Internet DRAFT - draft-froment-sip-record-route-fix
draft-froment-sip-record-route-fix
Network Working Group T. Froment
Internet-Draft C. Lebel
Intended status: Standards Track Alcatel-Lucent
Expires: August 30, 2007 February 26, 2007
Addressing Record-Route issues in Session Initiation Protocol (SIP)
draft-froment-sip-record-route-fix-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 30, 2007.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Froment & Lebel Expires August 30, 2007 [Page 1]
�
Internet-Draft SIP Record-Route fix February 2007
Abstract
A typical function of a Session Initiation Protocol (SIP) Proxy is to
set a Record-Route header on initial requests in order to make
subsequent requests pass through it. This header contains a SIP
Uniform Resource Identifier (URI) indicating where and how the
subsequent requests should be sent to reach the proxy. Like any SIP
URI, it can contain sip or sips schemes, IPV4 or IPV6 addresses, and
URI parameters that could influence the routing like different
transport parameters (UDP, TCP, SCTP...), or a compression indication
like "comp=sigcomp". When a proxy has to change some of those
parameters between its incoming and outgoing interfaces (multi-homed
proxies, transport switching, sip to sips or IPV4 to IPV6
scenarios...), the question arises on what should be put in Record-
Route: it is just not possible to make one header having the
characteristics of both sides at the same time. This document aims
to clarify these scenarios and fix bugs already identified on this
topic; it formally suggests the use of the double Record-Route
technique as a replacement to the current RFC3261 text, which only
describes Record-Route rewriting solution.
Froment & Lebel Expires August 30, 2007 [Page 2]
�
Internet-Draft SIP Record-Route fix February 2007
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Problem statement . . . . . . . . . . . . . . . . . . . . . . 7
3.1. Background: multi-homed proxies . . . . . . . . . . . . . 7
3.2. Problems . . . . . . . . . . . . . . . . . . . . . . . . . 8
4. Record-Route rewriting . . . . . . . . . . . . . . . . . . . . 13
5. Double Record-Routing . . . . . . . . . . . . . . . . . . . . 14
6. Conclusion and discussion on normative changes . . . . . . . . 18
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
8. Security Considerations . . . . . . . . . . . . . . . . . . . 20
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
10.1. Normative References . . . . . . . . . . . . . . . . . . . 22
10.2. Informative References . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24
Intellectual Property and Copyright Statements . . . . . . . . . . 25
Froment & Lebel Expires August 30, 2007 [Page 3]
�
Internet-Draft SIP Record-Route fix February 2007
1. Introduction
Over the years, it has been noticed in multiple interoperability
events like SIPIT, that many implementations had interoperability
problems due to various Record-Routing issues or misinterpretations
of [RFC3261], in particular when a change occurs between the incoming
and outgoing sides of a proxy: transport switching, "multi-homed"
proxies (including IPV4 to IPV6 interface changes), sip to sips.
Multiple documents have addressed the question, each of them
generally providing an adequate solution for its specific use case,
but none of them gives a general solution or suggests a normative
change to actually provide a coherent set of clarifications:
- [RFC3486], section 6, describes the double Record-Routing as an
alternative to the record-route rewriting in responses. This
document is limited in scope to the "comp=sigcomp" parameter when
doing compression with SIGCOMP.
- [RFC3608], section 6.2, recommends the usage of double Record-
Routing instead of the rewriting solution described in [RFC3261]
for "Dual-homed" proxies. Those are defined as "proxies connected
to two (or more) different networks such that requests are
received on one interface and proxied out through another network
interface".
- ID [draft-ietf-sipping-v6-transition-04], section 3.1.1,
mandates double Record-Routing for multi-homed proxies doing IPV4/
IPV6 transitions, when proxy inserts IP addresses.
- ID [draft-ietf-sip-sips-01], section 4.2, recommends to apply
the double Record-Routing technique when a proxy has to change the
scheme from sip to sips; again, the scope is limited to this use
case.
The observed interoperability problems can be explained by the fact
that, despite these multiple documents, RFC3261 description is still
not normatively changed, and most implementors don't support
extensions like Service-Route ([RFC3608]) or SIGCOMP([RFC3486]).
Indeed, why doing so just for implementing a multi-home proxy or
transport switching basic function?
By the way, this document also aims to clarify identified bugs
referenced in [BUG664], [BUG734] and [BUG735]. In particular, it
takes into account [BUG664] recommendation, which says that "the
language that describes this, needs to clearly capture that this
applies to all types of different interface on each side issues,
including IPV4 on one side and IPV6 on the other".
Froment & Lebel Expires August 30, 2007 [Page 4]
�
Internet-Draft SIP Record-Route fix February 2007
This document is also following recommendations of
[draft-drage-sip-essential-correction-00], which describes the
process for handling essential corrections to the Session Initiation
Protocol.
Froment & Lebel Expires August 30, 2007 [Page 5]
�
Internet-Draft SIP Record-Route fix February 2007
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Froment & Lebel Expires August 30, 2007 [Page 6]
�
Internet-Draft SIP Record-Route fix February 2007
3. Problem statement
3.1. Background: multi-homed proxies
A multi-homed proxy is a proxy connected, like a router, to two or
more different networks, with an interface into each network, such
that traffic comes "in" one network and goes "out" a different one.
A simple model is shown here:
+-----+
| U1 |
+--+--+
| .2
10.1.1.0/25 |
----------------+---+-...
|
| .1
+-+-+
| P |
+-+-+
| .1
| 192.0.2.1/24
...---+------+------------------
|
| .2
+--+--+
| U2 |
+--+--+
U1 has one interface with IP address 10.1.1.2.
P has two interfaces and two addresses:
-- 10.1.1.1
-- 192.0.2.1
And U2 has one interface and one address, 192.0.2.2. In other words,
there is no IP level route between U1 and U2; no ping; no traceroute.
They live in entirely different networks. But they can still
exchange SIP messages, because P is a SIP Proxy. This works in SIP
because P can "record-route".
Froment & Lebel Expires August 30, 2007 [Page 7]
�
Internet-Draft SIP Record-Route fix February 2007
3.2. Problems
Handling of Record-Route header in SIP Proxies is specified by
following sections of [RFC3261]:
On request processing side, [RFC3261], item 4 of section 16.6
states that "The URI placed in the Record-Route header field value
MUST be a SIP or SIPS URI. [...] The URI SHOULD NOT contain the
transport parameter unless the proxy has knowledge(such as in a
private network) that the next downstream element that will be in
the path of subsequent requests supports that transport".
Following this statement, it is not clear at all that proxy SHOULD
put the transport parameter of its outgoing interface in order to
rewrite it later in responses: this can not be optional. Then,
this section speaks about record-route requirements when
transiting from sips to non-sips. It's not clear that the section
doesn't apply to TLS to non-TLS transitions where SIPS is not
involved (see [BUG734]).
On response processing side, [RFC3261] recommends in step 8 of
section 16.7 that "If the selected response contains a Record-
Route header field value originally provided by this proxy, the
proxy MAY choose to rewrite the value before forwarding the
response. This allows the proxy to provide different URIs for
itself to the next upstream and downstream elements. A proxy may
choose to use this mechanism for any reason. For instance, it is
useful for multi-homed hosts. If the proxy received the request
over TLS, and sent it out over a non-TLS connection, the proxy
MUST rewrite the URI in the Record-Route header field to be a SIPS
URI". Indeed, [RFC3261] suggests rewriting the record-route
header in responses, and mandates it if the request indicated
"SIP:". The current text indicates that the record-route value
MUST be modified to contain a SIPS URI when routing a response
from non-TLS to TLS transports. This makes sense only if the
request indicated SIPS. Hop-by-hop TLS needs to be covered
separately, see [BUG735]).
Let's consider the following scenario: a SIP proxy, doing TCP to UDP
transport-switching. Some critical interoperability problems
commonly occurs, and it was identified as a frequent problem in SIPIT
18th which took place in April 2006. The statement "The URI SHOULD
NOT contain the transport parameter unless the proxy has
knowledge(such as in a private network) that the next downstream
element that will be in the path of subsequent requests supports that
transport", is often considered as confusing: applying this
statement, a proxy just put one Record-Route, without any transport
parameters, which generally leads to the problem illustrated below:
Froment & Lebel Expires August 30, 2007 [Page 8]
�
Internet-Draft SIP Record-Route fix February 2007
Alice ===== TCP ===== Proxy ===== UDP ===== Bob
| | |
| F1 INVITE | |
|------------------->| F2 INVITE |
| |------------------->|
| 100 Trying | |
|<-------------------| |
| | F3 200 OK |
| F4 200 OK |<-------------------|
|<-------------------| |
| | |
| F5 ACK | |
|--(sent in UDP) X-> | ACK |
| |------------------->|
| | |
| | F6 BYE |
| BYE |<-------------------|
|<-------------------| |
Simplified TCP to UDP proxy scenario description
U1 P1 U2
F1 INVITE U1 -> P1
INVITE sip:bob@biloxi.com SIP/2.0
Route: <sip:192.0.2.1;lr;transport=TCP>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:alice@u1.atlanta.com;transport=TCP>
F2 INVITE P1 -> U2
INVITE sip:bob@biloxi.com SIP/2.0
Record-Route: <sip:192.0.2.1;lr> (NO transport param)
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:alice@u1.atlanta.com;transport=TCP>
Dialog State at U2:
Local URI = sip:bob@biloxi.com
Remote URI = sip:alice@atlanta.com
Remote target = sip:alice@u1.atlanta.com;transport=TCP
Route Set = sip:192.0.2.1;lr
F3 200 OK U2 -> P1
Froment & Lebel Expires August 30, 2007 [Page 9]
�
Internet-Draft SIP Record-Route fix February 2007
SIP/2.0 200 OK
Record-Route: <sip:192.0.2.1;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:bob@u2.biloxi.com>
F4 200 OK P1 -> U1
SIP/2.0 200 OK
Record-Route: <sip:192.0.2.1;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:bob@u2.biloxi.com>
Dialog State at U1:
Local URI = sip:alice@atlanta.com
Remote URI = sip:bob@biloxi.com
Remote target = sip:bob@u2.biloxi.com
Route Set = sip:192.0.2.1;lr
F5 ACK U1 -> P1
ACK sip:bob@u2.biloxi.com SIP/2.0
Route: <sip:192.0.2.1;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
F6 BYE U2 -> P1
BYE sip:alice@u1.atlanta.com;transport=TCP SIP/2.0
Route: <sip:192.0.2.1;lr>
From: Bob <sip:bob@biloxi.com>
To: Alice <sip:alice@atlanta.com>
Figure 3: transport switching scenario
Since Proxy P1 does not put any transport parameter on Record-Route,
subsequent requests of U1, like the ACK sent in F5, will be sent
according to the behaviour specified in section 12.2 (requests within
a Dialog) of RFC 3261, that means that the Route set is used, and
then, applying [RFC3263], the Route "sip:192.0.2.1" will resolve to a
UDP transport by default (since no transport parameter is available
here), and no NAPTR request will be performed since this is a numeric
IP Address. Even if proxy had record-routed its logical name (e.g.
p1.example.com), if U1 and U2 use the same DNS server, NAPTR request
would resolve to the same transport on both sides. That means, even
if we assume that UAs support [RFC3263], if one of the UA sends an
Froment & Lebel Expires August 30, 2007 [Page 10]
�
Internet-Draft SIP Record-Route fix February 2007
initial request using a different transport than the one configured
in DNS, this scenario is still problematic. In practice, there are
multiple reasons why UAs are rarely using logical names and NAPTR
when sending an initial request to a proxy:
- Most of UAs have the ability to configure statically their outbound
proxy, and it is commonly configured with a numeric IP address.
- Most of UAs offer the ability to "force" the transport to be used
for initial requests, even if they support [RFC3263]: this is because
in some circumstances, people just want to avoid using UDP (trying to
avoid congestion, retransmissions or fragmentation), or just because
they simply don't support one of the transport!
- Some UAs do not support [RFC3263] at all...
In previous example, forcing U1 to switch from TCP to UDP between
initial request and subsequent request(s) is clearly not the desired
default behaviour, and it typically leads to interoperability
problems.
In any case, if proxy record-route a numeric IP Address and transport
switching occurs, something needs to be done.
In order to workaround these problems, and to maintain a reasonnable
level of interoperability, experience shows that solutions are
generally provided on proxy side, the two possible solutions are
either:
- Record-Route rewriting on responses: Put the transport parameter on
the Record-Route of INVITE request sent in F2, so that U2 will
correctly send its BYE request in F6 using the same transport as
previous messages of the same dialog, and make the Proxy rewrite the
Record-Route when processing the 200 OK response, changing "on the
fly" the transport parameter to "transport=TCP", so that the Route
set will appear to be <sip:192.0.2.1;lr;transport=TCP> for U1 and
<sip:192.0.2.1;lr;transport=UDP> for U2.
- Double Record-Routing: the proxy puts two Record-Route headers.
The first one is set, in this example, to Record-Route: <sip:
192.0.2.1;lr;transport=TCP>, the second one to Record-Route: <sip:
192.0.2.1;lr> with no transport, or with transport=UDP, which means
basically the same thing. This is a common practice in implementors
community to support double Record-Route AND put the transport
parameters.
Knowing this problem, some UA implementations sometimes decide to
always keep the same transport for a given Dialog, but this choice is
Froment & Lebel Expires August 30, 2007 [Page 11]
�
Internet-Draft SIP Record-Route fix February 2007
erratic, since if the proxy is not Record-Route, the callee may
receive the subsequent request through a transport that is not the
one put in its Contact.
The question of putting or not the transport parameter on Record-
Route needs to be clarified. But let appart this question, this
problem enlights the utility of rewriting and double Record-Routing
techniques which apply for any other multi-homed proxy use case,
whenever the proxy changes its IP address or its URI scheme between
incoming and outgoing interfaces. This is why, these techniques are
described, compared and discussed in the following sections.
Froment & Lebel Expires August 30, 2007 [Page 12]
�
Internet-Draft SIP Record-Route fix February 2007
4. Record-Route rewriting
As already outlined in some IETF mailing list discussions: Record-
Route rewriting in responses is controversial. Actually, it has
often been noticed that letting [RFC3261] with the Record-Route
rewriting as the only technique described in core specification is
dangerous, due to the fact that rewriting has some heavy drawbacks.
Indeed, the consequence of doing rewriting is that the Route seen by
the caller is different from the Route seen by the callee, and it has
two serious implications:
1) Callee cannot sign the route set, because it gets edited by the
proxy in the response. Consequently, end-to-end protection of the
route set can not be supported by the protocol. The openness and
the end-to-end principles are broken (!)...
2) Proxy must implement special "multi-homed" stateful logic. On
the request phase, it goes through output interface calculation
and writes the output interface into the route. It must then
inspect all responses, grep for an input interface, and
selectively edit them to reference the correct output interface:
this is a CPU drag. Moreover, it is not clear how a stateless
proxy can handle this stateful rewriting operation.
That's why, this document would recommend to completely deprecate
this technique.
However, if it is considered as something that SHOULD NOT be
deprecated, it SHOULD be clarified that its scope is wider than just
the "sip to sips" use case, and SHOULD be extended to transport
switching, or "multi-homed" situations:
Thus, on the request processing side: item 4 of section 16.6 of
[RFC3261], it SHOULD be noticed that the URI MAY contain the
transport parameter or the outgoing interface in case of a multi-
homed proxy, and that it would trigger the Record-Route rewriting
when processing responses.
On the response processing side: step 8 of section 16.7, it SHOULD
be noticed that the mechanism applies also to transport switching
scenario, and not only to scheme changes.
Froment & Lebel Expires August 30, 2007 [Page 13]
�
Internet-Draft SIP Record-Route fix February 2007
5. Double Record-Routing
Critical drawbacks of rewriting technique probably explain why double
Record-Routing solution has consequently always been recommended in
SIP extensions like [RFC3486] or [RFC3608]. That's also why this
document proposes, through an normative change, to introduce it
either as an alternative or even as a replacement of rewriting in
[RFC3261].
This alternative has many benefits, and is completely backwards
compatible with [RFC3261]. It consists in putting as the first
value, the Route of receiving interface, including schemes and/or URI
parameters, and, as second value, the Route of the sending interface.
When processing the response, no modification of the recorded route
is required.
When double Record-Routing, the proxy will have to handle the second
incoming request as a spiral, and consequently devote some space to
maintaining a transaction. In order to avoid a spiral, proxy has to
be smart and scan an extra route ahead to determine whether the
request will spiral through it. If it does, it can optimize the
second spiral through itself. Even though this is an implementation
decision, it is much more efficient to avoid spiraling, and it means
that the appropriate section of[RFC3261] SHOULD be modified:
Scanning two routes instead of one implies that proxy behaviour
described in section 16.4. "Route Information Preprocessing" of
[RFC3261] MAY remove these TWO routes instead of one. This section
SHOULD then be modified by adding to the current text "If the first
value in the Route header field indicates this proxy, the proxy MUST
remove that value from the request" a statement like "If the proxy
used double Record-Routing technique for this dialog, as described in
[...], the same treatment MAY be applied, and then remove the second
value of Route header". This has never been described in existing
documents mentioning the double Record-Routing solution.
Generally speaking, the time complexity will be less in double
Record-Routing since on the response, the proxy does not have to do
any re-writes (and thus, no searching).
The following example is an extension of example given
in[draft-ietf-sipping-v6-transition-04], it illustrates a call flow
when doing double Record-Routing with a multi-homed IPV4 to IPV6
proxy, enlightening the Dialog State on each UA.
Froment & Lebel Expires August 30, 2007 [Page 14]
�
Internet-Draft SIP Record-Route fix February 2007
UAC Proxy UAS
(IPv4) (IPv4/IPv6) (IPv6)
| | |
| F1 INVITE | |
|------------------->| F2 INVITE |
| |------------------->|
| 100 Trying | |
|<-------------------| |
| | F3 200 OK |
| F4 200 OK |<-------------------|
|<-------------------| |
| | |
| F5 ACK | |
|------------------->| F6 ACK |
| |------------------->|
| | |
| | F7 BYE |
| F8 BYE |<-------------------|
|<-------------------| |
| F9 200 OK | |
|------------------->| F10 200 OK |
| |------------------->|
IPV4 to IPV6 multi-homed proxy illustration
U1 P1 U2
F1 INVITE U1 -> P1
INVITE sip:bob@biloxi.com SIP/2.0
Route: <sip:192.0.2.254:5060;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:alice@192.0.2.1>
F2 INVITE P1 -> U2
INVITE sip:bob@biloxi.com SIP/2.0
Record-Route: <sip:2001:db8::1;lr>
Record-Route: <sip:192.0.2.254:5060;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:alice@192.0.2.1>
Dialog State at U2:
Local URI = sip:bob@biloxi.com
Froment & Lebel Expires August 30, 2007 [Page 15]
�
Internet-Draft SIP Record-Route fix February 2007
Remote URI = sip:alice@atlanta.com
Remote target = sip:alice@192.0.2.1
Route Set = sip:2001:db8::1;lr
sip:192.0.2.254:5060:lr
F3 200 OK U2 -> P1
SIP/2.0 200 OK
Record-Route: <sip:2001:db8::1;lr>
Record-Route: <sip:192.0.2.254:5060;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:bob@2001:db8::33>
F4 200 OK P1 -> U1
SIP/2.0 200 OK
Record-Route: <sip:2001:db8::1;lr>
Record-Route: <sip:192.0.2.254:5060;lr>
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
Contact: <sip:bob@2001:db8::33>
Dialog State at U1:
Local URI = sip:alice@atlanta.com
Remote URI = sip:bob@biloxi.com
Remote target = sip:bob@2001:db8::33
Route Set = sip:192.0.2.254:5060:lr
sip:2001:db8::1;lr
F5 ACK U1 -> P1
ACK sip:bob@2001:db8::33 SIP/2.0
Route: sip:192.0.2.254:5060:lr
Route: sip:2001:db8::1;lr
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
F6 ACK P1 -> U2
ACK sip:bob@2001:db8::33 SIP/2.0
From: Alice <sip:alice@atlanta.com>
To: Bob <sip:bob@biloxi.com>
(both routes have been removed by proxy)
F7 BYE U2 -> P1
BYE sip:alice@192.0.2.1 SIP/2.0
Froment & Lebel Expires August 30, 2007 [Page 16]
�
Internet-Draft SIP Record-Route fix February 2007
Route: sip:2001:db8::1;lr
Route: sip:192.0.2.254:5060:lr
From: Bob <sip:bob@biloxi.com>
To: Alice <sip:alice@atlanta.com>
F8 BYE P1 -> U1
BYE sip:alice@192.0.2.1 SIP/2.0
From: Bob <sip:bob@biloxi.com>
To: Alice <sip:alice@atlanta.com>
F9 SIP/2.0 200 OK U1 -> P1
From: Bob <sip:bob@biloxi.com>
To: Alice <sip:alice@atlanta.com>
F10 SIP/2.0 200 OK P1 -> U2
From: Bob <sip:bob@biloxi.com>
To: Alice <sip:alice@atlanta.com>
Figure 5: Multi-homed IPV4 to IPV6 double Record-Routing illustration
Froment & Lebel Expires August 30, 2007 [Page 17]
�
Internet-Draft SIP Record-Route fix February 2007
6. Conclusion and discussion on normative changes
As a consequence of this document, [RFC3261] SHOULD be modified to
either:
- Deprecate rewriting.
- Introduce double Record-Routing as an alternative to rewriting.
In this case, given the strong drawbacks of rewriting (but willing
to keep the backward compatibility of implementation already
supporting it), it could be reasonable to let rewriting as a
solution that MAY be used, and make double record-routing as the
solution that SHOULD be used. Sections 16.4, of [RFC3261] on
"Route Information Preprocessing" SHOULD then be reworded as
recommended in section 5 of this document.
In any case, the clarification on multi-homed and transport switching
scenarios when processing requests and responses is needed: this is
important in order to avoid the interoperability problems that have
been identified. It would necessitate to reword sections 16.6, item
4 and 16.7, step 8 of [RFC3261].
Froment & Lebel Expires August 30, 2007 [Page 18]
�
Internet-Draft SIP Record-Route fix February 2007
7. IANA Considerations
This document does not require any actions by IANA.
Froment & Lebel Expires August 30, 2007 [Page 19]
�
Internet-Draft SIP Record-Route fix February 2007
8. Security Considerations
The double Record-Routing technique reveals some level of network
topology and proxy server capabilities: IPv4 and IPv6 support, SCTP
support, sigcomp support, etc. to a malicious attacker. This is a
bit more than the normal IP address, naming scheme information that
is usually part and parcel of every SIP request sent out in the
clear. It MAY have an impact on services involving topology hidding
or privacy, as specified in [RFC3323].
Froment & Lebel Expires August 30, 2007 [Page 20]
�
Internet-Draft SIP Record-Route fix February 2007
9. Acknowledgments
Vijay K. Gurbani who provided important references and substantial
modifications, also raising security considerations.
Dean Willis who contributed, through the mailing lists, to most of
the problem statement elements.
Tom Batsele who helped to clarify the transport-switching issues.
Froment & Lebel Expires August 30, 2007 [Page 21]
�
Internet-Draft SIP Record-Route fix February 2007
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
10.2. Informative References
[BUG664] Sparks, RS., "Bug 664: Double record routing",
October 2002.
[BUG734] Sparks, RS., "Bug 734: Record-route manipulation rules for
requests wrt SIPS vs single-hop TLS are unclear",
September 2003.
[BUG735] Sparks, RS., "Bug 735: Record-route manipulation rules for
responses wrt SIPS vs hop-hop TLS are incorrect",
September 2003.
[RFC3261] Schulzrinne, HS., Camarillo, GC., Johnston, AJ.,
Rosenberg, JR., Peterson, JP., Sparks, RS., Handley, MH.,
and ES. Schooler, "SIP: Session Initiation Protocol",
June 2002.
[RFC3263] Schulzrinne, HS. and JR. Rosenberg, "Session Initiation
Protocol (SIP): Locating SIP Servers", June 2002.
[RFC3323] Peterson, JP., "A Privacy Mechanism for the Session
Initiation Protocol (SIP)", October 2003.
[RFC3486] Camarillo, GC., "Compressing the Session Initiation
Protocol (SIP)", February 2003.
[RFC3608] Willis, DW. and BH. Hoeneisen, "Session Initiation
Protocol (SIP) Extension Header Field for Service Route
Discovery During Registration", October 2003.
[draft-drage-sip-essential-correction-00]
Drage, KD., "A Process for Handling Essential Corrections
to the Session Initiation Protocol (SIP)", October 2003.
[draft-ietf-sip-sips-01]
Audet, FA., "Guidelines for the use of the SIPS URI Scheme
in the Session Initiation Protocol (SIP)", February 2007.
[draft-ietf-sipping-v6-transition-04]
Gurbani, VG., Camarillo, GC., and KEM. Malki, "IPv6
Froment & Lebel Expires August 30, 2007 [Page 22]
�
Internet-Draft SIP Record-Route fix February 2007
Transition in the Session Initiation Protocol (SIP)",
September 2006.
Froment & Lebel Expires August 30, 2007 [Page 23]
�
Internet-Draft SIP Record-Route fix February 2007
Authors' Addresses
Thomas Froment
Alcatel-Lucent
1 rue Ampere - BP 80056
Massy, Paris 91302
France
Email: Thomas.Froment@alcatel-lucent.fr
Christophe Lebel
Alcatel-Lucent
Lieu dit Le Mail
Orvault, 44708
France
Email: Christophe.Lebel@alcatel-lucent.fr
Froment & Lebel Expires August 30, 2007 [Page 24]
�
Internet-Draft SIP Record-Route fix February 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Froment & Lebel Expires August 30, 2007 [Page 25]
�
