From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc5628.txt | 843 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 843 insertions(+) create mode 100644 doc/rfc/rfc5628.txt (limited to 'doc/rfc/rfc5628.txt') diff --git a/doc/rfc/rfc5628.txt b/doc/rfc/rfc5628.txt new file mode 100644 index 0000000..58a3061 --- /dev/null +++ b/doc/rfc/rfc5628.txt @@ -0,0 +1,843 @@ + + + + + + +Network Working Group P. Kyzivat +Request for Comments: 5628 Cisco Systems, Inc. +Category: Standards Track October 2009 + + + Registration Event Package Extension for + Session Initiation Protocol (SIP) + Globally Routable User Agent URIs (GRUUs) + +Abstract + + RFC 3680 defines a Session Initiation Protocol (SIP) event package + for registration state. This package allows a watcher to learn about + information stored by a SIP registrar, including its registered + contact. + + However, the registered contact is frequently unreachable and thus + not useful for watchers. The Globally Routable User Agent URI + (GRUU), defined in RFC 5627, is a URI that is capable of reaching a + particular contact. However this URI is not included in the document + format defined in RFC 3680. This specification defines an extension + to the registration event package to include GRUUs assigned by the + registrar. + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (c) 2009 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the BSD License. + + + + + +Kyzivat Standards Track [Page 1] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + This document may contain material from IETF Documents or IETF + Contributions published or made publicly available before November + 10, 2008. The person(s) controlling the copyright in some of this + material may not have granted the IETF Trust the right to allow + modifications of such material outside the IETF Standards Process. + Without obtaining an adequate license from the person(s) controlling + the copyright in such materials, this document may not be modified + outside the IETF Standards Process, and derivative works of it may + not be created outside the IETF Standards Process, except to format + it for publication as an RFC or to translate it into languages other + than English. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 4. Notifier Processing of SUBSCRIBE Requests . . . . . . . . . . 4 + 5. Notifier Generation of NOTIFY Requests . . . . . . . . . . . . 4 + 6. Subscriber Processing of NOTIFY Requests . . . . . . . . . . . 5 + 6.1. Managing Temporary GRUU Lifetime . . . . . . . . . . . . . 5 + 7. Sample reginfo Document . . . . . . . . . . . . . . . . . . . 7 + 8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 + 8.1. Example: Welcome Notice . . . . . . . . . . . . . . . . . 8 + 8.2. Example: Implicit Registration . . . . . . . . . . . . . . 8 + 9. XML Schema Definition . . . . . . . . . . . . . . . . . . . . 11 + 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 + 10.1. URN Sub-Namespace Registration . . . . . . . . . . . . . . 12 + 10.2. XML Schema Registration . . . . . . . . . . . . . . . . . 13 + 11. Security Considerations . . . . . . . . . . . . . . . . . . . 13 + 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14 + 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 + 13.1. Normative References . . . . . . . . . . . . . . . . . . . 14 + 13.2. Informative References . . . . . . . . . . . . . . . . . . 14 + + + + + + + + + + + + + + + + + +Kyzivat Standards Track [Page 2] + +RFC 5628 Reg Event GRUU Extension October 2009 + + +1. Introduction + + RFC 3680 [2] defines a Session Initiation Protocol (SIP) [5] event + package for registration state. This package allows a watcher to + learn about information stored by a SIP registrar, including the + registered contacts. + + However, a registered contact is frequently unreachable from hosts + outside of the domain of the User Agent (UA). It is commonly a + private address, or, when it is a public address, access to it may be + blocked by firewalls. + + The Globally Routable User Agent URI (GRUU), defined in RFC 5627 [3], + is a URI that reaches a particular UA instance, but is reachable by + any host on the Internet. GRUUs assigned by the registrar represent + additional registration state. However, GRUUs assigned by the + registrar are not included in the notifications provided by RFC 3680. + For many applications of the registration event package, a GRUU is + needed, and not the registered contact. + + For example, the Welcome Notices example in [2] will only operate + correctly if the contact address in the registration event + notification is reachable by the sender of the welcome notice. When + the registering device is using the GRUU extension, it is likely that + the registered contact address will not be globally addressable, and + a GRUU should be used as the target address for the MESSAGE. + + Another case where this feature may be helpful is within the Third + Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS). + IMS employs a technique where a REGISTER of a contact address to one + Address of Record (AOR) causes the implicit registration of the same + contact to other associated AORs. If GRUUs are requested and + obtained as part of the registration request, then additional GRUUs + will also be needed for the implicit registrations. While assigning + the additional GRUUs is straightforward, informing the registering UA + of them is not. In IMS, UAs typically subscribe to the registration + event, and subscriptions to the registration event for an AOR result + in notifications, each containing the registration state of all the + associated AORs. The proposed extension provides a way to easily + deliver the GRUUs for the associated AORs. + + As specified in RFC 5627 [3], temporary GRUUs are invalidated when + contact address bindings for the corresponding AOR and instance ID + are not refreshed, or when a registration to the AOR and instance ID + is performed with a new Call-ID. A UA cannot always determine with + certainty which temporary GRUUs are valid based solely on the + response to the REGISTER requests it has issued, or from + + + + +Kyzivat Standards Track [Page 3] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + notifications according to RFC 3680 [2]. The extension defined in + this document provides sufficient information for a UA to determine + which temporary GRUUs are valid. + + The registration event package has provisions for including extension + elements within the element. This document defines new + elements that may be used in that context to deliver the public and + temporary GRUUs corresponding to the contact. + +2. Terminology + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119. [1] + +3. Description + + Two new elements ( and ) are defined, each of + which contains a GRUU. The element also identifies the + oldest temporary GRUU that is currently valid. + + These optional elements may be included within the body of a NOTIFY + for the registration event package when GRUUs are associated with the + contact. The contact URI and the GRUUs are then all available to the + watcher. + +4. Notifier Processing of SUBSCRIBE Requests + + Unchanged from RFC 3680 [2]. + +5. Notifier Generation of NOTIFY Requests + + A notifier for the registration event package [2] SHOULD include the + element when a contact has an instance ID and a public + GRUU is associated with the combination of the AOR and the instance + ID. When present, the element MUST be positioned as a + child of the element. + + A notifier for the registration event package [2] MAY include the + element when a contact has an instance ID and a temporary + GRUU is associated with the combination of the AOR and the instance + ID. This element SHOULD be included if the subscriber is also + authorized to register to the AOR. This element SHOULD NOT be + included if the subscriber is not authorized to register to the AOR, + unless there is an explicitly configured policy directing that it be + included. When present, the element MUST be positioned + as a child of the element. + + + + +Kyzivat Standards Track [Page 4] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + Note that it is possible for multiple registered contacts to share + the same instance ID. In such a case, each element will + have child and elements, which are identical + to the corresponding child elements in those other elements + that share the same instance ID. Since a particular contact cannot + be associated with more than one instance ID, a element + will never have more than one and one child + element. + + If the notifier includes the element, it MUST populate the + element with the public GRUU that is associated with the instance ID + and AOR of the registered contact. + + If the notifier includes the element, it MUST populate + the element with the most recently assigned temporary GRUU that is + associated with the instance ID and AOR of the registered contact. + It MUST also populate the element with a "cseq" attribute + corresponding to the first (oldest) currently active temporary GRUU + that is associated with the instance ID and AOR of the registered + contact. The value of the "cseq" attribute is set to the value of + the CSeq header field of the REGISTER request that caused that first + temporary GRUU to be assigned. + +6. Subscriber Processing of NOTIFY Requests + + When a subscriber receives a registration event notification with a + containing a , it MAY associate the public GRUU + with the corresponding AOR and instance ID. Any previously received + public GRUU for the same AOR and instance ID MUST be discarded. (It + will no longer function.) + + When a subscriber receives a registration event notification with a + containing a , it MAY associate the temporary + GRUU, together with the "callid" and "cseq" attributes, with the + corresponding AOR and instance ID. + + Subscribers that are unaware of this extension will, as required by + [2], ignore the and elements. + +6.1. Managing Temporary GRUU Lifetime + + Section 4.2 of RFC 5627 [3] gives guidance for developers of UAs on + how to ensure that only valid temporary GRUUs are retained and used + by the UA. A UA cannot always determine with certainty which + temporary GRUUs are valid based solely on the information contained + in responses to the REGISTER requests it has issued or from the + information contained in notifications that conform solely to RFC + 3680 [2]. The extension defined in this document provides sufficient + + + +Kyzivat Standards Track [Page 5] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + added information for a UA to determine which temporary GRUUs are + valid. The extension to RFC 3680 defined in this document provides + added information to help with that process. The following are steps + that the UA MAY take to ensure it only retains valid GRUUs: + + o The UA should subscribe to the registration event package for the + AOR it is registering. + + o When a UA receives a 2xx response to a REGISTER request, it may + extract and retain temporary GRUUs from the response for future + use, as long as they remain valid. Appropriate GRUUs to retain + are those corresponding to the contact address and instance ID it + has registered. (Typically, the UA will register only one contact + address, and so receive at most one temporary GRUU.) + + o The UA may add the temporary GRUU to the set of valid temporary + GRUUs associated with the AOR. (Note, in this case AOR is the + To-address of the REGISTER request.) To aid in tracking validity, + the UA should also associate a "callid" attribute and "cseq" + attribute with the temporary GRUU, with values obtained + respectively from the Call-ID and CSeq values of the REGISTER + response containing the temporary GRUU. + + o If the UA receives a registration event notification with an AOR + (that it supports) and a , for a contact address and + instance ID (that it has registered and that contains a ), it may update its set of valid temporary GRUUs associated + with the AOR, as follows: + + * It may add the temporary GRUU to the set. To aid in tracking + validity, the UA should associate the "callid" and "cseq" + attributes of the with the GRUU in the set. + + * It should remove any temporary GRUUs with a "callid" attribute + value different from that in the value of the "callid" + attribute of the , or with a "cseq" attribute with + value less than the value of the "first-cseq" attribute of the + . + + o If the UA receives a registration event notification with an AOR + that it supports, and there are no entries for its + instance ID, then it should discard all the temporary GRUUs it has + saved for that AOR. + + + + + + + + +Kyzivat Standards Track [Page 6] + +RFC 5628 Reg Event GRUU Extension October 2009 + + +7. Sample reginfo Document + + Note: This example and others in the following section are + indented for readability by the addition of a fixed amount of + whitespace to the beginning of each line. This whitespace is not + part of the example. The conventions of [7] are used to describe + representation of long message lines. + + The following is an example registration information document that + includes the new element: + + + + + + sip:user@192.0.2.1 + + + "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" + + + + + + + + + + + + +8. Examples + + Note: In the following examples, the SIP messages have been + simplified, removing headers that are not pertinent to the example. + + When the value of the Content-Length header field is "...", this + means that the value should be the computed length of the body. + + + + + +Kyzivat Standards Track [Page 7] + +RFC 5628 Reg Event GRUU Extension October 2009 + + +8.1. Example: Welcome Notice + + Consider the Welcome Notices example in [2]. When the application + server receives a notification of a new registration containing the + reginfo shown in Section 7, it should address messages using the + contained public GRUU as follows: + + MESSAGE sip:user@example.com;gr=hha9s8d-999a SIP/2.0 + To: + From: "SIPland Notifier" ;tag=7xy8 + Content-Type: text/plain + Content-Length: ... + + Welcome to SIPland! + Blah, blah, blah. + +8.2. Example: Implicit Registration + + In a 3GPP IMS setting, a UA may send a single register message, + requesting assignment of GRUUs, as follows: + + REGISTER sip:example.net SIP/2.0 + From: ;tag=5ab4 + To: + Call-ID: faif9a@ua.example.com + CSeq: 23001 REGISTER + Contact: + ;expires=3600 + ;+sip.instance="" + Supported: path, gruu + Content-Length: 0 + + The response reports success of the registration and returns the + GRUUs assigned for the combination of AOR, instance ID, and Contact. + It also indicates (via the P-Associated-URI header [6]) that there + are two other associated AORs that may have been implicitly + registered using the same contact. Each of those implicitly + registered AORs will have unique GRUUs assigned. The REGISTER + response will not include those GRUUs; it will only include the GRUUs + for the AOR and instance ID explicitly included in the registration. + + SIP/2.0 200 OK + From: ;tag=5ab4 + To: ;tag=373392 + Call-ID: faif9a@ua.example.com + CSeq: 23001 REGISTER + Path: + Service-Route: + + + +Kyzivat Standards Track [Page 8] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + Contact: + ;expires=3600 + ;+sip.instance="" + ;pub-gruu="sip:user_aor_1@example.net;gr=hha9s8d-999a" + ;temp-gruu="sip:8ffkas08af7fasklzi9@example.net;gr" + P-Associated-URI: , + + Content-Length: 0 + + The UA then subscribes to the registration event package as follows: + + SUBSCRIBE sip:user_aor_1@example.net SIP/2.0 + From: ;tag=27182 + To: + Call-ID: gbjg0b@ua.example.com + CSeq: 45001 SUBSCRIBE + Route: + Event: reg + Expires: 3600 + Accept: application/reginfo+xml + Contact: + Content-Length: 0 + + (The successful response to the subscription is not shown.) Once the + subscription is established, an initial notification is sent giving + registration status. In IMS deployments, the response includes, in + addition to the status for the requested URI, the status for the + other associated URIs. + + NOTIFY sip:user_aor_1@example.net;gr=hha9s8d-999a SIP/2.0 + From: ;tag=27182 + To: ;tag=262281 + Call-ID: gbjg0b@ua.example.com + CSeq: 633 NOTIFY + Subscription-State: active;expires=3600 + Event: reg + Content-Type: application/reginfo+xml + Contact: + Content-Length: ... + + + + + + + sip:ua.example.com + + + + "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" + + + + + + + + + + + + + + sip:ua.example.com + + + + "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" + + + + + + + + + + + + + + sip:ua.example.com + + + + "<urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6>" + + + + + + + + + + + + + The status indicates that the associated URIs all have the same + contact registered. It also includes the unique GRUUs that have been + assigned to each. The UA may then retain those GRUUs for use when + establishing dialogs using the corresponding AORs. + +9. XML Schema Definition + + The and elements are defined within a new XML + namespace URI. This namespace is "urn:ietf:params:xml:ns:gruuinfo". + The schema for these elements is: + + + + + + + + + + + + + +Kyzivat Standards Track [Page 11] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + + + + + + + +10. IANA Considerations + + There are two IANA considerations associated with this specification. + +10.1. URN Sub-Namespace Registration + + This section registers a new XML namespace, per the guidelines in + [4]. + + URI: The URI for this namespace is urn:ietf:params:xml:ns:gruuinfo + + Registrant Contact: IETF, SIPPING working group, , + Paul Kyzivat + + XML: + + BEGIN + + + + + + Reg Information GRUU Extension Namespace + + +

Namespace for Reg Information GRUU Extension

+

urn:ietf:params:xml:ns:gruuinfo

+

See + RFC5628.

+ + + END + + + + + + + + + + +Kyzivat Standards Track [Page 12] + +RFC 5628 Reg Event GRUU Extension October 2009 + + +10.2. XML Schema Registration + + This section registers an XML schema per the procedures in [4]. + + URI: urn:ietf:params:xml:schema:gruuinfo. + + Registrant Contact: IETF, SIPPING working group, , + Paul Kyzivat + + The XML for this schema can be found in Section 9. + +11. Security Considerations + + Security considerations for the registration event package are + discussed in RFC 3680 [2], and those considerations apply here. + + If a contact address obtained via subscription to the registration + event package is not reachable by the subscriber, then its disclosure + may arguably be considered a minimal security risk. In that case, + the inclusion of a GRUU may be considered to increase the risk by + providing a reachable address. On the other hand, requests addressed + to a GRUU are always first processed by the servicing proxy before + they reach the intended User Agent. The proxy may control access as + desired, just as it may for the AOR. For instance, the proxy + servicing a GRUU may accept requests from senders whose identity + appears on a white list, and reject other requests. In this respect, + disclosing a GRUU presents no more risk than disclosing the AOR. + + Temporary GRUUs have an additional security consideration. The + intent of the temporary GRUU is to provide a contact address that + cannot be correlated to the identity of the calling party. The + recipient of a call using a temporary GRUU may guess the identity of + the calling party and then attempt to obtain the temporary GRUUs + assigned to that caller to confirm the conjecture. Two possible + approaches to obtaining the temporary GRUUs are: + + o Send a REGISTER request to a conjectured caller. + + o Send a SUBSCRIBE request for the registration event package to the + conjectured caller. + + Typically, REGISTER is restricted to devices or users that are + authorized to originate and receive calls with the AOR. Anonymity + among users of the same AOR is hard to achieve and typically + unnecessary. It is recommended (see Section 5) that the + authorization policy for the registration event package permit only + those subscribers who are authorized to register to the AOR to + receive temporary GRUUs. With this policy, the confidentiality of + + + +Kyzivat Standards Track [Page 13] + +RFC 5628 Reg Event GRUU Extension October 2009 + + + the temporary GRUU will be the same with and without the registration + event package. User Agents that use a temporary GRUU should note + that confidentiality does not extend to parties that are permitted to + register to the AOR or to obtain the temporary GRUU when subscribing + to the registration event package. + +12. Acknowledgements + + The author would like to thank Jonathan Rosenberg for help with this + document, and Jari Urpalainen for assistance with the XML. + +13. References + +13.1. Normative References + + [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [2] Rosenberg, J., "A Session Initiation Protocol (SIP) Event + Package for Registrations", RFC 3680, March 2004. + + [3] Rosenberg, J., "Obtaining and Using Globally Routable User Agent + (UA) URIs (GRUU) in the Session Initiation Protocol (SIP)", RFC + 5627, October 2009. + + [4] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, + January 2004. + +13.2. Informative References + + [5] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., + Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: + Session Initiation Protocol", RFC 3261, June 2002. + + [6] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header + (P-Header) Extensions to the Session Initiation Protocol (SIP) + for the 3rd-Generation Partnership Project (3GPP)", RFC 3455, + January 2003. + + [7] Sparks, R., Hawrylyshen, A., Johnston, A., Rosenberg, J., and H. + Schulzrinne, "Session Initiation Protocol (SIP) Torture Test + Messages", RFC 4475, May 2006. + + + + + + + + + +Kyzivat Standards Track [Page 14] + +RFC 5628 Reg Event GRUU Extension October 2009 + + +Author's Address + + Paul H. Kyzivat + Cisco Systems, Inc. + 1414 Massachusetts Avenue + Boxborough, MA 01719 + USA + + EMail: pkyzivat@cisco.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Kyzivat Standards Track [Page 15] + -- cgit v1.2.3