One document matched: draft-ietf-speermint-requirements-09.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with VI Improved (vim)
by Jean-Francois Mule - jfm@cablelabs.com -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc3824 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3824.xml'>
<!ENTITY rfc3263 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3263.xml'>
<!ENTITY rfc3365 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3365.xml'>
<!ENTITY rfc4566 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4566.xml'>
<!ENTITY rfc3261 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3261.xml'>
<!ENTITY rfc3550 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3550.xml'>
<!ENTITY rfc3951 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3951.xml'>
<!ENTITY rfc3952 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3952.xml'>
<!ENTITY rfc3611 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3611.xml'>
<!ENTITY rfc4474 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4474.xml'>
<!ENTITY rfc3986 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml'>
<!ENTITY rfc3966 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3966.xml'>
<!ENTITY rfc2198 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2198.xml'>
<!ENTITY rfc3702 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3702.xml'>
<!ENTITY rfc3455 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3455.xml'>
<!ENTITY rfc5503 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5503.xml'>
<!ENTITY rfc3711 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3711.xml'>
<!ENTITY rfc4347 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4347.xml'>
<!ENTITY rfc4916 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4916.xml'>
<!ENTITY rfc4571 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4571.xml'>
<!ENTITY rfc4572 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4572.xml'>
<!ENTITY rfc5411 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5411.xml'>
<!ENTITY rfc5344 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5344.xml'>
<!ENTITY rfc5486 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5486.xml'>
<!ENTITY rfc3466 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3466.xml'>
<!ENTITY rfc3568 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3568.xml'>
<!ENTITY rfc3570 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3570.xml'>
<!ENTITY rfc3920 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3920.xml'>
<!ENTITY rfc4975 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4975.xml'>
<!ENTITY rfc4786 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4786.xml'>
<!ENTITY rfc3863 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3863.xml'>
<!ENTITY rfc5630 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5630.xml'>
<!ENTITY I-D.ietf-sip-connect-reuse SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sip-connect-reuse.xml">
<!ENTITY I-D.ietf-speermint-voip-consolidated-usecases SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-speermint-voip-consolidated-usecases.xml">
<!ENTITY I-D.ietf-speermint-architecture SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-speermint-architecture.xml">
<!ENTITY I-D.ietf-pmol-sip-perf-metrics SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-pmol-sip-perf-metrics.xml">
<!ENTITY I-D.ietf-sip-dtls-srtp-framework SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-sip-dtls-srtp-framework.xml">
<!ENTITY I-D.ietf-avt-dtls-srtp SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-avt-dtls-srtp.xml">
<!ENTITY I-D.niccolini-speermint-voipthreats SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.niccolini-speermint-voipthreats.xml">
]>
<rfc category="info" ipr="trust200902" docName="draft-ietf-speermint-requirements-09.txt">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<?rfc compact="no" ?>
<?rfc subcompact="no" ?>
<front>
<title abbrev="SPEERMINT Requirements"> SPEERMINT Requirements for SIP-based Session Peering</title>
<author initials="J-F.M." surname="Mule" fullname="Jean-Francois Mule">
<organization>CableLabs</organization>
<address>
<postal>
<street>858 Coal Creek Circle</street>
<city>Louisville</city>
<region>CO</region>
<code>80027</code>
<country>USA</country>
</postal>
<email>jf.mule@cablelabs.com</email>
</address>
</author>
<date year="2009"/>
<area>Real-time Applications and Infrastructure Area</area>
<workgroup>SPEERMINT Working Group</workgroup>
<keyword>I-D</keyword>
<keyword>INTERNET-DRAFT</keyword>
<keyword>speermint, guidelines, requirements for session interconnects</keyword>
<abstract>
<t>
This memo captures protocol requirements to enable session peering of voice, presence, instant messaging and other types of multimedia traffic. It is based on the use cases that have been described in the SPEERMINT working group. This informational document is intended to link the session peering use cases to protocol solutions.
</t>
</abstract>
</front>
<middle>
<section anchor="overview" title="Introduction">
<t>
Peering at the session level represents an agreement between parties to exchange multimedia traffic. In this document, we assume that the Session Initiation Protocol (SIP) is used to establish sessions between SIP Service Providers (SSPs). SIP Service Providers are referred to as peers and they are typically represented by users, user groups, enterprises, real-time collaboration service communities, or other service providers offering voice or multimedia services using SIP.
</t>
<t>
A number of documents have been developed to provide background information about SIP session peering. It is expected that the reader is familiar with the reference architecture described in <xref target="I-D.ietf-speermint-architecture"/>, use cases for voice (<xref target="I-D.ietf-speermint-voip-consolidated-usecases"/>) and instant messaging and presence (<xref target="RFC5344"/>).
</t>
<t>
Peering at the session layer can be achieved on a bilateral basis (direct peering established directly between two SSPs), or on an indirect basis via a session intermediary (indirect peering via a third-party SSP that has a trust relationship with the SSPs) - see the terminology document for more details.
</t>
<t>
This document first describes general requirements. The use cases are then analyzed in the spirit of extracting relevant protocol requirements that must be met to accomplish the use cases. These requirements are intended to be independent of the type of media exchanged such as Voice over IP (VoIP), video telephony, and instant messaging. Requirements specific to presence and instant messaging are defined in <xref target="peering_pres" />.
</t>
<t>
It is not the goal of this document to mandate any particular use of IETF protocols by SIP Service Providers in order to establish session peering. Instead, the document highlights what requirements should be met and what protocols may be used to define the solution space.
</t>
<t> Finally, we conclude with a list of parameters for the definition of a session peering policy, provided in an informative appendix. It should be considered as an example of the information SIP Service Providers may have to discuss or agree on to exchange SIP traffic.
</t>
</section>
<section anchor="req_terminology" title="Terminology">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in <xref target="RFC2119"/>.
</t>
<t>
This document also reuses the terminology defined in <xref target="RFC5486"/>. It is assumed that the reader is familiar with the Session Description Protocol (SDP) <xref target="RFC4566"/> and the Session Initiation Protocol (SIP) <xref target="RFC3261"/>. Finally, when used with capital letters, the terms 'Authentication Service' are to be understood as defined by SIP Identity <xref target="RFC4474"/>.
</t>
</section>
<section anchor="general_requirements" title="General Requirements">
<t>
The following sub-sections contain general requirements applicable to multiple use cases for multimedia session peering.
</t>
<section anchor="general_requirements_scope" title="Scope">
<t>
The primary focus of this document is on the requirements applicable to the boundaries of Layer 5 SIP networks: SIP entities, Signaling path Border Elements (SBEs), and the associated protocol requirements for the look-up and location routing of the session establishment data. The requirements applicable to SIP User Agents or related to the provisioning of the session data are considered out of scope.
</t>
<t>
SIP Service Providers have to reach an agreement on numerous points when establishing session peering relationships .
<vspace blankLines="0"/>
This document highlights only certain aspects of a session peering agreement, mostly the requirements relevant to protocols: the declaration, advertisement and management of ingress and egress border elements for session signaling and media, information related to the Session Establishment Data (SED), and the security properties that may be desirable for secure session exchanges.
<vspace blankLines="0"/>
Numerous other considerations of session peering arrangements are critical to reach a successful agreement but they are considered out of scope of this document. They include information about SIP protocol support (e.g. SIP extensions and field conventions), media (e.g., type of media traffic to be exchanged, compatible media codecs and transport protocols, mechanisms to ensure differentiated quality of service for media), layer-3 IP connectivity between the Signaling and Data path Border Elements, accounting and traffic capacity control (e.g. the maximum number of SIP sessions at each ingress point, or the maximum number of concurrent IM or VoIP sessions).
</t>
<t>
The informative <xref target="appendixA"/> lists parameters that may be considered when discussing the technical parameters of SIP session peering. The purpose of this list is to capture the parameters that are considered outside the scope of the protocol requirements.
</t>
</section>
<section anchor="BorderElements" title="Border Elements">
<t>
For border elements to be operationally manageable, maximum flexibility should be given for how they are declared or dynamically advertised. Indeed, in any session peering environment, there is a need for a SIP Service Provider to declare or dynamically advertise the SIP entities that will face the peer's network. The data path border elements are typically signaled dynamically in the session description.
</t>
<t>The use cases defined in <xref target="I-D.ietf-speermint-voip-consolidated-usecases"/> catalog the various border elements between SIP Service Providers; they include Signaling path Border Elements (SBEs) and SIP proxies (or any SIP entity at the boundary of the Layer 5 network).
<list hangIndent="3" style="symbols">
<t>
Requirement #1: <vspace blankLines="0"/>
Protocol mechanisms MUST be provided to enable a SIP Service Provider to communicate the ingress Signaling Path Border Elements of its service domain.
<vspace blankLines="1"/>
Notes on solution space:
<vspace blankLines="0"/> The SBEs may be advertised to session peers using static mechanisms or they may be dynamically advertised. There is general agreement that <xref target="RFC3263"/> provides a solution for dynamically advertising ingress SBEs in most cases of Direct or Indirect peering. We discussed the DNS-based solution space further in Requirement #4 below, especially in cases where the DNS response varies based on who sends the query (peer-dependent SBEs).
</t>
<t>
Requirement #2: <vspace blankLines="0"/>
Protocol mechanisms MUST be provided to enable a SIP Service Provider to communicate the egress SBEs of its service domain.
<vspace blankLines="1"/>
Notes on motivations for this requirement:
<vspace blankLines="0"/>
For the purposes of capacity planning, traffic engineering and call admission control, a SIP Service Provider may be asked where it will generate SIP calls from. The SSP accepting calls from a peer may wish to know where SIP calls will originate from (this information is typically used by the terminating SSP).
<vspace blankLines="0"/>While provisioning requirements are out-of-scope, some SSPs may find use for a mechanism to dynamically advertise or discover the egress SBEs of a peer.
</t>
</list>
</t>
<t>
If the SSP also provides media streams to its users as shown in the use cases for "Originating" and "Terminating" SSPs, a mechanism must exist to allow SSPs to advertise their egress and ingress data path border elements (DBEs), if applicable. While some SSPs may have open policies and accept media traffic from anywhere outside their network to anywhere inside their network, some SSPs may want to optimize media delivery and identify media paths between peers prior to traffic being sent (layer 5 to layer 3 QoS mapping).
<list hangIndent="3" style="symbols">
<t>
Requirement #3:
<vspace blankLines="0"/>
Protocol mechanisms MUST be provided to allow a SIP Service Provider to communicate its DBEs to its peers.
<vspace blankLines="1"/>
Notes: Some SSPs engaged in SIP interconnects do exchange this type of DBE information in a static manner. Some SSPs do not.
</t>
</list>
</t>
<t>
In some SIP networks, SSPs may expose the same border elements to all peers. In other environments, it is common for SSPs to advertise specific SBEs and DBEs to certain peers. This is done by SSPs to meet specific objectives for a given peer: routing optimization of the signaling and media exchanges, optimization of the latency or throughput based on the 'best' SBE and DBE combination, and other service provider policy parameters. These are some of the reasons why advertisement of SBEs and DBEs may be peer-dependent.
<list hangIndent="3" style="symbols">
<t>Requirement #4: <vspace blankLines="0"/>
The mechanisms recommended for the declaration or
advertisement of SBE and DBE entities MUST allow for peer variability.
<vspace blankLines="1"/>
Notes on solution space:
<vspace blankLines="0"/>
A simple solution is to advertise SBE entities using DNS and <xref target="RFC3263"/> by providing different DNS names to different peers. This approach has some practical limitations because the SIP URIs containing the DNS names used to resolve the SBEs may be propagated by users, for example in the form of sip:user@domain. It is impractical to ask users to use different target URIs based upon their SIP service provider's desire to receive incoming session signaling at different ingress SBEs based upon the originator.
The solution described in <xref target="RFC3263"/> and based on DNS to advertise SBEs is therefore under-specified for this requirement.
<vspace blankLines="0"/>
Other DNS mechanisms have been used extensively in other areas of the Internet, in particular in Content Distribution Internetworking to make the DNS responses vary based on the originator of the DNS query (see <xref target="RFC3466"/>, <xref target="RFC3568"/> and <xref target="RFC3570"/>). The applicability of such solutions needs for session peering needs further analysis.
<vspace blankLines="0"/>
Finally, other techniques such as Anycast services (<xref target="RFC4786"/>) may be employed at lower layers than Layer 5 to provide a solution to this requirement. For example, anycast nodes could be defined by SIP service providers to expose a common address for SBEs into DNS, allowing the resolution of the anycast node address to the appropriate peer-dependent service address based on the routing topology or other criteria gathered from the combined use of anycast and DNS techniques.
<vspace blankLines="1"/>
Notes on variability of the SBE advertisements based on the media capabilities:
<vspace blankLines="0"/>
Some SSPs may have some restrictions on the type of media traffic their SBEs can accept. For SIP sessions however, it is not possible to communicate those restrictions in advance of the session initiation: a SIP target may support voice-only media, voice and video, or voice and instant messaging communications. While the inability to find out whether a particular type of SIP session can be terminated by a certain SBE can cause failed session establishment attempts, there is consensus to not add a new requirement in this document. These aspects are essentially covered by SSPs when discussing traffic exchange policies and are deemed out of scope of this document.
</t>
</list>
</t>
<t>
In the use cases provided as part of direct and indirect peering scenarios, an SSP deals with multiple SIP entities and multiple SBEs in its own domain. There is often a many-to-many relationship between the SIP Proxies considered inside the trusted network boundary of the SSP and its Signaling path Border Elements at the network boundaries.
<vspace blankLines="0"/>
It should be possible for an SSP to define which egress SBE a SIP entity must use based on a given peer destination.
<vspace blankLines="0"/>
For example, in the case of an indirect peering scenario (section 5. of <xref target="I-D.ietf-speermint-voip-consolidated-usecases"/>), it should be possible for the SIP proxy in the originating network (O-Proxy) to select the appropriate egress SBE (O-SBE) to reach the SIP target based on the information the proxy receives from the Lookup Function (O-LUF) and/or Location Routing Function (O-LRF) - message response labeled (2). Note that this example also applies to the case of Direct Peering when a service provider has multiple service areas and each service area involves multiple SIP Proxies and a few SBEs.
<list hangIndent="3" style="symbols">
<t>Requirement #5: <vspace blankLines="0"/>
The mechanisms recommended for the Look-Up Function (LUF) and the Location Routing Functions (LRF) MUST be capable of returning both a target URI destination and a value providing the next SIP hop(s).
<vspace blankLines="1"/>
Notes: solutions may exist depending on the choice of the protocol used between the Proxy and its LUF/LRF. The idea is for the O-Proxy to be provided with the next SIP hop and the equivalent of one or more SIP Route header values. If ENUM is used as a protocol for the LUF, the solution space is undefined.
</t>
</list>
</t>
<t>
It is desirable for an SSP to be able to communicate how authentication of a peer's SBEs will occur (see the security requirements for more details).
<list hangIndent="3" style="symbols">
<t>
Requirement #6: <vspace blankLines="0"/>
The mechanisms recommended for locating a peer's SBE MUST be able to convey how a peer should initiate secure session establishment.
<vspace blankLines="1"/>
Notes: some mechanisms exist. For example, the required protocol use of SIP over TLS may be discovered via <xref target="RFC3263"/> and guidelines concerning the use of the SIPS URI scheme in SIP have been documented in <xref target="RFC5630"/>.
</t>
</list>
</t>
</section>
<section anchor="peering_sed" title="Session Establishment Data">
<t>
The Session Establishment Data (SED) is defined in <xref target="RFC5486"/> as the data used to route a call to the next hop associated with the called domain's ingress point.
The following paragraphs capture some general requirements on the SED data.
</t>
<section anchor="peering_sed_uri" title="User Identities and SIP URIs">
<t>
User identities used between peers can be represented in many different formats. Session Establishment Data should rely on URIs (Uniform Resource Identifiers, <xref target="RFC3986"/>) and SIP URIs should be preferred over tel URIs (<xref target="RFC3966"/>) for session peering of VoIP traffic.
<vspace blankLines="0"/>
The use of DNS domain names and hostnames is recommended in SIP URIs and they should be resolvable on the public Internet. As for the user part of the SIP URIs, the mechanisms for session peering should not require an SSP to be aware of which individual user identities are valid within its peer's domain.
<list hangIndent="3" style="symbols">
<t>
Requirement #7:<vspace blankLines="0"/>
The protocols used for session peering MUST accommodate the use of different types of URIs. URIs with the same domain-part SHOULD share the same set of peering policies, thus the domain of the SIP URI may be used as the primary key to any information regarding the
reachability of that SIP URI. The host part of SIP URIs SHOULD contain a fully-qualified domain name instead of a numeric IPv4 or IPv6 address.
</t>
<t>
Requirement #8: <vspace blankLines="0"/>
The mechanisms for session peering should not require an SSP to be aware of which individual user identities are valid within its peer's domain.
</t>
<t>
Notes on the solution space for #7 and #8: <vspace blankLines="0"/>
This is generally well supported by IETF protocols. When telephone numbers are in tel URIs, SIP requests cannot be routed in accordance with the traditional DNS resolution procedures standardized for SIP as indicated in <xref target="RFC3824"/>. This means that the solutions built for session peering must not solely use PSTN identifiers such as Service Provider IDs (SPIDs) or Trunk Group IDs (they should not be precluded but solutions should not be limited to these).
<vspace blankLines="0"/>
Motivations:
<vspace blankLines="0"/>
Although SED data may be based on E.164-based SIP URIs for voice interconnects, a generic peering methodology should not rely on such E.164 numbers.
</t>
</list>
</t>
</section>
<section anchor="peering_sed_urireach" title="URI Reachability">
<t>
Based on a well-known URI type (for e.g. sip:, pres:, or im: URIs), it must be possible to determine whether the SSP domain servicing the URI allows for session peering, and if it does, it should be possible to locate and retrieve the domain's policy and SBE entities.
<vspace blankLines="0"/>
For example, an originating service provider must be able to determine whether a SIP URI is open for direct interconnection without requiring an SBE to initiate a SIP request. Furthermore, since each call setup implies the execution of any proposed algorithm, the establishment of a SIP session via peering should incur minimal overhead and delay, and employ caching wherever possible to avoid extra protocol round trips.
<list hangIndent="3" style="symbols">
<t>
Requirement #9:<vspace blankLines="0"/>
The mechanisms for session peering MUST allow an SBE to locate its peer SBE given a URI type and the target SSP domain name.
</t>
</list>
</t>
</section>
</section>
</section>
<section anchor ="peering_pres" title="Requirements for Session Peering of Presence and Instant Messaging">
<t>
This section describes requirements for presence and instant messaging session peering. Several use cases for presence and instant messaging peering are described in <xref target="RFC5344"/>, a document authored by A. Houri, E. Aoki and S. Parameswar. Credits for the original content captured in this section must go to them.
</t>
<t>
<list hangIndent="3" style="symbols">
<t>
Requirement #10:
<vspace blankLines="0"/>
The mechanisms recommended for the exchange of presence information between SSPs SHOULD allow a user of one presence community to send a presence subscription request to presentities served by another SSP via its local community, including subscriptions to a single presentity, a personal, public or ad-hoc group list of presentities.
<vspace blankLines="1"/>
Notes: see section 2.2 of <xref target="RFC5344"/>.
</t>
<t>
Requirement #11:
<vspace blankLines="0"/>
The mechanisms recommended for Instant Messaging exchanges between SSPs SHOULD allow a user of one SSP's community to communicate with users of the other SSP community via their local community using the various methods. Note that some SSPs may exercise some control over which methods are allowed based on service policies. Such methods include sending a one-time IM message, initiating a SIP session for transporting sessions of messages, participating in n-way chats using chat rooms with users from the peer SSPs, etc.
<vspace blankLines="1"/>
Notes: see section 2.6 of <xref target="RFC5344"/>.
</t>
<t>
Requirement #12: Privacy Sharing
<vspace blankLines="0"/>
In some presence communities, users can define the list of watchers that receive presence notifications for a given presentity. Such privacy settings for watcher notifications per presentity are typically not shared across SSPs causing multiple notifications to be sent for one presentity change between SSPs. The sharing of those privacy settings per presentity between SSPs would allow fewer notifications: a single notification would be sent per presentity and the terminating SSP would send notifications to the appropriate watchers according to the presentity's privacy information.
<vspace blankLines="0"/>
The mechanisms recommended for Presence information exchanges between SSPs SHOULD allow the sharing of some user privacy settings in order for users to convey the list of watchers that can receive notification of presence information changes on a per presentity basis.
<vspace blankLines="0"/>
The privacy sharing mechanism must be done with the express consent of the user whose privacy settings will be shared with to the other community. Because of the privacy-sensitive information exchanged between SSPs, the protocols used for the exchange of presence information must follow the security recommendations defined in section 6 of <xref target="RFC3863"/>.
<vspace blankLines="1"/>
Notes: see section 2.3 of <xref target="RFC5344"/>.
</t>
<t>
Requirement #13: Multiple Watchers
<vspace blankLines="0"/>
It should be possible to send a presence document with a list of watchers on the other community that should receive the presence document notification. This will enable sending less presence document notifications between the communities while avoiding the need to share privacy information of presentities from one community to the other.
<vspace blankLines="0"/>
The systems used to exchange presence documents between SSPs SHOULD allow more than one watchers to be passed with a presence document.
</t>
<t>
Requirement #14: Standard PIDF Documents and Mappings
<vspace blankLines="0"/>
Early deployments of SIP-based presence and Instant Messaging gateways have been done in front of legacy proprietary systems that use different naming schemes or name values for the elements and properties defined in a Presence Information Data Format (PIDF) document (<xref target="RFC3863"/>). For example the value "Do Not Disturb" in one presence service may be mapped to "Busy" in another system for the status element. Beyond this example of status values, it is important to ensure that the meaning of the presence information is preserved between SSPs.
<vspace blankLines="0"/> The systems used to exchange presence documents between SSPs SHOULD use standard PIDF documents and translate any non-standard value of a PIDF element to a standard one.
</t>
</list>
</t>
</section>
<section anchor="sec_req" title="Security Considerations">
<t>
This section describes the security properties that are desirable for the protocol exchanges in scope of session peering. Three types of information flows are described in the architecture and use case documents: the acquisition of the Session Establishment Data (SED) based on a destination target via the Lookup and Location Routing Functions (LUF and LRF), the SIP signaling between SIP Service Providers, and the associated media exchanges.
</t>
<t>
This section is focused on three security services, authentication, data confidentiality and data integrity as summarized in <xref target="RFC3365" />. However, this text does not specify the mandatory-to-implement security mechanisms as required by <xref target="RFC3365" />; this is left for future protocol solutions that meet the requirements.
</t>
<t>
A security threat analysis provides additional guidance for session peering (<xref target="I-D.niccolini-speermint-voipthreats" />).
</t>
<section anchor="sec_req_luf" title="Security Properties for the Acquisition of Session Establishment Data">
<t>
The Look-Up Function (LUF) and Location Routing Function (LRF) are defined in <xref target="RFC5486"/>. They provide mechanisms for determining the SIP target address and domain the request should be sent to, and the associated SED to route the request to that domain.
</t>
<t>
<list hangIndent="3" style="symbols">
<t>
Requirement #15: <vspace blankLines="0"/>
The protocols used to query the Lookup and Location Routing Functions SHOULD support mutual authentication.
<vspace blankLines="1"/>
Motivations: <vspace blankLines="0"/>
A mutual authentication service should be provided for the LUF and LRF protocol exchanges. The content of the response returned by the LUF and LRF may depend on the identity of the requestor: the authentication of the LUF & LRF requests is therefore a desirable property. Mutual authentication is also desirable: the requestor may verify the identity of the systems that provided the LUF & LRF responses given the nature of the data returned in those responses. Authentication also provides some protection for the availability of the LUF and LRF against attackers that would attempt to launch DoS attacks by sending bogus requests causing the LUF to perform a lookup and consume resources.
</t>
<t>
Requirement #16: <vspace blankLines="0"/>
The protocols used to query the Lookup and Location Routing Functions SHOULD provide support for data confidentiality and integrity.
<vspace blankLines="1"/>
Motivations: <vspace blankLines="0"/>
Given the sensitive nature of the session establishment data exchanged with the LUF and LRF functions, the protocol mechanisms chosen for the lookup and location routing should offer data confidentiality and integrity protection (SED data may contain user addresses, SIP URI, location of SIP entities at the boundaries of SIP Service Provider domains, etc.).
</t>
<t>
Notes on the solution space for Requirements #15 and #16: ENUM, SIP and proprietary protocols are typically used today for accessing these functions. Even though SSPs may use lower layer security mechanisms to guarantee some of those security properties, candidate protocols for the LUF and LRF should meet the above requirements.
</t>
</list>
</t>
</section>
<section anchor="sec_req_sip" title="Security Properties for the SIP signaling exchanges">
<t>
The SIP signaling exchanges are out of scope of this document. This section describes some of the security properties that are desirable in the context of SIP interconnects between SSPs without formulating any normative requirements.
</t>
<t>
In general, the security properties desirable for the SIP exchanges in an inter-domain context apply to session peering. These include:
<list hangIndent="3" style="symbols">
<t>
securing the transport of SIP messages between the peers' SBEs. Authentication of SIP communications is desirable, especially in the context of session peering involving SIP intermediaries. Data confidentiality and integrity of the SIP message body may be desirable as well given some of the levels of session peering indirection (indirect/assisted peering), but they could be harmful as they may prevent intermediary SSPs from "inserting" SBEs/DBEs along the signaling and data paths.
</t>
<t>
providing an Authentication Service to authenticate the identity of connected users based on the SIP Service Provider domains (for both the SIP requests and the responses).
</t>
</list>
</t>
<t>
The fundamental mechanisms for securing SIP between proxy servers intra- and inter-domain are applicable to session peering; refer to Section 26.2 of <xref target="RFC3261" /> for transport-layer security of SIP messages using TLS, <xref target="I-D.ietf-sip-connect-reuse" /> for establishing TLS connections between proxies, <xref target="RFC4474"/> for the protocol mechanisms to verify the identity of the senders of SIP requests in an inter-domain context, and <xref target="RFC4916" /> for verifying the identity of the sender of SIP responses).
</t>
</section>
<section anchor="sec_req_med" title="End-to-End Media Security">
<t>
Media security is critical to guarantee end-to-end confidentiality of the communication between the end-users' devices, independently of how many direct or indirect peers are present along the signaling path. A number of desirable security properties emerge from this goal.
</t>
<t>
The establishment of media security may be achieved along the media path and not over the signaling path given the indirect peering use cases.
<vspace blankLines="0"/>
For example, media carried over the Real-Time Protocol (RTP) can be secured using secure RTP (SRTP <xref target="RFC3711"/>). A framework for establishing SRTP security using Datagram TLS <xref target="RFC4347"/> is described in <xref target="I-D.ietf-sip-dtls-srtp-framework"/>: it allows for end-to-end media security establishment using extensions to DTLS (<xref target="I-D.ietf-avt-dtls-srtp"/>).
<vspace blankLines="0"/>
It should also be noted that media can be carried in numerous protocols other than RTP such as SIP (SIP MESSAGE method), MSRP (the Message Session Relay Protocol, <xref target="RFC4975"/>, XMPP (the Extensible Messaging and Presence Protocol, <xref target="RFC3920"/>) and many others. Media may also be carried over TCP (<xref target="RFC4571"/>), and it can be encrypted over secure connection-oriented transport sessions over TLS (<xref target="RFC4572"/>).
</t>
<t>
A desirable security property for session peering is for SIP entities to be transparent to the end-to-end media security negotiations: SIP entities should not intervene in the Session Description Protocol (SDP) exchanges for end-to-end media security.
</t>
<t>
<list hangIndent="3" style="symbols">
<t>
Requirement #17: <vspace blankLines="0"/>
The protocols used to enable session peering MUST NOT interfere with the exchanges of media security attributes in SDP. Media attribute lines that are not understood by SBEs MUST be ignored and passed along the signaling path untouched.
</t>
</list>
</t>
</section>
</section>
<section title="Acknowledgments">
<t>
This document is based on the input and contributions made by a large number of people including: Bernard Aboba, Edwin Aoki, Scott Brim, John Elwell, Mike Hammer, Avshalom Houri, Richard Shocky, Henry Sinnreich, Richard Stastny, Patrik Faltstrom, Otmar Lendl, Daryl Malas, Dave Meyer, Sriram Parameswar, Jon Peterson, Jason Livingood, Bob Natale, Benny Rodrig, Brian Rosen, Eric Rosenfeld, Peter Saint-Andre, David Schwartz and Adam Uzelac.
</t>
<t>
Specials thanks go to Rohan Mahy, Brian Rosen, John Elwell for their initial drafts describing guidelines or best current practices in various environments, to Avshalom Houri, Edwin Aoki and Sriram Parameswar for authoring the presence and instant messaging requirements and to Dan Wing for providing detailed feedback on the security consideration sections.
</t>
</section>
<section title="IANA Considerations">
<t> This document does not register any values in IANA registries.
</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc2119;
</references>
<references title="Informative References">
&rfc3365;
&rfc3986;
&rfc3966;
&rfc3261;
&rfc3824;
&rfc4566;
&rfc3263;
&rfc3550;
&rfc4474;
&rfc2198;
&rfc3455;
&rfc5503;
&rfc3702;
&rfc3611;
&rfc3711;
&rfc4347;
&rfc4916;
&rfc4571;
&rfc4572;
&I-D.ietf-sip-connect-reuse;
&I-D.ietf-pmol-sip-perf-metrics;
&rfc5486;
&I-D.ietf-speermint-voip-consolidated-usecases;
&rfc5411;
&I-D.ietf-speermint-architecture;
&I-D.ietf-sip-dtls-srtp-framework;
&I-D.ietf-avt-dtls-srtp;
&rfc5344;
&I-D.niccolini-speermint-voipthreats;
&rfc5630;
&rfc3920;
&rfc4975;
&rfc3466;
&rfc3568;
&rfc3570;
&rfc4786;
&rfc3863;
</references>
<section anchor="appendixA" title="Policy Parameters for Session Peering">
<t>
This informative section lists various types of parameters that should be considered by implementers when deciding what configuration variables to expose to system administrators or management stations, as well as SSPs or federations of SSPs when discussing the technical part of a session peering policy.
</t>
<t>
In the context of session peering, a policy can be defined as the set of parameters and other information needed by an SSP to exchange traffic with another peer. Some of the session policy parameters may be statically exchanged and set throughout the lifetime of the peering relationship. Others parameters may be discovered and updated dynamically using by some explicit protocol mechanisms. These dynamic parameters may be session-dependent, or the may apply over multiple sessions or peers.
</t>
<t>
Various types of policy information may need to be discovered or exchanged in order to establish session peering. At a minimum, a policy should specify information related to session establishment data in order to avoid session establishment failures. A policy may also include information related to QoS, billing and accounting, layer-3 related interconnect requirements which are out of the scope of this document.
</t>
<t>
Some aspects of session peering policies must be agreed to and manually implemented; they are static and are typically documented as part of a business contract, technical document or agreement between parties. For some parameters linked to protocol support and capabilities, standard ways of expressing those policy parameters may be defined among SSP and exchanged dynamically. For e.g., templates could be created in various document formats so that it could be possible to dynamically discover some of the domain policy. Such templates could be initiated by implementers (for each software/hardware release, a list of supported RFCs, RFC parameters is provided in a standard format) and then adapted by each SSP based on its service description, server or device configurations and variable based on peer relationships.
</t>
<section title="Categories of Parameters for VoIP Session Peering and Justifications">
<t>The following list should be considered as an initial list of "discussion topics" to be addressed by
peers when initiating a VoIP peering relationship.</t>
<t>
<list style="symbols">
<t>IP Network Connectivity:
<vspace blankLines="0"/>
Session peers should define how the IP network connectivity between their respective SBEs and
DBEs. While this is out of scope of session peering, SSPs must agree on a common mechanism for
IP transport of session signaling and media. This may be accomplish via private (e.g. IPVPN,
IPsec, etc.) or public IP networks.
</t>
<t> Media-related Parameters:
<list style="symbols">
<t> Media Codecs:
list of supported media codecs for audio, real-time fax (version of T.38, if applicable), real-time text (RFC 4103), DTMF transport, voice band data communications (as applicable) along with the supported or recommended codec packetization rates, level of RTP payload redundancy, audio volume levels, etc.
</t>
<t>
Media Transport: level of support for RTP-RTCP <xref target="RFC3550"/>, RTP Redundancy (RTP Payload for Redundant Audio Data - <xref target="RFC2198"/>) , T.38 transport over RTP, etc.
</t>
<t>Media variability at the Signaling path Border Elements: list of media types supported by the various ingress points of a peer's network.
</t>
<t>Other: support of the VoIP metric block as defined in RTP Control Protocol Extended Reports <xref target="RFC3611"/> , etc.</t>
</list>
</t>
<t>SIP:
<list style="symbols">
<t>A session peering policy should include the list of supported and required SIP RFCs, supported and required SIP methods (including private p headers if applicable), error response codes, supported or recommended format of some header field values , etc. </t>
<t>It should also be possible to describe the list of supported SIP RFCs by various functional groupings. A group of SIP RFCs may represent how a call feature is implemented (call hold, transfer, conferencing, etc.), or it may indicate a functional grouping as in <xref target="RFC5411"/>.
</t>
</list>
</t>
<t>
Accounting:
<vspace blankLines="0"/>
Methods used for call or session accounting should be specified. An SSP may require a peer to track session usage. It is critical for peers to determine whether the support of any SIP extensions for accounting is a pre-requisite for SIP interoperability. In some cases, call accounting may feed data for billing purposes but not always: some operators may decide to use accounting as a 'bill and keep' model to track session usage and monitor usage against service level agreements.
<vspace blankLines="0"/>
<xref target="RFC3702"/> defines the terminology and basic requirements for accounting of SIP sessions. A few private SIP extensions have also been defined and used over the years to enable call accounting between SSP domains such as the P-Charging* headers in <xref target="RFC3455"/>, the P-DCS-Billing-Info header in <xref target="RFC5503"/>, etc.
<vspace blankLines="0"/>
</t>
<t> Performance Metrics:
<vspace blankLines="0"/>
Layer-5 performance metrics should be defined and shared between peers. The performance metrics apply directly to signaling or media; they may be used pro-actively to help avoid congestion, call quality issues or call signaling failures, and as part of monitoring techniques, they can be used to evaluate the performance of peering exchanges.
<vspace blankLines="0"/>
Examples of SIP performance metrics include the maximum number of SIP transactions per second on per domain basis, Session Completion Rate (SCR), Session Establishment Rate (SER), etc. Some SIP end-to-end performance metrics are defined in <xref target="I-D.ietf-pmol-sip-perf-metrics" />; a subset of these may be applicable to session peering and interconnects.
<vspace blankLines="0"/>
Some media-related metrics for monitoring VoIP calls have been defined in the VoIP Metrics Report Block, in Section 4.7 of <xref target="RFC3611"/>. </t>
<t> Security:
<vspace blankLines="0"/>
An SSP should describe the security requirements that other peers must
meet in order to terminate calls to its network. While such a list of
security-related policy parameters often depends on the security models
pre-agreed to by peers, it is expected that these parameters will be
discoverable or signaled in the future to allow session peering outside
SSP clubs. The list of security parameters may be long and composed of
high-level requirements (e.g. authentication, privacy, secure transport)
and low level protocol configuration elements like TLS parameters.
<vspace blankLines="0"/>
The following list is not intended to be complete, it provides a preliminary list in the form of examples:
<list style="symbols">
<t>
Call admission requirements: for some providers, sessions can only be admitted if certain criteria are met. For example, for some providers' networks, only incoming SIP sessions signaled over established IPsec tunnels or presented to the well-known TLS ports are admitted. Other call admission requirements may be related to some performance metrics as described above. Finally, it is possible that some requirements be imposed on lower layers, but these are considered out of scope of session peering.</t>
<t>Call authorization requirements and validation: the presence
of a caller or user identity may be required by an SSP. Indeed, some SSPs may further authorize an incoming session request by validating the caller's identity against white/black lists maintained by the service provider or users (traditional caller ID screening applications or IM white list).</t>
<t>Privacy requirements: an SSP may demand that its SIP messages be securely transported by its peers for privacy reasons so that the calling/called party information be protected. Media sessions may also require privacy and some SSP policies may include requirements on the use of secure media transport protocols such as SRTP, along with some constraints on the minimum authentication/encryption options for use in SRTP.</t>
<t>Network-layer security parameters: this covers how IPsec security associated may be established, the IPsec key exchange mechanisms to be used and any keying materials, the lifetime of timed Security Associated if applicable, etc. </t>
<t>Transport-layer security parameters: this covers how TLS connections should be established as described in Section <xref target="sec_req" />.</t>
</list>
</t>
</list>
</t>
</section>
<section title="Summary of Parameters for Consideration in Session Peering Policies">
<t> The following is a summary of the parameters mentioned in the previous section. They may be part of a session peering policy and appear with a level of requirement (mandatory, recommended, supported, ...).
<list style="symbols">
<t>IP Network Connectivity (assumed, requirements out of scope of this document)</t>
<t>Media session parameters:
<list style="symbols">
<t>Codecs for audio, video, real time text, instant messaging media sessions</t>
<t>Modes of communications for audio (voice, fax, DTMF), IM (page mode, MSRP)</t>
<t>Media transport and means to establish secure media sessions</t>
<t>List of ingress and egress DBEs where applicable, including STUN Relay servers if present</t>
</list>
</t>
<t>SIP
<list style="symbols">
<t>SIP RFCs, methods and error responses</t>
<t>headers and header values</t>
<t>possibly, list of SIP RFCs supported by groups (e.g. by call feature)</t>
</list>
</t>
<t>Accounting</t>
<t>Capacity Control and Performance Management:
any limits on, or, means to measure and limit the maximum number of active calls to a peer or federation, maximum number of sessions and messages per specified unit time, maximum number of active users or subscribers per specified unit time, the aggregate media bandwidth per peer or for the federation, specified SIP signaling performance metrics to measure and report; media-level VoIP metrics if applicable.</t>
<t>Security: Call admission control, call authorization, network and transport layer security parameters, media security parameters</t>
</list>
</t>
</section>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 01:36:18 |