SIP O. Levin Internet-Draft Microsoft Corporation Expires: January 18, 2006 July 17, 2005 Suppression of Session Initiation Protocol REFER Method Implicit Subscription draft-ietf-sip-refer-with-norefersub-02 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 18, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This specification defines a way to suppress an implicit subscription with the Session Initiation Protocol (SIP) REFER method. A new SIP option tag "norefersub" is defined to indicate support for this extension. A new SIP header field "Refer-Sub" is defined to request the usage of this extension. Levin Expires January 18, 2006 [Page 1] Internet-Draft SIP REFER without Subscription July 2005 Table of Contents 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Preventing Forking of REFER Requests . . . . . . . . . . . . . 5 6. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 10.1 Normative References . . . . . . . . . . . . . . . . . . . 7 10.2 Informational References . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . 9 Levin Expires January 18, 2006 [Page 2] Internet-Draft SIP REFER without Subscription July 2005 1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. To simplify discussions of the REFER method and its extensions, the three terms below are being used throughout the document: o REFER-Issuer: the UA issuing the REFER request o REFER-Recipient: the UA receiving the REFER request o REFER-Target: the UA designated in the Refer-To URI 2. Introduction The REFER specification specifies that every REFER creates an implicit subscription between the REFER-Issuer and the REFER- Recipient. This document defines a new SIP header field: "Refer-Sub" meaningful within a REFER transaction only. This header field, when set to "false", specifies that a REFER-Issuer requests that the REFER- Recipient doesn't establish an explicit subscription and the resultant dialog. This document defines a new option tag: "norefersub". This tag, when included in the Supported header field, indicates that a User Agent (UA) is capable of accepting a REFER request without creating an implicit subscription when acting as a REFER-Recipient. 3. Motivation The REFER specification mandates that every REFER creates an implicit subscription between the REFER-Issuer and the REFER-Recipient. This subscription results in at least one NOTIFY being sent from the REFER-Recipient to the REFER-Issuer. The REFER-Recipient may choose to cancel the implicit subscription with this NOTIFY. The REFER- Issuer may choose to cancel this implicit subscription with an explicit SUBSCRIBE (Expires: 0) after receipt of the initial NOTIFY. One purpose of requiring the implicit subscription and initial NOTIFY is to allow for the situation where the REFER request gets forked and the REFER-Issuer needs a way to see the multiple dialogs that may be established as a result of the forked REFER. This is the same approach used to handle forking of SUBSCRIBE [4] requests. Where the REFER-Issuer explicitly specifies that forking not occur, the requirement that an implicit subscription be established is unnecessary. Levin Expires January 18, 2006 [Page 3] Internet-Draft SIP REFER without Subscription July 2005 Another purpose of the NOTIFY is to inform the REFER-Issuer of the progress of the SIP transaction that results from the REFER at the REFER-Recipient. In the case where the REFER-Issuer is already aware of the progress of the requested operation, such as when the REFER- Issuer has an explicit subscription to the dialog event package at the REFER-Recipient, the implicit subscription and resultant NOTIFY traffic related to the REFER can create an unnecessary network overhead. 4. Definitions This document defines a new SIP header field: "Refer-Sub". This header field is meaningful and MAY be used with a REFER request and the corresponding 2XX response only. This header field set to "false" specifies that a REFER-Issuer requests that the REFER- Recipient doesn't establish an explicit subscription and the resultant dialog. Note that when using this extension, the REFER remains a target refresh request (as in the default case - when the extension is not used). This document adds the following entry to Table 2 of [2]. The additions to this table are also provided for extension methods at the time of publication of this document. This is provided as a courtesy to the reader and is not normative in any way: Header field where proxy ACK BYE CAN INV OPT REG MSG Refer-Sub R, 2xx - - - - - - - Header field where SUB NOT REF INF UPD PRA PUB Refer-Sub R, 2xx - - o - - - - The Refer-Sub header field MAY be encrypted as part of end-to-end encryption. The syntax of the header field follows the BNF defined below: Refer-Sub = "Refer-Sub" HCOLON refer-sub-value extension-value refer-sub-value = "true" / "false" extension-value = *(TEXT-UTF8char / UTF8-CONT / LWS) The "Refer-Sub" header field set to "false" MAY be used by the REFER- Issuer only when the REFER-Issuer can be certain that the REFER request will not be forked. If the REFER-Recipient supports the extension and is willing to Levin Expires January 18, 2006 [Page 4] Internet-Draft SIP REFER without Subscription July 2005 process the REFER transaction without establishing an implicit subscription, it MUST insert the "Refer-Sub" header field set to "false" in the 2xx response to the REFER-Issuer. In this case no implicit subscription is created. Consequently, no new dialog is created if this REFER was issued outside any existing dialog. If the REFER-Issuer inserts the "Refer-Sub" header field set to "false", but the REFER-Recipient doesn't grant the suggestion (i.e. either does not include the "Refer-Sub" header field or includes the "Refer-Sub" header field set to "true" in the 2xx response), an implicit subscription is created as in default case. This document also defines a new option tag, "norefersub". This tag, when included in the Supported header field, specifies that a User Agent (UA) is capable of accepting a REFER request without creating an implicit subscription when acting as a REFER-Recipient. If the capabilities of the REFER-Recipient are not known, using the "norefersub" tag with the Require header field is NOT RECOMMENDED. This is due to the fact that in the event the REFER-Recipient doesn't support the extension, in order to fallback to the normal REFER, the REFER-Issuer will need to issue a new REFER transaction thus resulting in additional round-trips. The "norefersub" tag, when included in the Require header field (always in conjunction with the "Refer-Sub" header field set to "false"), specifies that the REFER-Recipient MUST process a REFER transaction without establishing an explicit subscription. In this case, if the REFER-Recipient either doesn't support the extension or is not willing to grant the request, the REFER request MUST be rejected by sending "420 Bad Extension" response back to the REFER- Issuer. 5. Preventing Forking of REFER Requests The REFER specification allows for the possibility of forking a REFER request which is sent outside of an existing dialog. In addition, a proxy may fork an unknown method type. Should forking occur, the sender of the REFER with "Refer-Sub" will not be aware as only a single 2xx response will be forwarded by the forking proxy. As a result, the responsibility is on the issuer of the REFER with "Refer- Sub" to ensure that no forking will result. The best way that the REFER-Issuer can ensure that REFER doesn't get forked is by only sending a REFER with "Refer-Sub" with a Request-URI which has GRUU properties according to definitions of [5]. If this is not known, the other way to ensure that forking will not Levin Expires January 18, 2006 [Page 5] Internet-Draft SIP REFER without Subscription July 2005 occur is to ensure that there are no proxies between the REFER-Issuer and the REFER-Recipient. This could be done by sending the REFER with a Max-Forwards: 0 header field. Any proxy receiving this request will return a "483 Too Many Hops" response, indicating that it is not safe to use this extension. 6. Example An example of REFER which suppresses the implicit subscription is shown below: REFER sip:pc-b@example.com SIP/2.0 Via: SIP/2.0/TCP issuer.example.com;branch=z9hG4bK-a-1 From: ;tag=1a To: Call-ID: 1@issuer.example.com CSeq: 234234 REFER Max-Forwards: 70 Refer-To: Refer-Sub: false Supported: norefersub Contact: sip:a@issuer.example.com Content-Length: 0 7. IANA Considerations This document registers a new SIP header field "Refer-Sub". This header field is only meaningful for the REFER request defined in RFC 3515 [3] and the corresponding response. The following information to be added to the header field sub-registry under http://www.iana.org/assignments/sip-parameters: o Header Name: Refer-Sub o Compact Form: None o Reference: [Substitute with this RFC number] This document also registers a new SIP option tag, "norefersub". The required information for this registration, as specified in RFC 3261 [2], is: o Name: norefersub o Description: This option tag specifies a User Agent ability of accepting a REFER request without establishing an implicit subscription (compared to the default case defined in RFC 3515 [3]). 8. Security Considerations The purpose of this SIP extension is to modify the expected behavior Levin Expires January 18, 2006 [Page 6] Internet-Draft SIP REFER without Subscription July 2005 of the REFER-Recipient. The change in behavior is for the REFER- Recipient to not establish a dialog and to not send NOTIFY messages back to the REFER-Issuer. As such, a malicious inclusion of a "Refer-Sub" header field set to "false" reduces the processing and state requirements on the recipient. As a result, its use in a denial of service attack seems limited. Should an intermediary maliciously insert a "Refer-Sub" header field set to "false", two possibilities may occur. If the REFER-Recipient does not support the extension, the REFER will fail with a "420 Bad Extension" response. The REFER-Issuer will be confused as no "Refer- Sub" was in the request, and the resulting request will fail. Should the REFER-Recipient support the extension, the 2xx response will contain the "Refer-Sub" header field set to "false". In any case, the REFER-Recipient will not establish a new dialog and send NOTIFYs. As a result the REFER-Recipient will not learn the outcome of the operation on the Refer-To URI. Should an intermediary maliciously remove a "Refer-Sub" header field set to "false", the REFER-Recipient will try to sent notifications over the "explicitly established" dialog. It may confuse the REFER- Issuer, unless the Man in the Middle (MitM) has the motivation and the ability to intercept the notifications. To protect against these kinds of MitM attacks, integrity protection should be used. For example, the REFER-Issuer could use S/MIME as discussed in RFC 3261 [2] to protect against these kinds of attacks. 9. Acknowledgements The SIP community would like to thank Sriram Parameswar for his ideas being originally presented in draft-parameswar-sipping-norefersub-00 and served as the basis for this specification. 10. References 10.1 Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [3] Sparks, R., "The Session Initiation Protocol (SIP) Refer Method", RFC 3515, April 2003. Levin Expires January 18, 2006 [Page 7] Internet-Draft SIP REFER without Subscription July 2005 [4] Roach, A., "Session Initiation Protocol (SIP)-Specific Event Notification", RFC 3265, June 2002. 10.2 Informational References [5] Rosenberg, J., "Obtaining and Using Globally Routable User Agent (UA) URIs (GRUU) in the Session Initiation Protocol (SIP)", draft-ietf-sip-gruu-04 (work in progress), July 2005. Author's Address Orit Levin Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA Phone: 425-722-2225 Email: oritl@microsoft.com Levin Expires January 18, 2006 [Page 8] Internet-Draft SIP REFER without Subscription July 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Levin Expires January 18, 2006 [Page 9]