From: The IESG To: IETF-Announce Message-Id: Date: Wed, 25 Jan 2006 13:08:19 -0500 Cc: sipping chair , Internet Architecture Board , sipping chair , sipping mailing list , sipping chair , RFC Editor Subject: Document Action: 'Requirements for Consent-Based Communications in the Session Initiation Protocol (SIP)' to Informational RFC The IESG has approved the following document: - 'Requirements for Consent-Based Communications in the Session Initiation Protocol (SIP) ' as an Informational RFC This document is the product of the Session Initiation Proposal Investigation Working Group. The IESG contact person is Allison Mankin. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sipping-consent-reqs-04.txt Technical Summary This document describes requirements for an explicit-consent forwarding system for the Session Initiation Protocol (SIP). SIP is an Internet application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. SIP sessions are separate from the media flows they establish. These sessions include, in particular, telephone calls and sessions of instant messages. By nature these services are intentionally intrusive and therefore sensitive to undesirable communications. SIP is designed according to the end-to-end principle and therefore allows and expects delivery from any SIP node to any other SIP node with no prior relationship. The requirements in this document are designed to prevent undesirable communications in several forms, by allowing explicit authorization and revocation to forward SIP requests. These requirements are particularly important in the context of URIs which represent lists or multiple users. Working Group Summary The document is a product of the SIPPING working group and was developed over the course of about one year. The SIP community (including participants of the SIMPLE, SIP, and SIPPING working groups) and portions of the XCON working group jointly discussed and developed new mechanisms to forward a single SIP request to a list of participants (similar to an email mailing list) in support of applications such as push-to-talk, dial-out conferencing, and group paging style instant messages. The groups realized that such a mechanism is a potential amplifier for unsolicited communications and denial-of-service attacks. This document describes requirements for an explicit-consent authorization and revocation system to mitigate this and related attacks. The working group demonstrated strong consensus to deliver a standard solution to this problem, and support for, or no objection to the specific requirements. The working group is energetically developing mechanisms from these requirements. It considered its consensus on this document to significance as a milestone. Protocol Quality This document was shepherded under the PROTO process by Rohan Mahy, co-chair of the SIP and SIPPING working groups. Note to RFC Editor Please expand the first use of URI to Uniform Resource Identifier.