<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?><!DOCTYPE rfc SYSTEM"rfc2629.dtd">"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std" consensus="true" ipr="trust200902" updates="6442"docName="draft-ietf-sipcore-locparam-06"> <?rfc strict="yes" ?> <?rfc toc="yes"?> <?rfc tocdepth="4"?> <?rfc symrefs="yes"?> <?rfc iprnotified="no" ?> <?rfc sortrefs="yes" ?> <?rfc compact="yes" ?> <?rfc subcompact="no" ?>docName="draft-ietf-sipcore-locparam-06" number="8787" obsoletes="" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" version="3"> <front> <title abbrev="Location Parameter">Location Source Parameter for the SIP Geolocation Header Field</title> <seriesInfo name="RFC" value="8787"/> <author initials="J." surname="Winterbottom" fullname="James Winterbottom"> <organization>Winterb Consulting Services</organization> <address> <postal> <street/> <city>Gwynneville</city> <region>NSW</region> <code>2500</code><country>AU</country><country>Australia</country> </postal> <phone>+61 448 266004</phone> <email>a.james.winterbottom@gmail.com</email> </address> </author> <author initials="R." surname="Jesske" fullname="Roland Jesske"> <organization>Deutsche Telekom</organization> <address> <postal> <street>Heinrich-Hertz Str, 3-7</street> <city>Darmstadt</city> <code>64295</code> <country>Germany</country> </postal><phone></phone><phone/> <email>r.jesske@telekom.de</email> <uri>www.telekom.de</uri> </address> </author> <author initials="B." surname="Chatras" fullname="Bruno Chatras"> <organization>Orange Labs</organization> <address> <postal> <street>44, avenue de laRépublique</street> <city>ChâtillonRepublique</street> <city>Chatillon </city> <code>F-92320</code> <country>France</country> </postal><phone></phone><phone/> <email>bruno.chatras@orange.com</email> </address> </author> <author fullname="Andrew Hutton" initials="A." surname="Hutton"> <organization>Atos</organization> <address> <postal> <street>Mid City Place</street> <city>London</city> <code>WC1V 6EA</code><country>UK</country><country>United Kingdom</country> </postal><phone></phone><phone/> <email>andrew.hutton@atos.net</email> </address> </author> <dateyear="2020"/>year="2020" month="May"/> <area>ART</area> <workgroup>SIPCORE</workgroup><keyword>Internet-Draft</keyword><keyword>Emergency</keyword> <keyword>Call</keyword> <keyword>Location</keyword> <abstract> <t>There are some circumstances where a Geolocation header field may contain more than one locationValue. Knowing the identity of the node adding the locationValue allows the recipient more freedom in selecting the value to look at first rather than relying solely on the order of the locationValues. This document defines the "loc-src" parameter so that the entity adding the locationValue to the Geolocation header field can identify itself using its hostname. This document updates RFC 6442. </t> </abstract> </front> <middle><!-- ***************************************************************************************************** --><section anchor="intro"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t> The SIP Geolocation specification <xreftarget="RFC6442"/>target="RFC6442" format="default"/> describes the "Geolocation" SIP headerfieldfield, which is used to indicate that the SIP message is conveying location information. <xreftarget="RFC6442"/>target="RFC6442" format="default"/> specifies that SIP intermediaries should not add locationValues to a SIP request that already contains a locationValue. <xreftarget="RFC6442"/>target="RFC6442" format="default"/> also states that if a SIP intermediary addslocationlocation, it is fully responsible for addressing the concerns of any 424 (Bad Location Information) SIP response it receives. However, some communications architectures, such as 3GPP <xreftarget="TS23-167"/>target="TS23-167" format="default"/> and ETSI <xreftarget="M493"/>,target="M493" format="default"/>, prefer to use information provided by edge proxies or acquired through the use of core-networknodes,nodes before using information provided solely by user equipment (UE). These solutions don't preclude the use of UE-provided location but require a means of being able to distinguish the identity of the node adding the locationValue to the SIP message from that provided by the UE. </t> <t> <xreftarget="RFC6442"/>target="RFC6442" format="default"/> stipulates that the order of locationValues in the Geolocation header field is the same as the order in which they were added to the header field. Whilst this order provides guidance to the recipient as to which values were added to the message earlier in the communication chain, it does not identify which node added the locationValue. Knowing the identity of the entity that added the location to the message allows the recipient to choose which location to consider first rather than relying solely on the order of the locationValues in the Geolocation header field. </t> <t> This document extends the Geolocation header field of <xreftarget="RFC6442"/>,target="RFC6442" format="default"/> by allowing an entity adding the locationValue to identify itself using a hostname. This is done by defining a new geoloc-param header field parameter, "loc-src". How the entity adding the locationValue to the header field obtains the location information is out of scope of this document. Please note that the "loc-src" parameter field does not alter the subject of the locationValue. </t> </section><!-- ***************************************************************************************************** --><section anchor="terminology"title="Terminology"> <t>Thenumbered="true" toc="default"> <name>Terminology</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> </section><!-- ***************************************************************************************************** --> <?rfc needLines="30" ?><section anchor="rationale"title="Rationale">numbered="true" toc="default"> <name>Rationale</name> <t>The primary intent of the "loc-src" parameter in this specification is for use in emergency calling. There are various architectures defined for providing emergency calling using SIP-based messaging. Each has its own characteristics with corresponding pros and cons. All of them allow the UE to provide location information; however, many also attach other sources of location information to support veracity checks, to provide backup information, or to be used as the primary location. </t> <t> This document does not comment on these various architectures or on the rationale for including multiple locationValues. It does recognize that these architectures exist and that there is a need to identify the entity adding the location information. </t> <t>The "loc-src" parameter adds the location source generating the locationValue to allow recipients to make informed decisions about which of the multiple values to use. </t> <t> The "loc-src" parameter is applicable within a single private administrative domain or between different administrative domains where there is a trust relationship between the domains.ThusThus, it is intended to use this parameter only in trust domains where Spec(T) as described in <xreftarget="RFC3325"/>target="RFC3325" format="default"/> exists. </t> <t>The "loc-src" parameter is not included in a SIP message sent to another network if there is no trust relationship. The "loc-src" parameter is not applicable if the administrative domain manages emergency calls in a way that does not require any generation of the location. </t> <t> The functional architecture to support emergency caller location described within ETSI <xreftarget="M493"/>target="M493" format="default"/> is an example of an architecture where it makes sense to use this parameter. </t> </section> <section anchor="mechanism"title="Mechanism">numbered="true" toc="default"> <name>Mechanism</name> <t> The mechanism adds a geoloc-param parameter to the locationValue defined in <xreftarget="RFC6442"/>target="RFC6442" format="default"/> that identifies the hostname of the entity adding the locationValue to the Geolocation header field. The Augmented BNF (ABNF) <xreftarget="RFC5234"/>target="RFC5234" format="default"/> for this parameter is shown in <xreftarget="ABNF"/>.target="ABNF" format="default"/>. </t> <figureanchor="ABNF" title="Location Source"><artwork><![CDATA[anchor="ABNF"> <name>Location Source</name> <sourcecode type="abnf"><![CDATA[ location-source =“loc-src”"loc-src" EQUAL hostname hostname = <defined inRFC3261> ]]></artwork></figure>RFC 3261> ]]></sourcecode> </figure> <t> Only a fully qualified host name is valid. The syntax does not support IP addresses, and if an entity conforming to this specification receives a Geolocation header field with a "loc-src" parameter containing an IP address, itMUST<bcp14>MUST</bcp14> remove the parameter.</t> <t>A SIP intermediary conformant to this specification adding a locationValue to a Geolocation header fieldSHOULD<bcp14>SHOULD</bcp14> also add a "loc-src" header field parameter so that it is clearly identified as the node adding the location. A User Agent (UA)MUST NOT<bcp14>MUST NOT</bcp14> insert a "loc-src" header field parameter. If a SIP intermediary receives a message from an untrusted source with the "loc-src" parametersetset, then itMUST<bcp14>MUST</bcp14> remove the "loc-src" parameter before passing the message into a trusted network. </t> </section><!-- ***************************************************************************************************** --> <!-- ***************************************************************************************************** --><section anchor="example"title="Example">numbered="true" toc="default"> <name>Example</name> <t> The following example shows a SIP INVITE message containing a Geolocation header field with two locationValues. The first locationValue points to aPIDF-LOPresence Information Data Format Location Object (PIDF-LO) in the SIP body using a content-indirection (cid:) URI per <xreftarget="RFC4483"/>target="RFC4483" format="default"/>, and this is provided by the UE. The second locationValue is an https URI provided by a SIPintermediaryintermediary, which identifies itself using the "loc-src" parameter. </t> <figureanchor="locationRequest" title="Exampleanchor="locationRequest"> <name>Example Location Request (intrust domain)"><artwork><![CDATA[Trust Domain)</name> <sourcecode> INVITE sip:bob@biloxi.example.com SIP/2.0 Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bK74bf9 Max-Forwards: 70 To: Bob<sip:bob@biloxi.example.com><sip:bob@biloxi.example.com> From: Alice<sip:alice@atlanta.example.com>;tag=9fxced76sl<sip:alice@atlanta.example.com>;tag=9fxced76sl Call-ID: 3848276298220188511@atlanta.example.com Geolocation:<cid:target123@atlanta.example.com>, <https://lis.example.com:8222/y77syc7cuecbh>;<cid:target123@atlanta.example.com>, <https://lis.example.com:8222/y77syc7cuecbh>; loc-src=edgeproxy.example.com Geolocation-Routing: yes Accept: application/sdp, application/pidf+xml CSeq: 31862 INVITE Contact:<sip:alice@atlanta.example.com><sip:alice@atlanta.example.com> Content-Type: multipart/mixed; boundary=boundary1 Content-Length: ...]]></artwork></figure></sourcecode> </figure> </section><!-- ***************************************************************************************************** --> <!-- ***************************************************************************************************** --><section anchor="privacy"title="Privacy Considerations">numbered="true" toc="default"> <name>Privacy Considerations</name> <t>This document doesn't change any of the privacy considerations described in <xreftarget="RFC6442"/>.target="RFC6442" format="default"/>. While the addition of the "loc-src" parameter identifies the entity that added the location in the signaling path, this addition provides little more exposure than adding a proxy identity to the Record-Route header field (privacy defined in <xreftarget="RFC3323"/>).</t>target="RFC3323" format="default"/>).</t> </section><!-- ***************************************************************************************************** --><section anchor="security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>This document introduces the ability of a SIP intermediary to insert a host name indicating that they added the specific locationValue to the Geolocation header field. The intent is for this field to be used by the location recipient in the event that the SIP message contains multiple locationValues. As aconsequenceconsequence, this parameter should only be used by the location recipient in a trusted network. Adding this parameter in an untrusted network serves solely to give location information to untrustedparties,parties and isNOT RECOMMENDED.<bcp14>NOT RECOMMENDED</bcp14>. </t> <t> As already stated in <xreftarget="RFC6442"/>,target="RFC6442" format="default"/>, securing the locationhop-by-hop,hop by hop, using TLS, protects the message from eavesdropping and modification intransit,transit but exposes the information to all SIP intermediaries on the path as well as the endpoint. The "loc-src" parameter is applicable within a single private administrative domain or between different administrative domains where there is a relationship between the domains. If such a trust relationship is not given, it is strongly recommended to delete the location information. </t> <t> The use of this parameter is not restricted to a specificarchitecturearchitecture, but using multiple locations and loc-src may end in compatibility issues. <xreftarget="RFC6442"/>target="RFC6442" format="default"/> already addresses the issue of multiple locations. To avoid problems of a possible corruption of the location information including the "loc-src" parameter when usingaan untrusted relationship, it is strongly recommended to delete location information when passed to another domain out of the trust domain. </t> </section><!-- ***************************************************************************************************** --><section anchor="iana"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <sectiontitle="Registrationnumbered="true" toc="default"> <name>Registration ofloc-src parameter"loc-src" Parameter for Geolocationheader field"> <t> The IANA is asked to addHeader Field</name> <t>IANA has added a new SIP header field parameter for the Geolocation header field in the "Header Field Parameters and Parameter Values" subregistry (created by <xreftarget="RFC3968"/>)target="RFC3968" format="default"/>) of the "Session Initiation Protocol (SIP) Parameters" registry found athttps://www.iana.org/assignments/sip-parameters/. <list style="hanging"> <t hangText="Header Field:">Geolocation</t> <t hangText="Parameter Name:">loc-src</t> <t hangText="Predefined Values:">No</t> <t hangText="Reference:">this RFC</t> </list><eref target="https://www.iana.org/assignments/sip-parameters/" brackets="angle"/>. </t> <dl newline="false" spacing="normal"> <dt>Header Field:</dt> <dd>Geolocation</dd> <dt>Parameter Name:</dt> <dd>loc-src</dd> <dt>Predefined Values:</dt> <dd>No</dd> <dt>Reference:</dt> <dd>RFC 8787</dd> </dl> </section> </section><!-- ***************************************************************************************************** --> <section title="Acknowledgements"> <t>The authors would like to thank Dale Worley, Christer Holmberg and Jean Mahoney for their extensive review of the draft. The authors would like to acknowledge the constructive feedback provided by Paul Kyzivat and Robert Sparks.</t> </section></middle> <back><references title="Normative References"> <?rfc include="reference.RFC.2119"?> <?rfc include="reference.RFC.6442"?> <?rfc include="reference.RFC.5234"?> <?rfc include="reference.RFC.3325"?> <?rfc include="reference.RFC.8174"?> <?rfc include="reference.RFC.3968"?> <?rfc include="reference.RFC.3323"?><references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6442.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5234.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3325.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3968.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3323.xml"/> </references><references title="Informative References"> <?rfc include="reference.RFC.4483"?><references> <name>Informative References</name> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4483.xml"/> <reference anchor="TS23-167"> <front><title>3rd Generation Partnership Project; Technical<title>Technical Specification Group Services and System Aspects; IP Multimedia Subsystem (IMS) emergency sessions </title> <author><organization abbrev="3GPP"> 3rd<organization>3rd Generation Partnership Project </organization> </author> <date month="March"year="2015" />year="2015"/> </front><seriesInfo name="TS" value="23.167" /> <seriesInfo name="V" value="12.1.0" /><refcontent>TS 23.167</refcontent> <refcontent>V12.1.0 </refcontent> </reference> <reference anchor="M493"> <front> <title>Functional architecture to support European requirements on emergency caller location determination and transport</title> <author><organization abbrev="ETSI"><organization> European Telecommunications Standards Institute </organization> </author> <date month="February"year="2015" />year="2015"/> </front><seriesInfo name="ES" value="203 178" /> <seriesInfo name="V" value="1.1.1" /><refcontent>ES 203 178</refcontent> <refcontent>V 1.1.1 </refcontent> </reference> </references> </references> <section numbered="false" toc="default"> <name>Acknowledgements</name> <t>The authors would like to thank <contact fullname="Dale Worley"/>, <contact fullname="Christer Holmberg"/>, and <contact fullname="Jean Mahoney"/> for their extensive review of this document. The authors would like to acknowledge the constructive feedback provided by <contact fullname="Paul Kyzivat"/> and <contact fullname="Robert Sparks"/>.</t> </section> </back> </rfc>