Cisco Architecture for Lawful Intercept in IP Networks
RFC 3924
Network Working Group F. Baker
Request for Comments: 3924 B. Foster
Category: Informational C. Sharp
Cisco Systems
October 2004
Cisco Architecture for Lawful Intercept in IP Networks
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
IESG Note
This RFC is not a candidate for any level of Internet Standard. The
IETF disclaims any knowledge of the fitness of this RFC for any
purpose, and in particular notes that the decision to publish is not
based on IETF review for such things as security, congestion control
or inappropriate interaction with deployed protocols. The RFC Editor
has chosen to publish this document at its discretion. Readers of
this document should exercise caution in evaluating its value for
implementation and deployment.
Abstract
For the purposes of this document, lawful intercept is the lawfully
authorized interception and monitoring of communications. Service
providers are being asked to meet legal and regulatory requirements
for the interception of voice as well as data communications in IP
networks in a variety of countries worldwide. Although requirements
vary from country to country, some requirements remain common even
though details such as delivery formats may differ. This document
describes Cisco's Architecture for supporting lawful intercept in IP
networks. It provides a general solution that has a minimum set of
common interfaces. This document does not attempt to address any of
the specific legal requirements or obligations that may exist in a
particular country.
Baker, et al. Informational [Page 1]
RFC 3924 Architecture for Lawful Intercept October 2004
Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Motivating the Architecture . . . . . . . . . 3
1.2. Document Organization. . . . . . . . . . . . . . . . . . . 4
2. Reference Model . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Reference Model Components . . . . . . . . . . . . . . . . 6
2.2. Operational Considerations . . . . . . . . . . . . . . . . 7
3. Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1. Content Intercept Request Interface. . . . . . . . . . . . 9
3.2. Intercept Content Interface (f). . . . . . . . . . . . . . 10
4. Applying the Reference Model. . . . . . . . . . . . . . . . . . 11
4.1. Voice over IP networks . . . . . . . . . . . . . . . . . . 11
4.1.1. Interception of Voice over IP Services. . . . . . . 11
4.1.2. Local Voice Services. . . . . . . . . . . . . . . . 12
4.2. Data Services. . . . . . . . . . . . . . . . . . . . . . . 13
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 13
5.1. Content Request Interface (d) - SNMPv3 Control . . . . . . 14
6. Informative References. . . . . . . . . . . . . . . . . . . . . 14
7. Acronyms. . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . 17
9. Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 18
1. Introduction
For the purposes of this document, lawful intercept is the lawfully
authorized interception and monitoring of communications of an
intercept subject. The term "intercept subject", "subject", "target
subscriber" or "target" in this document refers to the subscriber of
a telecommunications service whose communications and/or intercept
related information (IRI) has been lawfully authorized to be
intercepted and delivered to some agency. Note that although the
term "Law Enforcement Agency" (LEA) is used throughout this document,
this may refer to any agency that is able to request lawfully
authorized interception.
By intercept related information (IRI) we mean information related to
the IP traffic of interest. There is currently no standardized
definition for IRI for IP traffic. IRI has been defined for a few
services that might run over IP (e.g., Voice over IP) or that IP runs
on top of (e.g., GPRS). For example, IRI for voice over IP could be
the called and calling phone numbers. The definition of IRI from
[14] is shown below:
Baker, et al. Informational [Page 2]
RFC 3924 Architecture for Lawful Intercept October 2004
Intercept Related Information: collection of
Show full document text