ecrit H. Schulzrinne
Internet-Draft Columbia U.
Expires: November 6, 2005 R. Marshall, Ed.
TCS
May 5, 2005
Requirements for Emergency Context Resolution with Internet Technologies
draft-schulzrinne-ecrit-requirements-00
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 6, 2005.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document enumerates requirements for emergency calls placed by
the public using voice-over-IP (VoIP) and general Internet multimedia
systems, where Internet protocols are used end-to-end.
Schulzrinne & Marshall Expires November 6, 2005 [Page 1]
Internet-Draft ECRIT requirements May 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5
3. High-Level Requirements . . . . . . . . . . . . . . . . . . 9
4. Emergency Address . . . . . . . . . . . . . . . . . . . . . 11
5. Identifying the Caller Location . . . . . . . . . . . . . . 14
6. Identifying the Appropriate Emergency Call Center . . . . . 20
7. Emergency Address Directory . . . . . . . . . . . . . . . . 27
8. Identifying the Caller . . . . . . . . . . . . . . . . . . . 29
9. Call Setup and Call Features . . . . . . . . . . . . . . . . 30
10. Supplemental Information . . . . . . . . . . . . . . . . . . 32
11. Security Considerations . . . . . . . . . . . . . . . . . . 33
12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 34
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 35
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 36
14.1 Normative References . . . . . . . . . . . . . . . . . . 36
14.2 Informative References . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 36
Intellectual Property and Copyright Statements . . . . . . . 38
Schulzrinne & Marshall Expires November 6, 2005 [Page 2]
Internet-Draft ECRIT requirements May 2005
1. Introduction
Users of telephone-like services expect to be able to call for
emergency help, such as police, the fire department or an ambulance,
regardless of where they are, what (if any) service provider they are
using and what kind of device they are using. Unfortunately, the
mechanisms for emergency calls that have evolved in the public
circuit-switched telephone network (PSTN) are not quite appropriate
for evolving IP-based voice, text and real-time multimedia
communications. This document outlines the key requirements that end
systems and network elements such as SIP proxies need to satisfy in
order to provide emergency call services that offer at least the same
functionality as existing PSTN services, with the goal of making
emergency calling more robust, cheaper to implement and multimedia-
capable.
In the future, users of other real-time and near real-time services
may also expect to be able to summon emergency help. For example,
instant messaging (IM) users may want to use such services. IM is
particularly helpful for hearing-disabled users (RFC 3351 [3]) and in
cases where bandwidth is scarce.
This document only focuses on end-to-end IP-based calls, i.e., where
the emergency call originates from an IP end system, (Internet
device), and terminates to an IP-capable PSAP, done entirely over an
IP network.
This document identifies functional and security issues for
determining the correct emergency identifier, for identifying the
appropriate IPSAP (emergency address) and for identifying the caller
and its current location.
Emergency calls need to be identified (Section 6). Emergency
identifiers are used by the emergency caller to declare a call to be
an emergency call. The device MUST recognize the emergency
identifiers used and convert them to an emergency address to guide
the call to a PSAP. The emergency address MUST be a predefined
"sip", "sips" or "tel" URI scheme.
Emergency calls need to be routed to the appropriate PSAP (ref.
Section 6). Several terms are used for causing the call signaling to
reach the geographically appropriate PSAP. This has been referred to
as call routing, (PSAP) lookup or location mapping, all capturing
aspects of the problem.
Emergency calls need to identify who placed the call (Section 7). In
most jurisdictions, callers do not have a choice as to whether they
want to reveal their location or identity; such disclosure is
Schulzrinne & Marshall Expires November 6, 2005 [Page 3]
Internet-Draft ECRIT requirements May 2005
typically mandated by law.
Emergency calls need to identify the location from which the call is
initiated (Section 5). The caller location needs to be identified
for two purposes, namely to route the call to the appropriate PSAP
and to display the caller location to the call taker to simplify
dispatching emergency assistance to the correct location.
Emergency calls may not be subject to access restrictions placed on
non-emergency calls. Also, some call features may interfere with
emergency calls, particularly if triggered accidentally (Section 7).
Schulzrinne & Marshall Expires November 6, 2005 [Page 4]
Internet-Draft ECRIT requirements May 2005
2. Terminology
In this document, the key words "MUST", "MUSTNOT", "REQUIRED",
"SHALL", "SHALLNOT", "SHOULD", "SHOULDNOT", "RECOMMENDED", "MAY", and
"OPTIONAL" are to be interpreted as described in RFC 2119 [1] and
indicate requirement levels for compliant implementations.
Since a requirements document does not directly specify an
implementable protocols, these compliance labels should be read as
indicating requirements for the protocol or architecture, rather than
an implementation.
For lack of a better term, we will use the term "caller" or
"emergency caller" to refer to the person placing an emergency call
or sending an emergency IM.
Access Infrastructure Provider (AIP): An organization that provides
physical network connectivity to its customers or users, e.g.,
through digital subscriber lines, cable TV plants, Ethernet,
leased lines or radio frequencies. This entity may or may not
also provide IP routing, IP addresses, or other Internet protocol
services. Examples of such organizations include
telecommunication carriers, municipal utilities, larger
enterprises with their own network infrastructure, and government
organizations such as the military.
address: A description of a location of a person, organization, or
building, most often consisting of numerical and text elements
such as street number, street name, and city arranged in a
particular format.
Application (Voice) Service Provider (ASP, VSP): The organization
that provides voice or other application-layer services, such as
call routing, a SIP URI or PSTN termination. This organization
can be a private individual, an enterprise, a government or a
service provider. We avoid the term voice service provider as
emergency calls are likely to use other media, including text and
video, in the future. For a particular user, the ASP may not be
the same organization as the AIP or ISP.
basic emergency service: Basic emergency service allows a user to
reach a PSAP serving its current location, but the PSAP may not be
able to determine the identity or geographic location of the
caller (except by having the call taker ask the caller).
Schulzrinne & Marshall Expires November 6, 2005 [Page 5]
Internet-Draft ECRIT requirements May 2005
call taker: A call taker is an agent at the PSAP that accepts calls
and may dispatch emergency help. (Sometimes the functions of call
taking and dispatching are handled by different groups of people,
but these divisions of labor are not generally visible to the
outside and thus do not concern us here.)
civic location: A described location based on some defined grid, such
as a jurisdictional, postal, metropolitan, or rural reference
system (e.g. street address).
domain: An area or group of services falling with in a specific
category or jurisdictional boundary.
[Ed. need further clarification for "domain"]
domain authentication and validation entity: A node that has
authority within a given domain to authenticate and validate user
location information.
Emergency Control Center (ECC): Facilities used by emergency
organizations to accept and handle emergency calls. A PSAP
(below) forwards emergency calls to the emergency control center,
which dispatches police, fire, rescue and other emergency
services. An ECC serves a limited geographic area. A PSAP and
ECC can be combined into one facility (ETSI SR 002 180
definition). We assume that the ECC is reachable by IP-based
protocols, such as SIP for call signaling and RTP for media.
emergency address: The sip:uri, sips:uri, or tel:uri which
represents the network address of the IPSAP useful for the
completion of a VoIP emergency call.
emergency caller: The user or user device entity needing sending his/
her location to another entity in the network.
emergency identifier: The numerical and/or text identifier which is
supplied by a user or a user device, which identifies the call as
an emergency call and is translated into an emergency address for
call routing and completion.
enhanced emergency service: Enhanced emergency services add the
ability to identify the caller identity and/or caller location to
basic emergency services. (Sometimes, only the caller location
may be known, e.g., from a public access point that is not owned
by an individual.)
Schulzrinne & Marshall Expires November 6, 2005 [Page 6]
Internet-Draft ECRIT requirements May 2005
geocoding: The process of finding the location of a street address on
a map. The location can be an x,y coordinate or a feature such as
a street segment, postal delivery location, or building. In GIS,
geocoding requires a reference dataset that contains address
attributes for the geographic features in the area of interest.
geographic coordinates: A representation (measurement) of a location
on the earth's surface expressed in degrees of latitude and
longitude.
geographic coordinate system: A reference system that uses latitude
and longitude to define the locations of points on the surface of
a sphere or spheroid.
geographic transformation: A method of converting data between two
geographic coordinate systems (datums).
geographic location: A reference to a locatable point described by a
set of defined coordinates within a gegraphic coordinate system,
(e.g. lat/lon within WGS-84 datum)
Internet Service Provider (ISP): An organization that provides IP
network-layer services to its customers or users. This entity may
or may not provide the physical-layer and layer-2 connectivity,
such as fiber or Ethernet.
location: A geographic identification assigned to a region or feature
based on a specific coordinate system, or by other precise
information such as a street address. In the geocoding process,
the location is defined with an x,y coordinate value according to
the distance north or south of the equator and east or west of the
prime meridian.
Location Key (LK): A key identifier used to query a location server
in order to retrieve a specific end user or end user device
location.
location validation: A caller location is considered valid if the
civic or geographic location is recognizable within an acceptable
location reference systems (e.g. USPS, WGS84, etc.), and can be
mapped to one or more PSAPs. Location validation ensures that a
location is referencable, but makes no assumption about the
association between the caller and the caller's location.
PSAP (Public Safety Answering Point): Physical location where
emergency calls are received under the responsibility of a public
authority. (This terminology is used by both ETSI, in ETSI SR 002
180, and NENA.) In the United Kingdom, PSAPs are called Operator
Schulzrinne & Marshall Expires November 6, 2005 [Page 7]
Internet-Draft ECRIT requirements May 2005
Assistance Centres, in New Zealand Communications Centres.
IPSAP (IP-PSAP): PSAP which supports the receipt of emergency calls
over IP. It is assumed that the PSAP is reachable by IP-based
protocols, such as SIP for call signaling and RTP for media.
x,y coordinates: A pair of values that represents the distance from
an origin (0,0) along two axes, a horizontal axis (x) representing
east-west, and a vertical axis (y) representing north-south. On a
map, x,y coordinates are used to represent features at the
location they are found on the earth's spherical surface.
Schulzrinne & Marshall Expires November 6, 2005 [Page 8]
Internet-Draft ECRIT requirements May 2005
3. High-Level Requirements
Below, we summarize high-level architectural requirements that guide
some of the component requirements detailed later in the document.
R1. Application Service Provider: The existence of a Application
Service Provider (ASP) MUST NOT be assumed.
[Ed. Changed from "voice" to "Application" based on stastny
comment (email 4/28).]
Motivation: The caller may not have a voice service provider,
i.e., a corporate entity that provides voice services as a
business. For example, a residence may have its own DNS domain
and run its own SIP proxy server for that domain. On a larger
scale, a university might provide voice services to its students
and staff, but not be a telecommunication provider.
R2. International: The protocols and protocol extensions developed
MUST support regional, political and organizational differences.
Motivation: It must be possible for a device or software developed
or purchased in one country to place emergency calls in another
country. System components should not be biased towards a
particular set of emergency numbers or languages. Also, different
countries have evolved different ways of organizing emergency
services, e.g., either centralizing them or having smaller
regional subdivisions such as United States counties or
municipalities handle emergency calls.
R3. Distributed Administration: Deployment of emergency services
MUST NOT depend on a sole central administration authority.
Motivation: Once common standards are established, it must be
possible to deploy and administer emergency calling features on a
regional or national basis without requiring coordination with
other regions or nations. The system cannot assume, for example,
that there is a single global entity issuing certificates for
PSAPs, ASPs, AIPs or other participants.
R4. Multiple Modes: Multiple communication modes, including
Multimedia data and services SHOULD/MUST be supported.
Motivation: Emergency calling must support a variety of media, not
just voice and TDD (telecommunication device for the deaf) beyond
the capabilities of current limitations. Such additional media
should include conversational text, instant messaging and video.
In addition, it should be possible to convey telemetry data, such
Schulzrinne & Marshall Expires November 6, 2005 [Page 9]
Internet-Draft ECRIT requirements May 2005
as data from automobile crash sensors.
[Ed. Need to decide whether it's SHOULD or MUST.]
R5. Minimum Connectivity: NEED REQUIREMENT HERE
Motivation: If there is network connectivity between the
emergency caller and the PSAP, and routing information is
available, the call should be completed, even if other parts of
the network are not reachable.
[Ed. Don't understand above statement, request clarification of
requirement.]
R6. Incremental Deployment Emergency calls from IP-based devices
MUST be incrementally supported.
Motivation: Any mechanism must be deployable incrementally and
work even if not all entities support IP-based emergency calling.
For example, User agents conforming to the SIP specification [1],
but unaware of this document, must be able to place emergency
calls, possibly with restricted functionality.
[Ed. changed above paragraph to make non-SIP specific]
R7. Middlebox Reliance: For a transient time the device and the UA
MAY use the help of servers (e.g. ESRP) to provide the
connectivity to ECC, especially for ECC not yet connected to the
Internet.
Motivation: Emergency calling mechanisms must support existing
emergency call centers based on circuit-switched technology as
well as future ECCs that are IP-enabled.
Schulzrinne & Marshall Expires November 6, 2005 [Page 10]
Internet-Draft ECRIT requirements May 2005
4. Emergency Address
A1. Universal: Each device and all network elements MUST recognize
one or more universal (global) emergency identifiers, regardless
of the location of the device, the service provider used (if any)
or other factors. Examples of these might include: 911, 112, and
sos.*
[Ed. The above examples of 911 and 112, per stastny email on
4/13. This changes the definition of Local, A2, below]
Motivation: SIP and other call signaling protocols are not
specific to one country or service provider and devices are likely
to be used across national or service provider boundaries. Since
services such as disabling mandatory authentication for emergency
calls requires the cooperation of outbound proxies, the outbound
proxy has to be able to recognize the emergency address and be
assured that it will be routed as an emergency call. Thus, a
simple declaration on a random URI that it is an emergency call
will likely lead to fraud and possibly attacks on the network
infrastructure. A universal address also makes it possible to
create user interface elements that are correctly configured
without user intervention. UA features could be made to work
without such an identifier, but the user interface would then have
to provide an unambiguous way to declare a particular call an
emergency call.
A2. Local: Since many countries have already deployed national
emergency identifiers, such as 911 in North America and 112 in
large parts of Europe, UAs, proxies and call routers MUST
recognize these universal emergency identifiers, but MAY NOT
recognize lower level local emergency identifiers, including those
such as 999, 122, 133, etc. In addition, these same call routing
entities SHOULD recognize emergency identifiers that are used in
other jurisdictions
[Ed. Changed "emergency numbers" to "emergency identifiers" (see
Terminology section)]
[Ed. Changed from "found elsewhere" to "used in other
jurisdictions".]
[Ed. The requirement A2 is really a set of 3 requirements, and
needs to have the question answered which is: "what does the term
"local" mean?".]
Schulzrinne & Marshall Expires November 6, 2005 [Page 11]
Internet-Draft ECRIT requirements May 2005
[Ed. Suggest rewriting A2 as follows: "IP-based components,
(including UAs, proxies, and call routers) MAY NOT recognize lower
level emergency identifiers which are specific to a local
geographic area (i.e. non-universal).]
Motivation: The latter requirement is meant to help travelers
that may not know the local emergency number and instinctively
dial the number they are used to from home. However, it is
unlikely that all systems could be programmed to recognize any
emergency number used anywhere as some of these numbers are used
for non-emergency purposes, in particular extensions and service
numbers.
A3. Recognizable: Emergency calls MUST be recognizable by user
agents, proxies and other network elements. To prevent fraud, an
address identified as an emergency number for call features or
authentication override MUST also cause routing to a PSAP.
[Ed. (repeat) Changed "emergency number" to "emergency
identifier"]
[Ed. Request clarification/rewording as to meaning of statement,
"an address identified as an emergency number"]
A4. Minimal configuration: Any local emergency identifiers SHOULD be
configured automatically, without user intervention.
Motivation: A new UA "unofficially imported" into an organization
from elsewhere should have the same emergency capabilities as one
officially installed.
A5. Secure configuration: Devices SHOULD be assured of the
correctness of the local emergency numbers that are automatically
configured.
Motivation: If we assume a fixed, global emergency service
identifier that requires no configuration and only configure local
"traditional" emergency numbers, users are not likely to suddenly
dial some random number if a rogue configuration server introduces
this as an additional emergency number. The ability to override
all locally configured emergency identifiers is of more concern.
[Ed. Changed from "emergency number" to "emergency identifiers" ]
A6. Backwards-compatible: Existing devices that predate the
specification of emergency call-related protocols and conventions
MUST be able reach a PSAP.
Schulzrinne & Marshall Expires November 6, 2005 [Page 12]
Internet-Draft ECRIT requirements May 2005
A7. Common Identifier: User initiated requests using local
initiation methods (e.g. 9-1-1) MUST be supported across non-local
domains (e.g. foreign countries).
[Ed. Clarification sought on whether 9-1-1 equates to "local" or
"universal"]
Motivation: While traveling, users must be able to use their
familiar "home" emergency identifier. Users should also be able
to dial the local emergency number in the country they are
visiting.
Schulzrinne & Marshall Expires November 6, 2005 [Page 13]
Internet-Draft ECRIT requirements May 2005
5. Identifying the Caller Location
This section supplements the requirements outlined in RFC 3693 [4].
Thus, the requirements enumerated there are not repeated here. In
general, we can distinguish three modes of operation:
UA-inserted: The caller's user agent inserts the location
information, derived from sources such as GPS, DHCP or link-layer
announcements (LLDP).
UA-referenced: The caller's user agent provides a reference, via a
permanent or temporary identifier, to the location which is stored
by a location service somewhere else and then retrieved by the
PSAP.
Proxy-inserted: A proxy along the call path inserts the location or
location reference.
L1. Multiple location services: For UA-referenced locations, PSAPs
MUST be able to access different location providers. The location
provider may be tied to the ASP, AIP or ISP or may be independent
of these entities.
Motivation: This requirement avoids that all users have to rely
on a single location service provider. This requirement is hard
to avoid if there are no traditional national application-layer
service providers.
L2. Civic and Geographic: Where available, both civic (street
address) and geographic (longitude/latitude) information SHOULD be
provided to the PSAP.
Motivation: While geographic coordinate information can usually
be translated into civic address location information, some
specific information, such as building number and floor, is more
easily provided as civic location information since it does not
require a detailed surveying operation. For direct location
determination, it may also be easier for the user to check civic
location information to assure verity.
L3. Location source identification: The source of a location data,
whether measured, derived (e.g geocoding or reverse geocoding
transformation), or manually input, MUST be indicated to the PSAP.
(Transformations include coordinate conversions from one datum to
another (e.g. NAD83 to WGS84).
Schulzrinne & Marshall Expires November 6, 2005 [Page 14]
Internet-Draft ECRIT requirements May 2005
Motivation: This allows the PSAP to better judge the reliability
and accuracy of the data and track down problems.
L4. Certifiable: In some cases, the source and generation time of
the location object used for call routing and caller location
display MUST be verifiable, e.g., by a digital signature. The
security requirements describe this in more detail.
[Ed. Clarification sought, e.g. "In some cases... MUST be
verifiable..."? (sounds like we're saying MAY rather than MUST)
L5. Multiple locations: Multiple locations MAY be associated with
the caller
Motivation: Multiple locations may occur either because the
caller has provided more than one civic or geographic
(coordinates) location, supplies both civic and geospatial
location information, or because different location determination
entities make different assessments of the caller's location."
L6. Validation of civic location: It MUST be possible to validate an
address prior to its use in an actual emergency call.
L7. Provide location: Calls using VoIP or subsequent methods MUST
supply location with the call.
L8. Accept two location types: PSAPs shall accept location as civic
and/or geo specified.
[Ed. Suggest deleting above requirement since it doesn't deal
with routing]
L9. Altitude included with location: All representations of location
SHALL include the ability to carry altitude. This requirement
does not imply altitude is always used or supplied.
L10. Preferred datum: The preferred geographic coordinate system for
emergency calls SHALL be WGS-84.
L11. Multiple locations: If multiple locations are provided with a
call, it SHOULD be possible to identify the most accurate,
current, appropriate location information to be used for routing
emergency calls and dispatching emergency responders.
L12. Location presenter: No assumption SHALL be made that the entity
presenting the call to the PSAP has any knowledge of, or control
over the provider of location.
Schulzrinne & Marshall Expires November 6, 2005 [Page 15]
Internet-Draft ECRIT requirements May 2005
Motivation: The location provider may be independent of all other
service providers handling the call.
L13. Updated location: Location updates MUST be supported
Motivation: The ability to update a location is essential for
support of mobility use cases.
L14. Imprecise location: Imprecise location information MUST be
available for emergency call routing and location delivery in
cases where precise measurement based location determination
mechanisms fail.
Motivation: Examples of rough location include coordinates and/or
street address of radio tower, wireless access point, manually
provisioned, or last known position fix, etc.
L15. Default identification: PSAPs MUST be made aware when imprecise
location information was used to route a call.
[Ed. Changed from "default" to "imprecise", since the term
default doesn't adequately represent a lower precision, yet
contextually appropriate location.]
L16. Location Responsibility: Location determination MUST assume a
responsible party.
Motivation: The emergency network in most cases today is accessed
via the PSTN using either a wireline or a cellular device. In
both cases location information is provided by the Carrier and is
used directly to route the call. Since the Carrier must route the
call to the emergency network, the emergency network holds the
carrier responsible for the correct location determination and
routing, and this forms the basis of requirement 1. A certain
level of authentication and validation around the source of the
location is required for the domain in which the information is to
be used.
L17. Time of Location: Location determination MUST be relevant to
time of call.
Motivation: The location information MUST be attributed to a
specific point in time. That is, the location used for routing
and which is reported to the PSAP call taker, must be the actual
location of the caller at the time of making the call. This
provides call takers with confidence that the Emergency Caller is
at the location. This is accomplished today with existing
telephony networks either through the use of a calling-number to
Schulzrinne & Marshall Expires November 6, 2005 [Page 16]
Internet-Draft ECRIT requirements May 2005
address "wire-map" database, or for cellular with more complex
triangulation and GPS based techniques where the location is
determined by the network and delivered at the time of the call.
L18. Location, Emergency Caller: Location provided with call MUST be
associated with an Emergency Caller.
Motivation: The location information MUST be attributed to a
specific emergency caller. That is, for each call initiated, the
emergency network requires that the location was determined for
that specific caller and is not reused from a location
determination applicable to a different Emergency Caller. This
information defines when the location was attributed to the
Emergency Caller, thereby tying a valid location to a user at a
specific point in time.
L19. Location Domain Availability: Location domain MUST be
obtainable by Emergency Caller.
Motivation: Requirement 1 states that a level of authentication
and validation for the source of the location is required. This
implies the need to for the Emergency Caller to determine the
authenticating and validating entity for the emergency services
domain in which they reside. That is, it must be possible for an
Emergency Caller to discover and utilize an answerable source of
location in the access network they are using.
[Ed. Request clarification of supporting text.]
L20. Location Certification: Location provided MUST be certified.
Motivation: The Emergency Caller must be able to establish a
session with the access domain authenticating and validating
entity to obtain a certified location. The authentication of the
location is granted with an expiry time, after which the location
within the domain is deemed invalid.
L21. Location and Emergency Caller Identity: It MUST NOT be assumed
that Emergency Caller identity provided with location is true
identity of Emergency Caller.
Motivation: The session between the Emergency Caller and the
domain authenticating and validating entity SHALL NOT require the
true identity of the Emergency Caller. That is, the true identity
of the user need never be revealed to the domain authenticating
and validating entity, a random unique pseudonym generated within
the authenticated domain is sufficient.
Schulzrinne & Marshall Expires November 6, 2005 [Page 17]
Internet-Draft ECRIT requirements May 2005
L22. Location Acceptability: Location provided by Emergency Caller
MUST be considered acceptable as input to authentication and
validation entity.
Motivation: The domain authenticating and validation entity MUST
be able to accept a location provided by an Emergency Caller. On
receipt of the Emergency Caller's location the domain
authenticating and validation entity SHOULD validate the location
as being applicable to that domain that is, it falls within
reasonable geographic boundaries for that domain before returning
the certified location to the Emergency Caller.
L23. Location Sources: It MUST NOT be assumed that location is
always provided by Emergency Caller.
Motivation: The Emergency Caller may have no means of determining
or providing a location, in which case the domain authentication
and validation entity MAY provide an estimate of location.
L24. Location Query Authorization: The ability to query emergency
caller location using a location key MUST be limited to authorized
end points.
Motivation: Where the Emergency Caller does not desire the
transmission of their location in-band with their call setup, they
shall have the option of requesting a unique query key such that
only authorized end points may query the location directly from
the domain.
L25. Location Domain Authorization: Location Source entity MUST be
authorized within the access domain.
Motivation: That the source of the location is considered to be
authorized to provide the location within the access domain.
L26. Endpoint Location: Location MUST be tied to an endpoint within
the access domain at the time of an emergency call.
Motivation: The location is tied to an end-point inside the
access domain controlled by the source. This binding between
location and end-point is correct at the time of the call.
L27. Location Sources: Single source of location MUST NOT be
assumed.
Schulzrinne & Marshall Expires November 6, 2005 [Page 18]
Internet-Draft ECRIT requirements May 2005
Motivation: To achieve this, the end user device MUST be able to
retrieve its current location from the access provider, from the
infrastructure, via GPS, ... or as last resort, from the user
itself.
L28. Location Provided: Endpoint location SHOULD be provided to ECC.
Motivation: Transmission of the current location of the
contacting device to the ECC.
L29. Provide Endpoint Identification: Identification of endpoint or
Emergency Caller SHOULD be provided to ECC, sufficient to allow
the PSAP/ECC to re-initiate contact with the emergency caller
after the initial call has ended (or cleared).
Motivation: Identification of the contacting person or device.
L30. Diverse Location Technologies: Emergency Services SHOULD
support variety of current and future location determination
technologies.
Motivation: Emergency call mechanisms should not require a
specific technology for determining the location of the caller.
Schulzrinne & Marshall Expires November 6, 2005 [Page 19]
Internet-Draft ECRIT requirements May 2005
6. Identifying the Appropriate Emergency Call Center
From the previous section, we take the requirement of a single (or
small number of) emergency addresses which are independent of the
caller's location. However, since for reasons of robustness,
jurisdiction and local knowledge, PSAPs only serve a limited
geographic region, having the call reach the correct PSAP is crucial.
While a PSAP may be able to transfer an errant call, any such
transfer is likely to add tens of seconds to call setup latency and
is prone to errors. (In the United States, there are about 6,100
PSAPs.)
There appear to be two basic architectures for translating an
emergency identifier into the correct IPSAP's emergency address. We
refer to these as caller-based and mediated. In caller-based
resolution, the caller's user agent consults a directory and
determines the correct IPSAP based on its location. We assume that
the user agent can determine its own location, either by knowing it
locally or asking some third party for it. A UA could conceivably
store a complete list of all PSAPs across the world, but that would
require frequent synchronization with a master database as PSAPs
merge or jurisdictional boundaries change.
For mediated resolution, a call signaling server, such as a SIP
(outbound) proxy or redirect server, performs this function. Note
that the latter case includes the architecture where the call is
effectively routed to a copy of the database, rather than having some
non-SIP protocol query the database. Since servers may be used as
outbound proxy servers by clients that are not in the same geographic
area as the proxy server, any proxy server has to be able to
translate any caller location to the appropriate PSAP. (A traveler
may, for example, accidentally or intentionally configure its home
proxy server as its outbound proxy server, even while far away from
home.)
Note that the first proxy, the ESRP, doing the translation may not be
in the same geographic area as the UA placing the emergency call.
The resolution may take place well before the actual emergency call
is placed, or at the time of the call.
The problem is harder than for traditional web or email services.
There, the originator knows which entity it wants to reach,
identified by the email address or HTTP URL. However, the emergency
caller only dialed an emergency identifier. Depending on the
location, any of several ten thousand PSAPs around the world could be
valid. In addition, the caller probably does not care which specific
PSAP answers the call, but rather that it be an accredited PSAP,
Schulzrinne & Marshall Expires November 6, 2005 [Page 20]
Internet-Draft ECRIT requirements May 2005
e.g., one run by the local government authorities. (Many PSAPs are
run by private entities. For example, universities and corporations
with large campuses often have their own emergency response centers.)
I1. Correct PSAP: Calls MUST be routed to the correct PSAP based on
the location of the caller and the declared service boundary of
the PSAP.
Motivation: In particular, the location determination should not
be fooled by the location of IP telephony gateways or dial-in
lines into a corporate LAN (and dispatch emergency help to the
gateway or campus, rather than the caller), multi-site LANs and
similar arrangements.
I2. Early routing: In mediated mode, the first proxy server along a
request path MUST attempt to route the call to the appropriate
IPSAP.
Motivation: Proxy servers close to the caller can be expected to
have better call routing knowledge, particularly if international
boundaries are being crossed.
I3. Multi-stage: In multi-stage mode, intermmediate entities MAY be
needed for call routing.
The user agent or a call routing entity close to the caller may
not be able to deliver the call directly to the serving PSAP, but
rather to an intermediary that it turn uses caller location
information to route the call closer to the appropriate PSAP.
I4. Choice of IPSAPs: The emergency caller SHOULD be provided a
choice of emergency call centers if more than one exists and is
relevant.
Motivation: This choice is often, but not always, provided today.
The system should offer the emergency caller a choice as to
whether he wants to reach a local private emergency response
center, e.g., on a corporate campus, or the government-run
emergency call center responsible for his current location. For
example, in some cases, the local campus emergency center is
reachable by a different identifier, or 9-911 reaches the external
PSAP, while 911 reaches campus security.
I5. Assuring IPSAP identity: The emergency caller SHOULD be able to
determine conclusively that he has reached an accredited emergency
call center.
Schulzrinne & Marshall Expires November 6, 2005 [Page 21]
Internet-Draft ECRIT requirements May 2005
Motivation: This requirement is meant to address the threat that
a rogue, possibly criminal, entity pretends to accept emergency
calls.
I6. Warnings for unidentifiable IPSAP. Implementations SHOULD allow
callers to proceed, with appropriate warnings or user
confirmations, if the identity of the destination IPSAP cannot be
verified.
Motivation: Verification can fail for any number of reasons, such
as lack of a common certificate chain, especially when traveling,
call forwarding, or the expiration of certificates.
Accreditation, e.g., in the case of corporate or university
campuses, may not exist.
I7. Traceable resolution: Particularly for mediated resolution, the
caller SHOULD be able to definitively and securely determine who
provided the emergency address resolution information.
I8. Robustness: The resolution mechanism MUST allow systems to be
deployed that are robust in the face of partial network and
directory server failures.
I9. Caching location: Caching of location MAY be used to mitigate
temporary unavailability of directories or network connectivity.
Motivation: As long as the routing information used has an expiry
date/time, and the PSAP is reachable by the caller, a temporary
failure of the lookup and routing mechanism should not prevent
completion of the emergency call.
I10. Incrementally deployable: An Internet-based emergency call
system MUST be able to be deployed incrementally. In the initial
stages of deployment, an emergency call may not reach the optimal
PSAP. If allowed, emergency calls must only be routed to PSAPs
that have agreed to accept non-optimally routed calls.
[Ed. Can this be merged with R6?]
I11. ECC Availability: ECC communication MUST be continuously
available.
Motivation: From any Internet-connected device it MUST be
possible at any time to contact the ECC responsible for the
current location with the most appropriate method for
communication for the user and the device.
Schulzrinne & Marshall Expires November 6, 2005 [Page 22]
Internet-Draft ECRIT requirements May 2005
I12. ECC Testability: The solution MUST include mechanisms to test
access and availability to the location-appropriate ECC (PSAP),
without affecting or interfering with actual emergency call
processing or causing an emergency response.
Motivation: It is important that there be mechanisms to verify
that contact can be made to the proper ECC, that includes whether
or not the PSAP is available at all times.
I13. Cross-Jurisdiction Device Support: Devices SHOULD support
alternate emergency service systems between countries.
Motivation: Even as each country is likely to operate their
emergency calling infrastructure differently, SIP devices should
be able to reach emergency help and, if possible, be located in
any country.
[Ed. above text needs clarification]
I14: Routing MUST be possible on either civic or geo location
information.
I15: It MUST be possible to route a call based on either a civic or a
geo location without requiring conversion from one to the other.
This requirement does not prohibit an implementation from
converting and using the resulting conversion for routing.
I16: It MUST be possible for a designated 9-1-1 authority to a PSAP
to approve of any geocoding database(s) used to assist in
determining call routing to that PSAP. Mechanisms must be
provided for the PSAP designated 9-1-1 authorities to test and
certify a geocoding database as suitable for routing calls to the
PSAP. The PSAP may choose to NOT avail itself of such a
mechanism.
I17: It MUST be possible for the designated 9-1-1 authority to
supply, maintain, or approve of databases used for civic routing.
Mechanisms must be provided for a designated authority for a PSAP
to test and certify a civic routing database as suitable for
routing calls to that PSAP.
I18: It MUST be possible for the PSAP itself (or a contractor it
nominates on its behalf) to provide geocode and reverse geocode
data and/or conversion services to be used for routing
determination. This implies definition of a standard interchange
format for geocode data, and protocols to access it.
Schulzrinne & Marshall Expires November 6, 2005 [Page 23]
Internet-Draft ECRIT requirements May 2005
I19: The PSAP MUST have a mechanism to declare its serving boundaries
(in civic and geographic formats) for routing purposes.
I20: Boundaries for civic routing MUST be able to be specific to a
street address range, a side of a street (even/odd street
addresses), a building within a "campus", or any of the location
fields available.
[Ed. Available from where? Please clarify.
I21: It MUST be possible to use various combined components of the
location object for determination of routing. Some areas may only
require routing to a country level, others to a state/province,
others to a county, or to a municipality, and so on. No
assumption should be made on the granularity of routing boundaries
or about the combination of components used.
I22: Boundaries mechanisms for geo routing MUST be able to be
specific to a natural political boundary, a natural physical
boundary (such as a river), or the boundaries listed in the
previous requirement.
I23: Any given geographic location SHOULD result in identification of
a unique governmentally-authorized PSAP entity for that location?
I24: Routing databases using 9-1-1 Valid Addresses or lat/lon/
altitude as keys MUST both be available to all entities needing to
route 9-1-1 calls.
I25: Carriers, enterprises and other entities that route emergency
calls MUST be able to route calls from any location to its
appropriate PSAP.
I26: It MUST be possible for a given PSAP to decide where its calls
should be routed.
I27: It is desirable for higher level civic authorities such as a
county or state/province to be able to make common routing
decisions for all PSAPs within their jurisdiction. For example, a
state may wish to have all emergency calls placed within that
state directed to a specific URI. This does NOT imply a single
answering point; further routing may occur beyond the common URI.
I28: Routing MAY change on short notice due to local conditions,
traffic, failures, schedule, etc.
Schulzrinne & Marshall Expires November 6, 2005 [Page 24]
Internet-Draft ECRIT requirements May 2005
I29: Information and mechanisms used to determine routing MUST be
extremely reliable and available, which implies redundancy,
protocol stability, and resiliency.
I30: Routing information MUST be secured against unauthorized
modification. PSAPs (or perhaps a higher level civic authority
such as a county, state/province or national body) or their
designated representative must be the only entities permitted to
change routing information.
I31: It MUST be possible to supply contingency routing information,
for example, an alternate URI or an E.164 to be used when normal
routing fails.
I32: Multiple types of failures MAY have different contingency
routes.
I33: It MUST be possible to provide more than one contingency route
for the same type of failure.
I34: A procedure MUST be specified to handle "default route"
capability when no location is available or the location
information is corrupted.
I35: Default routes MUST be available when location information is
not available.
[Ed. Suggest consolidation of above 5 req's.]
I36: Entities routing emergency calls SHALL retain information used
to choose a route for subsequent error resolution.
I37: Access Infrastructure providers MUST provide a location object
that is as accurate as possible when location measurement or
lookup mechanisms fail.
I38: Location available at the time that the call is routed MAY not
be accurate.
Motivation: Updates to location may result in a different route
and the system must accommodate this.
I39: It SHOULD be possible to have updates of location (which may
occur when measuring devices provider early, but imprecise "first
fix" location) which can change routing of calls.
Schulzrinne & Marshall Expires November 6, 2005 [Page 25]
Internet-Draft ECRIT requirements May 2005
[Ed. Suggest combining previous two req's into L13. Updated
location.]
Schulzrinne & Marshall Expires November 6, 2005 [Page 26]
Internet-Draft ECRIT requirements May 2005
7. Emergency Address Directory
D1. ECC Identification: Public access to ECC selection information
MUST be assumed.
Motivation: The capability to locate the responsible ECC must be
available in the public Infrastructure without the additional need
for a service provider.
D2. Assuring directory identity: The query agent (e.g UA or server)
MUST be able to assure that it is querying the intended directory.
D3. Query response integrity: The query agent MUST be able to be
confident that the query or response has not been tampered with.
D4. Assurance of Update integrity: Any update mechanism for the
directory MUST ensure that only authorized users can change
directory information and must keep an audit log of all change
transactions.
D5. Call setup latency: The directory lookup SHOULD minimize any
added delay to the call setup.
Motivation: Since outbound proxies will likely be asked to
resolve the same geographic coordinates repeatedly, a suitable
time-limited caching mechanism should be supported.
D6. Multiple directories: A UA or proxy SHOULD be able to use
multiple (separate) directories to resolve the emergency
identifier.
Motivation: A single directory with worldwide or even nationwide
coverage is not assumed. This allows competing or regional data
sources.
D7. Referral: All directories SHOULD refer out-of-area queries to an
appropriate default or region-specific directory.
Motivation: This requirement alleviates the potential for
misconfigurations to cause calls to fail, particularly for caller-
based queries.
D8. Multiple query protocols: Directories MAY support multiple query
protocols.
Schulzrinne & Marshall Expires November 6, 2005 [Page 27]
Internet-Draft ECRIT requirements May 2005
It may be useful if directories support multiple query protocols,
such as SIP (for proxying), IRIS, LDAP, a SOAP-based query and
others. It appears likely that the resolution mechanism will be
needed by a variety of session protocols and user applications.
D9. Baseline query protocol: A mandatory-to-implement protocol MUST
be specified.
Motivation: An over-abundance of similarly-capable choices
appears undesirable for interoperability.
Schulzrinne & Marshall Expires November 6, 2005 [Page 28]
Internet-Draft ECRIT requirements May 2005
8. Identifying the Caller
C1. Identity: The system SHOULD allow (but not force) the
identification of both the caller's identity and his or her
terminal network address.
C2. Privacy override: The end system MUST be able to automatically
detect that a call is an emergency call and override any privacy
settings that conflict with emergency calling.
Motivation: Since emergency calls are often placed by children,
by people using somebody else's end system or by people in panic,
any configuration should be automated rather than relying on user
interaction at the time of the call. Delaying a call until the
user discovers that they have to answer some screen prompt or deal
with a voice prompt in an unfamiliar language is likely to lead to
large call setup delays or call failures. This does not preclude
that end systems can allow, on a call-by-call basis, to configure
special call parameters, e.g., to enable anonymous tip lines.
Whether this override can be configured by the user or is
considered a condition of service is considered a legal matter,
not a protocol issue.
C3. Recontacting Endpoint: The ECC SHOULD have the capability to
recontact the initiating endpoint after disconnection.
Motivation: Capability to re-contact the contacting device from
the ECC in case of disruption or later query for a tbd period of
time. This should also be possible from conventional ECC via
temporary (virtual) E.164 numbers.
Schulzrinne & Marshall Expires November 6, 2005 [Page 29]
Internet-Draft ECRIT requirements May 2005
9. Call Setup and Call Features
S1. Authentication override: All outbound proxies and other call
filtering elements MUST be able to be configured so that they
allow unauthenticated emergency calls.
In many jurisdictions, emergency calls can be placed by any
device, regardless of whether it has subscribed for service.
S2. Mid-call features: The end system MUST be able to recognize an
emergency call and allow configuration so that certain call
features are not triggered accidentally.
Motivation: For example, it may be inappropriate to transfer the
PSAP or put it on hold. An end system MAY make it more difficult
to disconnect an on-going emergency call or accept other incoming
calls while in an emergency call. Call transfer initiated by the
emergency caller is likely only to be a problem if a PSTN gateway
or B2BUa is in the call path. It is not clear how much effort
should be expended on preventing intentional, as opposed to
accidental, disconnection, since callers can typically find
physical-layer means to terminate the call. This feature is not
generally available in the PSTN. For example, ANSI T1.628-2001
states that "E9-1-1 Call hold is an optional network feature
provided to a PSAP which prevents a caller from disconnecting an
ESC. .... However, there is no DSS1 or SS7 support for this
capability at this time."
S3. Testable: A user SHOULD be able to test whether a particular
address reaches the appropriate PSAP, without actually causing
emergency help to be dispatched or consuming PSAP call taker
resources. Such tests MUST indicate the source of any problems,
including the validity and plausibility of civic addresses and
geographic coordinates. This requirement also allows address
validation.
S4. Integrity: Implementations MUST provide mechanisms that ensure
the integrity of IP protocol components that are crucial to
providing reliable emergency call service. (This requirement
implies authentication of the caller to allow integrity protection
of the request and authentication of the PSAP to allow integrity
protection of responses.)
[Ed. changed "SIP protocol component" to "IP protocol components".
This requirement is not well understood based on comments
received. Further clarification requested.]
Schulzrinne & Marshall Expires November 6, 2005 [Page 30]
Internet-Draft ECRIT requirements May 2005
S5. Emergency Requests: Requests for emergency services MUST NOT be
assumed to be user initiated.
Motivation: Communication may be established by user request or
by external events. Devices should support alternate methods for
initiating emergency requests without the user having to "dial" or
type a specific address.
[Ed. Question has been raised as follows: "Should there be a
requirement for a mechanism to distinguish calls not initiated by
the user, as indicated in this requirement?"
S6 Tracking and Tracing Facilities for all calls MUST be provided.
This includes all routing entities as well as all signaling
entities.
S7 Each element in the signaling and routing paths solution SHALL
maintain call detail records that can be accessed by management
systems to develop call statistics in real time.
S8 Each element of the signaling and routing paths SHALL provide
congestion controls.
S9 It SHALL be possible to determine the complete call chain of a
call, including the identity of each signaling element in the
path, and the reason it received the call (Call History).
Schulzrinne & Marshall Expires November 6, 2005 [Page 31]
Internet-Draft ECRIT requirements May 2005
10. Supplemental Information
SD1 In addition to information sent with the call, additional
information may be available, supplemental to the call, which is
retrieved from internal or external databases using a key to the
information included with the call. This key may also include
information to identify/address the database.
SD2 Additional information MAY be available to the call taker based
on the location of the caller.
SD3 Additional information MAY be available to the call taker based
on the owner of the structure.
SD4 Additional information MAY be available to the call taker based
on the tenant of the structure.
SD5 Where a vehicle is involved, additional information MAY be
available.
SD6 Additional information MAY be available based on the Address of
Record (AoR) of the caller. In this context, AoR equates to the
caller.
SD7 Consideration SHOULD be given to permitting users to have domain
independent mechanisms to supply information related to the
caller, for example, another datum related to user.
SD8. Additional Data: Transfer of additional data SHOULD be
supported.
Motivation: Capabilities to contact ECC by automatic means and
for the transfer of additional information (alarm equipment, cars,
buses, trucks with dangerous loads, ...)
SD9 Mechanism MUST be provided to automatically generate and provide
misroute and location error reports.
Schulzrinne & Marshall Expires November 6, 2005 [Page 32]
Internet-Draft ECRIT requirements May 2005
11. Security Considerations
Note: Security Considerations originally described in this section
have removed and will be resubmitted to the ECRIT security document.
No reference yet available.
SEC1. Safeguards from Attacks: Safeguards SHOULD be provided to
assure against network system attacks.
Motivation: Safeguards to protect the emergency infrastructure
and ECC facilities against malicious attacks, especially to
prevent DoS attacks.
SEC2. Denial of Service attacks: Special consideration SHOULD be
given to "Distributed Denial of Service" attacks.
SEC3 Protocols MUST NOT facilitate denial-of-service attacks, e.g.,
by amplifying incoming unauthenticated messages.
[Ed. (per hgs, suggested replacement above first two requirements
with third requirement.]
Schulzrinne & Marshall Expires November 6, 2005 [Page 33]
Internet-Draft ECRIT requirements May 2005
12. Contributors
The information contained in this document is a result of a joint
effort based on individual contributions by those involved in the
ECRIT WG. The contributors include Nadine Abbott, Hideki Arai,
Martin Dawson, Motoharu Kawanishi, Brian Rosen, Richard Stastny,
Martin Thomson, James Winterbottom.
The contributors can be reached at:
Nadine Abbott nabbott@telcordia.com
Hideki Arai arai859@oki.com
Martin Dawson mdawson@nortelnetworks.com
Motoharu Kawanishi kawanishi381@oki.com
Brian Rosen br@brianrosen.net
Richard Stastny Richard.Stastny@oefeg.at
Martin Thomson marthom@nortelnetworks.com
James Winterbottom winterb@nortelnetworks.com
Schulzrinne & Marshall Expires November 6, 2005 [Page 34]
Internet-Draft ECRIT requirements May 2005
13. Acknowledgments
Schulzrinne & Marshall Expires November 6, 2005 [Page 35]
Internet-Draft ECRIT requirements May 2005
14. References
14.1 Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Polk, J., "Requirements for Session Initiation Protocol Location
Conveyance", draft-ietf-sipping-location-requirements-02 (work
in progress), October 2004.
14.2 Informative References
[3] Charlton, N., Gasson, M., Gybels, G., Spanner, M., and A. van
Wijk, "User Requirements for the Session Initiation Protocol
(SIP) in Support of Deaf, Hard of Hearing and Speech-impaired
Individuals", RFC 3351, August 2002.
[4] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and J.
Polk, "Geopriv Requirements", RFC 3693, February 2004.
[5] National Emergency Number Assocation, "NENA technical
information document on the interface between the E9-1-1 service
providers network and the Internet protocol (IP) PSAP",
NENA NENA-08-501, February 2003.
Authors' Addresses
Henning Schulzrinne
Columbia University
Department of Computer Science
450 Computer Science Building
New York, NY 10027
US
Phone: +1 212 939 7004
Email: hgs+ecrit@cs.columbia.edu
URI: http://www.cs.columbia.edu
Schulzrinne & Marshall Expires November 6, 2005 [Page 36]
Internet-Draft ECRIT requirements May 2005
Roger Marshall (editor)
TeleCommunication Systems
2401 Elliott Avenue
2nd Floor
Seattle, WA 98121
US
Phone: +1 206 792 2424
Email: rmarshall@telecomsys.com
URI: http://www.telecomsys.com
Schulzrinne & Marshall Expires November 6, 2005 [Page 37]
Internet-Draft ECRIT requirements May 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Schulzrinne & Marshall Expires November 6, 2005 [Page 38]