ENUM -- Telephone Number Mapping B. Hoeneisen Working Group SWITCH Internet-Draft A. Mayrhofer Intended status: Best Current enum.at Practice J. Livingood Expires: May 17, 2008 Comcast Nov 14, 2007 Guide and Template for IANA Registrations of Enumservices draft-ietf-enum-enumservices-guide-06 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 17, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document provides a guide to and template for the creation of new IANA registrations of ENUM (E.164 Number Mapping) services. It is also to be used for updates of existing IANA registrations. Hoeneisen, et al. Expires May 17, 2008 [Page 1] Internet-Draft BCP Enumservice Registrations Nov 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Enumservice Creation Cookbook . . . . . . . . . . . . . . . . 4 3.1. General Enumservice Considerations . . . . . . . . . . . . 4 3.2. Classification, Name, Type and Subtype . . . . . . . . . . 5 3.2.1. Choosing a "name" string . . . . . . . . . . . . . . . 5 3.2.2. Protocol-based Enumservices Class . . . . . . . . . . 5 3.2.3. Application-based Enumservices . . . . . . . . . . . . 6 3.2.4. Data/Format Enumservice class . . . . . . . . . . . . 8 4. Required Sections and Information . . . . . . . . . . . . . . 8 4.1. Introduction (MANDATORY) . . . . . . . . . . . . . . . . . 9 4.2. ENUM Service Registration (MANDATORY) . . . . . . . . . . 9 4.3. Examples (MANDATORY) . . . . . . . . . . . . . . . . . . . 11 4.4. Implementation Recommendations / Notes (OPTIONAL) . . . . 11 4.5. Security Considerations (MANDATORY) . . . . . . . . . . . 11 4.6. IANA Considerations (MANDATORY) . . . . . . . . . . . . . 12 4.7. DNS Considerations (OPTIONAL) . . . . . . . . . . . . . . 12 4.8. Other Sections (OPTIONAL) . . . . . . . . . . . . . . . . 12 5. The Process of Registering New Enumservices . . . . . . . . . 12 5.1. Step 1: Read This Document In Detail . . . . . . . . . . . 15 5.2. Step 2: Submit An Internet-Draft . . . . . . . . . . . . . 15 5.3. Step 3: Request Comments from the IETF Community . . . . . 15 5.3.1. Outcome 1: No Changes Needed . . . . . . . . . . . . . 15 5.3.2. Outcome 2: Changes, but no Further Comments Requested . . . . . . . . . . . . . . . . . . . . . . 16 5.3.3. Outcome 3: Changes and Further Comments Requested . . 16 5.4. Step 4: Request Expert Review . . . . . . . . . . . . . . 16 5.4.1. Outcome 1: Experts Approve Enumservice . . . . . . . . 16 5.4.2. Outcome 2: Experts Raise Issues, Changes Required . . 16 5.4.3. Outcome 3: Experts Reject Enumservice . . . . . . . . 16 5.5. Step 5: Submit for Publication . . . . . . . . . . . . . . 17 6. The Enumservice Expert Selection Process . . . . . . . . . . . 17 7. Enumservice Expert Reviews . . . . . . . . . . . . . . . . . . 17 8. Appeals against Expert Review Decisions . . . . . . . . . . . 18 9. Revision of Pre-Existing Enumservice RFCs . . . . . . . . . . 18 10. Extension of Existing Enumservice RFCs . . . . . . . . . . . . 18 Hoeneisen, et al. Expires May 17, 2008 [Page 2] Internet-Draft BCP Enumservice Registrations Nov 2007 11. Security Considerations . . . . . . . . . . . . . . . . . . . 18 11.1. Considerations regarding this Document . . . . . . . . . . 18 11.2. Enumservice Security Considerations Guideline . . . . . . 18 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 14.1. Normative References . . . . . . . . . . . . . . . . . . . 19 14.2. Informative References . . . . . . . . . . . . . . . . . . 20 Appendix A. XML2RFC Template for Enumservice Registration . . . . 20 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 26 Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 Intellectual Property and Copyright Statements . . . . . . . . . . 29 Hoeneisen, et al. Expires May 17, 2008 [Page 3] Internet-Draft BCP Enumservice Registrations Nov 2007 1. Introduction This document provides a guide to and template for the creation of new IANA registrations of Enumservices. This document aims to enhance section 3 of RFC 3761 [3], where the registration procedure for Enumservices was initially documented at a high level. However, the IETF's ENUM Working Group has encountered an unnecessary amount of variation in the format of Enumservice drafts presented to the group. The ENUM Working Group's view of what particular fields and information are required and/or recommended has also evolved, and capturing these best current practices is helpful in both the creation of new registrations, as well as the revision or refinement of existing registrations. This document also aims at providing a registration process which is more detached from the existance of the ENUM working group. For the purpose of this document, 'registration document' and 'registration' refer to an Internet-Draft proposing the IANA registration of an Enumservice following the procedures outlined herein. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. 3. Enumservice Creation Cookbook 3.1. General Enumservice Considerations ENUM is an extremely flexible identifier mapping mechanism, using E.164 (phone) numbers as input identifiers, and returning URIs as output identifiers. Because of this flexibility, almost every use case for ENUM could be implemented in several ways. Because of the huge size of the Enumservice identifier namespace (up to 32 alphanumeric characters for type and subtype field each), it is very tempting to register a new Enumservice for each new use case. However, this would obviously reduce interopability, and increase confusion among implementors. Also, the space in the protocol on which ENUM is based on (namely DNS packets) is rather scarce compared to the huge identifier space that Enumservice typing provides. Generally, before commencing work on a new Enumservice registration, the following should be considered: Hoeneisen, et al. Expires May 17, 2008 [Page 4] Internet-Draft BCP Enumservice Registrations Nov 2007 o Is there an existing Enumservice which could fulfill the desired functionality without overloading it? Check the IANA Enumservice registrations on . o Is there work in progress on a similar Enumservice? Check the mailing list archives on , and the Internet-Drafts Archive on . o Section 3.2 provides three general categories for Enumservice classification. In some cases, there might be several options for designing an Enumservice. For example, a mapping service using HTTP could be considered a "protocol type" Enumservice (using HTTP as the protocol), while it could also be viewed as an "application type" Enumservice, with the application being access to maps. In such a case where several options are available, defining use cases before commencing work on the Enumservice itself might be useful before making a decision on whether the "protocol" or the "application" aspect of the Enumservice is more important. 3.2. Classification, Name, Type and Subtype Because of its flexibility, Enumservices can be and are used in a lot of different ways. This section contains a classification of Enumservices, and provides guidance for choosing suitable 'type' and 'subtype' strings for each individual Enumservice class. The choice of a suitable 'name' is independent of the classification. 3.2.1. Choosing a "name" string Advice for choosing a proper 'name' string is indepent of the classificaton of the Enumservice. Generally, the 'name' string used for registering an Enumservice SHOULD give a clear indication of what the Enumservice is about. The 'name' has no technical significance in the processing of the NAPTR (it doesn't even appear in resource record instances of the Enumservice). However, it is likely to be used for labeling the Enumservice to end users. Suitable 'names' are concise, distinctive, and clearly related to the underlying service that a client is going to interact with. 3.2.2. Protocol-based Enumservices Class Such an Enumservice indicates that an interaction using the named protocol will result for use of this NAPTR. The expected behavior of a system using this Enumservice MUST be clear from the protocol. Hoeneisen, et al. Expires May 17, 2008 [Page 5] Internet-Draft BCP Enumservice Registrations Nov 2007 A good indication that an Enumservice belongs to this class is the fact that a client does not need to understand the actual application to make use of an instance of this Enumservice. 3.2.2.1. Protocol-based Enumservice "type" strings A protocol-based Enumservice SHOULD use the name of the protocol (or the "base" URI scheme, where there are also secure variants) as its 'type' name. 3.2.2.2. Protocol-based Enumservice "subtype" strings Where there is a single URI scheme associated with this protocol, then the Enumservice SHOULD NOT use a subtype. Where a protocol is associated with a number of different URI schemes, the registration SHOULD define which of these is the default ("base") URI scheme, and register the empty subtype for use with this default scheme only. The only exception to this is the case where a secure variant of the "base" URI scheme exists. Such an URI scheme MAY also be used with the empty subtype string. The Enumservice registration SHOULD define subtypes for each of the non-default URI schemes with which it can be associated. The use of the URI schema name as subtype string is RECOMMENDED. Where a NAPTR includes the default URI scheme, the Enumservice without a subtype SHOULD be used. Where a non-default scheme is used, the Enumservice variant with type and respective sub-type SHOULD be used. 3.2.3. Application-based Enumservices Application-based Enumservices are used when the kind of service intended is not fully defined by a protocol specification. There are three cases here: o Common Application Enumservice: The application reflects a kind of interaction that can be realized by different protocols, but where the intent of the publisher is the same. From a user's perspective, there is a common kind of interaction - how that interaction is implemented is not important. The Enumservice registration MUST describe the interaction and expected behavior in enough detail that an implementation can decide if this activity is one in which it can engage. However, it is RECOMMENDED that the Enumservice is defined in a way that will allow others to use it at a later date. An Enumservice that defines a generalized application is preferred Hoeneisen, et al. Expires May 17, 2008 [Page 6] Internet-Draft BCP Enumservice Registrations Nov 2007 to one that has narrow use. An example of this flavors of Enumservice is email. Whilst this might appear to be a "pure" protocol scheme, it is not. The URI scheme is mailto:, and does not identify the protocol used by the sender or the recipient to offer or retrieve emails. Another example is sms, where the presence of such an Enumservice indicates that the publishing entity is capable of engaging in sending or receiving a message according to the Short Messaging Service specifications. The underlying protocol used and the URI- scheme for the addressable end point can differ, but the "user visible" interaction of sending and receiving an SMS is similar. o Subset Enumservice: The application interaction reflects a subset of the interactions possible by use of a protocol. Use of this Enumservice indicates that some options available by use of the protocol will not be accepted or are not possible in this case. Any such Enumservice registration MUST define the options available by use of this NAPTR in enough detail that an implementation can decide whether or not it can use this Enumservice. Examples of this kind of Enumservice are voice:tel and fax:tel. In both cases the URI holds a telephone number. However, the essential feature of these Enumservices is that the telephone number is capable of receiving a voice call or of receiving a Facsimile transmission, respectively. These form subsets of the interactions capable of using the telephone number, and so have their own Enumservices. These allow an end point to decide if it has the appropriate capability of engaging in the advertised user service (a voice call or sending a fax) rather than just being capable of making a connection to such a destination address. This is especially important where there is no underlying mechanism within the protocol to negotiate a different kind of user interaction. o Ancillary Application Enumservice Another variant on this is the Ancillary Application. This is one in which further processing (potentially using a number of different protocols or methods) is the intended result of using this Enumservice. An example of this kind of application is the PSTN:tel Enumservice. This indicates that the NAPTR holds Number Portability data. It implies that the client should engage in number portability processing using the associated URI. Note that this Enumservice usually does not itself define the kind of interaction available using the associated URI. That application is negotiated with some other "out of band" means (either through prior negotiation, or explicitly through the number portability Hoeneisen, et al. Expires May 17, 2008 [Page 7] Internet-Draft BCP Enumservice Registrations Nov 2007 process, or through negotiation following the selection of the final destination address). 3.2.3.1. Application-based Enumservice "type" strings It is RECOMMENDED that Application-class Enumservices use the well known name of the abstract application as "type" name. 3.2.3.2. Application-based Enumservice "subtype" strings It is RECOMMENDED to use the URI scheme(s) that the application uses as "subtype" names. Subtype names SHOULD be shared only between URI schemes that correspond to the "base" URI scheme of a protocol and the secure variant of the same protocol. If there is only one URI scheme used for the application, the empty "subtype" string MAY be used. 3.2.4. Data/Format Enumservice class "Data Format" Enumservices typically refer to a specific data type or format, which may be addressed using one or more URI schemes and protocols. It is RECOMMENDED to use a well known name of the data type / format as the Enumservice 'type'. An example of such an Enumservice is 'vpim' (RFC 4238) [7] and 'vCard' (RFC 4969) [8] (work in progress). 3.2.4.1. Data/Format-based Enumservice "type" strings It is RECOMMENDED to use the well known name of the data/format as the 'type' name. 3.2.4.2. Data/Format based Enumservice "subtype" strings It is RECOMMENDED to use the URI schemes used to access the service as 'subtype' name. Subtype names SHOULD be shared only between URI schemes that correspond to the "base" URI scheme of a protocol and its secure variant. If there is only one URI scheme foreseen to access the data/format, the empty "subtype" string MAY be used. 4. Required Sections and Information In addition to the typical sections required for an RFC as outlined in RFC 2223bis [4] (Instructions to RFC Authors), there are several sections which MUST appear in an IANA Registration for an Hoeneisen, et al. Expires May 17, 2008 [Page 8] Internet-Draft BCP Enumservice Registrations Nov 2007 Enumservice. These sections are, as follows, and SHOULD be in the same order. Appendix A contains a template which can be used to create Internet Drafts and RFC by means described on . This template contains a prototype for most of these sections. 4.1. Introduction (MANDATORY) An introductory section MUST be included. This section will explain, in plain English, the purpose of and intended usage of the proposed Enumservice registration. The Introduction SHOULD start with a short sentence about ENUM, introduce the protocol used in the Enumservice, and discuss the Enumservice as it refers from the E.164 number to the protocol or service. 4.2. ENUM Service Registration (MANDATORY) This section MUST be included in an Enumservice registration. In addition, where a given registration type has multiple subtypes, there MUST be a separate registration section for each subtype. The following lists the sections and order of an Enumservice Registration section. All types and subtypes SHOULD be listed in lower-case. Enumservice Class: This section contains the class of the Enumservice as defined in Section 3.2. e.g. "Application-based Enumservice" Enumservice Name: A short word or stub sentence describing this Enumservice. Often this is equivalent to the Enumservice Type (see below), however, capitalization may be different from it. e.g. "Foo" Enumservice Type: The type of the Enumservice. Often this is equivalent to the Enumservice Name (see above). Hoeneisen, et al. Expires May 17, 2008 [Page 9] Internet-Draft BCP Enumservice Registrations Nov 2007 e.g. "foo" Enumservice Subtype: The Subtype of the Enumservice. e.g. "bar" Many Enumservices do not require a subtype; use "N/A" in this case. URI Schemes: The URI Schemes, which are used with the Enumservice. e.g. "bar:", "sbar:" A URI scheme often matches the subtype (see above). Multiple URI schemes can be listed here if they are used for the same subtype, and provide almost identical functionality. Note well that a client cannot choose a specific ENUM record in a record set based on the URI scheme - the selection is only based on 'type' and 'subtype'. Functional Specification: e.g. This Enumservice indicates that the remote resource identified can be addressed by the associated URI scheme in order to foo the bar. Security Considerations: An internal reference to the 'Security Considerations' section of a given registration document. e.g. "see Section 10" Intended Usage: One of "COMMON", "LIMITED USE" or "OBSOLETE", as defined in RFC 3761 [3] e.g. "COMMON" Author(s): Hoeneisen, et al. Expires May 17, 2008 [Page 10] Internet-Draft BCP Enumservice Registrations Nov 2007 The author(s) of the Enumservice registration. e.g. John Doe Any other information the author(s) deem(s) interesting: e.g. None 4.3. Examples (MANDATORY) This section MUST show one or more example(s) of the Enumservice registration, for illustrative purposes. The example(s) shall in no way limit the various forms that a given Enumservice may take, and this should be noted at the beginning of this section of the document. The example(s) MUST show the specific formatting of the intended NAPTRs RFC 3403 [5], including one or more NAPTR example(s), AND a brief textual description, consisting of one or more sentences written in plain English, explaining the various parts or attributes of the record(s). The example(s) SHOULD contain a brief description how a client supporting this Enumservice could behave, if that description was not already given in e.g. the Introduction. e.g. $ORIGIN 9.7.8.0.9.7.8.9.0.9.4.4.e164.arpa. @ IN NAPTR 100 10 "u" "E2U+foo:bar" "!^.*$!bar://example.com/!" . 4.4. Implementation Recommendations / Notes (OPTIONAL) If at all possible, recommendations that pertain to implementation and/or operations SHOULD be included. Such a section is helpful to someone reading a registration and trying to understand how best to use it to support their network or service. 4.5. Security Considerations (MANDATORY) A section explaining any potential security threats that are unique to the given registration MUST be included. This MUST also include any information about access to Personally Identifiable Information (PII). However, this section is not intended as a general security Best Current Practices (BCP) document and therefore it should not include general and obvious security recommendations, such as securing servers with strong password authentication. Hoeneisen, et al. Expires May 17, 2008 [Page 11] Internet-Draft BCP Enumservice Registrations Nov 2007 4.6. IANA Considerations (MANDATORY) Describe the task IANA needs to fulfill processing the Enumservice registration document. e.g. This memo requests registration of the "foo" Enumservice with the subtype "bar" according to the definitions in this document and RFC 3761 [3]. 4.7. DNS Considerations (OPTIONAL) In case the inclusion of protocols and URI schemes into ENUM specifically introduces new DNS issues, those MUST be described within this section. Such DNS issues include, but are not limited to: o Assumptions about the namespace below the owner of the respective NAPTR RRSet. o Demand to use DNS wildcards. o Incompatibility with DNS wildcards. o presence or absence of the respective NAPTR RRSet at particular levels in the DNS hierarchy (e.g. only for 'full' E.164 numbers, or number blocks only). o use of any RRs (especially non-NAPTR) within or beyond the e164.arpa namespace other than those needed to resolve the domain names that appear in the 'replacement' URI. Rationale: some ENUM services try to exploit side effects of the DNS that need to be explicitly discussed. 4.8. Other Sections (OPTIONAL) Other sections, beyond those required by the IETF and/or IANA, which are cited or otherwise referenced here, MAY be included in an Enumservice registration. These sections may relate to the specifics of the intended usage of the Enumservice registration and associated technical, operational, or administrative concerns. 5. The Process of Registering New Enumservices This section describes the process by which someone shall submit a new Enumservice for review and comment, how such proposed Hoeneisen, et al. Expires May 17, 2008 [Page 12] Internet-Draft BCP Enumservice Registrations Nov 2007 Enumservices shall be reviewed, and how they shall be published. The following Figure 1 depicts an overview on the ENUM service registration process: Hoeneisen, et al. Expires May 17, 2008 [Page 13] Internet-Draft BCP Enumservice Registrations Nov 2007 +--------------------+ | Step 1: | | Read this document | +--------------------+ V +----------------------+ | Step 2: | | Write I-D and submit | +----------------------+ V +--------------------------------------+ | Step 3: |<------+- - - -+ | Announce I-D to and solicit feedback | | | +--------------------------------------+ | | | | V | .^. | | . . | +------------+ . Feed- . +------------+ | | Update I-D |<---------< back >------------>| Update I-D | | and submit | non-sub- . results . substantial | and submit | | +------------+ stantial . in: . changes +------------+ | changes . . needed | | needed Y | | no changes needed | | V | +-----------------------+ | +------------>| Step 4: |<-------------+ | Request Expert Review | | | +-----------------------+ | | | | V | .^. | | . . | +---------+ . Expert . +------------+ | | Appeal- |<-----------< review >------------>| Update I-D |-+ | process | rejection . results . issues | and submit | +---------+ by expert(s) . in: . raised by +------------+ . . expert(s) Y | approval by expert(s) V +-----------------------------+ | Step 5: | | Submit I-D for publication | +-----------------------------+ Figure 1 Hoeneisen, et al. Expires May 17, 2008 [Page 14] Internet-Draft BCP Enumservice Registrations Nov 2007 5.1. Step 1: Read This Document In Detail This document describes all of the necessary sections required and recommended, makes suggestions on content, and provides sample XML. 5.2. Step 2: Submit An Internet-Draft An Internet-Draft shall be submitted in accordance with RFC 2026 [2] and RFC 2223bis [4], as well as RFC 3761 [3], and any other documents applicable to the Internet-Draft process. This Internet-Draft may be submitted as an "Individual Submission". 5.3. Step 3: Request Comments from the IETF Community After the Internet-Draft has been published, the author(s) shall send an email to , in which comments on the Internet-Draft are requested. Suggested Format of Announcement: To: enum@ietf.org Subject: Comments on The author is requesting comments and feedback from the ENUM and IETF communities on the I-D listed below. The I-D is available at: Abstract of the I-D: The author(s) should allow a reasonable period of time to elapse, such as two to four weeks, in order to collect any feedback. The author(s) shall then consider whether or not to take any of those comments into account, by making changes to the Internet-Draft and submitting a revision to the I-D editor, or otherwise proceeding. The following outcomes are the ways the author(s) shall proceed, and it is up to the authors' judgement as to which one to choose. 5.3.1. Outcome 1: No Changes Needed No changes to the draft are made, and the author(s) proceed(s) to Step 4 below. This outcome is recommended when the feedback received does not lead to a new revision of the Internet-Draft. Hoeneisen, et al. Expires May 17, 2008 [Page 15] Internet-Draft BCP Enumservice Registrations Nov 2007 5.3.2. Outcome 2: Changes, but no Further Comments Requested The author(s) update(s) the Internet-Draft and is/are confident that all issues are resolved and do not require further discussion. The author(s) proceed(s) to Step 4 below. This outcome is recommended when minor objections have been raised, or minor changes have been suggested. 5.3.3. Outcome 3: Changes and Further Comments Requested The author(s) update(s) the Internet-Draft, and proceed(s) to Step 3 above, which involves sending another email to to request additional comments for the updated version. This outcome is recommended when substantial objections have been raised, or substantial changes have been suggested. 5.4. Step 4: Request Expert Review In this step, the author(s) send(s) an email to the ENUM expert review panel at . The Enumservice Expert Review Process shall then be followed to conclusion. A later section of this document describes how expert reviewers are selected (Section 6) and how the process of expert reviews takes place Section 7. 5.4.1. Outcome 1: Experts Approve Enumservice In this case, the proposed Enumservice has been endorsed and approved by the experts, and the Internet-Draft proceeds to Step 5 below. 5.4.2. Outcome 2: Experts Raise Issues, Changes Required The experts raise issues that prevent approval of the proposed Enumservice. If they believe that, with changes, the proposed Enumservice will be approved, then they may recommend that the author(s) make changes and submit the draft again. Depending on the nature of the changes the Internet-Draft proceeds either to Step 4 or to Step 3 above, which both involve update of the Internet-Draft and request additional review and/or comments for the updated version. 5.4.3. Outcome 3: Experts Reject Enumservice The experts raise issues that result in rejection of the proposed Enumservice. If they believe that, even with changes, the proposed Enumservice will not be approved, the process normally terminates. However, if the author(s) disagrees(s) with this judgement, he has Hoeneisen, et al. Expires May 17, 2008 [Page 16] Internet-Draft BCP Enumservice Registrations Nov 2007 the possibility to to appeal. In that case, the appeal process is initiated according to Section 8. 5.5. Step 5: Submit for Publication The Internet-Draft is submitted to be published as an RFC. The IETF publication process includes IANA actions such as adding the service to the IANA Enumservice registry. According to RFC 3761 [3] an Enumservice description can be published as either a Standards Track, Best Current Practice (BCP), or Experimental RFC. 6. The Enumservice Expert Selection Process According to Section 3.2 of [6], experts are appointed by the IESG upon recommendation by the RAI Area Directors. The RAI area directors are responsible that there is always a sufficient amount of experts available. 7. Enumservice Expert Reviews Generally, the expert review process of an Enumservice MUST follow the guidelines documented in section 3.3 of [6]. The expert SHOULD evaluate the criteria as set out in the draft mentioned above, as well as consider the following: o Verify conformance with the ENUM specification (RFC 3761). o Verify that the requirements set in this document (Section 4) are met. This includes check for completeness and whether all the aspects described in Section 4 are sufficiently addressed. o If a use case is given by the author of the proposal (which is RECOMMENDED), the expert SHOULD verify whether the proposed Enumservice does actually fulfill the use case, and whether the use case could be covered by an already existing Enumservice. o Verify that the Enumservice proposed cannot be confused with identical (or similar) other Enumservices already registered. o If the Enumservice is classified according to Section 3.2, the expert MUST verify that the principles of the class in question are followed. o In case the Enumservice is not classified, the expert MUST verify whether a convincing reason for the deviation is documented in the registration proposal. o Investigate whether the proposed Enumservice has any negative side effects on existing clients and infrastructure. o If the output of processing an Enumservice may be used for input to more ENUM processing (especially services returning 'tel' URIs), the expert SHOULD verify that the author has adequately Hoeneisen, et al. Expires May 17, 2008 [Page 17] Internet-Draft BCP Enumservice Registrations Nov 2007 addressed the issue of potential query loops. 8. Appeals against Expert Review Decisions Appeals follow the normal IETF appeal process as described in section 7 of [6] and section 6.5 of RFC 2026 [2] 9. Revision of Pre-Existing Enumservice RFCs Several Enumservice registrations, published via IETF RFCs, already exist at the time of the development of this document. The authors recommend that these existing registration documents SHOULD be reviewed and, where necessary and appropriate, MAY be revised in accordance with the recommendations contained herein. All future Enumservice registrations SHOULD follow the recommendations contained herein, where practical and applicable. 10. Extension of Existing Enumservice RFCs There are cases, where it is more sensible to extend an existing Enumservice registrations rather than proposing a new one. Such cases include adding a new subtype to an existing type. Depending on the nature of the extension, the original registration document needs to be extended (updates) or replaced (obsoletes) [4]. 11. Security Considerations 11.1. Considerations regarding this Document Since this document does not introduce any technology or protocol, there are no security issues to be considered for this memo itself. 11.2. Enumservice Security Considerations Guideline Section 6 of RFC 3761 already outlines security considerations affecting ENUM as a whole. Enumservice registration documents do not need and SHOULD NOT repeat considerations already listed there, but they SHOULD include a reference to that section. ENUM refers to resources using preexisting URI schemes and protocols. Enumservice registration documents do not need and SHOULD NOT repeat security considerations affecting those protocols and URI schemes itself. Hoeneisen, et al. Expires May 17, 2008 [Page 18] Internet-Draft BCP Enumservice Registrations Nov 2007 However, in case that the inclusion of those protocols and URI schemes into ENUM specifically introduces new security issues, those issues MUST be lined out in the 'Security Considerations' section of the registration document. 12. IANA Considerations This document itself does not define a new protocol, and therefore has no considerations for IANA. However, it contains a proposal for the 'IANA Considerations' section of actual Enumservice registration documents in Appendix A. Note: Section 4.2 is just an example of an Enumservice registration. The Enumservice "foo" outlined there MUST NOT be registered by IANA unless this memo is to be published on April 1st. 13. Acknowledgements Lawrence Conroy provided extensive text for the Enumservice Classification section. The authors also wish to thank Peter Koch for his contribution to this document. 14. References 14.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. [3] Faltstrom, P. and M. Mealling, "The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)", RFC 3761, April 2004. [4] Reynolds, J. and R. Braden, "Instructions to Request for Comments (RFC) Authors", draft-rfc-editor-rfc2223bis-08 (work in progress), July 2004. [5] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database", RFC 3403, October 2002. [6] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Hoeneisen, et al. Expires May 17, 2008 [Page 19] Internet-Draft BCP Enumservice Registrations Nov 2007 Considerations Section in RFCs", draft-narten-iana-considerations-rfc2434bis-08 (work in progress), October 2007. 14.2. Informative References [7] Vaudreuil, G., "Voice Message Routing Service", RFC 4238, October 2005. [8] Mayrhofer, A., "IANA Registration for vCard Enumservice", RFC 4969, August 2007. Appendix A. XML2RFC Template for Enumservice Registration IANA Registration for Enumservice Foo MyOrganization
MyAddress MyCity MyZIP MyCountry Myphonenumber MyEmailAddress MyWebpage
Hoeneisen, et al. Expires May 17, 2008 [Page 20] Internet-Draft BCP Enumservice Registrations Nov 2007 RAI ENUM -- Telephone Number Mapping Working Group ENUM foo bar This memo registers the Enumservice "foo" with subtype "bar" using the URI scheme "bar". This Enumservice is to be used to refer from an ENUM domain name to the foobar of the entity using the corresponding E.164 number. A Client can use information gathered from a record using this Enumservice to foo the bar.
E.164 Number Mapping (ENUM) uses the Domain Name System (DNS) to refer from E.164 numbers to Uniform Resource Identifiers (URIs). To distinguish between different services for a single E.164 number, section 2.4.2 of RFC 3761 specifies 'Enumservices', which are to be registered with IANA according to section 3 of RFC 3761 and RFC XXXX. The 'foo' protocol is specified in ... and provides ... The Enumservice specified in this document refers from an E.164 number to a foobar ... Clients use those foobars to foo the bar. Hoeneisen, et al. Expires May 17, 2008 [Page 21] Internet-Draft BCP Enumservice Registrations Nov 2007
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
Enumservice Class: "Barfoo-based Enumservice" Enumservice Name: "foo" Enumservice Type: "foo" Enumservice Subtypes: "bar" URI Schemes: "bar" Functional Specification: This Enumservice indicates that the resource identified is a foobar ... Security Considerations: see Intended Usage: COMMON Author(s): MyName MySurname, <myEmail> Any other information the author(s) deem(s) interesting: None Hoeneisen, et al. Expires May 17, 2008 [Page 22] Internet-Draft BCP Enumservice Registrations Nov 2007
An example ENUM record referencing to "foo" could look like: $ORIGIN 9.7.8.0.9.7.8.9.0.9.4.4.e164.arpa. @ IN NAPTR 50 10 "u" "E2U+foo:bar" "!^.*$!bar://example.com/!" . ...
Implementers should consider that fooing the bar...
As with any Enumservice, the security considerations of ENUM itself (Section 6 of RFC 3761) apply.
Since ENUM uses DNS - a publicly available database - any information contained in records provisioned in ENUM domains must be considered public as well. Even after revoking the DNS entry and removing the referred resource, copies of the information could still be available. Information published in ENUM records could reveal associations between E.164 numbers and their owners - especially if URIs contain personal identifiers or domain names for which ownership information can be obtained easily. Hoeneisen, et al. Expires May 17, 2008 [Page 23] Internet-Draft BCP Enumservice Registrations Nov 2007 For example, the following URI makes it easy to guess the owner of an E.164 number as well as his location and association by just examining the result from the ENUM lookup: http://sandiego.company.example.com/joe-william-user.vcf However, it is important to note that the ENUM record itself does not need to contain any personal information. It just points to a location where access to personal information could be granted. For example, the following URI only reveals the service provider hosting the vCard (who probably even provides anonymous hosting): http://anonhoster.example.org/file_adfa001.vcf ENUM records pointing to third party resources can easily be provisioned on purpose by the ENUM domain owner - so any assumption about the association between a number and an entity could therefore be completely bogus unless some kind of identity verification is in place. This verification is out of scope for this memo.
Users MUST therefore carefully consider information they provide in the resource identified by the ENUM record as well as in the record itself. Considerations could include serving information only to entities of the user's choice and/or limiting the comprehension of the information provided based on the identity of the requester. (modify as appropriate - more about the specific resource here)
This memo requests registration of the "foo" Enumservice with the subtype "bar" according to the template in of this document and RFC 3761. Hoeneisen, et al. Expires May 17, 2008 [Page 24] Internet-Draft BCP Enumservice Registrations Nov 2007 ...
This Enumservices does not introduce any new considerations for the DNS. ...
The international public telecommunication numbering plan ITU-T Hoeneisen, et al. Expires May 17, 2008 [Page 25] Internet-Draft BCP Enumservice Registrations Nov 2007 Figure 2 Appendix B. Changes [RFC Editor: This section is to be removed before publication] draft-ietf-enum-enumservices-guide-06: o bernie: Moved Terminology section in Template (now after Introduction) o bernie: Class is now part of the Enumservice registration and template o bernie: Individual Submission realaxed (comment Peter Koch) o bernie: updated vcard Ref (now RFC) draft-ietf-enum-enumservices-guide-05: o bernie/alex: added text for sections 'The Enumservice Expert Selection Process' and 'The Process for Appealing Expert Review Decisions' o bernie: added ASCII-art figure for registration process o bernie: adjusted registration process o jason: proposed registration process draft-ietf-enum-enumservices-guide-04: o bernie: added section about Extension of existing Enumservice RFCs o bernie: added open issue about future registration process o bernie: added category (bcp) o bernie: clean up in Security considerations o bernie: editorial stuff (mainly XML issues) draft-ietf-enum-enumservices-guide-03: o alex: moved terminology section o alex: removed note asking for feedback o bernie: added DNS consideration section o bernie: added Acknowledgments section o bernie: editorial stuff (nicer formating, fixing too long lines) o alex: added security considerations from vcard draft. draft-ietf-enum-enumservices-guide-02: o bernie: replaced numbers in examples by "Drama Numbers" o bernie: moved Change and Open Issues to Appendix. o bernie: major rewrite of section "6. Required Sections and Information" incl. separating explanations and examples. o bernie: removed section 7 (was just a repetition of referencing to template) o bernie: extended Appendix with Open Issues. draft-ietf-enum-enumservices-guide-01: Hoeneisen, et al. Expires May 17, 2008 [Page 26] Internet-Draft BCP Enumservice Registrations Nov 2007 o alex: added Security Considerations section for the doc itself o alex: added IANA Considerations section for the doc itself o alex: added cookbook idea Appendix C. Open Issues [RFC Editor: This section should be empty before publication] o Clarify the role of the expert(s) and the requirements that apply for reviewing Enumservice registrations o Clarify what Process applies after Expert Review (before publication) o Check whether alignment with RFC3761bis is needed (e.g. Enumservice class) o Clarify IANA impact of this document. o URL for template, so that it can be fetched without header-/ footer-lines of RFC. Authors' Addresses Bernie Hoeneisen SWITCH Werdstrasse 2 CH-8004 Zuerich Switzerland Phone: +41 44 268 1515 Email: bernhard.hoeneisen@switch.ch, bernie@ietf.hoeneisen.ch URI: http://www.switch.ch/ Alexander Mayrhofer enum.at GmbH Karlsplatz 1/9 Wien A-1010 Austria Phone: +43 1 5056416 34 Email: alexander.mayrhofer@enum.at URI: http://www.enum.at/ Hoeneisen, et al. Expires May 17, 2008 [Page 27] Internet-Draft BCP Enumservice Registrations Nov 2007 Jason Livingood Comcast Cable Communications 1500 Market Street Philadelphia, PA 19102 USA Phone: +1-215-981-7813 Email: jason_livingood@cable.comcast.com URI: http://www.comcast.com/ Hoeneisen, et al. Expires May 17, 2008 [Page 28] Internet-Draft BCP Enumservice Registrations Nov 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Hoeneisen, et al. Expires May 17, 2008 [Page 29]