A Framework for Consent-Based Communications in the Session Initiation Protocol (SIP)
RFC 5360

 
Document
Type RFC - Proposed Standard (October 2008; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream
WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG
IESG state RFC 5360 (Proposed Standard)
Telechat date
Responsible AD Cullen Jennings
Send notices to sip-chairs@ietf.org, gonzalo.camarillo@ericsson.com

Email authors IPR References Referenced by Nits Search lists

Network Working Group                                       J. Rosenberg
Request for Comments: 5360                                 Cisco Systems
Category: Standards Track                              G. Camarillo, Ed.
                                                                Ericsson
                                                               D. Willis
                                                            Unaffiliated
                                                            October 2008

              A Framework for Consent-Based Communications
                in the Session Initiation Protocol (SIP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   SIP supports communications for several services, including real-time
   audio, video, text, instant messaging, and presence.  In its current
   form, it allows session invitations, instant messages, and other
   requests to be delivered from one party to another without requiring
   explicit consent of the recipient.  Without such consent, it is
   possible for SIP to be used for malicious purposes, including
   amplification and DoS (Denial of Service) attacks.  This document
   identifies a framework for consent-based communications in SIP.

Rosenberg, et al.           Standards Track                     [Page 1]
RFC 5360                   Consent Framework                October 2008

Table of Contents

   1. Introduction ....................................................3
   2. Definitions and Terminology .....................................3
   3. Relays and Translations .........................................4
   4. Architecture ....................................................6
      4.1. Permissions at a Relay .....................................6
      4.2. Consenting Manipulations on a Relay's Translation Logic ....7
      4.3. Store-and-Forward Servers ..................................8
      4.4. Recipients Grant Permissions ...............................9
      4.5. Entities Implementing This Framework .......................9
   5. Framework Operations ............................................9
      5.1. Amplification Avoidance ...................................11
           5.1.1. Relay's Behavior ...................................12
      5.2. Subscription to the Permission Status .....................12
           5.2.1. Relay's Behavior ...................................13
      5.3. Request for Permission ....................................13
           5.3.1. Relay's Behavior ...................................13
      5.4. Permission Document Structure .............................15
      5.5. Permission Requested Notification .........................16
      5.6. Permission Grant ..........................................17
           5.6.1. Relay's Behavior ...................................17
                  5.6.1.1. SIP Identity ..............................17
                  5.6.1.2. P-Asserted-Identity .......................17
                  5.6.1.3. Return Routability ........................18
                  5.6.1.4. SIP Digest ................................19
      5.7. Permission Granted Notification ...........................19
      5.8. Permission Revocation .....................................19
      5.9. Request-Contained URI Lists ...............................20
           5.9.1. Relay's Behavior ...................................21
           5.9.2. Definition of the 470 Response Code ................21
           5.9.3. Definition of the Permission-Missing Header Field ..22
      5.10. Registrations ............................................22
      5.11. Relays Generating Traffic towards Recipients .............25
           5.11.1. Relay's Behavior ..................................25
           5.11.2. Definition of the Trigger-Consent Header Field ....25
   6. IANA Considerations ............................................26
      6.1. Registration of the 470 Response Code .....................26
      6.2. Registration of the Trigger-Consent Header Field ..........26
      6.3. Registration of the Permission-Missing Header Field .......26
      6.4. Registration of the target-uri Header Field Parameter .....26
   7. Security Considerations ........................................27
   8. Acknowledgments ................................................28
   9. References .....................................................28
      9.1. Normative References ......................................28
Show full document text