least until a request + containing the revised URI in the To header field has been received. + + The mid-dialog request can be rejected in accordance with RFC 4474 + [3] if the UAS does not accept the connected identity. If the UAC + receives a 428, 436, 437, or 438 response to a mid-dialog request it + SHOULD regard the dialog as terminated in the case of a dialog- + + + +Elwell Standards Track [Page 7] + +RFC 4916 SIP Connected ID June 2007 + + + terminating request and SHOULD take no action in the case of any + other request. + + Any attempt to repeat the request or send any other mid-dialog + request is likely to result in the same response, since the UA has + no control over actions of the Authentication Service. + +4.4.2. Receiving a Mid-Dialog Request + + If a UA receives a mid-dialog request from the peer UA, the UA can + make use of the identity in the From header field URI (e.g., by + indicating to the user). The UA MAY discriminate between signed and + unsigned identities. In the case of a signed identity, the UA SHOULD + invoke a Verifier (see Section 4.6) if it cannot rely on the presence + of a Verifier on the path of the request. + + If a UA receives a mid-dialog request from the peer UA in which the + From header field URI differs from that received in the previous + request on that dialog or that sent in the To header field of the + original INVITE request and if the UA sends a 2xx response, the UA + MUST update the remote URI for this dialog, as defined in RFC 3261 + [1]. This will cause the new value to be used in the To header field + of subsequent requests that the UA sends, in accordance with the + rules of Section 4.4.1. If any other final response is sent the UA + MUST NOT update the remote URI for this dialog. + +4.5. Authentication Service Behaviour + + An Authentication Service MUST behave in accordance with RFC 4474 [3] + when dealing with mid-dialog requests. + + Note that RFC 4474 is silent on how to behave if the identity in + the From header field is not one that the UAC is allowed to + assert, and therefore it is a matter for local policy whether to + reject the request or forward it without an Identity header field. + Policy can be different for a mid-dialog request compared with + other requests. + + Note that when UAs conform with this specification the + Authentication Service should (subject to the normal rules for + authentication) be able to authenticate the sender of a request as + being the entity identified in the From header field and hence + will be able provide a signature for this identity. This is in + contrast to UAs that do not support this specification, where + retargeting and mid-dialog identity changes can render the From + header field inaccurate as a means of identifying the sender of + the request. + + + + +Elwell Standards Track [Page 8] + +RFC 4916 SIP Connected ID June 2007 + + +4.6. Verifier Behaviour + + When dealing with mid-dialog requests, an Authentication Service MUST + behave in accordance with RFC 4474 [3] updated as stated below. + + RFC 4474 [3] states that it is a matter of policy whether to reject a + request with a 428 (Use Identity Header) response if there is no + Identity header field in the request. A UA MAY adopt a different + policy for mid-dialog requests compared with other requests. + +4.7. Proxy Behaviour + + A proxy that receives a mid-dialog request MUST be prepared for the + To header field URI and/or the From header field URI to differ from + those that appeared in the dialog-forming request and response. + + A proxy that is able to provide an Authentication Service for mid- + dialog requests MUST record route if Supported: from-change is + indicated in the dialog forming request received by the proxy from + the UAC. + +5. Examples + + In the examples below, several messages contain unfolded lines longer + than 72 characters. These are captured between tags. The single + unfolded line is reconstructed by directly concatenating all lines + appearing between the tags (discarding any line-feeds or carriage + returns). + + In the examples, the domain example.com is assumed to have the + following private key (rendered in PEM format). The private key is + used by the Authentication Service for generating the signature in + the Identity header field. + + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 9] + +RFC 4916 SIP Connected ID June 2007 + + + -----BEGIN RSA PRIVATE KEY----- + MIICXQIBAAKBgQDPPMBtHVoPkXV+Z6jq1LsgfTELVWpy2BVUffJMPH06LL0cJSQO + aIeVzIojzWtpauB7IylZKlAjB5f429tRuoUiedCwMLKblWAqZt6eHWpCNZJ7lONc + IEwnmh2nAccKk83Lp/VH3tgAS/43DQoX2sndnYh+g8522Pzwg7EGWspzzwIDAQAB + AoGBAK0W3tnEFD7AjVQAnJNXDtx59Aa1Vu2JEXe6oi+OrkFysJjbZJwsLmKtrgtt + PXOU8t2mZpi0wK4hX4tZhntiwGKkUPC3h9Bjp+GerifP341RMyMO+6fPgjqOzUDw + +rPjjMpwD7AkcEcqDgbTrZnWv/QnCSaaF3xkUGfFkLx5OKcRAkEA7UxnsE8XaT30 + tP/UUc51gNk2KGKgxQQTHopBcew9yfeCRFhvdL7jpaGatEi5iZwGGQQDVOVHUN1H + 0YLpHQjRowJBAN+R2bvA/Nimq464ZgnelEDPqaEAZWaD3kOfhS9+vL7oqES+u5E0 + J7kXb7ZkiSVUg9XU/8PxMKx/DAz0dUmOL+UCQH8C9ETUMI2uEbqHbBdVUGNk364C + DFcndSxVh+34KqJdjiYSx6VPPv26X9m7S0OydTkSgs3/4ooPxo8HaMqXm80CQB+r + xbB3UlpOohcBwFK9mTrlMB6Cs9ql66KgwnlL9ukEhHHYozGatdXeoBCyhUsogdSU + 6/aSAFcvWEGtj7/vyJECQQCCS1lKgEXoNQPqONalvYhyyMZRXFLdD4gbwRPK1uXK + Ypk3CkfFzOyfjeLcGPxXzq2qzuHzGTDxZ9PAepwX4RSk + -----END RSA PRIVATE KEY----- + +5.1. Sending Connected Identity after Answering a Call + + In this example, Carol's UA has been reached by retargeting at the + proxy and thus her identity (AoR) is not equal to that in the To + header field of the received INVITE request (Bob). Carol's UA + conveys Carol's identity in the From header field of an UPDATE + request. The proxy also provides an Authentication Service and + therefore adds Identity and Identity-Info header fields to the UPDATE + request. + +Alice's UA PROXY + Carol's UA + Authentication + Service + + INVITE(1) INVITE(2) + ----------------> ----------------> + + 200(4) 200(3) + <---------------- <---------------- + + ACK(5) ACK(6) + ----------------> ----------------> + + UPDATE(8) UPDATE(7) + <---------------- <---------------- + + 200(9) 200(10) + ----------------> ----------------> + + + + + + + +Elwell Standards Track [Page 10] + +RFC 4916 SIP Connected ID June 2007 + + +INVITE (1): + +INVITE sip:Bob@example.com SIP/2.0 +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds8 +To: Bob +From: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 1 INVITE +Max-Forwards: 70 +Date: Thu, 21 Feb 2002 13:02:03 GMT +Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE +Supported: from-change +Contact: +Content-Type: application/sdp +Content-Length: 154 + +v=0 +o=UserA 2890844526 2890844526 IN IP4 ua1.example.com +s=Session SDP +c=IN IP4 ua1.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 11] + +RFC 4916 SIP Connected ID June 2007 + + +INVITE (2): + +INVITE sip:Carol@ua2.example.com SIP/2.0 +Via: SIP/2.0/TLS proxy.example.com;branch=z9hG4bK776asdhds + +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds8;received=192.0.2. +1 + +To: Bob +From: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 1 INVITE +Max-Forwards: 69 +Date: Thu, 21 Feb 2002 13:02:03 GMT +Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE +Supported: from-change +Contact: +Record-Route: + +Identity: "xN6gCHR6KxGM+nyiEM13LcWgAFQD3lkni1DPkwgadxh4BB7G+VwY1 +3uRv5hbCI2VSvKuZ4LYN0JNoe7v8VAzruKMyi4Bi4nUghR/fFGBrpBSjztmfffLT +p6SFLxo9XQSVrkm1O4c/4UrKn2ejRz+5BULu9n9kWswzKDNjlYlmmc=" + +Identity-Info: ;alg=rsa-sha1 +Content-Type: application/sdp +Content-Length: 154 + +v=0 +o=UserA 2890844526 2890844526 IN IP4 ua1.example.com +s=Session SDP +c=IN IP4 ua1.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 12] + +RFC 4916 SIP Connected ID June 2007 + + +200 (3): + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS proxy.example.com;branch=z9hG4bK776asdhds;received=192. +0.2.2 + + +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds8;received=192.0.2. +1 + +To: Bob ;tag=2ge46ab5 +From: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 1 INVITE +Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE +Supported: from-change +Contact: +Record-Route: +Content-Type: application/sdp +Content-Length: 154 + +v=0 +o=UserB 2890844536 2890844536 IN IP4 ua2.example.com +s=Session SDP +c=IN IP4 ua2.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + +200 (4): + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds8;received=192.0.2. +1 + +To: Bob ;tag=2ge46ab5 +From: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 1 INVITE +Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE +Supported: from-change +Contact: +Record-Route: +Content-Type: application/sdp +Content-Length: 154 + + + + +Elwell Standards Track [Page 13] + +RFC 4916 SIP Connected ID June 2007 + + +v=0 +o=UserB 2890844536 2890844536 IN IP4 ua2.example.com +s=Session SDP +c=IN IP4 ua2.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + +ACK (5): + +ACK sip:carol@ua2.example.com SIP/2.0 +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds9 +From: Alice ;tag=13adc987 +To: Bob ;tag=2ge46ab5 +Call-ID: 12345600@ua1.example.com +CSeq: 1 ACK +Max-Forwards: 70 +Route: +Content-Length: 0 + +ACK (6): + +ACK sip:carol@ua2.example.com SIP/2.0 +Via: SIP/2.0/TLS proxy.example.com;branch=z9hG4bK776asdhdt + +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds9;received=192.0.2. +1 + +From: Alice ;tag=13adc987 +To: Bob ;tag=2ge46ab5 +Call-ID: 12345600@ua1.example.com +CSeq: 1 ACK +Max-Forwards: 69 +Content-Length: 0 + +UPDATE (7): + +UPDATE sip:Alice@ua1.example.com SIP/2.0 +Via: SIP/2.0/TLS ua2.example.com;branch=z9hG4bKnashdt1 +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 2 UPDATE +Max-Forwards: 70 +Date: Thu, 21 Feb 2002 13:02:15 GMT +Route: +Contact: +Content-Length: 0 + + + +Elwell Standards Track [Page 14] + +RFC 4916 SIP Connected ID June 2007 + + + Note that the URI in the From header field differs from that in + the To header field in the INVITE request/response. However, the + tag is the same as that in the INVITE response. + +UPDATE (8): + +UPDATE sip:Alice@ua1.example.com SIP/2.0 +Via: SIP/2.0/TLS proxy.example.com;branch=z9hG4bK776asdhdu + +Via: SIP/2.0/TLS ua2.example.com;branch=z9hG4bKnashdt1;received=192.0.2. +3 + +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 2 UPDATE +Max-Forwards: 69 +Date: Thu, 21 Feb 2002 13:02:15 GMT +Contact: + +Identity: "g8WJiVEzrbYum+z2lnS3pL+MIhuI439gDiMCHm01fwX5D8Ft5Ib9t +ewLfBT9mDOUSn6wkPSWVQfqdMF/QBPkpsIIROIi2sJOYBEMXZpNrhJd8/uboXMl9 +KRujDFQefZlmXV8dwD6XsPnMgcH8jAcaZ5aS04NyfWadIwTnGeuxko=" + +Identity-Info: ;alg=rsa-sha1 +Content-Length: 0 + +200 (9): + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS proxy.example.com;branch=z9hG4bK776asdhdu;received=192. +0.2.2 + + +Via: SIP/2.0/TLS ua2.example.com;branch=z9hG4bKnashdt1;received=192.0.2. +3 + +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 2 UPDATE +Contact: +Content-Length: 0 + + + + + + + +Elwell Standards Track [Page 15] + +RFC 4916 SIP Connected ID June 2007 + + +200 (10): + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS ua2.example.com;branch=z9hG4bKnashdt1;received=192.0.2. +3 + +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 2 UPDATE +Contact: +Content-Length: 0 + +5.2. Sending Revised Connected Identity during a Call + + In this example, a call is established between Alice and Bob, where + Bob (not shown) lies behind a B2BUA. Bob's identity is conveyed by + an UPDATE request. Then the B2BUA executes call transfer using third + party call control (3PCC) techniques as described in RFC 3725 [7] + (e.g., under the control of a click-to-dial application). As a + result, Alice becomes connected to Carol (also not shown), and a re- + INVITE request is issued allowing the session to be renegotiated. + The B2BUA provides the Authentication Service and thus generates the + Identity header field in the re-INVITE request to provide + authentication of Carol's identity. + + + + + + + + + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 16] + +RFC 4916 SIP Connected ID June 2007 + + +Alice's UA B2BUA + + INVITE(1) + ----------------> + + 200(2) + <---------------- + + ACK(3) + ----------------> + + UPDATE(4) + <---------------- + + 200(5) + ----------------> + + re-INVITE(6) + <---------------- + + 200(7) + ----------------> + + ACK(8) + <--------------- + +INVITE (1): + +INVITE sip:Bob@example.com SIP/2.0 +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds8 +To: Bob +From: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 1 INVITE +Max-Forwards: 70 +Date: Thu, 21 Feb 2002 13:02:03 GMT +Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE +Supported: from-change +Contact: +Content-Type: application/sdp +Content-Length: 154 + + + + + + + + + + +Elwell Standards Track [Page 17] + +RFC 4916 SIP Connected ID June 2007 + + +v=0 +o=UserA 2890844526 2890844526 IN IP4 ua1.example.com +s=Session SDP +c=IN IP4 ua1.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + +200 (2) + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds8;received=192.0.2. +1 + +To: Bob ;tag=2ge46ab5 +From: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 1 INVITE +Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE +Supported: from-change +Contact: +Content-Type: application/sdp +Content-Length: 154 + +v=0 +o=UserB 2890844536 2890844536 IN IP4 ua2.example.com +s=Session SDP +c=IN IP4 ua2.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + +ACK (3) + +ACK sip:xyz@b2bua.example.com SIP/2.0 +Via: SIP/2.0/TLS ua1.example.com;branch=z9hG4bKnashds9 +From: Alice ;tag=13adc987 +To: Bob ;tag=2ge46ab5 +Call-ID: 12345600@ua1.example.com +CSeq: 1 ACK +Max-Forwards: 70 +Content-Length: 0 + + + + + + + + +Elwell Standards Track [Page 18] + +RFC 4916 SIP Connected ID June 2007 + + +UPDATE (4) + +UPDATE sip:alice@ua1.example.com SIP/2.0 +Via: SIP/2.0/TLS b2bua.example.com;branch=z9hG4bKnashdt1 +From: Bob ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 2 UPDATE +Max-Forwards: 70 +Date: Thu, 21 Feb 2002 13:02:12 GMT +Contact: + +Identity: "AQFLSjCDRhO2eXlWmTajk99612hkJii9giDMWki5uT6qc4BrekywO +UuObcwZI3qhJReZCN7ybMBNYFZ5yFXWdyet4j3zLNCONU9ma+rs8ZOv0+z/Q3Z5c +D26HrmitU+OCKWPLObaxbkGQry9hQxOmwRmlUgSjkeCEjgnc1iQc3E=" + +Identity-Info: ;alg=rsa-sha1 +Content-Length: 0 + +200 (5) + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS b2bua.example.com;branch=z9hG4bKnashdt1;received=192.0. +2.2 + +From: Bob ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 2 UPDATE +Contact: +Content-Length: 0 + + + + + + + + + + + + + + + + + + + +Elwell Standards Track [Page 19] + +RFC 4916 SIP Connected ID June 2007 + + +re-INVITE (6) + +INVITE sip:alice@ua1.example.com SIP/2.0 +Via: SIP/2.0/TLS b2bua.example.com;branch=z9hG4bKnashdxy +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 3 INVITE +Max-Forwards: 70 +Date: Thu, 21 Feb 2002 13:03:20 GMT +Contact: + +Identity: "KCd3YLQHj51SlCQhFMnpQjmP6wHh7JGRO8LsB4v5SGEr/Mwu7j6Gp +al8ckVM2vd1zqH/F4WJXYDlB525uuJm/fN3O1A2xsZ9BxRkh4N4U19TL9I2Tok3U +3kGg8To/6w1mEXpUQjo3OgNYqOBtawHuZI5nrOVaV3IrbQh1b2KgLo=" + +Identity-Info: ;alg=rsa-sha1 +Content-Length: 0 + +200 (7) + +SIP/2.0 200 OK + +Via: SIP/2.0/TLS b2bua.example.com;branch=z9hG4bKnashdxy;received=192.0. +2.2 + +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 3 INVITE +Contact: +Content-Length: 154 + +v=0 +o=UserA 2890844526 2890844526 IN IP4 ua1.example.com +s=Session SDP +c=IN IP4 ua1.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + + + + + + + + + + + +Elwell Standards Track [Page 20] + +RFC 4916 SIP Connected ID June 2007 + + +ACK (8) + +ACK sip:alice@ua1.example.com SIP/2.0 +Via: SIP/2.0/TLS b2bua.example.com;branch=z9hG4bKnashdxz +From: Carol ;tag=2ge46ab5 +To: Alice ;tag=13adc987 +Call-ID: 12345600@ua1.example.com +CSeq: 3 ACK +Max-Forwards: 70 +Content-Length: 154 + +v=0 +o=UserC 2890844546 2890844546 IN IP4 ua3.example.com +s=Session SDP +c=IN IP4 ua3.example.com +t=0 0 +m=audio 49172 RTP/AVP 0 +a=rtpmap:0 PCMU/8000 + +6. IANA Considerations + + This specification registers a new SIP option tag, as per the + guidelines in Section 27.1 of RFC 3261 [1]. + + This document defines the SIP option tag "from-change". + + The following row has been added to the "Option Tags" section of the + SIP Parameter Registry: + + +------------+------------------------------------------+-----------+ + | Name | Description | Reference | + +------------+------------------------------------------+-----------+ + | from-change| This option tag is used to indicate that | [RFC4916] | + | | a UA supports changes to URIs in From | | + | | and To header fields during a dialog. | | + +------------+------------------------------------------+-----------+ + +7. Security considerations + + RFC 4474 [3] discusses security considerations relating to the + Identity header field in some detail. Those same considerations + apply when using the Identity header field to authenticate a + connected identity in the From header field URI of a mid-dialog + request. + + A received From header field URI in a mid-dialog request for which no + valid Identity header field (or other means of authentication) has + been received either in this request or in an earlier request on this + + + +Elwell Standards Track [Page 21] + +RFC 4916 SIP Connected ID June 2007 + + + dialog cannot be trusted (except in very closed environments) and is + expected to be treated in a similar way to a From header field in a + dialog-initiating request that is not backed up by a valid Identity + header field. However, it is recommended not to reject a mid-dialog + request on the grounds that the Identity header field is missing + (since this would interfere with ongoing operation of the call). The + absence of a valid Identity header field can influence the + information given to the user. A UA can clear the call if policy or + user preference dictates. + + A signed connected identity in a mid-dialog request (URI in the From + header field accompanied by a valid Identity header field) provides + information about the peer UA in a dialog. In the case of the UA + that was the UAS in the dialog-forming request, this identity is not + necessarily the same as that in the To header field of the dialog- + forming request. This is because of retargeting during the routing + of the dialog-forming request. A signed connected identity says + nothing about the legitimacy of such retargeting, but merely reflects + the result of that retargeting. History information (RFC 4244 [8]) + can provide additional hints as to how the connected user has been + reached. + + Likewise, when a signed connected identity indicates a change of + identity during a dialog, it conveys no information about the reason + for such a change of identity or its legitimacy. + + Use of the sips URI scheme can minimize the chances of attacks in + which inappropriate connected identity information is sent, either at + call establishment time or during a call. + + Anonymity can be required by the user of a connected UA. For + anonymity the UA is expected to populate the URI in the From header + field of a mid-dialog request in the way described in RFC 4474 [3]. + +8. Acknowledgments + + Thanks to Francois Audet, Frank Derks, Steffen Fries, Vijay Gurbani, + Cullen Jennings, Paul Kyzivat, Hans Persson, Jon Peterson, Eric + Rescorla, Jonathan Rosenberg, Shida Schubert, Ya-Ching Tan, and Dan + Wing for providing valuable comments. + + + + + + + + + + + +Elwell Standards Track [Page 22] + +RFC 4916 SIP Connected ID June 2007 + + +9. References + +9.1. Normative References + + [1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., + Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: + Session Initiation Protocol", RFC 3261, June 2002. + + [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [3] Peterson, J. and C. Jennings, "Enhancements for Authenticated + Identity Management in the Session Initiation Protocol (SIP)", + RFC 4474, August 2006. + + [4] Rosenberg, J., "The Session Initiation Protocol (SIP) UPDATE + Method", RFC 3311, September 2002. + + [5] Rosenberg, J. and H. Schulzrinne, "Reliability of Provisional + Responses in the Session Initiation Protocol (SIP)", RFC 3262, + June 2002. + +9.2. Informative References + + [6] Handley, M., Schulzrinne, H., Schooler, E., and J. Rosenberg, + "SIP: Session Initiation Protocol", RFC 2543, March 1999. + + [7] Rosenberg, J., Peterson, J., Schulzrinne, H., and G. Camarillo, + "Best Current Practices for Third Party Call Control (3pcc) in + the Session Initiation Protocol (SIP)", RFC 3725, June 2002. + + [8] Barnes, M., "An Extension to the Session Initiation Protocol + (SIP) for Request History Information", RFC 4244, November 2005. + +Author's Address + + John Elwell + Siemens Enterprise Communications Limited + Technology Drive + Beeston, Nottingham NG9 1LA + UK + + Phone: +44 115 943 4989 + EMail: john.elwell@siemens.com + + + + + + + +Elwell Standards Track [Page 23] + +RFC 4916 SIP Connected ID June 2007 + + +Full Copyright Statement + + Copyright (C) The IETF Trust (2007). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND + THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF + THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + +Elwell Standards Track [Page 24] + -- cgit v1.2.3