Telephone Number Mapping (enum) D. Ranalli Internet Draft D. Peek Document: R. Walter NetNumber Category: Informational November 2000 Tier-1 ENUM System Roles and Responsibilities Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Abstract This document describes the actors in a global Tier-1 ENUM System and the roles and responsibilities that each of the actors fulfills. In this context, a "Tier-1 ENUM System" refers to a holistic system for registering E.164 telephone numbers in a DNS top-level domain. The population of NAPTR records with URI's in a Tier-2 ENUM System as described in RFC 2916 [4] is not discussed in this draft. This document is part of a series of Internet-Drafts on Tier-1 ENUM services. The full list of Internet-Drafts in this series includes: Tier-1 ENUM System: Roles & Responsibilities Tier-1 ENUM System: Registry Architecture Tier-1 ENUM System: Registration Validation Tier-1 ENUM System: Conflict Resolution Tier-1 ENUM System: WHOIS Tier-1 ENUM System: Registry/Registrar Protocol and API Ranalli, et al Expires - May 2001 1 Tier-1 ENUM System: Roles and Responsibilities November 2000 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [2]. 3. Introduction Starting with the assignment of an E.164 telephone number to an end- user ("Subscriber"), this document describes the roles and responsibilities of various actors in a global Tier-1 ENUM System. Please send comments on this document to the ENUM working group or directly to dpeek@netnumber.com 4. Actors In The Tier-1 ENUM System 4.1 E.164 Administration System Well-defined process within the Public Switched Telephone Network (PSTN) for defining dialing plans, creating E.164 numbers, and distributing blocks of numbers to network operators and telephone service providers. In the context of a Tier-1 ENUM System, the key players within the E.164 Administration System include the following: - International Telecommunications Union (ITU): Defines country codes. - National PSTN Regulatory Agency: (eg: OFTEL in Great Britain): Provides regulatory control over the PSTN numbering system within a country or region. - National Numbering Plan Administrator (eg: NANPA in the United States): Administers a numbering plan within a country or region under contract from a National PSTN Regulatory Agency. Creates area-codes/city-codes. Distributes blocks of numbers to network operators and telephone service providers. - Network Portability Administrator (eg: NPAC in the United States): Administers the number portability process within a country or region under contract from a National PSTN Regulatory Agency. Provides mechanisms for shifting control of individual E.164 numbers from one telephone service provider to another based on subscriber choice. Ranalli, et al Expires - May 2001 2 Tier-1 ENUM System: Roles and Responsibilities November 2000 4.2 Telephone Service Provider (TSP) Entity with contractual control over a block of E.164 numbers and/or a set of ported E.164 numbers via the E.164 Administration System. Example: Network operator, Application Service Provider, PSTN service provider, etc. Roles include: - E.164 Assignment: Assigns E.164 numbers to Subscribers. - Tier-1 ENUM Service Termination: Entity with authority to terminate a Subscriber's Tier-1 ENUM service if the TSP has revoked the Subscriber's assignment of an E.164 number for any reason. Termination right applies to E.164 numbers under contractual control of the TSP through the E.164 Administration System. 4.3 Subscriber - Entity with day-to-day control over an E.164 number. 1. Individual that has been assigned an E.164 number by a TSP. 2. Enterprise that has been assign a pool of E.164 numbers by a TSP. 4.4 Subscriber Agent ("Agent") - Entity with authority to act on behalf of a Subscriber to register an E.164 number in a Tier-1 ENUM service. Example: Telephone Service Provider, Application Service Provider (ASP), etc. 4.5 Registrant - Subscriber, or an Agent acting on behalf of a Subscriber, that registers an E.164 number with a Tier-1 ENUM service through an Accredited ENUM Registrar. - Warrants that the E.164 number being registered is under the day-to-day control of the Subscriber who's number is being registered. - Agrees to abide be bound by the terms and conditions of the Tier-1 ENUM "Conflict Resolution Process". - Responsible for notifying the Registrar of dialing plan changes that affect (change) the Registrant's E.164 number(s). In the market, registrars may choose to provide automated tools, or ongoing support services, to fulfill this obligation on behalf of Registrants. Ranalli, et al Expires - May 2001 3 Tier-1 ENUM System: Roles and Responsibilities November 2000 4.6 Tier-1 ENUM Registry ("Registry") Entity that operates the Tier-1 ENUM service within a country or region. Responsibilities include: - DNS Resolution Service: Delegation of a complete E.164 domain name to the appropriate Tier-2 ENUM service provider. - Registration Service: A registration system that provides the ability for multiple competing registrars to access administrative services offered by the Registry. - WHOIS Service: Publicly accessible thick WHOIS service provided on behalf of all Accredited Registrars. - Conflict Resolution Service: A system or service for resolving conflict between two registrants that both claim day-to-day control over the same E.164 number. System or service for use by all accredited registrars 4.7 Accredited ENUM Registrar ("ENUM Registrar" or "Registrar") - Registration: Entity that has been accredited and authorized to enter E.164 numbers and associated registrant information into the Tier-1 ENUM Registry. - Registrant Validation: Responsible for validating the identity of a Registrant to confirm that the E.164 numbers being registered are under the day-to-day control of the Subscriber being represented by the Registrant. Acceptable validation mechanisms are outlined in the companion document "Tier-1 ENUM System: Registration Validation". - TSP Validation: Responsible for validating the identity of any TSP requesting the termination of Tier-1 ENUM services for a given E.164 number to confirm that the TSP has contractual control over the E.164 number in question via the E.164 Administration System. - The primary responsibility of the Registrar in the Tier-1 ENUM System is to validate the identity of the entity with day-to- day control over an E.164 number before a change is made to the Registry. As such, Telephone Service Providers (TSP's) are well positioned to provide Registrar services for the numbers under their control since they have easy access to the information necessary to confirm the identity of a Subscriber. Ranalli, et al Expires - May 2001 4 Tier-1 ENUM System: Roles and Responsibilities November 2000 4.8 Tier-2 ENUM Provider - Entity that provides Tier-2 ENUM services which involves the registration of URI's in DNS NAPTR resource records as defined in RFC 2916 [4]. The full scope of services provided by a Tier-2 ENUM provider is outside the scope of this Internet- Draft. 5. Entity Relationship Diagram _ Tier-1 ENUM System ------------------- | E.164 | | Administration | | System | ------------------- | | V ------------------- | Telephone |---- | Service Provider| | ------------------- | | | | | V | ------------------- | | Registrant | | | (Subscriber or | | | Agent) | | ------------------- | | | | | V | ------------------- | | ENUM | | | Registrar |<--- ------------------- | | V ------------------- | Tier-1 ENUM | | Registry | ------------------- | | V ------------------- | Tier-2 ENUM | | Provider | ------------------- Ranalli, et al Expires - May 2001 5 Tier-1 ENUM System: Roles and Responsibilities November 2000 6. Typical Use Cases 6.1 ENUM Registration 1. Registrant (Subscriber or an Agent acting on behalf of a Subscriber) registers with a Tier-1 ENUM Service through an accredited registrar. 2. Registrar validates the identity of the Registrant to confirm day-to-day control over the E.164 number being registered. 3. The Registrar submits the following information to the Registry's secure ENUM Registration Service: E.164 domain name, the NS/A records for the appropriate Tier-2 ENUM Provider, and the required registrant WHOIS information. 4. The Registry either accepts or rejects the registration. If the registration is rejected due to a conflict over control of an E.164 number, the Registry initiates its conflict resolution service. 6.2 Conflict Resolution 1. Conflict occurs in the Tier-1 ENUM registration process when two Registrants claim day-to-day control over the same E.164 number. 2. The registry is responsible for providing a conflict resolution service for use by all accredited registrars in resolving registration conflicts. See the companion document "Tier-1 ENUM System: Conflict Resolution" for additional detail. 6.3 Dialing Plan Changes 1. The E.164 Administration System communicates dialing plan changes to affected TSP. 2. The TSP communicates dialing plan changes to the Subscriber. 3. The Registrant communicates dialing plan changes to the Tier-1 ENUM Registrar and to the selected Tier-2 ENUM Provider. 4. The Registrar communicates dialing plan changes to the Registry. 5. The Registry supports records for both the original E.164 number and the new E.164 number for a defined grace period and then removes the original number from the Tier-1 ENUM DNS Resolution Service. Ranalli, et al Expires - May 2001 6 Tier-1 ENUM System: Roles and Responsibilities November 2000 6.4 Service Termination By TSP TSP terminates a Subscriber's service and reclaims day-to-day control over an E.164 number. 1. TSP makes a request to an Accredited Registrar to terminate Tier-1 ENUM service for the E.164 number. 2. Registrar validates that the TSP is the entity with contractual control over the E.164 number as defined by the E.164 Administration System. 3. The Registrar terminates the service by updating the Tier-1 ENUM Registry. 4. The Registrar sends an e-mail message to the Registrant explaining the reason for the termination and the name of the TSP that terminated the service. 6.5 Number Portability - No impact on Tier-1 ENUM services. Number Portability is an important component of the E.164 Administration System but it does not affect the ENUM process because the E.164 number remains unchanged and the identity of the Subscriber with day- to-day control over the E.164 number remains unchanged. - Number Portability changes the identity of the TSP with contractual control over a given E.164 number. This change in control only comes into play when a TSP requests termination of Tier-1 ENUM services for a given E.164 number. 7. Security Considerations Tier-1 ENUM registry operators have the responsibility to protect physical and network resources, as well as, to ensure the validity of the DNS and its associated information. General ENUM users must be assured that they will receive valid information, and that they will be allowed access to this data without interruption. Registrars that have authority to manage entries must be assured that they are updating data in an authentic registry, have uninterrupted access to the data and are allowed to update the data after providing valid credentials. When preparing to prevent security breaches, the following types of attacks must be considered: Impersonation: Registrars that attempt to add and update entries must be able to unequivocally prove their identity to the registry. Spoofing or misrepresentation of the identity of the originator of the information could allow unauthorized updates to the database. Invalid or missing data could in turn cause malicious redirection and denial of service. Ranalli, et al Expires - May 2001 7 Tier-1 ENUM System: Roles and Responsibilities November 2000 Eavesdropping: If the privacy of the information that is being transmitted is compromised, then registrar-sensitive information such as the registrar's username and password, could be obtained by a malicious intruder. Data Tampering: During the transmission of directory records, valid URI's could be replaced by invalid URI's, in turn causing malicious redirection as discussed below. Since a higher percentage of security breaches such as data tampering are caused by "insiders", physical and network security must be addressed. Malicious Malicious entries into the database will cause users Redirection: to retrieve fraudulent or damaging content. This can be accomplished by either data tampering or server impersonation whereby a malicious server is masquerading as a registry server. Denial of There are several ways that a client could be denied Service: access to the desired registry resources. First, a malicious intruder could remove data from DNS, thus making it impossible for the client to access the information. Secondly, the system could be flooded with bogus requests that prevent communications. And finally, by breaching the physical security of the system, for example, by cutting off electricity to the facility. The SSL protocol is not an IETF Standards Track protocol. However, it is widely available and considered a defacto-standard for securely transmitting data over the Internet. The Transport Layer Security protocol is a Standards Track protocol that provides SSL v3.0 compatibility features and will be used when widely available. 9. References [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14,RFC 2119, March 1997 [3] A. Brown, "Telephone Number Mapping", draft-enum-rqmts-01-txt, June 2000. [4] P. Faltstrom, "E.164 number and DNS," RFC 2916, September 2000. 11. Acknowledgements We would like to extend our special thanks to Lynette Khirallah for her expert advice on security considerations. Ranalli, et al Expires - May 2001 8 Tier-1 ENUM System: Roles and Responsibilities November 2000 10. Author's Addresses Douglas Ranalli NetNumber 650 Suffolk Street, Suite 307 Lowell, MA 01854 Phone: +1-978-454-4210 x22 Email: dranalli@netnumber.com David P. Peek NetNumber 650 Suffolk Street, Suite 307 Lowell, MA 01854 Phone: +1-603-362-4315 Email: dpeek@netnumber.com Robert Walter NetNumber 650 Suffolk Street, Suite 307 Lowell, MA 01854 Phone: +1-978-454-4210 x24 Email: rwalter@netnumber.com Full Copyright Statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC editor function is currently provided by the Internet Society. Ranalli, et al Expires - May 2000 9