datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

A Framework for Consent-Based Communications in the Session Initiation Protocol (SIP)
RFC 5360

Document type: RFC - Proposed Standard (October 2008)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5360 (Proposed Standard)
Responsible AD: Cullen Jennings
Send notices to: sip-chairs@tools.ietf.org, gonzalo.camarillo@ericsson.com

Network Working Group                                       J. Rosenberg
Request for Comments: 5360                                 Cisco Systems
Category: Standards Track                              G. Camarillo, Ed.
                                                                Ericsson
                                                               D. Willis
                                                            Unaffiliated
                                                            October 2008

              A Framework for Consent-Based Communications
                in the Session Initiation Protocol (SIP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   SIP supports communications for several services, including real-time
   audio, video, text, instant messaging, and presence.  In its current
   form, it allows session invitations, instant messages, and other
   requests to be delivered from one party to another without requiring
   explicit consent of the recipient.  Without such consent, it is
   possible for SIP to be used for malicious purposes, including
   amplification and DoS (Denial of Service) attacks.  This document
   identifies a framework for consent-based communications in SIP.

Rosenberg, et al.           Standards Track                     [Page 1]
RFC 5360                   Consent Framework                October 2008

Table of Contents

   1. Introduction ....................................................3
   2. Definitions and Terminology .....................................3
   3. Relays and Translations .........................................4
   4. Architecture ....................................................6
      4.1. Permissions at a Relay .....................................6
      4.2. Consenting Manipulations on a Relay's Translation Logic ....7
      4.3. Store-and-Forward Servers ..................................8
      4.4. Recipients Grant Permissions ...............................9
      4.5. Entities Implementing This Framework .......................9
   5. Framework Operations ............................................9
      5.1. Amplification Avoidance ...................................11
           5.1.1. Relay's Behavior ...................................12
      5.2. Subscription to the Permission Status .....................12
           5.2.1. Relay's Behavior ...................................13
      5.3. Request for Permission ....................................13
           5.3.1. Relay's Behavior ...................................13
      5.4. Permission Document Structure .............................15
      5.5. Permission Requested Notification .........................16
      5.6. Permission Grant ..........................................17
           5.6.1. Relay's Behavior ...................................17
                  5.6.1.1. SIP Identity ..............................17
                  5.6.1.2. P-Asserted-Identity .......................17
                  5.6.1.3. Return Routability ........................18
                  5.6.1.4. SIP Digest ................................19
      5.7. Permission Granted Notification ...........................19
      5.8. Permission Revocation .....................................19
      5.9. Request-Contained URI Lists ...............................20
           5.9.1. Relay's Behavior ...................................21
           5.9.2. Definition of the 470 Response Code ................21
           5.9.3. Definition of the Permission-Missing Header Field ..22
      5.10. Registrations ............................................22
      5.11. Relays Generating Traffic towards Recipients .............25
           5.11.1. Relay's Behavior ..................................25
           5.11.2. Definition of the Trigger-Consent Header Field ....25
   6. IANA Considerations ............................................26
      6.1. Registration of the 470 Response Code .....................26
      6.2. Registration of the Trigger-Consent Header Field ..........26
      6.3. Registration of the Permission-Missing Header Field .......26
      6.4. Registration of the target-uri Header Field Parameter .....26
   7. Security Considerations ........................................27
   8. Acknowledgments ................................................28
   9. References .....................................................28
      9.1. Normative References ......................................28

[include full document text]