ECRIT H. Schulzrinne
Internet-Draft Columbia University
Intended status: Informational H. Tschofenig
Expires: September 4, 2009 Nokia Siemens Networks
March 3, 2009
Marking of Calls initiated by Public Safety Answering Points (PSAPs)
draft-schulzrinne-ecrit-psap-callback-00.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 4, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 1]
Internet-Draft PSAP Callback Marking March 2009
Abstract
After an emerency call is completed it is possible that the need for
further communication between the call-taker and the emergency caller
arises. For example, further assistance may be needed but the
communication previously got interrupted. A call-taker may trigger a
callback towards the emergency caller using the contact information
provided with the initial emergency call. This callback would then
be treated like any other call. As a consequence, it may get blocked
by authorization policies configured by the person seeking help or
may get forwarded to his answering machine.
The current ECRIT framework document addresses callbacks in a limited
fashion and thereby covers a few scenarios. This document discusses
shortcomings and raises the question whether additional solution
techniques are needed.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 2]
Internet-Draft PSAP Callback Marking March 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Multi-Stage Resolution . . . . . . . . . . . . . . . . . . 4
1.2. Call Forwarding . . . . . . . . . . . . . . . . . . . . . 6
1.3. PSTN Interworking . . . . . . . . . . . . . . . . . . . . 8
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 10
4. Solution Approaches . . . . . . . . . . . . . . . . . . . . . 11
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
7.1. Informative References . . . . . . . . . . . . . . . . . . 14
7.2. Informative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 3]
Internet-Draft PSAP Callback Marking March 2009
1. Introduction
Summoning police, the fire department or an ambulance in emergencies
is one of the fundamental and most-valued functions of the telephone.
As telephone functionality moves from circuit-switched telephony to
Internet telephony, its users rightfully expect that this core
functionality will continue to work at least as well as it has for
the legacy technology. New devices and services are being made
available that could be used to make a request for help, which are
not traditional telephones, and users are increasingly expecting them
to be used to place emergency calls.
Regulatory requirements demand that the emergency call itself
provides enough information to allow the call-taker to initiate a
call back to the emergency caller in case the call dropped or to
interact with the emergency caller later in case of questions. Such
a call, referred as PSAP callback subsequently in this document, may,
however, be blocked or forwarded to an answering machine as SIP
entities (SIP proxies as well as the SIP UA itself) cannot associate
the potential importantance of the call based on the SIP signaling.
Note that the authors are, however, not aware of regulatory
requirements for providing preferential treatment of callbacks
initiated by the call-taker at the PSAP towards the emergency
caller nor that these calls have to be treated in any form
differently from any other call.
Section 10 of [I-D.ietf-ecrit-framework] discusses the identifiers
required for callbacks. Section 13 of [I-D.ietf-ecrit-framework]
provides the following guidance regarding callback handling:
A UA may be able to determine a PSAP call back by examining the
domain of incoming calls after placing an emergency call and
comparing that to the domain of the answering PSAP from the
emergency call. Any call from the same domain and directed to the
supplied Contact header or AoR after an emergency call should be
accepted as a call-back from the PSAP if it occurs within a
reasonable time after an emergency call was placed.
This approach mimics a stateful packet filtering firewall and is
indeed helpful in a number of cases but it may fail in others.
Below, we discuss a few cases where this approach fails.
1.1. Multi-Stage Resolution
Consider the following emergency call routing scenario shown in
Figure 1 where routing towards the PSAP occurs in several stages. An
emergency call uses a SIP UA that does not run LoST on the end point.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 4]
Internet-Draft PSAP Callback Marking March 2009
Hence, the call is marked with the 'urn:service:sos' Service URN
[RFC5031]. The user's VoIP provider receives the emergency call and
determines where to route it. Local configuration or a LoST lookup
might, in our example, reveal that emergency calls are routed via a
dedicated provider FooBar and targeted to a specific entity, referred
as esrp1@foobar.com. FooBar does not handle emergency calls itself
but performs another resolution step to let calls enter the emergency
services network and in this case another resolution step takes place
and esrp-a@esinet.org is determined as the recipient, pointing to an
edge device at the IP-based emergency services network. Inside the
emergency services there might be more sophisticated routing taking
place somewhat depending on the existing structure of the emergency
services infrastructure.
,-------.
+----+ ,' `.
| UA |--- urn:service:sos / Emergency \
+----+ \ | Services |
\ ,-------. | Network |
,' `. | |
/ VoIP \ | |
( Provider ) | |
\ / | |
`. ,' | |
'---+---' | +------+ |
| | |PSAP | |
esrp1@foobar.com | +--+---+ |
| | | |
| | | |
,---+---. | | |
,' `. | | |
/ Provider \ | | |
+ FooBar ) | | |
\ / | | |
`. ,' | +--+---+ |
'---+---' | +-+ESRP | |
| | | +------+ |
| | | |
+------------+-+ |
esrp-a@esinet.org | |
\ /
`. ,'
'-------'
Figure 1: Multi-Stage Resolution
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 5]
Internet-Draft PSAP Callback Marking March 2009
1.2. Call Forwarding
Imagine the following case where an emergency call enters an
emergency network (state.org) via an ERSP but then gets forwarded to
a different emergency services network (in our example to police-
town.org, fire-town.org or medic-town.org). The same considerations
apply when the the police, fire and ambulance networks are part of
the state.org sub-domains (e.g., police.state.org).
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 6]
Internet-Draft PSAP Callback Marking March 2009
,-------.
,' `.
/ Emergency \
| Services |
| Network |
| (state.org) |
| |
| |
| +------+ |
| |PSAP +--+ |
| +--+---+ | |
| | | |
| | | |
| | | |
| | | |
| | | |
| +--+---+ | |
------------------+---+ESRP | | |
esrp-a@state.org | +------+ | |
| | |
| Call Fwd | |
| +-+-+---+ |
\ | | | /
`. | | | ,'
'-|-|-|-' ,-------.
Police | | | Fire ,' `.
+------------+ | +----+ / Emergency \
,-------. | | | | Services |
,' `. | | | | Network |
/ Emergency \ | Ambulance | | fire-town.org |
| Services | | | | | |
| Network | | +----+ | | +------+ |
|police-town.org| | ,-------. | +----+---+PSAP | |
| | | ,' `. | | +------+ |
| +------+ | | / Emergency \ | | |
| |PSAP +----+--+ | Services | | | ,
| +------+ | | Network | | `~~~~~~~~~~~~~~~
| | |medic-town.org | |
| , | | |
`~~~~~~~~~~~~~~~ | +------+ | |
| |PSAP +----+ +
| +------+ |
| |
| ,
`~~~~~~~~~~~~~~~
Figure 2: Call Forwarding
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 7]
Internet-Draft PSAP Callback Marking March 2009
1.3. PSTN Interworking
In case an emergency call enters the PSTN, as shown in Figure 3,
there is no guarantee that the callback some time later does leave
the same PSTN/VoIP gateway or that the same end point identifier is
used in the forward as well as in the backward direction making it
difficult to reliably detect PSAP callbacks.
+-----------+
| PSTN |-------------+
| Calltaker | |
| Bob |<--------+ |
+-----------+ | v
-------------------
//// \\\\ +------------+
| | |PSTN / VoIP |
| PSTN |---->|Gateway |
\\\\ //// | |
------------------- +----+-------+
^ |
| |
+-------------+ | +--------+
| | | |VoIP |
| PSTN / VoIP | +->|Service |
| Gateway | |Provider|
| |<------Invite----| Y |
+-------------+ +--------+
| ^
| |
Invite Invite
| |
V |
+-------+
| SIP |
| UA |
| Alice |
+-------+
Figure 3: PSTN Interworking
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 8]
Internet-Draft PSAP Callback Marking March 2009
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Emergency services related terminology is borrowed from [RFC5012].
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 9]
Internet-Draft PSAP Callback Marking March 2009
3. Requirements
From the previously presented scenarios, the following generic
requirements can be crafted:
Reliable Identification:
The solution approach MUST offer a way to reliable detect a PSAP
callback in light of the challenges presented in Section 1.
Resistance Against Security Vulnerabilities:
The main possibility of attack involves use of the PSAP callback
marking to bypass blacklists, ignore call forwarding procedures
and similar features to interact with users and to raise their
attention. For example, using PSAP callback marking devices would
be able to recognize these types of incoming messages leading to
the device overriding user interface configurations, such as
vibrate-only mode. As such, the requirement is ensure that only
PSAPs can issue callbacks. This may require secure identification
of the calling party.
Fallback to Normal Call
When the newly defined extension is not recognized by
intermediaries or other entities then it MUST NOT lead to a
failure of the call handling procedure but rather a fall-back to a
call that did not have any marking provided.
A further differentiation has to be made with respect to relationship
between the person who previously received the emergency call and the
person who triggers the callback. The choices are:
o The callback has to be made using the same UA.
o The callback has to made by the same user but potentially with a
different UA.
o A different user from a different UA can make the callback.
[Editor' Note: A requirement has to be formulated.]
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 10]
Internet-Draft PSAP Callback Marking March 2009
4. Solution Approaches
This version of the document does not yet contain any specific
solution approaches. An example solution can be found in an earlier
version of [I-D.patel-ecrit-sos-parameter]. The usage of the In-
Reply-To header is another one.
Solution categories can be clustered into three areas:
1. Verify that the caller is a PSAP
2. Verify that the call is related to an emergency, but not
necessarily an earlier emergency call. This might include public
notification (authority-to-citizen).
3. Verify that the call is returning an earlier emergency call.
These solution differ in their semantics and in the security impact
or user choice.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 11]
Internet-Draft PSAP Callback Marking March 2009
5. Security Considerations
This document provides discussions problems of PSAP callbacks and
lists requirements, some of which illustrate security challenges.
The current version does not yet provide a specific solution but
rather starts with overall architectural observations.
An important aspect from a security point of view is the relationship
between the emergency services network and the VSP (assuming that the
emergency call travels via the VSP and not directly between the SIP
UA and the PSAP). If there is a strong trust relationship between
the PSAP operator and the VSP (for example based on a peering
relationship) without any intermediate VoIP providers then the
identification of a PSAP call back is less problematic than in the
case where the two entities have not entered in some form of
relationship that would allow the VSP to verify whether the marked
callback message indeed came from a legitimate source.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 12]
Internet-Draft PSAP Callback Marking March 2009
6. Acknowledgements
We would like to thank members from the ECRIT working group, in
particular Brian Rosen and Milan Patel, for their discussions around
PSAP callbacks.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 13]
Internet-Draft PSAP Callback Marking March 2009
7. References
7.1. Informative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
7.2. Informative References
[I-D.ietf-ecrit-framework]
Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
"Framework for Emergency Calling using Internet
Multimedia", draft-ietf-ecrit-framework-08 (work in
progress), February 2009.
[I-D.patel-ecrit-sos-parameter]
Patel, M., "SOS Uniform Resource Identifier (URI)
Parameter for Marking of Session Initiation Protocol
(SIP) Requests related to Emergency Services",
draft-patel-ecrit-sos-parameter-03 (work in progress),
January 2009.
[RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for
Emergency Context Resolution with Internet Technologies",
RFC 5012, January 2008.
[RFC5031] Schulzrinne, H., "A Uniform Resource Name (URN) for
Emergency and Other Well-Known Services", RFC 5031,
January 2008.
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 14]
Internet-Draft PSAP Callback Marking March 2009
Authors' Addresses
Henning Schulzrinne
Columbia University
Department of Computer Science
450 Computer Science Building
New York, NY 10027
US
Phone: +1 212 939 7004
Email: hgs+ecrit@cs.columbia.edu
URI: http://www.cs.columbia.edu
Hannes Tschofenig
Nokia Siemens Networks
Linnoitustie 6
Espoo 02600
Finland
Phone: +358 (50) 4871445
Email: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at
Schulzrinne & Tschofenig Expires September 4, 2009 [Page 15]