Tech-invite3GPPspaceIETF RFCsSIP
9190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 6809

Mechanism to Indicate Support of Features and Capabilities in the Session Initiation Protocol (SIP)

Pages: 19
Proposed Standard

Top   ToC   RFC6809 - Page 1
Internet Engineering Task Force (IETF)                       C. Holmberg
Request for Comments: 6809                                   I. Sedlacek
Category: Standards Track                                       Ericsson
ISSN: 2070-1721                                                H. Kaplan
                                                             Acme Packet
                                                           November 2012


     Mechanism to Indicate Support of Features and Capabilities in
                 the Session Initiation Protocol (SIP)

Abstract

This specification defines a new SIP header field, Feature-Caps. The Feature-Caps header field conveys feature-capability indicators that are used to indicate support of features and capabilities for SIP entities that are not represented by the Uniform Resource Identifier (URI) of the Contact header field. SIP entities that are represented by the URI of the SIP Contact header field can convey media feature tags in the Contact header field to indicate support of features and capabilities. This specification also defines feature-capability indicators and creates a new IANA registry, "Proxy-Feature Feature-Capability Indicator Trees", for registering feature-capability indicators. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6809.
Top   ToC   RFC6809 - Page 2
Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

1. Introduction ....................................................3 2. Conventions .....................................................4 3. Definitions .....................................................4 4. Feature-Caps Header Field .......................................4 4.1. Introduction ...............................................4 4.2. User Agent and Proxy Behavior ..............................4 4.2.1. General .............................................4 4.2.2. B2BUA Behavior ......................................5 4.2.3. Registrar Behavior ..................................6 4.2.4. Proxy Behavior ......................................6 4.3. SIP Message Type and Response Code Semantics ...............7 4.3.1. General .............................................7 4.3.2. SIP Dialog ..........................................7 4.3.3. SIP Registration (REGISTER) .........................7 4.3.4. SIP Standalone Transactions .........................8 5. Feature-Capability Indicators ...................................8 5.1. Introduction ...............................................8 5.2. Registration Trees .........................................9 5.2.1. General .............................................9 5.2.2. Global Tree .........................................9 5.2.3. SIP Tree ............................................9 5.3. Feature-Capability Indicator Specification Requirements ...10 5.3.1. General ............................................10 5.3.2. Overall Description ................................10 5.3.3. Feature-Capability Indicator Values ................10 5.3.4. Usage Restrictions .................................11 5.3.5. Interoperability Considerations ....................11 5.3.6. Security Considerations ............................11 5.3.7. Examples ...........................................12 5.3.8. Other Information ..................................12
Top   ToC   RFC6809 - Page 3
   6. Syntax .........................................................12
      6.1. General ...................................................12
      6.2. Syntax: Feature-Caps Header Field .........................12
           6.2.1. ABNF ...............................................12
      6.3. Syntax: Feature-Capability Indicator ......................12
           6.3.1. General ............................................12
           6.3.2. ABNF ...............................................13
   7. IANA Considerations ............................................13
      7.1. Registration of the Feature-Caps Header Field .............13
      7.2. Registration of the Feature-Caps Header Field Parameter ...13
      7.3. Proxy-Feature Feature-Capability Indicator Trees ..........14
           7.3.1. Introduction .......................................14
           7.3.2. Global Feature-Capability Indicator
                  Registration Tree ..................................14
           7.3.3. SIP Feature-Capability Indicator
                  Registration Tree ..................................15
   8. Feature-Capability Indicator Registration Template .............16
   9. Security Considerations ........................................17
   10. Acknowledgements ..............................................17
   11. References ....................................................18
      11.1. Normative References .....................................18
      11.2. Informative References ...................................18

1. Introduction

The Session Initiation Protocol (SIP) [RFC3261] extension for indicating User Agent (UA) capabilities, defined in RFC 3840 [RFC3840], provides a mechanism that allows a SIP message to convey information relating to the originator's features and capabilities, using the Contact header field. This specification defines a new SIP header field, Feature-Caps. The Feature-Caps header field conveys feature-capability indicators that are used to indicate support of features and capabilities for SIP entities that are not represented by the Uniform Resource Identifier (URI) of the Contact header field. Such cases are: o The SIP entity acts as a SIP proxy. o The SIP entity acts as a SIP registrar. o The SIP entity acts as a Back-to-Back User Agent (B2BUA) [RFC3261], where the Contact header field URI represents another SIP entity. SIP entities that are represented by the URI of the SIP Contact header field can convey media feature tags in the Contact header field to indicate support of features and capabilities.
Top   ToC   RFC6809 - Page 4
   Unlike media feature tags, feature-capability indicators are intended
   to only be used with SIP.

   This specification also defines feature-capability indicators and
   creates a new IANA registry, "Proxy-Feature Feature-Capability
   Indicator Trees", for registering feature-capability indicators.

2. Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].

3. Definitions

Downstream SIP entity: SIP entity in the direction towards which a SIP request is sent. Upstream SIP entity: SIP entity in the direction from which a SIP request is received.

4. Feature-Caps Header Field

4.1. Introduction

The Feature-Caps header field is used by SIP entities to convey support of features and capabilities, by setting feature-capability indicators. A feature-capability indicator conveyed in a Feature-Caps header field indicates that a SIP entity in the SIP message signaling path supports the associated feature and capability.

4.2. User Agent and Proxy Behavior

4.2.1. General

If the URI in a Contact header field of a request or response represents a SIP entity, the entity MUST NOT indicate supported features and capabilities using a Feature-Caps header field within that request or response. When a SIP entity receives a SIP request, or response, that contains one or more Feature-Caps header fields, the feature-capability indicators in the header field inform the entity about the features and capabilities supported by entities in the SIP message signaling
Top   ToC   RFC6809 - Page 5
   path.  The procedure by which features and capabilities are invoked
   are outside the scope of this specification and MUST be described by
   individual feature-capability indicator specifications.

   A Feature-Caps header field value cannot convey the address of the
   SIP entity that inserted the Feature-Caps header field.  If
   additional data about a supported feature needs to be conveyed, such
   as the address of the SIP entity that indicated support of the
   feature, then the feature definition needs to define a way to convey
   that information as a value of the associated feature-capability
   indicator.

   When a SIP entity adds a Feature-Caps header field to a SIP message,
   it MUST place the header field before any existing Feature-Caps
   header field in the message to be forwarded, so that the added header
   field becomes the top-most one.  Then, when another SIP entity
   receives a SIP request or the response, the SIP feature-capability
   indicators in the top-most Feature-Caps header field will represent
   the supported features and capabilities "closest", from a SIP
   signaling point of view, to the entity.

   Based on features and policies, a SIP entity MAY remove a
   Feature-Caps header field from a SIP message.  Also, a SIP entity MAY
   remove a feature-capability indicator from a Feature-Caps header
   field within a SIP message.  A SIP entity SHOULD NOT re-order the
   Feature-Caps header fields within a SIP message.

   For a given fc-value, as defined in Section 6.2.1, the order in which
   feature-capability indicators are listed has no significance.  For
   example, "foo;bar" and "bar;foo" have the same meaning (i.e., that
   the SIP entity that inserted the feature-capability indicator
   supports the features and capabilities associated with the "foo" and
   "bar" feature-capability indicators).

4.2.2. B2BUA Behavior

The procedures in this section apply to User Agents (UAs) [RFC3261] that are part of B2BUAs that are referenced in the message by a Record-Route header field rather than by the URI of the Contact header field. When such a UA sends a SIP request, if the UA wants to indicate support of features and capabilities towards its downstream SIP entities, it inserts a Feature-Caps header field in the request, containing one or more feature-capability indicators associated with the supported features and capabilities, before it forwards the request.
Top   ToC   RFC6809 - Page 6
   If the SIP request is triggered by another SIP request that the B2BUA
   has received, the UA MAY forward received Feature-Caps header fields
   by copying them to the outgoing SIP request, similar to a SIP proxy,
   before it inserts its own Feature-Caps header field in the SIP
   request.

   When such a UA receives a SIP response, if the UA wants to indicate
   support of features and capabilities towards its upstream SIP
   entities, it inserts a Feature-Caps header field in the response,
   containing one or more feature-capability indicators associated with
   the supported features and capabilities, before it forwards the
   response.

   If the SIP response is triggered by another SIP response that the
   B2BUA has received, the UA MAY forward received Feature-Caps header
   fields by copying them to the outgoing SIP response, similar to a SIP
   proxy, before it inserts its own Feature-Caps header field in the SIP
   response.

4.2.3. Registrar Behavior

If a SIP registrar wants to indicate support of features and capabilities towards its upstream SIP entities, it inserts a Feature-Caps header field, containing one or more feature-capability indicators associated with the supported features and capabilities, in a REGISTER response.

4.2.4. Proxy Behavior

When a SIP proxy receives a SIP request, if the proxy wants to indicate support of features and capabilities towards its downstream SIP entities, it inserts a Feature-Caps header field in the request, containing one or more SIP feature-capability indicators associated with the supported features and capabilities, before it forwards the request. When a proxy receives a SIP response, if the proxy wants to indicate support of features and capabilities towards its upstream SIP entities, it inserts a Feature-Caps header field in the response, containing one or more SIP feature-capability indicators associated with the supported features and capabilities, before it forwards the response.
Top   ToC   RFC6809 - Page 7

4.3. SIP Message Type and Response Code Semantics

4.3.1. General

This section describes the general usage and semantics of the Feature-Caps header field for different SIP message types and response codes. Section 6.2.1 defines the Feature-Caps header field ABNF.

4.3.2. SIP Dialog

The Feature-Caps header field can be used within an initial SIP request for a dialog, within a target refresh SIP request, and within any 18x or 2xx response associated with such requests. If a feature-capability indicator is inserted in a Feature-Caps header field of an initial request for a dialog, or within a response of such a request, it indicates to the receivers of the request (or response) that the feature associated with the feature-capability indicator is supported for the duration of the dialog, until a target refresh request is sent for the dialog, or until the dialog is terminated. Unless a feature-capability indicator is inserted in a Feature-Caps header field of a target refresh request, or within a response of such a request, it indicates to the receivers of the request (or response) that the feature is no longer supported for the dialog. For a given dialog, a SIP entity MUST insert the same feature- capability indicators in all 18x and 2xx responses associated with a given transaction. As it cannot be guaranteed that 2xx responses associated with SIP SUBSCRIBE requests will reach the User Agent Client (UAC) [RFC3261], due to forking of the request, entities need to indicate supported features and capabilities in the SIP NOTIFY request that will be sent for each of the created subscription dialogs.

4.3.3. SIP Registration (REGISTER)

The Feature-Caps header field can be used within a SIP REGISTER request and within the 200 (OK) response associated with such a request. If a feature-capability indicator is conveyed in a Feature-Caps header field of a REGISTER request, or within an associated response, it indicates to the receivers of the message that the feature
Top   ToC   RFC6809 - Page 8
   associated with the feature-capability indicator is supported for the
   registration, until the registration of the contact that was
   explicitly conveyed in the REGISTER request expires, or until the
   registered contact is explicitly refreshed and the refresh REGISTER
   request does not contain the feature-capability indicator associated
   with the feature.

   While a REGISTER response can contain contacts that have been
   registered as part of other registration transactions, support of any
   indicated feature only applies to requests sent to the contact(s)
   that were explicitly conveyed in the associated REGISTER request.

   This specification does not define any semantics for usage of the
   Feature-Caps header field in pure registration binding fetching
   messages (see Section 10.2.3 of RFC 3261), where the REGISTER request
   does not contain a Contact header field.  Unless such semantics are
   defined in a future extension, fetching messages will not have any
   impact on previously indicated support of features and capabilities,
   and SIP entities MUST NOT insert a Feature-Caps header field in such
   messages.

   If SIP outbound [RFC5626] is used, the rules above apply.  However,
   supported features and capabilities only apply for the registration
   flow on which support has been explicitly indicated.

4.3.4. SIP Standalone Transactions

The Feature-Caps header field can be used within a standalone SIP request and within any 2xx response associated with such a request. If a feature-capability indicator is inserted in a Feature-Caps header field of a standalone request, or within a response of such a request, it indicates to the receivers of the request (or response) that the feature associated with the feature-capability indicator is supported for the duration of the standalone transaction.

5. Feature-Capability Indicators

5.1. Introduction

Feature-capability indicators are used by SIP entities not represented by the URI of the Contact header field to indicate support of features and capabilities, where media feature tags cannot be used to indicate such support. A value, or a list of values, that provides additional information about the supported feature or capability can be associated with a feature-capability indicator.
Top   ToC   RFC6809 - Page 9

5.2. Registration Trees

5.2.1. General

The following subsections define registration trees, distinguished by the use of faceted names (e.g., names of the form "tree.feature-name"). The registration trees are defined in the IANA "Proxy-Feature Feature-Capability Indicator Trees" registry. The trees defined herein are similar to the global tree and SIP tree defined for media feature tags, in RFCs 2506 [RFC2506] and 3840 [RFC3840]. Other registration trees are outside the scope of this specification. In contrast to RFCs 2506 and 3840, this specification only defines a global tree and a SIP tree, as they are the only trees defined in those RFCs that have been used for defining SIP-specific media feature tags. When a feature-capability indicator is registered in any registration tree, no leading "+" is used in the registration.

5.2.2. Global Tree

The global feature-capability indicator tree is similar to the media feature tag global tree defined in RFC 2506 [RFC2506]. A feature-capability indicator in the global tree will be distinguished by the leading facet "g.". An organization can propose either a designation indicative of the feature (e.g., "g.blinktags") or a faceted designation including the organization name (e.g., "g.organization.blinktags").

5.2.3. SIP Tree

The SIP feature-capability indicator tree is similar to the media feature tag SIP tree defined in RFC 3840. A feature-capability indicator in the SIP tree will be distinguished by the leading facet "sip.".
Top   ToC   RFC6809 - Page 10

5.3. Feature-Capability Indicator Specification Requirements

5.3.1. General

A feature-capability indicator specification MUST address the issues defined in the following subsections or document why an issue is not applicable for the specific feature-capability indicator. A reference to the specification MUST be provided when the feature- capability indicator is registered with IANA (see Section 8). It is bad practice for feature-capability indicator specifications to repeat procedures (e.g., general procedures on the usage of the Feature-Caps header field and feature-capability indicators) defined in this specification, unless needed for clarification or emphasis purposes. A feature-capability indicator specification MUST NOT modify the Feature-Caps header field rules and semantics defined in Section 4. A feature-capability indicator specification MUST NOT weaken any behavior designated with "SHOULD" or "MUST" in this specification. However, a specification MAY strengthen "SHOULD", "MAY", or "RECOMMENDED" requirements to "MUST" strength if features and capabilities associated with the feature-capability indicator require it.

5.3.2. Overall Description

The feature-capability indicator specification MUST contain an overall description of the feature-capability indicator: how it is used to indicate support of a feature, a description of the feature associated with the feature-capability indicator, a description of any additional information (conveyed using one or more feature- capability indicator values) that can be conveyed together with the feature-capability indicator, and a description of how the associated feature MAY be exercised/invoked.

5.3.3. Feature-Capability Indicator Values

A feature-capability indicator can have an associated value, or a list of values. The feature-capability indicator specification MUST define the syntax and semantics of any value defined for the feature- capability indicator, including possible restrictions related to the usage of a specific value. The feature-capability indicator specification MUST define the value(s) in accordance with the ABNF defined in Section 6.3.2. The feature-capability indicator specification MUST define whether the feature-capability indicator has a default value.
Top   ToC   RFC6809 - Page 11
   If no values are defined for the feature-capability indicator, it
   MUST be indicated in the feature-capability indicator specification.

   A feature-capability indicator value is only applicable for the
   feature-capability indicator for which it has been defined.  For
   other feature-capability indicators, the value has to be defined
   explicitly, even if the semantics are identical.

   It is strongly RECOMMENDED to not re-use a value that already has
   been defined for another feature-capability indicator, unless the
   semantics of the values are the same.

5.3.4. Usage Restrictions

If there are restrictions on how SIP entities can insert a feature- capability indicator, the feature-capability indicator specification MUST document such restrictions. There might be restrictions related to whether or not entities o are allowed to insert a feature-capability indicator in registration-related messages, standalone transaction messages, or dialog-related messages, o are allowed to insert a feature-capability indicator in requests or responses, o also need to support other features and capabilities in order to insert a feature-capability indicator, and o are allowed to indicate support of a feature in conjunction with another feature.

5.3.5. Interoperability Considerations

The feature-capability indicator specification MUST document any specific interoperability considerations that apply to the feature- capability indicator. Interoperability considerations can, e.g., include procedures related to cases where an expected feature-capability indicator is not present or where it contains an unexpected value.

5.3.6. Security Considerations

The feature-capability indicator specification MUST document any specific security considerations that apply to the feature-capability indicator.
Top   ToC   RFC6809 - Page 12

5.3.7. Examples

It is recommended that the feature-capability indicator specification provide demonstrative message flow diagrams, paired with complete messages and message descriptions. Note that example message flows are by definition informative and do not replace normative text.

5.3.8. Other Information

If there is additional information about the feature-capability indicator, it is recommended to describe such information. It can include, for example, names of related feature-capability indicators.

6. Syntax

6.1. General

This section defines the ABNF for the Feature-Caps header field and for the feature-capability indicators. The ABNF defined in this specification is conformant to RFC 5234 [RFC5234].

6.2. Syntax: Feature-Caps Header Field

6.2.1. ABNF

The ABNF for the Feature-Caps header fields is: Feature-Caps = "Feature-Caps" HCOLON fc-value *(COMMA fc-value) fc-value = "*" *(SEMI feature-cap) NOTE: The "*" value is present in order to follow the guidelines for syntax in RFC 4485 [RFC4485] and to maintain a consistent format with RFCs 3840 [RFC3840] and 3841 [RFC3841].

6.3. Syntax: Feature-Capability Indicator

6.3.1. General

In a feature-capability indicator name (ABNF: fcap-name), dots can be used to implement a feature-capability indicator tree hierarchy (e.g., tree.feature.subfeature). The description of usage of such a tree hierarchy must be described when registered.
Top   ToC   RFC6809 - Page 13

6.3.2. ABNF

The ABNF for the feature-capability indicator is: feature-cap = "+" fcap-name [EQUAL LDQUOT (fcap-value-list / fcap-string-value ) RDQUOT] fcap-name = ftag-name fcap-value-list = tag-value-list fcap-string-value = string-value ;; ftag-name, tag-value-list, string-value defined in RFC 3840 NOTE: In comparison with media feature tags, the "+" sign in front of the feature-capability indicator name is mandatory.

7. IANA Considerations

7.1. Registration of the Feature-Caps Header Field

This specification registers a new SIP header field, Feature-Caps, according to the process defined in RFC 3261 [RFC3261]. The following is the registration for Feature-Caps in the "Header Fields" registry: RFC Number: RFC 6809 Header Field Name: Feature-Caps

7.2. Registration of the Feature-Caps Header Field Parameter

This specification adds the Feature-Caps header field to the IANA "Header Field Parameters and Parameter Values" registry, according to the process described in RFC 3968 [RFC3968]. Predefined Header Field Parameter Name Values Reference -------------------------------------------------------------------- Feature-Caps +<fcap-name> * No [RFC6809] * <fcap-name> denotes parameter names conforming to the syntax <fcap-name> defined in RFC 6809. Valid feature-capability indicators are registered in the Proxy-Feature Feature-Capability Indicator Trees registry.
Top   ToC   RFC6809 - Page 14

7.3. Proxy-Feature Feature-Capability Indicator Trees

7.3.1. Introduction

This specification creates a new sub-registry to the IANA "Session Initiation Protocol (SIP) Parameters" registry, according to the process defined in RFC 5226. The name of the sub-registry is "Proxy-Feature Feature-Capability Indicator Trees". Feature-capability indicators are categorized by the "leading facet" of their name. The leading facet is a prefix of the name consisting of all characters up to and including the first ".". Feature- capability indicator names that contain no "." characters are considered to have an empty ("") leading facet. The "Proxy-Feature Feature-Capability Indicator Trees" registry contains sub-registries for subsets (called 'trees') of feature- capability indicators sharing the same leading facet. Each feature- capability indicator is registered within the tree that matches its leading facet. If no tree matches its leading facet, then the feature-capability indicator cannot be registered. New feature-capability indicator sub-registries (trees) can be registered. The registration must meet the "Standards Action" policies defined in RFC 5226 [RFC5226]. A new name, unique leading facet, and registration policies (as defined in RFC 5226) for feature-capability indicators within this tree need to be provided. This document defines the first two feature-capability indicator trees ("g." and "sip."). It does not define a tree for the empty leading facet.

7.3.2. Global Feature-Capability Indicator Registration Tree

This specification creates a new feature-capability indicator tree in the IANA "Proxy-Feature Feature-Capability Indicator Trees" registry. The name of the tree is "Global Feature-Capability Indicator Registration Tree", and its leading facet is "g.". It is used for the registration of feature-capability indicators. When a feature-capability indicator is registered in the global tree, it needs to meet the "Specification Required" policies defined in RFC 5226. A designated area expert will review the proposed feature- capability indicator and consult with members of related mailing lists. The information required in the registration is defined in Section 5.3 of this document.
Top   ToC   RFC6809 - Page 15
   Note that all feature-capability indicators registered in the global
   tree will have names with a leading facet "g.".  No leading "+" is
   used in the registrations in any of the feature-capability indicator
   registration trees.

   The format of the global tree is as described below:

   Name   Description   Reference
   ------------------------------

   Name - contains the Feature-Capability Indicator Name, provided in
   the registration feature-capability indication registration template.

   Description - provided in the registration feature-capability
   indication registration template.

   Reference - contains the Feature-Capability Indicator specification
   reference provided in the registration feature-capability indication
   registration template.

   No initial values are registered in the global tree.

7.3.3. SIP Feature-Capability Indicator Registration Tree

This specification creates a new feature-capability indicator tree in the IANA "Proxy-Feature Feature-Capability Indicator Trees" registry. The name of the tree is "SIP Feature-Capability Indicator Registration Tree", and its leading facet is "sip.". It is used for the registration of feature-capability indicators. When a feature-capability indicator is registered in the SIP tree, it needs to meet the "IETF Review" policies defined in RFC 5226. The information required in the registration is defined in Section 5.3 of this document. Note that all feature-capability indicators registered in the SIP tree will have names with a leading facet "sip.". No leading "+" is used in the registrations in any of the feature-capability indicator registration trees.
Top   ToC   RFC6809 - Page 16
   The format of the SIP tree is as described below:

   Name   Description   Reference
   ------------------------------

   Name - contains the Feature-Capability Indicator Name, provided in
   the registration feature-capability indication registration template.

   Description - provided in the registration feature-capability
   indication registration template.

   Reference - contains the Feature-Capability Indicator specification
   reference provided in the registration feature-capability indication
   registration template.

   No initial values are registered in the SIP tree.

8. Feature-Capability Indicator Registration Template

Registration requests for the global tree are submitted by email to iana@iana.org. Registration requests for the SIP tree requires submitting an Internet-Draft to the IESG. | Instructions are preceded by '|'. All fields are mandatory. Feature-capability indicator name: Description: | The description should be no longer than 4 lines. More | detailed information can be provided in the feature | capability indicator specification. Feature-capability indicator specification reference: | The referenced specification must contain the information | listed in Section 5.3 of RFC 6809. Contact: | Name(s) & email address(es) of person(s) to | contact for further information.
Top   ToC   RFC6809 - Page 17

9. Security Considerations

The security issues for feature-capability indicators are similar to the ones defined in RFC 3840 for media feature tags. Media feature tags can reveal information about end users and end-user equipment, which can be used for industrial espionage. The knowledge about end- user equipment capabilities can also be used to influence application behavior. As feature-capability indicators are not intended to convey capability information of end-user devices, such end-user security aspects of RFC 3840 do not apply to feature-capability indicators. In addition, the security issue discussed in RFC 3840 regarding an attacker using the SIP caller preferences extension [RFC3841] in order to affect routing decisions does not apply, as the mechanism is not defined to be used with feature-capability indicators. Feature-capability indicators can, however, provide capability and characteristics information about the SIP entity, some of which might be sensitive. Malicious elements viewing the indicators may be able to discern application deployment details or identify elements with exploitable feature implementation weaknesses. The Feature-Caps header field does not convey address information about SIP entities. However, individual feature-capability indicators might provide address information as feature-capability indicator values. Therefore, if the feature-capability indicators provide information that requires data integrity or origin authentication, mechanisms for providing those MUST be provided. If confidentiality is required, then the specification MUST call for the use of Transport Layer Security (TLS) [RFC5246] at all hops. Since there are no satisfactory middle-to-end or middle-to-middle SIP confidentiality mechanisms, TLS is as good as it gets, and specifications SHOULD NOT define feature-capability indicators that need confidentiality that is better than the hop-by-hop confidentiality provided by TLS.

10. Acknowledgements

The authors wish to thank everyone in the SIP community that provided input and feedback on the work of this specification.
Top   ToC   RFC6809 - Page 18

11. References

11.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008.

11.2. Informative References

[RFC2506] Holtman, K., Mutz, A., and T. Hardie, "Media Feature Tag Registration Procedure", BCP 31, RFC 2506, March 1999. [RFC3840] Rosenberg, J., Schulzrinne, H., and P. Kyzivat, "Indicating User Agent Capabilities in the Session Initiation Protocol (SIP)", RFC 3840, August 2004. [RFC3841] Rosenberg, J., Schulzrinne, H., and P. Kyzivat, "Caller Preferences for the Session Initiation Protocol (SIP)", RFC 3841, August 2004. [RFC3968] Camarillo, G., "The Internet Assigned Number Authority (IANA) Header Field Parameter Registry for the Session Initiation Protocol (SIP)", BCP 98, RFC 3968, December 2004. [RFC4485] Rosenberg, J. and H. Schulzrinne, "Guidelines for Authors of Extensions to the Session Initiation Protocol (SIP)", RFC 4485, May 2006. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [RFC5626] Jennings, C., Mahy, R., and F. Audet, "Managing Client- Initiated Connections in the Session Initiation Protocol (SIP)", RFC 5626, October 2009.
Top   ToC   RFC6809 - Page 19

Authors' Addresses

Christer Holmberg Ericsson Hirsalantie 11 Jorvas 02420 Finland EMail: christer.holmberg@ericsson.com Ivo Sedlacek Ericsson Scheelevaegen 19C Lund 22363 Sweden EMail: ivo.sedlacek@ericsson.com Hadriel Kaplan Acme Packet 71 Third Ave. Burlington, MA 01803 USA EMail: hkaplan@acmepacket.com