--- 1/draft-ietf-mmusic-sdp-cs-00.txt 2009-06-18 06:12:10.000000000 +0200 +++ 2/draft-ietf-mmusic-sdp-cs-01.txt 2009-06-18 06:12:10.000000000 +0200 @@ -1,21 +1,21 @@ MMUSIC WG M. Garcia-Martin Internet-Draft Ericsson Intended status: Standards Track S. Veikkolainen -Expires: August 29, 2009 Nokia - February 25, 2009 +Expires: December 19, 2009 Nokia + June 17, 2009 Session Description Protocol (SDP) Extension For Setting Up Audio Media Streams Over Circuit-Switched Bearers In The Public Switched Telephone Network (PSTN) - draft-ietf-mmusic-sdp-cs-00 + draft-ietf-mmusic-sdp-cs-01 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -24,33 +24,32 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on August 29, 2009. + This Internet-Draft will expire on December 19, 2009. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info) in effect on the date of - publication of this document. Please review these documents - carefully, as they describe your rights and restrictions with respect - to this document. + Provisions Relating to IETF Documents in effect on the date of + publication of this document (http://trustee.ietf.org/license-info). + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. Abstract This memo describes use cases, requirements, and protocol extensions for using the Session Description Protocol (SDP) Offer/Answer model for establishing audio media stream over circuit-switched bearers in the Public Switched Telephone Network (PSTN). Table of Contents @@ -65,40 +64,40 @@ 5.2.1. Connection Data . . . . . . . . . . . . . . . . . . . 8 5.2.2. Media Descriptions . . . . . . . . . . . . . . . . . . 9 5.2.3. Correlating the PSTN Circuit-Switched Bearer with SDP . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.2.3.1. The "correlation" attribute . . . . . . . . . . . 11 5.2.3.2. Caller-ID Correlation Mechanism . . . . . . . . . 11 5.2.3.3. User-User Information Element Correlation Mechanism . . . . . . . . . . . . . . . . . . . . 12 5.2.3.4. DTMF Correlation Mechanism . . . . . . . . . . . . 13 5.2.3.5. Negotiating the used correlation mechanisms . . . 15 - 5.3. Considerations for Usage of Existing SDP . . . . . . . . . 16 - 5.3.1. Originator of the Session . . . . . . . . . . . . . . 16 + 5.3. Considerations for Usage of Existing SDP . . . . . . . . . 17 + 5.3.1. Originator of the Session . . . . . . . . . . . . . . 17 5.3.2. Contact information . . . . . . . . . . . . . . . . . 17 5.3.3. Determining the Direction of the Circuit-Switched Connection Setup . . . . . . . . . . . . . . . . . . . 17 5.4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . 18 6. SDP Examples . . . . . . . . . . . . . . . . . . . . . . . . . 19 6.1. Basic SDP example: Single Circuit-Switched Audio Stream . 19 6.2. Advanced SDP example: Alternative and IP Circuit-Switched Audio Streams . . . . . . . . . . . . . . 20 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 7.1. Registration of new correlation SDP attribute . . . . . . 22 7.2. Registration of a new "nettype" value . . . . . . . . . . 22 7.3. Registration of new "addrtype" values . . . . . . . . . . 22 7.4. Registration of a new "proto" value . . . . . . . . . . . 22 8. Security Considerations . . . . . . . . . . . . . . . . . . . 23 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 10.1. Normative References . . . . . . . . . . . . . . . . . . . 23 - 10.2. Informative References . . . . . . . . . . . . . . . . . . 23 + 10.2. Informative References . . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25 1. Introduction The Session Description Protocol (SDP) [RFC4566] is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. SDP is most commonly used for describing media streams that are transported over the Real-Time Transport Protocol (RTP) [RFC3550], using the profiles for audio and video media defined @@ -686,20 +685,42 @@ correlation mechanism will succeed even if the usage of those was agreed beforehand. This is due to the fact that the correlation mechanisms require support from the circuit-switched bearer technology used. Therefore, even a single positive indication using any of these mechanisms SHOULD be interpreted by the passive endpoint so that the circuit-switched bearer establishment is related to the ongoing session, even if the other correlation mechanisms fail. + If, after negotiating one or more correlation mechanisms in the SDP + offer/answer exchange, an endpoint receives a circuit-switched call + with no correlation information present, the endpoint has two + choices: it can either treat the call as unrelated, or treat the call + as related to the ongoing session in the IP domain. + + An endpoint may for example specify a time window after SDP offer/ + answer exchange during which received calls are treated as correlated + even if the signalling in the circuit-switched domain does not carry + any correlation information. In this case, there is a chance that + the call is erroneously treated as related to the ongoing session. + + An endpoint may also choose to always treat an incoming call as + unrelated if the signalling in the circuit-switched domain does not + carry any correlation information. In this case, there is a chance + that the call is erroneously treated as unrelated. + + Since, in these cases, no correlation information can be deduced from + the signalling, it is up to the implementation to decide how to + behave. One option is also to let the user decide whether to accept + the call as related, or to treat the call as unrelated. + 5.3. Considerations for Usage of Existing SDP 5.3.1. Originator of the Session According to SDP [RFC4566], the origin line in SDP has the following syntax: o= @@ -965,20 +985,32 @@ Type SDP Name Reference -------------- --------------------------- --------- proto PSTN [RFCxxxx] 8. Security Considerations This document provides an extension on top of RFC 4566 [RFC4566], and RFC 3264 [RFC3264]. As such, the security considerations of those documents apply. + This memo provides mechanisms to agree on a correlation identifier or + identifiers that are used to evaluate whether an incoming circuit- + switched call is related to an ongoing session in the IP domain. If + an attacker replicates the correlation identifer and establishes a + call within the time window the receiving endpoint is expecting a + call, the attacker may be able to hijack the circuit-switched call. + These types of attacks are not specific to the mechanisms presented + in this memo. For example, caller ID spoofing is a well known attack + in the PSTN. Users are advised to use the same caution before + revealing sensitive information as they would on any other phone + call. + 9. Acknowledgments The authors want to thank Flemming Andreasen, Thomas Belling, Jari Mutikainen, Miikka Poikselka, Jonathan Rosenberg, Ingemar Johansson, Christer Holmberg, and Alf Heidermark for providing their insight and comments on this document. 10. References 10.1. Normative References @@ -1013,28 +1045,28 @@ [I-D.garcia-mmusic-sdp-misc-cap] Garcia, M., Veikkolainen, S., and R. Gilman, "Miscellaneous Capabilities Negotiation in the Session Description Protocol (SDP)", draft-garcia-mmusic-sdp-misc-cap-00 (work in progress), October 2008. [I-D.ietf-mmusic-sdp-capability-negotiation] Andreasen, F., "SDP Capability Negotiation", - draft-ietf-mmusic-sdp-capability-negotiation-09 (work in - progress), July 2008. + draft-ietf-mmusic-sdp-capability-negotiation-10 (work in + progress), May 2009. [I-D.ietf-mmusic-sdp-media-capabilities] Gilman, R., Even, R., and F. Andreasen, "SDP media capabilities Negotiation", - draft-ietf-mmusic-sdp-media-capabilities-06 (work in - progress), January 2009. + draft-ietf-mmusic-sdp-media-capabilities-07 (work in + progress), February 2009. [ITU.E164.1991] International Telecommunications Union, "The International Public Telecommunication Numbering Plan", ITU- T Recommendation E.164, 1991. [ITU.Q931.1998] "Digital Subscriber Signalling System No. 1 (DSS 1) - ISDN User - Network Interface Layer 3 Specification for Basic Call Control", ISO Standard 9594-1, May 1998.