draft-ietf-ecrit-unauthenticated-access-08.txt   draft-ietf-ecrit-unauthenticated-access-09.txt 
ECRIT H. Schulzrinne ECRIT H. Schulzrinne
Internet-Draft Columbia University Internet-Draft Columbia University
Intended status: Standards Track S. McCann Intended status: Standards Track S. McCann
Expires: April 22, 2014 Research in Motion UK Ltd Expires: January 4, 2015 Research in Motion UK Ltd
G. Bajko G. Bajko
Nokia Nokia
H. Tschofenig H. Tschofenig
Nokia Solutions and Networks
D. Kroeselberg D. Kroeselberg
Siemens Siemens
October 19, 2013 July 3, 2014
Extensions to the Emergency Services Architecture for dealing with Extensions to the Emergency Services Architecture for dealing with
Unauthenticated and Unauthorized Devices Unauthenticated and Unauthorized Devices
draft-ietf-ecrit-unauthenticated-access-08.txt draft-ietf-ecrit-unauthenticated-access-09.txt
Abstract Abstract
The IETF emergency services architecture assumes that the calling
device has acquired rights to use the access network or that no
authentication is required for the access network, such as for public
wireless access points. Subsequent protocol interactions, such as
obtaining location information, learning the address of the Public
Safety Answering Point (PSAP) and the emergency call itself are
largely decoupled from the underlying network access procedures.
In some cases, however, the device does not have these credentials
for network access, does not have a VoIP service provider, or the
credentials have become invalid, e.g., because the user has exhausted
their prepaid balance or the account has expired.
With features provided by the Public Switched Telephone Network
(PSTN) there is precedence for some of these use cases and the
transition to IP-based emergency calling creates the desire to
replicate functionality the PSTN already offers today. For example,
in many countries persons seeking help are empowered to initiate
emergency calls without having a Subscriber Identity Module (SIM) in
their mobile phone.
This document provides a problem statement, introduces terminology This document provides a problem statement, introduces terminology
and describes an extension for the base IETF emergency services and describes an extension for the base IETF emergency services
architecture to address these scenarios. architecture to address cases where an emergency caller is not
authenticated, has no identifiable service provider, or has no
remaining credit with which to pay for access to the network.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 22, 2014. This Internet-Draft will expire on January 4, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Use Case Categories . . . . . . . . . . . . . . . . . . . . . 5 3. Use Case Categories . . . . . . . . . . . . . . . . . . . . . 5
4. ZBP Considerations . . . . . . . . . . . . . . . . . . . . . 11 4. ZBP Considerations . . . . . . . . . . . . . . . . . . . . . 11
5. NASP Considerations . . . . . . . . . . . . . . . . . . . . . 11 5. NASP Considerations . . . . . . . . . . . . . . . . . . . . . 11
5.1. End Host Profile . . . . . . . . . . . . . . . . . . . . 13 5.1. End Host Profile . . . . . . . . . . . . . . . . . . . . 14
5.1.1. LoST Server Discovery . . . . . . . . . . . . . . . . 13 5.1.1. LoST Server Discovery . . . . . . . . . . . . . . . . 14
5.1.2. ESRP Discovery . . . . . . . . . . . . . . . . . . . 13 5.1.2. ESRP Discovery . . . . . . . . . . . . . . . . . . . 14
5.1.3. Location Determination and Location Configuration . . 14 5.1.3. Location Determination and Location Configuration . . 14
5.1.4. Emergency Call Identification . . . . . . . . . . . . 14 5.1.4. Emergency Call Identification . . . . . . . . . . . . 14
5.1.5. SIP Emergency Call Signaling . . . . . . . . . . . . 14 5.1.5. SIP Emergency Call Signaling . . . . . . . . . . . . 14
5.1.6. Media . . . . . . . . . . . . . . . . . . . . . . . . 14 5.1.6. Media . . . . . . . . . . . . . . . . . . . . . . . . 15
5.1.7. Testing . . . . . . . . . . . . . . . . . . . . . . . 14 5.1.7. Testing . . . . . . . . . . . . . . . . . . . . . . . 15
5.2. IAP/ISP Profile . . . . . . . . . . . . . . . . . . . . . 14 5.2. IAP/ISP Profile . . . . . . . . . . . . . . . . . . . . . 15
5.2.1. ESRP Discovery . . . . . . . . . . . . . . . . . . . 15 5.2.1. ESRP Discovery . . . . . . . . . . . . . . . . . . . 15
5.2.2. Location Determination and Location Configuration . . 15 5.2.2. Location Determination and Location Configuration . . 15
5.3. ESRP Profile . . . . . . . . . . . . . . . . . . . . . . 15 5.3. ESRP Profile . . . . . . . . . . . . . . . . . . . . . . 15
5.3.1. Emergency Call Routing . . . . . . . . . . . . . . . 15 5.3.1. Emergency Call Routing . . . . . . . . . . . . . . . 15
5.3.2. Emergency Call Identification . . . . . . . . . . . . 15 5.3.2. Emergency Call Identification . . . . . . . . . . . . 15
5.3.3. SIP Emergency Call Signaling . . . . . . . . . . . . 15 5.3.3. SIP Emergency Call Signaling . . . . . . . . . . . . 16
6. Lower Layer Considerations for NAA Case . . . . . . . . . . . 15 6. Lower Layer Considerations for NAA Case . . . . . . . . . . . 16
6.1. Link Layer Emergency Indication . . . . . . . . . . . . . 17 6.1. Link Layer Emergency Indication . . . . . . . . . . . . . 17
6.2. Securing Network Attachment in NAA Cases . . . . . . . . 18 6.2. Securing Network Attachment in NAA Cases . . . . . . . . 18
7. Security Considerations . . . . . . . . . . . . . . . . . . . 19 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
10.1. Normative References . . . . . . . . . . . . . . . . . . 20 10.1. Normative References . . . . . . . . . . . . . . . . . . 21
10.2. Informative References . . . . . . . . . . . . . . . . . 21 10.2. Informative References . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
Summoning police, the fire department or an ambulance in emergencies Summoning police, the fire department or an ambulance in emergencies
is one of the fundamental and most-valued functions of the telephone. is one of the fundamental and most-valued functions of the telephone.
As telephone functionality moves from circuit-switched telephony to As telephone functionality moves from circuit-switched telephony to
Internet telephony, its users rightfully expect that this core Internet telephony, its users rightfully expect that this core
functionality will continue to work at least as well as it has for functionality will continue to work at least as well as it has for
the older technology. New devices and services are being made the older technology. New devices and services are being made
available that could be used to make a request for help, which are available that could be used to make a request for help, those
not traditional telephones, and users are increasingly expecting them devices are not traditional telephones, and users are increasingly
to be used to place emergency calls. expecting them to be used to place emergency calls.
Roughly speaking, the IETF emergency services architecture (see Roughly speaking, the IETF emergency services architecture (see
[RFC6881] and [RFC6443]) divides responsibility for handling [RFC6881] and [RFC6443]) divides responsibility for handling
emergency calls between the access network (ISP), the application emergency calls among the access network (ISP); the application
service provider (ASP) that may be a VoIP service provider (VSP) and service provider (ASP), which may be a VoIP service provider (VSP);
the provider of emergency signaling services, the emergency service and the provider of emergency signaling services, the emergency
network (ESN). The access network may provide location information service network (ESN). The access network may provide location
to end systems, but does not have to provide any ASP signaling information to end systems, but does not have to provide any ASP
functionality. The emergency caller can reach the ESN either signaling functionality. The emergency caller can reach the ESN
directly or through the ASP's outbound proxy. Any of the three either directly or through the ASP's outbound proxy. Any of the
parties can provide the mapping from location to PSAP URI by offering three parties can provide the mapping from location to PSAP URI by
LoST [RFC5222] services. offering LoST [RFC5222] services.
In general, a set of automated configuration mechanisms allows a In general, a set of automated configuration mechanisms allows a
device to function in a variety of architectures, without the user device to function in a variety of architectures, without the user
being aware of the details on who provides location, mapping services being aware of the details on who provides location, mapping services
or call routing services. However, if emergency calling is to be or call routing services. However, if emergency calling is to be
supported when the calling device lacks access network authorization supported when the calling device lacks access network authorization
or does not have an ASP, one or more of the providers may need to or does not have an ASP, one or more of the providers may need to
provide additional services and functions. provide additional services and functions.
In all cases, the end device has to be able to perform a LoST lookup In all cases, the end device has to be able to perform a LoST lookup
and otherwise conduct the emergency call in the same manner as when and otherwise conduct the emergency call in the same manner as when
the three exceptional conditions discussed below do not apply. the three exceptional conditions discussed below do not apply.
We distinguish between three conditions: We distinguish among three conditions:
No Access Authentication (NAA): In the NAA case, the emergency No Access Authentication (NAA): In the NAA case, the emergency
caller does not posses valid credentials for the access network. caller does not posses valid credentials for the access network.
This includes the case where the access network allows pay-per- This includes the case where the access network allows pay-per-
use, as is common for wireless hotspots, but there is insufficient use, as is common for wireless hotspots, but there is insufficient
time to enter credit card details and other registration time to enter credit card details and other registration
information required for access. It also covers all cases where information required for access. It also covers all cases where
either no credentials are available at all, or the available either no credentials are available at all, or the available
credentials do not work for the given IAP/ISP. As a result, the credentials do not work for the given IAP/ISP. As a result, the
NAA case basically combines the below NASP and ZBP cases, but at NAA case basically combines the below NASP and ZBP cases, but at
skipping to change at page 4, line 36 skipping to change at page 4, line 20
Note: The interoperability need is increased with this scenario Note: The interoperability need is increased with this scenario
since the client software used by the emergency caller must be since the client software used by the emergency caller must be
compatible with the protocols and extensions deployed by the ESN. compatible with the protocols and extensions deployed by the ESN.
Zero-balance ASP (ZBP): In the case of zero-balance ASP, the ASP can Zero-balance ASP (ZBP): In the case of zero-balance ASP, the ASP can
authenticate the caller, but the caller is not authorized to use authenticate the caller, but the caller is not authorized to use
ASP services, e.g., because the contract has expired or the ASP services, e.g., because the contract has expired or the
prepaid account for the customer has been depleted. prepaid account for the customer has been depleted.
These three cases are not mutually exclusive. A caller in need for These three cases are not mutually exclusive. A caller in need of
help may find himself/herself in, for example, a NAA and NASP help may, for example, be in a NAA and NASP situation, as explained
situation, as explained in more details in Figure 1. Depending on in more detail in Figure 1. Depending on local policy and
local policy and regulations, it may not be possible to place regulations, it may not be possible to place emergency calls in the
emergency calls in the NAA case. Unless local regulations require NAA case. Unless local regulations require user identification, it
user identification, it should always be possible to place calls in should always be possible to place calls in the NASP case, with
the NASP case, with minimal impact on the ISP. Unless the ESN minimal impact on the ISP. Unless the ESN requires that all calls
requires that all calls traverse a known set of VSPs, it is traverse a known set of VSPs, it is technically possible to let a
technically possible to let a caller place an emergency call in the caller place an emergency call in the ZBP case. We discuss each case
ZBP case. We discuss each case in more details in Section 3. in more details in Section 3.
Note: At the time of writing there is no regulation in place that Note: At the time of writing there is no regulation in place that
demands the functionality described in this memo. SDOs have started demands the functionality described in this memo. SDOs have started
their work on this subject in a proactive fashion in the anticipation their work on this subject in a proactive fashion in the anticipation
that national regulation will demand it for a subset of network that national regulation will demand it for a subset of network
environments. environments.
As mentioned in the abstract some of the functionality provided in As mentioned in the abstract some of the functionality provided in
this document is already available in the PSTN. Consequently, there this document is already available in the PSTN. Consequently, there
is real-world experience available and not all of it is positive. is real-world experience available and not all of it is positive.
skipping to change at page 5, line 41 skipping to change at page 5, line 24
This document reuses terminology from [RFC5687] and [RFC5012], namely This document reuses terminology from [RFC5687] and [RFC5012], namely
Internet Access Provider (IAP), Internet Service Provider (ISP), Internet Access Provider (IAP), Internet Service Provider (ISP),
Application Service Provider (ASP), Voice Service Provider (VSP), Application Service Provider (ASP), Voice Service Provider (VSP),
Emergency Service Routing Proxy (ESRP), Public Safety Answering Point Emergency Service Routing Proxy (ESRP), Public Safety Answering Point
(PSAP), Location Configuration Server (LCS), (emergency) service dial (PSAP), Location Configuration Server (LCS), (emergency) service dial
string, and (emergency) service identifier. string, and (emergency) service identifier.
3. Use Case Categories 3. Use Case Categories
On a very high-level, the steps to be performed by an end host not On a very high-level, the steps to be performed by an end host that
being attached to the network and the user starting to make an is not attached to the network and the user starting to make an
emergency call are the following: emergency call are the following:
Link Layer Attachment: Some networks have added support for Link Layer Attachment: Some networks have added support for
unauthenticated emergency access, some other type of networks unauthenticated emergency access, some other type of networks
advertise these capabilities using layer beacons. The end host advertise these capabilities using layer beacons. The end host
learns about these unauthenticated emergency services capabilities learns about these unauthenticated emergency services capabilities
either from the link layer type or from advertisement. either from the link layer type or from advertisement.
The end host uses the link layer specific network attachment The end host uses the link layer specific network attachment
procedures defined for unauthenticated network access in order to procedures defined for unauthenticated network access in order to
skipping to change at page 7, line 39 skipping to change at page 7, line 20
Abbreviations: Abbreviations:
LLA: Link Layer Attachment LLA: Link Layer Attachment
ES: Emergency Services ES: Emergency Services
Figure 1: Flow Diagram: NAA, ZBP, and NSAP Scenarios. Figure 1: Flow Diagram: NAA, ZBP, and NSAP Scenarios.
The diagrams below highlight the most important steps for the three The diagrams below highlight the most important steps for the three
cases. cases.
+-----Y +-----Y
|Start| |Start|
`...../ `...../
| |
| No | No
| credentials | credentials
| for network access | for network access
| available | available
v v
.............. ..............
| Idle: Wait | | Idle: Wait |
| for ES Call| | for ES Call|
| Initiation | | Initiation |
"------------' "------------'
| |
| |
| |
v v
-- --
// -- // --
/ -- / --
// Is -- // Is --
/ emergency -- / emergency --
| service | NO +--------+ | service | NO +--------+
| network |------>| Call | | network |------>| Call |
| attachment | Failed | | attachment | Failed |
\ possible? / `......./ \ possible? / `......./
\ // \ //
\\ // \\ //
\ // \ //
\--/ \--/
| |
| YES | YES
| |
| |
v v
+------------+ +------------+
| Execute | | Execute |
| NAA | | NAA |
| Procedures | | Procedures |
+------------+ +------------+
| |
| Network | Network
| attachment | attachment
| in progress | in progress
v v
/--\ Continue /--\ Continue
| | with | | with
| | application | | application
\--/ layer interaction \--/ layer interaction
Figure 2: Flow Diagram: NAA Scenario. Figure 2: Flow Diagram: NAA Scenario.
+-----+ +-----+
+------------|Start|-----------------+ +------------|Start|-----------------+
| `...../ | | `...../ |
v v v v
+------------+ +----------------+ +------------+ +----------------+
| NAA | | Regular | | NAA | | Regular |
| Procedures | | Network Access | | Procedures | | Network Access |
+------------+ | Procedures | +------------+ | Procedures |
| +----------------+ | +----------------+
| | | |
| | | |
----------------o--------------------+ ----------------o--------------------+
| |
| |
| |
| |
Network Network
Attachment Attachment
Completed Completed
| |
| |
| |
| |
v v
+------------+ +---------+ +------------+ +---------+
| ASP | NO | See | | ASP | NO | See |
| Configured?|----->| main | | Configured?|----->| main |
+------------+ | diagram | +------------+ | diagram |
| `......../ | `......../
| |
| YES | YES
| |
v v
//---- //----
/ -- / --
// -- // --
/ - +---------+ / - +---------+
| Authorization| YES | See | | Authorization| YES | See |
| for making |------>| main | | for making |------>| main |
| ES call | | diagram | | ES call | | diagram |
\ with / `......../ \ with / `......../
\ VSP/ASP? // \ VSP/ASP? //
\\ // \\ //
\ // \ //
\--/ \--/
| |
| NO | NO
| |
| |
v v
+------------+ +------------+
| Execute | | Execute |
| ZBP | | ZBP |
| Procedures | | Procedures |
+------------+ +------------+
| |
| Call | Call
| in progress | in progress
| |
v v
+--------+ +--------+
| Call | | Call |
Success| Success|
`......./ `......./
Figure 3: Flow Diagram: ZBP Scenario. Figure 3: Flow Diagram: ZBP Scenario.
+-----+ +-----+
+------------|Start|-----------------+ +------------|Start|-----------------+
| `...../ | | `...../ |
v v v v
+------------+ +----------------+ +------------+ +----------------+
| NAA | | Regular | | NAA | | Regular |
| Procedures | | Network Access | | Procedures | | Network Access |
+------------+ | Procedures | +------------+ | Procedures |
| +----------------+ | +----------------+
| | | |
| | | |
----------------o--------------------+ ----------------o--------------------+
| |
| |
| |
| |
Network Network
Attachment Attachment
Completed Completed
| |
| |
| |
| |
v v
+------------+ +---------+ +------------+ +---------+
| ASP | YES | See | | ASP | YES | See |
| Configured?|----->| main | | Configured?|----->| main |
+------------+ | diagram | +------------+ | diagram |
| `......../ | `......../
| |
| NO | NO
| |
v v
+------------+ +------------+
| Execute | | Execute |
| NASP | | NASP |
| Procedures | | Procedures |
+------------+ +------------+
| |
| Call | Call
| in progress | in progress
| |
v v
+--------+ +--------+
| Call | | Call |
Success| Success|
`......./ `......./
Figure 4: Flow Diagram: NASP Scenario. Figure 4: Flow Diagram: NASP Scenario.
The "No Access Authentication (NAA)" procedures are described in The "No Access Authentication (NAA)" procedures are described in
Section 6. The "Zero-balance ASP (ZBP)" procedures are described in Section 6. The "Zero-balance ASP (ZBP)" procedures are described in
Section 4. The "No ASP (NASP)" procedures are described in Section 4. The "No ASP (NASP)" procedures are described in
Section 5. The Phone BCP procedures are described in [RFC6881]. The Section 5. The Phone BCP procedures are described in [RFC6881]. The
"Link Layer Attachment (LLA)" procedures are not described in this "Link Layer Attachment (LLA)" procedures are not described in this
document since they are specific to the link layer technology in use. document since they are specific to the link layer technology in use.
skipping to change at page 12, line 43 skipping to change at page 13, line 5
o The PSAP evaluates the initial INVITE and aims to complete the o The PSAP evaluates the initial INVITE and aims to complete the
call setup. call setup.
o Finally, when the call setup is completed media traffic can be o Finally, when the call setup is completed media traffic can be
exchanged between the PSAP and the SIP UA. exchanged between the PSAP and the SIP UA.
For editorial reasons the end-to-end SIP and media exchange between For editorial reasons the end-to-end SIP and media exchange between
the PSAP and SIP UA are not shown in Figure 5. the PSAP and SIP UA are not shown in Figure 5.
+-------+ +-------+
| PSAP | | PSAP |
| | | |
+-------+ +-------+
^ ^
| (8) | (8)
| |
+----------+(7) +----------+ +----------+(7) +----------+
| LoST |<-->| ESRP | | LoST |<-->| ESRP |
| Server | | | | Server | | |
+----------+ +----------+ +----------+ +----------+
^ ^ ^ ^
+----------------+----------------|--------------+ +----------------+----------------|--------------+
| ISP | | | | ISP | | |
|+----------+ | | +----------+| |+----------+ | | +----------+|
|| LCS-ISP | (3)| | | DHCP || || LCS-ISP | (3)| | | DHCP ||
|| |<-+ | | | Server || || |<-+ | | | Server ||
|+----------+ | | | +----------+| |+----------+ | | | +----------+|
+-------^------+-+----------------|-----------^--+ +-------^------+-+----------------|-----------^--+
+-------|------+-+----------------|-----------|--+ +-------|------+-+----------------|-----------|--+
| IAP | (4) | |(5) | | | | IAP | (4) | |(5) | | |
| V | | | | | | V | | | | |
|+----------+ | | | | | |+----------+ | | | | |
|| LCS-IAP | | | +--------+ | | | || LCS-IAP | | | +--------+ | | |
|| | | | | Link | |(6) | | || | | | | Link | |(6) | |
|+----------+ | | | Layer | | | | |+----------+ | | | Layer | | | |
| | | | Device | | (2)| | | | | | Device | | (2)| |
| | | +--------+ | | | | | | +--------+ | | |
| | | ^ | | | | | | ^ | | |
| | | | | | | | | | | | | |
+--------------+-|-------|--------|-----------|--+ +--------------+-|-------|--------|-----------|--+
| | | | | | | | | |
| | (1)| | | | | (1)| | |
| | | | | | | | | |
| | | +----+ | | | | +----+ |
| | v | | | | v | |
| | +----------+ | | | +----------+ |
| +->| End |<-------------+ | +->| End |<-------------+
+___>| Host | +___>| Host |
+----------+ +----------+
Figure 5: Architectural Overview Figure 5: Architectural Overview
Note: Figure 5 does not indicate who operates the ESRP and the LoST Note: Figure 5 does not indicate who operates the ESRP and the LoST
server. Various deployment options exist. server. Various deployment options exist.
5.1. End Host Profile 5.1. End Host Profile
5.1.1. LoST Server Discovery 5.1.1. LoST Server Discovery
skipping to change at page 16, line 14 skipping to change at page 16, line 26
Some networks have added support for unauthenticated emergency Some networks have added support for unauthenticated emergency
access, some other type of networks advertise these capabilities access, some other type of networks advertise these capabilities
using layer beacons. The end host learns about these unauthenticated using layer beacons. The end host learns about these unauthenticated
emergency services capabilities either from the link layer type or emergency services capabilities either from the link layer type or
from advertisement. from advertisement.
It is important to highlight that the NAA case is inherently a layer It is important to highlight that the NAA case is inherently a layer
2 problem, and the general form of the solution is to provide an 2 problem, and the general form of the solution is to provide an
"emergency only" access type, with appropriate limits/monitoring to "emergency only" access type, with appropriate limits/monitoring to
prevent abuse. The described mechanisms are informative in nature prevent abuse. The described mechanisms are informative in nature
since the relationship to the IETF emergency is only indirect, namely since the relationship to the IETF emergency services architecture is
via some protocols developed within the IETF (e.g., EAP and EAP only indirect, namely via some protocols developed within the IETF
methods) that require extensions to support this functionality. (e.g., EAP and EAP methods) that require extensions to support this
functionality.
This section discusses different methods to indicate an emergency This section discusses different methods to indicate an emergency
service request as part of network attachment. It provides some service request as part of network attachment. It provides some
general considerations and recommendations that are not specific to general considerations and recommendations that are not specific to
the access technology. the access technology.
To perform network attachment and get access to the resources To perform network attachment and get access to the resources
provided by an IAP/ISP, the end host uses access technology specific provided by an IAP/ISP, the end host uses access technology specific
network attachment procedures, including for example network network attachment procedures, including for example network
detection and selection, authentication, and authorization. For detection and selection, authentication, and authorization. For
initial network attachment of an emergency service requester, the initial network attachment of an emergency service requester, the
method of how the emergency indication is given to the IAP/ISP is method of how the emergency indication is given to the IAP/ISP is
specific to the access technology. However, a number of general specific to the access technology. However, a number of general
approaches can be identified: approaches can be identified:
Link layer emergency indication: The end host provides an Link layer emergency indication: The end host provides an
indication, e.g., an emergency parameter or flag, as part of the indication, e.g., an emergency parameter or flag, as part of the
link layer signaling for initial network attachment. Examples link layer signaling for initial network attachment. Examples
include an emergency bit signalled in the IEEE 802.16-2009 include an emergency bit signalled in the IEEE 802.16-2009
wireless link. In IEEE 802.11 WLAN, an emergency support wireless link. In IEEE 802.11 WLAN, an emergency support
indicator allows the STA to download before association an NAI indicator allows the station (i.e., end host in this context) to
download before association a Network Access Identifier (NAI),
which it can use to request server side authentication only for an which it can use to request server side authentication only for an
802.1x network. 802.1x network.
Higher-layer emergency indication: Typically, emergency indication Higher-layer emergency indication: Typically, emergency indication
is provided in the network access authentication procedure. The is provided in the network access authentication procedure. The
emergency caller's end host provides an indication as part of the emergency caller's end host provides an indication as part of the
access authentication exchanges. Authentication via the access authentication exchanges. Authentication via the
Extensible Authentication Protocol (EAP) [RFC3748] is of Extensible Authentication Protocol (EAP) [RFC3748] is of
particular relevance here. Examples are the EAP NAI decoration particular relevance here. Examples are the EAP NAI decoration
used in WiMAX networks and modification of the authentication used in WiMAX networks and modification of the authentication
skipping to change at page 19, line 27 skipping to change at page 19, line 42
certificate. certificate.
7. Security Considerations 7. Security Considerations
The security threats discussed in [RFC5069] are applicable to this The security threats discussed in [RFC5069] are applicable to this
document. document.
There are a couple of new vulnerabilities raised with unauthenticated There are a couple of new vulnerabilities raised with unauthenticated
emergency services in NASP/NAA cases since the PSAP operator will emergency services in NASP/NAA cases since the PSAP operator will
typically not possess any identity information about the emergency typically not possess any identity information about the emergency
call via the signaling path itself. In countries where this caller via the signaling path itself. In countries where this
functionality is used for GSM networks today this has lead to a functionality is used for GSM networks today this has lead to a
significant amount of misuse. significant amount of misuse.
In the context of NAA, the IAP and the ISP will probably want to make In the context of NAA, the IAP and the ISP will probably want to make
sure that the claimed emergency caller indeed performs an emergency sure that the claimed emergency caller indeed performs an emergency
call rather than using the network for other purposes, and thereby call rather than using the network for other purposes, and thereby
acting fraudulent by skipping any authentication, authorization and acting fraudulent by skipping any authentication, authorization and
accounting procedures. By restricting access of the unauthenticated accounting procedures. By restricting access of the unauthenticated
emergency caller to the LoST server and the PSAP URI, traffic can be emergency caller to the LoST server and the PSAP URI, traffic can be
restricted only to emergency calls. This can be accomplished with restricted only to emergency calls. This can be accomplished with
traffic separation. The details, however, e.g. for using filtering, traffic separation. The details, however, e.g. for using filtering,
depend on the deployed ISP architecture and are beyond the scope of depend on the deployed ISP architecture and are beyond the scope of
this document. this document.
We only illustrate a possible model. If the ISP runs its own LoST We only illustrate a possible model. If the ISP runs its own
server, it would maintain an access control list including all IP (caching) LoST server, the ISP would maintain an access control list
addresses contained in responses returned by the LoST server, as well populated with IP-address information obtained from LoST responses
as the LoST server itself. (It may need to translate the domain (in the mappings). These URIs would either be URIs for contacting
names returned to IP addresses and hope that the resolution captures further LoST servers or PSAP URIs. It may be necessary to translate
all possible DNS responses.) Since the media destination addresses domain names returned in LoST responses to IP addresses. Since the
are not predictable, the ISP also has to provide a SIP outbound proxy media destination addresses are not predictable, the ISP also has to
so that it can determine the media addresses and add those to the provide a SIP outbound proxy so that it can determine the media
filter list. addresses and add those to the filter list.
For the ZBP case the additional aspect of fraud has to be considered. For the ZBP case the additional aspect of fraud has to be considered.
Unless the emergency call traverses a PSTN gateway or the ASP charges Unless the emergency call traverses a PSTN gateway or the ASP charges
for IP-to-IP calls, there is little potential for fraud. If the ASP for IP-to-IP calls, there is little potential for fraud. If the ASP
also operates the LoST server, the outbound proxy MAY restrict also operates the LoST server, the outbound proxy MAY restrict
outbound calls to the SIP URIs returned by the LoST server. It is outbound calls to the SIP URIs returned by the LoST server. It is
NOT RECOMMENDED to rely on a fixed list of SIP URIs, as that list may NOT RECOMMENDED to rely on a fixed list of SIP URIs, as that list may
change. change.
Finally, a number of security vulnerabilities discussed in [RFC6280] RFC 6280 [RFC6280] discusses security vulnerabilities that are caused
around faked location information are less problematic in the context by an adversary faking location information and thereby lying about
of unauthenticated emergency since location information does not need the actual location of the emergency caller. These threats may be
to be provided by the end host itself or it can be verified to fall less problematic in the context of unauthenticated emergency when
within a specific geographical area. location information can be verified by the ISP to fall within a
specific geographical area.
8. Acknowledgments 8. Acknowledgments
Parts of this document are derived from [RFC6881]. Participants of Parts of this document are derived from [RFC6881]. Participants of
the 2nd and 3rd SDO Emergency Services Workshop provided helpful the 2nd and 3rd SDO Emergency Services Workshop provided helpful
input. input.
We would like to thank Richard Barnes, Brian Rosen, James Polk, Marc We would like to thank Richard Barnes, Brian Rosen, James Polk, Marc
Linsner, and Martin Thomson for their feedback at the IETF#80 ECRIT Linsner, and Martin Thomson for their feedback at the IETF#80 ECRIT
meeting. meeting.
skipping to change at page 22, line 27 skipping to change at page 22, line 45
3748, June 2004. 3748, June 2004.
[RFC5216] Simon, D., Aboba, B., and R. Hurst, "The EAP-TLS [RFC5216] Simon, D., Aboba, B., and R. Hurst, "The EAP-TLS
Authentication Protocol", RFC 5216, March 2008. Authentication Protocol", RFC 5216, March 2008.
[RFC6280] Barnes, R., Lepinski, M., Cooper, A., Morris, J., [RFC6280] Barnes, R., Lepinski, M., Cooper, A., Morris, J.,
Tschofenig, H., and H. Schulzrinne, "An Architecture for Tschofenig, H., and H. Schulzrinne, "An Architecture for
Location and Location Privacy in Internet Applications", Location and Location Privacy in Internet Applications",
BCP 160, RFC 6280, July 2011. BCP 160, RFC 6280, July 2011.
[esw07] , "3rd SDO Emergency Services Workshop, [esw07] "3rd SDO Emergency Services Workshop,
http://www.emergency-services-coordination.info/2007Nov/", http://www.emergency-services-coordination.info/2007Nov/",
October 30th - November 1st 2007. October 30th - November 1st 2007.
[nwgstg3] , "WiMAX Forum WMF-T33-001-R015V01, WiMAX Network [nwgstg3] "WiMAX Forum WMF-T33-001-R015V01, WiMAX Network
Architecture Stage-3 Architecture Stage-3
http://www.wimaxforum.org/sites/wimaxforum.org/files/ http://www.wimaxforum.org/sites/wimaxforum.org/files/
technical_document/2009/09/DRAFT-T33-001-R015v01 technical_document/2009/09/DRAFT-T33-001-R015v01-
-O_Network-Stage3-Base.pdf", September 2009. O_Network-Stage3-Base.pdf", September 2009.
Authors' Addresses Authors' Addresses
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
Department of Computer Science Department of Computer Science
450 Computer Science Building 450 Computer Science Building
New York, NY 10027 New York, NY 10027
US US
skipping to change at page 23, line 20 skipping to change at page 23, line 40
Phone: +44 1753 667099 Phone: +44 1753 667099
Email: smccann@rim.com Email: smccann@rim.com
URI: http://www.rim.com URI: http://www.rim.com
Gabor Bajko Gabor Bajko
Nokia Nokia
Email: Gabor.Bajko@nokia.com Email: Gabor.Bajko@nokia.com
Hannes Tschofenig Hannes Tschofenig
Nokia Solutions and Networks Hall in Tirol 6060
Linnoitustie 6 Austria
Espoo 02600
Finland
Phone: +358 (50) 4871445
Email: Hannes.Tschofenig@gmx.net Email: Hannes.Tschofenig@gmx.net
URI: http://www.tschofenig.priv.at URI: http://www.tschofenig.priv.at
Dirk Kroeselberg Dirk Kroeselberg
Siemens Siemens
Germany Germany
Email: dirk.kroeselberg@siemens.com Email: dirk.kroeselberg@siemens.com
 End of changes. 33 change blocks. 
297 lines changed or deleted 277 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/