service
Click on the red underlined text to get to the source
... session. SIP
transparently supports name mapping and redirection services, which
supports personal mobility [27] - users can maintain a single
...
... SIP should be used in conjunction
with other protocols in order to provide complete services to the
users. However, the basic functionality and operation of SIP does
...
...
SIP does not provide services. Rather, SIP provides primitives that
can be used to implement different services ...
... services. Rather, SIP provides primitives that
can be used to implement different services. For example, SIP can
locate a user and deliver an opaque ...
... caller as well as the session description, a "caller ID" service can
be easily implemented. As this example shows, a single primitive is
typically used to provide several different services ...
... service can
be easily implemented. As this example shows, a single primitive is
typically used to provide several different services.
SIP ...
...
SIP does not offer conference control services such as floor control
or voting and does not prescribe how a conference is to be managed.
SIP ...
... resource reservation capabilities.
The nature of the services provided make security particularly
important. To that end, SIP ...
... security particularly
important. To that end, SIP provides a suite of security services,
which include denial-of-service prevention, authentication ...
... SIP provides a suite of security services,
which include denial-of-service prevention, authentication (both user
to user and proxy ...
... domain of Bob's SIP
service provider. Alice has a SIP URI of sip:alice@atlanta.com.
Alice might have typed in Bob's URI ...
... proxy
server at biloxi.com, possibly by performing a particular type of DNS
(Domain Name Service) lookup to find the SIP server that serves the
...
... proxy server consults a
database, generically called a location service, that contains the
current IP address of Bob. (We shall see in the next section how
...
... address from
the top. As a result, although DNS and location service lookups were
required to route ...
... binding, to a
database, called the location service, where it can be used by the
proxy in the biloxi.com domain ...
... registrations. This information is stored together in the location
service and allows a proxy to perform various types of searches to
locate Bob. Similarly, more than one user can be registered on a
...
... single device at the same time.
The location service is just an abstract concept. It generally
contains information that allows a proxy to input a URI ...
... SIPS URI
that points to a domain with a location service that can map
the URI to another URI ...
... URI to another URI where the user might be available.
Typically, the location service is populated through
registrations. An AOR ...
... REGISTER requests
and places the information it receives in those requests into
the location service for the domain it handles.
...
... Server: A server is a network element that receives requests in
order to service them and sends back responses to those
requests. Examples of servers are proxies, user agent servers ...
... 2396(-> 3986std66) [5]). It indicates
the user or service to which this request is being addressed.
The Request-URI MUST NOT contain unescaped spaces or control
characters ...
... UAC will send outgoing requests that are outside of a dialog.
Commonly, they are configured on the UA by a user or service provider
manually, or through some other non-SIP mechanism. When a provider ...
... clients implement non-standard, vendor-defined features in order to
receive service. Extensions defined by experimental and
informational RFCs are explicitly excluded from usage with the
...
... connection failures in
TCP), the condition MUST be treated as a 503 (Service Unavailable)
status code ...
... call processing
in a UAS, effectively creating a denial of service condition; for
more information see Section 26.1.5.
...
... layer and a transaction user that has access to a location service of
some kind (see Section 10 for more on registrars and location
services ...
... service of
some kind (see Section 10 for more on registrars and location
services). This location service is effectively a database
...
... some kind (see Section 10 for more on registrars and location
services). This location service is effectively a database
containing mappings between a single URI ...
... request or gathers the list of alternative locations from the
location service and returns a final response of class 3xx. For
well-formed ...
... SIP network
elements consult an abstract service known as a location service,
which provides address bindings ...
... elements consult an abstract service known as a location service,
which provides address bindings for a particular domain ...
... desired user, sip:bob@engineering.biloxi.com, for example.
Ultimately, a proxy will consult a location service that maps a
received URI to the user agent ...
... Registration creates bindings in a location service for a particular
domain that associates an address-of-record ...
... address-of-record at a domain's location service when requests for
that address-of-record would be routed to that domain ...
... address-of-record.
There are many ways by which the contents of the location service can
be established. One way is administratively. In the above example,
Bob is known to be a member of the engineering department through
...
... UAS known as a registrar. A registrar acts as the front end to the
location service for a domain, reading and writing mappings based on
the contents of REGISTER ...
... domain, reading and writing mappings based on
the contents of REGISTER requests. This location service is then
typically consulted by a proxy server that is responsible for routing ...
... SIP does not mandate a particular mechanism for implementing the
location service. The only requirement is that a registrar for some
domain ...
... requirement is that a registrar for some
domain MUST be able to read and write data to the location service,
and a proxy or a redirect server ...
... Request-URI names the domain of the location
service for which the registration is meant (for example,
"sip:chicago.com"). The "userinfo" and "@" components of the
...
... +---------+ 2)Store|Location|4)Query +-----+
|Registrar|=======>| Service|<=======|Proxy|sip.chicago.com
+---------+ +--------+=======>+-----+
...
... expiration interval of a registration is frequently used in the
creation of services. An example is a follow-me service, where
the user may only be available at a terminal ...
... registration is frequently used in the
creation of services. An example is a follow-me service, where
the user may only be available at a terminal for a brief
...
... targets will either be predetermined by the contents of the request
or will be obtained from an abstract location service. Each target
in the set is represented as a URI ...
... element MAY use whatever mechanism
it desires to determine where to send the request. Any of these
mechanisms can be modeled as accessing an abstract Location Service.
This may consist of obtaining information from a location service
...
... mechanisms can be modeled as accessing an abstract Location Service.
This may consist of obtaining information from a location service
created by a SIP Registrar ...
... algorithmic substitution on the Request-URI. When accessing the
location service constructed by a registrar, the Request-URI MUST
first be canonicalized as described in Section 10.3 before being used
...
... company.com may be ambiguous at a proxy whose
location service has multiple John Smiths listed. See Section
21.4.23 for details.
...
...
As potential targets are located through these services, their URIs
are added to the target set ...
... contacts from redirect requests prevents infinite recursion.
For example, a trivial location service is a "no-op", where the
target URI ...
...
Record-routing may be required by certain services where the
proxy needs to observe all messages in a dialog. However, it
...
... In other words, forwarding a 503 means that the proxy knows it
cannot service any requests, not just the one for the Request-
URI in the request which generated the 503. If the only
...
... forward a request (see Section 18.4), the proxy MUST behave as if the
forwarded request received a 503 (Service Unavailable) response.
...
... proxy, the proxy will replace it with
the results of running a location service. Otherwise, the
proxy will not change the Request-URI ...
... P2 gets this. It is responsible for domain.com so it runs a location
service and rewrites the Request-URI. It also adds a Record-Route ...
... caller@u1.leftprivatespace.com>
P1 uses its location service and sends the following to U2:
INVITE ...
... multicast SIP provides only a rudimentary
"single-hop-discovery-like" service that is limited to processing a
single response. See Section 18.1.1 for details.
...
... Its primary function is to provide a "single-hop-discovery-like"
service, delivering a request to a group of homogeneous servers,
where it is only required to process the response from any one of
...
... Examples of communications resources include the following:
o a user of an online service
o an appearance on a multi-line phone
...
...
SIP/2.0 404 The number you have dialed is not in service
Error-Info: <sip:not-in-service-recording@atlanta.com>
...
... SIP/2.0 404 The number you have dialed is not in service
Error-Info: <sip:not-in-service-recording@atlanta.com>
...
... Retry-After header field can be used with a 500 (Server Internal
Error) or 503 (Service Unavailable) response to indicate how long the
service ...
... Service Unavailable) response to indicate how long the
service is expected to be unavailable to the requesting client and
...
... starting at the
initial time of availability. If no duration parameter is given, the
service is assumed to be available indefinitely.
Examples:
...
... indicating problems with keywords in the session description, 330
through 339 are warnings related to basic network services requested
in the session description, 370 through 379 are warnings related to
...
...
3xx responses give information about the user's new location, or
about alternative services that might be able to satisfy the call.
...
... 380 Alternative Service ...
...
The call was not successful, but alternative services are possible.
The alternative services ...
... services are possible.
The alternative services are described in the message body of the
response. Formats for such bodies are not defined here, and may be
...
...
The server is refusing to service the request because the Request-URI
is longer than the server is willing to interpret.
...
...
The server is refusing to service the request because the message
body of the request is in a format not supported by the server for
...
... A UAS SHOULD NOT use this response unless it truly cannot provide any
useful service to the client. Instead, if a desirable extension is
not listed in the Supported header field ...
... status code separate from 3xx is used since the semantics are
different: for 300, it is assumed that the same person or service
will be reached by the choices provided. While an automated
choice or sequential search ...
... header field. The user could also be available
elsewhere, such as through a voice mail service. Status 600 (Busy
Everywhere) SHOULD be used if the client knows that no other end
...
... 503 Service Unavailable ...
... proxy or UAC) receiving a 503 (Service Unavailable) SHOULD
attempt to forward the request to an alternate server. It SHOULD NOT
...
... Servers MAY refuse the connection or drop the request instead of
responding with 503 (Service Unavailable).
...
... UAC device does not already know of a credential for
the realm in question. A service provider that pre-configures UAs
with credentials ...
... CMS SignedData body. If the desired CMS service
is EnvelopedData (and the public key of the target ...
... SignedData body. If the desired CMS
service is EnvelopedData, the UAS SHOULD send the EnvelopedData
message encapsulated ...
... security needs of SIP. The set of
security services required to address these threats is then detailed,
followed by an explanation of several security mechanisms ...
... followed by an explanation of several security mechanisms that can be
used to provide these services. Next, the requirements for
implementers ...
... deployments of SIP. These threats have been chosen specifically to
illustrate each of the security services that SIP requires.
...
... threats against SIP; rather, these are "classic" threats that
demonstrate the need for particular security services that can
potentially prevent whole categories of threats.
...
... network may be able to modify packets (perhaps at some compromised
intermediary). Attackers may wish to steal services, eavesdrop on
communications, or disrupt sessions.
...
... SIP UAS
that represents a valuable service (a gateway that interworks SIP
requests with traditional telephone calls ...
... interest in ascertaining the identities of originators of requests.
This threat demonstrates the need for security services that enable
SIP entities to authenticate ...
... and in some limited cases header fields, end-to-end. The security
services required for bodies include confidentiality, integrity, and
...
... authentication. These end-to-end services should be independent of
the means used to secure interactions with intermediaries such as
proxy servers ...
... Denial of Service and Amplification ...
...
Denial-of-service attacks focus on rendering a particular network
element unavailable, usually by directing an excessive amount of
...
... network traffic at its interfaces. A distributed denial-of-service
attack allows one network user to cause multiple network hosts ...
... SIP creates a
number of potential opportunities for distributed denial-of-service
attacks that must be recognized and addressed by the implementers and
operators of SIP systems ...
... transactions originating in the backwards direction.
A number of denial-of-service attacks open up if REGISTER requests
are not properly authenticated ...
... use the registrar and any associated proxy servers as amplifiers in a
denial-of-service attack. Attackers might also attempt to deplete
available memory and disk resources of a registrar by registering
...
... multicast to transmit SIP requests can greatly increase
the potential for denial-of-service attacks.
These problems demonstrate a general need to define architectures ...
... These problems demonstrate a general need to define architectures
that minimize the risks of denial-of-service, and the need to be
mindful in recommendations for security mechanisms of this class ...
...
From the threats described above, we gather that the fundamental
security services required for the SIP protocol are: preserving the
confidentiality and integrity ...
... privacy of
the participants in a session, and preventing denial-of-service
attacks. Bodies within SIP messages separately require the security
services of confidentiality ...
... session, and preventing denial-of-service
attacks. Bodies within SIP messages separately require the security
services of confidentiality, integrity, and authentication ...
... domain (atlanta.com) rather than biloxi.com, then the proxy server
would have consulted its location service to determine how best to
reach the requested user.
...
... in this dialog will pass through the proxy servers. The proxy
servers can thereby continue to provide security services for the
lifetime of this dialog. If the proxy servers ...
... Record-Route, future messages will pass directly end-to-end
between Alice and Bob without any security services (unless the two
parties agree on some independent end-to-end security such as
...
...
In order to minimize the risk of a denial-of-service attack against
architectures using these security solutions ...
... sockets. These bastion hosts can also take the brunt of
denial-of-service attacks, ensuring that SIP hosts within the
...
... TLS significantly reduces the potential for rogue
intermediaries to introduce falsified requests or responses that can
deny service. This commensurately makes it harder for attackers to
make innocent SIP ...
... authenticate themselves to a resource
with which they have a pre-existing association, like a service
provider of which the user is a customer (which is quite a common
scenario and thus Digest provides an extremely useful function). By
...
... binding for a
SIPS Request-URI. Although location services are commonly populated
by user registrations (as described in Section 10.2.1), various other
...
... URIs as
appropriate. When queried for bindings, a location service returns
its contact addresses without regard for whether it received a
...
... Request-URI. If a redirect server is accessing
the location service, it is up to the entity that processes the
Contact header field ...
...
Note that there are also less direct ways in which private
information can be divulged. If a user or service chooses to be
reachable at an address that is guessable from the person's name and
...
... privacy by having an
unlisted "phone number" is compromised. A user location service can
infringe on the privacy of the recipient of a session invitation ...
... keywords in the session description, 330 through 339 are warnings
related to basic network services requested in the session
description, 370 through 379 are warnings related to quantitative QoS ...
... o The action parameter in registrations has been deprecated. It was
insufficient for any useful services, and caused conflicts when
application processing was applied in proxies.
...
... E. M. Schooler, "A multicast user directory service for synchronous rendezvous," Master's Thesis CS-TR-96-18, Department of Computer Science ...
... H. Schulzrinne, "Personal mobility for multimedia services in the Internet," in European Workshop on Interactive Distributed Multimedia Systems and Services (IDMS), (Berlin, Germany), Mar. 1996. ...
... H. Schulzrinne, "Personal mobility for multimedia services in the Internet," in European Workshop on Interactive Distributed Multimedia Systems and Services (IDMS), (Berlin, Germany), Mar. 1996. ...