As specified in the ABNF found in Section 2.4.2, an 'enumservice' is
made up of 'types' and 'subtypes'. For any given 'type', the
allowable 'subtypes' must be specified in the registration. There is
currently no concept of a registered 'subtype' outside the scope of a
given 'type'. Thus the registration process uses the 'type' as its
main key within the IANA Registry. While the combination of each
type and all of its subtypes constitutes the allowed values for the
'enumservice' field, it is not sufficient to simply document those
values. A complete registration will also include the allowed URI
schemes, a functional specification, security considerations,
intended usage, and any other information needed to allow for
interoperability within ENUM. In order to be a registered ENUM
Service, the entire specification, including the template, requires
approval by the IESG and publication of the Enumservice registration
specification as an RFC.
Service registration proposals are all expected to conform to various
requirements laid out in the following sections.
A registered Enumservice must be able to function as a selection
mechanism when choosing one NAPTR resource record from another. That
means that the registration MUST specify what is expected when using
that very NAPTR record, and the URI which is the outcome of the use
of it.
Specifically, a registered Enumservice MUST specify the URI scheme(s)
that may be used for the Enumservice, and, when needed, other
information which will have to be transferred into the URI resolution
process itself (LDAP Distinguished Names, transferring of the AUS
into the resulting URI, etc).
An Enumservice MUST be unique in order to be useful as a selection
criteria. Since an Enumservice is made up of a type and a type-
dependent subtype, it is sufficient to require that the 'type' itself
be unique. The 'type' MUST be unique, conform to the ABNF specified
in Section 2.4.2, and MUST NOT start with the facet "X-" which is
reserved for experimental, private use.
The subtype, being dependent on the type, MUST be unique within a
given 'type'. It must conform to the ABNF specified in Section
2.4.2, and MUST NOT start with the facet "X-" which is reserved for
experimental, private use. The subtype for one type MAY be the same
as a subtype for a different registered type but it is not sufficient
to simply reference another type's subtype. The function of each
subtype must be specified in the context of the type being
registered.
An analysis of security issues is required for all registered
Enumservices. (This is in accordance with the basic requirements for
all IETF protocols.)
All descriptions of security issues must be as accurate as possible
regardless of registration tree. In particular, a statement that
there are "no security issues associated with this Enumservice" must
not be confused with "the security issues associated with this
Enumservice have not been assessed".
There is no requirement that an Enumservice must be secure or
completely free from risks. Nevertheless, all known security risks
must be identified in the registration of an Enumservice.
The security considerations section of all registrations is subject
to continuing evaluation and modification.
Some of the issues that should be looked at in a security analysis of
an Enumservice are:
1. Complex Enumservices may include provisions for directives that
institute actions on a user's resources. In many cases provision
can be made to specify arbitrary actions in an unrestricted
fashion which may then have devastating results. Especially if
there is a risk for a new ENUM lookup, and because of that an
infinite loop in the overall resolution process of the E.164.
2. Complex Enumservices may include provisions for directives that
institute actions which, while not directly harmful, may result in
disclosure of information that either facilitates a subsequent
attack or else violates the users privacy in some way.
3. An Enumservice might be targeted for applications that require
some sort of security assurance but do not provide the necessary
security mechanisms themselves. For example, an Enumservice could
be defined for storage of confidential security services
information such as alarm systems or message service passcodes,
which in turn require an external confidentiality service.
Proposals for Enumservices registrations MUST be published as one of
the following documents; RFC on the Standards Track, Experimental
RFC, or as a BCP.
IANA will retain copies of all Enumservice registration proposals and
"publish" them as part of the Enumservice Registration tree itself.
Provided that the Enumservice has obtained the necessary approval,
and the RFC is published, IANA will register the Enumservice and make
the Enumservice registration available to the community in addition
to the RFC publication itself.
Enumservice registrations will be published in the IANA repository
and made available via anonymous FTP at the following URI:
"ftp://ftp.iana.org/assignments/enum-services/".
Change control of Enumservices stay with the IETF via the RFC
publication process. Especially, Enumservice registrations may not
be deleted; Enumservices which are no longer believed appropriate for
use can be declared OBSOLETE by publication of a new RFC and a change
to their "intended use" field; such Enumservice will be clearly
marked in the lists published by IANA.
Enumservice Type:
Enumservice Subtype(s):
URI Scheme(s):
Functional Specification:
Security considerations:
Intended usage: (One of COMMON, LIMITED USE or OBSOLETE)
Author:
Any other information that the author deems interesting:
Note: In the case where a particular field has no value, that field
is left completely blank, especially in the case where a given type
has no subtypes.
