Session Initiation Protocol (SIP) INFO
Method and Package FrameworkThis Space For SaleUSAeburger@standardstrack.comhttp://www.standardstrack.comAcme Packet71 Third Ave.BurlingtonMA01803USAhkaplan@acmepacket.comEricssonHirsalantie 11Jorvas02420Finlandchrister.holmberg@ericsson.com
RAI
SIPThis document defines the new SIP INFO method and a mechanism for
defining, negotiating and exchanging Info Packages that use the INFO
method. Applications that need to exchange session-related information
within a SIP INVITE-created dialog, also known as application level
information, use these INFO requests. This draft addresses issues and
open items from RFC 2976 and replaces it.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. The terminology in this document
conforms to the Internet Security
Glossary.Be mindful of the terms User Agent Server (UAS) and User Agent Client
(UAC). This document strictly follows RFC
3261. The UAC issues a SIP request and the UAS responds. This
terminology may be confusing when one combines the INFO case with the
INVITE case. For an INVITE, the initiator of the session is the UAC and
the target of the session is the UAS. However, it is possible for the
target UA of the session, the UAS of the INVITE transaction, to send an
INFO to the initiating UA of the session, the UAC of the INVITE
transaction. From the perspective of the INFO, the target UA of the
session (INVITE UAS) is, in fact, the UAC (sender) of the INFO request.
Likewise, from the perspective of the INFO, the initiating UA of the
session (INVITE UAC) is the UAS (recipient) of the INFO request. Since
this document strictly follows RFC 3261, we refer to the UA that issues
the INVITE as the "initiating UA" and the UA that responds to the INVITE
as the "target UA" to remove any confusion.The SIP protocol defines session
control messages used to setup and tear down a SIP controlled session.
In addition, a SIP User Agent (UA) can use the re-INVITE and UPDATE
methods during a session to change the characteristics of the session.
Most often, this is to change the properties of media flows related to
the session or to update the SIP session
timer. The purpose of the INFO
message is to carry application level information along the SIP
signaling path. Note the INFO method does not change the SIP dialog
state. It may, however, change application state for applications using
the SIP dialog.While INFO has been widely adopted for specific application use
cases, such as ISUP and DTMF exchange, RFC
2976 neither defined a negotiation mechanism nor a means by which
to explicitly indicate the type of application information contained in
the INFO message. This led to problems associated with static
configuration. In addition, the industry realized there was a potential
for interoperability problems due to undefined content syntax and
semantics. This draft addresses these deficiencies and provides a
framework for explicit negotiation of capabilities and content context
using "Info Packages".The INFO method as defined by RFC 2976 did not provide any context
for the information the request carried. While it may sometimes be clear
what the content is based on the Content-Type, this is only true where
there is only one contextual usage of the content-type. For example, if
the Content-Type is "image/jpeg", the MIME-attached content is a JPEG
image. However, there is no indication what the purpose of the image is.
The image could be a caller-id picture, a contact icon, a photo for
sharing, and so on. The sender does not know which JPEG to give the
receiver if the receiver supports a JPEG content type, and the receiver
does not know which JPEG the client is sending if the receiver supports
receiving more than one JPEG content type. Thus we need a well defined
and documented statement of what the information sent is for. This
situation is identical to the context issue in
Internet Mail. RFC 3458 goes into this and other issues in
detail.Event Packages perform the role of
disambiguating the context of a message for subscription-based events.
This document provides a similar framework for INVITE-based application
level information exchange. The mechanism defined in this draft has no
relationship to the SUBSCRIBE and NOTIFY methods. The mechanism defined
here neither creates a separate subscription dialog nor a subscription
usage within an existing dialog. Instead, it uses the INVITE method and
its responses to indicate and negotiate supported Info Packages, and the
INFO method to convey the Info Packages. This mechanism is not
appropriate for IANA-registered Subscribe
Event package types. Info Package definitions and registrations
indicate support for this mechanism when one registers them with
IANA.Each UA enumerates which Info Packages it can receive. If the far end
indicates it can receive a package offered by the near end, the near end
can send INFO methods containing the payload for that package. Likewise,
if the near end indicates it can receive a package, the far end can send
INFO methods containing the payload for that package. The Recv-Info
header indicates which packages a UA is willing to receive. The
Info-Package header indicates which package a particular INFO method
request belongs to. There is a reserved Info Package, "nil", which
indicates the UA conforms to this document, but does not wish to receive
Info Packages. This enables other UAs that conform with this document to
detect legacy UAs, as the legacy UA will not include a Recv-Info header
in their SIP dialog establishment or modification requests. describes the negotiation in detail.This document does not describe any specific Info Package type
extensions. One must extend this protocol by other documents, herein
referred to as "Info Packages".
describes guidelines for creating these extensions.The INFO method does not change the state of SIP calls or the
parameters of the sessions SIP initiates. It merely sends optional
application layer information, generally related to the session.Applications need to be aware that application level information
transported by the INFO method constitutes mid-dialog signaling. These
messages traverse the post-session-setup SIP signaling path. This is the
path taken by SIP re-INVITEs, BYEs, and other SIP requests within an
individual dialog. SIP proxy servers will receive, and potentially act
on, mid-dialog signaling information. Application designers need to
understand this can be a feature, as when the User Agents are exchanging
information that elements in the SIP signaling path need to be aware of.
Conversely, this can be a problem, as messages these network elements
have no interest in can put a significant burden on those element's
ability to process other traffic. Moreover, such network elements may
not be able to read end-to-end encrypted INFO bodies.This document replaces the SIP INFO method
document to include explicit negotiation of supported Info
Packages in the INVITE transaction and indication of the Info Package to
use by using a new header field in the INFO request. As described in
, the mechanism described here is
backwards-compatible with legacy, RFC 2976 INFO mechanisms.To be abundantly clear, as stated in the Conventions section, the
term UAC refers to the UAC (sender) of the INFO method and UAS refers to
the recipient of the INFO method. "Initiating UA" refers to the sender
of an initial INVITE to establish a session and "target UA" refers to
the recipient of that INVITE request.A UA supporting this document MUST advertise a set of Recv-Info
packages in the initial INVITE exchange. This includes the initial
INVITE request, as well as provisional 1xx, final 2xx responses, and
the ACK. The initiating UA (UAC of the INVITE) may choose not to offer
any packages in the initial INVITE and negotiate packages from the
target UA's subsequent responses and the ACK, in order to support
third-party call control.Info Package negotiation may occur any time the UAs negotiate
session parameters. There are two cases to consider for SIP dialog
parameter negotiation: the initial INVITE transaction and subsequent
renegotiation. By subsequent renegotiation, we mean procedures such as
re-INVITE and UPDATE. In the first case,
dialog establishment (the initial INVITE transaction), the UAC MUST
NOT send INFO requests for a given Info Package until the UAS lists
the given Info Package in a Recv-Info header. If the UAS sends a
subsequent message in the dialog establishment exchange that removes a
listed Info Package, the UAC MUST NOT send INFO requests for that
package. In the second case, dialog renegotiation, the UAC MUST NOT
send INFO requests for a newly listed Info Package until the dialog
renegotiation exchange successfully completes and the newly listed
Info Package is in the UAS' final renegotiation exchange message.A UAS lists multiple packages by enumerating the package name(s),
separated by commas, as values for the Recv-Info header in the session
establishment exchange. A UAS can also list multiple packages by
including multiple Recv-Info headers. The UAS can also combine
multiple Recv-Info headers with one or more packages in each header
value. If the UAS has a preference for receiving one package over
another, the UAS MUST list the preferred Info Package lexically
earlier in the message. That is, by listing it earlier in a list
within a given Recv-Info header or listing it in a previous Recv-Info
header in a given message. Listing a package multiple times does no
harm. As far as a hint to the UAC, the first appearance is what the
UAC uses for determining the UAS' preference. Note this order is only
a hint to the UAC, as there is no meaningful way of enforcing the use
of a preferred package at the UAC.If a UAS does not wish to receive any Info Packages, the UAS MUST
indicate this by including one and only one Recv-Info header with the
value 'nil'. This enables the UAC to discern the difference between
the UAS understanding Info Packages but not wishing to receive any
from a UAS that does not understand Info Packages. A UAC conforming to
this document can always send or receive legacy INFO usages without
packages.NOTE: We could allow an empty Recv-Info header to indicate the
UAS does not wish to receive Info Packages. Semantically that is
what this means, as there is no null package. However, this is
sloppy and we may find we need an explicit value here in the event
we require a richer negotiation strategy. Since mandating nil at
this time is no burden, and it will be a burden in the future if
we do not specify it now, we specify it now.Info Package capability negotiation occurs within the context
of a single session negotiation exchange. Moreover, the last
capability set received within the exchange is the one the receiver
applies against its advertised capability set. For example, if in an
INVITE, the initiating UA offers the following.The target UA responds with a 200 OK, and the initiating UA then
confirms in an ACK, as shown.The target UA can now send from package T to the initiating UA.
Moreover, in this example, the target UA may not send form package P,
as P no longer is in the initiating UA's Info Package set.The limitation on requiring the negotiation to occur within the
context of a session negotiation exchange means that if the initiating
UA issues a re-INVITE (after the above ACK) with the following.The target UA MUST NOT send any package P INFO methods until the
target UA sees P in the final ACK from the initiating UA.In the case of a SIP dialog refresh, if the initiating UA and
target UA wishes to keep their Info Package set active, the UAs MUST
include the Recv-Info header with the appropriate values. Otherwise,
if the UA neglects to include the Recv-Info header, the other UA in
the dial will assume the first UA no longer supports INFO as specified
by this document.INFO itself does not necessitate the use of Require or
Proxy-Require headers. There is no token defined for "Supported"
headers. If necessary, clients may probe for the support of this
version of INFO using the OPTIONS request defined in SIP. One could envision a particular Info
Package implementation that relied on either of these headers. See
for more on this issue.The presence of the Recv-Info header in a message is sufficient to
indicate support for this version of INFO. The "methods" parameter for
Contact is not sufficient to determine
if the endpoints support Info Packages, as the INFO method supported
might be the obsolete RFC 2976
version.For Info Packages, this draft does not provide a means of requiring
support for a specific Info Package. If the far-end UA does not
indicate support for an Info Package that the local server requires,
the server MAY terminate the session with a CANCEL or BYE request.The protocol mechanism described herein does not provide for a
package versioning mechanism. This is for two reasons. The first is
that if an Info Package has a capability for forward and backward
compatibility in the Info Package payload, then that compatibility
comes from the application level semantics of the information. This
means it is the responsibility of the application to handle such
compatibility and not the INFO framework. For example, one could use
XML versioning techniques in the payload to indicate versions of the
Info Package.The second reason we do not have a package versioning system is if
the payload is not sufficient to carry payload versions, then it is
highly unlikely payloads would be backwards compatible. That is, what
one really is defining is a new Info Package. This is more especially
so when one considers User Agents can negotiate package support but
cannot negotiate package version support.The INFO method provides additional, application level information
that can further enhance a SIP application. It is important to note
there are some types of application information for which using INFO
messages are inappropriate. See
for a discussion of this.The UAC MUST include the Info-Package header field when it sends an
INFO request carrying an Info Package. The Info-Package header field
value in an INFO request MUST contain a single Info Package token.
That Info Package token MUST match one of the Info Packages the UAS
indicated support for during the negotiation described in .The UAC MAY send an INFO in a legacy usage context. See for examples of legacy usages. In general a
legacy usage is where there is no Info-Package header. In this case,
if the UAS has never offered a Recv-Info header or never offered a
Recv-Info header with a package of a similar function to the legacy
INFO usage, the UAC MAY send an INFO without an Info-Package header
field and a body appropriate to the said legacy usage.A UAC MUST NOT use the INFO method outside an INVITE dialog usage.
The INFO method has no lifetime or usage of its own, as it is
inexorably linked to that of the INVITE. When the INVITE-created
dialog terminates, that signals the termination of the negotiated Info
Packages. A UAS that receives an INFO message after the INVITE dialog
usage terminates MUST respond with a 481 Call Does Not Exist.The dialog identifiers defined in RFC
3261 must match those of the provisional or final responses to
the INVITE. As a result, INFO requests cannot fork. The UAC may send
INFO requests once the UAS has sent the Recv-Info header field value,
indicating what the UAS supports.The converse is not true during initial session establishment. The
initiating UA of the first INVITE MUST be prepared to receive multiple
INFO requests, as the first INVITE may fork. Since dialog negotiation
has not completed, and we allow early INFO requests, multiple target
UAs may respond. This initial dialog establishment phase is the only
time the UAS need be prepared to receive multiple INFO requests, as we
require post-session-establishment negotiation to fully complete
before a UAC can send an INFO request.The construction of the INFO request is the same as any other
request within an existing INVITE-initiated dialog. A UAC MAY send an
INFO request on both an early and confirmed dialog.The INFO request MUST NOT carry a Recv-Info header. The UAC can
only negotiate Info Packages using the procedures of .The signaling path for the INFO method is the signaling path
established as a result of the dialog setup. This can be direct
signaling between the calling and called user agents or a signaling
path involving SIP proxy servers that were involved in the call setup
and added themselves to the Record-Route header on the initial INVITE
message.The purpose of the INFO request is to carry application level
information between SIP user agents. The INFO message body SHOULD
carry this information, unless the message headers carry the
information of interest. Note this is not an invitation to invent SIP
headers for the purposes of application level information exchange.
Rather, one could envision circumstances where existing SIP headers
already convey the information the application has interest in.If the Info Package defines a payload, and the UAC determines it is
appropriate to send that payload to the UAS, the UAC MUST include the
payload, with the MIME type specified by the Info Package.If the Info Package allows the UAC to send a request without a
payload, the UAC MAY send the INFO request without a body.Some SIP extensions, which are orthogonal to INFO proper, may
insert body parts unrelated to the INFO payload. User Agents MUST
conform to RFC 3261 as updated by body-handling to support
multipart MIME handling. If there are bodies unrelated to the Info
Package, and the Info Package also has a payload, the UAC MUST bundle
these elements into a multipart MIME body. In this case, the UAS needs
a means to unambiguously identify the body part belonging to the Info
Package. To do this, the UAC MUST identify the Info Package payload
MIME body part with a Content-Disposition of 'Info-Package'.If the payload of an Info Package is already a multipart MIME body,
the UAC MUST identify the payload with a Content-Disposition of
'Info-Package' in the headers for the appropriate MIME body part.If there is no payload in the INFO request unrelated to the Info
Package and the payload of the Info Package is not a multipart MIME,
the UAC MUST identify the message, at the SIP header level, with a
Content-Disposition of 'Info-Package'.If there is no payload for the Info Package, they UAC MAY omit the
Content-Disposition header.NOTE: We could be lazy and even save 33 octets by allowing the
UAC to construct a non-multipart MIME payload without a
Content-Disposition header. However, mandating the presence makes
parsing considerably easier, and it is easier to have it required
now than run into a problem later.NOTE: One could offer that the Info-Package header is
redundant, as we could have the Info Package name be a parameter
for Content-Disposition. However, there could be corner cases with
legacy INFO usage that makes this a poor choice.If a UAS receives an INFO request it MUST send a final response. A
UAS MUST send a 200 OK response for an INFO request with no message
body and no Info-Package header if the UAS received the INFO request
on an existing dialog. This protocol action supports legacy use of
INFO as a keep-alive mechanism.If the UAS receives an INFO request with an Info-Package the UAS
advertised with a Recv-Info in the last dialog state update and the
body of the INFO request is an appropriate MIME type for the Info
Package, the UAS MUST send a 200 OK response.If the INFO request contains a body the server does not understand
then, in the absence of Info Package associated processing rules for
the body, including the absence of an Info-Package header, the server
MUST respond with a 415 Unsupported Media Type message.If the INFO request indicates an Info Package type the server does
not understand, then the server MUST respond with a 489 Bad Event. The
server then MUST terminate the INVITE dialog, as this represents a
protocol failure.NOTE: Some may think "Bad Event" implies there is a link
between INFO and NOTIFY. However, what this does is refine 489 to
mean, "Received some package in some context that I do not
understand," where today the possible contexts are INFO and
NOTIFY. The text is irrelevant and the meaning is clear from the
context.If a server receives an INFO request with a body it understands,
but it has no Info-Package header, the UAS MAY use the body as it sees
fit. The UAS SHOULD respond to the INFO request with a 200 OK. This
enables legacy use of INFO. The UAS MAY reject the request with a 489
if the UAS needs to enforce strict compliance with the current INFO
framework described here.The UAS MUST send a 481 Call Leg/Transaction Does Not Exist message
if the INFO request does not match any existing INVITE-initiated
dialog.The UAS MAY send other responses, such as Request Failure (4xx),
Server Failure (5xx) and Global Failure (6xx) as appropriate for the
request.Unless stated otherwise, the protocol rules for the INFO request
governing the usage of tags, Route and Record-Route, retransmission
and reliability, CSeq incrementing and message formatting follow those
in RFC 3261 as defined for the BYE
request.The INFO message MUST NOT change the state of the SIP dialog. Of
course, outside the INFO machinery specific failure responses as
documented in the SIP dialog usages
document, may cause the INVITE dialog to terminate.Registrars receiving a REGISTER request that includes Recv-Info
headers MAY store such information and use it for routing purposes.
How the registrar uses this information is beyond the scope of this
document.A UAC, the sender of the OPTIONS request, SHOULD include Recv-Info
headers, populated appropriately for the packages the UAC supports.
The UAS SHOULD include its set of Recv-Info packages. These strictures
are of "should" strength because local policy might restrict the
advertisement of full capabilities, the UA may know the best choice of
equivalent packages to list from local configuration, and so on.The UAS and UAC MUST NOT consider the OPTIONS request to be part of
a capabilities negotiation. The OPTIONS request is purely a probe. For
the UAC or UAS to renegotiate package support, they must use the
procedures described in .The INFO method does not define mechanisms for ensuring in-order
delivery for overlapping INFO requests. That is, the UAC can send
another INFO request before receiving a transaction response from the
UAS to a prior INFO request. While the UAC will increment the CSeq
header upon the transmission of new INFO messages, the UAS cannot use
the CSeq to determine the sequence of INFO information. This is due to
the fact that there could be gaps in the INFO message CSeq count
caused by a user agent sending re-INVITES or other SIP messages.It is up to the individual Info Package definition to specify what
happens when there are overlapping INFO requests. However, since it is
legal SIP to have overlapping requests, the application must be able
to handle the reception of overlapping requests, even if the Info
Package does not allow for it. Since overlapping requests can occur
even if the application (Info Package) does not allow it, the Info
Package needs to define the appropriate response. This is more
especially so given the UAC could send from multiple Info Packages.
Some of those packages may allow overlapping INFO requests, while
others do not. In this situation, it would be hard to tell if the
non-overlapping packages were being violated or not.This document describes one new SIP method: INFO. This document
replaces the definition and registrations found in .This table expands on Tables 2 and 3 in .This table expands on tables 2 and 3 in .This document adds Info-Package to the definition of the element
"message-header" in the SIP message grammar.For the purposes of matching Info Package types indicated in
Recv-Info with those in the Info-Package header field value, one
compares the Info-package-name portion of the Info-package-type
portion of the Info-Package header octet-by-octet with that of the
Recv-Info header value. That is, the Info Package name is case
sensitive. Info-package-param is not part of the comparison-checking
algorithm.This document does not define values for Info-Package types.
Individual Info Packages define these values. Such documents MUST
register such values with IANA. These values are Specification Required.This document adds Recv-Info to the definition of the element
"general-header" in the SIP message
grammar. describes the Recv-Info
header usage.Several RFC-defined and other standards-defined uses of RFC 2976 INFO exist and are in use, as well as
numerous proprietary uses. describes
some of these usages. By definition, identifying such uses has relied on
either static local configuration or implicit context determination
based on the body Content-Type or Content-Disposition value or some
proprietary mechanism. This draft cannot forbid nor avoid such uses,
since local configuration can always override standardized
mechanisms.To maintain backward compatibility with the extant standardized uses
of INFO, a server MAY interpret an INFO request with no "Info-Package"
header as being of such legacy use.It should be noted that such legacy use will not "break" the
mechanism in this draft. For example, if a UA supports SIP-T, it does so based on static local
configuration or based on acceptance of the application/isup body. If it
adds support for this draft's Info Package negotiation mechanism, the
local configuration still applies, and the UA will send/receive INFO
messages based on SIP-T regardless of the Info Package negotiation. It
will also be able to send/receive INFO messages based on the Info
Packages it negotiated. If, at some future time, an Info Package is
defined for SIP-T, the UA can indicate such in the negotiation, and
again local configuration would supersede if need be. The UA would not
lose the ability to use SIP-T with legacy devices. Rather, it would gain
the ability to use it with devices which support this draft and with
which it did not have such local configuration set, and could avoid
failures related to unsupported bodies.It is the hope of this draft's authors that vendors that implement
proprietary INFO uses submit their mechanisms as Info Package extension
documents, and follow the Info Package negotiation mechanism defined in
this draft.Info Packages SHOULD NOT reiterate any of the behavior described in
this document, unless required for clarity or emphasis. However, such
packages MUST describe the behavior that extends or modifies the
behavior described in this document.Info Packages MUST NOT weaken any behavior designated with "SHOULD"
or "MUST" in this document. However, Info Packages MAY strengthen
"SHOULD", "MAY", or "RECOMMENDED" requirements to "MUST" strength if the
application requires it.In addition to the normal sections expected in standards-track RFCs
and SIP extension documents, authors of Info Packages need to address
each of the issues detailed in the following subsections, whenever
applicable.This section, which MUST be present, describes why any of the other
established user-to-user data transfer protocols are not appropriate
for the given Info Package. Common reasons can be a requirement for
SIP Proxies or back-to-back User Agents (B2BUAs) to see the
application level information. Consideration in this section MUST
describe what happens if one or both endpoints encrypt the
payload.This section, which MUST be present, defines the token name that
designates the Info Package. The name MUST conform to the token-nodot
ABNF production described in . It MUST
include the information that appears in the IANA registration of the
token. For information on registering such types, see .If the "Info-Package" header allows parameters to modify the
behavior of the Info Package, this section MUST clearly define the
syntax and semantics of such parameters.If useful for the Info Package to have SIP option tags, this is the
place to define the tag. Note that if the Info Package defines a SIP
option tag, the Info Package must conform to the SIP Change Process.Each Info Package MUST define what type or types of bodies are
expected in INFO requests. Such packages MUST specify or cite detailed
specifications for the syntax and semantics associated with such a
body.The UAS MUST enumerate every MIME type associated with the Info
Packages advertised in the UAS' Recv-Info header the UAS is willing to
receive. If a UAC sends a body that includes something not enumerated
by the UAS, this is a protocol error and the UAS MUST respond
appropriately.Each Info Package MUST describe the process by which a UA generates
and sends an INFO request. This includes detailed information about
what events cause the UA to send an INFO request.If the Info Package does not allow overlapping (outstanding) INFO
requests the Info Package MUST disclose this in the section describing
UA generation of INFO requests. Note the generic protocol machinery of
the INFO method has no way of enforcing such a requirement. describes this situation.The Info Package MAY describe the process followed by the UA upon
receipt of an INFO request. Since INFO does not change SIP state, and
may not even change application state, there may be no useful guidance
required in the Info Package specification for UA processing.If the info Package does not permit overlapping INFO requests, it
is important to note the issuance of overlapping INFO requests is an
application-layer protocol failure and not an INFO method failure.
Therefore, in the event a UAC issues overlapping INFO requests for an
Info Package, the UAS MUST NOT return an error response. This section
of the Info Package specification MUST describe the application level
response to overlapping INFO requests. Examples include a new INFO
request back to the offending UAC indicating an application error,
ignoring the overlapping request and processing it to the UAS' best
effort, or terminating the entire SIP dialog.Each Info Package MUST define a requirement of MUST strength which
defines an absolute maximum on the rate at which an Info Package of a
given type can generate INFO messages by a UA in a dialog.If possible, a package MUST define a throttle mechanism that allows
UAs to further limit the rate of INFO messages.The Info Package MUST have an IANA Considerations section that
includes definitions for the Info Package Name and, if needed,
supported MIME types.The INFO mechanism transports application level information. One
implication of this is INFO messages may require a higher level of
protection than the underlying SIP-based session signaling. If the
application transports sensitive information, such as credit card
numbers, health history, personal identifiers, and so on, the Info
Package MUST document security procedures that exceed the default
procedures presented in this document. In most circumstances it is not
sufficient for a package to attempt to mandate TLS for the signaling
channel to secure the data carried by the INFO. This is because there
are few protocol mechanisms to enforce this requirement. It may be
possible for an Info Package to inform the SIP transport layer stack
to be "secure." However, the only way to ensure secure transport at
the application level is to have the security be part of the Info
Package itself. The most common method of achieving this is to use
end-to-end security techniques such as S/MIME.We RECOMMEND Info Packages include several demonstrative message
flow diagrams paired with several typical, syntactically correct, and
complete messages.Documents describing Info Packages MUST clearly indicate the
examples are informative and not normative, with instructions that
implementers refer to the main text of the document for exact protocol
details.This section describes the syntax extensions required for
user-to-user data exchange in SIP. The previous sections describe the
semantics. Note the formal syntax definitions described in this document
use the ABNF format used in SIP and
contain references to elements defined therein.The Augmented BNF definitions for the various new and modified syntax
elements follow. The notation is as used in SIP. See SIP for any elements not defined in
this section.Please update the existing registration in the SIP Methods and
Response Codes registry under the SIP Parameters registry that
states:to:Please add the following new SIP header field in the Header Fields
subregistry under the SIP Parameters registry.Please add the following new SIP header field in the Header Fields
subregistry under the SIP Parameters registry.Please create a subregistry in the SIP Parameters registry for Info
Packages. This subregistry has a modified First
Come First Served policy.The following data elements populate the Info Package
Registry.Info Package Name: The Info Package Name is a case-sensitive
token. In addition, IANA shall not register multiple Info Package
names that have identical case-insensitive values.Info Package Payload MIME Types: A list of zero or more
registered MIME types from the MIME Type Registry.Standards Status: Values are "Standards Track" or empty. See
below for a discussion and rules on this field.Reference: If there is a published specification describing the
Info Package, place a reference to that specification in this
column. See below for a discussion on this field.If there is a published specification, the registration MUST
include a reference to such specification. The Standards Status field
is an indicator of the level of community review for the Info Package
specification. If the specification meets the requirements for Specification Required, the value for the
Standards Status field is "Standards Track". Otherwise, the field is
empty.This document uses the Info Package Name "nil" to represent "no
Info Package present" and as such IANA shall not honor a request to
register the "nil" Info Package.The initial population of this table shall be:Please add the following registration to the Content-Disposition
registry. The description suitable for the IANA registry is as
follows.The payload of the message carrying this Content-Disposition header
field value is the payload of an Info Package.In the following example, Alice initiates a call to Bob. Alice can
support sending or receiving "foo" Info Packages, and sending "bar"
Info Packages.Alice generates the following: (note: much has been left out for
simplicity)Bob does not support anything, so he says so.Bob answers, but still does not support anything.Alice could have sent an Info Package as soon as she received the
180, but in this example she would not have been able to do so since
Bob didn't say he could receive any Info Packages in his 180 response.
Bob, on the other hand, may send an INFO:This is for where there is a single INFO payload in a
multipart/mime.[EDITOR'S NOTE: This section may become a separate document in
the future.]This document updates RFC 3427 to
add a process for registering new Info Packages. The process for
registering new Info Packages follows the process outlined in Section
4.3 of RFC 3427 for the registration of SIP Event Packages. Namely, the
registration of a new SIP Info Package requires the SIPPING chairs to
assign an individual to perform expert review of the proposal if the
work is not a SIPPING work item in itself.By eliminating multiple uses of INFO messages without adequate
community review and by eliminating the possibility for rogue SIP User
Agents from confusing another User Agent by purposely sending unrelated
INFO messages, we expect this document's clarification of the use of
INFO to improve the security of the Internet. Whilst rogue UACs can
still send unrelated INFO messages, this framework provides mechanisms
for which the UAS and other security devices can filter for approved
Info Packages.If the content of the Info Package payload is private, User Agents
will need to use end-to-end encryption, such as S/MIME, to prevent
access to the content. This is particularly important as transport of
INFO is likely not to be end-to-end, but through SIP proxies and
back-to-back user agents (B2BUA's), which the user may not trust.The INFO mechanism transports application level information. One
implication of this is INFO messages may require a higher level of
protection than the underlying SIP-based session signaling. In
particular, if one does not protect the SIP signaling from eavesdropping
or authentication and repudiation attacks, for example by using TLS
transport, then the INFO request and its contents will be vulnerable, as
well. Even with SIP/TLS, any SIP hop along the path from UAC to UAS can
view, modify, or intercept INFO requests, as they can with any SIP
request. This means some applications may require end-to-end encryption
of the INFO payload, beyond, for example, hop-by-hop protection of the
SIP signaling itself. Since the application dictates the level of
security required, individual Info Packages have to enumerate these
requirements. In any event, the INFO Framework described by this
document provides the tools for such secure, end-to-end transport of
application data.One interesting property of Info Package use is one can reuse the
same digest-challenge mechanism used for INVITE-based authentication for
the INFO request. For example one could use a quality-of-protection
(qop) value of authentication with integrity (auth-int), to challenge
the request and its body, and prevent intermediate devices from
modifying the body. However this assumes the device which knows the
credentials in order to perform the INVITE challenge is still in the
path for the INFO, or that the far-end UAS knows such credentials.Key words for use in RFCs to Indicate Requirement
LevelsGuidelines for Writing an IANA Considerations Section in
RFCsMany protocols make use of identifiers consisting of constants
and other well-known values. Even after a protocol has been
defined and deployment has begun, new values may need to be
assigned (e.g., for a new option type in DHCP, or a new encryption
or authentication transform for IPsec). To ensure that such
quantities have consistent values and interpretations across all
implementations, their assignment must be administered by a
central authority. For IETF protocols, that role is provided by
the Internet Assigned Numbers Authority (IANA).</t><t>
In order for IANA to manage a given namespace prudently, it needs
guidelines describing the conditions under which new values can be
assigned or when modifications to existing values can be made. If
IANA is expected to play a role in the management of a namespace,
IANA must be given clear and concise instructions describing that
role. This document discusses issues that should be considered in
formulating a policy for assigning values to a namespace and
provides guidelines for authors on the specific text that must be
included in documents that place demands on
IANA.</t><t> This document obsoletes RFC 2434. This
document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements.SIP: Session Initiation ProtocolThis document describes Session Initiation Protocol (SIP), an
application-layer control (signaling) protocol for creating,
modifying, and terminating sessions with one or more participants.
These sessions include Internet telephone calls, multimedia
distribution, and multimedia conferences. [STANDARDS TRACK]Message Body Handling in the Session Initiation Protocol
(SIP)This document specifies how message bodies are handled in SIP.
Additionally, this document specifies SIP user agent support for
MIME (Multipurpose Internet Mail Extensions) in message
bodies.Transmission Control
ProtocolUniversity of Southern California (USC)/Information
Sciences Institute4676 Admiralty WayMarina del ReyCA90291USThe SIP INFO MethodThis document proposes an extension to the Session Initiation
Protocol (SIP). This extension adds the INFO method to the SIP
protocol. The intent of the INFO method is to allow for the
carrying of session related control information that is generated
during a session. [STANDARDS TRACK]Interworking between the Session Initiation Protocol (SIP)
and QSIGThis document specifies interworking between the Session
Initiation Protocol (SIP) and QSIG within corporate
telecommunication networks (also known as enterprise networks).
SIP is an Internet application-layer control (signalling) protocol
for creating, modifying, and terminating sessions with one or more
participants. These sessions include, in particular, telephone
calls. QSIG is a signalling protocol for creating, modifying, and
terminating circuit-switched calls (in particular, telephone
calls) within Private Integrated Services Networks (PISNs). QSIG
is specified in a number of Ecma Standards and published also as
ISO/IEC standards. This document specifies an Internet Best
Current Practices for the Internet Community, and requests
discussion and suggestions for improvements.Hypertext Transfer Protocol --
HTTP/1.1Department of Information and
Computer ScienceUniversity of California, IrvineIrvineCA92697-3425+1(949)824-1715fielding@ics.uci.eduWorld Wide Web
ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682jg@w3.orgCompaq Computer
CorporationWestern Research Laboratory250 University AvenuePalo AltoCA94305mogul@wrl.dec.comWorld Wide Web
ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682frystyk@w3.orgXerox CorporationMIT Laboratory for Computer Science, NE43-3563333 Coyote Hill RoadPalo AltoCA94034masinter@parc.xerox.comMicrosoft
Corporation1 Microsoft WayRedmondWA98052paulle@microsoft.comWorld Wide Web
ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682timbl@w3.orgThe Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. It is a generic, stateless, protocol which can be used
for many tasks beyond its use for hypertext, such as name servers
and distributed object management systems, through extension of
its request methods, error codes and headers . A feature of HTTP
is the typing and negotiation of data representation, allowing
systems to be built independently of the data being
transferred.HTTP has been in use by the World-Wide Web global information
initiative since 1990. This specification defines the protocol
referred to as "HTTP/1.1", and is an update to RFC 2068 .User Datagram ProtocolUniversity of Southern California (USC)/Information
Sciences Institute4676 Admiralty WayMarina del ReyCA90291US+1 213 822 1511Internet Security Glossary, Version 2This Glossary provides definitions, abbreviations, and
explanations of terminology for information system security. The
334 pages of entries offer recommendations to improve the
comprehensibility of written material that is generated in the
Internet Standards Process (RFC 2026). The recommendations follow
the principles that such writing should (a) use the same term or
definition whenever the same concept is mentioned; (b) use terms
in their plainest, dictionary sense; (c) use terms that are
already well-established in open publications; and (d) avoid terms
that either favor a particular vendor or favor a particular
technology or mechanism over other, competing techniques that
already exist or could be developed. This memo provides
information for the Internet community.The Blocks Extensible Exchange
Protocol CoreInvisible Worlds, Inc.131 Stony CircleSuite 500Santa RosaCA95401US+1 707 578 2350mrose@invisible.nethttp://invisible.net/
Applications
application protocolsBEEPBXXPapplication frameworkThis memo describes a generic application protocol kernel for
connection-oriented, asynchronous interactions called the BEEP
(Blocks Extensible Exchange Protocol) core. BEEP permits
simultaneous and independent exchanges within the context of a
single application user-identity, supporting both textual and
binary messages.Secure/Multipurpose Internet Mail Extensions (S/MIME) Version
3.1 Message SpecificationThis document defines Secure/Multipurpose Internet Mail
Extensions (S/MIME) version 3.1. S/MIME provides a consistent way
to send and receive secure MIME data. Digital signatures provide
authentication, message integrity, and non-repudiation with proof
of origin. Encryption provides data confidentiality. Compression
can be used to reduce data size. This document obsoletes RFC 2633.
[STANDARDS TRACK]Best Current Practices for Third Party Call Control (3pcc) in
the Session Initiation Protocol (SIP)Third party call control refers to the ability of one entity to
create a call in which communication is actually between other
parties. Third party call control is possible using the mechanisms
specified within the Session Initiation Protocol (SIP). However,
there are several possible approaches, each with different
benefits and drawbacks. This document discusses best current
practices for the usage of SIP for third party call control. This
document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements.The Session Initiation Protocol (SIP) UPDATE MethodChange Process for the Session Initiation Protocol
(SIP)This memo documents a process intended to apply architectural
discipline to the future development of the Session Initiation
Protocol (SIP). There have been concerns with regards to new SIP
proposals. Specifically, that the addition of new SIP features can
be damaging towards security and/or greatly increase the
complexity of the protocol. The Transport Area directors, along
with the SIP and Session Initiation Proposal Investigation
(SIPPING) working group chairs, have provided suggestions for SIP
modifications and extensions. This document specifies an Internet
Best Current Practices for the Internet Community, and requests
discussion and suggestions for improvements.Caller Preferences for the Session Initiation Protocol
(SIP)This document describes a set of extensions to the Session
Initiation Protocol (SIP) which allow a caller to express
preferences about request handling in servers. These preferences
include the ability to select which Uniform Resource Identifiers
(URI) a request gets routed to, and to specify certain request
handling directives in proxies and redirect servers. It does so by
defining three new request header fields, Accept-Contact,
Reject-Contact, and Request-Disposition, which specify the
caller's preferences. [STANDARDS TRACK]Session Initiation Protocol for Telephones (SIP-T): Context
and ArchitecturesSession Initiation Protocol (SIP)-Specific Event
NotificationThis document describes an extension to the Session Initiation
Protocol (SIP). The purpose of this extension is to provide an
extensible framework by which SIP nodes can request notification
from remote nodes indicating that certain events have occurred.
[STANDARDS TRACK]Message Context for Internet MailThis memo describes a new RFC 2822 message header,
"Message-Context". This header provides information about the
context and presentation characteristics of a message. A receiving
user agent (UA) may use this information as a hint to optimally
present the message. [STANDARDS TRACK]Session Initiation Protocol (SIP) Extension for Instant
MessagingInstant Messaging (IM) refers to the transfer of messages
between users in near real-time. These messages are usually, but
not required to be, short. IMs are often used in a conversational
mode, that is, the transfer of messages back and forth is fast
enough for participants to maintain an interactive conversation.
This document proposes the MESSAGE method, an extension to the
Session Initiation Protocol (SIP) that allows the transfer of
Instant Messages. Since the MESSAGE request is an extension to
SIP, it inherits all the request routing and security features of
that protocol. MESSAGE requests carry the content in the form of
MIME body parts. MESSAGE requests do not themselves initiate a SIP
dialog; under normal usage each Instant Message stands alone, much
like pager messages. MESSAGE requests may be sent in the context
of a dialog initiated by some other SIP request. [STANDARDS
TRACK]Session Timers in the Session Initiation Protocol
(SIP)TCP-Based Media Transport in the Session Description Protocol
(SDP)This document describes how to express media transport over TCP
using the Session Description Protocol (SDP). It defines the SDP
'TCP' protocol identifier, the SDP 'setup' attribute, which
describes the connection setup procedure, and the SDP 'connection'
attribute, which handles connection reestablishment. [STANDARDS
TRACK]Basic Network Media Services with SIPIn SIP-based networks, there is a need to provide basic network
media services. Such services include network announcements, user
interaction, and conferencing services. These services are basic
building blocks, from which one can construct interesting
applications. In order to have interoperability between servers
offering these building blocks (also known as Media Servers) and
application developers, one needs to be able to locate and invoke
such services in a well defined manner.</t><t> This
document describes a mechanism for providing an interoperable
interface between Application Servers, which provide application
services to SIP-based networks, and Media Servers, which provide
the basic media processing building blocks. This memo provides
information for the Internet community.A Session Initiation Protocol (SIP) Event Package for Key
Press Stimulus (KPML)This document describes a SIP Event Package "kpml" that enables
monitoring of Dual Tone Multi-Frequency (DTMF) signals and uses
Extensible Markup Language (XML) documents referred to as Key
Press Markup Language (KPML). The kpml Event Package may be used
to support applications consistent with the principles defined in
the document titled "A Framework for Application Interaction in
the Session Initiation Protocol (SIP)". The event package uses
SUBSCRIBE messages and allows for XML documents that define and
describe filter specifications for capturing key presses (DTMF
Tones) entered at a presentation-free User Interface SIP User
Agent (UA). The event package uses NOTIFY messages and allows for
XML documents to report the captured key presses (DTMF tones),
consistent with the filter specifications, to an Application
Server. The scope of this package is for collecting supplemental
key presses or mid-call key presses (triggers). [STANDARDS
TRACK]Stream Control Transmission ProtocolThis document obsoletes RFC 2960 and RFC 3309. It describes the
Stream Control Transmission Protocol (SCTP). SCTP is designed to
transport Public Switched Telephone Network (PSTN) signaling
messages over IP networks, but is capable of broader
applications.</t><t> SCTP is a reliable transport
protocol operating on top of a connectionless packet network such
as IP. It offers the following services to its
users:</t><t> -- acknowledged error-free
non-duplicated transfer of user data,</t><t> -- data
fragmentation to conform to discovered path MTU
size,</t><t> -- sequenced delivery of user messages
within multiple streams, with an option for order-of-arrival
delivery of individual user messages,</t><t> --
optional bundling of multiple user messages into a single SCTP
packet, and</t><t> -- network-level fault tolerance
through supporting of multi-homing at either or both ends of an
association.</t><t> The design of SCTP includes
appropriate congestion avoidance behavior and resistance to
flooding and masquerade attacks. [STANDARDS TRACK]The Message Session Relay Protocol (MSRP)This document describes the Message Session Relay Protocol, a
protocol for transmitting a series of related instant messages in
the context of a session. Message sessions are treated like any
other media stream when set up via a rendezvous or session
creation protocol such as the Session Initiation Protocol.
[STANDARDS TRACK]Media Server Control Markup Language (MSCML) and
ProtocolMedia Server Control Markup Language (MSCML) is a markup
language used in conjunction with SIP to provide advanced
conferencing and interactive voice response (IVR) functions. MSCML
presents an application-level control model, as opposed to
device-level control models. One use of this protocol is for
communications between a conference focus and mixer in the IETF
SIP Conferencing Framework. This memo provides information for the
Internet community.Multiple Dialog Usages in the Session Initiation
ProtocolSeveral methods in the Session Initiation Protocol (SIP) can
create an association between endpoints known as a dialog. Some of
these methods can also create a different, but related,
association within an existing dialog. These multiple
associations, or dialog usages, require carefully coordinated
processing as they have independent life-cycles, but share common
dialog state. Processing multiple dialog usages correctly is not
completely understood. What is understood is difficult to
implement.</t><t> This memo argues that multiple
dialog usages should be avoided. It discusses alternatives to
their use and clarifies essential behavior for elements that
cannot currently avoid them.</t><t> This is an
informative document and makes no normative statements of any
kind. This memo provides information for the Internet
community.XML Schema for Media ControlThis document defines an Extensible Markup Language (XML)
Schema for video fast update in a tightly controlled environment,
developed by Microsoft, Polycom, Radvision and used by multiple
vendors. This document describes a method that has been deployed
in Session Initiation Protocol (SIP) based systems over the last
three years and is being used across real-time interactive
applications from different vendors in an interoperable manner.
New implementations are discouraged from using the method
described except for backward compatibility purposes. New
implementations are required to use the new Full Intra Request
command in the RTP Control Protocol (RTCP) channel. This memo
provides information for the Internet community.Voice Extensible Markup Language (VoiceXML) 2.1Media Resource Control Protocol Version 2 (MRCPv2)The MRCPv2 protocol allows client hosts to control media
service resources such as speech synthesizers, recognizers,
verifiers and identifiers residing in servers on the network.
MRCPv2 is not a "stand-alone" protocol - it relies on a session
management protocol such as the Session Initiation Protocol (SIP)
to establish the MRCPv2 control session between the client and the
server, and for rendezvous and capability discovery. It also
depends on SIP and SDP to establish the media sessions and
associated parameters between the media source or sink and the
media server. Once this is done, the MRCPv2 protocol exchange
operates over the control session established above, allowing the
client to control the media processing resources on the speech
resource server.Media Server Markup Language (MSML)The Media Server Markup Language (MSML) is used to control and
invoke many different types of services on IP Media Servers.
Clients can use it to define how multimedia sessions interact on a
Media Server and to apply services to individuals or groups of
users. MSML can be used, for example, to control Media Server
conferencing features such as video layout and audio mixing,
create sidebar conferences or personal mixes, and set the
properties of media streams. As well, clients can use MSML to
define media processing dialogs, which may be used as parts of
application interactions with users or conferences. Transformation
of media streams to and from users or conferences as well as IVR
dialogs are examples of such interactions, which are specified
using MSML. MSML clients may also invoke dialogs with individual
users or with groups of conference participants using
VoiceXML.This section covers several issues that one should take into
consideration when proposing new Info Packages.When designing an Info Package using the method described in this
document for application level information exchange, it is important
to consider: is INFO and, more importantly, is signaling within a SIP
dialog, an appropriate mechanism for the problem set? Is it because it
is the most reasonable and appropriate choice, or merely because "it's
easy"?These are difficult issues to consider, especially when presented
with real-world deadlines and implementation cost issues. However,
choosing to use INFO for inappropriate uses *will* lead to issues in
the real world, not the least of which are certain types of
middleboxes which will remove the device from the network if it is
found to cause damage to other SIP nodes.Therefore, the following sections provide consideration guidelines
and alternatives to INFO use.INFO, by design, is a method within an INVITE dialog usage. RFC 5057 enumerates the problems with using
dialogs for multiple usages, and we strongly urge the reader to review
RFC 5057. The most relevant issue is a failure of transmission or
processing of an INFO request may render the INVITE dialog terminated,
depending on the type of failure. Prior to RFC 5057 it was not clear
if the INFO usage was a separate usage or not. RFC 5057 clarifies the
INFO method is always part of the INVITE usage.Some uses of INFO can tolerate this fate sharing of the INFO
message over the entire dialog. For example, in the SIP-T usage, it
may be acceptable for a call to fail, or to tear down the call, if one
cannot deliver the associated SS7 information. The same is usually
true for DTMF. However, it may not be acceptable for a call to fail
if, for example, a DTMF buffer overflows. Then again, for some
services, that may be the exact desired behavior.There is no throttling mechanism for INFO. Consider that most call
signaling occurs on the order of 7-10 messages per 3 minutes, although
with a burst of 5-7 messages in one second during call setup. DTMF
tones occur in bursts at a rate of up to 20 messages per second. This
is a considerably higher rate than for call signaling. Sending
constant GPS location updates, on the other hand, would incur an undue
burden on SIP Proxies along the path.Furthermore, SIP messages tend to be relatively small, on the order
of 500 Bytes to 32K Bytes. SIP is a poor mechanism for direct exchange
of bulk data beyond these limits, especially if the headers plus body
exceed the UDP MTU. Appropriate
mechanisms for such traffic include MSRP, COMEDIA,
or HTTP.The first alternative for application level interaction is SIP
Events, also known as SUBSCRIBE/NOTIFY.
In this model, a user agent requests state information, such as key
pad presses from a device to an application server or key map images
from an application server to a device. The SUBSCRIBE creates a new
dialog that does not share the fate of the related INVITE-initiated
dialog. Moreover, using the SUBSCRIBE model enables multiple
applications to receive state updates. These applications can be
outside the media path and potentially outside the INVITE-initiated
dialog's proxy path. In fact, SIUBSCRIBE/NOTIFY is your only option if
you need to exchange data outside a communications session.SUBSCRIBE/NOTIFY messages pass through the SIP signaling
infrastructure, such as SIP Proxies and B2BUAs. Application designers
need to understand this can be a feature, as when the User Agents are
exchanging information that elements in the SIP signaling path need to
be aware of. Conversely, this can be a problem, as messages these
network elements have no interest in can put a significant burden on
those element's ability to process other traffic. Moreover, such
network elements may not be able to read end-to-end encrypted
SUBSCRIBE or NOTIFY bodies.Implementers do need to be aware the price of having a protocol
that works in all cases, can scale, can easily load balance, and will
not mysteriously fail a session in the event of state synchronization
failure does come at a cost. Session establishment is a minimum of two
messages in addition to the INVITE dialog establishment. If the
SUBSCRIBE application is co-resident with the INVITE application, the
application will have to manage two SIP dialogs instead of one.
Tracking the application level state dominates memory and processing
for some applications, and as such the doubling of SIP dialogs is not
an issue. However, for other applications, this may be an issue.The MESSAGE method defines one-time
instant message exchange, typically for sending MIME contents for
rendering to the user.Another model for application level information exchange is to
establish a communication channel in the media plane. One model for
this is MRCPv2. Here,
the INVITE-initiated dialog establishes a separate reliable,
connection-oriented channel, such as a TCP or SCTP
stream. One uses SIP to locate the remote endpoint, but uses a direct
connection for the UUI. One then can create whatever protocol one
wishes, whether from scratch (as in MRCPv2) or using a substrate such
as BEEP.A low latency requirement for the exchange of information is one
strong indicator for using a media channel. Exchanging information
through the SIP routing network can introduce hundreds of milliseconds
of latency. Also, if there will be a lot of information exchanged, and
there is no need for the SIP routing network to examine the
information, one should use a separate media channel.Another model is to use a totally externally signaled channel, such
as HTTP. In this model, the user agent
knows about a rendezvous point to direct HTTP requests to for the
transfer of information. Examples include encoding of a prompt to
retrieve in the SIP Request URI in RFC
4240 or the encoding of a SUBMIT target in a VoiceXML script.MSRP defines session-based instant
messaging as well as bulk file transfer and other such large-volume
uses. It is part of an INVITE-based session, similar to other media.
Unlike INFO, MSRP follows a direct media path, rather than through the
network elements composing the SIP signaling path.A common reason people in the past used INFO for application level
information exchange is the negotiation is very lightweight compared
to SUBSCRIBE/NOTIFY. This is more especially so if it is not certain
if there will be application level information exchange. The
SUBSCRIBE/NOTIFY machinery requires the user agents to exchange rich
capabilities and maintain state for additional SIP dialogs. However,
this is a weak argument if there is a high likelihood of application
level information exchange. In this case, we recommend the use of a
more robust application level information exchange protocol.What alternatives to INFO are there for UA-to-UA application
session signaling? As noted above, there are three broad classes of
session signaling available. The choice depends on the circumstances.
Following is a list of situations that have used INFO in the
past.State updatesUser stimulusDirect signaling channelProxy-aware signalingDialog probeThis is the broad class of one User Agent updating another with
changes in state. The design goal of the SUBSCRIBE/NOTIFY event framework is to meet
just this need.This is the class of the user entering stimulus at one User
Agent, and the User Agent transporting that stimulus to the other. A
key thing to realize is key presses on the telephone keypad is user
stimulus. Thus, the appropriate mechanism to use here is KPML.State updates and user stimulus tend to have relatively few
messages per session. Sometimes, User Agents need to exchange a
relatively high number of messages. In addition, User Agents may
have a need for a relatively low-latency exchange of messages. In
this latter case, the User Agent may not be able to tolerate the
latency introduced by intermediate proxies. Likewise, the
intermediate proxies may have no interest in processing all of that
data.In this case, establishing a separate, direct control channel, as
in MSRP or MRCPv2 is appropriate.In addition, not every situation requires a SIP solution. Some
signaling is really just one-shot to third-party endpoints. That
situation may better be handled using an appropriate protocol, such
as HTTP.Sometimes, one does want proxies to be in the signaling path for
UA-to-UA application signaling. In this case, the use of a SIP
request is appropriate. To date, there are no mechanisms for
completely disambiguating INFO requests. For example, one could
create a registry of INFO packages. The definition of the package
would define the contexts for the various MIME Content-Types, as
well as the context of the request itself. However, a package can
have multiple content types. Moreover, having the context, or
package identifier, at the SIP level precludes bundling multiple
contexts responding in the same INFO request. For example, a User
Agent might want to bundle two different responses in a
multipart/mixed MIME body type.Because there is no difference in either the protocol machinery
or registration process due to these factors, we will not create an
INFO framework. If one needs a SIP User Agent-to-SIP User Agent
application session signaling transport protocol that touches all
Record-Route proxies in a path, one MUST create a new SIP method as
described in Section 27.4 of RFC
3261.Some implementations in the wild use INFO to probe if an
INVITE-initiated dialog is alive. While this works, it is NOT
RECOMMENDED. In particular, RFC 4028
describes how to ensure an INVITE-initiated dialog is alive.Take the case of Malicious Indicator. This is where a subscriber
receives a call, realizes it is a malicious call (threatening, SPIT,
etc.). They then press the SPIT button (or press *xx), which tells
their service provider to mark the UAC as a bad actor. One might be
tempted to think that INFO would be a great option for this service.
It follows the return path of the INVITE, and so the INFO will hit
the caller's inbound proxy, which it can learn the caller is
(statistically) a bad actor. That way the inbound proxy can do stuff
like notify law enforcement, add a vote to "this is a SPIT source,"
or other useful action.However, consider a few issues. First, since INFO lives
exclusively within an established dialog, there is no way to assert
this message after the call completes. Second, this mechanism relies
on an active service provider topology. If there is no proxy in the
chain that will eat the INFO, the caller will see the "this is a bad
guy" message, which may have consequences in the real world. Third,
there is no a'priori way for the UAS to know whether or not it can
issue the INFO. The caller certainly will not advertise, "please
tell me if I am bad, particularly I know in advance that I *am* a
bad actor."One approach is for the service provider's proxy to SUBSCRIBE for
the SPIT event at the UAS. At this point, life is good,
interoperable, and works across networks. This enables events after
the dialog is torn down, as presumably the SPIT event will refer not
to, "this dialog," which does not exist, but to "that dialog
identifier," which exists (and is theoretically unique) forever.Another approach that saves considerably on the overhead of
subscriptions would be for the service provider to insert a HTTP URI
in the initial INVITE, noting it is for reporting malicious
behavior. When the subscriber presses the SPIT button, an HTTP POST
gets executed, delivering the call information to the service
provider. The service provider can encode basic call information in
the HTTP URI and can instruct the device to send whatever arbitrary
data is necessary in the POST. This method has the added benefit of
being entirely outside the real-time SIP proxy network.We do not intend this section to be a comprehensive catalog of INFO
usages. However, it should give the reader a flavor for current INFO
usages.SIP-T uses Content-Type to identify ISUP protocol elements in an
INFO message. See RFC3372.QSIG uses Content-Type to identify QSIG protocol elements in an
INFO message. See RFC4497.MSCML uses a Require to ensure the UAS understands that INFO
messages of the MSCML type are in fact MSCML messages. See RFC5022.MSML endpoints just know the INFO messages carry MSML and from the
Content-Type of the given INFO method request. See the MSML draft.Microsoft, Polycom, and Radvision used INFO messages as an interim
solution for requesting fast video update before the ability to
request I-Frames in RTCP was available. See the XML Schema for Media Control for more
information.[EDITOR'S NOTE: Are there public references? The AS5300
documentation from Cisco describes Cisco's use of INFO to carry DTMF.
Anyone else want to belly up to the bar and have us collect your
proprietary DTMF INFO payload here?]We are standing on the shoulders of giants. Jonathan Rosenberg did
the original "INFO Considered Harmful" Internet Draft on 26 December
2002, which influenced the work group and this document. Likewise, Dean
Willis influenced the text from his Internet Draft, "Packaging and
Negotiation of INFO Methods for the Session Initiation Protocol" of 15
January 2003. Four paragraphs come from Jonathan Rosenberg's INFO Litmus
draft. My, we have been working on this for a long time!This and other related drafts have elicited well over 450 messages on
the SIP list. People who have argued with its thesis, supported its
thesis, added to the examples, or argued with the examples, include the
following individuals:Adam Roach, Bram Verburg, Brian Stucker, Chris Boulton, Cullen
Jennings, Dale Worley, Dean Willis, Frank Miller, Gonzalo Camarillo,
Gordon Beith, Henry Sinnreich, James Jackson, James Rafferty, Jeroen
van Bemmel, Joel Halpern, John Elwell, Johnathan Rosenberg, Juha
Heinanen, Keith Drage, Kevin Attard Compagno, Manpreet Singh, Martin
Dolly, Mary Barnes, Michael Procter, Paul Kyzivat, Peili Xu, Peter
Blatherwick, Raj Jain, Rayees Khan, Robert Sparks, Roland Jesske,
Salvatore Loreto, Sam Ganesan, Sanjay Sinha, Spencer Dawkins, Steve
Langstaff, Sumit Garg, and Xavier Marjou.John Elwell and Francois Audet helped with QSIG references. In
addition, Francois Audet provided actual text for the revised abstract.
Keith Drage gave lots of excellent comments and helped immensely with
.The work group version of this document benefited from the close
readings and comments from John Elwell, Paul Kyzivat, Dean Willis, Francois Audet, Dale
Worley, Andrew Allen, Adam Roach, Anders Kristensen, Gordon Beith,
Ben Campbell, Bob Penfield, Keith Drage, Jeroen van Bemmel, Mary
Barnes, and Salvatore Loreto.Since publication of the first work group version of this document,
we have had over 329 messages. New voices in addition to those included
above includeArun Arunachalam, Christian Stredicke, Eric Rescorla, Inaki Baz
Castillo, and Roni Evan.However, any errors and issues we missed are still our own.[RFC EDITOR NOTE: Please remove this section when publishing]Changes from -02Applicability statement explicitly says we're backwards
compatibleExplicitly state we work like UPDATE (both early and confirmed
dialogs)Agreed text for IANA Considerations package registryChanges from -01One and only one Info Package per INFORemoved Send-Info header, greatly simplifying negotiationMultiple body part identification through Content-Disposition:
Info-PackageNote that forking INVITEs may result in multiple INFO's coming
back to INVITE originatorDescribe how a UAS can enforce strict adherence to this
documentRemove CANCEL INFO faux pasBetter explained overlapping INFO issues and resolutionsToken names are now really case sensitiveMoved Info Package Considerations to an AppendixIntroduced stronger, yet more open, IANA registration processTook a few more paragraphs from INFO Litmus to cover all
bases.Added RFC 5168 to legacy usagesChanges from -00Corrected ABNF.Enabled sending of legacy INFO messages. Receiving legacy INFO
messages was already here.Negotiation is not Offer/Answer, it is Offer/Offer.Created the explicit "nil" Info Package to indicate no info
package.Fixed CANCEL impacting future transactions.Added Registrar behavior.Added OPTIONS processing.Clarified overlapping INFO method processing.Described multiple INFO bodies in a single INFO method.Took out Info-Package as a header for responses to the INFO
method.Expanded on risks of using INFO and filled-in more on the
alternativesMoved definitions of INFO into the body of the text and cleaned
up IANA Considerations sectionAdded legacy usages descriptions