Network Working Group                                            E. Ivov
Internet-Draft                                                     Jitsi
Intended status: Standards Track                            May 30, 2013
Expires: December 01, 2013

A Group Text Chat Purpose for Conference and Service URIs in the Session
      Initiation Protocol (SIP) Event Package for Conference State


   This document defines and registers a value of "grouptextchat"
   ("Group Text Chat") value for the URI <purpose> element of SIP's
   Conference Event Package [RFC4575].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 01, 2013.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Ivov                   Expires December 01, 2013                [Page 1]

Internet-Draft        Entry Purpose: GroupTextChat              May 2013

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     4.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     4.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   The Conference Event Package [RFC4575] defines means for a SIP User
   Agent (UA) to obtain information about the state of the conference,
   the types of media that are being used, the number and state of
   current participants, additional sources of information such as a web
   page, availability of recordings and others.

   Details describing auxiliary services available for a conference are
   included within a <service-uris> child element of the <conference-
   description> element.  Such details are presented as a set of <entry>
   child elements each containing the URI allowing access the
   corresponding auxiliary service.  In addition to the URI, entries can
   also contain a descriptive <display-text> element and are expected to
   also have a <purpose> element that specifies their nature as
   illustrated in the following example:

   <subject>Agenda: This sprint's goals</subject>

   In addition to the "web-page" purpose mentioned above, [RFC4575] also
   defines several other possible values in a "URI purposes" sub-
   registry under the existing registry:

   This specification adds the "grouptextchat" value in this "URI
   purposes" sub-registry.  The new value allows conference mixers or

Ivov                   Expires December 01, 2013                [Page 2]

Internet-Draft        Entry Purpose: GroupTextChat              May 2013

   focus agents to advertise a multi-user chat location (i.e.  a chat
   room) associated with the current conference.

   The actual URI carried by the entry with the "grouptextchat" purpose
   can be of any type as long as the content that it points to would
   allow for instant text communication between participants of the
   conference.  Suitable URI schemes include sip: and sips: [RFC3261]
   for SIP signalled Message Session Relay Protocol (MSRP) conferences,
   xmpp: [RFC5122] for XMPP Multi-User Chat (MUC), irc: for Internet
   Relay Chat, http: or https: for web-based chat, and others.

   The following example shows one possible use case:

   <subject>Agenda: This sprint's goals</subject>

   It is worth pointing out that, in addition to simply adding text
   messaging capabilities to an audio/video conference, group chats can
   also be used for defining roles, giving permissions, muting, kicking
   and banning participants, etc.  A conference mixer or focus agent,
   can mimic these settings within the conference call, actually muting,
   kicking, or banning participants in the call as these actions occur
   in the chat room.  Such an approach requires no additional
   specification and is purely an implementation decision for the
   conferencing software.

   It is also worth mentioning that it is possible for the grouptextchat
   URI to match the URI of the conference.  This would typically be the
   case in scenarios where the conference focus also provides a SIP
   signalled MSRP chat service at the same URI.

2.  Security Considerations

   Advertising group text chats over SIP could provide malicious
   entities with the following attack vector: if a malicious entity is
   capable of intercepting and modifying conference package event
   notifications, it could trick participants in to joining a third
   party chat room where the attacker could eavesdrop on the

Ivov                   Expires December 01, 2013                [Page 3]

Internet-Draft        Entry Purpose: GroupTextChat              May 2013

   conversation and potentially even impersonate some of the

   Similar attacks are already possible with the "participation"
   <conference-uris> defined in [RFC4575] which is why it recommends "a
   strong means for authentication and conference information
   protection" as well as "comprehensive authorization rules".  Clients
   can integrity protect and encrypt notification messages using end-to-
   end mechanisms such as S/MIME or hop-by-hop mechanisms such as TLS.
   When none of the above are possible, clients will need to clearly
   display the address of the destination chat room (before and after it
   has been joined) so that users could notice possible discrepancies.

   An additional security consideration might be the possibility for a
   large-scale conference to perform a flooding attack on a chat room.
   To help prevent this, clients could choose to require an explicit
   user action before joining chatrooms on behalf of users.  In cases
   where such a constraint could be considered to have negative impact
   on usability and where automatic joins are seen as important, clients
   may still perform them but only when they can confirm a relationship
   between the room and the conference (e.g.  they both belong to the
   same administrative domain, or domains that the client is provisioned
   to consider as related).

   Furthermore, an attack on the auxiliary chatroom might be easier (or
   harder) than an attack on the main conference depending on the
   security policies in effect.  Once again, clients would have to make
   sure that users are appropriately notified about the security levels
   of each component of the conference and that user-specified privacy
   restrictions are applied to all of them.

3.  IANA Considerations

   The IANA is requested to add a new predefined value "grouptextchat"
   in the "URI purposes" sub-registry of the
   assignments/sip-parameters registry as follows:

   Value: grouptextchat
   Description: The URI can be used to join a multi-user chat directly
   associated with the conference
   Document: [this document]

Ivov                   Expires December 01, 2013                [Page 4]

Internet-Draft        Entry Purpose: GroupTextChat              May 2013

4.  References

4.1.  Normative References

   [RFC4575]  Rosenberg, J., Schulzrinne, H., and O. Levin, "A Session
              Initiation Protocol (SIP) Event Package for Conference
              State", RFC 4575, August 2006.

4.2.  Informative References

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [RFC5122]  Saint-Andre, P., "Internationalized Resource Identifiers
              (IRIs) and Uniform Resource Identifiers (URIs) for the
              Extensible Messaging and Presence Protocol (XMPP)", RFC
              5122, February 2008.

Appendix A.  Acknowledgements

   Thanks to Jonathan Lennox, Mary Barnes, Paul Kyzivat, Peter Saint-
   Andre, Rifaat Shekh-Yusef, and Saul Ibarra Corretge for their input.

Author's Address

   Emil Ivov
   Strasbourg  67000

   Phone: +33-177-624-330

Ivov                   Expires December 01, 2013                [Page 5]