Dispatch Working GroupInternet Engineering Task Force (IETF) R. Atarius, Ed.Intended status: Informational Expires: December 12,Request for Comments: 8465 September 2018 Category: Informational ISSN: 2070-1721 Using the Mobile Equipment Identity (MEID)Uniform Resource Name (URN)URN as an Instance IDdraft-atarius-dispatch-meid-urn-as-instanceid-08Abstract Thisspecificationdocument specifies how the Uniform Resource Name (URN) namespace reserved for the Third Generation Partnership Project 2 (3GPP2) identities and its Namespace Specific String (NSS) for the Mobile Equipment Identity (MEID) can be used as aninstance-id. ItsInstance ID. The purpose of this Instance ID is to fulfill the requirements for defining how a specific URN needs to be constructed and used in the "+sip.instance" Contact header field parameter for outbound behavior. Status of This Memo ThisInternet-Draftdocument issubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsnot an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draftthe IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documentsvalidapproved by the IESG are candidates fora maximumany level of Internet Standard; see Section 2 of RFC 7841. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 12, 2018.https://www.rfc-editor.org/info/rfc8465. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. 3GPP2 Use Cases . . . . . . . . . . . . . . . . . . . . . . . 4 5. User Agent Client Procedures . . . . . . . . . . . . . . . . 5 6. User Agent Server Procedures . . . . . . . . . . . . . . . . 5 7. 3GPP/3GPP2 SIP Registrar Procedures . . . . . . . . . . . . .65 8. IANAconsiderationsConsiderations . . . . . . . . . . . . . . . . . . . . . 6 9. SecurityconsiderationsConsiderations . . . . . . . . . . . . . . . . . . . 6 10.AcknowledgmentsReferences . . . . . . . . . . . . . . . . . . . . . . . . . 711.10.1. Normative References . . . . . . . . . . . . . . . . . . 7 10.2. Informative References . . . . . . .7 11.1. Normative references. . . . . . . . . . 8 Acknowledgments . . . . . . . .7 11.2. Informative references. . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . .89 1. Introduction Thisspecificationdocument specifies how the Uniform Resource Name (URN) namespace reserved for Third Generation Partnership Project 2 (3GPP2) identities and its Namespace Specific String (NSS) for the Mobile Equipment Identity (MEID) as specified indraft-atarius-dispatch- meid-urn [9]RFC 8464 [10] can be used as aninstance-idInstance ID as specified in RFC 5626[3][4] and also as used by RFC 5627[4].[5]. RFC 5626[3][4] specifies the "+sip.instance" Contact header field parameter that contains a URN as specified in RFC 8141[5].[6]. Theinstance-idInstance ID uniquely identifies a specific User Agent (UA) instance. Thisinstance-idInstance ID is used as specified in RFC 5626[3][4] so that the Session Initiation Protocol (SIP) registrar (as specified in RFC 3261[1])[2]) can recognize that the contacts from multiple registrations correspond to the same UA. Theinstance-idInstance ID is also used as specified by RFC 5627[4][5] to create Globally Routable User Agent URIs (GRUUs) that can be used to uniquely address a UA when multiple UAs are registered with the same Address of Record (AoR). RFC 5626[3][4] requires that a UA SHOULD create a Universally Unique Identifier (UUID) URN as specified in RFC 4122[8][9] as itsinstance-idInstance ID butallowsallow for the possibility to use other URN schemes. RFC 5626[3][4] states:"IfIf a URN scheme other than UUID is used, the UA MUST only use URNs for which an RFC (from the IETF stream) defines how the specific URN needs to be constructed and used in the "+sip.instance" Contact header field parameter for outboundbehavior."behavior. This specification meets this requirement by specifying how the 3GPP2 MEID URN is used in the "+sip.instance" Contact header field parameter for outbound behavior anddraft-atarius-dispatch-meid-urn [9]RFC 8464 [10] specifies how the 3GPP2 MEID URN is constructed. The 3GPP2 MEID URN is a URN for the MEID a globally unique identifier that identifies mobile devices used in the 3GPP2 networks. The MEID allocation is managed by the 3GPP2 to ensure that the MEID values are globally unique. Details of the formatting of the MEID as a URN are specified indraft-atarius-dispatch-meid-urn [9]RFC 8464 [10] and the definition of the MEID is contained in 3GPP2 S.R0048-A[12].[13]. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described inRFC 8174 [6].BCP 14 [1] [7] when, and only when, they appear in all capitals, as shown here. 3. Background Mobile communication has been rapidly improved fromlow bit rate circuit switched systemlow-bit-rate circuit-switched systems to thehigher data rate packet switchedhigher-data-rate packet-switched system. Thepacket switchedpacket-switched system has added the mobile capability of Internet Protocol (IP)connectivity and therebyconnectivity; thereby, the IP Multimedia Subsystem (IMS) have madeSIP basedSIP-based calls and IP multimedia sessions from mobile devices possible. 3GPP2 defines High Rate Packet Data (HRPD) with high dataratesrates, and it dispenses with the 1x Circuit Switched (1xCS) infrastructure. This means that with HRPD networks, voice calls will need to be conducted using IP and IMS. However,the transition to all IP, SIP basedSIP-based IMS networksworldwidewill take a great many years from the time ofthiswritingandto transition to the use of all IP; mobile devices will need to operate in both IP/SIP/IMS mode andcircuit switchedcircuit-switched mode. This means that calls and sessions will need to be handed over between IP/SIP/IMS mode andcircuitcircuit- switched mode mid-call or mid-session. To achievethisthis, the mobile device needs to simultaneously communicate via both the IP/SIP/IMS domain and thecircuit switchedcircuit-switched domain. To meet thisneedneed, 3GPP2 has specified how to maintainvoice sessionvoice-session continuity between the IP/SIP/IMS domain and thecircuit switchedcircuit-switched domain in 3GPP2S.X0042-B [13].S.X0042-A [14]. In order for the mobile device to access SIP/IMS voice service via thecircuit switched domaincircuit-switched domain, 3GPP2 has specified that a Mobile Switching Center (MSC) servereither via IMS Media Gateway Control Function (MGCF) or directly, if enhanced by SIP interface, controlswill control mobile voice call setup over thecircuit switchedcircuit-switched radio access while establishing the corresponding voice session in the core network using SIP/IMS. The specified MSC server operates either via an IMS Media Gateway Control Function (MGCF) or directly if it is enhanced by SIP interface. To enable this, the mobile device MUST be identified in both the 1xCS and IP/SIP/IMS domains. The only mobile device identifier that is transportable using 1xCS signaling is theMEID thereforeMEID; therefore, theinstance-idInstance ID included by the MGCF or the MSCserver,server and theinstance-idInstance ID directly included by the mobile device both need to be based on the MEID. Additionally in order to meet the above requirements, the same MEID that is obtained from thecircuit switchedcircuit-switched signaling by the MSC server needs to be obtainable from SIP signaling so that it can be determined that both the SIP signaling andcircuit switchedcircuit-switched signaling originate from the same mobile device. 4. 3GPP2 Use Cases 1. The mobile device includes its MEID in the SIP REGISTER request so that the SIP registrar can perform a check of the Equipment Identity Register (EIR) to verify if this mobile device is allowed or barred from accessing the network for non-emergency services (e.g., because it has been stolen). If the mobile device is not allowed to access the network for non-emergencyservicesservices, the SIP registrar can reject the registration.ThusThus, a barred mobile device is prevented from accessing the network for non-emergency services. 2. The mobile device includes its MEID in SIP INVITE requests used to establish emergency sessions. This is so that the Public Safety Answering Point (PSAP) can obtain the MEID of the mobile device for identification purposes if required by regulations. 3. The inclusion by the mobile device of its MEID in SIP INVITE requests used to establish emergency sessions is also used in the cases of unauthenticated emergency sessions to enable the network to identify the mobile device. This is especially important if the unauthenticated emergency session is handed over from thepacket switchedpacket-switched domain to thecircuit switchedcircuit-switched domain. In thisscenarioscenario, the MEID is the only identifier that is common to both domains. The Emergency Access Transfer Function(EATF)(EATF), which coordinates the call transfer between the domains, can thus use the MEID to identify that thecircuit switchedcircuit-switched call is from the same mobile device that was in the emergency session in thepacket switchedpacket-switched domain. 5. User Agent Client Procedures A single mode 3GPP2 User Agent Client(UAC)(UAC), which uses only 3GPP2 technology to transmit and receive voice ordatadata, has an MEID as specified in 3GPP2 S.R0048-A[12].[13]. The single mode 3GPP2 UAC that is registering with a 3GPP2 IMS network includes in the "sip.instance" media feature tag the 3GPP2 MEID URN according to the syntax specified indraft-atarius-dispatch-meid-urn [9]RFC 8464 [10] when performing the registration procedures specified in RFC 5626[3][4] or RFC 5627[4] or[5] (or any other procedure requiring the inclusion of the "sip.instance" media featuretag.tag). A UAC MUST NOT use the 3GPP2 MEID URN as aninstance-idInstance ID except when registering with a 3GPP2 IMS network. When a UAC is operating in IMSmodemode, it will obtain the domain of the carrier's IMS network to register with, from the Universal Integrated Circuit Card (UICC),pre-configuration,preconfiguration, or the network at the time of establishing the Packet Data Protocol (PDP) context. These three methods are carrier specific and are only performed by the carrier IMS networks. The UAC will also obtain the address of the IMS edge proxy to send the REGISTER request containing the MEID using information elements in the Attach response when it attempts to connect to thecarrierscarrier's packet data network. When registering with a non-3GPP or non-3GPP2 IMSnetworknetwork, a UAC SHOULD use aUniversally Unique Identifier (UUID)UUID as aninstance-idInstance ID as specified in RFC 5626[3].[4]. A UAC MUST NOT include the "sip.instance" media feature tag containing the 3GPP2 MEID URN in the Contact header field of non- REGISTER requests except when the request is related to an emergency session.Regulatory requirementsRegulations can require that the MEIDtobe provided to the PSAP. Any future exceptions to this prohibition require an RFC that addresses how privacy is not violated by suchausage. 6. User Agent Server Procedures A User Agent Server (UAS) MUST NOT include its "sip.instance" media feature tag containing the 3GPP2 MEID URN in the Contact header field of responses except when the response is related to an emergency session.Regulatory requirementsRegulations can require the MEID to be provided to the PSAP. Any future exceptions to this prohibition require an RFC that addresses how privacy is not violated by suchausage. 7. 3GPP/3GPP2 SIP Registrar Procedures In 3GPP/3GPP2IMSIMS, when the SIP Registrar receives in the Contact header field a "sip.instance" media feature tag containing the 3GPP2 MEID URN according to the syntax specified indraft-atarius-dispatch- meid-urn [9]RFC 8464 [10], the SIP registrar follows the procedures specified in RFC 5626[3].[4]. The MEID URN MAY be validated as described in thedraft-atarius-dispatch-meid-urn [9].RFC 8464 [10]. If the UA indicates that it supports the extension in RFC 5627[4][5] and the SIP Registrar allocates a GRUU according to the procedures specified in RFC 5627[4][5], theinstance-idInstance ID MUST be obfuscated when creating the "gr" parameter in order not to reveal the MEID to other UAs when the public GRUU is included in non-REGISTER requests and responses. 3GPP TS 24.229[10][11] subclause 5.4.7A.2 specifies the mechanism for obfuscating the MEID when creating the "gr" parameter. 8. IANAconsiderationsConsiderations This documentdefineshas noitems requiring action by IANA.IANA actions. 9. SecurityconsiderationsConsiderations SinceMEIDsMEIDs, like other formats ofinstance-idsInstance IDs, can be correlated to a user, they are personally identifiable information and MUST be treated as such. In particular, the "sip.instance" media feature tag containing the 3GPP2 MEID URN MUST NOT be included in requests or responses intended to convey any level of anonymity, as this could violate theusersuser's privacy. RFC 5626[3] states "One[4] states: One case where a UA could prefer to omit the "sip.instance" media feature tag is when it is making an anonymous request or some other privacy concern requires that the UA not reveal itsidentity".identity. The same concerns apply when using the 3GPP2 MEID URN as aninstance-id.Instance ID. Publication of the 3GPP2 MEID URN to networks that the UA is not attached to or the UA does not have a service relationship with is a securitybreach andbreach; the "sip.instance" media feature tag MUST NOT be forwarded by the service provider's network elements when forwarding requests or responses towards the destination UA. The 3GPP2 MEID URN MUST NOT accidentally leak in other contexts, such as and in particular when application servers subscribe to user registration state using the event package defined in RFC 3680[2].[3]. Additionally, aninstance-idInstance ID containing the 3GPP2 MEID URN identifies a mobile device and not a user. Theinstance-idInstance ID containing the 3GPP2 MEID URN MUST NOT be used alone as an address for a user or as an identification credential for a user. The GRUU mechanism specified in RFC 5627[4][5] provides a means to create URIs that address the user at a specific device orUser Agent.UA. Entities that log theinstance-idInstance ID need to protect them as personally identifiable information.Regulatory requirementsRegulations can require carriers to log SIP MEIDs. In order to protect the "sip.instance" media feature tag containing the 3GPP2 MEID URN from being tampered with, those REGISTER requests containing the 3GPP2 MEID URN MUST be sent using a security mechanism such as Transport Layer Security (TLS) as specified in RFC4346 [7]8446 [8] or any other security mechanism that provides equivalent levels of protection such as hop-by-hop security based upon IP Security (IPsec). 10.Acknowledgments This document draws heavily on draft-atarius-dispatch-meid-urn [9] and also on the style and structure used in RFC 7255 [11]. The author thanks for the detailed comments, provided by Andrew Allen. 11.References11.1.10.1. NormativereferencesReferences [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, DOI 10.17487/RFC3261, June 2002, <https://www.rfc-editor.org/info/rfc3261>.[2][3] Rosenberg, J., "A Session Initiation Protocol (SIP) Event Package for Registrations", RFC 3680, DOI 10.17487/RFC3680, March 2004, <https://www.rfc-editor.org/info/rfc3680>.[3][4] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed., "Managing Client-Initiated Connections in the Session Initiation Protocol (SIP)", RFC 5626, DOI 10.17487/RFC5626, October 2009, <https://www.rfc-editor.org/info/rfc5626>.[4][5] Rosenberg, J., "Obtaining and Using Globally Routable User Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)", RFC 5627, DOI 10.17487/RFC5627, October 2009, <https://www.rfc-editor.org/info/rfc5627>.[5][6] Saint-Andre, P. and J. Klensin, "Uniform Resource Names (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017, <https://www.rfc-editor.org/info/rfc8141>.[6][7] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.[7] Dierks, T. and E.[8] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version1.1",1.3", RFC4346,8446, DOI10.17487/RFC4346, April 2006, <https://www.rfc-editor.org/info/rfc4346>. [8]10.17487/RFC8446, August 2018, <https://www.rfc-editor.org/info/rfc8446>. [9] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, DOI 10.17487/RFC4122, July 2005, <https://www.rfc-editor.org/info/rfc4122>.[9][10] Atarius, R., "AUniform Resource NameURN Namespace fortheDevice Identity andtheMobile Equipment Identity (MEID)",Internet Draft draft-atarius-dispatch-meid-urn, January 2018. [10]RFC 8464, DOI 10.17487/RFC8464, September 2018, <https://www.rfc-editor.org/info/rfc8464>. [11] 3GPP,"TS 24.229: IP"IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage3 (Release 10)",3", 3GPP 24.229, Version 10.13.0, Release 10, September 2013,<ftp://ftp.3gpp.org/Specs/ archive/24_series/24.229/>. 11.2.<ftp://ftp.3gpp.org/Specs/archive/24_series/24.229/>. 10.2. Informativereferences [11]References [12] Allen, A., Ed., "Using the International Mobile station Equipment Identity (IMEI) Uniform Resource Name (URN) as an Instance ID", RFC 7255, DOI 10.17487/RFC7255, May 2014, <https://www.rfc-editor.org/info/rfc7255>.[12][13] 3GPP2,"S.R0048-A: 3G"3G Mobile Equipment Identifier (MEID) - Stage 1, Version 4.0",3GPP2 S.R0048-AStage 1, Version 4.0, 3GPP2 S.R0048-A, June 2005.[13][14] 3GPP2,"S.X0042-B: Voice"Voice Call Continuity between IMS and Circuit Switched Systems - Version 1.0", Version 1.0, 3GPP2S.X0042-BS.X0042-A 1.0,December 2013.August 2008, <https://www.3gpp2.org/Public_html/Specs/ X.S0042-A_v1.0_080904.pdf>. Acknowledgments This document draws heavily on RFC 8464 [10] and also on the style and structure used in RFC 7255 [12]. The author thanks Andrew Allen for the detailed comments. Author's Address Roozbeh Atarius (editor) Email:r_atarius@motorola.comratarius@motorola.com