Transport Area A. Mankin
Internet-Draft USC/ISI
Expires: February 19, 2003 S. Bradner
Harvard University
R. Mahy
Cisco
D. Willis
dynamicsoft
J. Ott
IPDialog
B. Rosen
Marconi
August 27, 2002
Change Process for the Session Initiation Protocol (SIP)
draft-tsvarea-sipchange-03.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on February 19, 2003.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
The IETF's Session Initiation Protocol (SIP, RFC 3261), was
originally developed for initiation of multimedia sessions. Internet
Mankin, et al. Expires February 19, 2003 [Page 1]
�
Internet-Draft SIP Change Process August 2002
multimedia, voice over IP, IP telephony, and SIP, have become quite
popular, both inside IETF and in consideration by other standards
groups, and the applications of SIP have grown. The task for IETF
management of SIP has been to steer SIP to its core strengths,
applications that it does best. One result of popularity has been a
continual flood of suggestions for SIP modifications and extensions.
This memo describes how the Transport Area directors along with the
SIP and SIPPING working group chairs have decided to deal with such
suggestions. The effects of adding new features, often in a case
where a point solution is sought, can be to damage security or to
greatly increase complexity. Therefore this memo documents a process
intended to apply architectural discipline to the future development
of SIP.
1. Terminology
In this document, the key words "MAY", "MUST, "MUST NOT",
"SHOULD", and "SHOULD NOT", are to be interpreted as described in
Keywords [1]
2. History and Development
2.1 The IETF SIP Working Group
The IETF Session Initiation Protocol (sip) Working Group has been
chartered to be the "owner" of the SIP protocol [3], while the
working group continues. All changes or extensions to SIP must first
exist as SIP Working Group documents. The SIP Working group is
charged with being the guardian of the SIP protocol for the Internet.
It should only extend or change the SIP protocol when there are
compelling reasons to do so.
Documents that must be handled by the SIP working group include new
SIP methods, new SIP option tags, new reponse codes, and new
standards track SIP headers. With the exception of "P-" headers
described in Section 4.1, all SIP extensions must be standards track
and must be developed in the IETF, from requirements provided by the
SIPPING Working Group.
IETF working groups do not live forever and the process after some
future closing of the SIP Working Group will be as follows: as is
typical of any concluded group, the mailing list of the group should
continue. Until a SIP follow-on or similar new working were to be
formed, the Transport Area Directors of the future time will use the
RFC 2026 IETF Standards Process [2] (section 6.1.2) non-working group
standards track document process using the SIP and SIPPING mailing-
lists (typically IETF keeps concluded working group mailing lists as
resources), and using designated experts from the SIP community for
Mankin, et al. Expires February 19, 2003 [Page 2]
�
Internet-Draft SIP Change Process August 2002
advice. The IETF will remain the home of extensions of SIP and the
requirement of standards track action will remain as defined in the
rest of this document. The rate of growth of extensions of any
protocol in IETF is hoped to be low.
SIP event packages [5] are appropriate to develop in the Working
Groups that use them, but they will need charter approval to create a
SIP event package as a working group effort. The IETF will also
require (Individual) RFC publication for registration of event
packages developed outside the scope of an IETF working group.
Requirements for publishing event packages are described in detail in
Section 4.3.
2.2 The IETF SIPPING Working Group
The IETF Session Initiation Protocol Proposal Investigation
(sipping) Working Group is chartered to be a filter in front of the
SIP Working Group. This working group will investigate requirements
for applications of SIP, some of which may lead to requests for
extensions to SIP. These requirements may come from the community at
large, or from individuals who are reporting the requirements
determined by another standards body. The SIPPING Working Group will
also not live forever, with similar consideration to the sections
above.
The SIPPING Working Group may determine that these requirements can
be satisfied by SIP without modifications, that the requirements are
not sufficiently general to warrant a change to SIP, that the
requirements justify a change to SIP, that the requirements should be
combined with other requirements to solve a more general problem, or
to solve the same problem in a more flexible way.
Because the SIP protocol gets so much attention, some application
designers may want to use it just because it is there, such as for
controlling household appliances. SIPPING should act as a filter,
accepting only requirements which play to the best strengths of SIP,
such as realtime presence.
When the SIPPING working group decides on a set of requirements, it
forwards them to the SIP working group. The SIPPING Working Group
may also document usage or applications of SIP which do not require
any protocol extensions.
The SIPPING working group also acts as a filter for proposed event
packages as described in Section 4.3.
Mankin, et al. Expires February 19, 2003 [Page 3]
�
Internet-Draft SIP Change Process August 2002
3. SIP Change Process
Anyone who thinks that the existing SIP protocol is applicable to
their application, yet not sufficient for their task must write an
individual ID explaining the problem they are trying to solve, why
SIP is the applicable protocol, and why the existing SIP protocol
will not work. The Internet-Draft must include a detailed set of
requirements (distinct from solutions) that SIP would need to meet to
solve the particular problem. The Internet Draft must also describe
in detail any security issues that arise from meeting the
requirements. After this Internet-Draft is published, the authors
should send a note to the SIPPING Working Group mailing list to start
discussion on the Internet-Draft.
The SIPPING working group chairs in conjunction with the Transport
Area Directors will determine if the particular problems raised in
the requirements Internet-Draft warrants being added to the SIPPING
charter based on the mailing list discussion. The SIPPING working
group should consider whether the requirements can be merged with
other requirements from other or related applications, and refine the
ID accordingly.
If the chairs and the ADs both feel that the particular new problems
should be added to the SIPPING Working Group charter, the ADs will
present the proposed SIPPING charter modifications to the IESG and
IAB, in accordance with the usual process for charter expansion. If
the IESG (with IAB advice) approves of the charter changes, the
SIPPING working group can then work on the problems described in the
Internet-Draft.
In a separate Internet-Draft, the authors may describe a set of
changes to SIP that would meet the requirements. This Internet-Draft
would be passed on to the SIP working group for consideration (if
warranted). There is no requirement on the SIP working group that
the proposed solution from this additional ID be adopted.
The SIPPING working group may also evaluate such proposals for
extensions if the requirements are judged to be appropriate to SIP,
but the requirements are not sufficiently general for standards track
activity. The SIPPING working group will attempt to determine if the
new proposal meets the requirements for publication as a "P-" header
as described in Section 4.1 within a specific scope of applicability.
The Transport ADs may, on a case by case basis, support a process in
which the requirements analysis is implicit and the SIP working group
requests addition of a charter item for an extension without a full
SIPPING process as described. This will be the exception.
Mankin, et al. Expires February 19, 2003 [Page 4]
�
Internet-Draft SIP Change Process August 2002
With respect to standardization, this process means that SIP
extensions come only from the IETF, as the body that created SIP.
The IETF will not publish a SIP extension RFC outside of the
processes described here.
The SIP Working Group is required to protect the architectural
integrity of SIP and must not add features that do not have general
use beyond the specific case - they also must not add features just
to make a particular function more efficient at the expense of
simplicity or robustness.
Some working groups besides SIPPING generate requirements for SIP
solutions and/or extensions as well. At the time of writing, these
include SIP for Instant Messaging and Presence Leveraging Extensions
(simple), Service in the PSTN/IN Requesting InTernet Service
(spirits), and Telephone Number Mapping (enum).
4. Extensibility and Architecture
In an idealized protocol model, extensible design would be self-
contained, and it would be inherent that new extensions and new
headers would naturally have an architectural coherence with the
original protocol.
However, this idealized vision has not been attained in the world of
standards tracks protocols. While, interoperability implications can
be addressed by capabilities negotiation rules, the effects of adding
features that overlap or that deal with a point solution and are not
general are much harder to control with rules. Therefore the
Transport Area calls for architectural guardianship and application
of Occam's Razor by the SIP Working Group.
In keeping with the IETF tradition of "running code and rough
consensus", it is valid to allow for development of SIP extensions
that are either not ready for standards track, but might be
understood for that role after some running code; or are private or
proprietary in nature, because a characteristic motivating them is
usage that is known not to fit the Internet architecture for SIP. We
call these "P-" headers, for "preliminary", "private", or
"proprietary".
There are two key issues to consider with respect to keeping the "P-"
header extension space "safe":
1. Clearly indicating the unarchitected or not-yet understood nature
of the extension.
2. Preventing identity conflicts between extensions.
Mankin, et al. Expires February 19, 2003 [Page 5]
�
Internet-Draft SIP Change Process August 2002
4.1 Indicating a "P-" Header:
Use of an "X-" prefix on textual identfiers has been widely used to
indicate experimental extensions in other protocols, and this
approach is applied in modified form here by use of a "P-" header
extension. However, there are a number of stronger constraints about
P- than about "X-" including documentation that get Expert and IESG
review, with SIP protocol criteria described below.
Informational SIP Headers can be registered as "P-" headers if all of
the following conditions are met:
1. A designated expert (as defined in RFC2434 [4]) MUST review the
proposal for applicability to SIP and conformance to these
guidelines. The Expert Reviewer will send email to the Transport
Area Directors on this determination. The expert reviewer can
cite one or more of the guidelines that haven't been followed in
his/her opinion.
2. The proposed extension MUST NOT define SIP option tags, response
codes, or methods.
3. The function of the proposed header MUST NOT overlap with current
or planned chartered extensions.
4. The proposed header MUST be of purely an informational nature,
and MUST NOT significantly change the behavior of SIP entities
which support it. Headers which merely provide additional
information pertinent to a request or a response are acceptable.
If the headers redefine or contradict normative behavior defined
standards track SIP specification, that is what is meant by
significantly different behavior.
5. The proposed header MUST NOT undermine SIP security in any sense.
The Internet Draft proposing the new header MUST address security
issues in detail as if it were a Standards Track document. Note
that, if the intended application scenario makes certain
assumptions regarding security, the security considerations only
need to meet the intended application scenario rather than the
general Internet case. In any case, security issues need to be
discussed for arbitrary usage scenarios (including the general
Internet case).
6. The proposed header MUST be clearly documented in an (Individual
or Working Group) Informational RFC, and registered with IANA.
7. An applicability statement in the Informational RFC MUST clearly
document the useful scope of the proposal, and explain its
Mankin, et al. Expires February 19, 2003 [Page 6]
�
Internet-Draft SIP Change Process August 2002
limitations and why it is not suitable for the general use of SIP
in the Internet.
Any implementation of a "P-" header (meaning "not specified by a
standards-track RFC issued through the SIP Working Group") MUST
include a "P-" prefix on the header, as in "P-Headername". Note that
"P-" extensions are not IETF standards of any kind, and MUST NOT be
required by any production deployment considered compliant to IETF
specififcations. Specifically, implementations are only SIP
compliant if a) they fall back to baseline behavior when they ignore
all P- headers, and b) when using P- headers they do not contradict
any normative behavior.
4.2 Preventing Identity Conflicts Between P-Extensions:
In order to prevent identity conflicts between P-headers this
document provides an IANA process (See: "IANA Considerations" below)
to register the P-headers. The handling of unknown P-headers is to
ignore them, however, section 4.1 is to be taken seriously, and users
of P-headers will have best results with adherence. All implemented
P-headers SHOULD meet the P-Header requirements in 4.1, and any P-
header used outside of a very restricted research or teaching
environment (such as a student lab on implementing extensions) MUST
meet those requirements and MUST be documented in an RFC and be IANA
registered. IANA registration is permitted when the IESG approves
the internet-draft.
4.3 SIP Event Packages
SIP events defines two different types of event pacakges: normal
event packages, and event template-packages. Event template-packages
can only be created and registered by the publication of a Standards
Track RFC (from an IETF Working Group). Normal event packages can be
created and registered by the publication of any Working Group RFC
(Informational, Standards Track, Experimental), provided that the RFC
is a chartered working group item.
Individuals may also wish to publish SIP Event packages. Individual
proposals for registration of a SIP event package MUST first be
published as internet-drafts for review by the SIPPING Working Group.
Proposals should include a strong motivational section, a thorough
description of the proposed syntax and semantics, event package
considerations, security considerations, and examples of usage. The
author should submit his or her proposal as an individual Internet
Draft, and post an announcement to the working group mailing list to
begin discussion. The SIPPING Working Group will determine if the
proposed package is a) an inappropriate usage of SIP, b) applicable
to SIP but not sufficiently interesting, general, or in-scope to
Mankin, et al. Expires February 19, 2003 [Page 7]
�
Internet-Draft SIP Change Process August 2002
adopt as a working group effort, c) contrary to similar work planned
in the Working Group, or d) should be adopted as or merged with
charted work.
The IETF requires (Individual) RFC publication for registration of
event packages developed outside the scope of an IETF working group,
according to the following guidelines:
1. A designated expert (as defined in RFC2434 [4]) MUST review the
proposal for applicability to SIP and conformance to these
guidelines. The Expert Reviewer will send email to the IESG on
this determination. The expert reviewer can cite one or more of
the guidelines that haven't been followed in his/her opinion.
2. The proposed extension MUST NOT define an event template-package.
3. The function of the proposed package MUST NOT overlap with
current or planned chartered packages.
4. The event package MUST NOT redefine or contradict the normative
behavior of SIP events [5], SIP [3], or related standards track
extensions.
5. The proposed package MUST NOT undermine SIP security in any
sense. The Internet Draft proposing the new package MUST address
security issues in detail as if it were a Standards Track
document. Security issues need to be discussed for arbitrary
usage scenarios (including the general Internet case).
6. The proposed package MUST be clearly documented in an
(Individual) Informational RFC, and registered with IANA. The
package MUST document all the package considerations required in
Section 5 of SIP events [5]
7. If necessary as determined by the expert reviewer or the chairs
or ADs of the SIPPING WG, an applicability statement in the
Informational RFC MUST clearly document the useful scope of the
proposal, and explain its limitations and why it is not suitable
for the general use of SIP in the Internet.
5. Security Considerations
Complexity and indeterminate or hard to define protocol behavior,
depending on which of many extensions operate, is a fine breeding
ground for security flaws.
All Internet-Drafts that present new requirements for SIP must
Mankin, et al. Expires February 19, 2003 [Page 8]
�
Internet-Draft SIP Change Process August 2002
include a discussion of the security requirements and implications
inherent in the proposal. All RFCs that modify or extend SIP must
show that they have adequate security and do not worsen SIP's
existing security considerations.
6. IANA Considerations
RFC 3261 [3] directs the Internet Assigned Numbers Authority to
establish a registry for SIP method names, a registry for SIP option
tags, and a registry for SIP response codes, and to amend the
practices used for the existing registry for SIP headers.
With the exception of P-headers, entries go into these registries
only by approval of a draft for standards track RFC.
Each RFC shall include an IANA Considerations section which directs
IANA to create appropriate registrations. Registration shall be
done at the time of the announcement of IESG approval of the
draft containing the registration requests.
Standard headers and messages MUST NOT begin with the leading
characters "P-".
"P-" header names MUST begin with the leading characters "P-". No
"P-" header which conflicts with (would, without the "P-" prefix have
the same name as) an existing standards track header is allowed.
Each registration of a "P-" header will also reserve the name of the
header as it would appear without the "P-" prefix. However, the
reserved name without the "P-" will not explicitly appear in the
registry. It will only appear if there is a later standards track
document (which is unlikely in most cases!). So please do not when
you see: P-IANA-Greeting, accept the registration of IANA-Greetinga
as well. P-header's "reserved standard names" MUST NOT be used in a
SIP implementation prior to standardization of the header.
Short forms of headers MUST only be assigned to standards track
headers. In other words, P-headers MUST NOT have short forms.
Similarly, RFC 3265 [5] directs the Internet Assigned Numbers
Authority to establish a registry for SIP event packages and SIP
event template packages. For event template packages, entries go
into this registry only by approval of a draft for standards track
RFC. For ordinary event packages, entries go into this registry only
by approval of a draft for RFC (of any type). In either case, the
IESG announcement of approval authorizes IANA to make the
registration.
Mankin, et al. Expires February 19, 2003 [Page 9]
�
Internet-Draft SIP Change Process August 2002
7. Acknowledgements
The Transport ADs thank our IESG and IAB colleagues (especially Randy
Bush, Harald Alvestrand, John Klensin, Leslie Daigle, Patrik
Faltstrom, and Ned Freed) for valuable discussions of extensibility
issues in a wide range of protocols, including those that our area
brings forward and others. Many members of the SIP community engaged
in interesting dialogue about this document as well; Jonathan
Rosenberg and Jon Peterson gave us useful reviews. Thanks also
to Henning Schulzrinne and William Marshall.
Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[2] Bradner, S., "The Internet Standards Process -- Revision 3", BCP
9, RFC 2026, October 1996.
[3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[5] Roach, A., "Session Initiation Protocol (SIP)-Specific Event
Notification", RFC 3265, June 2002.
Authors' Addresses
Allison Mankin
USC/ISI
EMail: mankin@isi.edu
Scott Bradner
Harvard University
EMail: sob@harvard.edu
Rohan Mahy
Cisco
EMail: rohan@cisco.com
Mankin, et al. Expires February 19, 2003 [Page 10]
�
Internet-Draft SIP Change Process August 2002
Dean Willis
dynamicsoft
EMail: dean.willis@softarmor.com
Brian Rosen
Marconi
EMail: brian.rosen@marconi.com
Joerg Ott
IPDialog
EMail: jo@ipdialog.com
Mankin, et al. Expires February 19, 2003 [Page 11]
�
Internet-Draft SIP Change Process August 2002
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Mankin, et al. Expires February 19, 2003 [Page 12]
�