[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Protocol Action: Session Initiation Protocol Extension for Instant Messaging to Proposed Standard





The IESG has approved the Internet-Draft 'Session Initiation Protocol
Extension for Instant Messaging' <draft-ietf-sip-message-07.txt> as a
Proposed Standard.  This document is the product of the Session
Initiation Protocol Working Group.  The IESG contact persons are
Allison Mankin and Scott Bradner.

 
Technical Summary
 
  RFC 2778 and RFC 2779 give a model and requirements for presence
  and instant messaging protocols. The Session Initiation Protocol
  (RFC 3261) provides mechanisms that are useful for presence
  applicatons, and for session-oriented communication applications.
  This document specifies a new method for SIP called MESSAGE, which
  adds an instant message mechanism as well, fulfilling
  RFC 2779. This IM mechanism is intended for pager style use,
  in which a MESSAGE carries a short text, or message/cpim body,
  as a stand-alone communication, rather than a stream of connected
  data, in a "session mode." The SIMPLE working group is currently
  working to understand the session model more fully and determine
  how SIMPLE should best support it (for instance with multiple
  types of session modes).
   
Working Group Summary
   
  The requirements for this specification originated in the
  IMPP and SIMPLE Working Groups, and then the protocol
  extension was completed by SIP. The major point of contention
  was to ensure that MESSAGE did not become a congestion-prone
  transport-replacement, taking advantage of SIP's original ability
  to run over UDP. Fortunately, beginning with RFC 3261, any SIP
  message with a large payload is likely to use TCP for its transport.
  The MESSAGE specification achieved strong working group and
  Transport area consensus after vigorous discussion of its first
  few revisions.

Protocol Quality
   
    Allison Mankin reviewed the specification for the IESG.
    Several early commercial implementations have been identified.


Note to RFC Editor:

Please make the following changes:

Before the Introduction, add an unnumbered section -

Terminology

      In this document, the key words "MUST", "MUST NOT", "REQUIRED",
      "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
      RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
      described in BCP 14, RFC 2119 and indicate requirement levels for
      compliant SIP implementations.

-------
References

Add RFC 2119 to Normative references.


-------

11. Security Considerations

Old:

      In particular, UAs that
      support the MESSAGE request SHOULD support end-to-end authentication,
      body integrity, and body confidentiality mechanisms.
New:

      In particular, UAs that
      support the MESSAGE request MUST implement end-to-end authentication,
      body integrity, and body confidentiality mechanisms.

------
11.1 Outbound authentication

Old:
      When local proxies are used for transmission of outbound messages,
      proxy authentication is RECOMMENDED. This is useful to verify the
      identity of the originator, and prevent spoofing and spamming at the
      originating network.

New:
      When local proxies are used for transmission of outbound messages,
      proxy authentication, as specified in RFC 3261, is RECOMMENDED. 
      This is useful to verify the identity of the originator, and prevent
      spoofing and spamming at the originating network.

------
11.3 End-to-End Protection

Old:
      To alleviate the concerns stated above, the MESSAGE bodies SHOULD be
      secured with S/MIME.

New:

      For remedying the concerns stated above, the MESSAGE bodies
      MUST be secured with S/MIME. If bodies specified in future to be
      carried by the MESSAGE method have different means of providing
      end-to-end security, their specification MUST describe the usage.
-------

11.4 Replay Prevention

OLD:
   To prevent the replay of old SIP requests, all signed MESSAGE
   requests and responses SHOULD contain a Date header field covered by
   the message signature.


NEW:

   To prevent the replay of old SIP requests, all signed MESSAGE
   requests and responses MUST contain a Date header field covered by
   the message signature.