draft-ietf-ecrit-unauthenticated-access-06.txt   draft-ietf-ecrit-unauthenticated-access-07.txt 
ECRIT H. Schulzrinne ECRIT H. Schulzrinne
Internet-Draft Columbia University Internet-Draft Columbia University
Intended status: Standards Track S. McCann Intended status: Standards Track S. McCann
Expires: November 01, 2013 Research in Motion UK Ltd Expires: January 14, 2014 Research in Motion UK Ltd
G. Bajko G. Bajko
Nokia Nokia
H. Tschofenig H. Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
D. Kroeselberg D. Kroeselberg
Siemens Siemens
April 30, 2013 July 13, 2013
Extensions to the Emergency Services Architecture for dealing with Extensions to the Emergency Services Architecture for dealing with
Unauthenticated and Unauthorized Devices Unauthenticated and Unauthorized Devices
draft-ietf-ecrit-unauthenticated-access-06.txt draft-ietf-ecrit-unauthenticated-access-07.txt
Abstract Abstract
The IETF emergency services architecture assumes that the calling The IETF emergency services architecture assumes that the calling
device has acquired rights to use the access network or that no device has acquired rights to use the access network or that no
authentication is required for the access network, such as for public authentication is required for the access network, such as for public
wireless access points. Subsequent protocol interactions, such as wireless access points. Subsequent protocol interactions, such as
obtaining location information, learning the address of the Public obtaining location information, learning the address of the Public
Safety Answering Point (PSAP) and the emergency call itself are Safety Answering Point (PSAP) and the emergency call itself are
largely decoupled from the underlying network access procedures. largely decoupled from the underlying network access procedures.
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 01, 2013. This Internet-Draft will expire on January 14, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 30 skipping to change at page 2, line 30
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Use Case Categories . . . . . . . . . . . . . . . . . . . . . 5 3. Use Case Categories . . . . . . . . . . . . . . . . . . . . . 5
4. ZBP Considerations . . . . . . . . . . . . . . . . . . . . . 7 4. ZBP Considerations . . . . . . . . . . . . . . . . . . . . . 7
5. NASP Considerations . . . . . . . . . . . . . . . . . . . . . 7 5. NASP Considerations . . . . . . . . . . . . . . . . . . . . . 8
5.1. End Host Profile . . . . . . . . . . . . . . . . . . . . 9 5.1. End Host Profile . . . . . . . . . . . . . . . . . . . . 10
5.1.1. LoST Server Discovery . . . . . . . . . . . . . . . . 9 5.1.1. LoST Server Discovery . . . . . . . . . . . . . . . . 10
5.1.2. ESRP Discovery . . . . . . . . . . . . . . . . . . . 9 5.1.2. ESRP Discovery . . . . . . . . . . . . . . . . . . . 10
5.1.3. Location Determination and Location Configuration . . 9 5.1.3. Location Determination and Location Configuration . . 10
5.1.4. Emergency Call Identification . . . . . . . . . . . . 10 5.1.4. Emergency Call Identification . . . . . . . . . . . . 10
5.1.5. SIP Emergency Call Signaling . . . . . . . . . . . . 10 5.1.5. SIP Emergency Call Signaling . . . . . . . . . . . . 10
5.1.6. Media . . . . . . . . . . . . . . . . . . . . . . . . 10 5.1.6. Media . . . . . . . . . . . . . . . . . . . . . . . . 11
5.1.7. Testing . . . . . . . . . . . . . . . . . . . . . . . 10 5.1.7. Testing . . . . . . . . . . . . . . . . . . . . . . . 11
5.2. IAP/ISP Profile . . . . . . . . . . . . . . . . . . . . . 11 5.2. IAP/ISP Profile . . . . . . . . . . . . . . . . . . . . . 11
5.2.1. ESRP Discovery . . . . . . . . . . . . . . . . . . . 11 5.2.1. ESRP Discovery . . . . . . . . . . . . . . . . . . . 11
5.2.2. Location Determination and Location Configuration . . 11 5.2.2. Location Determination and Location Configuration . . 11
5.3. ESRP Profile . . . . . . . . . . . . . . . . . . . . . . 11 5.3. ESRP Profile . . . . . . . . . . . . . . . . . . . . . . 11
5.3.1. Emergency Call Routing . . . . . . . . . . . . . . . 11 5.3.1. Emergency Call Routing . . . . . . . . . . . . . . . 11
5.3.2. Emergency Call Identification . . . . . . . . . . . . 11 5.3.2. Emergency Call Identification . . . . . . . . . . . . 12
5.3.3. SIP Emergency Call Signaling . . . . . . . . . . . . 11 5.3.3. SIP Emergency Call Signaling . . . . . . . . . . . . 12
6. Lower Layer Considerations for NAA Case . . . . . . . . . . . 11 6. Lower Layer Considerations for NAA Case . . . . . . . . . . . 12
6.1. Link Layer Emergency Indication . . . . . . . . . . . . . 12 6.1. Link Layer Emergency Indication . . . . . . . . . . . . . 13
6.2. Securing Network Attachment in NAA Cases . . . . . . . . 13 6.2. Securing Network Attachment in NAA Cases . . . . . . . . 14
7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
10.1. Normative References . . . . . . . . . . . . . . . . . . 16 10.1. Normative References . . . . . . . . . . . . . . . . . . 16
10.2. Informative References . . . . . . . . . . . . . . . . . 17 10.2. Informative References . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
skipping to change at page 3, line 22 skipping to change at page 3, line 22
is one of the fundamental and most-valued functions of the telephone. is one of the fundamental and most-valued functions of the telephone.
As telephone functionality moves from circuit-switched telephony to As telephone functionality moves from circuit-switched telephony to
Internet telephony, its users rightfully expect that this core Internet telephony, its users rightfully expect that this core
functionality will continue to work at least as well as it has for functionality will continue to work at least as well as it has for
the older technology. New devices and services are being made the older technology. New devices and services are being made
available that could be used to make a request for help, which are available that could be used to make a request for help, which are
not traditional telephones, and users are increasingly expecting them not traditional telephones, and users are increasingly expecting them
to be used to place emergency calls. to be used to place emergency calls.
Roughly speaking, the IETF emergency services architecture (see Roughly speaking, the IETF emergency services architecture (see
[I-D.ietf-ecrit-phonebcp] and [RFC6443]) divides responsibility for [RFC6881] and [RFC6443]) divides responsibility for handling
handling emergency calls between the access network (ISP), the emergency calls between the access network (ISP), the application
application service provider (ASP) that may be a VoIP service service provider (ASP) that may be a VoIP service provider and the
provider and the provider of emergency signaling services, the provider of emergency signaling services, the emergency service
emergency service network (ESN). The access network may provide network (ESN). The access network may provide location information
location information to end systems, but does not have to provide any to end systems, but does not have to provide any ASP signaling
ASP signaling functionality. The emergency caller can reach the ESN functionality. The emergency caller can reach the ESN either
either directly or through the ASP's outbound proxy. Any of the directly or through the ASP's outbound proxy. Any of the three
three parties can provide the mapping from location to PSAP URI by parties can provide the mapping from location to PSAP URI by offering
offering LoST [RFC5222] services. LoST [RFC5222] services.
In general, a set of automated configuration mechanisms allows a In general, a set of automated configuration mechanisms allows a
device to function in a variety of architectures, without the user device to function in a variety of architectures, without the user
being aware of the details on who provides location, mapping services being aware of the details on who provides location, mapping services
or call routing services. However, if emergency calling is to be or call routing services. However, if emergency calling is to be
supported when the calling device lacks access network authorization supported when the calling device lacks access network authorization
or does not have an ASP, one or more of the providers may need to or does not have an ASP, one or more of the providers may need to
provide additional services and functions. provide additional services and functions.
In all cases, the end device has to be able to perform a LoST lookup In all cases, the end device has to be able to perform a LoST lookup
skipping to change at page 5, line 13 skipping to change at page 5, line 13
environments. environments.
There are also indications that the functionality of unauthenticated There are also indications that the functionality of unauthenticated
emergency calls (called SIM-less calls) in today's cellular system in emergency calls (called SIM-less calls) in today's cellular system in
certain countries leads to a fair amount of hoax or test calls. This certain countries leads to a fair amount of hoax or test calls. This
causes overload situations at PSAPs which is considered harmful to causes overload situations at PSAPs which is considered harmful to
the overall availability and reliability of emergency services. the overall availability and reliability of emergency services.
As an example, Federal Office of Communications (OFCOM, Switzerland) As an example, Federal Office of Communications (OFCOM, Switzerland)
provided statistics about emergency (112) calls in Switzerland from provided statistics about emergency (112) calls in Switzerland from
Jan. 1997 to Nov. 2001. Switzerland did not offer SIM-less Jan. 1997 to Nov. 2001. Switzerland did not offer SIM-less
emergency calls except for almost a month in July 2000 where a emergency calls except for almost a month in July 2000 where a
significant increase in hoax and test calls was reported. As a significant increase in hoax and test calls was reported. As a
consequence, the functionality was disabled again. More details can consequence, the functionality was disabled again. More details can
be found in the panel presentations of the 3rd SDO Emergency Services be found in the panel presentations of the 3rd SDO Emergency Services
Workshop [esw07]. Workshop [esw07].
2. Terminology 2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
skipping to change at page 6, line 49 skipping to change at page 6, line 49
network +--->| End | | +---------------+ network +--->| End | | +---------------+
attachment| `...../ | YES | | NO attachment| `...../ | YES | | NO
possible? | | | | possible? | | | |
v | v v v | v v
+------------+ | +------------+ +------------+ +------------+ | +------------+ +------------+
| Execute | | | Execute | | Execute | | Execute | | | Execute | | Execute |
| NAA |--------+ | Phone BCP | | NASP | | NAA |--------+ | Phone BCP | | NASP |
| Procedures | | Procedures | | Procedures | | Procedures | | Procedures | | Procedures |
+------------+ +------------+ +------------+ +------------+ +------------+ +------------+
Authorization for| | Authorization for| |
Emergency Call? | | making an | |
emergency call | |
with the ASP/VSP?| |
+--------------+ v +--------------+ v
| NO | YES +-----Y | NO | YES +-----Y
| | | Done| | | | Done|
v v `...../ v v `...../
+------------+ +------------+ +------------+ +------------+
| Execute | | Execute | | Execute | | Execute |
| ZBP | | Phone BCP | | ZBP | | Phone BCP |
| Procedures | | Procedures | | Procedures | | Procedures |
+------------+ +------------+ +------------+ +------------+
| | | |
skipping to change at page 7, line 26 skipping to change at page 7, line 29
+-----Y +-----Y +-----Y +-----Y
| Done| | Done| | Done| | Done|
`...../ `...../ `...../ `...../
Abbreviations: Abbreviations:
LLA: Link Layer Attachment LLA: Link Layer Attachment
ES: Emergency Services ES: Emergency Services
Figure 1: Flow Diagram Figure 1: Flow Diagram
The "No Access Authentication (NAA)" procedures are described in
Section 6. The "Zero-balance ASP (ZBP)" procedures are described in
Section 4. The "No ASP (NASP)" procedures are described in
Section 5. The Phone BCP procedures are described in [RFC6881]. The
"Link Layer Attachment (LLA)" procedures are not described in this
document since they are specific to the link layer technology in use.
4. ZBP Considerations 4. ZBP Considerations
ZBP includes all cases where a subscriber is known to an ASP, but ZBP includes all cases where a subscriber is known to an ASP, but
lacks the necessary authorization to access regular ASP services. lacks the necessary authorization to access regular ASP services.
Example ZBP cases include empty prepaid accounts, barred accounts, Example ZBP cases include empty prepaid accounts, barred accounts,
roaming and mobility restrictions, or any other conditions set by ASP roaming and mobility restrictions, or any other conditions set by ASP
policy. policy.
Local regulation might demand that emergency calls are always Local regulation might demand that emergency calls cannot proceed
authorized. An ASP can identify emergency sessions by identifying without successful service authorization. In regulatory regimes,
the service URN [RFC5031] used in call setup. Emergency calls can however, it may be possible to allow emergency calls to continue
then be authorized accordingly. The ZBP case therefore only affects despite authorization failures. To distinguish an emergency call
the ASP. from a regular call an ASP can identify emergency sessions by
inspecting the service URN [RFC5031] used in call setup. The ZBP
case therefore only affects the ASP.
Permitting a call with limited authorization could present an Permitting a call despite authorization failures could present an
opportunity for abuse. The ASP MAY choose to validate session opportunity for abuse. The ASP may choose to verify the destination
initiation messages for valid destinations, see Section 7. of the emergency calls and to only permit calls to certain, pre-
configured entities (e.g., to local PSAPs). Section 7 discusses this
topic in more detail.
An ASP without a regulatory requirement to authorize emergency calls An ASP without a regulatory requirement to authorize emergency calls
can deny emergency call setup. Where an ASP does not authorize an can deny emergency call setup. Where an ASP does not authorize an
emergency call, the caller can fall back to NASP procedures. emergency call, the caller may be able to fall back to NASP
procedures.
5. NASP Considerations 5. NASP Considerations
To start the description we consider the sequence of steps that are To start the description we consider the sequence of steps that are
executed in an emergency call based on Figure 2. executed in an emergency call based on Figure 2.
o As an initial step the devices attaches to the network as shown in o As an initial step the devices attaches to the network as shown in
step (1). This step is outside the scope of this section. step (1). This step is outside the scope of this section.
o When the link layer network attachment procedure is completed the o When the link layer network attachment procedure is completed the
end host learns basic configuration information using DHCP from end host learns basic IP configuration information using DHCP from
the ISP, as shown in step (2). the ISP, as shown in step (2).
o When the IP address configuration is completed then the end host o When the IP address configuration is completed then the end host
starts an interaction with the discovered Location Configuration starts an interaction with the discovered Location Configuration
Server at the ISP, as shown in step (3). The ISP may in certain Server at the ISP, as shown in step (3). The ISP may in certain
deployments need to interact with the IAP. This protocol exchange deployments need to interact with the IAP. This protocol exchange
is shown in step (4). is shown in step (4).
o Once location information is obtained the end host triggers the o Once location information is obtained the end host triggers the
LoST protocol to obtain the address of the ESRP/PSAP. This step LoST protocol to obtain the address of the ESRP/PSAP. This step
skipping to change at page 10, line 4 skipping to change at page 10, line 18
The end host MUST discover a LoST server [RFC5222] using DHCP The end host MUST discover a LoST server [RFC5222] using DHCP
[RFC5223]. [RFC5223].
5.1.2. ESRP Discovery 5.1.2. ESRP Discovery
The end host MUST discover the ESRP using the LoST protocol The end host MUST discover the ESRP using the LoST protocol
[RFC5222]. [RFC5222].
5.1.3. Location Determination and Location Configuration 5.1.3. Location Determination and Location Configuration
The end host MUST support location acquisition and the LCPs described The end host MUST support location acquisition and the LCPs described
in Section 6.5 of [I-D.ietf-ecrit-phonebcp]. The description in in Section 6.5 of [RFC6881]. The description in Section 6.5 and 6.6
Section 6.5 and 6.6 of [I-D.ietf-ecrit-phonebcp] regarding the of [RFC6881] regarding the interaction between the device and the LIS
interaction between the device and the LIS applies to this document. applies to this document.
The SIP UA in the end host MUST attach available location information The SIP UA in the end host MUST attach available location information
in a PIDF-LO [RFC4119] when making an emergency call. When in a PIDF-LO [RFC4119] when making an emergency call. When
constructing the PIDF-LO the guidelines in PIDF-LO profile [RFC5491] constructing the PIDF-LO the guidelines in PIDF-LO profile [RFC5491]
MUST be followed. For civic location information the format defined MUST be followed. For civic location information the format defined
in [RFC5139] MUST be supported. in [RFC5139] MUST be supported.
5.1.4. Emergency Call Identification 5.1.4. Emergency Call Identification
To determine which calls are emergency calls, some entity needs to To determine which calls are emergency calls, some entity needs to
map a user entered dialstring into this URN scheme. A user may map a user entered dialstring into this URN scheme. A user may
"dial" 1-1-2, but the call would be sent to urn:service:sos. This "dial" 1-1-2, 9-1-1, etc., but the call would be sent to
mapping SHOULD be performed at the endpoint device. urn:service:sos. This mapping SHOULD be performed at the endpoint
device.
End hosts MUST use the Service URN mechanism [RFC5031] to mark calls End hosts MUST use the Service URN mechanism [RFC5031] to mark calls
as emergency calls for their home emergency dial string. as emergency calls for their home emergency dial string.
5.1.5. SIP Emergency Call Signaling 5.1.5. SIP Emergency Call Signaling
SIP signaling capabilities [RFC3261] are mandated for end hosts. SIP signaling capabilities [RFC3261] are mandated for end hosts.
The initial SIP signaling method is an INVITE. The SIP INVITE The initial SIP signaling method is an INVITE. The SIP INVITE
request MUST be constructed according to the requirements in request MUST be constructed according to the requirements in
Section 9.2 [I-D.ietf-ecrit-phonebcp]. Section 9.2 [RFC6881].
Regarding callback behavior SIP UAs SHOULD place a globally routable Regarding callback behavior SIP UAs SHOULD place a globally routable
URI in a Contact: header. URI in a Contact: header.
5.1.6. Media 5.1.6. Media
End points MUST comply with the media requirements for end points End points MUST comply with the media requirements for end points
placing an emergency call found in Section 14 of placing an emergency call found in Section 14 of [RFC6881].
[I-D.ietf-ecrit-phonebcp].
5.1.7. Testing 5.1.7. Testing
The description in Section 15 of [I-D.ietf-ecrit-phonebcp] is fully The description in Section 15 of [RFC6881] is fully applicable to
applicable to this document. this document.
5.2. IAP/ISP Profile 5.2. IAP/ISP Profile
5.2.1. ESRP Discovery 5.2.1. ESRP Discovery
An ISP MUST provision a DHCP server with information about LoST An ISP MUST provision a DHCP server with information about LoST
servers [RFC5223]. An ISP operator may choose to deploy a LoST servers [RFC5223]. An ISP operator may choose to deploy a LoST
server or to outsource it to other parties. server or to outsource it to other parties.
5.2.2. Location Determination and Location Configuration 5.2.2. Location Determination and Location Configuration
The ISP is responsible for location determination and exposes this The ISP is responsible for location determination and exposes this
information to the end points via location configuration protocols. information to the end points via location configuration protocols.
The considerations described in [RFC6444] are applicable to this The considerations described in [RFC6444] are applicable to this
document. document.
The ISP MUST support one of the LCPs described in Section 6.5 of The ISP MUST support one of the LCPs described in Section 6.5 of
[I-D.ietf-ecrit-phonebcp]. The description in Section 6.5 and 6.6 of [RFC6881]. The description in Section 6.5 and 6.6 of [RFC6881]
[I-D.ietf-ecrit-phonebcp] regarding the interaction between the end regarding the interaction between the end device and the LIS applies
device and the LIS applies to this document. to this document.
The interaction between the LIS at the ISP and the IAP is often The interaction between the LIS at the ISP and the IAP is often
priorietary but the description in priorietary but the description in
[I-D.winterbottom-geopriv-lis2lis-req] may be relevant to the reader. [I-D.winterbottom-geopriv-lis2lis-req] may be relevant to the reader.
5.3. ESRP Profile 5.3. ESRP Profile
5.3.1. Emergency Call Routing 5.3.1. Emergency Call Routing
The ESRP continues to route the emergency call to the PSAP The ESRP continues to route the emergency call to the PSAP
skipping to change at page 12, line 23 skipping to change at page 12, line 39
To perform network attachment and get access to the resources To perform network attachment and get access to the resources
provided by an IAP/ISP, the end host uses access technology specific provided by an IAP/ISP, the end host uses access technology specific
network attachment procedures, including for example network network attachment procedures, including for example network
detection and selection, authentication, and authorization. For detection and selection, authentication, and authorization. For
initial network attachment of an emergency service requester, the initial network attachment of an emergency service requester, the
method of how the emergency indication is given to the IAP/ISP is method of how the emergency indication is given to the IAP/ISP is
specific to the access technology. However, a number of general specific to the access technology. However, a number of general
approaches can be identified: approaches can be identified:
Link layer emergency indication: The end host provides an Link layer emergency indication: The end host provides an
indication, e.g. an emergency parameter or flag, as part of the indication, e.g., an emergency parameter or flag, as part of the
link layer signaling for initial network attachment. Examples link layer signaling for initial network attachment. Examples
include an emergency bit signalled in the IEEE 802.16-2009 include an emergency bit signalled in the IEEE 802.16-2009
wireless link. In IEEE 802.11 WLAN, an emergency support wireless link. In IEEE 802.11 WLAN, an emergency support
indicator allows the STA to download before association an NAI indicator allows the STA to download before association an NAI
which it can use to request server side authentication only for an which it can use to request server side authentication only for an
802.1x network. 802.1x network.
Higher-layer emergency indication: Typically emergency indication in Higher-layer emergency indication: Typically emergency indication in
access authentication. The emergency caller's end host provides access authentication. The emergency caller's end host provides
an indication as part of the access authentication exchanges. EAP an indication as part of the access authentication exchanges. EAP
based authentication is of particular relevance here. Examples based authentication is of particular relevance here. Examples
are the EAP NAI decoration used in WiMAX networks and modification are the EAP NAI decoration used in WiMAX networks and modification
of the authentication exchange in IEEE 802.11. [nwgstg3]. of the authentication exchange in IEEE 802.11. [nwgstg3].
6.1. Link Layer Emergency Indication 6.1. Link Layer Emergency Indication
In general, link layer emergency indications provide good integration In general, link layer emergency indications provide good integration
into the actual network access procedure regarding the enabling of into the actual network access procedure regarding the enabling of
means to recognize and prioritize an emergency service request from means to recognize and prioritize an emergency service request from
an end host at a very early stage of the network attachment an end host at a very early stage of the network attachment
procedure. However, support in end hosts for such methods cannot be procedure. However, support in end hosts for such methods cannot be
considered to be commonly available. considered to be commonly available.
skipping to change at page 13, line 30 skipping to change at page 13, line 49
authorization server that owns the policy for granting access to authorization server that owns the policy for granting access to
the network resources. As a result, there is no direct dependency the network resources. As a result, there is no direct dependency
on the access network architecture that otherwise would need to on the access network architecture that otherwise would need to
take care of merging link-layer indications into the AA and policy take care of merging link-layer indications into the AA and policy
decision process. decision process.
o EAP signaling happens at a relatively early stage of network o EAP signaling happens at a relatively early stage of network
attachment, so it is likely to match most requirements for attachment, so it is likely to match most requirements for
prioritization of emergency signaling. However, it does not cover prioritization of emergency signaling. However, it does not cover
early stages of link layer activity in the network attachment early stages of link layer activity in the network attachment
process. Possible conflicts may arise e.g. in case of MAC-based process. Possible conflicts may arise e.g. in case of MAC-based
filtering in entities terminating the link-layer signaling in the filtering in entities terminating the link-layer signaling in the
network (like a base station). In normal operation, EAP related network (like a base station). In normal operation, EAP related
information will only be recognized in the NAS. Any entity information will only be recognized in the NAS. Any entity
residing between end host and NAS should not be expected to residing between end host and NAS should not be expected to
understand/parse EAP messages. understand/parse EAP messages.
o An emergency indication can be given by forming a specific NAI o An emergency indication can be given by forming a specific NAI
that is used as the identity in EAP based authentication for that is used as the identity in EAP based authentication for
network entry. network entry.
skipping to change at page 14, line 26 skipping to change at page 14, line 46
appropriate trusted root certificates to be able to verify the appropriate trusted root certificates to be able to verify the
server certificate of the EAP server (unless this step is server certificate of the EAP server (unless this step is
explicitly skipped in the device in case of an emergency service explicitly skipped in the device in case of an emergency service
request). This method is used to provide access of devices request). This method is used to provide access of devices
without existing credentials to an 802.1x network. The details without existing credentials to an 802.1x network. The details
are incorporated into the not yet published 802.11-2011 are incorporated into the not yet published 802.11-2011
specification. specification.
2) Null Authentication: 2) Null Authentication:
In one case (e.g. WiMAX) an EAP method is performed. However, no In one case (e.g., WiMAX) an EAP method is performed. However, no
credentials specific to either the server or the device or credentials specific to either the server or the device or
subscription are used as part of the authentication exchange. An subscription are used as part of the authentication exchange. An
example for this would be an EAP-TLS exchange with using the example for this would be an EAP-TLS exchange with using the
TLS_DH_anon (anonymous) ciphersuite. Alternatively, a publicly TLS_DH_anon (anonymous) ciphersuite. Alternatively, a publicly
available static key for emergency access could be used. In the available static key for emergency access could be used. In the
latter case, the device would need to be provisioned with the latter case, the device would need to be provisioned with the
appropriate emergency key for the IAP/ISP in advance. In another appropriate emergency key for the IAP/ISP in advance. In another
case (e.g. IEEE 802.11), no EAP method is used, so that empty case (e.g., IEEE 802.11), no EAP method is used, so that empty
frames are transported during the over the air IEEE 802.1X frames are transported during the over the air IEEE 802.1X
exchange. In this case the authentication state machine completes exchange. In this case the authentication state machine completes
with no cryptographic keys being exchanged. with no cryptographic keys being exchanged.
3) Device Authentication: 3) Device Authentication:
This case extends the server-only authentication case. If the This case extends the server-only authentication case. If the
device is configured with a device certificate and the IAP/ISP EAP device is configured with a device certificate and the IAP/ISP EAP
server can rely on a trusted root allowing the EAP server to server can rely on a trusted root allowing the EAP server to
verify the device certificate, at least the device identity (e.g., verify the device certificate, at least the device identity (e.g.,
skipping to change at page 15, line 26 skipping to change at page 15, line 45
functionality is used for GSM networks today this has lead to a functionality is used for GSM networks today this has lead to a
significant amount of misuse. significant amount of misuse.
In the context of NAA, the IAP and the ISP will probably want to make In the context of NAA, the IAP and the ISP will probably want to make
sure that the claimed emergency caller indeed performs an emergency sure that the claimed emergency caller indeed performs an emergency
call rather than using the network for other purposes, and thereby call rather than using the network for other purposes, and thereby
acting fraudulent by skipping any authentication, authorization and acting fraudulent by skipping any authentication, authorization and
accounting procedures. By restricting access of the unauthenticated accounting procedures. By restricting access of the unauthenticated
emergency caller to the LoST server and the PSAP URI, traffic can be emergency caller to the LoST server and the PSAP URI, traffic can be
restricted only to emergency calls. This can be accomplished with restricted only to emergency calls. This can be accomplished with
traffic separation. The details, however, e.g. for using filtering, traffic separation. The details, however, e.g. for using filtering,
depend on the deployed ISP architecture and are beyond the scope of depend on the deployed ISP architecture and are beyond the scope of
this document. this document.
We only illustrate a possible model. If the ISP runs its own LoST We only illustrate a possible model. If the ISP runs its own LoST
server, it would maintain an access control list including all IP server, it would maintain an access control list including all IP
addresses contained in responses returned by the LoST server, as well addresses contained in responses returned by the LoST server, as well
as the LoST server itself. (It may need to translate the domain as the LoST server itself. (It may need to translate the domain
names returned to IP addresses and hope that the resolution captures names returned to IP addresses and hope that the resolution captures
all possible DNS responses.) Since the media destination addresses all possible DNS responses.) Since the media destination addresses
are not predictable, the ISP also has to provide a SIP outbound proxy are not predictable, the ISP also has to provide a SIP outbound proxy
skipping to change at page 16, line 13 skipping to change at page 16, line 28
change. change.
Finally, a number of security vulnerabilities discussed in [RFC6280] Finally, a number of security vulnerabilities discussed in [RFC6280]
around faked location information are less problematic in the context around faked location information are less problematic in the context
of unauthenticated emergency since location information does not need of unauthenticated emergency since location information does not need
to be provided by the end host itself or it can be verified to fall to be provided by the end host itself or it can be verified to fall
within a specific geographical area. within a specific geographical area.
8. Acknowledgments 8. Acknowledgments
Parts of this document are derived from [I-D.ietf-ecrit-phonebcp]. Parts of this document are derived from [RFC6881]. Participants of
Participants of the 2nd and 3rd SDO Emergency Services Workshop the 2nd and 3rd SDO Emergency Services Workshop provided helpful
provided helpful input. input.
We would like to thank Richard Barnes, Brian Rosen, James Polk, Marc We would like to thank Richard Barnes, Brian Rosen, James Polk, Marc
Linsner, and Martin Thomson for their feedback at the IETF#80 ECRIT Linsner, and Martin Thomson for their feedback at the IETF#80 ECRIT
meeting. meeting.
Furthermore, we would like to thank Martin Thomson and Bernard Aboba Furthermore, we would like to thank Martin Thomson and Bernard Aboba
for their detailed document review in preparation of the 81st IETF for their detailed document review in preparation of the 81st IETF
meeting. meeting.
9. IANA Considerations 9. IANA Considerations
skipping to change at page 17, line 8 skipping to change at page 17, line 25
Object (PIDF-LO)", RFC 5139, February 2008. Object (PIDF-LO)", RFC 5139, February 2008.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.ietf-ecrit-phonebcp] [RFC6881] Rosen, B. and J. Polk, "Best Current Practice for
Rosen, B. and J. Polk, "Best Current Practice for Communications Services in Support of Emergency Calling",
Communications Services in support of Emergency Calling", BCP 181, RFC 6881, March 2013.
draft-ietf-ecrit-phonebcp-20 (work in progress), September
2011.
[RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H. [RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H.
Tschofenig, "LoST: A Location-to-Service Translation Tschofenig, "LoST: A Location-to-Service Translation
Protocol", RFC 5222, August 2008. Protocol", RFC 5222, August 2008.
[RFC5223] Schulzrinne, H., Polk, J., and H. Tschofenig, "Discovering [RFC5223] Schulzrinne, H., Polk, J., and H. Tschofenig, "Discovering
Location-to-Service Translation (LoST) Servers Using the Location-to-Service Translation (LoST) Servers Using the
Dynamic Host Configuration Protocol (DHCP)", RFC 5223, Dynamic Host Configuration Protocol (DHCP)", RFC 5223,
August 2008. August 2008.
10.2. Informative References 10.2. Informative References
[RFC5687] Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7 [RFC5687] Tschofenig, H. and H. Schulzrinne, "GEOPRIV Layer 7
Location Configuration Protocol: Problem Statement and Location Configuration Protocol: Problem Statement and
Requirements", RFC 5687, March 2010. Requirements", RFC 5687, March 2010.
[RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, [RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
"Framework for Emergency Calling Using Internet "Framework for Emergency Calling Using Internet
Multimedia", RFC 6443, December 2011. Multimedia", RFC 6443, December 2011.
[I-D.ietf-geopriv-res-gw-lis-discovery]
Thomson, M. and R. Bellis, "Location Information Server
(LIS) Discovery using IP address and Reverse DNS", draft-
ietf-geopriv-res-gw-lis-discovery-05 (work in progress),
April 2013.
[RFC5985] Barnes, M., "HTTP-Enabled Location Delivery (HELD)", RFC
5985, September 2010.
[RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for [RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for
Emergency Context Resolution with Internet Technologies", Emergency Context Resolution with Internet Technologies",
RFC 5012, January 2008. RFC 5012, January 2008.
[RFC6444] Schulzrinne, H., Liess, L., Tschofenig, H., Stark, B., and [RFC6444] Schulzrinne, H., Liess, L., Tschofenig, H., Stark, B., and
A. Kuett, "Location Hiding: Problem Statement and A. Kuett, "Location Hiding: Problem Statement and
Requirements", RFC 6444, January 2012. Requirements", RFC 6444, January 2012.
[I-D.winterbottom-geopriv-lis2lis-req] [I-D.winterbottom-geopriv-lis2lis-req]
Winterbottom, J. and S. Norreys, "LIS to LIS Protocol Winterbottom, J. and S. Norreys, "LIS to LIS Protocol
 End of changes. 31 change blocks. 
74 lines changed or deleted 79 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/