Internet Engineering Task Force (IETF) J. Winterbottom
Request for Comments: 8787 Winterb Consulting Services
Updates: 6442 R. Jesske
Category: Standards Track Deutsche Telekom
ISSN: 2070-1721 B. Chatras
Orange Labs
A. Hutton
Atos
May 2020
Location Source Parameter for the SIP Geolocation Header Field
Abstract
There are some circumstances where a Geolocation header field may
contain more than one locationValue. Knowing the identity of the
node adding the locationValue allows the recipient more freedom in
selecting the value to look at first rather than relying solely on
the order of the locationValues. This document defines the "loc-src"
parameter so that the entity adding the locationValue to the
Geolocation header field can identify itself using its hostname.
This document updates RFC 6442.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8787.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
2. Terminology
3. Rationale
4. Mechanism
5. Example
6. Privacy Considerations
7. Security Considerations
8. IANA Considerations
8.1. Registration of "loc-src" Parameter for Geolocation Header
Field
9. References
9.1. Normative References
9.2. Informative References
Acknowledgements
Authors' Addresses
1. Introduction
The SIP Geolocation specification [RFC6442] describes the
"Geolocation" SIP header field, which is used to indicate that the
SIP message is conveying location information. [RFC6442] specifies
that SIP intermediaries should not add locationValues to a SIP
request that already contains a locationValue. [RFC6442] also states
that if a SIP intermediary adds location, it is fully responsible for
addressing the concerns of any 424 (Bad Location Information) SIP
response it receives. However, some communications architectures,
such as 3GPP [TS23-167] and ETSI [M493], prefer to use information
provided by edge proxies or acquired through the use of core-network
nodes before using information provided solely by user equipment
(UE). These solutions don't preclude the use of UE-provided location
but require a means of being able to distinguish the identity of the
node adding the locationValue to the SIP message from that provided
by the UE.
[RFC6442] stipulates that the order of locationValues in the
Geolocation header field is the same as the order in which they were
added to the header field. Whilst this order provides guidance to
the recipient as to which values were added to the message earlier in
the communication chain, it does not identify which node added the
locationValue. Knowing the identity of the entity that added the
location to the message allows the recipient to choose which location
to consider first rather than relying solely on the order of the
locationValues in the Geolocation header field.
This document extends the Geolocation header field of [RFC6442] by
allowing an entity adding the locationValue to identify itself using
a hostname. This is done by defining a new geoloc-param header field
parameter, "loc-src". How the entity adding the locationValue to the
header field obtains the location information is out of scope of this
document. Please note that the "loc-src" parameter field does not
alter the subject of the locationValue.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Rationale
The primary intent of the "loc-src" parameter in this specification
is for use in emergency calling. There are various architectures
defined for providing emergency calling using SIP-based messaging.
Each has its own characteristics with corresponding pros and cons.
All of them allow the UE to provide location information; however,
many also attach other sources of location information to support
veracity checks, to provide backup information, or to be used as the
primary location.
This document does not comment on these various architectures or on
the rationale for including multiple locationValues. It does
recognize that these architectures exist and that there is a need to
identify the entity adding the location information.
The "loc-src" parameter adds the location source generating the
locationValue to allow recipients to make informed decisions about
which of the multiple values to use.
The "loc-src" parameter is applicable within a single private
administrative domain or between different administrative domains
where there is a trust relationship between the domains. Thus, it is
intended to use this parameter only in trust domains where Spec(T) as
described in [RFC3325] exists.
The "loc-src" parameter is not included in a SIP message sent to
another network if there is no trust relationship. The "loc-src"
parameter is not applicable if the administrative domain manages
emergency calls in a way that does not require any generation of the
location.
The functional architecture to support emergency caller location
described within ETSI [M493] is an example of an architecture where
it makes sense to use this parameter.
4. Mechanism
The mechanism adds a geoloc-param parameter to the locationValue
defined in [RFC6442] that identifies the hostname of the entity
adding the locationValue to the Geolocation header field. The
Augmented BNF (ABNF) [RFC5234] for this parameter is shown in
Figure 1.
location-source = "loc-src" EQUAL hostname
hostname = <defined in RFC 3261>
Figure 1: Location Source
Only a fully qualified host name is valid. The syntax does not
support IP addresses, and if an entity conforming to this
specification receives a Geolocation header field with a "loc-src"
parameter containing an IP address, it MUST remove the parameter.
A SIP intermediary conformant to this specification adding a
locationValue to a Geolocation header field SHOULD also add a "loc-
src" header field parameter so that it is clearly identified as the
node adding the location. A User Agent (UA) MUST NOT insert a "loc-
src" header field parameter. If a SIP intermediary receives a
message from an untrusted source with the "loc-src" parameter set,
then it MUST remove the "loc-src" parameter before passing the
message into a trusted network.
5. Example
The following example shows a SIP INVITE message containing a
Geolocation header field with two locationValues. The first
locationValue points to a Presence Information Data Format Location
Object (PIDF-LO) in the SIP body using a content-indirection (cid:)
URI per [RFC4483], and this is provided by the UE. The second
locationValue is an https URI provided by a SIP intermediary, which
identifies itself using the "loc-src" parameter.
INVITE sip:bob@biloxi.example.com SIP/2.0
Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bK74bf9
Max-Forwards: 70
To: Bob <sip:bob@biloxi.example.com>
From: Alice <sip:alice@atlanta.example.com>;tag=9fxced76sl
Call-ID: 3848276298220188511@atlanta.example.com
Geolocation: <cid:target123@atlanta.example.com>,
<https://lis.example.com:8222/y77syc7cuecbh>;
loc-src=edgeproxy.example.com
Geolocation-Routing: yes
Accept: application/sdp, application/pidf+xml
CSeq: 31862 INVITE
Contact: <sip:alice@atlanta.example.com>
Content-Type: multipart/mixed; boundary=boundary1
Content-Length: ...
Figure 2: Example Location Request (in Trust Domain)
6. Privacy Considerations
This document doesn't change any of the privacy considerations
described in [RFC6442]. While the addition of the "loc-src"
parameter identifies the entity that added the location in the
signaling path, this addition provides little more exposure than
adding a proxy identity to the Record-Route header field (privacy
defined in [RFC3323]).
7. Security Considerations
This document introduces the ability of a SIP intermediary to insert
a host name indicating that they added the specific locationValue to
the Geolocation header field. The intent is for this field to be
used by the location recipient in the event that the SIP message
contains multiple locationValues. As a consequence, this parameter
should only be used by the location recipient in a trusted network.
Adding this parameter in an untrusted network serves solely to give
location information to untrusted parties and is NOT RECOMMENDED.
As already stated in [RFC6442], securing the location hop by hop,
using TLS, protects the message from eavesdropping and modification
in transit but exposes the information to all SIP intermediaries on
the path as well as the endpoint. The "loc-src" parameter is
applicable within a single private administrative domain or between
different administrative domains where there is a relationship
between the domains. If such a trust relationship is not given, it
is strongly recommended to delete the location information.
The use of this parameter is not restricted to a specific
architecture, but using multiple locations and loc-src may end in
compatibility issues. [RFC6442] already addresses the issue of
multiple locations. To avoid problems of a possible corruption of
the location information including the "loc-src" parameter when using
an untrusted relationship, it is strongly recommended to delete
location information when passed to another domain out of the trust
domain.
8. IANA Considerations
8.1. Registration of "loc-src" Parameter for Geolocation Header Field
IANA has added a new SIP header field parameter for the Geolocation
header field in the "Header Field Parameters and Parameter Values"
subregistry (created by [RFC3968]) of the "Session Initiation
Protocol (SIP) Parameters" registry found at
<https://www.iana.org/assignments/sip-parameters/>.
Header Field: Geolocation
Parameter Name: loc-src
Predefined Values: No
Reference: RFC 8787
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3323] Peterson, J., "A Privacy Mechanism for the Session
Initiation Protocol (SIP)", RFC 3323,
DOI 10.17487/RFC3323, November 2002,
<https://www.rfc-editor.org/info/rfc3323>.
[RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private
Extensions to the Session Initiation Protocol (SIP) for
Asserted Identity within Trusted Networks", RFC 3325,
DOI 10.17487/RFC3325, November 2002,
<https://www.rfc-editor.org/info/rfc3325>.
[RFC3968] Camarillo, G., "The Internet Assigned Number Authority
(IANA) Header Field Parameter Registry for the Session
Initiation Protocol (SIP)", BCP 98, RFC 3968,
DOI 10.17487/RFC3968, December 2004,
<https://www.rfc-editor.org/info/rfc3968>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>.
[RFC6442] Polk, J., Rosen, B., and J. Peterson, "Location Conveyance
for the Session Initiation Protocol", RFC 6442,
DOI 10.17487/RFC6442, December 2011,
<https://www.rfc-editor.org/info/rfc6442>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References
[M493] European Telecommunications Standards Institute,
"Functional architecture to support European requirements
on emergency caller location determination and transport",
ES 203 178, V 1.1.1, February 2015.
[RFC4483] Burger, E., Ed., "A Mechanism for Content Indirection in
Session Initiation Protocol (SIP) Messages", RFC 4483,
DOI 10.17487/RFC4483, May 2006,
<https://www.rfc-editor.org/info/rfc4483>.
[TS23-167] 3rd Generation Partnership Project, "Technical
Specification Group Services and System Aspects; IP
Multimedia Subsystem (IMS) emergency sessions", TS 23.167,
V12.1.0, March 2015.
Acknowledgements
The authors would like to thank Dale Worley, Christer Holmberg, and
Jean Mahoney for their extensive review of this document. The
authors would like to acknowledge the constructive feedback provided
by Paul Kyzivat and Robert Sparks.
Authors' Addresses
James Winterbottom
Winterb Consulting Services
Gwynneville NSW 2500
Australia
Phone: +61 448 266004
Email: a.james.winterbottom@gmail.com
Roland Jesske
Deutsche Telekom
Heinrich-Hertz Str, 3-7
64295 Darmstadt
Germany
Email: r.jesske@telekom.de
URI: www.telekom.de
Bruno Chatras
Orange Labs
44, avenue de la Republique
F-92320 Chatillon
France
Email: bruno.chatras@orange.com
Andrew Hutton
Atos
Mid City Place
London
WC1V 6EA
United Kingdom
Email: andrew.hutton@atos.net