1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
|
Network Working Group G. Vaudreuil
Request for Comments: 4238 Lucent Technologies
Category: Standards Track October 2005
Voice Message Routing Service
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
Voice messaging is traditionally addressed using telephone number
addressing. This document describes two techniques for routing voice
messages based on a telephone number. The complete service uses the
Voice Profile for Internet Mail (VPIM) Directory service to lookup a
VPIM email address with a telephone number and confirm that the
address is both valid and associated with the intended recipient.
However, this service will take time to become widely deployed in the
near term. This document also describes a basic send-and-pray
service that routes and delivers messages using only the ENUM
telephone number resolution service and the existing DNS mail routing
facilities.
Vaudreuil Standards Track [Page 1]
^L
RFC 4238 Voice Message Routing Service October 2005
Table of Contents
1. Design Goals ....................................................2
2. The Complete Service ............................................3
2.1. Specification of Service "E2U+VPIM:LDAP" ...................3
2.2. VPIM Directory Discovery ...................................4
2.3. Address Query ..............................................4
3. The Basic Service ...............................................4
3.1. Specification of Service "E2U+VPIM:Mailto:" ................5
3.2. Address Construction .......................................6
3.3. Interdomain Message Routing ................................6
3.4. Intradomain Message Routing ................................6
3.4.1. Directory-Enabled Routing ...........................6
3.4.2. Service-based Mail Routing ..........................7
4. Security Considerations .........................................7
4.1. Unsolicited Bulk Email .....................................7
4.2. DNS-based Attacks ..........................................7
5. IANA Considerations .............................................8
6. References ......................................................8
6.1. Normative References .......................................8
6.2. Informative References .....................................8
1. Design Goals
This profile is intended to provide a range of functional
capabilities for message routing based on one of two mechanisms. The
most complete service should use the ENUM address resolution service
to determine the VPIM directory, and then use LDAP to retrieve the
VPIM-specific email address that will be used for message routing.
The more basic send-and-pray message service uses only the ENUM
service and MX records to route the message to the intended
recipient's domain. The intelligence to further route the message to
the intended recipient is placed within the message routing system of
the recipient's domain.
The basic mechanism may be used even when there is a VPIM directory
service available. The basic service is useful when LDAP queries are
not available, such as may be the case for disconnected mobile
terminals or because of firewall or information security policies.
The basic mechanism should facilitate the routing of VPIM messages to
a suitable internal destination with a minimum of configuration. It
is an important goal to avoid any content-processing to determine the
nature of the message and its internal destination. At a minimum, it
should be possible to establish a simple mail forwarding rule that
Vaudreuil Standards Track [Page 2]
^L
RFC 4238 Voice Message Routing Service October 2005
sends all inbound VPIM messages to a designated system, while
facilitating the routing of FAX, SMS, or other telephone-addressed
messages to other potentially different systems.
It is a goal that the mechanisms outlined in this document be
extensible for all store-and-forward, telephone-number addressed
messaging services.
It is a goal that the VPIM directory discovery and VPIM directory
query steps occur within the timing constraints for user interfaces
in PSTN networks. 95% of the time, that constraint can be a two-
second response.
2. The Complete Service
For the complete VPIM message routing service, the sending client
SHOULD query the VPIM directory for the VPIM-specific email address.
The client SHOULD use the ENUM service to retrieve the identity of
the VPIM Directory to query. The client should then query that
server for the email address and any additional attributes desired.
2.1. Specification of Service "E2U+VPIM:LDAP"
* Service Name: E.164 to VPIM LDAP URL
* URI Type: "LDAP:"
* Type: VPIM
* Subtype: LDAP
* Functional Specification: See sections 3.2 through 3.3
* Intended Usage: COMMON
* Author: Greg Vaudreuil (gregv@ieee.org)
* Security Considerations:
o Malicious Redirection
One of the fundamental dangers related to any service such as
this is that a malicious entry in a resolver's database will
cause clients to resolve the E.164 into the wrong LDAP URL.
The possible intent may be to cause the client to connect to a
rogue LDAP server and retrieve (or fail to retrieve) a resource
containing fraudulent or damaging information.
Vaudreuil Standards Track [Page 3]
^L
RFC 4238 Voice Message Routing Service October 2005
o Denial of Service
By removing the URL to which the E.164 maps, a malicious
intruder may remove the client's ability to access the LDAP
directory server.
2.2. VPIM Directory Discovery
The VPIM directory server is found by using the ENUM protocol and
querying for the VPIMDIR service associated with the telephone number
of the recipient.
The DNS query name is created as described by [ENUM]. The telephone
number used for the directory location MAY contain additional sub-
address information as additional digits.
Example:
Query: 2.1.2.1.5.5.5.3.1.6.1.e164.arpa
Responses:
IN NAPTR 10 10 "U" "E2U+VPIM:LDAP" \
"!^.*$!ldap://vdir1.Zcorp.com/telephoneNumber=\1!" .
IN NAPTR 10 20 "U" " E2U+VPIM:LDAP" \
"!^.*$!ldap://vdir2.Zcorp.com/telephoneNumber=\1!" .
It is recommended that VPIMDIR servers be deployed in a redundant
configuration. NAPTR weight fields provide the ability to give two
records indicating the same service and preference a different
weight. The same weight can be specified for random distribution
between the two servers. See [NAPTR-1, NAPTR-2, NAPTR-3, NAPTR-4]
2.3. Address Query
Once the VPIM directory is discovered, the client SHOULD issue an
LDAP query for the vPIMrFC822Mailbox, that is, the address that
SHOULD be used as the value for both the RFC 822 To: field and the
SMTP RCPT command. See [VPIMDIR].
3. The Basic Service
The basic service relies upon NAPTR rewrite rules to mechanically
construct a valid VPIM-specific email address. In the recipient's
domain, the constructed address may be further routed using
intradomain mail routing techniques.
Vaudreuil Standards Track [Page 4]
^L
RFC 4238 Voice Message Routing Service October 2005
To facilitate a full range of intradomain routing options, the
constructed email address indicates that the message is a VPIM
message. For ease of processing in the recipient's intradomain mail
routing system, the indication that the message is a VPIM message
SHOULD be in the domain name portion.
Note that there is no assurance the constructed address is valid, nor
that the constructed address corresponds to the intended recipient.
Because no capabilities information is provided about the recipient,
messages sent with this mechanism SHOULD be sent using only the media
and content types of the VPIM V2 profile.
3.1. Specification of Service "E2U+VPIM:Mailto:"
* Service Name: E.164 to VPIM MailTo: URL
* URI Type: "Mailto:"
* Type: VPIM
* Subtype: MAILTO
* Functional Specification: See sections 4.2 through 4.4
* Intended Usage: COMMON
* Author: Greg Vaudreuil (gregv@ieee.org)
* Error Conditions:
o E.164 number not in the numbering plan
o E.164 number in the numbering plan, but no URLs exist for that
number
o E2U+VPIM:Mailto Service unavailable
* Security Considerations:
o Malicious Redirection
One of the fundamental dangers related to any service such as
this is that a malicious entry in a resolver's database will
cause clients to resolve the E.164 into the wrong email URL.
The possible intent may be to cause the client to send the
information to an incorrect destination.
Vaudreuil Standards Track [Page 5]
^L
RFC 4238 Voice Message Routing Service October 2005
o Denial of Service
By removing the URL to which the E.164 maps, a malicious
intruder may remove the client's ability to access the
resource.
o Unsolicited Bulk Email
The exposure of email addresses through the ENUM service
provides a bulk mailer access to large numbers of email
addresses where only the telephone number was previously known.
3.2. Address Construction
Construct a VPIM email address using the address rewrite rules of the
NAPTR records associated with the VPIM service.
3.3. Interdomain Message Routing
The interdomain routing of a constructed VPIM address is mechanically
indistinguishable from existing email routing. No changes to the
infrastructure are required. The sending system consults the Domain
Name System for an MX record corresponding to the domain name and
forwards the message to the indicated system.
3.4. Intradomain Message Routing
Within the recipient's domain, the message may be further routed to
the appropriate messaging system. Two general mechanisms may be used
to further route the message to the intended system within a network.
Note: This section is strictly informational. The mechanisms for
intradomain routing are an internal matter for the domain and do
not affect the protocol. It is only necessary that the addresses
created by the NAPTR rewrite rules have meaning to the domain
advertising them. However, a convention for the creation and use
of such addresses may be useful.
3.4.1. Directory-Enabled Routing
Various proprietary directory mechanisms provide a means for an
inbound mail router of the recipient's domain to send a message to
the appropriate internal mail host. In many cases, the local part of
the address is used to query for an internal mail address. That
internal mail address is substituted for the SMTP RCPT address and
used to deliver the message to the recipient mailbox. Note that the
mailbox does not need to have any knowledge of the mechanically-
constructed telephone number-based address.
Vaudreuil Standards Track [Page 6]
^L
RFC 4238 Voice Message Routing Service October 2005
Example address: +12145551212@sp.net
3.4.2. Service-based Mail Routing
Alternately, a mail gateway may simply send all voice messages into a
separate messaging system. That system may be a single voice
messaging server or a service-specific gateway into a larger
telephone number-based voice-messaging network.
Such a mail gateway may be provisioned with a simple rule or small
set of rules to forward all messages of a given service type to a
pre-defined server. This rule would check for the service name
"VPIM" as a prefix to the constructed domain name to reroute
messages.
Example address: +12145551212@VPIM.sp.net
4. Security Considerations
There is little information disclosed to the sender of the message
that is not already disclosed using standard email protocols. The
ability to use this protocol to probe for valid addresses is
identical to the sending of test messages and waiting for a non-
delivery notification in return.
4.1. Unsolicited Bulk Email
However, the use of ENUM records to create routable email addresses
from telephone numbers provides bulk-emailers the capabilities to
send email to a large set of recipients where only the telephone
number is known or where telephone numbers are guessed.
4.2. DNS-based Attacks
Both the complete and basic services rely upon the DNS to provide the
information necessary to validate a recipient or send a message. The
message sender is a casual, unauthenticated use of the indicated
servers, and relies upon the DNS for accurate information. If the
DNS is compromised, an attacker can redirect messages by providing a
malicious email address or indicating a rogue directory with
malicious LDAP URL's. Use of DNS Security protocols [DNSSEC]
substantially reduces the risk of a domain being hijacked. If the
E.164 zone is secured with DNSSEC, then the attack is precluded if
the client can trust the key used to sign the zone. DNS security
does not protect against the LDAP service being independently
compromised. Further discussion on the risk to this LDAP service is
provided in [VPIMDIR].
Vaudreuil Standards Track [Page 7]
^L
RFC 4238 Voice Message Routing Service October 2005
5. IANA Considerations
This specification registers the E2U+VPIM and E2U+Voice services
according to the specifications and guidelines in RFC 3761 [ENUM] and
the definitions in this document.
6. References
6.1. Normative References
[ENUM] Faltstrom, P. and M. Mealling, "The E.164 to Uniform
Resource Identifiers (URI) Dynamic Delegation Discovery
System (DDDS) Application (ENUM)", RFC 3761, April 2004.
[NAPTR-1] Mealling, M., "Dynamic Delegation Discovery System (DDDS)
Part One: The Comprehensive DDDS", RFC 3401, October 2002.
[NAPTR-2] Mealling, M., "Dynamic Delegation Discovery System (DDDS)
Part Two: The Algorithm", RFC 3402, October 2002.
[NAPTR-3] Mealling, M., "Dynamic Delegation Discovery System (DDDS)
Part Three: The Domain Name System (DNS) Database", RFC
3403, October 2002.
[NAPTR-4] Mealling, M., "Dynamic Delegation Discovery System (DDDS)
Part Four: The Uniform Resource Identifiers (URI)", RFC
3404, October 2002.
[VPIMDIR] Vaudreuil, G., "Voice Messaging Directory Service", RFC
4237, October 2005.
6.2. Informative References
[VPIMV2] Vaudreuil, G. and G. Parsons, "Voice Profile for Internet
Mail - version 2 (VPIMv2)", RFC 3801, June 2004.
[DNSSEC] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", RFC
4033, March 2005.
Vaudreuil Standards Track [Page 8]
^L
RFC 4238 Voice Message Routing Service October 2005
Author's Address
Please send comments on this document to the VPIM working group
mailing list <vpim@ietf.org>.
Gregory M. Vaudreuil
Lucent Technologies
9489 Bartgis Ct
Frederick, MD 21702
EMail: GregV@ieee.org
Vaudreuil Standards Track [Page 9]
^L
RFC 4238 Voice Message Routing Service October 2005
Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Vaudreuil Standards Track [Page 10]
^L
|