draft-ietf-ecrit-psap-callback-12.txt   draft-ietf-ecrit-psap-callback-13.txt 
ECRIT H. Schulzrinne ECRIT H. Schulzrinne
Internet-Draft Columbia University Internet-Draft Columbia University
Intended status: Standards Track H. Tschofenig Intended status: Standards Track H. Tschofenig
Expires: March 31, 2014 Nokia Solutions and Networks Expires: April 17, 2014 Nokia Solutions and Networks
C. Holmberg C. Holmberg
Ericsson Ericsson
M. Patel M. Patel
InterDigital Communications InterDigital Communications
September 27, 2013 October 14, 2013
Public Safety Answering Point (PSAP) Callback Public Safety Answering Point (PSAP) Callback
draft-ietf-ecrit-psap-callback-12.txt draft-ietf-ecrit-psap-callback-13.txt
Abstract Abstract
After an emergency call is completed (either prematurely terminated After an emergency call is completed (either prematurely terminated
by the emergency caller or normally by the call taker) it is possible by the emergency caller or normally by the call taker) it is possible
that the call taker feels the need for further communication. For that the call taker feels the need for further communication. For
example, the call may have been dropped by accident without the call example, the call may have been dropped by accident without the call
taker having sufficient information about the current situation of a taker having sufficient information about the current situation of a
wounded person. A call taker may trigger a callback towards the wounded person. A call taker may trigger a callback towards the
emergency caller using the contact information provided with the emergency caller using the contact information provided with the
skipping to change at page 2, line 10 skipping to change at page 2, line 10
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 31, 2014. This Internet-Draft will expire on April 17, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 33 skipping to change at page 2, line 33
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Callback Scenarios . . . . . . . . . . . . . . . . . . . . . 4 3. Callback Scenarios . . . . . . . . . . . . . . . . . . . . . 4
3.1. Routing Asymmetry . . . . . . . . . . . . . . . . . . . . 5 3.1. Routing Asymmetry . . . . . . . . . . . . . . . . . . . . 5
3.2. Multi-Stage Routing . . . . . . . . . . . . . . . . . . . 6 3.2. Multi-Stage Routing . . . . . . . . . . . . . . . . . . . 5
3.3. Call Forwarding . . . . . . . . . . . . . . . . . . . . . 6 3.3. Call Forwarding . . . . . . . . . . . . . . . . . . . . . 6
3.4. Network-based Service URN Resolution . . . . . . . . . . 8 3.4. Network-based Service URN Resolution . . . . . . . . . . 8
3.5. PSTN Interworking . . . . . . . . . . . . . . . . . . . . 9 3.5. PSTN Interworking . . . . . . . . . . . . . . . . . . . . 9
4. SIP PSAP Callback Indicator . . . . . . . . . . . . . . . . . 10 4. SIP PSAP Callback Indicator . . . . . . . . . . . . . . . . . 10
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.2. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.2. Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.3. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.3.1. General . . . . . . . . . . . . . . . . . . . . . . . 10 4.3.1. General . . . . . . . . . . . . . . . . . . . . . . . 10
4.3.2. ABNF . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3.2. ABNF . . . . . . . . . . . . . . . . . . . . . . . . 10
5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10
5.1. Security Threat . . . . . . . . . . . . . . . . . . . . . 10 5.1. Security Threat . . . . . . . . . . . . . . . . . . . . . 10
5.2. Security Requirements . . . . . . . . . . . . . . . . . . 11 5.2. Security Requirements . . . . . . . . . . . . . . . . . . 11
5.3. Security Solution . . . . . . . . . . . . . . . . . . . . 11 5.3. Security Solution . . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Normative References . . . . . . . . . . . . . . . . . . 13 8.1. Normative References . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 13 8.2. Informative References . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
Summoning police, the fire department or an ambulance in emergencies Summoning police, the fire department or an ambulance in emergencies
is one of the fundamental and most-valued functions of the telephone. is one of the fundamental and most-valued functions of the telephone.
As telephone functionality moves from circuit-switched telephony to As telephone functionality moves from circuit-switched telephony to
Internet telephony, its users rightfully expect that this core Internet telephony, its users rightfully expect that this core
functionality will continue to work at least as well as it has for functionality will continue to work at least as well as it has for
the legacy technology. New devices and services are being made the legacy technology. New devices and services are being made
available that could be used to make a request for help, which are available that could be used to make a request for help, which are
skipping to change at page 4, line 17 skipping to change at page 4, line 17
intermediaries as well as by the user agent. intermediaries as well as by the user agent.
Among the emergency services community there is the desire to offer Among the emergency services community there is the desire to offer
PSAP callbacks a treatment such that chances are increased that it PSAP callbacks a treatment such that chances are increased that it
reaches the emergency caller. At the same time a design must deal reaches the emergency caller. At the same time a design must deal
with the negative side-effects of allowing certain calls to bypass with the negative side-effects of allowing certain calls to bypass
call forwarding or other authorization policies. Ideally, the PSAP call forwarding or other authorization policies. Ideally, the PSAP
callback has to relate to an earlier emergency call that was made callback has to relate to an earlier emergency call that was made
"not too long ago". An exact time interval is difficult to define in "not too long ago". An exact time interval is difficult to define in
a global IETF standard due to the variety of national regulatory a global IETF standard due to the variety of national regulatory
requirements. requirements but [RFC6881] suggests 30 minutes.
To nevertheless meet the needs from the emergency services community To nevertheless meet the needs from the emergency services community
a basic mechanism for preferential treatment of PSAP callbacks was a basic mechanism for preferential treatment of PSAP callbacks was
defined in Section 13 of [RFC6443]. The specification says: defined in Section 13 of [RFC6443]. The specification says:
"A UA may be able to determine a PSAP callback by examining the "A UA may be able to determine a PSAP callback by examining the
domain of incoming calls after placing an emergency call and domain of incoming calls after placing an emergency call and
comparing that to the domain of the answering PSAP from the comparing that to the domain of the answering PSAP from the
emergency call. Any call from the same domain and directed to the emergency call. Any call from the same domain and directed to the
supplied Contact header or AOR after an emergency call should be supplied Contact header or AOR after an emergency call should be
skipping to change at page 5, line 7 skipping to change at page 5, line 7
3. Callback Scenarios 3. Callback Scenarios
This section illustrates a number of scenarios where the currently This section illustrates a number of scenarios where the currently
specified solution, as specified in [RFC6881], for preferential specified solution, as specified in [RFC6881], for preferential
treatment of callbacks fails. As explained in Section 1 a SIP entity treatment of callbacks fails. As explained in Section 1 a SIP entity
examines an incoming PSAP callback by comparing the domain of the examines an incoming PSAP callback by comparing the domain of the
PSAP with the destination domain of the outbound emergency call PSAP with the destination domain of the outbound emergency call
placed earlier. placed earlier.
NOTE: All FQDNs used in the subsections below are used for
illustrative purposes. They are examples to demonstrate the
limitations of the technical solution outlined in RFC 6881.
3.1. Routing Asymmetry 3.1. Routing Asymmetry
In some deployment environments it is common to have incoming and In some deployment environments it is common to have incoming and
outgoing SIP messaging routed through different SIP entities. Figure outgoing SIP messaging routed through different SIP entities. Figure
1 shows this graphically whereby a VoIP provider uses different SIP 1 shows this graphically whereby a VoIP provider uses different SIP
proxies for inbound and for outbound call handling. Unless the two proxies for inbound and for outbound call handling. Unless the two
devices are synchronized, the callback hitting the inbound proxy devices are synchronized, the callback hitting the inbound proxy
would get treated like any other call since the emergency call would get treated like any other call since the emergency call
established state information at the outbound proxy only. established state information at the outbound proxy only.
skipping to change at page 6, line 8 skipping to change at page 6, line 4
| | e || | | | | e || | |
| | r |+-+ | | | r |+-+ |
\ / | | \ / | |
`. ,' \ / `. ,' \ /
'-------' `. ,' '-------' `. ,'
'-------' '-------'
Figure 1: Example for Routing Asymmetry. Figure 1: Example for Routing Asymmetry.
3.2. Multi-Stage Routing 3.2. Multi-Stage Routing
Consider the following emergency call routing scenario shown in Consider the following emergency call routing scenario shown in
Figure 2 where routing towards the PSAP occurs in several stages. In Figure 2 where routing towards the PSAP occurs in several stages. In
this scenario we consider a SIP UA that uses LoST to learn the next this scenario we consider a SIP UA that uses the Location-to-Service
hop destination closer to the PSAP. This call is then sent to the Translation Protocol (LoST) [RFC5222] to learn the next hop
user's VoIP provider. The user's VoIP provider receives the destination, namely esrp@example.net, to get the call closer to the
PSAP. This call is then sent to the proxy of the user's VoIP
provider (example.org). The user's VoIP provider receives the
emergency call and creates state based on the destination domain, emergency call and creates state based on the destination domain,
namely state.org. It then routes it to the indicated ESRP. When the namely example.net. It then routes it to the indicated ESRP. When
ESRP receives it it needs to decide what the next hop is to get it the ESRP receives it it needs to decide what the next hop is to get
closer to the PSAP. In our example the next hop is the PSAP with the to the final PSAP. In our example the next hop is the PSAP with the
URI psap@town.com. URI psap@example.com.
When a callback is sent from psap@town.com towards the emergency When a callback is sent from psap@example.com towards the emergency
caller the call will get normal treatment by the VoIP providers caller the call will get normal treatment by the proxy of the VoIP
inbound proxy since the domain of the PSAP does not match the stored provider since the domain of the PSAP does not match the stored state
state information. information.
,-------. ,-----------.
+----+ ,' `. +----+ ,' `.
| UA |--- esrp1@foobar.com / Emergency \ | UA |--- esrp@example.net / Emergency \
+----+ \ | Services | +----+ \ | Services |
\ ,-------. | Network | \ ,-------. | Network |
,' `. | | ,' `. | |
/ VoIP \ | +------+ | / VoIP \ | +------+ |
( Provider ) | |PSAP | | ( Provider ) | | PSAP | |
\ / | +--+---+ | \ example.org / | +--+---+ |
`. ,' | | `. ,' | | |
'---+---' | | | '---+---' | | |
| |psap@town.com | | | psap@example.com |
esrp@state.org | | | esrp@example.net | | |
| | | | | | | |
| | | | | | | |
| | +--+---+ | | | +--+---+ |
+------------+---+ESRP | | +------------+-----+ ESRP | |
| +------+ | | +------+ |
| | | |
\ / \ /
`. ,' `. ,'
'-------' '----------'
Figure 2: Example for Multi-Stage Routing. Figure 2: Example for Multi-Stage Routing.
3.3. Call Forwarding 3.3. Call Forwarding
Imagine the following case where an emergency call enters an Imagine the following case where an emergency call enters an
emergency network (state.org) via an ESRP but then gets forwarded to emergency network (state.example) via an ESRP but then gets forwarded
a different emergency services network (in our example to police- to a different emergency services network (in our example to
town.org, fire-town.org or medic-town.org). The same considerations example.net, example.org or example.com). The same considerations
apply when the police, fire and ambulance networks are part of the apply when the police, fire and ambulance networks are part of the
state.org sub-domains (e.g., police.state.org). state.example sub-domains (e.g., police.state.example).
Similar to the previous scenario the problem here is with the wrong Similar to the previous scenario the problem here is with the wrong
state information being established during the emergency call setup state information being established during the emergency call setup
procedure. A callback would originate in the police-town.org, fire- procedure. A callback would originate in the example.net,
town.org or medic-town.org domain whereas the emergency caller's SIP example.org or example.com domains whereas the emergency caller's SIP
UA or the VoIP outbound proxy has stored state.org. UA or the VoIP outbound proxy has stored state.example.
,-------. ,-------.
,' `. ,' `.
/ Emergency \ / Emergency \
| Services | | Services |
| Network | | Network |
| (state.org) | |(state.example)|
| | | |
| | | |
| +------+ | | +------+ |
| |PSAP +--+ | | |PSAP +--+ |
| +--+---+ | | | +--+---+ | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
skipping to change at page 7, line 46 skipping to change at page 7, line 44
| | | | | |
| Call Fwd | | | Call Fwd | |
| +-+-+---+ | | +-+-+---+ |
\ | | | / \ | | | /
`. | | | ,' `. | | | ,'
'-|-|-|-' ,-------. '-|-|-|-' ,-------.
Police | | | Fire ,' `. Police | | | Fire ,' `.
+------------+ | +----+ / Emergency \ +------------+ | +----+ / Emergency \
,-------. | | | | Services | ,-------. | | | | Services |
,' `. | | | | Network | ,' `. | | | | Network |
/ Emergency \ | Ambulance | | fire-town.org | / Emergency \ | Ambulance | | (Fire) |
| Services | | | | | | | Services | | | | | |
| Network | | +----+ | | +------+ | | Network | | +----+ | | +------+ |
|police-town.org| | ,-------. | +----+---+PSAP | | | (Police) | | ,-------. | +----+---+PSAP | |
| | | ,' `. | | +------+ | | | | ,' `. | | +------+ |
| +------+ | | / Emergency \ | | | | +------+ | | / Emergency \ | | |
| |PSAP +----+--+ | Services | | | , | |PSAP +----+--+ | Services | | | example.com ,
| +------+ | | Network | | `~~~~~~~~~~~~~~~ | +------+ | | Network | | `~~~~~~~~~~~~~~~
| | |medic-town.org | | | | | (Ambulance) | |
| , | | | | example.net , | | |
`~~~~~~~~~~~~~~~ | +------+ | | `~~~~~~~~~~~~~~~ | +------+ | |
| |PSAP +----+ + | |PSAP +----+ +
| +------+ | | +------+ |
| | | |
| , | example.org ,
`~~~~~~~~~~~~~~~ `~~~~~~~~~~~~~~~
Figure 3: Example for Call Forwarding. Figure 3: Example for Call Forwarding.
3.4. Network-based Service URN Resolution 3.4. Network-based Service URN Resolution
The IETF emergency services architecture also considers cases where The IETF emergency services architecture also considers cases where
the resolution from the Service URN to the PSAP URI does not only the resolution from the Service URN to the PSAP URI does not only
happen at the SIP UA itself but at intermediate SIP entities, such as happen at the SIP UA itself but at intermediate SIP entities, such as
the user's VoIP provider. the user's VoIP provider.
skipping to change at page 8, line 34 skipping to change at page 8, line 32
Figure 4 shows this message exchange of the outgoing emergency call Figure 4 shows this message exchange of the outgoing emergency call
and the incoming PSAP graphically. While the state information and the incoming PSAP graphically. While the state information
stored at the VoIP provider is correct the state allocated at the SIP stored at the VoIP provider is correct the state allocated at the SIP
UA is not. UA is not.
,-------. ,-------.
,' `. ,' `.
/ Emergency \ / Emergency \
| Services | | Services |
| Network | | Network |
|police-town.org| | example.com |
| | | |
| +------+ | Invite to police.example.com | +------+ | Invite to police@example.com
| |PSAP +<---+------------------------+ | |PSAP +<---+------------------------+
| | +----+------------------+ ^ | | +----+--------------------+ ^
| +------+ |Invite from | | | +------+ |Invite from | |
| ,police.example.com| | | ,police@example.com | |
`~~~~~~~~~~~~~~~ v | `~~~~~~~~~~~~~~~ | |
+--------+ ++-----+-+ v |
| | query |VoIP | +--------+ Query with location +--+---+-+
| | + urn:service:sos | VoIP |
| LoST |<-----------------------|Service | | LoST |<-----------------------|Service |
| Server | police.example.com |Provider| | Server | police@example.com |Provider|
| |----------------------->| | | |----------------------->| |
+--------+ +--------+ +--------+ +--------+
| ^ | ^
Invite| | Invite Invite| | Invite
from| | to from| | to
police.example.com| | urn:service:sos police@example.com| | urn:service:sos
V | V |
+-------+ +-------+
| SIP | | SIP |
| UA | | UA |
| Alice | | Alice |
+-------+ +-------+
Figure 4: Example for Network-based Service URN Resolution. Figure 4: Example for Network-based Service URN Resolution.
3.5. PSTN Interworking 3.5. PSTN Interworking
skipping to change at page 11, line 17 skipping to change at page 11, line 17
The security threat discussed in Section 5.1 leads to the requirement The security threat discussed in Section 5.1 leads to the requirement
to ensure that the mechanisms described in this document can not be to ensure that the mechanisms described in this document can not be
used for malicious purposes, including telemarketing. used for malicious purposes, including telemarketing.
Furthermore, if the newly defined extension is not recognized, not Furthermore, if the newly defined extension is not recognized, not
verified adequately, or not obeyed by SIP intermediaries or SIP verified adequately, or not obeyed by SIP intermediaries or SIP
endpoints then it must not lead to a failure of the call handling endpoints then it must not lead to a failure of the call handling
procedure. Such call must be treated like a call that does not have procedure. Such call must be treated like a call that does not have
any marking attached. any marking attached.
The indicator described in Section 4 can be inserted by any SIP
entity, including attackers. So it is critical that the indicator
only lead to preferential call treatment in cases where the recipient
has some trust in the caller, as described in the next section.
5.3. Security Solution 5.3. Security Solution
The approach for dealing with implementing the security requirements The approach for dealing with implementing the security requirements
described in Section 5.2 can be differentiated between the behavior described in Section 5.2 can be differentiated between the behavior
applied by the UA and by SIP proxies. A UA that has made an applied by the UA and by SIP proxies. A UA that has made an
emergency call will keep state information so that it can recognize emergency call MUST keep state information so that it can recognize
and accepted a callback from the PSAP if it occurs within a and accepted a callback from the PSAP if it occurs within a
reasonable time after an emergency call was placed, as described in reasonable time after an emergency call was placed, as described in
Section 13 of [RFC6443]. Since UA considerations are described Section 13 of [RFC6443]. Only a timer started at the time when the
already in [RFC6443] as well as in [RFC6881] the rest of this section original emergency call has ended is required; information about the
focuses on the behavior of SIP proxies. calling party identity is not needed since the callback may use a
different calling party identity, as described in Section 3. Since
these SIP UA considerations are described already in [RFC6443] as
well as in [RFC6881] the rest of this section focuses on the behavior
of SIP proxies.
Figure 7 shows the architecture that utilizes the identity of the Figure 7 shows the architecture that utilizes the identity of the
PSAP to decide whether a preferential treatment of callbacks should PSAP to decide whether a preferential treatment of callbacks should
be provided. To make this policy decision, the identity of the PSAP be provided. To make this policy decision, the identity of the PSAP
is compared with a white list of valid PSAPs available to the SIP (i.e., calling party identity) is compared with a PSAPs white list.
entity. The identity assurance in SIP can come in different forms,
such as SIP Identity [RFC4474] or with P-Asserted-Identity [RFC3325].
The former technique relies on a cryptographic assurance and the
latter on a chain of trust. Also the usage of TLS between
neighboring SIP entities may provide useful identity information.
+----------+ +----------+
| List of |+ | List of |+
| valid || | valid ||
| PSAPs || | PSAPs ||
+----------+| +----------+|
+----------+ +----------+
* *
* white list * white list
* *
skipping to change at page 12, line 15 skipping to change at page 12, line 20
+----------+ +----------+
|| ||
|| ||
|| Preferential || Preferential
|| Treatment || Treatment
++========================> ++========================>
(if successfully verified) (if successfully verified)
Figure 7: Identity-based Authorization Figure 7: Identity-based Authorization
The identity assurance in SIP can come in different forms, namely via
the SIP Identity [RFC4474] or the P-Asserted-Identity [RFC3325]
mechanisms. The former technique relies on a cryptographic assurance
and the latter on a chain of trust. Also the usage of TLS between
neighboring SIP entities may provide useful identity information. At
the time of writing these identity technologies are being revised in
the Secure Telephone Identity Revisited (stir) working group [STIR]
to offer better support for legacy technologies interworking and SIP
intermediaries that modify the content of various SIP headers and the
body. Once the work on these specifications has been completed they
will offer a stronger calling party identity mechanism that limits or
prevents identity spoofing.
An important aspect from a security point of view is the relationship An important aspect from a security point of view is the relationship
between the emergency services network (containing PSAPs) and the between the emergency services network (containing the PSAPs) and the
VoIP provider (assuming that the emergency call travels via the VoIP VoIP provider (assuming that the emergency call travels via the VoIP
provider and not directly between the SIP UA and the PSAP). provider and not directly between the SIP UA and the PSAP).
If there is some form of relationship between the emergency services The establishment of a white list with PSAP identities may be
operator and the VoIP provider then the identification of a PSAP operationally complex and dependent on the relationship between the
callback is less problematic than in the case where the two entities emergency services operator and the VoIP provider. When there is a
have not entered in some form of relationship that would allow the relationship between the VoIP provider and the PSAP operator, for
VoIP provider to verify whether the marked callback message indeed example when they are both operating in the same geographical region,
came from a legitimate source. then populating the white list is fairly simple and consequently the
identification of a PSAP callback is less problematic compared to the
case where the two entities have never interacted with each other
before. In the end, the VoIP provider has to verify whether the
marked callback message indeed came from a legitimate source.
The establishment of a whitelist with PSAP identities maybe be VoIP providers MUST only give PSAP callbacks preferential treatment
operationally complex. When there is a local relationship between when the calling party identity of the PSAP was successfully matched
the VoIP provider and the PSAP then populating the whitelist is against entries in the white list. If it cannot be verified (because
fairly simple. For SIP UAs there is no need to maintain a list of there was no match),then the VoIP provider MUST remove the PSAP
PSAPs. Instead SIP UAs are assumed to trust the correct processing callback marking. Thereby, the callback is degenerated to a normal
of their VoIP provider, i.e., the VoIP provider processes the PSAP call. As a second step, SIP UAs MUST maintain a timer that is
callback marking and, if it cannot be verified, the PSAP callback started with the original emergency call and this timer expires
marking is removed. If it is left untouched then the SIP UA should within a reasonable amount of time, such as 30 minutes per [RFC6881].
assume that it has been verified successfully by the VoIP provider Such a timer also ensures that VoIP providers cannot misuse the PSAP
and it should therefore be obeyed. callback mechanism, for example to ensure that their support calls
reaches their customers.
Finally, a PSAP callback MUST use the same media as the original
emergency call. For example, when an initial emergency call
established a real-time text communication session then the PSAP
callback must also attempt to establish a real-time communication
interaction. The reason for this is two-fold. First, the person
seeking for help may have disabilities that prevent them from using
certain media and hence using the same media for the callback avoids
unpleasant surprises and delays. Second, the emergency caller may
have intentionally chosen a certain media and does not prefer to
communicate in a different way. For example, it would be unfortunate
if a hostage tries to seek for help using instant messaging to avoid
any noise when subsequently the ring-tone triggered by a PSAP
callback using a voice call gets the attention of the hostage-taker.
User interface designs need to cater to such situations.
6. IANA Considerations 6. IANA Considerations
This document adds the "psap-callback" value to the SIP Priority This document adds the "psap-callback" value to the SIP Priority
header IANA registry allocated by [RFC6878]. The semantic of the header IANA registry allocated by [RFC6878]. The semantic of the
newly defined "psap-callback" value is defined in Section 4. newly defined "psap-callback" value is defined in Section 4.
7. Acknowledgements 7. Acknowledgements
We would like to thank the following persons for their feedback: Paul We would like to thank the following persons for their feedback: Paul
skipping to change at page 13, line 4 skipping to change at page 13, line 41
newly defined "psap-callback" value is defined in Section 4. newly defined "psap-callback" value is defined in Section 4.
7. Acknowledgements 7. Acknowledgements
We would like to thank the following persons for their feedback: Paul We would like to thank the following persons for their feedback: Paul
Kyzivat, Martin Thomson, Robert Sparks, Keith Drage, Cullen Jennings Kyzivat, Martin Thomson, Robert Sparks, Keith Drage, Cullen Jennings
Brian Rosen, Martin Dolly, Bernard Aboba, Andrew Allen, Atle Monrad, Brian Rosen, Martin Dolly, Bernard Aboba, Andrew Allen, Atle Monrad,
John-Luc Bakker, John Elwell, Geoff Thompson, Dan Romascanu, James John-Luc Bakker, John Elwell, Geoff Thompson, Dan Romascanu, James
Polk, John Medland, Hadriel Kaplan, Kenneth Carlberg, Timothy Dwight, Polk, John Medland, Hadriel Kaplan, Kenneth Carlberg, Timothy Dwight,
Janet Gunn Janet Gunn
We would like to thank the ECRIT working group chairs, Marc Linsner We would like to thank the ECRIT working group chairs, Marc Linsner
and Roger Marshall, for their support. Roger Marshall was the and Roger Marshall, for their support. Roger Marshall was the
document shepherd for this document. Vijay Gurbani provided the document shepherd for this document. Vijay Gurbani provided the
general area review. general area review.
During IESG review the document received good feedback from Barry
Leiba, Spencer Dawkins, Richard Barnes, Joel Jaeggli, Stephen
Farrell, and Benoit Claise.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002. June 2002.
[RFC5627] Rosenberg, J., "Obtaining and Using Globally Routable User [RFC5627] Rosenberg, J., "Obtaining and Using Globally Routable User
skipping to change at page 13, line 41 skipping to change at page 14, line 37
November 2002. November 2002.
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for [RFC4474] Peterson, J. and C. Jennings, "Enhancements for
Authenticated Identity Management in the Session Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 4474, August 2006. Initiation Protocol (SIP)", RFC 4474, August 2006.
[RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for [RFC5012] Schulzrinne, H. and R. Marshall, "Requirements for
Emergency Context Resolution with Internet Technologies", Emergency Context Resolution with Internet Technologies",
RFC 5012, January 2008. RFC 5012, January 2008.
[RFC5222] Hardie, T., Newton, A., Schulzrinne, H., and H.
Tschofenig, "LoST: A Location-to-Service Translation
Protocol", RFC 5222, August 2008.
[RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton, [RFC6443] Rosen, B., Schulzrinne, H., Polk, J., and A. Newton,
"Framework for Emergency Calling Using Internet "Framework for Emergency Calling Using Internet
Multimedia", RFC 6443, December 2011. Multimedia", RFC 6443, December 2011.
[RFC6881] Rosen, B. and J. Polk, "Best Current Practice for [RFC6881] Rosen, B. and J. Polk, "Best Current Practice for
Communications Services in Support of Emergency Calling", Communications Services in Support of Emergency Calling",
BCP 181, RFC 6881, March 2013. BCP 181, RFC 6881, March 2013.
[STIR] IETF, "Secure Telephone Identity Revisited (stir) Working
Group", URL: http://datatracker.ietf.org/wg/stir/charter/,
Oct 2013.
Authors' Addresses Authors' Addresses
Henning Schulzrinne Henning Schulzrinne
Columbia University Columbia University
Department of Computer Science Department of Computer Science
450 Computer Science Building 450 Computer Science Building
New York, NY 10027 New York, NY 10027
US US
Phone: +1 212 939 7004 Phone: +1 212 939 7004
EMail: hgs+ecrit@cs.columbia.edu EMail: hgs+ecrit@cs.columbia.edu
URI: http://www.cs.columbia.edu URI: http://www.cs.columbia.edu
 End of changes. 42 change blocks. 
100 lines changed or deleted 151 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/