1<?xml version='1.0' encoding='utf-8'?>
2<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [
3<!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
4<!ENTITY RFC3261 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3261.xml">
5<!ENTITY RFC3262 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3262.xml">
6<!ENTITY RFC3326 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3326.xml">
7<!ENTITY RFC4103 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4103.xml">
8<!ENTITY RFC4240 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4240.xml">
9<!ENTITY RFC4566 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4566.xml">
10<!ENTITY RFC5039 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5039.xml">
11<!ENTITY RFC6350 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6350.xml">
12<!ENTITY RFC6809 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6809.xml">
13<!ENTITY RFC7092 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7092.xml">
14<!ENTITY RFC7095 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7095.xml">
15<!ENTITY RFC7340 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7340.xml">
16<!ENTITY RFC7515 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7515.xml">
17<!ENTITY RFC7518 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7518.xml">
18<!ENTITY RFC7519 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
19<!ENTITY RFC8174 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
20<!ENTITY RFC8197 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8197.xml">
21<!ENTITY RFC8224 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8224.xml">
22<!ENTITY RFC8259 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
23<!ENTITY RFC8445 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8445.xml">
25<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
26<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-ietf-sipcore-rejected-09" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" version="3">
27  <!-- xml2rfc v2v3 conversion 2.23.1 -->
28  <front>
29    <title abbrev="SIP Response Code for Rejected Calls">A Session Initiation
30    Protocol (SIP) Response Code for Rejected Calls</title>
31    <seriesInfo name="Internet-Draft" value="draft-ietf-sipcore-rejected-09"/>
32    <author fullname="Eric W. Burger" initials="E.W." surname="Burger">
33      <organization>Georgetown University</organization>
34      <address>
35        <postal>
36          <street>37th &amp; O St, NW</street>
37          <city>Washington</city>
38          <region>DC</region>
39          <code>20057</code>
40          <country>USA</country>
41        </postal>
42        <email>eburger@standardstrack.com</email>
43      </address>
44    </author>
45    <author fullname="Bhavik Nagda" initials="B." surname="Nagda">
46      <organization>Massachusetts Institute of Technology</organization>
47      <address>
48        <postal>
49          <street>77 Massachusetts Avenue</street>
50          <city>Cambridge</city>
51          <region>MA</region>
52          <code>02139</code>
53          <country>USA</country>
54        </postal>
55        <phone/>
56        <email>nagdab@gmail.com</email>
57        <uri/>
58      </address>
59    </author>
60    <!-- If the month and year are both specified and are the current ones, xml2rfc will fill 
61        in the current day for you. If only the current year is specified, xml2rfc will fill 
62  in the current day and month for you. If the year is not the current one, it is 
63  necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the 
64  purpose of calculating the expiry date).  With drafts it is normally sufficient to 
65  specify just the year. -->
66    <date day="28" month="June" year="2019"/>
67    <!-- Meta-data Declarations -->
68    <area>RAI</area>
69    <workgroup>SIPCORE</workgroup>
70    <keyword>STIR</keyword>
71    <keyword>SIPCORE</keyword>
72    <keyword>IANA</keyword>
73    <abstract>
74      <t>This document defines the 608 (Rejected) SIP response code. This
75      response code enables calling parties to learn that an intermediary
76      rejected their call attempt. No one will deliver, and thus no one will
77      answer, the call. As a 6xx code, the caller will be aware that future
78      attempts to contact the same User Agent Server will likely fail. The
79      initial use case driving the need for the 608 response code is when the
80      intermediary is an analytics engine. In this case, the rejection is by a
81      machine or other process. This contrasts with the 607 (Unwanted) SIP
82      response code, which a human at the target User Agent Server indicated
83      the user did not want the call. In some jurisdictions this distinction
84      is important. This document also defines the use of the Call-Info header
85      field in 608 responses to enable rejected callers to contact entities
86      that blocked their calls in error. This provides a remediation mechanism
87      for legal callers that find their calls blocked.</t>
88    </abstract>
89  </front>
90  <middle>
91    <section numbered="true" toc="default">
92      <name>Introduction</name>
93      <t>The IETF has been addressing numerous issues surrounding how to
94      handle unwanted and, depending on the jurisdiction, illegal calls <xref target="RFC5039" format="default"/>. <xref target="RFC7340" format="default">STIR</xref> and <xref target="SHAKEN" format="default">SHAKEN</xref> address the cryptographic signing and
95      attestation, respectively, of signaling to ensure the integrity and
96      authenticity of the asserted caller identity.</t>
97      <t>This document describes a new <xref target="RFC3261" format="default">Session
98      Initiation Protocol (SIP)</xref> response code, 608, which allows
99      calling parties to learn that an intermediary rejected their call. As
100      described below, we need a distinct indicator to differentiate between a
101      user rejection and an intermediary's rejection of a call. In some
102      jurisdictions, service providers may not be permitted to block calls,
103      even if unwanted by the user, unless there is an explicit user request.
104      Moreover, users may misidentify the nature of a caller.</t>
105      <t>For example, a legitimate caller may call a user who finds the call
106      to be unwanted. However, instead of marking the call as unwanted, the
107      user may mark the call as illegal. With that information, an analytics
108      engine may determine to block all calls from that source. However, in
109      some jurisdictions blocking calls from that source for other users may
110      not be legal. Likewise, one can envision jurisdictions that allow an
111      operator to block such calls, but only if there is a remediation
112      mechanism in place to address false positives.</t>
113      <t>Some call blocking services may return responses such as 604 (Does
114      Not Exist Anywhere). This might be a strategy to try to get a
115      destination's address removed from a calling database. However, other
116      network elements might also interpret this to mean the user truly does
117      not exist, which might result in the user not being able to receive
118      calls from anyone, even if they wanted to receive the calls. In many
119      jurisdictions, providing such false signaling is also illegal.</t>
120      <t>The 608 response code addresses this need of remediating falsely
121      blocked calls. Specifically, this code informs the SIP User Agent Client
122      (UAC) that an intermediary blocked the call and provides a redress
123      mechanism that allows callers to contact the operator of the
124      intermediary.</t>
125      <t>In the current call handling ecosystem, users can explicitly reject a
126      call or later mark a call as being unwanted by issuing a <xref target="RFC8197" format="default">607 SIP response code (Unwanted)</xref>. <xref target="uas_reject" format="default"/> and <xref target="reject_ladder" format="default"/> show the
127      operation of the 607 SIP response code. The User Agent Server (UAS)
128      indicates the call was unwanted. As <xref target="RFC8197" format="default"/> explains,
129      not only does the called party desire to reject that call, they can let
130      their proxy know that they consider future calls from that source
131      unwanted. Upon receipt of the 607 response from the UAS, the proxy may
132      send unwanted call indicators, such as the value of the From header
133      field and other information elements, to a call analytics engine. For
134      various reasons described in <xref target="RFC8197" format="default"/>, if a network
135      operator receives multiple reports of unwanted calls, that may indicate
136      that the entity placing the calls is likely to be a source of unwanted
137      calls for many people. As such, other customers of the service provider
138      may want the service provider to automatically reject calls on their
139      behalf.</t>
140      <t>There is another value of the 607 rejection code. Presuming the proxy
141      forwards the response code to the User Agent Client (UAC), the calling
142      UAC or intervening proxies will also learn the user is not interested in
143      receiving calls from that sender.</t>
144      <figure anchor="uas_reject">
145        <name>Unwanted (607) Call Flow</name>
146        <artwork name="" type="" align="left" alt=""><![CDATA[
147                      +-----------+
148                      |   Call    |
149                      | Analytics |
150                      |  Engine   |
151                      +-----------+
152                         ^     | (likely not SIP)
153                         |     v
154                      +-----------+
155   +-----+    607     |  Called   |    607    +-----+
156   | UAC | <--------- |  Party    | <-------- | UAS |
157   +-----+            |  Proxy    |           +-----+
158                      +-----------+
160       ]]></artwork>
161      </figure>
162      <t>For calls rejected with a 607 from a legitimate caller, receiving a
163      607 response code can inform the caller to stop attempting to call the
164      user. Moreover, if a legitimate caller believes the user is rejecting
165      their calls in error, they can use other channels to contact the user.
166      For example, if a pharmacy calls a user to let them know their
167      prescription is available for pickup and the user mistakenly thinks the
168      call is unwanted and issues a 607 response code, the pharmacy, having an
169      existing relationship with the customer, can send the user an email or
170      push a note to the pharmacist to ask the customer to consider not
171      rejecting their calls in the future.</t>
172      <t>Many systems that allow the user to mark the call unwanted (e.g.,
173      with the 607 response code) also allow the user to change their mind and
174      unmark such calls. This mechanism is relatively easy to implement as the
175      user usually has a direct relationship with the service provider that is
176      blocking calls.</t>
177      <t>However, things become more complicated if an intermediary, such as a
178      third-party provider of call management services that classifies calls
179      based on the relative likelihood that the call is unwanted,
180      misidentifies the call as unwanted. <xref target="cae_reject" format="default"/> shows
181      this case. Note that the UAS typically does not receive an INVITE since
182      the called party proxy rejects the call on behalf of the user. In this
183      situation, it would be beneficial for the caller to learn who rejected
184      the call, so they can correct the misidentification.</t>
185      <figure anchor="reject_ladder">
186        <name>Unwanted (607) Ladder Diagram</name>
187        <artwork name="" type="" align="left" alt=""><![CDATA[
188                    +--------+         +-----------+
189                    | Called |         |   Call    |
190   +-----+          | Party  |         | Analytics |   +-----+
191   | UAC |          | Proxy  |         |  Engine   |   | UAS |
192   +-----+          +--------+         +-----------+   +-----+
193      |  INVITE         |                    |            |
194      | --------------> |  Is call OK?       |            |
195      |                 |------------------->|            |
196      |                 |                    |            |
197      |                 |               Yes  |            |
198      |                 |<-------------------|            |
199      |                 |                    |            |
200      |                 | INVITE             |            |
201      |                 | ------------------------------> |
202      |                 |                    |            |
203      |                 |                    |       607  |
204      |                 | <------------------------------ |
205      |                 |                    |            |
206      |                 |  Unwanted call     |            |
207      |            607  | -----------------> |            |
208      | <-------------- |  indicators        |            |
209      |                 |                    |            |
213      </figure>
214      <figure anchor="cae_reject">
215        <name>Rejected (608) Call Flow</name>
216        <artwork name="" type="" align="left" alt=""><![CDATA[
217                      +-----------+
218                      |   Call    |
219                      | Analytics |
220                      |  Engine   |
221                      +-----------+
222                         ^     | (likely not SIP)
223                         |     v
224                      +-----------+
225   +-----+    608     |  Called   |           +-----+
226   | UAC | <--------- |  Party    |           | UAS |
227   +-----+            |  Proxy    |           +-----+
228                      +-----------+
230       ]]></artwork>
231      </figure>
232      <t>In this situation, one might consider to have the intermediary use
233      the 607 response code. 607 indicates to the caller the subscriber does
234      not want the call. However, <xref target="RFC8197" format="default"/> specifies that one
235      of the uses of 607 is to inform analytics engines that a user (human)
236      has rejected a call. The problem here is that network elements
237      downstream from the intermediary might interpret the 607 as coming from
238      a user (human) who has marked the call as unwanted, as opposed to coming
239      from an algorithm using statistics or machine learning to reject the
240      call. An algorithm can be vulnerable to the <xref target="BaseRate" format="default">base
241      rate fallacy</xref> rejecting the call. In other words, those downstream
242      entities should not rely on another entity 'deciding' the call is
243      unwanted. By distinguishing between a (human) user rejection and an
244      intermediary engine's statistical rejection, a downstream network
245      element that sees a 607 response code can weigh it as a human rejection
246      in its call analytics, versus deciding whether to consider a 608 at all,
247      and if so, weighing it appropriately.</t>
248      <t>It is useful for blocked callers to have a redress mechanism. One can
249      imagine that some jurisdictions will require it. However, we must be
250      mindful that most of the calls that intermediaries block will, in fact,
251      be illegal and eligible for blocking. Thus, providing alternate contact
252      information for a user would be counterproductive to protecting that
253      user from illegal communications. This is another reason we do not
254      propose to simply allow alternate contact information in a 607 response
255      message.</t>
256      <t>Why do we not use the same mechanism an analytics service provider
257      offers their customers? Specifically, why not have the analytics service
258      provider allow the called party to correct a call blocked in error? The
259      reason is while there is an existing relationship between the customer
260      (called party) and the analytics service provider, it is unlikely there
261      is a relationship between the caller and the analytics service provider.
262      Moreover, there are numerous call blocking providers in the ecosystem.
263      Therefore, we need a mechanism for indicating an intermediary rejected a
264      call that also provides contact information for the operator of that
265      intermediary, without exposing the target user's contact
266      information.</t>
267      <t>The protocol described in this document uses existing SIP protocol
268      mechanisms for specifying the redress mechanism. In the Call-Info header
269      passed back to the UAC, we send additional information specifying a
270      redress address. We choose to encode the redress address using <xref target="RFC7095" format="default">jCard</xref>. As we will see later in this document,
271      this information needs to have its own, application-layer integrity
272      protection. Thus, we use jCard rather than <xref target="RFC6350" format="default">vCard</xref> as we have a marshaling mechanism for
273      creating a JavaScript Object Notation <xref target="RFC8259" format="default">(JSON)</xref> object, such as a jCard, and a standard
274      integrity format for such an object, namely JSON Web Signature <xref target="RFC7515" format="default">(JWS)</xref>. The SIP community is familiar with this
275      concept as it is the mechanism used by <xref target="RFC8224" format="default">STIR</xref>.</t>
276      <t>Integrity protecting the jCard with a cryptographic signature might
277      seem unnecessary at first, but it is essential to preventing potential
278      network attacks. <xref target="Security" format="default"/> describes the attack and why
279      we sign the jCard in more detail.</t>
280    </section>
281    <section numbered="true" toc="default">
282      <name>Terminology</name>
283      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
285      "OPTIONAL" in this document are to be interpreted as described in BCP 14
286      <xref target="RFC2119" format="default"/><xref target="RFC8174" format="default"/> when, and only when,
287      they appear in all capitals, as shown here.</t>
288    </section>
289    <section numbered="true" toc="default">
290      <name>Protocol Operation</name>
291      <t>This section uses the term 'intermediary' to mean the entity that
292      acts as a SIP User Agent Server (UAS) on behalf of the user in the
293      network, as opposed to the user's UAS (usually, but not necessarily,
294      their phone). The intermediary could be a back-to-back user agent
295      (B2BUA) or a SIP Proxy.</t>
296      <t><xref target="cae_ladder" format="default"/> shows an overview of the call flow for a
297      rejected call.</t>
298      <figure anchor="cae_ladder">
299        <name>Rejected (608) Ladder Diagram</name>
300        <artwork name="" type="" align="left" alt=""><![CDATA[
301                    +--------+         +-----------+
302                    | Called |         |   Call    |
303   +-----+          | Party  |         | Analytics |   +-----+
304   | UAC |          | Proxy  |         |  Engine   |   | UAS |
305   +-----+          +--------+         +-----------+   +-----+
306      |  INVITE         |                    |            |
307      | --------------> |  Information from  |            |
308      |                 | -----------------> |            |
309      |                 |  INVITE            |            |
310      |                 |            Reject  |            |
311      |            608  | <----------------- |            |
312      | <-------------- |            call    |            |
313      |                 |                    |            |
315       ]]></artwork>
316      </figure>
317      <section numbered="true" toc="default">
318        <name>Intermediary Operation</name>
319        <t>An intermediary MAY issue the 608 response code in a failure
320        response for an INVITE, MESSAGE, SUBSCRIBE, or other out-of-dialog
321        <xref target="RFC3261" format="default">SIP</xref> request to indicate that an
322        intermediary rejected the offered communication as unwanted by the
323        user. An intermediary MAY issue the 608 as the value of the "cause"
324        parameter of a SIP reason-value in a Reason header field <xref target="RFC3326" format="default"/>.</t>
325        <t>If an intermediary issues a 608 code and there are no indicators
326        the calling party will use the contents of the Call-Info header field
327        for malicious purposes (see <xref target="Security" format="default"/>), the
328        intermediary MUST include a Call-Info header field in the
329        response.</t>
330        <t>If there is a Call-Info header field, it MUST have the 'purpose'
331        parameter of 'jwscard'. The value of the Call-Info header field MUST
332        refer to a valid JSON Web Signature (<xref target="RFC7515" format="default">JWS</xref>) encoding of a <xref target="RFC7095" format="default">jCard</xref> object. The following section describes
333        the construction of the JWS.</t>
334        <t>Proxies need to be mindful that a downstream intermediary may
335        reject the attempt with a 608 while other paths may still be in
336        progress. In this situation, the requirements stated in Section 16.7
337        of <xref target="RFC3261" format="default"/> apply. Specifically, the proxy should
338        cancel pending transactions and must not create any new branches. Note
339        this is not a new requirement but simply pointing out the existing 6xx
340        protocol mechanism in SIP.</t>
341      </section>
342      <section numbered="true" toc="default">
343        <name>JWS Construction</name>
344        <t>The intermediary constructs the JWS of the jCard as follows.</t>
345        <section numbered="true" toc="default">
346          <name>JOSE Header</name>
347          <t>The Javascript Object Signing and Encryption (JOSE) header MUST
348          include the typ, alg, and x5u parameters from <xref target="RFC7515" format="default">JWS</xref>. The typ parameter MUST have the value
349          "vcard+json". Implementations MUST support ES256 as JSON Web
350          Algorithms (<xref target="RFC7518" format="default">JWA</xref>) defines it, and MAY
351          support other registered signature algorithms. Finally, the x5u
352          parameter MUST be a URI that resolves to the public key certificate
353          corresponding to the key used to digitally sign the JWS.</t>
354        </section>
355        <section anchor="JWT" numbered="true" toc="default">
356          <name>JWT Payload</name>
357          <t>The payload contains two JSON values. The first JSON Web Token
358          (JWT) claim that MUST be present is the <xref target="RFC7519" format="default">iat
359          (issued at) claim</xref>. The "iat" MUST be set to the date and time
360          of the issuance of the 608 response. This mandatory component
361          protects the response from replay attacks.</t>
362          <t>The second JWT claim that MUST be present is the "jcard" claim.
363          The value of the <xref target="RFC7095" format="default">jcard</xref> claim is a JSON
364          array conforming to the JSON jCard data format defined in RFC7095
365          <xref target="JWT-IANA" format="default"/> describes the registration. In the
366          construction of the jcard claim, the "jcard" MUST include at least
367          one of the URL, EMAIL, TEL, or ADR properties. UACs supporting this
368          specification MUST be prepared to receive a full jCard. Call
369          originators (at the UAC) can use the information returned by the
370          jCard to contact the intermediary that rejected the call to appeal
371          the intermediary's blocking of the call attempt. What the
372          intermediary does if the blocked caller contacts the intermediary is
373          outside the scope of this document.</t>
374        </section>
375        <section anchor="s.JWS" numbered="true" toc="default">
376          <name>JWS Signature</name>
377          <t><xref target="RFC7515" format="default">JWS</xref> specifies the procedure for
378          calculating the signature over the jCard JWT. <xref target="EXAMPLES" format="default"/> of this document has a detailed example on
379          constructing the JWS, including the signature.</t>
380        </section>
381      </section>
382      <section numbered="true" toc="default">
383        <name>UAC Operation</name>
384        <t>A UAC conforming to this specification MUST include the sip.608
385        feature capability indicator in the Feature-Caps header field of the
386        INVITE request.</t>
387        <t>Upon receiving a 608 response, UACs perform normal SIP processing
388        for 6xx responses.</t>
389        <t>As for the disposition of the jCard itself, the UAC MUST check the
390        "iat" claim in the JWT. As noted in <xref target="s.JWS" format="default"/>, we are
391        concerned about replay attacks. Therefore, the UAC MUST reject jCards
392        that come with an expired "iat". The definition of "expired" is a
393        matter of local policy. A reasonable value would be on the order of a
394        minute due to clock drift and the possibility of the playing of an
395        audio announcement before the delivery of the 608 response.</t>
396      </section>
397      <section numbered="true" toc="default">
398        <name>Legacy Interoperation</name>
399        <t>If the UAC indicates support for 608 and the intermediary issues a
400        608, life is good, as the UAC will receive all the information it
401        needs to remediate an erroneous block by an intermediary. However,
402        what if the UAC does not understand 608? For example, how can we
403        support callers from a legacy, non-SIP public switched network
404        connecting to the SIP network via a media gateway?</t>
405        <t>We address this situation by having the first network element that
406        conforms with this specification play an announcement in the media.
407        See <xref target="announcement" format="default"/> for requirements on the
408        announcement. The simple rule is a network element that inserts the
409        sip.608 feature capability MUST be able to convey at a minimum how to
410        contact the operator of the intermediary that rejected the call
411        attempt.</t>
412        <t>The degenerate case is the intermediary is the only element that
413        understands the semantics of the 608 response code. Obviously, any SIP
414        device will understand that a 608 response code is a 6xx error.
415        However, there are no other elements in the call path that understand
416        the meaning of the value of the Call-Info header field. The
417        intermediary knows this is the case as the INVITE request will not
418        have the sip.608 feature capability. In this case, one can consider
419        the intermediary to be the element 'inserting' a virtual sip.608
420        feature capability. If the caveats described in <xref target="announcement" format="default"/> and <xref target="Security" format="default"/> do not hold, the
421        intermediary MUST play the announcement.</t>
422        <t>Now we take the case where a network element that understands the
423        608 response code receives an INVITE for further processing. A network
424        element conforming with this specification MUST insert the sip.608
425        feature capability, per the behaviors described in Section 4.2 of
426        <xref target="RFC6809" format="default"/>.</t>
427        <t>Do note that even if a network element plays an announcement
428        describing the contents of the 608 response message, the network
429        element MUST forward the 608 response code message as the final
430        response to the INVITE.</t>
431        <t>One aspect of using a feature capability is that only the network
432        elements that will either consume (UAC) or play an announcement (media
433        gateway, session border controller (<xref target="RFC7092" format="default">SBC</xref>), or proxy) need to understand the sip.608
434        feature capability. If the other network elements conform to Section
435        16.6 of <xref target="RFC3261" format="default"/>, they will pass header fields such as
436        "Feature-Caps: *;+sip.608" unmodified and without need for
437        upgrade.</t>
438        <t>Because the ultimate disposition of the call attempt will be a
439        600-class response, the network element conveying the announcement in
440        the legacy direction MUST use the 183 Session Progress response to
441        establish the media session. Because of the small chance the UAC is an
442        extremely old legacy device and is using UDP, the UAC MUST include
443        support for <xref target="RFC3262" format="default">100Rel</xref> in its INVITE and the
444        network element conveying the announcement MUST Require 100Rel in the
445        183 and the UAC MUST issue a PRACK to which the network element MUST
446        respond 200 OK PRACK.</t>
447      </section>
448      <section anchor="announcement" numbered="true" toc="default">
449        <name>Announcement Requirements</name>
450        <t>There are a few requirements on the element that handles the
451        announcement for legacy interoperation.</t>
452        <t>As noted above, the element that inserts the sip.608 feature
453        capability is responsible for conveying the information referenced by
454        the Call-Info header field in the 608 response message. However, this
455        specification does not mandate how to convey that information.</t>
456        <t>Let us take the case where a telecommunications service provider
457        controls the element inserting the sip.608 feature capability. It
458        would be reasonable to expect the service provider would play an
459        announcement in the media path towards the UAC (caller). It is
460        important to note the network element should be mindful of the media
461        type requested by the UAC as it formulates the announcement. For
462        example, it would make sense for an INVITE that only indicated audio
463        codecs in the Session Description Protocol <xref target="RFC4566" format="default">(SDP)</xref> to result in an audio announcement.
464        Likewise, if the INVITE only indicated a <xref target="RFC4103" format="default">real-time text codec</xref> and the network element
465        can render the information in the requested media format, the network
466        element should send the information in a text format.</t>
467        <t>It is also possible for the network element inserting the sip.608
468        feature capability to be under the control of the same entity that
469        controls the UAC. For example, a large call center might have legacy
470        UACs, but have a modern outbound calling proxy that understands the
471        full semantics of the 608 response code. In this case, it is enough
472        for the outbound calling proxy to digest the Call-Info information and
473        handle the information digitally, rather than 'transcoding' the
474        Call-Info information for presentation to the caller.</t>
475      </section>
476    </section>
477    <section anchor="EXAMPLES" numbered="true" toc="default">
478      <name>Examples</name>
479      <t>These examples are not normative, do not include all protocol
480      elements, and may have errors. Review the protocol documents for actual
481      syntax and semantics of the protocol elements.</t>
482      <section numbered="true" toc="default">
483        <name>Full Exchange</name>
484        <t>Given an INVITE, shamelessly taken from <xref target="SHAKEN" format="default"/>,
485        with the line breaks in the Identity header field for display purposes
486        only:</t>
487        <artwork name="" type="" align="left" alt=""><![CDATA[
488INVITE sip:+12155550113@tel.one.example.net SIP/2.0
489Max-Forwards: 69
490Contact: <sip:+12155550112@[2001:db8::12]:50207;rinstance=9da3088f3>
491To: <sip:+12155550113@tel.one.example.net>
492From: "Alice" <sip:+12155550112@tel.two.example.net>;tag=614bdb40
494P-Asserted-Identity: "Alice"<sip:+12155550112@tel.two.example.net>,
495    <tel:+12155550112>
496CSeq: 2 INVITE
499Content-Type: application/sdp
500Date: Tue, 16 Aug 2016 19:23:38 GMT
501Feature-Caps: *;+sip.608
502Identity: eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwicHB0Ijoic2hha2V
508 <http://cert.example2.net/example.cert>;alg=ES256
509Content-Length: 153
512o=- 13103070023943130 1 IN IP6 2001:db8::177
513c=IN IP6 2001:db8::177
514t=0 0
515m=audio 54242 RTP/AVP 0
517       ]]></artwork>
518        <t>An intermediary could reply:</t>
519        <artwork name="" type="" align="left" alt=""><![CDATA[
520SIP/2.0 608 Rejected
521Via: SIP/2.0/UDP [2001:db8::177]:60012;branch=z9hG4bK-524287-1 
522From: "Alice" <sip:+12155550112@tel.two.example.net>;tag=614bdb40
523To: <sip:+12155550113@tel.one.example.net>
525CSeq: 2 INVITE
526Call-Info: <https://block.example.net/complaint-jws>;purpose=jwscard
527      ]]></artwork>
528        <t>The location https://block.example.net/complaint-jws resolves to a
529        JWS. One would construct the JWS as follows.</t>
530        <t>The JWS header of this example jCard could be:</t>
531        <artwork name="" type="" align="left" alt=""><![CDATA[{ "alg":"ES256",
532  "typ":"vcard+json",
533  "x5u":"https://certs.example.net/reject_key.cer"
537        <t>Now, let us construct a minimal jCard. For this example, the jCard
538        refers the caller to an email address,
539        remediation@blocker.example.net:</t>
540        <artwork name="" type="" align="left" alt=""><![CDATA[["vcard",
541  [
542    ["version", {}, "text", "4.0"],
543    ["fn", {}, "text", "Robocall Adjudication"],
544    ["email", {"type":"work"}, 
545              "text", "remediation@blocker.example.net"]
546  ]
550        <t>With this jCard, we can now construct the JWT:</t>
551        <artwork name="" type="" align="left" alt=""><![CDATA[{
552  "iat":1546008698,
553  "jcard":["vcard",
554    [
555      ["version", {}, "text", "4.0"],
556      ["fn", {}, "text", "Robocall Adjudication"],
557      ["email", {"type":"work"}, 
558                "text", "remediation@blocker.example.net"]
559    ]
560  ]
564        <t>To calculate the signature, we need to encode the JSON Object
565        Signing and Encryption (JOSE) header and JWT into base64url. As an
566        implementation note, one can trim whitespace in the JSON objects to
567        save a few bytes. UACs MUST be prepared to receive pretty-printed,
568        compact, or bizarrely formatted JSON. For the purposes of this
569        example, we leave the objects with pretty whitespace. Speaking of
570        pretty vs. machine formatting, these examples have line breaks in the
571        base64url encodings for ease of publication in the RFC format. The
572        specification of base64url allows for these line breaks and the
573        decoded text works just fine. However, those extra line break octets
574        would affect the calculation of the signature. Implementations MUST
575        NOT insert line breaks into the base64url encodings of the JOSE header
576        or JWT. This also means UACs MUST be prepared to receive arbitrarily
577        long octet streams from the URI referenced by the Call-Info SIP
578        header.</t>
579        <artwork name="" type="" align="left" alt=""><![CDATA[base64url of JOSE header:
583base64url of JWT:
590        <t>In this case, the object to sign (remembering this is just a
591        single, long line; the line breaks are for ease of review but do not
592        appear in the actual object) is as follows:</t>
593        <artwork name="" type="" align="left" alt=""><![CDATA[eyJhbGciOiJFUzI1NiIsInR5cCI6InZjYXJk
601        <t>We use the following X.509 PKCS #8-encoded ECDSA key, also
602        shamelessly taken from <xref target="SHAKEN" format="default"/>), as an example key for
603        signing the hash of the above text. Do NOT use this key in real life!
604        It is for example purposes only. At the very least, we would strongly
605        recommend encrypting the key at rest.</t>
606        <artwork name="" type="" align="left" alt=""><![CDATA[-----BEGIN PRIVATE KEY-----
610-----END PRIVATE KEY-----
612-----BEGIN PUBLIC KEY-----
615-----END PUBLIC KEY-----
618        <t>The resulting JWS, using the above key on the above object, renders
619        the following ECDSA P-256 SHA-256 digital signature.</t>
620        <artwork name="" type="" align="left" alt=""><![CDATA[7uz2SADRvPFOQOO_UgF2ZTUjPlDTegtPrYB04UHBMwBD6g9AmL
624        <t>Thus, the JWS stored at https://blocker.example.net/complaints-jws,
625        would contain:</t>
626        <artwork name="" type="" align="left" alt=""><![CDATA[
636      </section>
637      <section numbered="true" toc="default">
638        <name>Web Site jCard</name>
639        <t>For an intermediary that provides a Web site for adjudication, the
640        jCard could contain the following. Note we do not show the calculation
641        of the JWS; the URI reference in the Call-Info header field would be
642        to the JWS of the signed jCard.</t>
643        <artwork name="" type="" align="left" alt=""><![CDATA[["vcard",
644  [
645    ["version", {}, "text", "4.0"],
646    ["fn", {}, "text", "Robocall Adjudication"],
647    ["url", {"type":"work"}, 
648            "text", "https://blocker.example.net/adjudication-form"]
649  ]
650]     ]]></artwork>
651      </section>
652      <section numbered="true" toc="default">
653        <name>Multi-modal jCard</name>
654        <t>For an intermediary that provides a telephone number and a postal
655        address, the jCard could contain the following. Note we do not show
656        the calculation of the JWS; the URI reference in the Call-Info header
657        field would be to the JWS of the signed jCard.</t>
658        <artwork name="" type="" align="left" alt=""><![CDATA[["vcard",
659  [
660    ["version", {}, "text", "4.0"],
661    ["fn", {}, "text", "Robocall Adjudication"],
662    ["adr", {"type":"work"}, "text",
663      ["Argument Clinic", 
664       "12 Main St","Anytown","AP","000000","Somecountry"]
665    ]
666    ["tel", {"type":"work"}, "uri", "tel:+1-555-555-0112"]
667  ]
668]     ]]></artwork>
669        <t>Note that it is up to the UAC to decide which jCard contact
670        modality, if any, it will use.</t>
671      </section>
672      <section numbered="true" toc="default">
673        <name>Legacy Interoperability</name>
674        <t><xref target="legacy_ladder" format="default"/> depicts a call flow illustrating
675        legacy interoperability. In this non-normative example, we see a UAC
676        that does not support the full semantics for 608. However, there is an
677        SBC that does support 608. Per <xref target="RFC6809" format="default"/>, the SBC can
678        insert "*;+sip.608" into the Feature-Caps header field for the INVITE.
679        When the intermediary, labeled "Called Party Proxy" in the figure,
680        rejects the call, it knows it can simply perform the processing
681        described in this document. Since the intermediary saw the sip.608
682        feature capability, it knows it does not need to send any media
683        describing whom to contact in the event of an erroneous rejection. For
684        illustrative purposes, the figure shows generic SIP Proxies in the
685        flow. Their presence or absence or the number of proxies is not
686        relevant to the operation of the protocol. They are in the figure to
687        show that proxies that do not understand the sip.608 feature
688        capability can still participate in a network offering 608
689        services.</t>
690        <figure anchor="legacy_ladder">
691          <name>Legacy Operation</name>
692          <artwork name="" type="" align="left" alt=""><![CDATA[
693                                                  +---------+
694                                                  |  Call   |
695                                                  |Analytics|
696                                                  | Engine  |
697                                                  +--+--+---+
698                                                     ^  |
699                                                     |  |
700                                                     |  v
701                                                   +-+--+-+
702+---+    +-----+    +---+    +-----+    +-----+    |Called|
703|UAC+----+Proxy+----+SBC+----+Proxy+----+Proxy+----+Party |
704+---+    +-----+    +---+    +-----+    +-----+    |Proxy |
705  |                   |                            +------+
706  | INVITE            |                               |
707  |------------------>|                               |
708  |                   | INVITE                        |
709  |                   |------------------------------>|
710  |                   | Feature-Caps: *;+sip.608      |
711  |                   |                               |
712  |                   |                  608 Rejected |
713  |                   |<------------------------------|
714  |               183 |              Call-Info: <...> |
715  |<------------------|    [path for Call-Info elided |
716  |     SDP for media |     for illustration purposes]|
717  |                   |                               |
718  | PRACK             |                               |
719  |------------------>|                               |
720  |                   |                               |
721  |      200 OK PRACK |                               |
722  |<------------------|                               |
723  |                   |                               |
724  |<== Announcement ==|                               |
725  |                   |                               |
726  |      608 Rejected |                               |
727  |<------------------|                               |
728  |  Call-Info: <...> |                               |
729  |                   |                               |
732        </figure>
733        <t>When the SBC receives the 608 response code, it correlates that
734        with the original INVITE from the UAC. The SBC remembers that it
735        inserted the sip.608 feature capability, which means it is responsible
736        for somehow alerting the UAC the call failed and whom to contact. At
737        this point the SBC can play a prompt, either natively or through a
738        mechanism such as <xref target="RFC4240" format="default">NETANN</xref>, that sends the
739        relevant information in the appropriate media to the UAC. Since this
740        is a potentially long transaction and there is a chance the UAC is
741        using an unreliable transport protocol, the UAC will have indicated
742        support for provisional responses, the SBC will indicate it requires a
743        PRACK from the UAC in the 183 response, the UAC will provide the
744        PRACK, and the SBC will acknowledge receipt of the PRACK before
745        playing the announcement.</t>
746        <t>As an example, the SBC could extract the FN and TEL jCard fields
747        and play something like a special information tone (see Telcordia
748        <xref target="SR-2275" format="default">SR-2275</xref> section or <xref target="ITU.E.180.1998" format="default">ITU-T E.180</xref> section 7), followed by
749        "Your call has been rejected by ...", followed by a text-to-speech
750        translation of the FN text, followed by "You can reach them on",
751        followed by a text-to-speech translation of the telephone number in
752        the TEL field.</t>
753        <t>Note the SBC also still sends the full 608 response code, including
754        the Call-Info header, towards the UAC.</t>
755      </section>
756    </section>
757    <section numbered="true" toc="default">
758      <name>IANA Considerations</name>
759      <section numbered="true" toc="default">
760        <name>SIP Response Code</name>
761        <t>This document defines a new SIP response code, 608 in the "Response
762        Codes" subregistry of the "Session Initiation Protocol (SIP)
763        Parameters" registry defined in <xref target="RFC3261" format="default"/>.</t>
764        <dl newline="false" spacing="normal">
765          <dt>Response code:</dt>
766          <dd>608</dd>
767          <dt>Description:</dt>
768          <dd>Rejected</dd>
769          <dt>Reference:</dt>
770          <dd>[RFCXXXX]</dd>
771        </dl>
772      </section>
773      <section numbered="true" toc="default">
774        <name>SIP Feature-Capability Indicator</name>
775        <t>This document defines the feature capability sip.608 in the "SIP
776        Feature-Capability Indicator Registration Tree" registry defined in
777        <xref target="RFC6809" format="default"/>.</t>
778        <dl newline="false" spacing="normal">
779          <dt>Name:</dt>
780          <dd>sip.608</dd>
781          <dt>Description:</dt>
782          <dd>This feature capability indicator, when
783            included in a Feature-Caps header field of an INVITE request,
784            indicates that the entity associated with the indicator will be
785            responsible for indicating to the caller any information contained
786            in the 608 SIP response code, specifically the value referenced by
787            the Call-Info header.</dd>
788          <dt>Reference:</dt>
789          <dd>[RFCXXXX]</dd>
790        </dl>
791      </section>
792      <section anchor="JWT-IANA" numbered="true" toc="default">
793        <name>JSON Web Token Claim</name>
794        <t>This document defines the new JSON Web Token claim in the "JSON Web
795        Token Claims" sub-registry created by <xref target="RFC7519" format="default"/>. <xref target="JWT" format="default"/> defines the syntax. The required information is:</t>
796        <dl newline="false" spacing="normal">
797          <dt>Claim Name:</dt>
798          <dd>jcard</dd>
799          <dt>Claim Description:</dt>
800          <dd>jCard data</dd>
801          <dt>Change Controller:</dt>
802          <dd>IESG</dd>
803          <dt>Reference:</dt>
804          <dd>[RFCXXXX], <xref target="RFC7095" format="default"/></dd>
805        </dl>
806      </section>
807      <section numbered="true" toc="default">
808        <name>Call-Info Purpose</name>
809        <t>This document defines the new predefined value "jwscard" for the
810        "purpose" header field parameter of the Call-Info header field. This
811        modifies the "Header Field Parameters and Parameter Values"
812        subregistry of the "Session Initiation Protocol (SIP) Parameters"
813        registry by adding this RFC as a reference to the line for the header
814        field "Call-Info" and parameter name "purpose":</t>
815        <dl newline="false" spacing="normal">
816          <dt>Header Field:</dt>
817          <dd>Call-Info</dd>
818          <dt>Parameter Name:</dt>
819          <dd>purpose</dd>
820          <dt>Predefined Values:</dt>
821          <dd>Yes</dd>
822          <dt>Reference:</dt>
823          <dd>[RFCXXXX]</dd>
824        </dl>
825      </section>
826    </section>
827    <section anchor="Security" numbered="true" toc="default">
828      <name>Security Considerations</name>
829      <t>Intermediary operators need to be mindful to whom they are sending
830      the 608 response. The intermediary could be rejecting a truly malicious
831      caller. This raises two issues. The first is the caller, now alerted an
832      intermediary is automatically rejecting their call attempts, may change
833      their call behavior to defeat call blocking systems. The second, and
834      more significant risk, is that by providing a contact in the Call-Info
835      header field, the intermediary may be giving the malicious caller a
836      vector for attack. In other words, the intermediary will be publishing
837      an address that a malicious actor may use to launch an attack on the
838      intermediary. Because of this, intermediary operators may wish to
839      configure their response to only include a Call-Info header field for
840      INVITE or other signed initiating methods and that pass validation by
841      <xref target="RFC8224" format="default">STIR</xref>.</t>
842      <t>Another risk is as follows. Consider an attacker that floods a proxy
843      that supports the sip.608 feature. However, the SDP in the INVITE
844      request refers to a victim device. Moreover, the attacker somehow knows
845      there is a 608-aware gateway connecting to the victim who is on a
846      segment that lacks the sip.608 feature capability. Because the mechanism
847      described here can result in sending an audio file to the target of the
848      SDP, an attacker could use the mechanism described by this document as
849      an amplification attack, given a SIP INVITE can be under 1 kilobyte and
850      an audio file can be hundreds of kilobytes. One remediation for this is
851      for devices that insert a sip.608 feature capability to only transmit
852      media to what is highly likely to be the actual source of the call
853      attempt. A method for this is to only play media in response to a
854      STIR-signed INVITE that passes validation. Beyond requiring a valid STIR
855      signature on the INVITE, the intermediary can also use remediation
856      procedures such as doing the connectivity checks specified by <xref target="RFC8445" format="default">Interactive Connectivity Establishment</xref>. If the
857      target did not request the media, the check will fail.</t>
858      <t>Yet another risk is a malicious intermediary that generates a
859      malicious 608 response with a jCard referring to a malicious agent. For
860      example, the recipient of a 608 may receive a TEL URI in the vCard. When
861      the recipient calls that address, the malicious agent could ask for
862      personally identifying information. However, instead of using that
863      information to verify the recipient's identity, they are phishing the
864      information for nefarious ends. A similar scenario can unfold if the
865      malicious agent inserts a URI that points to a phishing or other site.
866      As such, we strongly recommend the recipient validates to whom they are
867      communicating with if asking to adjudicate an erroneously rejected call
868      attempt. Since we may also be concerned about intermediate nodes
869      modifying contact information, we can address both issues with a single
870      solution. The remediation is to require the intermediary to sign the
871      jCard. Signing the jCard provides integrity protection. In addition, one
872      can imagine mechanisms such as used by <xref target="SHAKEN" format="default">SHAKEN</xref>.</t>
873      <t>Similarly, one can imagine an adverse agent that maliciously spoofs a
874      608 response with a victim's contact address to many active callers, who
875      may then all send redress requests to the specified address (the basis
876      for a denial-of-service attack). The process would occur as follows: (1)
877      a malicious agent senses INVITE requests from a variety of UACs and (2)
878      spoofs 608 responses with an unsigned redress address before the
879      intended receivers can respond, causing (3) the UACs to all contact the
880      redress address at once. The jCard encoding allows the UAC to verify the
881      blocking intermediary's identity before contacting the redress address.
882      Specifically, because the sender signs the jCard, we can
883      cryptographically trace the sender of the jCard. Given the protocol
884      machinery of having a signature, one can apply local policy to decide
885      whether to believe the sender of the jCard represents the owner of the
886      contact information found in the jCard. This guards against a malicious
887      agent spoofing 608 responses.</t>
888      <t>Specifically, one could use policies around signing certificate
889      issuance as a mechanism for traceback to the entity issuing the jCard.
890      One check could be verifying the identity of the subject of the
891      certificate relates to the To header field of the initial SIP request,
892      similar to validating the intermediary was vouching for the From header
893      field of a SIP request with that identity. Note that we are only
894      protecting against a malicious intermediary and not a hidden
895      intermediary attack (formerly known as a "man in the middle attack").
896      Thus, we only need to ensure the signature is fresh, which is why we
897      include "iat". For most implementations, we assume that the intermediary
898      has a single set of contact points and will generate the jCard on
899      demand. As such, there is no need to directly correlate HTTPS fetches to
900      specific calls. However, since the intermediary is in control of the
901      jCard and Call-Info response, an intermediary may choose to encode
902      per-call information in the URI returned in a given 608 response.
903      However, if the intermediary does go that route, the intermediary MUST
904      use a non-deterministic URI reference mechanism and be prepared to
905      return dummy responses to URI requests referencing calls that do not
906      exist so that attackers attempting to glean call metadata by guessing
907      URI's (and thus calls) will not get any actionable information from the
908      HTTPS GET.</t>
909      <t>Since the decision of whether to include Call-Info in the 608
910      response is a matter of policy, one thing to consider is whether a
911      legitimate caller can ascertain whom to contact without including such
912      information in the 608. For example, in some jurisdictions, if only the
913      terminating service provider can be the intermediary, the caller can
914      look up who the terminating service provider is based on the routing
915      information for the dialed number. Thus, the Call-Info jCard could be
916      redundant information. However, the factors going into a particular
917      service provider's or jurisdiction's choice of whether to include
918      Call-Info is outside the scope of this document.</t>
919    </section>
920    <section anchor="Acknowledgements" numbered="true" toc="default">
921      <name>Acknowledgements</name>
922      <t>This document liberally lifts from <xref target="RFC8197" format="default"/> in its
923      text and structure. However, the mechanism and purpose of 608 is quite
924      different than 607. Any errors are the current editor's and not the
925      editor of RFC8197. Thanks also go to Ken Carlberg of the FCC, Russ
926      Housley, Paul Kyzivat, and Tolga Asveren for their suggestions on
927      improving the draft. Tolga's suggestion to provide a mechanism for
928      legacy interoperability served to expand the draft by 50%. In addition,
929      Tolga came up with the jCard attack. Finally, Christer Holmberg as
930      always provided a close reading and fixed a SIP feature capability bug
931      found by Yehoshua Gev.</t>
932      <t>Of course, we appreciated the close read and five pages of comments
933      from our estimable Area Director, Adam Roach. In addition, we received
934      valuable comments during IETF Last Call and JWT review from Ines Robles,
935      Mike Jones, and Brian Campbell and IESG review from Alissa Cooper,
936      Eric Vyncke, Alexey Melnikov, Benjamin Kaduk, Barry Leiba, and
937      with most glee, Warren Kumari.</t>
938      <t>Finally, Bhavik Nagda provided clarifying edits as well and more
939      especially wrote and tested an implementation of the 608 response code
940      in Kamailio. Code is available at <eref target="https://github.com/nagdab/608_Implementation"/>. Grace Chuan
941      from MIT regenerated and verified the JWT while working at the FCC.</t>
942    </section>
943  </middle>
944  <!--  *****BACK MATTER ***** -->
945  <back>
946    <references>
947      <name>References</name>
948      <references>
949        <name>Normative References</name>
950        <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
951          <front>
952            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
953            <seriesInfo name="DOI" value="10.17487/RFC2119"/>
954            <seriesInfo name="RFC" value="2119"/>
955            <seriesInfo name="BCP" value="14"/>
956            <author initials="S." surname="Bradner" fullname="S. Bradner">
957              <organization/>
958            </author>
959            <date year="1997" month="March"/>
960            <abstract>
961              <t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
962            </abstract>
963          </front>
964        </reference>
965        <reference anchor="RFC3261" target="https://www.rfc-editor.org/info/rfc3261" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3261.xml">
966          <front>
967            <title>SIP: Session Initiation Protocol</title>
968            <seriesInfo name="DOI" value="10.17487/RFC3261"/>
969            <seriesInfo name="RFC" value="3261"/>
970            <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
971              <organization/>
972            </author>
973            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
974              <organization/>
975            </author>
976            <author initials="G." surname="Camarillo" fullname="G. Camarillo">
977              <organization/>
978            </author>
979            <author initials="A." surname="Johnston" fullname="A. Johnston">
980              <organization/>
981            </author>
982            <author initials="J." surname="Peterson" fullname="J. Peterson">
983              <organization/>
984            </author>
985            <author initials="R." surname="Sparks" fullname="R. Sparks">
986              <organization/>
987            </author>
988            <author initials="M." surname="Handley" fullname="M. Handley">
989              <organization/>
990            </author>
991            <author initials="E." surname="Schooler" fullname="E. Schooler">
992              <organization/>
993            </author>
994            <date year="2002" month="June"/>
995            <abstract>
996              <t>This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants.  These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences.  [STANDARDS-TRACK]</t>
997            </abstract>
998          </front>
999        </reference>
1000        <reference anchor="RFC3262" target="https://www.rfc-editor.org/info/rfc3262" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3262.xml">
1001          <front>
1002            <title>Reliability of Provisional Responses in Session Initiation Protocol (SIP)</title>
1003            <seriesInfo name="DOI" value="10.17487/RFC3262"/>
1004            <seriesInfo name="RFC" value="3262"/>
1005            <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
1006              <organization/>
1007            </author>
1008            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
1009              <organization/>
1010            </author>
1011            <date year="2002" month="June"/>
1012            <abstract>
1013              <t>This document specifies an extension to the Session Initiation Protocol (SIP) providing reliable provisional response messages.  This extension uses the option tag 100rel and defines the Provisional Response ACKnowledgement (PRACK) method.  [STANDARDS-TRACK]</t>
1014            </abstract>
1015          </front>
1016        </reference>
1017        <reference anchor="RFC3326" target="https://www.rfc-editor.org/info/rfc3326" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3326.xml">
1018          <front>
1019            <title>The Reason Header Field for the Session Initiation Protocol (SIP)</title>
1020            <seriesInfo name="DOI" value="10.17487/RFC3326"/>
1021            <seriesInfo name="RFC" value="3326"/>
1022            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
1023              <organization/>
1024            </author>
1025            <author initials="D." surname="Oran" fullname="D. Oran">
1026              <organization/>
1027            </author>
1028            <author initials="G." surname="Camarillo" fullname="G. Camarillo">
1029              <organization/>
1030            </author>
1031            <date year="2002" month="December"/>
1032            <abstract>
1033              <t>The REGISTER function is used in a Session Initiation Protocol (SIP) system primarily to associate a temporary contact address with an address-of-record.  This contact is generally in the form of a Uniform Resource Identifier (URI), such as Contact: &lt;sip:alice@pc33.atlanta.com&gt; and is generally dynamic and associated with the IP address or hostname of the SIP User Agent (UA).  The problem is that network topology may have one or more SIP proxies between the UA and the registrar, such that any request traveling from the user's home network to the registered UA must traverse these proxies.  The REGISTER method does not give us a mechanism to discover and record this sequence of proxies in the registrar for future use.  This document defines an extension header field, "Path" which provides such a mechanism.  [STANDARDS-TRACK]</t>
1034            </abstract>
1035          </front>
1036        </reference>
1037        <reference anchor="RFC6809" target="https://www.rfc-editor.org/info/rfc6809" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6809.xml">
1038          <front>
1039            <title>Mechanism to Indicate Support of Features and Capabilities in the Session Initiation Protocol (SIP)</title>
1040            <seriesInfo name="DOI" value="10.17487/RFC6809"/>
1041            <seriesInfo name="RFC" value="6809"/>
1042            <author initials="C." surname="Holmberg" fullname="C. Holmberg">
1043              <organization/>
1044            </author>
1045            <author initials="I." surname="Sedlacek" fullname="I. Sedlacek">
1046              <organization/>
1047            </author>
1048            <author initials="H." surname="Kaplan" fullname="H. Kaplan">
1049              <organization/>
1050            </author>
1051            <date year="2012" month="November"/>
1052            <abstract>
1053              <t>This specification defines a new SIP header field, Feature-Caps.  The Feature-Caps header field conveys feature-capability indicators that are used to indicate support of features and capabilities for SIP entities that are not represented by the Uniform Resource Identifier (URI) of the Contact header field.</t>
1054              <t>SIP entities that are represented by the URI of the SIP Contact header field can convey media feature tags in the Contact header field to indicate support of features and capabilities.</t>
1055              <t>This specification also defines feature-capability indicators and creates a new IANA registry, "Proxy-Feature Feature-Capability Indicator Trees", for registering feature-capability indicators. [STANDARDS-TRACK]</t>
1056            </abstract>
1057          </front>
1058        </reference>
1059        <reference anchor="RFC7095" target="https://www.rfc-editor.org/info/rfc7095" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7095.xml">
1060          <front>
1061            <title>jCard: The JSON Format for vCard</title>
1062            <seriesInfo name="DOI" value="10.17487/RFC7095"/>
1063            <seriesInfo name="RFC" value="7095"/>
1064            <author initials="P." surname="Kewisch" fullname="P. Kewisch">
1065              <organization/>
1066            </author>
1067            <date year="2014" month="January"/>
1068            <abstract>
1069              <t>This specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example, telephone numbers, email addresses, structured names, and delivery addresses.  JSON is a lightweight, text-based, language- independent data interchange format commonly used in Internet applications.</t>
1070            </abstract>
1071          </front>
1072        </reference>
1073        <reference anchor="RFC7515" target="https://www.rfc-editor.org/info/rfc7515" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7515.xml">
1074          <front>
1075            <title>JSON Web Signature (JWS)</title>
1076            <seriesInfo name="DOI" value="10.17487/RFC7515"/>
1077            <seriesInfo name="RFC" value="7515"/>
1078            <author initials="M." surname="Jones" fullname="M. Jones">
1079              <organization/>
1080            </author>
1081            <author initials="J." surname="Bradley" fullname="J. Bradley">
1082              <organization/>
1083            </author>
1084            <author initials="N." surname="Sakimura" fullname="N. Sakimura">
1085              <organization/>
1086            </author>
1087            <date year="2015" month="May"/>
1088            <abstract>
1089              <t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures.  Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification.  Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t>
1090            </abstract>
1091          </front>
1092        </reference>
1093        <reference anchor="RFC7518" target="https://www.rfc-editor.org/info/rfc7518" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7518.xml">
1094          <front>
1095            <title>JSON Web Algorithms (JWA)</title>
1096            <seriesInfo name="DOI" value="10.17487/RFC7518"/>
1097            <seriesInfo name="RFC" value="7518"/>
1098            <author initials="M." surname="Jones" fullname="M. Jones">
1099              <organization/>
1100            </author>
1101            <date year="2015" month="May"/>
1102            <abstract>
1103              <t>This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications.  It defines several IANA registries for these identifiers.</t>
1104            </abstract>
1105          </front>
1106        </reference>
1107        <reference anchor="RFC7519" target="https://www.rfc-editor.org/info/rfc7519" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
1108          <front>
1109            <title>JSON Web Token (JWT)</title>
1110            <seriesInfo name="DOI" value="10.17487/RFC7519"/>
1111            <seriesInfo name="RFC" value="7519"/>
1112            <author initials="M." surname="Jones" fullname="M. Jones">
1113              <organization/>
1114            </author>
1115            <author initials="J." surname="Bradley" fullname="J. Bradley">
1116              <organization/>
1117            </author>
1118            <author initials="N." surname="Sakimura" fullname="N. Sakimura">
1119              <organization/>
1120            </author>
1121            <date year="2015" month="May"/>
1122            <abstract>
1123              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.  The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
1124            </abstract>
1125          </front>
1126        </reference>
1127        <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
1128          <front>
1129            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
1130            <seriesInfo name="DOI" value="10.17487/RFC8174"/>
1131            <seriesInfo name="RFC" value="8174"/>
1132            <seriesInfo name="BCP" value="14"/>
1133            <author initials="B." surname="Leiba" fullname="B. Leiba">
1134              <organization/>
1135            </author>
1136            <date year="2017" month="May"/>
1137            <abstract>
1138              <t>RFC 2119 specifies common key words that may be used in protocol  specifications.  This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the  defined special meanings.</t>
1139            </abstract>
1140          </front>
1141        </reference>
1142      </references>
1143      <references>
1144        <name>Informative References</name>
1145        <reference anchor="RFC4103" target="https://www.rfc-editor.org/info/rfc4103" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4103.xml">
1146          <front>
1147            <title>RTP Payload for Text Conversation</title>
1148            <seriesInfo name="DOI" value="10.17487/RFC4103"/>
1149            <seriesInfo name="RFC" value="4103"/>
1150            <author initials="G." surname="Hellstrom" fullname="G. Hellstrom">
1151              <organization/>
1152            </author>
1153            <author initials="P." surname="Jones" fullname="P. Jones">
1154              <organization/>
1155            </author>
1156            <date year="2005" month="June"/>
1157            <abstract>
1158              <t>This memo obsoletes RFC 2793; it describes how to carry real-time text conversation session contents in RTP packets.  Text conversation session contents are specified in ITU-T Recommendation T.140.</t>
1159              <t>One payload format is described for transmitting text on a separate RTP session dedicated for the transmission of text.</t>
1160              <t>This RTP payload description recommends a method to include redundant text from already transmitted packets in order to reduce the risk of text loss caused by packet loss.  [STANDARDS-TRACK]</t>
1161            </abstract>
1162          </front>
1163        </reference>
1164        <reference anchor="RFC4240" target="https://www.rfc-editor.org/info/rfc4240" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4240.xml">
1165          <front>
1166            <title>Basic Network Media Services with SIP</title>
1167            <seriesInfo name="DOI" value="10.17487/RFC4240"/>
1168            <seriesInfo name="RFC" value="4240"/>
1169            <author initials="E." surname="Burger" fullname="E. Burger" role="editor">
1170              <organization/>
1171            </author>
1172            <author initials="J." surname="Van Dyke" fullname="J. Van Dyke">
1173              <organization/>
1174            </author>
1175            <author initials="A." surname="Spitzer" fullname="A. Spitzer">
1176              <organization/>
1177            </author>
1178            <date year="2005" month="December"/>
1179            <abstract>
1180              <t>In SIP-based networks, there is a need to provide basic network media services.  Such services include network announcements, user interaction, and conferencing services.  These services are basic building blocks, from which one can construct interesting applications.  In order to have interoperability between servers offering these building blocks (also known as Media Servers) and application developers, one needs to be able to locate and invoke such services in a well defined manner.</t>
1181              <t>This document describes a mechanism for providing an interoperable interface between Application Servers, which provide application services to SIP-based networks, and Media Servers, which provide the basic media processing building blocks.  This memo provides information for the Internet community.</t>
1182            </abstract>
1183          </front>
1184        </reference>
1185        <reference anchor="RFC4566" target="https://www.rfc-editor.org/info/rfc4566" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4566.xml">
1186          <front>
1187            <title>SDP: Session Description Protocol</title>
1188            <seriesInfo name="DOI" value="10.17487/RFC4566"/>
1189            <seriesInfo name="RFC" value="4566"/>
1190            <author initials="M." surname="Handley" fullname="M. Handley">
1191              <organization/>
1192            </author>
1193            <author initials="V." surname="Jacobson" fullname="V. Jacobson">
1194              <organization/>
1195            </author>
1196            <author initials="C." surname="Perkins" fullname="C. Perkins">
1197              <organization/>
1198            </author>
1199            <date year="2006" month="July"/>
1200            <abstract>
1201              <t>This memo defines the Session Description Protocol (SDP).  SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation.  [STANDARDS-TRACK]</t>
1202            </abstract>
1203          </front>
1204        </reference>
1205        <reference anchor="RFC5039" target="https://www.rfc-editor.org/info/rfc5039" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5039.xml">
1206          <front>
1207            <title>The Session Initiation Protocol (SIP) and Spam</title>
1208            <seriesInfo name="DOI" value="10.17487/RFC5039"/>
1209            <seriesInfo name="RFC" value="5039"/>
1210            <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
1211              <organization/>
1212            </author>
1213            <author initials="C." surname="Jennings" fullname="C. Jennings">
1214              <organization/>
1215            </author>
1216            <date year="2008" month="January"/>
1217            <abstract>
1218              <t>Spam, defined as the transmission of bulk unsolicited messages, has plagued Internet email.  Unfortunately, spam is not limited to email. It can affect any system that enables user-to-user communications. The Session Initiation Protocol (SIP) defines a system for user-to- user multimedia communications.  Therefore, it is susceptible to spam, just as email is.  In this document, we analyze the problem of spam in SIP.  We first identify the ways in which the problem is the same and the ways in which it is different from email.  We then examine the various possible solutions that have been discussed for email and consider their applicability to SIP.  This memo provides information for the Internet community.</t>
1219            </abstract>
1220          </front>
1221        </reference>
1222        <reference anchor="RFC6350" target="https://www.rfc-editor.org/info/rfc6350" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6350.xml">
1223          <front>
1224            <title>vCard Format Specification</title>
1225            <seriesInfo name="DOI" value="10.17487/RFC6350"/>
1226            <seriesInfo name="RFC" value="6350"/>
1227            <author initials="S." surname="Perreault" fullname="S. Perreault">
1228              <organization/>
1229            </author>
1230            <date year="2011" month="August"/>
1231            <abstract>
1232              <t>This document defines the vCard data format for representing and exchanging a variety of information about individuals and other entities (e.g., formatted and structured name and delivery addresses, email address, multiple telephone numbers, photograph, logo, audio clips, etc.).  This document obsoletes RFCs 2425, 2426, and 4770, and updates RFC 2739.  [STANDARDS-TRACK]</t>
1233            </abstract>
1234          </front>
1235        </reference>
1236        <reference anchor="RFC7092" target="https://www.rfc-editor.org/info/rfc7092" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7092.xml">
1237          <front>
1238            <title>A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents</title>
1239            <seriesInfo name="DOI" value="10.17487/RFC7092"/>
1240            <seriesInfo name="RFC" value="7092"/>
1241            <author initials="H." surname="Kaplan" fullname="H. Kaplan">
1242              <organization/>
1243            </author>
1244            <author initials="V." surname="Pascual" fullname="V. Pascual">
1245              <organization/>
1246            </author>
1247            <date year="2013" month="December"/>
1248            <abstract>
1249              <t>In many SIP deployments, SIP entities exist in the SIP signaling path between the originating and final terminating endpoints, which go beyond the definition of a SIP proxy, performing functions not defined in Standards Track RFCs.  The only term for such devices provided in RFC 3261 is for a Back-to-Back User Agent (B2BUA), which is defined as the logical concatenation of a SIP User Agent Server (UAS) and User Agent Client (UAC).</t>
1250              <t>There are numerous types of SIP B2BUAs performing different roles in different ways; for example, IP Private Branch Exchanges (IPBXs), Session Border Controllers (SBCs), and Application Servers (ASs). This document identifies several common B2BUA roles in order to provide taxonomy other documents can use and reference.</t>
1251            </abstract>
1252          </front>
1253        </reference>
1254        <reference anchor="RFC7340" target="https://www.rfc-editor.org/info/rfc7340" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7340.xml">
1255          <front>
1256            <title>Secure Telephone Identity Problem Statement and Requirements</title>
1257            <seriesInfo name="DOI" value="10.17487/RFC7340"/>
1258            <seriesInfo name="RFC" value="7340"/>
1259            <author initials="J." surname="Peterson" fullname="J. Peterson">
1260              <organization/>
1261            </author>
1262            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
1263              <organization/>
1264            </author>
1265            <author initials="H." surname="Tschofenig" fullname="H. Tschofenig">
1266              <organization/>
1267            </author>
1268            <date year="2014" month="September"/>
1269            <abstract>
1270              <t>Over the past decade, Voice over IP (VoIP) systems based on SIP have replaced many traditional telephony deployments.  Interworking VoIP systems with the traditional telephone network has reduced the overall level of calling party number and Caller ID assurances by granting attackers new and inexpensive tools to impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks.  Despite previous attempts to provide a secure assurance of the origin of SIP communications, we still lack effective standards for identifying the calling party in a VoIP session.  This document examines the reasons why providing identity for telephone numbers on the Internet has proven so difficult and shows how changes in the last decade may provide us with new strategies for attaching a secure identity to SIP sessions.  It also gives high-level requirements for a solution in this space.</t>
1271            </abstract>
1272          </front>
1273        </reference>
1274        <reference anchor="RFC8197" target="https://www.rfc-editor.org/info/rfc8197" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8197.xml">
1275          <front>
1276            <title>A SIP Response Code for Unwanted Calls</title>
1277            <seriesInfo name="DOI" value="10.17487/RFC8197"/>
1278            <seriesInfo name="RFC" value="8197"/>
1279            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
1280              <organization/>
1281            </author>
1282            <date year="2017" month="July"/>
1283            <abstract>
1284              <t>This document defines the 607 (Unwanted) SIP response code, allowing called parties to indicate that the call or message was unwanted. SIP entities may use this information to adjust how future calls from this calling party are handled for the called party or more broadly.</t>
1285            </abstract>
1286          </front>
1287        </reference>
1288        <reference anchor="RFC8224" target="https://www.rfc-editor.org/info/rfc8224" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8224.xml">
1289          <front>
1290            <title>Authenticated Identity Management in the Session Initiation Protocol (SIP)</title>
1291            <seriesInfo name="DOI" value="10.17487/RFC8224"/>
1292            <seriesInfo name="RFC" value="8224"/>
1293            <author initials="J." surname="Peterson" fullname="J. Peterson">
1294              <organization/>
1295            </author>
1296            <author initials="C." surname="Jennings" fullname="C. Jennings">
1297              <organization/>
1298            </author>
1299            <author initials="E." surname="Rescorla" fullname="E. Rescorla">
1300              <organization/>
1301            </author>
1302            <author initials="C." surname="Wendt" fullname="C. Wendt">
1303              <organization/>
1304            </author>
1305            <date year="2018" month="February"/>
1306            <abstract>
1307              <t>The baseline security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context.  This document defines a mechanism for securely identifying originators of SIP requests.  It does so by defining a SIP header field for conveying a signature used for validating the identity and for conveying a reference to the credentials of the signer.</t>
1308              <t>This document obsoletes RFC 4474.</t>
1309            </abstract>
1310          </front>
1311        </reference>
1312        <reference anchor="RFC8259" target="https://www.rfc-editor.org/info/rfc8259" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
1313          <front>
1314            <title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
1315            <seriesInfo name="DOI" value="10.17487/RFC8259"/>
1316            <seriesInfo name="RFC" value="8259"/>
1317            <seriesInfo name="STD" value="90"/>
1318            <author initials="T." surname="Bray" fullname="T. Bray" role="editor">
1319              <organization/>
1320            </author>
1321            <date year="2017" month="December"/>
1322            <abstract>
1323              <t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format.  It was derived from the ECMAScript Programming Language Standard.  JSON defines a small set of formatting rules for the portable representation of structured data.</t>
1324              <t>This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.</t>
1325            </abstract>
1326          </front>
1327        </reference>
1328        <reference anchor="RFC8445" target="https://www.rfc-editor.org/info/rfc8445" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8445.xml">
1329          <front>
1330            <title>Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal</title>
1331            <seriesInfo name="DOI" value="10.17487/RFC8445"/>
1332            <seriesInfo name="RFC" value="8445"/>
1333            <author initials="A." surname="Keranen" fullname="A. Keranen">
1334              <organization/>
1335            </author>
1336            <author initials="C." surname="Holmberg" fullname="C. Holmberg">
1337              <organization/>
1338            </author>
1339            <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
1340              <organization/>
1341            </author>
1342            <date year="2018" month="July"/>
1343            <abstract>
1344              <t>This document describes a protocol for Network Address Translator (NAT) traversal for UDP-based communication.  This protocol is called Interactive Connectivity Establishment (ICE).  ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN).</t>
1345              <t>This document obsoletes RFC 5245.</t>
1346            </abstract>
1347          </front>
1348        </reference>
1349        <reference anchor="SHAKEN" target="https://www.sipforum.org/download/sip-forum-twg-10-signature-based-handling-of-asserted-information-using-tokens-shaken-pdf/?wpdmdl=2813">
1350          <front>
1351            <title>Signature-based Handling of Asserted information using toKENs
1352          (SHAKEN)</title>
1353            <seriesInfo name="ATIS" value="1000074"/>
1354            <author>
1355              <organization>Alliance for Telecommunications Industry Solutions
1356            (ATIS) and the SIP Forum</organization>
1357            </author>
1358            <date day="5" month="1" year="2017"/>
1359          </front>
1360        </reference>
1361        <reference anchor="BaseRate" target=" https://apps.dtic.mil/docs/citations/ADA045772">
1362          <front>
1363            <title>The Base-Rate Fallacy in Probability Judgements</title>
1364            <author fullname="Maya Bar-Hillel" initials="M." surname="Bar-Hillel">
1365              <organization>Hebrew University</organization>
1366            </author>
1367            <date month="4" year="1977"/>
1368          </front>
1369        </reference>
1370        <reference anchor="ITU.E.180.1998">
1371          <front>
1372            <title>Technical characteristics of tones for the telephone
1373          service</title>
1374            <seriesInfo name="ITU" value="Recommendation E.180/Q.35"/>
1375            <author>
1376              <organization>International Telecommunications
1377            Union</organization>
1378            </author>
1379            <date month="March" year="1998"/>
1380          </front>
1381        </reference>
1382        <reference anchor="SR-2275">
1383          <front>
1384            <title>Bellcore Notes on the Networks</title>
1385            <seriesInfo name="Telcordia" value="SR-2275"/>
1386            <author>
1387              <organization>Telcordia</organization>
1388            </author>
1389            <date month="October" year="2000"/>
1390          </front>
1391        </reference>
1392      </references>
1393    </references>
1394  </back>
1<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
3<title>Key words for use in RFCs to Indicate Requirement Levels</title>
4<author initials="S." surname="Bradner" fullname="S. Bradner"><organization/></author>
5<date year="1997" month="March"/>
6<abstract><t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
8<seriesInfo name="BCP" value="14"/>
9<seriesInfo name="RFC" value="2119"/>
10<seriesInfo name="DOI" value="10.17487/RFC2119"/>
1<reference anchor="RFC3261" target="https://www.rfc-editor.org/info/rfc3261" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3261.xml">
3<title>SIP: Session Initiation Protocol</title>
4<author initials="J." surname="Rosenberg" fullname="J. Rosenberg"><organization/></author>
5<author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne"><organization/></author>
6<author initials="G." surname="Camarillo" fullname="G. Camarillo"><organization/></author>
7<author initials="A." surname="Johnston" fullname="A. Johnston"><organization/></author>
8<author initials="J." surname="Peterson" fullname="J. Peterson"><organization/></author>
9<author initials="R." surname="Sparks" fullname="R. Sparks"><organization/></author>
10<author initials="M." surname="Handley" fullname="M. Handley"><organization/></author>
11<author initials="E." surname="Schooler" fullname="E. Schooler"><organization/></author>
12<date year="2002" month="June"/>
13<abstract><t>This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants.  These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences.  [STANDARDS-TRACK]</t></abstract>
15<seriesInfo name="RFC" value="3261"/>
16<seriesInfo name="DOI" value="10.17487/RFC3261"/>
1<reference anchor="RFC3262" target="https://www.rfc-editor.org/info/rfc3262" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3262.xml">
3<title>Reliability of Provisional Responses in Session Initiation Protocol (SIP)</title>
4<author initials="J." surname="Rosenberg" fullname="J. Rosenberg"><organization/></author>
5<author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne"><organization/></author>
6<date year="2002" month="June"/>
7<abstract><t>This document specifies an extension to the Session Initiation Protocol (SIP) providing reliable provisional response messages.  This extension uses the option tag 100rel and defines the Provisional Response ACKnowledgement (PRACK) method.  [STANDARDS-TRACK]</t></abstract>
9<seriesInfo name="RFC" value="3262"/>
10<seriesInfo name="DOI" value="10.17487/RFC3262"/>
1<reference anchor="RFC3326" target="https://www.rfc-editor.org/info/rfc3326" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3326.xml">
3<title>The Reason Header Field for the Session Initiation Protocol (SIP)</title>
4<author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne"><organization/></author>
5<author initials="D." surname="Oran" fullname="D. Oran"><organization/></author>
6<author initials="G." surname="Camarillo" fullname="G. Camarillo"><organization/></author>
7<date year="2002" month="December"/>
8<abstract><t>The REGISTER function is used in a Session Initiation Protocol (SIP) system primarily to associate a temporary contact address with an address-of-record.  This contact is generally in the form of a Uniform Resource Identifier (URI), such as Contact: &lt;sip:alice@pc33.atlanta.com&gt; and is generally dynamic and associated with the IP address or hostname of the SIP User Agent (UA).  The problem is that network topology may have one or more SIP proxies between the UA and the registrar, such that any request traveling from the user's home network to the registered UA must traverse these proxies.  The REGISTER method does not give us a mechanism to discover and record this sequence of proxies in the registrar for future use.  This document defines an extension header field, "Path" which provides such a mechanism.  [STANDARDS-TRACK]</t></abstract>
10<seriesInfo name="RFC" value="3326"/>
11<seriesInfo name="DOI" value="10.17487/RFC3326"/>
1<reference anchor="RFC6809" target="https://www.rfc-editor.org/info/rfc6809" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6809.xml">
3<title>Mechanism to Indicate Support of Features and Capabilities in the Session Initiation Protocol (SIP)</title>
4<author initials="C." surname="Holmberg" fullname="C. Holmberg"><organization/></author>
5<author initials="I." surname="Sedlacek" fullname="I. Sedlacek"><organization/></author>
6<author initials="H." surname="Kaplan" fullname="H. Kaplan"><organization/></author>
7<date year="2012" month="November"/>
8<abstract><t>This specification defines a new SIP header field, Feature-Caps.  The Feature-Caps header field conveys feature-capability indicators that are used to indicate support of features and capabilities for SIP entities that are not represented by the Uniform Resource Identifier (URI) of the Contact header field.</t><t>SIP entities that are represented by the URI of the SIP Contact header field can convey media feature tags in the Contact header field to indicate support of features and capabilities.</t><t>This specification also defines feature-capability indicators and creates a new IANA registry, "Proxy-Feature Feature-Capability Indicator Trees", for registering feature-capability indicators. [STANDARDS-TRACK]</t></abstract>
10<seriesInfo name="RFC" value="6809"/>
11<seriesInfo name="DOI" value="10.17487/RFC6809"/>
1<reference anchor="RFC7095" target="https://www.rfc-editor.org/info/rfc7095" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7095.xml">
3<title>jCard: The JSON Format for vCard</title>
4<author initials="P." surname="Kewisch" fullname="P. Kewisch"><organization/></author>
5<date year="2014" month="January"/>
6<abstract><t>This specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example, telephone numbers, email addresses, structured names, and delivery addresses.  JSON is a lightweight, text-based, language- independent data interchange format commonly used in Internet applications.</t></abstract>
8<seriesInfo name="RFC" value="7095"/>
9<seriesInfo name="DOI" value="10.17487/RFC7095"/>
1<reference anchor="RFC7515" target="https://www.rfc-editor.org/info/rfc7515" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7515.xml">
3<title>JSON Web Signature (JWS)</title>
4<author initials="M." surname="Jones" fullname="M. Jones"><organization/></author>
5<author initials="J." surname="Bradley" fullname="J. Bradley"><organization/></author>
6<author initials="N." surname="Sakimura" fullname="N. Sakimura"><organization/></author>
7<date year="2015" month="May"/>
8<abstract><t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures.  Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification.  Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t></abstract>
10<seriesInfo name="RFC" value="7515"/>
11<seriesInfo name="DOI" value="10.17487/RFC7515"/>
1<reference anchor="RFC7518" target="https://www.rfc-editor.org/info/rfc7518" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7518.xml">
3<title>JSON Web Algorithms (JWA)</title>
4<author initials="M." surname="Jones" fullname="M. Jones"><organization/></author>
5<date year="2015" month="May"/>
6<abstract><t>This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications.  It defines several IANA registries for these identifiers.</t></abstract>
8<seriesInfo name="RFC" value="7518"/>
9<seriesInfo name="DOI" value="10.17487/RFC7518"/>
1<reference anchor="RFC7519" target="https://www.rfc-editor.org/info/rfc7519" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
3<title>JSON Web Token (JWT)</title>
4<author initials="M." surname="Jones" fullname="M. Jones"><organization/></author>
5<author initials="J." surname="Bradley" fullname="J. Bradley"><organization/></author>
6<author initials="N." surname="Sakimura" fullname="N. Sakimura"><organization/></author>
7<date year="2015" month="May"/>
8<abstract><t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.  The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t></abstract>
10<seriesInfo name="RFC" value="7519"/>
11<seriesInfo name="DOI" value="10.17487/RFC7519"/>
1<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
3<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
4<author initials="B." surname="Leiba" fullname="B. Leiba"><organization/></author>
5<date year="2017" month="May"/>
6<abstract><t>RFC 2119 specifies common key words that may be used in protocol  specifications.  This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the  defined special meanings.</t></abstract>
8<seriesInfo name="BCP" value="14"/>
9<seriesInfo name="RFC" value="8174"/>
10<seriesInfo name="DOI" value="10.17487/RFC8174"/>
1<reference anchor="RFC4103" target="https://www.rfc-editor.org/info/rfc4103" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4103.xml">
3<title>RTP Payload for Text Conversation</title>
4<author initials="G." surname="Hellstrom" fullname="G. Hellstrom"><organization/></author>
5<author initials="P." surname="Jones" fullname="P. Jones"><organization/></author>
6<date year="2005" month="June"/>
7<abstract><t>This memo obsoletes RFC 2793; it describes how to carry real-time text conversation session contents in RTP packets.  Text conversation session contents are specified in ITU-T Recommendation T.140.</t><t>One payload format is described for transmitting text on a separate RTP session dedicated for the transmission of text.</t><t>This RTP payload description recommends a method to include redundant text from already transmitted packets in order to reduce the risk of text loss caused by packet loss.  [STANDARDS-TRACK]</t></abstract>
9<seriesInfo name="RFC" value="4103"/>
10<seriesInfo name="DOI" value="10.17487/RFC4103"/>
1<reference anchor="RFC4240" target="https://www.rfc-editor.org/info/rfc4240" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4240.xml">
3<title>Basic Network Media Services with SIP</title>
4<author initials="E." surname="Burger" fullname="E. Burger" role="editor"><organization/></author>
5<author initials="J." surname="Van Dyke" fullname="J. Van Dyke"><organization/></author>
6<author initials="A." surname="Spitzer" fullname="A. Spitzer"><organization/></author>
7<date year="2005" month="December"/>
8<abstract><t>In SIP-based networks, there is a need to provide basic network media services.  Such services include network announcements, user interaction, and conferencing services.  These services are basic building blocks, from which one can construct interesting applications.  In order to have interoperability between servers offering these building blocks (also known as Media Servers) and application developers, one needs to be able to locate and invoke such services in a well defined manner.</t><t>This document describes a mechanism for providing an interoperable interface between Application Servers, which provide application services to SIP-based networks, and Media Servers, which provide the basic media processing building blocks.  This memo provides information for the Internet community.</t></abstract>
10<seriesInfo name="RFC" value="4240"/>
11<seriesInfo name="DOI" value="10.17487/RFC4240"/>
1<reference anchor="RFC4566" target="https://www.rfc-editor.org/info/rfc4566" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4566.xml">
3<title>SDP: Session Description Protocol</title>
4<author initials="M." surname="Handley" fullname="M. Handley"><organization/></author>
5<author initials="V." surname="Jacobson" fullname="V. Jacobson"><organization/></author>
6<author initials="C." surname="Perkins" fullname="C. Perkins"><organization/></author>
7<date year="2006" month="July"/>
8<abstract><t>This memo defines the Session Description Protocol (SDP).  SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation.  [STANDARDS-TRACK]</t></abstract>
10<seriesInfo name="RFC" value="4566"/>
11<seriesInfo name="DOI" value="10.17487/RFC4566"/>
1<reference anchor="RFC5039" target="https://www.rfc-editor.org/info/rfc5039" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5039.xml">
3<title>The Session Initiation Protocol (SIP) and Spam</title>
4<author initials="J." surname="Rosenberg" fullname="J. Rosenberg"><organization/></author>
5<author initials="C." surname="Jennings" fullname="C. Jennings"><organization/></author>
6<date year="2008" month="January"/>
7<abstract><t>Spam, defined as the transmission of bulk unsolicited messages, has plagued Internet email.  Unfortunately, spam is not limited to email. It can affect any system that enables user-to-user communications. The Session Initiation Protocol (SIP) defines a system for user-to- user multimedia communications.  Therefore, it is susceptible to spam, just as email is.  In this document, we analyze the problem of spam in SIP.  We first identify the ways in which the problem is the same and the ways in which it is different from email.  We then examine the various possible solutions that have been discussed for email and consider their applicability to SIP.  This memo provides information for the Internet community.</t></abstract>
9<seriesInfo name="RFC" value="5039"/>
10<seriesInfo name="DOI" value="10.17487/RFC5039"/>
1<reference anchor="RFC6350" target="https://www.rfc-editor.org/info/rfc6350" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6350.xml">
3<title>vCard Format Specification</title>
4<author initials="S." surname="Perreault" fullname="S. Perreault"><organization/></author>
5<date year="2011" month="August"/>
6<abstract><t>This document defines the vCard data format for representing and exchanging a variety of information about individuals and other entities (e.g., formatted and structured name and delivery addresses, email address, multiple telephone numbers, photograph, logo, audio clips, etc.).  This document obsoletes RFCs 2425, 2426, and 4770, and updates RFC 2739.  [STANDARDS-TRACK]</t></abstract>
8<seriesInfo name="RFC" value="6350"/>
9<seriesInfo name="DOI" value="10.17487/RFC6350"/>
1<reference anchor="RFC7092" target="https://www.rfc-editor.org/info/rfc7092" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7092.xml">
3<title>A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents</title>
4<author initials="H." surname="Kaplan" fullname="H. Kaplan"><organization/></author>
5<author initials="V." surname="Pascual" fullname="V. Pascual"><organization/></author>
6<date year="2013" month="December"/>
7<abstract><t>In many SIP deployments, SIP entities exist in the SIP signaling path between the originating and final terminating endpoints, which go beyond the definition of a SIP proxy, performing functions not defined in Standards Track RFCs.  The only term for such devices provided in RFC 3261 is for a Back-to-Back User Agent (B2BUA), which is defined as the logical concatenation of a SIP User Agent Server (UAS) and User Agent Client (UAC).</t><t>There are numerous types of SIP B2BUAs performing different roles in different ways; for example, IP Private Branch Exchanges (IPBXs), Session Border Controllers (SBCs), and Application Servers (ASs). This document identifies several common B2BUA roles in order to provide taxonomy other documents can use and reference.</t></abstract>
9<seriesInfo name="RFC" value="7092"/>
10<seriesInfo name="DOI" value="10.17487/RFC7092"/>
1<reference anchor="RFC7340" target="https://www.rfc-editor.org/info/rfc7340" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7340.xml">
3<title>Secure Telephone Identity Problem Statement and Requirements</title>
4<author initials="J." surname="Peterson" fullname="J. Peterson"><organization/></author>
5<author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne"><organization/></author>
6<author initials="H." surname="Tschofenig" fullname="H. Tschofenig"><organization/></author>
7<date year="2014" month="September"/>
8<abstract><t>Over the past decade, Voice over IP (VoIP) systems based on SIP have replaced many traditional telephony deployments.  Interworking VoIP systems with the traditional telephone network has reduced the overall level of calling party number and Caller ID assurances by granting attackers new and inexpensive tools to impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks.  Despite previous attempts to provide a secure assurance of the origin of SIP communications, we still lack effective standards for identifying the calling party in a VoIP session.  This document examines the reasons why providing identity for telephone numbers on the Internet has proven so difficult and shows how changes in the last decade may provide us with new strategies for attaching a secure identity to SIP sessions.  It also gives high-level requirements for a solution in this space.</t></abstract>
10<seriesInfo name="RFC" value="7340"/>
11<seriesInfo name="DOI" value="10.17487/RFC7340"/>
1<reference anchor="RFC8197" target="https://www.rfc-editor.org/info/rfc8197" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8197.xml">
3<title>A SIP Response Code for Unwanted Calls</title>
4<author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne"><organization/></author>
5<date year="2017" month="July"/>
6<abstract><t>This document defines the 607 (Unwanted) SIP response code, allowing called parties to indicate that the call or message was unwanted. SIP entities may use this information to adjust how future calls from this calling party are handled for the called party or more broadly.</t></abstract>
8<seriesInfo name="RFC" value="8197"/>
9<seriesInfo name="DOI" value="10.17487/RFC8197"/>
1<reference anchor="RFC8224" target="https://www.rfc-editor.org/info/rfc8224" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8224.xml">
3<title>Authenticated Identity Management in the Session Initiation Protocol (SIP)</title>
4<author initials="J." surname="Peterson" fullname="J. Peterson"><organization/></author>
5<author initials="C." surname="Jennings" fullname="C. Jennings"><organization/></author>
6<author initials="E." surname="Rescorla" fullname="E. Rescorla"><organization/></author>
7<author initials="C." surname="Wendt" fullname="C. Wendt"><organization/></author>
8<date year="2018" month="February"/>
9<abstract><t>The baseline security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context.  This document defines a mechanism for securely identifying originators of SIP requests.  It does so by defining a SIP header field for conveying a signature used for validating the identity and for conveying a reference to the credentials of the signer.</t><t>This document obsoletes RFC 4474.</t></abstract>
11<seriesInfo name="RFC" value="8224"/>
12<seriesInfo name="DOI" value="10.17487/RFC8224"/>
1<reference anchor="RFC8259" target="https://www.rfc-editor.org/info/rfc8259" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
3<title>The JavaScript Object Notation (JSON) Data Interchange Format</title>
4<author initials="T." surname="Bray" fullname="T. Bray" role="editor"><organization/></author>
5<date year="2017" month="December"/>
6<abstract><t>JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format.  It was derived from the ECMAScript Programming Language Standard.  JSON defines a small set of formatting rules for the portable representation of structured data.</t><t>This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.</t></abstract>
8<seriesInfo name="STD" value="90"/>
9<seriesInfo name="RFC" value="8259"/>
10<seriesInfo name="DOI" value="10.17487/RFC8259"/>
1<reference anchor="RFC8445" target="https://www.rfc-editor.org/info/rfc8445" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8445.xml">
3<title>Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal</title>
4<author initials="A." surname="Keranen" fullname="A. Keranen"><organization/></author>
5<author initials="C." surname="Holmberg" fullname="C. Holmberg"><organization/></author>
6<author initials="J." surname="Rosenberg" fullname="J. Rosenberg"><organization/></author>
7<date year="2018" month="July"/>
8<abstract><t>This document describes a protocol for Network Address Translator (NAT) traversal for UDP-based communication.  This protocol is called Interactive Connectivity Establishment (ICE).  ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN).</t><t>This document obsoletes RFC 5245.</t></abstract>
10<seriesInfo name="RFC" value="8445"/>
11<seriesInfo name="DOI" value="10.17487/RFC8445"/>
  • <?xml version="1.0" encoding="utf-8"?>
  • <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
  • <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
  • <rfc category="std" docName="draft-ietf-sipcore-rejected-09" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" version="3" number="9999" symRefs="true" sortRefs="true">
    • <-- xml2rfc v2v3 conversion 2.23.1 -->
    • <front>
      • <title abbrev="SIP Response Code for Rejected Calls">
        • A Session Initiation Protocol (SIP) Response Code for Rejected Calls
        • </title>
      • <seriesInfo name="Internet-Draft" "RFC" value="draft-ietf-sipcore-rejected-09" "9999" />
      • <author fullname="Eric W. Burger" initials="E.W." surname="Burger">
        • <organization>
          • Georgetown University
          • </organization>
        • <address>
          • <postal>
            • <street>
              • 37th & O St, NW
              • </street>
            • <city>
              • Washington
              • </city>
            • <region>
              • DC
              • </region>
            • <code>
              • 20057
              • </code>
            • <country>
              • USA
              • </country>
            • </postal>
          • <email>
            • eburger@standardstrack.com
            • </email>
          • </address>
        • </author>
      • <author fullname="Bhavik Nagda" initials="B." surname="Nagda">
        • <organization>
          • Massachusetts Institute of Technology
          • </organization>
        • <address>
          • <postal>
            • <street>
              • 77 Massachusetts Avenue
              • </street>
            • <city>
              • Cambridge
              • </city>
            • <region>
              • MA
              • </region>
            • <code>
              • 02139
              • </code>
            • <country>
              • USA
              • </country>
            • </postal>
          • <phone/>
          • <email>
            • nagdab@gmail.com
            • </email>
          • <uri/>
          • </address>
        • </author>
      • <-- If the month and year are both specified and are the current ones, xml2rfc will fill 
                in the current day for you. If only the current year is specified, xml2rfc will fill 
         in the current day and month for you. If the year is not the current one, it is 
         necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the 
         purpose of calculating the expiry date).  With drafts it is normally sufficient to 
         specify just the year. -->
      • <date day="28" month="June" "August" year="2019"/>
      • <-- Meta-data Declarations -->
      • <area>
        • RAI
        • </area>
      • <workgroup>
        • SIPCORE
        • </workgroup>
      • <keyword>
        • STIR
        • </keyword>
      • <keyword>
        • SIPCORE
        • </keyword>
      • <keyword>
        • IANA
        • </keyword>
      • <abstract>
        • <t>
          • This document defines the 608 (Rejected) SIP response code. This response code enables calling parties to learn that an intermediary rejected their call attempt. No one will deliver, and thus no one will answer, the call. As a 6xx code, the caller will be aware that future attempts to contact the same User Agent Server will likely fail. The initial use case driving the need for the 608 response code is when the intermediary is an analytics engine. In this case, the rejection is by a machine or other process. This contrasts with the 607 (Unwanted) SIP response code, which a human at the target User Agent Server indicated the user did not want the call. In some jurisdictions this distinction is important. This document also defines the use of the Call-Info header field in 608 responses to enable rejected callers to contact entities that blocked their calls in error. This provides a remediation mechanism for legal callers that find their calls blocked.
          • </t>
        • </abstract>
      • </front>
    • <middle>
      • <section numbered="true" toc="default">
        • <name>
          • Introduction
          • </name>
        • <t>
          • The IETF has been addressing numerous issues surrounding how to handle unwanted and, depending on the jurisdiction, illegal calls <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC5039" format="default"/>. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7340" format="default">STIR</xref> and <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="SHAKEN" format="default">SHAKEN</xref> address the cryptographic signing and attestation, respectively, of signaling to ensure the integrity and authenticity of the asserted caller identity.
          • </t>
        • <t>
          • This document describes a new <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3261" format="default">Session Initiation Protocol (SIP)</xref> response code, 608, which allows calling parties to learn that an intermediary rejected their call. As described below, we need a distinct indicator to differentiate between a user rejection and an intermediary's rejection of a call. In some jurisdictions, service providers may not be permitted to block calls, even if unwanted by the user, unless there is an explicit user request. Moreover, users may misidentify the nature of a caller.
          • </t>
        • <t>
          • For example, a legitimate caller may call a user who finds the call to be unwanted. However, instead of marking the call as unwanted, the user may mark the call as illegal. With that information, an analytics engine may determine to block all calls from that source. However, in some jurisdictions blocking calls from that source for other users may not be legal. Likewise, one can envision jurisdictions that allow an operator to block such calls, but only if there is a remediation mechanism in place to address false positives.
          • </t>
        • <t>
          • Some call blocking services may return responses such as 604 (Does Not Exist Anywhere). This might be a strategy to try to get a destination's address removed from a calling database. However, other network elements might also interpret this to mean the user truly does not exist, which might result in the user not being able to receive calls from anyone, even if they wanted to receive the calls. In many jurisdictions, providing such false signaling is also illegal.
          • </t>
        • <t>
          • The 608 response code addresses this need of remediating falsely blocked calls. Specifically, this code informs the SIP User Agent Client (UAC) that an intermediary blocked the call and provides a redress mechanism that allows callers to contact the operator of the intermediary.
          • </t>
        • <t>
          • In the current call handling ecosystem, users can explicitly reject a call or later mark a call as being unwanted by issuing a <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8197" format="default">607 SIP response code (Unwanted)</xref>. Figures <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="uas_reject" format="default"/> "counter"/> and <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="reject_ladder" format="default"/> "counter"/> show the operation of the 607 SIP response code. The User Agent Server (UAS) indicates the call was unwanted. As <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8197" format="default"/> explains, not only does the called party desire to reject that call, they can let their proxy know that they consider future calls from that source unwanted. Upon receipt of the 607 response from the UAS, the proxy may send unwanted call indicators, such as the value of the From header field and other information elements, to a call analytics engine. For various reasons described in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8197" format="default"/>, if a network operator receives multiple reports of unwanted calls, that may indicate that the entity placing the calls is likely to be a source of unwanted calls for many people. As such, other customers of the service provider may want the service provider to automatically reject calls on their behalf.
          • </t>
        • <t>
          • There is another value of the 607 rejection code. Presuming the proxy forwards the response code to the User Agent Client (UAC), the calling UAC or intervening proxies will also learn the user is not interested in receiving calls from that sender.
          • </t>
        • <figure anchor="uas_reject">
          • <name>
            • Unwanted (607) Call Flow
            • </name>
          • <artwork name="" type="" align="left" alt="">

            •                       +-----------+
                                    |   Call    |
                                    | Analytics |
                                    |  Engine   |
                                       ^     | (likely not SIP)
                                       |     v
                 +-----+    607     |  Called   |    607    +-----+
                 | UAC | <--------- |  Party    | <-------- | UAS |
                 +-----+            |  Proxy    |           +-----+

            • </artwork>
          • </figure>
        • <t>
          • For calls rejected with a 607 from a legitimate caller, receiving a 607 response code can inform the caller to stop attempting to call the user. Moreover, if a legitimate caller believes the user is rejecting their calls in error, they can use other channels to contact the user. For example, if a pharmacy calls a user to let them know their prescription is available for pickup and the user mistakenly thinks the call is unwanted and issues a 607 response code, the pharmacy, having an existing relationship with the customer, can send the user an email or push a note to the pharmacist to ask the customer to consider not rejecting their calls in the future.
          • </t>
        • <t>
          • Many systems that allow the user to mark the call unwanted (e.g., with the 607 response code) also allow the user to change their mind and unmark such calls. This mechanism is relatively easy to implement as the user usually has a direct relationship with the service provider that is blocking calls.
          • </t>
        • <t>
          • However, things become more complicated if an intermediary, such as a third-party provider of call management services that classifies calls based on the relative likelihood that the call is unwanted, misidentifies the call as unwanted. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="cae_reject" format="default"/> shows this case. Note that the UAS typically does not receive an INVITE since the called party proxy rejects the call on behalf of the user. In this situation, it would be beneficial for the caller to learn who rejected the call, so they can correct the misidentification.
          • </t>
        • <figure anchor="reject_ladder">
          • <name>
            • Unwanted (607) Ladder Diagram
            • </name>
          • <artwork name="" type="" align="left" alt="">

            •                     +--------+         +-----------+
                                  | Called |         |   Call    |
                 +-----+          | Party  |         | Analytics |   +-----+
                 | UAC |          | Proxy  |         |  Engine   |   | UAS |
                 +-----+          +--------+         +-----------+   +-----+
                    |  INVITE         |                    |            |
                    | --------------> |  Is call OK?       |            |
                    |                 |------------------->|            |
                    |                 |                    |            |
                    |                 |               Yes  |            |
                    |                 |<-------------------|            |
                    |                 |                    |            |
                    |                 | INVITE             |            |
                    |                 | ------------------------------> |
                    |                 |                    |            |
                    |                 |                    |       607  |
                    |                 | <------------------------------ |
                    |                 |                    |            |
                    |                 |  Unwanted call     |            |
                    |            607  | -----------------> |            |
                    | <-------------- |  indicators        |            |
                    |                 |                    |            |

            • </artwork>
          • </figure>
        • <figure anchor="cae_reject">
          • <name>
            • Rejected (608) Call Flow
            • </name>
          • <artwork name="" type="" align="left" alt="">

            •                       +-----------+
                                    |   Call    |
                                    | Analytics |
                                    |  Engine   |
                                       ^     | (likely not SIP)
                                       |     v
                 +-----+    608     |  Called   |           +-----+
                 | UAC | <--------- |  Party    |           | UAS |
                 +-----+            |  Proxy    |           +-----+

            • </artwork>
          • </figure>
        • <t>
          • In this situation, one might consider to have the intermediary use the 607 response code. 607 indicates to the caller the subscriber does not want the call. However, <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8197" format="default"/> specifies that one of the uses of 607 is to inform analytics engines that a user (human) has rejected a call. The problem here is that network elements downstream from the intermediary might interpret the 607 as coming from a user (human) who has marked the call as unwanted, as opposed to coming from an algorithm using statistics or machine learning to reject the call. An algorithm can be vulnerable to the <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="BaseRate" format="default">base rate fallacy</xref> rejecting the call. In other words, those downstream entities should not rely on another entity 'deciding' the call is unwanted. By distinguishing between a (human) user rejection and an intermediary engine's statistical rejection, a downstream network element that sees a 607 response code can weigh it as a human rejection in its call analytics, versus deciding whether to consider a 608 at all, and if so, weighing it appropriately.
          • </t>
        • <t>
          • It is useful for blocked callers to have a redress mechanism. One can imagine that some jurisdictions will require it. However, we must be mindful that most of the calls that intermediaries block will, in fact, be illegal and eligible for blocking. Thus, providing alternate contact information for a user would be counterproductive to protecting that user from illegal communications. This is another reason we do not propose to simply allow alternate contact information in a 607 response message.
          • </t>
        • <t>
          • Why do we not use the same mechanism an analytics service provider offers their customers? Specifically, why not have the analytics service provider allow the called party to correct a call blocked in error? The reason is while there is an existing relationship between the customer (called party) and the analytics service provider, it is unlikely there is a relationship between the caller and the analytics service provider. Moreover, there are numerous call blocking providers in the ecosystem. Therefore, we need a mechanism for indicating an intermediary rejected a call that also provides contact information for the operator of that intermediary, without exposing the target user's contact information.
          • </t>
        • <t>
          • The protocol described in this document uses existing SIP protocol mechanisms for specifying the redress mechanism. In the Call-Info header passed back to the UAC, we send additional information specifying a redress address. We choose to encode the redress address using <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7095" format="default">jCard</xref>. As we will see later in this document, this information needs to have its own, application-layer integrity protection. Thus, we use jCard rather than <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6350" format="default">vCard</xref> as we have a marshaling mechanism for creating a JavaScript Object Notation <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8259" format="default">(JSON)</xref> object, such as a jCard, and a standard integrity format for such an object, namely JSON Web Signature <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7515" format="default">(JWS)</xref>. The SIP community is familiar with this concept as it is the mechanism used by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8224" format="default">STIR</xref>.
          • </t>
        • <t>
          • Integrity protecting the jCard with a cryptographic signature might seem unnecessary at first, but it is essential to preventing potential network attacks. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="Security" format="default"/> describes the attack and why we sign the jCard in more detail.
          • </t>
        • </section>
      • <section numbered="true" toc="default">
        • <name>
          • Terminology
          • </name>
        • <t>
          • The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">REQUIRED</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHALL</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHALL NOT</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD NOT</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">RECOMMENDED</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">NOT RECOMMENDED</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14>", and "OPTIONAL" "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC2119" format="default"/><xref "RFC2119"/> <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8174" format="default"/> "RFC8174"/> when, and only when, they appear in all capitals, as shown here.
          • </t>
        • </section>
      • <section numbered="true" toc="default">
        • <name>
          • Protocol Operation
          • </name>
        • <t>
          • This section uses the term 'intermediary' to mean the entity that acts as a SIP User Agent Server (UAS) on behalf of the user in the network, as opposed to the user's UAS (usually, but not necessarily, their phone). The intermediary could be a back-to-back user agent (B2BUA) or a SIP Proxy.
          • </t>
        • <t>
          • <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="cae_ladder" format="default"/> shows an overview of the call flow for a rejected call.
          • </t>
        • <figure anchor="cae_ladder">
          • <name>
            • Rejected (608) Ladder Diagram
            • </name>
          • <artwork name="" type="" align="left" alt="">

            •                     +--------+         +-----------+
                                  | Called |         |   Call    |
                 +-----+          | Party  |         | Analytics |   +-----+
                 | UAC |          | Proxy  |         |  Engine   |   | UAS |
                 +-----+          +--------+         +-----------+   +-----+
                    |  INVITE         |                    |            |
                    | --------------> |  Information from  |            |
                    |                 | -----------------> |            |
                    |                 |  INVITE            |            |
                    |                 |            Reject  |            |
                    |            608  | <----------------- |            |
                    | <-------------- |            call    |            |
                    |                 |                    |            |

            • </artwork>
          • </figure>
        • <section numbered="true" toc="default">
          • <name>
            • Intermediary Operation
            • </name>
          • <t>
            • An intermediary MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> issue the 608 response code in a failure response for an INVITE, MESSAGE, SUBSCRIBE, or other out-of-dialog <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3261" format="default">SIP</xref> request to indicate that an intermediary rejected the offered communication as unwanted by the user. An intermediary MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> issue the 608 as the value of the "cause" parameter of a SIP reason-value in a Reason header field <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3326" format="default"/>.
            • </t>
          • <t>
            • If an intermediary issues a 608 code and there are no indicators the calling party will use the contents of the Call-Info header field for malicious purposes (see <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="Security" format="default"/>), the intermediary MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> include a Call-Info header field in the response.
            • </t>
          • <t>
            • If there is a Call-Info header field, it MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> have the 'purpose' parameter of 'jwscard'. The value of the Call-Info header field MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> refer to a valid JSON Web Signature (<xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7515" format="default">JWS</xref>) encoding of a <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7095" format="default">jCard</xref> object. The following section describes the construction of the JWS.
            • </t>
          • <t>
            • Proxies need to be mindful that a downstream intermediary may reject the attempt with a 608 while other paths may still be in progress. In this situation, the requirements stated in Section 16.7 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3261" format="default"/> sectionFormat="of" section="16.7"/> apply. Specifically, the proxy should cancel pending transactions and must not create any new branches. Note this is not a new requirement but simply pointing out the existing 6xx protocol mechanism in SIP.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • JWS Construction
            • </name>
          • <t>
            • The intermediary constructs the JWS of the jCard as follows.
            • </t>
          • <section numbered="true" toc="default">
            • <name>
              • JOSE Header
              • </name>
            • <t>
              • The Javascript Object Signing and Encryption (JOSE) header MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> include the typ, alg, and x5u parameters from <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7515" format="default">JWS</xref>. The typ parameter MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> have the value "vcard+json". Implementations MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> support ES256 as JSON Web Algorithms (<xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7518" format="default">JWA</xref>) defines it, and MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> support other registered signature algorithms. Finally, the x5u parameter MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be a URI that resolves to the public key certificate corresponding to the key used to digitally sign the JWS.
              • </t>
            • </section>
          • <section anchor="JWT" numbered="true" toc="default">
            • <name>
              • JWT Payload
              • </name>
            • <t>
              • The payload contains two JSON values. The first JSON Web Token (JWT) claim that MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be present is the <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7519" format="default">iat (issued at) claim</xref>. The "iat" MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be set to the date and time of the issuance of the 608 response. This mandatory component protects the response from replay attacks.
              • </t>
            • <t>
              • The second JWT claim that MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be present is the "jcard" claim. The value of the <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7095" format="default">jcard</xref> claim is a JSON array conforming to the JSON jCard data format defined in RFC7095 <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7095"/>. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="JWT-IANA" format="default"/> of this document describes the registration. In the construction of the jcard claim, the "jcard" MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> include at least one of the URL, EMAIL, TEL, or ADR properties. UACs supporting this specification MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be prepared to receive a full jCard. Call originators (at the UAC) can use the information returned by the jCard to contact the intermediary that rejected the call to appeal the intermediary's blocking of the call attempt. What the intermediary does if the blocked caller contacts the intermediary is outside the scope of this document.
              • </t>
            • </section>
          • <section anchor="s.JWS" numbered="true" toc="default">
            • <name>
              • JWS Signature
              • </name>
            • <t>
              • <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7515" format="default">JWS</xref> specifies the procedure for calculating the signature over the jCard JWT. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="EXAMPLES" format="default"/> of this document has a detailed example on constructing the JWS, including the signature.
              • </t>
            • </section>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • UAC Operation
            • </name>
          • <t>
            • A UAC conforming to this specification MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> include the sip.608 feature capability indicator in the Feature-Caps header field of the INVITE request.
            • </t>
          • <t>
            • Upon receiving a 608 response, UACs perform normal SIP processing for 6xx responses.
            • </t>
          • <t>
            • As for the disposition of the jCard itself, the UAC MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> check the "iat" claim in the JWT. As noted in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="s.JWS" format="default"/>, we are concerned about replay attacks. Therefore, the UAC MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> reject jCards that come with an expired "iat". The definition of "expired" is a matter of local policy. A reasonable value would be on the order of a minute due to clock drift and the possibility of the playing of an audio announcement before the delivery of the 608 response.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Legacy Interoperation
            • </name>
          • <t>
            • If the UAC indicates support for 608 and the intermediary issues a 608, life is good, as the UAC will receive all the information it needs to remediate an erroneous block by an intermediary. However, what if the UAC does not understand 608? For example, how can we support callers from a legacy, non-SIP public switched network connecting to the SIP network via a media gateway?
            • </t>
          • <t>
            • We address this situation by having the first network element that conforms with this specification play an announcement in the media. See <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="announcement" format="default"/> for requirements on the announcement. The simple rule is a network element that inserts the sip.608 feature capability MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be able to convey at a minimum how to contact the operator of the intermediary that rejected the call attempt.
            • </t>
          • <t>
            • The degenerate case is the intermediary is the only element that understands the semantics of the 608 response code. Obviously, any SIP device will understand that a 608 response code is a 6xx error. However, there are no other elements in the call path that understand the meaning of the value of the Call-Info header field. The intermediary knows this is the case as the INVITE request will not have the sip.608 feature capability. In this case, one can consider the intermediary to be the element 'inserting' a virtual sip.608 feature capability. If the caveats described in Sections <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="announcement" format="default"/> "counter"/> and <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="Security" format="default"/> "counter"/> do not hold, the intermediary MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> play the announcement.
            • </t>
          • <t>
            • Now we take the case where a network element that understands the 608 response code receives an INVITE for further processing. A network element conforming with this specification MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> insert the sip.608 feature capability, per the behaviors described in Section 4.2 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6809" format="default"/>. sectionFormat="of" section="4.2"/>.
            • </t>
          • <t>
            • Do note that even if a network element plays an announcement describing the contents of the 608 response message, the network element MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> forward the 608 response code message as the final response to the INVITE.
            • </t>
          • <t>
            • One aspect of using a feature capability is that only the network elements that will either consume (UAC) or play an announcement (media gateway, session border controller (<xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7092" format="default">SBC</xref>), or proxy) need to understand the sip.608 feature capability. If the other network elements conform to Section 16.6 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3261" format="default"/>, sectionFormat="of" section="16.6"/>, they will pass header fields such as "Feature-Caps: *;+sip.608" unmodified and without need for upgrade.
            • </t>
          • <t>
            • Because the ultimate disposition of the call attempt will be a 600-class response, the network element conveying the announcement in the legacy direction MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> use the 183 Session Progress response to establish the media session. Because of the small chance the UAC is an extremely old legacy device and is using UDP, the UAC MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> include support for <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3262" format="default">100Rel</xref> in its INVITE and the network element conveying the announcement MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> Require 100Rel in the 183 and the UAC MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> issue a PRACK to which the network element MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> respond 200 OK PRACK.
            • </t>
          • </section>
        • <section anchor="announcement" numbered="true" toc="default">
          • <name>
            • Announcement Requirements
            • </name>
          • <t>
            • There are a few requirements on the element that handles the announcement for legacy interoperation.
            • </t>
          • <t>
            • As noted above, the element that inserts the sip.608 feature capability is responsible for conveying the information referenced by the Call-Info header field in the 608 response message. However, this specification does not mandate how to convey that information.
            • </t>
          • <t>
            • Let us take the case where a telecommunications service provider controls the element inserting the sip.608 feature capability. It would be reasonable to expect the service provider would play an announcement in the media path towards the UAC (caller). It is important to note the network element should be mindful of the media type requested by the UAC as it formulates the announcement. For example, it would make sense for an INVITE that only indicated audio codecs in the Session Description Protocol <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC4566" format="default">(SDP)</xref> to result in an audio announcement. Likewise, if the INVITE only indicated a <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC4103" format="default">real-time text codec</xref> and the network element can render the information in the requested media format, the network element should send the information in a text format.
            • </t>
          • <t>
            • It is also possible for the network element inserting the sip.608 feature capability to be under the control of the same entity that controls the UAC. For example, a large call center might have legacy UACs, but have a modern outbound calling proxy that understands the full semantics of the 608 response code. In this case, it is enough for the outbound calling proxy to digest the Call-Info information and handle the information digitally, rather than 'transcoding' the Call-Info information for presentation to the caller.
            • </t>
          • </section>
        • </section>
      • <section anchor="EXAMPLES" numbered="true" toc="default">
        • <name>
          • Examples
          • </name>
        • <t>
          • These examples are not normative, do not include all protocol elements, and may have errors. Review the protocol documents for actual syntax and semantics of the protocol elements.
          • </t>
        • <section numbered="true" toc="default">
          • <name>
            • Full Exchange
            • </name>
          • <t>
            • Given an INVITE, shamelessly taken from <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="SHAKEN" format="default"/>, with the line breaks in the Identity header field for display purposes only:
            • </t>
          • <artwork name="" type="" align="left" alt="">

            • INVITE sip:+12155550113@tel.one.example.net SIP/2.0
              Max-Forwards: 69
              Contact: <sip:+12155550112@[2001:db8::12]:50207;rinstance=9da3088f3>
              To: <sip:+12155550113@tel.one.example.net>
              From: "Alice" <sip:+12155550112@tel.two.example.net>;tag=614bdb40
              Call-ID: 79048YzkxNDA5NTI1MzA0OWFjOTFkMmFlODhiNTI2OWQ1ZTI
              P-Asserted-Identity: "Alice"<sip:+12155550112@tel.two.example.net>,
              CSeq: 2 INVITE
                  MESSAGE, OPTIONS
              Content-Type: application/sdp
              Date: Tue, 16 Aug 2016 19:23:38 GMT
              Feature-Caps: *;+sip.608
              Identity: eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwicHB0Ijoic2hha2V
              Content-Length: 153

              o=- 13103070023943130 1 IN IP6 2001:db8::177
              c=IN IP6 2001:db8::177
              t=0 0
              m=audio 54242 RTP/AVP 0

            • </artwork>
          • <t>
            • An intermediary could reply:
            • </t>
          • <artwork name="" type="" align="left" alt="">

            • SIP/2.0 608 Rejected
              Via: SIP/2.0/UDP [2001:db8::177]:60012;branch=z9hG4bK-524287-1 
              From: "Alice" <sip:+12155550112@tel.two.example.net>;tag=614bdb40
              To: <sip:+12155550113@tel.one.example.net>
              Call-ID: 79048YzkxNDA5NTI1MzA0OWFjOTFkMmFlODhiNTI2OWQ1ZTI
              CSeq: 2 INVITE
              Call-Info: <https://block.example.net/complaint-jws>;purpose=jwscard

            • </artwork>
          • <t>
            • The location https://block.example.net/complaint-jws resolves to a JWS. One would construct the JWS as follows.
            • </t>
          • <t>
            • The JWS header of this example jCard could be:
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • <sourcecode name="JWS-header" type="json">
              • { "alg":"ES256",
                    "x5u":"https://certs.example.net/reject_key.cer" } 

              • </sourcecode>
            • </artwork>
          • <t>
            • Now, let us construct a minimal jCard. For this example, the jCard refers the caller to an email address, remediation@blocker.example.net:
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • <sourcecode name="jcard-example" type="json">
              • ["vcard",
                      ["version", {}, "text", "4.0"], 
                    ["fn", {}, "text", "Robocall Adjudication"], 
                    ["email", {"type":"work"},    
                              "text", "remediation@blocker.example.net"]  
                 ]  ] 

              • </sourcecode>
            • </artwork>
          • <t>
            • With this jCard, we can now construct the JWT:
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • <sourcecode name="jwt-from-jcard" type="json">
              • {
                      ["version", {}, "text", "4.0"], 
                      ["fn", {}, "text", "Robocall Adjudication"], 
                      ["email", {"type":"work"},    
                                "text", "remediation@blocker.example.net"] 
                  ] } 

              • </sourcecode>
            • </artwork>
          • <t>
            • To calculate the signature, we need to encode the JSON Object Signing and Encryption (JOSE) header and JWT into base64url. As an implementation note, one can trim whitespace in the JSON objects to save a few bytes. UACs MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be prepared to receive pretty-printed, compact, or bizarrely formatted JSON. For the purposes of this example, we leave the objects with pretty whitespace. Speaking of pretty vs. machine formatting, these examples have line breaks in the base64url encodings for ease of publication in the RFC format. The specification of base64url allows for these line breaks and the decoded text works just fine. However, those extra line break octets would affect the calculation of the signature. Implementations MUST NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14> insert line breaks into the base64url encodings of the JOSE header or JWT. This also means UACs MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be prepared to receive arbitrarily long octet streams from the URI referenced by the Call-Info SIP header.
            • </t>
          • <t>
            • base64url of JOSE header:
            • </t>
          • <artwork name="" type="" align="left" alt="">
            •  eyJhbGciOiJFUzI1NiIsInR5cCI6InZjYXJkK2pzb24iLCJ4NXUiOiJodHRwczov L2NlcnRzLmV4YW1wbGUubmV0L3JlamVjdF9rZXkuY2VyIn0= 
            • </artwork>
          • <t>
            • base64url of JWT:
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • base64url of JOSE header:

              base64url of JWT:


            • </artwork>
          • <t>
            • In this case, the object to sign (remembering this is just a single, long line; the line breaks are for ease of review but do not appear in the actual object) is as follows:
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • eyJhbGciOiJFUzI1NiIsInR5cCI6InZjYXJk

            • </artwork>
          • <t>
            • We use the following X.509 PKCS #8-encoded ECDSA key, also shamelessly taken from <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="SHAKEN" format="default"/>), as an example key for signing the hash of the above text. Do NOT use this key in real life! It is for example purposes only. At the very least, we would strongly recommend encrypting the key at rest.
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • -----BEGIN PRIVATE KEY-----
              -----END PRIVATE KEY-----

              -----BEGIN PUBLIC KEY-----
              -----END PUBLIC KEY-----

            • </artwork>
          • <t>
            • The resulting JWS, using the above key on the above object, renders the following ECDSA P-256 SHA-256 digital signature.
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • 7uz2SADRvPFOQOO_UgF2ZTUjPlDTegtPrYB04UHBMwBD6g9AmL

            • </artwork>
          • <t>
            • Thus, the JWS stored at https://blocker.example.net/complaints-jws, would contain:
            • </t>
          • <artwork name="" type="" align="left" alt="">

            • eyJhbGciOiJFUzI1NiIsInR5cCI6InZjYXJkK2pzb24iLCJ4NXUiOiJodHRwczovL

            • </artwork>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Web Site jCard
            • </name>
          • <t>
            • For an intermediary that provides a Web site for adjudication, the jCard could contain the following. Note we do not show the calculation of the JWS; the URI reference in the Call-Info header field would be to the JWS of the signed jCard.
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • <sourcecode name="another-jcard-example" type="json">
              • ["vcard",
                      ["version", {}, "text", "4.0"], 
                    ["fn", {}, "text", "Robocall Adjudication"], 
                    ["url", {"type":"work"},    
                            "text", "https://blocker.example.net/adjudication-form"] 
              • </sourcecode>
            • </artwork>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Multi-modal jCard
            • </name>
          • <t>
            • For an intermediary that provides a telephone number and a postal address, the jCard could contain the following. Note we do not show the calculation of the JWS; the URI reference in the Call-Info header field would be to the JWS of the signed jCard.
            • </t>
          • <artwork name="" type="" align="left" alt="">
            • <sourcecode name="multi-modal-jcard" type="json">
              • ["vcard",
                      ["version", {}, "text", "4.0"], 
                    ["fn", {}, "text", "Robocall Adjudication"], 
                    ["adr", {"type":"work"}, "text", 
                      ["Argument Clinic",    
                       "12 Main St","Anytown","AP","000000","Somecountry"] 
                    ["tel", {"type":"work"}, "uri", "tel:+1-555-555-0112"] 
              • </sourcecode>
            • </artwork>
          • <t>
            • Note that it is up to the UAC to decide which jCard contact modality, if any, it will use.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Legacy Interoperability
            • </name>
          • <t>
            • <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="legacy_ladder" format="default"/> depicts a call flow illustrating legacy interoperability. In this non-normative example, we see a UAC that does not support the full semantics for 608. However, there is an SBC that does support 608. Per <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6809" format="default"/>, the SBC can insert "*;+sip.608" into the Feature-Caps header field for the INVITE. When the intermediary, labeled "Called Party Proxy" in the figure, rejects the call, it knows it can simply perform the processing described in this document. Since the intermediary saw the sip.608 feature capability, it knows it does not need to send any media describing whom to contact in the event of an erroneous rejection. For illustrative purposes, the figure shows generic SIP Proxies in the flow. Their presence or absence or the number of proxies is not relevant to the operation of the protocol. They are in the figure to show that proxies that do not understand the sip.608 feature capability can still participate in a network offering 608 services.
            • </t>
          • <figure anchor="legacy_ladder">
            • <name>
              • Legacy Operation
              • </name>
            • <artwork name="" type="" align="left" alt="">

              •                                                   +---------+
                                                                  |  Call   |
                                                                  | Engine  |
                                                                     ^  |
                                                                     |  |
                                                                     |  v
                +---+    +-----+    +---+    +-----+    +-----+    |Called|
                |UAC+----+Proxy+----+SBC+----+Proxy+----+Proxy+----+Party |
                +---+    +-----+    +---+    +-----+    +-----+    |Proxy |
                  |                   |                            +------+
                  | INVITE            |                               |
                  |------------------>|                               |
                  |                   | INVITE                        |
                  |                   |------------------------------>|
                  |                   | Feature-Caps: *;+sip.608      |
                  |                   |                               |
                  |                   |                  608 Rejected |
                  |                   |<------------------------------|
                  |               183 |              Call-Info: <...> |
                  |<------------------|    [path for Call-Info elided |
                  |     SDP for media |     for illustration purposes]|
                  |                   |                               |
                  | PRACK             |                               |
                  |------------------>|                               |
                  |                   |                               |
                  |      200 OK PRACK |                               |
                  |<------------------|                               |
                  |                   |                               |
                  |<== Announcement ==|                               |
                  |                   |                               |
                  |      608 Rejected |                               |
                  |<------------------|                               |
                  |  Call-Info: <...> |                               |
                  |                   |                               |

                                                                  |  Call   |
                                                                  | Engine  |
                                                                     ^  |
                                                                     |  |
                                                                     |  v
                +---+    +-----+    +---+    +-----+    +-----+    |Called|
                |UAC+----+Proxy+----+SBC+----+Proxy+----+Proxy+----+Party |
                +---+    +-----+    +---+    +-----+    +-----+    |Proxy |
                  |                   |                            +------+
                  | INVITE            |                               |
                  |------------------>|                               |
                  |                   | INVITE                        |
                  |                   |------------------------------>|
                  |                   | Feature-Caps: *;+sip.608      |
                  |                   |                               |
                  |                   |                  608 Rejected |
                  |                   |<------------------------------|
                  |               183 |              Call-Info: <...> |
                  |<------------------|    [path for Call-Info elided |
                  |     SDP for media |     for illustration purposes]|
                  |                   |                               |
                  | PRACK             |                               |
                  |------------------>|                               |
                  |                   |                               |
                  |      200 OK PRACK |                               |
                  |<------------------|                               |
                  |                   |                               |
                  |<== Announcement ==|                               |
                  |                   |                               |
                  |      608 Rejected |                               |
                  |<------------------|                               |
                  |  Call-Info: <...> |                               |
                  |                   |                               |

              • </artwork>
            • </figure>
          • <t>
            • When the SBC receives the 608 response code, it correlates that with the original INVITE from the UAC. The SBC remembers that it inserted the sip.608 feature capability, which means it is responsible for somehow alerting the UAC the call failed and whom to contact. At this point the SBC can play a prompt, either natively or through a mechanism such as <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC4240" format="default">NETANN</xref>, that sends the relevant information in the appropriate media to the UAC. Since this is a potentially long transaction and there is a chance the UAC is using an unreliable transport protocol, the UAC will have indicated support for provisional responses, the SBC will indicate it requires a PRACK from the UAC in the 183 response, the UAC will provide the PRACK, and the SBC will acknowledge receipt of the PRACK before playing the announcement.
            • </t>
          • <t>
            • As an example, the SBC could extract the FN and TEL jCard fields and play something like a special information tone (see Telcordia <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="SR-2275" format="default">SR-2275</xref> sectionFormat="comma" section ="">SR-2275</xref> or <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="ITU.E.180.1998" format="default">ITU-T E.180</xref> sectionFormat="comma" section 7), ="7">ITU-T E.180</xref>), followed by "Your call has been rejected by ...", followed by a text-to-speech translation of the FN text, followed by "You can reach them on", followed by a text-to-speech translation of the telephone number in the TEL field.
            • </t>
          • <t>
            • Note the SBC also still sends the full 608 response code, including the Call-Info header, towards the UAC.
            • </t>
          • </section>
        • </section>
      • <section numbered="true" toc="default">
        • <name>
          • IANA Considerations
          • </name>
        • <section numbered="true" toc="default">
          • <name>
            • SIP Response Code
            • </name>
          • <t>
            • This document defines a new SIP response code, 608 in the "Response Codes" subregistry of the "Session Initiation Protocol (SIP) Parameters" registry defined in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC3261" format="default"/>.
            • </t>
          • <dl newline="false" spacing="normal">
            • <dt>
              • Response code:
              • </dt>
            • <dd>
              • 608
              • </dd>
            • <dt>
              • Description:
              • </dt>
            • <dd>
              • Rejected
              • </dd>
            • <dt>
              • Reference:
              • </dt>
            • <dd>
              • [RFCXXXX]
              • </dd>
            • </dl>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • SIP Feature-Capability Indicator
            • </name>
          • <t>
            • This document defines the feature capability sip.608 in the "SIP Feature-Capability Indicator Registration Tree" registry defined in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6809" format="default"/>.
            • </t>
          • <dl newline="false" spacing="normal">
            • <dt>
              • Name:
              • </dt>
            • <dd>
              • sip.608
              • </dd>
            • <dt>
              • Description:
              • </dt>
            • <dd>
              • This feature capability indicator, when included in a Feature-Caps header field of an INVITE request, indicates that the entity associated with the indicator will be responsible for indicating to the caller any information contained in the 608 SIP response code, specifically the value referenced by the Call-Info header.
              • </dd>
            • <dt>
              • Reference:
              • </dt>
            • <dd>
              • [RFCXXXX]
              • </dd>
            • </dl>
          • </section>
        • <section anchor="JWT-IANA" numbered="true" toc="default">
          • <name>
            • JSON Web Token Claim
            • </name>
          • <t>
            • This document defines the new JSON Web Token claim in the "JSON Web Token Claims" sub-registry created by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7519" format="default"/>. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="JWT" format="default"/> defines the syntax. The required information is:
            • </t>
          • <dl newline="false" spacing="normal">
            • <dt>
              • Claim Name:
              • </dt>
            • <dd>
              • jcard
              • </dd>
            • <dt>
              • Claim Description:
              • </dt>
            • <dd>
              • jCard data
              • </dd>
            • <dt>
              • Change Controller:
              • </dt>
            • <dd>
              • IESG
              • </dd>
            • <dt>
              • Reference:
              • </dt>
            • <dd>
              • [RFCXXXX], <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC7095" format="default"/>
              • </dd>
            • </dl>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Call-Info Purpose
            • </name>
          • <t>
            • This document defines the new predefined value "jwscard" for the "purpose" header field parameter of the Call-Info header field. This modifies the "Header Field Parameters and Parameter Values" subregistry of the "Session Initiation Protocol (SIP) Parameters" registry by adding this RFC as a reference to the line for the header field "Call-Info" and parameter name "purpose":
            • </t>
          • <dl newline="false" spacing="normal">
            • <dt>
              • Header Field:
              • </dt>
            • <dd>
              • Call-Info
              • </dd>
            • <dt>
              • Parameter Name:
              • </dt>
            • <dd>
              • purpose
              • </dd>
            • <dt>
              • Predefined Values:
              • </dt>
            • <dd>
              • Yes
              • </dd>
            • <dt>
              • Reference:
              • </dt>
            • <dd>
              • [RFCXXXX]
              • </dd>
            • </dl>
          • </section>
        • </section>
      • <section anchor="Security" numbered="true" toc="default">
        • <name>
          • Security Considerations
          • </name>
        • <t>
          • Intermediary operators need to be mindful to whom they are sending the 608 response. The intermediary could be rejecting a truly malicious caller. This raises two issues. The first is the caller, now alerted an intermediary is automatically rejecting their call attempts, may change their call behavior to defeat call blocking systems. The second, and more significant risk, is that by providing a contact in the Call-Info header field, the intermediary may be giving the malicious caller a vector for attack. In other words, the intermediary will be publishing an address that a malicious actor may use to launch an attack on the intermediary. Because of this, intermediary operators may wish to configure their response to only include a Call-Info header field for INVITE or other signed initiating methods and that pass validation by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8224" format="default">STIR</xref>.
          • </t>
        • <t>
          • Another risk is as follows. Consider an attacker that floods a proxy that supports the sip.608 feature. However, the SDP in the INVITE request refers to a victim device. Moreover, the attacker somehow knows there is a 608-aware gateway connecting to the victim who is on a segment that lacks the sip.608 feature capability. Because the mechanism described here can result in sending an audio file to the target of the SDP, an attacker could use the mechanism described by this document as an amplification attack, given a SIP INVITE can be under 1 kilobyte and an audio file can be hundreds of kilobytes. One remediation for this is for devices that insert a sip.608 feature capability to only transmit media to what is highly likely to be the actual source of the call attempt. A method for this is to only play media in response to a STIR-signed INVITE that passes validation. Beyond requiring a valid STIR signature on the INVITE, the intermediary can also use remediation procedures such as doing the connectivity checks specified by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8445" format="default">Interactive Connectivity Establishment</xref>. If the target did not request the media, the check will fail.
          • </t>
        • <t>
          • Yet another risk is a malicious intermediary that generates a malicious 608 response with a jCard referring to a malicious agent. For example, the recipient of a 608 may receive a TEL URI in the vCard. When the recipient calls that address, the malicious agent could ask for personally identifying information. However, instead of using that information to verify the recipient's identity, they are phishing the information for nefarious ends. A similar scenario can unfold if the malicious agent inserts a URI that points to a phishing or other site. As such, we strongly recommend the recipient validates to whom they are communicating with if asking to adjudicate an erroneously rejected call attempt. Since we may also be concerned about intermediate nodes modifying contact information, we can address both issues with a single solution. The remediation is to require the intermediary to sign the jCard. Signing the jCard provides integrity protection. In addition, one can imagine mechanisms such as used by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="SHAKEN" format="default">SHAKEN</xref>.
          • </t>
        • <t>
          • Similarly, one can imagine an adverse agent that maliciously spoofs a 608 response with a victim's contact address to many active callers, who may then all send redress requests to the specified address (the basis for a denial-of-service attack). The process would occur as follows: (1) a malicious agent senses INVITE requests from a variety of UACs and (2) spoofs 608 responses with an unsigned redress address before the intended receivers can respond, causing (3) the UACs to all contact the redress address at once. The jCard encoding allows the UAC to verify the blocking intermediary's identity before contacting the redress address. Specifically, because the sender signs the jCard, we can cryptographically trace the sender of the jCard. Given the protocol machinery of having a signature, one can apply local policy to decide whether to believe the sender of the jCard represents the owner of the contact information found in the jCard. This guards against a malicious agent spoofing 608 responses.
          • </t>
        • <t>
          • Specifically, one could use policies around signing certificate issuance as a mechanism for traceback to the entity issuing the jCard. One check could be verifying the identity of the subject of the certificate relates to the To header field of the initial SIP request, similar to validating the intermediary was vouching for the From header field of a SIP request with that identity. Note that we are only protecting against a malicious intermediary and not a hidden intermediary attack (formerly known as a "man in the middle attack"). Thus, we only need to ensure the signature is fresh, which is why we include "iat". For most implementations, we assume that the intermediary has a single set of contact points and will generate the jCard on demand. As such, there is no need to directly correlate HTTPS fetches to specific calls. However, since the intermediary is in control of the jCard and Call-Info response, an intermediary may choose to encode per-call information in the URI returned in a given 608 response. However, if the intermediary does go that route, the intermediary MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> use a non-deterministic URI reference mechanism and be prepared to return dummy responses to URI requests referencing calls that do not exist so that attackers attempting to glean call metadata by guessing URI's (and thus calls) will not get any actionable information from the HTTPS GET.
          • </t>
        • <t>
          • Since the decision of whether to include Call-Info in the 608 response is a matter of policy, one thing to consider is whether a legitimate caller can ascertain whom to contact without including such information in the 608. For example, in some jurisdictions, if only the terminating service provider can be the intermediary, the caller can look up who the terminating service provider is based on the routing information for the dialed number. Thus, the Call-Info jCard could be redundant information. However, the factors going into a particular service provider's or jurisdiction's choice of whether to include Call-Info is outside the scope of this document.
          • </t>
        • </section>
      • <section anchor="Acknowledgements" numbered="true" toc="default">
        • <name>
          • Acknowledgements
          • </name>
        • <t>
          • This document liberally lifts from <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8197" format="default"/> in its text and structure. However, the mechanism and purpose of 608 is quite different than 607. Any errors are the current editor's and not the editor of RFC8197. Thanks also go to Ken Carlberg of the FCC, Russ Housley, Paul Kyzivat, and Tolga Asveren for their suggestions on improving the draft. Tolga's suggestion to provide a mechanism for legacy interoperability served to expand the draft by 50%. In addition, Tolga came up with the jCard attack. Finally, Christer Holmberg as always provided a close reading and fixed a SIP feature capability bug found by Yehoshua Gev.
          • </t>
        • <t>
          • Of course, we appreciated the close read and five pages of comments from our estimable Area Director, Adam Roach. In addition, we received valuable comments during IETF Last Call and JWT review from Ines Robles, Mike Jones, and Brian Campbell and IESG review from Alissa Cooper, Eric Vyncke, Alexey Melnikov, Benjamin Kaduk, Barry Leiba, and with most glee, Warren Kumari.
          • </t>
        • <t>
          • Finally, Bhavik Nagda provided clarifying edits as well and more especially wrote and tested an implementation of the 608 response code in Kamailio. Code is available at <eref xmlns:xi="http://www.w3.org/2001/XInclude" target="https://github.com/nagdab/608_Implementation"/>. Grace Chuan from MIT regenerated and verified the JWT while working at the FCC.
          • </t>
        • </section>
      • </middle>
    • <--  *****BACK MATTER ***** -->
    • <back>
      • <references>
        • <name>
          • References
          • </name>
        • <references>
          • <name>
            • Normative References
            • </name>
          • <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
            • <front>
              • <title>
                • Key words for use in RFCs to Indicate Requirement Levels
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC2119"/>
              • <seriesInfo name="RFC" value="2119"/>
              • <seriesInfo name="BCP" value="14"/>
              • <author initials="S." surname="Bradner" fullname="S. Bradner">
                • <organization/>
                • </author>
              • <date year="1997" month="March"/>
              • <abstract>
                • <t>
                  • In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC3261" target="https://www.rfc-editor.org/info/rfc3261" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3261.xml">
            • <front>
              • <title>
                • SIP: Session Initiation Protocol
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC3261"/>
              • <seriesInfo name="RFC" value="3261"/>
              • <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
                • <organization/>
                • </author>
              • <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
                • <organization/>
                • </author>
              • <author initials="G." surname="Camarillo" fullname="G. Camarillo">
                • <organization/>
                • </author>
              • <author initials="A." surname="Johnston" fullname="A. Johnston">
                • <organization/>
                • </author>
              • <author initials="J." surname="Peterson" fullname="J. Peterson">
                • <organization/>
                • </author>
              • <author initials="R." surname="Sparks" fullname="R. Sparks">
                • <organization/>
                • </author>
              • <author initials="M." surname="Handley" fullname="M. Handley">
                • <organization/>
                • </author>
              • <author initials="E." surname="Schooler" fullname="E. Schooler">
                • <organization/>
                • </author>
              • <date year="2002" month="June"/>
              • <abstract>
                • <t>
                  • This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC3262" target="https://www.rfc-editor.org/info/rfc3262" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3262.xml">
            • <front>
              • <title>
                • Reliability of Provisional Responses in Session Initiation Protocol (SIP)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC3262"/>
              • <seriesInfo name="RFC" value="3262"/>
              • <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
                • <organization/>
                • </author>
              • <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
                • <organization/>
                • </author>
              • <date year="2002" month="June"/>
              • <abstract>
                • <t>
                  • This document specifies an extension to the Session Initiation Protocol (SIP) providing reliable provisional response messages. This extension uses the option tag 100rel and defines the Provisional Response ACKnowledgement (PRACK) method. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC3326" target="https://www.rfc-editor.org/info/rfc3326" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3326.xml">
            • <front>
              • <title>
                • The Reason Header Field for the Session Initiation Protocol (SIP)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC3326"/>
              • <seriesInfo name="RFC" value="3326"/>
              • <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
                • <organization/>
                • </author>
              • <author initials="D." surname="Oran" fullname="D. Oran">
                • <organization/>
                • </author>
              • <author initials="G." surname="Camarillo" fullname="G. Camarillo">
                • <organization/>
                • </author>
              • <date year="2002" month="December"/>
              • <abstract>
                • <t>
                  • The REGISTER function is used in a Session Initiation Protocol (SIP) system primarily to associate a temporary contact address with an address-of-record. This contact is generally in the form of a Uniform Resource Identifier (URI), such as Contact: <sip:alice@pc33.atlanta.com> and is generally dynamic and associated with the IP address or hostname of the SIP User Agent (UA). The problem is that network topology may have one or more SIP proxies between the UA and the registrar, such that any request traveling from the user's home network to the registered UA must traverse these proxies. The REGISTER method does not give us a mechanism to discover and record this sequence of proxies in the registrar for future use. This document defines an extension header field, "Path" which provides such a mechanism. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC6809" target="https://www.rfc-editor.org/info/rfc6809" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6809.xml">
            • <front>
              • <title>
                • Mechanism to Indicate Support of Features and Capabilities in the Session Initiation Protocol (SIP)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC6809"/>
              • <seriesInfo name="RFC" value="6809"/>
              • <author initials="C." surname="Holmberg" fullname="C. Holmberg">
                • <organization/>
                • </author>
              • <author initials="I." surname="Sedlacek" fullname="I. Sedlacek">
                • <organization/>
                • </author>
              • <author initials="H." surname="Kaplan" fullname="H. Kaplan">
                • <organization/>
                • </author>
              • <date year="2012" month="November"/>
              • <abstract>
                • <t>
                  • This specification defines a new SIP header field, Feature-Caps. The Feature-Caps header field conveys feature-capability indicators that are used to indicate support of features and capabilities for SIP entities that are not represented by the Uniform Resource Identifier (URI) of the Contact header field.
                  • </t>
                • <t>
                  • SIP entities that are represented by the URI of the SIP Contact header field can convey media feature tags in the Contact header field to indicate support of features and capabilities.
                  • </t>
                • <t>
                  • This specification also defines feature-capability indicators and creates a new IANA registry, "Proxy-Feature Feature-Capability Indicator Trees", for registering feature-capability indicators. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC7095" target="https://www.rfc-editor.org/info/rfc7095" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7095.xml">
            • <front>
              • <title>
                • jCard: The JSON Format for vCard
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC7095"/>
              • <seriesInfo name="RFC" value="7095"/>
              • <author initials="P." surname="Kewisch" fullname="P. Kewisch">
                • <organization/>
                • </author>
              • <date year="2014" month="January"/>
              • <abstract>
                • <t>
                  • This specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example, telephone numbers, email addresses, structured names, and delivery addresses. JSON is a lightweight, text-based, language- independent data interchange format commonly used in Internet applications.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC7515" target="https://www.rfc-editor.org/info/rfc7515" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7515.xml">
            • <front>
              • <title>
                • JSON Web Signature (JWS)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC7515"/>
              • <seriesInfo name="RFC" value="7515"/>
              • <author initials="M." surname="Jones" fullname="M. Jones">
                • <organization/>
                • </author>
              • <author initials="J." surname="Bradley" fullname="J. Bradley">
                • <organization/>
                • </author>
              • <author initials="N." surname="Sakimura" fullname="N. Sakimura">
                • <organization/>
                • </author>
              • <date year="2015" month="May"/>
              • <abstract>
                • <t>
                  • JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC7518" target="https://www.rfc-editor.org/info/rfc7518" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7518.xml">
            • <front>
              • <title>
                • JSON Web Algorithms (JWA)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC7518"/>
              • <seriesInfo name="RFC" value="7518"/>
              • <author initials="M." surname="Jones" fullname="M. Jones">
                • <organization/>
                • </author>
              • <date year="2015" month="May"/>
              • <abstract>
                • <t>
                  • This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC7519" target="https://www.rfc-editor.org/info/rfc7519" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
            • <front>
              • <title>
                • JSON Web Token (JWT)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC7519"/>
              • <seriesInfo name="RFC" value="7519"/>
              • <author initials="M." surname="Jones" fullname="M. Jones">
                • <organization/>
                • </author>
              • <author initials="J." surname="Bradley" fullname="J. Bradley">
                • <organization/>
                • </author>
              • <author initials="N." surname="Sakimura" fullname="N. Sakimura">
                • <organization/>
                • </author>
              • <date year="2015" month="May"/>
              • <abstract>
                • <t>
                  • JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
            • <front>
              • <title>
                • Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC8174"/>
              • <seriesInfo name="RFC" value="8174"/>
              • <seriesInfo name="BCP" value="14"/>
              • <author initials="B." surname="Leiba" fullname="B. Leiba">
                • <organization/>
                • </author>
              • <date year="2017" month="May"/>
              • <abstract>
                • <t>
                  • RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • </references>
        • <references>
          • <name>
            • Informative References
            • </name>
          • <reference anchor="RFC4103" target="https://www.rfc-editor.org/info/rfc4103" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4103.xml">
            • <front>
              • <title>
                • RTP Payload for Text Conversation
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC4103"/>
              • <seriesInfo name="RFC" value="4103"/>
              • <author initials="G." surname="Hellstrom" fullname="G. Hellstrom">
                • <organization/>
                • </author>
              • <author initials="P." surname="Jones" fullname="P. Jones">
                • <organization/>
                • </author>
              • <date year="2005" month="June"/>
              • <abstract>
                • <t>
                  • This memo obsoletes RFC 2793; it describes how to carry real-time text conversation session contents in RTP packets. Text conversation session contents are specified in ITU-T Recommendation T.140.
                  • </t>
                • <t>
                  • One payload format is described for transmitting text on a separate RTP session dedicated for the transmission of text.
                  • </t>
                • <t>
                  • This RTP payload description recommends a method to include redundant text from already transmitted packets in order to reduce the risk of text loss caused by packet loss. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC4240" target="https://www.rfc-editor.org/info/rfc4240" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4240.xml">
            • <front>
              • <title>
                • Basic Network Media Services with SIP
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC4240"/>
              • <seriesInfo name="RFC" value="4240"/>
              • <author initials="E." surname="Burger" fullname="E. Burger" role="editor">
                • <organization/>
                • </author>
              • <author initials="J." surname="Van Dyke" fullname="J. Van Dyke">
                • <organization/>
                • </author>
              • <author initials="A." surname="Spitzer" fullname="A. Spitzer">
                • <organization/>
                • </author>
              • <date year="2005" month="December"/>
              • <abstract>
                • <t>
                  • In SIP-based networks, there is a need to provide basic network media services. Such services include network announcements, user interaction, and conferencing services. These services are basic building blocks, from which one can construct interesting applications. In order to have interoperability between servers offering these building blocks (also known as Media Servers) and application developers, one needs to be able to locate and invoke such services in a well defined manner.
                  • </t>
                • <t>
                  • This document describes a mechanism for providing an interoperable interface between Application Servers, which provide application services to SIP-based networks, and Media Servers, which provide the basic media processing building blocks. This memo provides information for the Internet community.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC4566" target="https://www.rfc-editor.org/info/rfc4566" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4566.xml">
            • <front>
              • <title>
                • SDP: Session Description Protocol
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC4566"/>
              • <seriesInfo name="RFC" value="4566"/>
              • <author initials="M." surname="Handley" fullname="M. Handley">
                • <organization/>
                • </author>
              • <author initials="V." surname="Jacobson" fullname="V. Jacobson">
                • <organization/>
                • </author>
              • <author initials="C." surname="Perkins" fullname="C. Perkins">
                • <organization/>
                • </author>
              • <date year="2006" month="July"/>
              • <abstract>
                • <t>
                  • This memo defines the Session Description Protocol (SDP). SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC5039" target="https://www.rfc-editor.org/info/rfc5039" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5039.xml">
            • <front>
              • <title>
                • The Session Initiation Protocol (SIP) and Spam
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC5039"/>
              • <seriesInfo name="RFC" value="5039"/>
              • <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
                • <organization/>
                • </author>
              • <author initials="C." surname="Jennings" fullname="C. Jennings">
                • <organization/>
                • </author>
              • <date year="2008" month="January"/>
              • <abstract>
                • <t>
                  • Spam, defined as the transmission of bulk unsolicited messages, has plagued Internet email. Unfortunately, spam is not limited to email. It can affect any system that enables user-to-user communications. The Session Initiation Protocol (SIP) defines a system for user-to- user multimedia communications. Therefore, it is susceptible to spam, just as email is. In this document, we analyze the problem of spam in SIP. We first identify the ways in which the problem is the same and the ways in which it is different from email. We then examine the various possible solutions that have been discussed for email and consider their applicability to SIP. This memo provides information for the Internet community.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC6350" target="https://www.rfc-editor.org/info/rfc6350" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6350.xml">
            • <front>
              • <title>
                • vCard Format Specification
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC6350"/>
              • <seriesInfo name="RFC" value="6350"/>
              • <author initials="S." surname="Perreault" fullname="S. Perreault">
                • <organization/>
                • </author>
              • <date year="2011" month="August"/>
              • <abstract>
                • <t>
                  • This document defines the vCard data format for representing and exchanging a variety of information about individuals and other entities (e.g., formatted and structured name and delivery addresses, email address, multiple telephone numbers, photograph, logo, audio clips, etc.). This document obsoletes RFCs 2425, 2426, and 4770, and updates RFC 2739. [STANDARDS-TRACK]
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC7092" target="https://www.rfc-editor.org/info/rfc7092" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7092.xml">
            • <front>
              • <title>
                • A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC7092"/>
              • <seriesInfo name="RFC" value="7092"/>
              • <author initials="H." surname="Kaplan" fullname="H. Kaplan">
                • <organization/>
                • </author>
              • <author initials="V." surname="Pascual" fullname="V. Pascual">
                • <organization/>
                • </author>
              • <date year="2013" month="December"/>
              • <abstract>
                • <t>
                  • In many SIP deployments, SIP entities exist in the SIP signaling path between the originating and final terminating endpoints, which go beyond the definition of a SIP proxy, performing functions not defined in Standards Track RFCs. The only term for such devices provided in RFC 3261 is for a Back-to-Back User Agent (B2BUA), which is defined as the logical concatenation of a SIP User Agent Server (UAS) and User Agent Client (UAC).
                  • </t>
                • <t>
                  • There are numerous types of SIP B2BUAs performing different roles in different ways; for example, IP Private Branch Exchanges (IPBXs), Session Border Controllers (SBCs), and Application Servers (ASs). This document identifies several common B2BUA roles in order to provide taxonomy other documents can use and reference.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC7340" target="https://www.rfc-editor.org/info/rfc7340" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7340.xml">
            • <front>
              • <title>
                • Secure Telephone Identity Problem Statement and Requirements
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC7340"/>
              • <seriesInfo name="RFC" value="7340"/>
              • <author initials="J." surname="Peterson" fullname="J. Peterson">
                • <organization/>
                • </author>
              • <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
                • <organization/>
                • </author>
              • <author initials="H." surname="Tschofenig" fullname="H. Tschofenig">
                • <organization/>
                • </author>
              • <date year="2014" month="September"/>
              • <abstract>
                • <t>
                  • Over the past decade, Voice over IP (VoIP) systems based on SIP have replaced many traditional telephony deployments. Interworking VoIP systems with the traditional telephone network has reduced the overall level of calling party number and Caller ID assurances by granting attackers new and inexpensive tools to impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks. Despite previous attempts to provide a secure assurance of the origin of SIP communications, we still lack effective standards for identifying the calling party in a VoIP session. This document examines the reasons why providing identity for telephone numbers on the Internet has proven so difficult and shows how changes in the last decade may provide us with new strategies for attaching a secure identity to SIP sessions. It also gives high-level requirements for a solution in this space.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC8197" target="https://www.rfc-editor.org/info/rfc8197" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8197.xml">
            • <front>
              • <title>
                • A SIP Response Code for Unwanted Calls
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC8197"/>
              • <seriesInfo name="RFC" value="8197"/>
              • <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
                • <organization/>
                • </author>
              • <date year="2017" month="July"/>
              • <abstract>
                • <t>
                  • This document defines the 607 (Unwanted) SIP response code, allowing called parties to indicate that the call or message was unwanted. SIP entities may use this information to adjust how future calls from this calling party are handled for the called party or more broadly.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC8224" target="https://www.rfc-editor.org/info/rfc8224" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8224.xml">
            • <front>
              • <title>
                • Authenticated Identity Management in the Session Initiation Protocol (SIP)
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC8224"/>
              • <seriesInfo name="RFC" value="8224"/>
              • <author initials="J." surname="Peterson" fullname="J. Peterson">
                • <organization/>
                • </author>
              • <author initials="C." surname="Jennings" fullname="C. Jennings">
                • <organization/>
                • </author>
              • <author initials="E." surname="Rescorla" fullname="E. Rescorla">
                • <organization/>
                • </author>
              • <author initials="C." surname="Wendt" fullname="C. Wendt">
                • <organization/>
                • </author>
              • <date year="2018" month="February"/>
              • <abstract>
                • <t>
                  • The baseline security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP requests. It does so by defining a SIP header field for conveying a signature used for validating the identity and for conveying a reference to the credentials of the signer.
                  • </t>
                • <t>
                  • This document obsoletes RFC 4474.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC8259" target="https://www.rfc-editor.org/info/rfc8259" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
            • <front>
              • <title>
                • The JavaScript Object Notation (JSON) Data Interchange Format
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC8259"/>
              • <seriesInfo name="RFC" value="8259"/>
              • <seriesInfo name="STD" value="90"/>
              • <author initials="T." surname="Bray" fullname="T. Bray" role="editor">
                • <organization/>
                • </author>
              • <date year="2017" month="December"/>
              • <abstract>
                • <t>
                  • JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.
                  • </t>
                • <t>
                  • This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="RFC8445" target="https://www.rfc-editor.org/info/rfc8445" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8445.xml">
            • <front>
              • <title>
                • Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal
                • </title>
              • <seriesInfo name="DOI" value="10.17487/RFC8445"/>
              • <seriesInfo name="RFC" value="8445"/>
              • <author initials="A." surname="Keranen" fullname="A. Keranen">
                • <organization/>
                • </author>
              • <author initials="C." surname="Holmberg" fullname="C. Holmberg">
                • <organization/>
                • </author>
              • <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
                • <organization/>
                • </author>
              • <date year="2018" month="July"/>
              • <abstract>
                • <t>
                  • This document describes a protocol for Network Address Translator (NAT) traversal for UDP-based communication. This protocol is called Interactive Connectivity Establishment (ICE). ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN).
                  • </t>
                • <t>
                  • This document obsoletes RFC 5245.
                  • </t>
                • </abstract>
              • </front>
            • </reference>
          • <reference anchor="SHAKEN" target="https://www.sipforum.org/download/sip-forum-twg-10-signature-based-handling-of-asserted-information-using-tokens-shaken-pdf/?wpdmdl=2813">
            • <front>
              • <title>
                • Signature-based Handling of Asserted information using toKENs (SHAKEN)
                • </title>
              • <seriesInfo name="ATIS" value="1000074"/>
              • <author>
                • <organization>
                  • Alliance for Telecommunications Industry Solutions (ATIS) and the SIP Forum
                  • </organization>
                • </author>
              • <date day="5" month="1" year="2017"/>
              • </front>
            • </reference>
          • <reference anchor="BaseRate" target=" https://apps.dtic.mil/docs/citations/ADA045772">
            • <front>
              • <title>
                • The Base-Rate Fallacy in Probability Judgements
                • </title>
              • <author fullname="Maya Bar-Hillel" initials="M." surname="Bar-Hillel">
                • <organization>
                  • Hebrew University
                  • </organization>
                • </author>
              • <date month="4" year="1977"/>
              • </front>
            • </reference>
          • <reference anchor="ITU.E.180.1998">
            • <front>
              • <title>
                • Technical characteristics of tones for the telephone service
                • </title>
              • <seriesInfo name="ITU" value="Recommendation E.180/Q.35"/>
              • <author>
                • <organization>
                  • International Telecommunications Union
                  • </organization>
                • </author>
              • <date month="March" year="1998"/>
              • </front>
            • </reference>
          • <reference anchor="SR-2275">
            • <front>
              • <title>
                • Bellcore Notes on the Networks
                • </title>
              • <seriesInfo name="Telcordia" value="SR-2275"/>
              • <author>
                • <organization>
                  • Telcordia
                  • </organization>
                • </author>
              • <date month="October" year="2000"/>
              • </front>
            • </reference>
          • </references>
        • </references>
      • </back>
    • </rfc>
1<?xml version='1.0' encoding='utf-8'?>
3<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std"
4     number="9999" ipr="trust200902" obsoletes=""
5     updates="" submissionType="IETF" xml:lang="en" tocInclude="true"
6     symRefs="true" sortRefs="true" version="3">
8  <!-- xml2rfc v2v3 conversion 2.23.1 -->
9  <front>
10    <title abbrev="SIP Response Code for Rejected Calls">A Session Initiation
11    Protocol (SIP) Response Code for Rejected Calls</title>
13    <seriesInfo name="RFC" value="9999"/>
15    <author fullname="Eric W. Burger" initials="E.W." surname="Burger">
16      <organization>Georgetown University</organization>
17      <address>
18        <postal>
19          <street>37th &amp; O St, NW</street>
20          <city>Washington</city>
21          <region>DC</region>
22          <code>20057</code>
23          <country>USA</country>
24        </postal>
25        <email>eburger@standardstrack.com</email>
26      </address>
27    </author>
28    <author fullname="Bhavik Nagda" initials="B." surname="Nagda">
29      <organization>Massachusetts Institute of Technology</organization>
30      <address>
31        <postal>
32          <street>77 Massachusetts Avenue</street>
33          <city>Cambridge</city>
34          <region>MA</region>
35          <code>02139</code>
36          <country>USA</country>
37        </postal>
38        <phone/>
39        <email>nagdab@gmail.com</email>
40        <uri/>
41      </address>
42    </author>
43    <!-- If the month and year are both specified and are the current ones, xml2rfc will fill 
44        in the current day for you. If only the current year is specified, xml2rfc will fill 
45  in the current day and month for you. If the year is not the current one, it is 
46  necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the 
47  purpose of calculating the expiry date).  With drafts it is normally sufficient to 
48  specify just the year. -->
49    <date month="August" year="2019"/>
50    <!-- Meta-data Declarations -->
51    <area>RAI</area>
52    <workgroup>SIPCORE</workgroup>
53    <keyword>STIR</keyword>
54    <keyword>SIPCORE</keyword>
55    <keyword>IANA</keyword>
56    <abstract>
57      <t>This document defines the 608 (Rejected) SIP response code. This
58      response code enables calling parties to learn that an intermediary
59      rejected their call attempt. No one will deliver, and thus no one will
60      answer, the call. As a 6xx code, the caller will be aware that future
61      attempts to contact the same User Agent Server will likely fail. The
62      initial use case driving the need for the 608 response code is when the
63      intermediary is an analytics engine. In this case, the rejection is by a
64      machine or other process. This contrasts with the 607 (Unwanted) SIP
65      response code, which a human at the target User Agent Server indicated
66      the user did not want the call. In some jurisdictions this distinction
67      is important. This document also defines the use of the Call-Info header
68      field in 608 responses to enable rejected callers to contact entities
69      that blocked their calls in error. This provides a remediation mechanism
70      for legal callers that find their calls blocked.</t>
71    </abstract>
72  </front>
73  <middle>
74    <section numbered="true" toc="default">
75      <name>Introduction</name>
76      <t>The IETF has been addressing numerous issues surrounding how to
77      handle unwanted and, depending on the jurisdiction, illegal calls <xref target="RFC5039" format="default"/>. <xref target="RFC7340" format="default">STIR</xref> and <xref target="SHAKEN" format="default">SHAKEN</xref> address the cryptographic signing and
78      attestation, respectively, of signaling to ensure the integrity and
79      authenticity of the asserted caller identity.</t>
80      <t>This document describes a new <xref target="RFC3261" format="default">Session
81      Initiation Protocol (SIP)</xref> response code, 608, which allows
82      calling parties to learn that an intermediary rejected their call. As
83      described below, we need a distinct indicator to differentiate between a
84      user rejection and an intermediary's rejection of a call. In some
85      jurisdictions, service providers may not be permitted to block calls,
86      even if unwanted by the user, unless there is an explicit user request.
87      Moreover, users may misidentify the nature of a caller.</t>
88      <t>For example, a legitimate caller may call a user who finds the call
89      to be unwanted. However, instead of marking the call as unwanted, the
90      user may mark the call as illegal. With that information, an analytics
91      engine may determine to block all calls from that source. However, in
92      some jurisdictions blocking calls from that source for other users may
93      not be legal. Likewise, one can envision jurisdictions that allow an
94      operator to block such calls, but only if there is a remediation
95      mechanism in place to address false positives.</t>
96      <t>Some call blocking services may return responses such as 604 (Does
97      Not Exist Anywhere). This might be a strategy to try to get a
98      destination's address removed from a calling database. However, other
99      network elements might also interpret this to mean the user truly does
100      not exist, which might result in the user not being able to receive
101      calls from anyone, even if they wanted to receive the calls. In many
102      jurisdictions, providing such false signaling is also illegal.</t>
103      <t>The 608 response code addresses this need of remediating falsely
104      blocked calls. Specifically, this code informs the SIP User Agent Client
105      (UAC) that an intermediary blocked the call and provides a redress
106      mechanism that allows callers to contact the operator of the
107      intermediary.</t>
108      <t>In the current call handling ecosystem, users can explicitly reject a
109      call or later mark a call as being unwanted by issuing a <xref
110      target="RFC8197" format="default">607 SIP response code
111      (Unwanted)</xref>. Figures <xref target="uas_reject" format="counter"/>
112      and <xref target="reject_ladder" format="counter"/> show the
113      operation of the 607 SIP response code. The User Agent Server (UAS)
114      indicates the call was unwanted. As <xref target="RFC8197" format="default"/> explains,
115      not only does the called party desire to reject that call, they can let
116      their proxy know that they consider future calls from that source
117      unwanted. Upon receipt of the 607 response from the UAS, the proxy may
118      send unwanted call indicators, such as the value of the From header
119      field and other information elements, to a call analytics engine. For
120      various reasons described in <xref target="RFC8197" format="default"/>, if a network
121      operator receives multiple reports of unwanted calls, that may indicate
122      that the entity placing the calls is likely to be a source of unwanted
123      calls for many people. As such, other customers of the service provider
124      may want the service provider to automatically reject calls on their
125      behalf.</t>
126      <t>There is another value of the 607 rejection code. Presuming the proxy
127      forwards the response code to the User Agent Client (UAC), the calling
128      UAC or intervening proxies will also learn the user is not interested in
129      receiving calls from that sender.</t>
130      <figure anchor="uas_reject">
131        <name>Unwanted (607) Call Flow</name>
132        <artwork name="" type="" align="left" alt=""><![CDATA[
133                      +-----------+
134                      |   Call    |
135                      | Analytics |
136                      |  Engine   |
137                      +-----------+
138                         ^     | (likely not SIP)
139                         |     v
140                      +-----------+
141   +-----+    607     |  Called   |    607    +-----+
142   | UAC | <--------- |  Party    | <-------- | UAS |
143   +-----+            |  Proxy    |           +-----+
144                      +-----------+  ]]></artwork> </figure>
145      <t>For calls rejected with a 607 from a legitimate caller, receiving a
146      607 response code can inform the caller to stop attempting to call the
147      user. Moreover, if a legitimate caller believes the user is rejecting
148      their calls in error, they can use other channels to contact the user.
149      For example, if a pharmacy calls a user to let them know their
150      prescription is available for pickup and the user mistakenly thinks the
151      call is unwanted and issues a 607 response code, the pharmacy, having an
152      existing relationship with the customer, can send the user an email or
153      push a note to the pharmacist to ask the customer to consider not
154      rejecting their calls in the future.</t>
155      <t>Many systems that allow the user to mark the call unwanted (e.g.,
156      with the 607 response code) also allow the user to change their mind and
157      unmark such calls. This mechanism is relatively easy to implement as the
158      user usually has a direct relationship with the service provider that is
159      blocking calls.</t>
160     <t>However, things become more complicated if an intermediary, such as a          
161      third-party provider of call management services that classifies calls            
162      based on the relative likelihood that the call is unwanted,                       
163      misidentifies the call as unwanted. <xref target="cae_reject" format="default"/> shows             
164      this case. Note that the UAS typically does not receive an INVITE since           
165      the called party proxy rejects the call on behalf of the user. In this            
166      situation, it would be beneficial for the caller to learn who rejected            
167      the call, so they can correct the misidentification.</t>
169      <figure anchor="reject_ladder">
170        <name>Unwanted (607) Ladder Diagram</name>
171        <artwork name="" type="" align="left" alt=""><![CDATA[
172                    +--------+         +-----------+
173                    | Called |         |   Call    |
174   +-----+          | Party  |         | Analytics |   +-----+
175   | UAC |          | Proxy  |         |  Engine   |   | UAS |
176   +-----+          +--------+         +-----------+   +-----+
177      |  INVITE         |                    |            |
178      | --------------> |  Is call OK?       |            |
179      |                 |------------------->|            |
180      |                 |                    |            |
181      |                 |               Yes  |            |
182      |                 |<-------------------|            |
183      |                 |                    |            |
184      |                 | INVITE             |            |
185      |                 | ------------------------------> |
186      |                 |                    |            |
187      |                 |                    |       607  |
188      |                 | <------------------------------ |
189      |                 |                    |            |
190      |                 |  Unwanted call     |            |
191      |            607  | -----------------> |            |
192      | <-------------- |  indicators        |            |
193      |                 |                    |            | ]]></artwork>
194      </figure>
196      <figure anchor="cae_reject">
197        <name>Rejected (608) Call Flow</name>
198        <artwork name="" type="" align="left" alt=""><![CDATA[
199                      +-----------+
200                      |   Call    |
201                      | Analytics |
202                      |  Engine   |
203                      +-----------+
204                         ^     | (likely not SIP)
205                         |     v
206                      +-----------+
207   +-----+    608     |  Called   |           +-----+
208   | UAC | <--------- |  Party    |           | UAS |
209   +-----+            |  Proxy    |           +-----+
210                      +-----------+   ]]></artwork> </figure>
211      <t>In this situation, one might consider to have the intermediary use
212      the 607 response code. 607 indicates to the caller the subscriber does
213      not want the call. However, <xref target="RFC8197" format="default"/> specifies that one
214      of the uses of 607 is to inform analytics engines that a user (human)
215      has rejected a call. The problem here is that network elements
216      downstream from the intermediary might interpret the 607 as coming from
217      a user (human) who has marked the call as unwanted, as opposed to coming
218      from an algorithm using statistics or machine learning to reject the
219      call. An algorithm can be vulnerable to the <xref target="BaseRate" format="default">base
220      rate fallacy</xref> rejecting the call. In other words, those downstream
221      entities should not rely on another entity 'deciding' the call is
222      unwanted. By distinguishing between a (human) user rejection and an
223      intermediary engine's statistical rejection, a downstream network
224      element that sees a 607 response code can weigh it as a human rejection
225      in its call analytics, versus deciding whether to consider a 608 at all,
226      and if so, weighing it appropriately.</t>
227      <t>It is useful for blocked callers to have a redress mechanism. One can
228      imagine that some jurisdictions will require it. However, we must be
229      mindful that most of the calls that intermediaries block will, in fact,
230      be illegal and eligible for blocking. Thus, providing alternate contact
231      information for a user would be counterproductive to protecting that
232      user from illegal communications. This is another reason we do not
233      propose to simply allow alternate contact information in a 607 response
234      message.</t>
235      <t>Why do we not use the same mechanism an analytics service provider
236      offers their customers? Specifically, why not have the analytics service
237      provider allow the called party to correct a call blocked in error? The
238      reason is while there is an existing relationship between the customer
239      (called party) and the analytics service provider, it is unlikely there
240      is a relationship between the caller and the analytics service provider.
241      Moreover, there are numerous call blocking providers in the ecosystem.
242      Therefore, we need a mechanism for indicating an intermediary rejected a
243      call that also provides contact information for the operator of that
244      intermediary, without exposing the target user's contact
245      information.</t>
246      <t>The protocol described in this document uses existing SIP protocol
247      mechanisms for specifying the redress mechanism. In the Call-Info header
248      passed back to the UAC, we send additional information specifying a
249      redress address. We choose to encode the redress address using <xref target="RFC7095" format="default">jCard</xref>. As we will see later in this document,
250      this information needs to have its own, application-layer integrity
251      protection. Thus, we use jCard rather than <xref target="RFC6350" format="default">vCard</xref> as we have a marshaling mechanism for
252      creating a JavaScript Object Notation <xref target="RFC8259" format="default">(JSON)</xref> object, such as a jCard, and a standard
253      integrity format for such an object, namely JSON Web Signature <xref target="RFC7515" format="default">(JWS)</xref>. The SIP community is familiar with this
254      concept as it is the mechanism used by <xref target="RFC8224" format="default">STIR</xref>.</t>
255      <t>Integrity protecting the jCard with a cryptographic signature might
256      seem unnecessary at first, but it is essential to preventing potential
257      network attacks. <xref target="Security" format="default"/> describes the attack and why
258      we sign the jCard in more detail.</t>
259    </section>
260    <section numbered="true" toc="default">
261      <name>Terminology</name>
263    <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
264    "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>",
265    "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>",
266    "<bcp14>SHOULD NOT</bcp14>",
267    "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
268    "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are
269    to be interpreted as described in BCP 14 <xref target="RFC2119"/>
270    <xref target="RFC8174"/> when, and only when, they appear in all capitals,
271    as shown here.</t>
273    </section>
274    <section numbered="true" toc="default">
275      <name>Protocol Operation</name>
276      <t>This section uses the term 'intermediary' to mean the entity that
277      acts as a SIP User Agent Server (UAS) on behalf of the user in the
278      network, as opposed to the user's UAS (usually, but not necessarily,
279      their phone). The intermediary could be a back-to-back user agent
280      (B2BUA) or a SIP Proxy.</t>
281      <t><xref target="cae_ladder" format="default"/> shows an overview of the call flow for a
282      rejected call.</t>
283      <figure anchor="cae_ladder">
284        <name>Rejected (608) Ladder Diagram</name>
285        <artwork name="" type="" align="left" alt=""><![CDATA[
286                    +--------+         +-----------+
287                    | Called |         |   Call    |
288   +-----+          | Party  |         | Analytics |   +-----+
289   | UAC |          | Proxy  |         |  Engine   |   | UAS |
290   +-----+          +--------+         +-----------+   +-----+
291      |  INVITE         |                    |            |
292      | --------------> |  Information from  |            |
293      |                 | -----------------> |            |
294      |                 |  INVITE            |            |
295      |                 |            Reject  |            |
296      |            608  | <----------------- |            |
297      | <-------------- |            call    |            |
298      |                 |                    |            | ]]></artwork> </figure>
299      <section numbered="true" toc="default">
300        <name>Intermediary Operation</name>
301        <t>An intermediary <bcp14>MAY</bcp14> issue the 608 response code in a failure
302        response for an INVITE, MESSAGE, SUBSCRIBE, or other out-of-dialog
303        <xref target="RFC3261" format="default">SIP</xref> request to indicate that an
304        intermediary rejected the offered communication as unwanted by the
305        user. An intermediary <bcp14>MAY</bcp14> issue the 608 as the value of the "cause"
306        parameter of a SIP reason-value in a Reason header field <xref target="RFC3326" format="default"/>.</t>
307        <t>If an intermediary issues a 608 code and there are no indicators
308        the calling party will use the contents of the Call-Info header field
309        for malicious purposes (see <xref target="Security" format="default"/>), the
310        intermediary <bcp14>MUST</bcp14> include a Call-Info header field in the
311        response.</t>
312        <t>If there is a Call-Info header field, it <bcp14>MUST</bcp14> have the 'purpose'
313        parameter of 'jwscard'. The value of the Call-Info header field <bcp14>MUST</bcp14>
314        refer to a valid JSON Web Signature (<xref target="RFC7515" format="default">JWS</xref>) encoding of a <xref target="RFC7095" format="default">jCard</xref> object. The following section describes
315        the construction of the JWS.</t>
316        <t>Proxies need to be mindful that a downstream intermediary may
317        reject the attempt with a 608 while other paths may still be in
318        progress. In this situation, the requirements stated in
319        <xref target="RFC3261" sectionFormat="of" section="16.7"/> apply. Specifically, the proxy should
320        cancel pending transactions and must not create any new branches. Note
321        this is not a new requirement but simply pointing out the existing 6xx
322        protocol mechanism in SIP.</t>
323      </section>
324      <section numbered="true" toc="default">
325        <name>JWS Construction</name>
326        <t>The intermediary constructs the JWS of the jCard as follows.</t>
327        <section numbered="true" toc="default">
328          <name>JOSE Header</name>
329          <t>The Javascript Object Signing and Encryption (JOSE) header <bcp14>MUST</bcp14>
330          include the typ, alg, and x5u parameters from <xref target="RFC7515" format="default">JWS</xref>. The typ parameter <bcp14>MUST</bcp14> have the value
331          "vcard+json". Implementations <bcp14>MUST</bcp14> support ES256 as JSON Web
332          Algorithms (<xref target="RFC7518" format="default">JWA</xref>) defines it, and <bcp14>MAY</bcp14>
333          support other registered signature algorithms. Finally, the x5u
334          parameter <bcp14>MUST</bcp14> be a URI that resolves to the public key certificate
335          corresponding to the key used to digitally sign the JWS.</t>
336        </section>
337        <section anchor="JWT" numbered="true" toc="default">
338          <name>JWT Payload</name>
339          <t>The payload contains two JSON values. The first JSON Web Token
340          (JWT) claim that <bcp14>MUST</bcp14> be present is the <xref target="RFC7519" format="default">iat
341          (issued at) claim</xref>. The "iat" <bcp14>MUST</bcp14> be set to the date and time
342          of the issuance of the 608 response. This mandatory component
343          protects the response from replay attacks.</t>
344          <t>The second JWT claim that <bcp14>MUST</bcp14> be present is the "jcard" claim.
345          The value of the <xref target="RFC7095" format="default">jcard</xref> claim is a JSON
346          array conforming to the JSON jCard data format defined in <xref
347   target="RFC7095"/>.
348          <xref target="JWT-IANA" format="default"/> of this document describes the registration. In the
349          construction of the jcard claim, the "jcard" <bcp14>MUST</bcp14> include at least
350          one of the URL, EMAIL, TEL, or ADR properties. UACs supporting this
351          specification <bcp14>MUST</bcp14> be prepared to receive a full jCard. Call
352          originators (at the UAC) can use the information returned by the
353          jCard to contact the intermediary that rejected the call to appeal
354          the intermediary's blocking of the call attempt. What the
355          intermediary does if the blocked caller contacts the intermediary is
356          outside the scope of this document.</t>
357        </section>
358        <section anchor="s.JWS" numbered="true" toc="default">
359          <name>JWS Signature</name>
360          <t><xref target="RFC7515" format="default">JWS</xref> specifies the procedure for
361          calculating the signature over the jCard JWT. <xref target="EXAMPLES" format="default"/> of this document has a detailed example on
362          constructing the JWS, including the signature.</t>
363        </section>
364      </section>
365      <section numbered="true" toc="default">
366        <name>UAC Operation</name>
367        <t>A UAC conforming to this specification <bcp14>MUST</bcp14> include the sip.608
368        feature capability indicator in the Feature-Caps header field of the
369        INVITE request.</t>
370        <t>Upon receiving a 608 response, UACs perform normal SIP processing
371        for 6xx responses.</t>
372        <t>As for the disposition of the jCard itself, the UAC <bcp14>MUST</bcp14> check the
373        "iat" claim in the JWT. As noted in <xref target="s.JWS" format="default"/>, we are
374        concerned about replay attacks. Therefore, the UAC <bcp14>MUST</bcp14> reject jCards
375        that come with an expired "iat". The definition of "expired" is a
376        matter of local policy. A reasonable value would be on the order of a
377        minute due to clock drift and the possibility of the playing of an
378        audio announcement before the delivery of the 608 response.</t>
379      </section>
380      <section numbered="true" toc="default">
381        <name>Legacy Interoperation</name>
382        <t>If the UAC indicates support for 608 and the intermediary issues a
383        608, life is good, as the UAC will receive all the information it
384        needs to remediate an erroneous block by an intermediary. However,
385        what if the UAC does not understand 608? For example, how can we
386        support callers from a legacy, non-SIP public switched network
387        connecting to the SIP network via a media gateway?</t>
388        <t>We address this situation by having the first network element that
389        conforms with this specification play an announcement in the media.
390        See <xref target="announcement" format="default"/> for requirements on the
391        announcement. The simple rule is a network element that inserts the
392        sip.608 feature capability <bcp14>MUST</bcp14> be able to convey at a minimum how to
393        contact the operator of the intermediary that rejected the call
394        attempt.</t>
395        <t>The degenerate case is the intermediary is the only element that
396        understands the semantics of the 608 response code. Obviously, any SIP
397        device will understand that a 608 response code is a 6xx error.
398        However, there are no other elements in the call path that understand
399        the meaning of the value of the Call-Info header field. The
400        intermediary knows this is the case as the INVITE request will not
401        have the sip.608 feature capability. In this case, one can consider
402        the intermediary to be the element 'inserting' a virtual sip.608
403        feature capability. If the caveats described in
404        Sections <xref target="announcement" format="counter"/> and
405        <xref target="Security" format="counter"/> do not hold, the
406        intermediary <bcp14>MUST</bcp14> play the announcement.</t>
407        <t>Now we take the case where a network element that understands the
408        608 response code receives an INVITE for further processing. A network
409        element conforming with this specification <bcp14>MUST</bcp14> insert the sip.608
410        feature capability, per the behaviors described in
411        <xref target="RFC6809" sectionFormat="of" section="4.2"/>.</t>
412        <t>Do note that even if a network element plays an announcement
413        describing the contents of the 608 response message, the network
414        element <bcp14>MUST</bcp14> forward the 608 response code message as the final
415        response to the INVITE.</t>
416        <t>One aspect of using a feature capability is that only the network
417        elements that will either consume (UAC) or play an announcement (media
418        gateway, session border controller (<xref target="RFC7092" format="default">SBC</xref>), or proxy) need to understand the sip.608
419        feature capability. If the other network elements conform to
420        <xref target="RFC3261" sectionFormat="of" section="16.6"/>, they will pass header fields such as
421        "Feature-Caps: *;+sip.608" unmodified and without need for
422        upgrade.</t>
423        <t>Because the ultimate disposition of the call attempt will be a
424        600-class response, the network element conveying the announcement in
425        the legacy direction <bcp14>MUST</bcp14> use the 183 Session Progress response to
426        establish the media session. Because of the small chance the UAC is an
427        extremely old legacy device and is using UDP, the UAC <bcp14>MUST</bcp14> include
428        support for <xref target="RFC3262" format="default">100Rel</xref> in its INVITE and the
429        network element conveying the announcement <bcp14>MUST</bcp14> Require 100Rel in the
430        183 and the UAC <bcp14>MUST</bcp14> issue a PRACK to which the network element <bcp14>MUST</bcp14>
431        respond 200 OK PRACK.</t>
432      </section>
433      <section anchor="announcement" numbered="true" toc="default">
434        <name>Announcement Requirements</name>
435        <t>There are a few requirements on the element that handles the
436        announcement for legacy interoperation.</t>
437        <t>As noted above, the element that inserts the sip.608 feature
438        capability is responsible for conveying the information referenced by
439        the Call-Info header field in the 608 response message. However, this
440        specification does not mandate how to convey that information.</t>
441        <t>Let us take the case where a telecommunications service provider
442        controls the element inserting the sip.608 feature capability. It
443        would be reasonable to expect the service provider would play an
444        announcement in the media path towards the UAC (caller). It is
445        important to note the network element should be mindful of the media
446        type requested by the UAC as it formulates the announcement. For
447        example, it would make sense for an INVITE that only indicated audio
448        codecs in the Session Description Protocol <xref target="RFC4566" format="default">(SDP)</xref> to result in an audio announcement.
449        Likewise, if the INVITE only indicated a <xref target="RFC4103" format="default">real-time text codec</xref> and the network element
450        can render the information in the requested media format, the network
451        element should send the information in a text format.</t>
452        <t>It is also possible for the network element inserting the sip.608
453        feature capability to be under the control of the same entity that
454        controls the UAC. For example, a large call center might have legacy
455        UACs, but have a modern outbound calling proxy that understands the
456        full semantics of the 608 response code. In this case, it is enough
457        for the outbound calling proxy to digest the Call-Info information and
458        handle the information digitally, rather than 'transcoding' the
459        Call-Info information for presentation to the caller.</t>
460      </section>
461    </section>
462    <section anchor="EXAMPLES" numbered="true" toc="default">
463      <name>Examples</name>
464      <t>These examples are not normative, do not include all protocol
465      elements, and may have errors. Review the protocol documents for actual
466      syntax and semantics of the protocol elements.</t>
467      <section numbered="true" toc="default">
468        <name>Full Exchange</name>
469        <t>Given an INVITE, shamelessly taken from <xref target="SHAKEN" format="default"/>,
470        with the line breaks in the Identity header field for display purposes
471        only:</t>
472        <artwork name="" type="" align="left" alt=""><![CDATA[
473INVITE sip:+12155550113@tel.one.example.net SIP/2.0
474Max-Forwards: 69
475Contact: <sip:+12155550112@[2001:db8::12]:50207;rinstance=9da3088f3>
476To: <sip:+12155550113@tel.one.example.net>
477From: "Alice" <sip:+12155550112@tel.two.example.net>;tag=614bdb40
479P-Asserted-Identity: "Alice"<sip:+12155550112@tel.two.example.net>,
480    <tel:+12155550112>
481CSeq: 2 INVITE
484Content-Type: application/sdp
485Date: Tue, 16 Aug 2016 19:23:38 GMT
486Feature-Caps: *;+sip.608
487Identity: eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwicHB0Ijoic2hha2V
493 <http://cert.example2.net/example.cert>;alg=ES256
494Content-Length: 153
497o=- 13103070023943130 1 IN IP6 2001:db8::177
498c=IN IP6 2001:db8::177
499t=0 0
500m=audio 54242 RTP/AVP 0
501a=sendrecv ]]></artwork>
503        <t>An intermediary could reply:</t>
504        <artwork name="" type="" align="left" alt=""><![CDATA[
505SIP/2.0 608 Rejected
506Via: SIP/2.0/UDP [2001:db8::177]:60012;branch=z9hG4bK-524287-1 
507From: "Alice" <sip:+12155550112@tel.two.example.net>;tag=614bdb40
508To: <sip:+12155550113@tel.one.example.net>
510CSeq: 2 INVITE
511Call-Info: <https://block.example.net/complaint-jws>;purpose=jwscard  ]]></artwork>
513        <t>The location https://block.example.net/complaint-jws resolves to a
514        JWS. One would construct the JWS as follows.</t>
515        <t>The JWS header of this example jCard could be:</t>
517        <sourcecode name="JWS-header" type="json"><![CDATA[{ "alg":"ES256",
518  "typ":"vcard+json",
519  "x5u":"https://certs.example.net/reject_key.cer"
520} ]]></sourcecode>
522        <t>Now, let us construct a minimal jCard. For this example, the jCard
523        refers the caller to an email address,
524        remediation@blocker.example.net:</t>
526        <sourcecode name="jcard-example" type="json"><![CDATA[["vcard",
527  [
528    ["version", {}, "text", "4.0"],
529    ["fn", {}, "text", "Robocall Adjudication"],
530    ["email", {"type":"work"}, 
531              "text", "remediation@blocker.example.net"]
532  ]
533] ]]></sourcecode>
535        <t>With this jCard, we can now construct the JWT:</t>
537        <sourcecode name="jwt-from-jcard" type="json"><![CDATA[{
538  "iat":1546008698,
539  "jcard":["vcard",
540    [
541      ["version", {}, "text", "4.0"],
542      ["fn", {}, "text", "Robocall Adjudication"],
543      ["email", {"type":"work"}, 
544                "text", "remediation@blocker.example.net"]
545    ]
546  ]
547} ]]></sourcecode>
549        <t>To calculate the signature, we need to encode the JSON Object
550        Signing and Encryption (JOSE) header and JWT into base64url. As an
551        implementation note, one can trim whitespace in the JSON objects to
552        save a few bytes. UACs <bcp14>MUST</bcp14> be prepared to receive pretty-printed,
553        compact, or bizarrely formatted JSON. For the purposes of this
554        example, we leave the objects with pretty whitespace. Speaking of
555        pretty vs. machine formatting, these examples have line breaks in the
556        base64url encodings for ease of publication in the RFC format. The
557        specification of base64url allows for these line breaks and the
558        decoded text works just fine. However, those extra line break octets
559        would affect the calculation of the signature. Implementations
560        <bcp14>MUST NOT</bcp14> insert line breaks into the base64url encodings of the JOSE header
561        or JWT. This also means UACs <bcp14>MUST</bcp14> be prepared to receive arbitrarily
562        long octet streams from the URI referenced by the Call-Info SIP
563        header.</t>
565<t>base64url of JOSE header:</t>
566        <artwork name="" type="" align="left" alt=""><![CDATA[
568L2NlcnRzLmV4YW1wbGUubmV0L3JlamVjdF9rZXkuY2VyIn0= ]]></artwork>
570<t>base64url of JWT:</t>
571<artwork name="" type="" align="left" alt=""><![CDATA[
575YXRpb25AYmxvY2tlci5leGFtcGxlLm5ldCJdXV19 ]]></artwork>
577        <t>In this case, the object to sign (remembering this is just a
578        single, long line; the line breaks are for ease of review but do not
579        appear in the actual object) is as follows:</t>
581        <artwork name="" type="" align="left" alt=""><![CDATA[eyJhbGciOiJFUzI1NiIsInR5cCI6InZjYXJk
586IiwicmVtZWRpYXRpb25AYmxvY2tlci5leGFtcGxlLm5ldCJdXV19 ]]></artwork>
588        <t>We use the following X.509 PKCS #8-encoded ECDSA key, also
589        shamelessly taken from <xref target="SHAKEN" format="default"/>), as an example key for
590        signing the hash of the above text. Do NOT use this key in real life!
591        It is for example purposes only. At the very least, we would strongly
592        recommend encrypting the key at rest.</t>
594        <artwork name="" type="" align="left" alt=""><![CDATA[-----BEGIN PRIVATE KEY-----
598-----END PRIVATE KEY-----
600-----BEGIN PUBLIC KEY-----
603-----END PUBLIC KEY----- ]]></artwork>
605        <t>The resulting JWS, using the above key on the above object, renders
606        the following ECDSA P-256 SHA-256 digital signature.</t>
608        <artwork name="" type="" align="left" alt=""><![CDATA[7uz2SADRvPFOQOO_UgF2ZTUjPlDTegtPrYB04UHBMwBD6g9AmL
6095harLJdTKDSTtH-LOV1jwJaGRUOUJiwP27ag ]]></artwork>
611        <t>Thus, the JWS stored at https://blocker.example.net/complaints-jws,
612        would contain:</t>
613        <artwork name="" type="" align="left" alt=""><![CDATA[
620g9AmL5harLJdTKDSTtH-LOV1jwJaGRUOUJiwP27ag ]]></artwork>
622      </section>
623      <section numbered="true" toc="default">
624        <name>Web Site jCard</name>
625        <t>For an intermediary that provides a Web site for adjudication, the
626        jCard could contain the following. Note we do not show the calculation
627        of the JWS; the URI reference in the Call-Info header field would be
628        to the JWS of the signed jCard.</t>
630        <sourcecode name="another-jcard-example" type="json"><![CDATA[["vcard",
631  [
632    ["version", {}, "text", "4.0"],
633    ["fn", {}, "text", "Robocall Adjudication"],
634    ["url", {"type":"work"}, 
635            "text", "https://blocker.example.net/adjudication-form"]
636  ]
637]    ]]></sourcecode>
638      </section>
639      <section numbered="true" toc="default">
640        <name>Multi-modal jCard</name>
641        <t>For an intermediary that provides a telephone number and a postal
642        address, the jCard could contain the following. Note we do not show
643        the calculation of the JWS; the URI reference in the Call-Info header
644        field would be to the JWS of the signed jCard.</t>
646        <sourcecode name="multi-modal-jcard" type="json"><![CDATA[["vcard",
647  [
648    ["version", {}, "text", "4.0"],
649    ["fn", {}, "text", "Robocall Adjudication"],
650    ["adr", {"type":"work"}, "text",
651      ["Argument Clinic", 
652       "12 Main St","Anytown","AP","000000","Somecountry"]
653    ]
654    ["tel", {"type":"work"}, "uri", "tel:+1-555-555-0112"]
655  ]
656]     ]]></sourcecode>
658        <t>Note that it is up to the UAC to decide which jCard contact
659        modality, if any, it will use.</t>
660      </section>
661      <section numbered="true" toc="default">
662        <name>Legacy Interoperability</name>
663        <t><xref target="legacy_ladder" format="default"/> depicts a call flow illustrating
664        legacy interoperability. In this non-normative example, we see a UAC
665        that does not support the full semantics for 608. However, there is an
666        SBC that does support 608. Per <xref target="RFC6809" format="default"/>, the SBC can
667        insert "*;+sip.608" into the Feature-Caps header field for the INVITE.
668        When the intermediary, labeled "Called Party Proxy" in the figure,
669        rejects the call, it knows it can simply perform the processing
670        described in this document. Since the intermediary saw the sip.608
671        feature capability, it knows it does not need to send any media
672        describing whom to contact in the event of an erroneous rejection. For
673        illustrative purposes, the figure shows generic SIP Proxies in the
674        flow. Their presence or absence or the number of proxies is not
675        relevant to the operation of the protocol. They are in the figure to
676        show that proxies that do not understand the sip.608 feature
677        capability can still participate in a network offering 608
678        services.</t>
679        <figure anchor="legacy_ladder">
680          <name>Legacy Operation</name>
681          <artwork name="" type="" align="left" alt=""><![CDATA[
682                                                  +---------+
683                                                  |  Call   |
684                                                  |Analytics|
685                                                  | Engine  |
686                                                  +--+--+---+
687                                                     ^  |
688                                                     |  |
689                                                     |  v
690                                                   +-+--+-+
691+---+    +-----+    +---+    +-----+    +-----+    |Called|
692|UAC+----+Proxy+----+SBC+----+Proxy+----+Proxy+----+Party |
693+---+    +-----+    +---+    +-----+    +-----+    |Proxy |
694  |                   |                            +------+
695  | INVITE            |                               |
696  |------------------>|                               |
697  |                   | INVITE                        |
698  |                   |------------------------------>|
699  |                   | Feature-Caps: *;+sip.608      |
700  |                   |                               |
701  |                   |                  608 Rejected |
702  |                   |<------------------------------|
703  |               183 |              Call-Info: <...> |
704  |<------------------|    [path for Call-Info elided |
705  |     SDP for media |     for illustration purposes]|
706  |                   |                               |
707  | PRACK             |                               |
708  |------------------>|                               |
709  |                   |                               |
710  |      200 OK PRACK |                               |
711  |<------------------|                               |
712  |                   |                               |
713  |<== Announcement ==|                               |
714  |                   |                               |
715  |      608 Rejected |                               |
716  |<------------------|                               |
717  |  Call-Info: <...> |                               |
718  |                   |                               |]]></artwork> </figure>
719        <t>When the SBC receives the 608 response code, it correlates that
720        with the original INVITE from the UAC. The SBC remembers that it
721        inserted the sip.608 feature capability, which means it is responsible
722        for somehow alerting the UAC the call failed and whom to contact. At
723        this point the SBC can play a prompt, either natively or through a
724        mechanism such as <xref target="RFC4240" format="default">NETANN</xref>, that sends the
725        relevant information in the appropriate media to the UAC. Since this
726        is a potentially long transaction and there is a chance the UAC is
727        using an unreliable transport protocol, the UAC will have indicated
728        support for provisional responses, the SBC will indicate it requires a
729        PRACK from the UAC in the 183 response, the UAC will provide the
730        PRACK, and the SBC will acknowledge receipt of the PRACK before
731        playing the announcement.</t>
732        <t>As an example, the SBC could extract the FN and TEL jCard fields
733        and play something like a special information tone (see Telcordia
734        <xref target="SR-2275" sectionFormat="comma"
735        section="">SR-2275</xref> or
736        <xref target="ITU.E.180.1998" sectionFormat="comma" section="7">ITU-T
737 E.180</xref>), followed by
738        "Your call has been rejected by ...", followed by a text-to-speech
739        translation of the FN text, followed by "You can reach them on",
740        followed by a text-to-speech translation of the telephone number in
741        the TEL field.</t>
742        <t>Note the SBC also still sends the full 608 response code, including
743        the Call-Info header, towards the UAC.</t>
744      </section>
745    </section>
746    <section numbered="true" toc="default">
747      <name>IANA Considerations</name>
748      <section numbered="true" toc="default">
749        <name>SIP Response Code</name>
750        <t>This document defines a new SIP response code, 608 in the "Response
751        Codes" subregistry of the "Session Initiation Protocol (SIP)
752        Parameters" registry defined in <xref target="RFC3261" format="default"/>.</t>
753        <dl newline="false" spacing="normal">
754          <dt>Response code:</dt>
755          <dd>608</dd>
756          <dt>Description:</dt>
757          <dd>Rejected</dd>
758          <dt>Reference:</dt>
759          <dd>[RFCXXXX]</dd>
760        </dl>
761      </section>
762      <section numbered="true" toc="default">
763        <name>SIP Feature-Capability Indicator</name>
764        <t>This document defines the feature capability sip.608 in the "SIP
765        Feature-Capability Indicator Registration Tree" registry defined in
766        <xref target="RFC6809" format="default"/>.</t>
767        <dl newline="false" spacing="normal">
768          <dt>Name:</dt>
769          <dd>sip.608</dd>
770          <dt>Description:</dt>
771          <dd>This feature capability indicator, when
772            included in a Feature-Caps header field of an INVITE request,
773            indicates that the entity associated with the indicator will be
774            responsible for indicating to the caller any information contained
775            in the 608 SIP response code, specifically the value referenced by
776            the Call-Info header.</dd>
777          <dt>Reference:</dt>
778          <dd>[RFCXXXX]</dd>
779        </dl>
780      </section>
781      <section anchor="JWT-IANA" numbered="true" toc="default">
782        <name>JSON Web Token Claim</name>
783        <t>This document defines the new JSON Web Token claim in the "JSON Web
784        Token Claims" sub-registry created by <xref target="RFC7519" format="default"/>. <xref target="JWT" format="default"/> defines the syntax. The required information is:</t>
785        <dl newline="false" spacing="normal">
786          <dt>Claim Name:</dt>
787          <dd>jcard</dd>
788          <dt>Claim Description:</dt>
789          <dd>jCard data</dd>
790          <dt>Change Controller:</dt>
791          <dd>IESG</dd>
792          <dt>Reference:</dt>
793          <dd>[RFCXXXX], <xref target="RFC7095" format="default"/></dd>
794        </dl>
795      </section>
796      <section numbered="true" toc="default">
797        <name>Call-Info Purpose</name>
798        <t>This document defines the new predefined value "jwscard" for the
799        "purpose" header field parameter of the Call-Info header field. This
800        modifies the "Header Field Parameters and Parameter Values"
801        subregistry of the "Session Initiation Protocol (SIP) Parameters"
802        registry by adding this RFC as a reference to the line for the header
803        field "Call-Info" and parameter name "purpose":</t>
804        <dl newline="false" spacing="normal">
805          <dt>Header Field:</dt>
806          <dd>Call-Info</dd>
807          <dt>Parameter Name:</dt>
808          <dd>purpose</dd>
809          <dt>Predefined Values:</dt>
810          <dd>Yes</dd>
811          <dt>Reference:</dt>
812          <dd>[RFCXXXX]</dd>
813        </dl>
814      </section>
815    </section>
816    <section anchor="Security" numbered="true" toc="default">
817      <name>Security Considerations</name>
818      <t>Intermediary operators need to be mindful to whom they are sending
819      the 608 response. The intermediary could be rejecting a truly malicious
820      caller. This raises two issues. The first is the caller, now alerted an
821      intermediary is automatically rejecting their call attempts, may change
822      their call behavior to defeat call blocking systems. The second, and
823      more significant risk, is that by providing a contact in the Call-Info
824      header field, the intermediary may be giving the malicious caller a
825      vector for attack. In other words, the intermediary will be publishing
826      an address that a malicious actor may use to launch an attack on the
827      intermediary. Because of this, intermediary operators may wish to
828      configure their response to only include a Call-Info header field for
829      INVITE or other signed initiating methods and that pass validation by
830      <xref target="RFC8224" format="default">STIR</xref>.</t>
831      <t>Another risk is as follows. Consider an attacker that floods a proxy
832      that supports the sip.608 feature. However, the SDP in the INVITE
833      request refers to a victim device. Moreover, the attacker somehow knows
834      there is a 608-aware gateway connecting to the victim who is on a
835      segment that lacks the sip.608 feature capability. Because the mechanism
836      described here can result in sending an audio file to the target of the
837      SDP, an attacker could use the mechanism described by this document as
838      an amplification attack, given a SIP INVITE can be under 1 kilobyte and
839      an audio file can be hundreds of kilobytes. One remediation for this is
840      for devices that insert a sip.608 feature capability to only transmit
841      media to what is highly likely to be the actual source of the call
842      attempt. A method for this is to only play media in response to a
843      STIR-signed INVITE that passes validation. Beyond requiring a valid STIR
844      signature on the INVITE, the intermediary can also use remediation
845      procedures such as doing the connectivity checks specified by <xref target="RFC8445" format="default">Interactive Connectivity Establishment</xref>. If the
846      target did not request the media, the check will fail.</t>
847      <t>Yet another risk is a malicious intermediary that generates a
848      malicious 608 response with a jCard referring to a malicious agent. For
849      example, the recipient of a 608 may receive a TEL URI in the vCard. When
850      the recipient calls that address, the malicious agent could ask for
851      personally identifying information. However, instead of using that
852      information to verify the recipient's identity, they are phishing the
853      information for nefarious ends. A similar scenario can unfold if the
854      malicious agent inserts a URI that points to a phishing or other site.
855      As such, we strongly recommend the recipient validates to whom they are
856      communicating with if asking to adjudicate an erroneously rejected call
857      attempt. Since we may also be concerned about intermediate nodes
858      modifying contact information, we can address both issues with a single
859      solution. The remediation is to require the intermediary to sign the
860      jCard. Signing the jCard provides integrity protection. In addition, one
861      can imagine mechanisms such as used by <xref target="SHAKEN" format="default">SHAKEN</xref>.</t>
862      <t>Similarly, one can imagine an adverse agent that maliciously spoofs a
863      608 response with a victim's contact address to many active callers, who
864      may then all send redress requests to the specified address (the basis
865      for a denial-of-service attack). The process would occur as follows: (1)
866      a malicious agent senses INVITE requests from a variety of UACs and (2)
867      spoofs 608 responses with an unsigned redress address before the
868      intended receivers can respond, causing (3) the UACs to all contact the
869      redress address at once. The jCard encoding allows the UAC to verify the
870      blocking intermediary's identity before contacting the redress address.
871      Specifically, because the sender signs the jCard, we can
872      cryptographically trace the sender of the jCard. Given the protocol
873      machinery of having a signature, one can apply local policy to decide
874      whether to believe the sender of the jCard represents the owner of the
875      contact information found in the jCard. This guards against a malicious
876      agent spoofing 608 responses.</t>
877      <t>Specifically, one could use policies around signing certificate
878      issuance as a mechanism for traceback to the entity issuing the jCard.
879      One check could be verifying the identity of the subject of the
880      certificate relates to the To header field of the initial SIP request,
881      similar to validating the intermediary was vouching for the From header
882      field of a SIP request with that identity. Note that we are only
883      protecting against a malicious intermediary and not a hidden
884      intermediary attack (formerly known as a "man in the middle attack").
885      Thus, we only need to ensure the signature is fresh, which is why we
886      include "iat". For most implementations, we assume that the intermediary
887      has a single set of contact points and will generate the jCard on
888      demand. As such, there is no need to directly correlate HTTPS fetches to
889      specific calls. However, since the intermediary is in control of the
890      jCard and Call-Info response, an intermediary may choose to encode
891      per-call information in the URI returned in a given 608 response.
892      However, if the intermediary does go that route, the intermediary <bcp14>MUST</bcp14>
893      use a non-deterministic URI reference mechanism and be prepared to
894      return dummy responses to URI requests referencing calls that do not
895      exist so that attackers attempting to glean call metadata by guessing
896      URI's (and thus calls) will not get any actionable information from the
897      HTTPS GET.</t>
898      <t>Since the decision of whether to include Call-Info in the 608
899      response is a matter of policy, one thing to consider is whether a
900      legitimate caller can ascertain whom to contact without including such
901      information in the 608. For example, in some jurisdictions, if only the
902      terminating service provider can be the intermediary, the caller can
903      look up who the terminating service provider is based on the routing
904      information for the dialed number. Thus, the Call-Info jCard could be
905      redundant information. However, the factors going into a particular
906      service provider's or jurisdiction's choice of whether to include
907      Call-Info is outside the scope of this document.</t>
908    </section>
909    <section anchor="Acknowledgements" numbered="true" toc="default">
910      <name>Acknowledgements</name>
911      <t>This document liberally lifts from <xref target="RFC8197" format="default"/> in its
912      text and structure. However, the mechanism and purpose of 608 is quite
913      different than 607. Any errors are the current editor's and not the
914      editor of RFC8197. Thanks also go to Ken Carlberg of the FCC, Russ
915      Housley, Paul Kyzivat, and Tolga Asveren for their suggestions on
916      improving the draft. Tolga's suggestion to provide a mechanism for
917      legacy interoperability served to expand the draft by 50%. In addition,
918      Tolga came up with the jCard attack. Finally, Christer Holmberg as
919      always provided a close reading and fixed a SIP feature capability bug
920      found by Yehoshua Gev.</t>
921      <t>Of course, we appreciated the close read and five pages of comments
922      from our estimable Area Director, Adam Roach. In addition, we received
923      valuable comments during IETF Last Call and JWT review from Ines Robles,
924      Mike Jones, and Brian Campbell and IESG review from Alissa Cooper,
925      Eric Vyncke, Alexey Melnikov, Benjamin Kaduk, Barry Leiba, and
926      with most glee, Warren Kumari.</t>
927      <t>Finally, Bhavik Nagda provided clarifying edits as well and more
928      especially wrote and tested an implementation of the 608 response code
929      in Kamailio. Code is available at <eref target="https://github.com/nagdab/608_Implementation"/>. Grace Chuan
930      from MIT regenerated and verified the JWT while working at the FCC.</t>
931    </section>
932  </middle>
933  <!--  *****BACK MATTER ***** -->
934  <back>
935    <references>
936      <name>References</name>
937      <references>
938        <name>Normative References</name>
939        <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
940          <front>
941            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
942            <seriesInfo name="DOI" value="10.17487/RFC2119"/>
943            <seriesInfo name="RFC" value="2119"/>
944            <seriesInfo name="BCP" value="14"/>
945            <author initials="S." surname="Bradner" fullname="S. Bradner">
946              <organization/>
947            </author>
948            <date year="1997" month="March"/>
949            <abstract>
950              <t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
951            </abstract>
952          </front>
953        </reference>
954        <reference anchor="RFC3261" target="https://www.rfc-editor.org/info/rfc3261" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3261.xml">
955          <front>
956            <title>SIP: Session Initiation Protocol</title>
957            <seriesInfo name="DOI" value="10.17487/RFC3261"/>
958            <seriesInfo name="RFC" value="3261"/>
959            <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
960              <organization/>
961            </author>
962            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
963              <organization/>
964            </author>
965            <author initials="G." surname="Camarillo" fullname="G. Camarillo">
966              <organization/>
967            </author>
968            <author initials="A." surname="Johnston" fullname="A. Johnston">
969              <organization/>
970            </author>
971            <author initials="J." surname="Peterson" fullname="J. Peterson">
972              <organization/>
973            </author>
974            <author initials="R." surname="Sparks" fullname="R. Sparks">
975              <organization/>
976            </author>
977            <author initials="M." surname="Handley" fullname="M. Handley">
978              <organization/>
979            </author>
980            <author initials="E." surname="Schooler" fullname="E. Schooler">
981              <organization/>
982            </author>
983            <date year="2002" month="June"/>
984            <abstract>
985              <t>This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants.  These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences.  [STANDARDS-TRACK]</t>
986            </abstract>
987          </front>
988        </reference>
989        <reference anchor="RFC3262" target="https://www.rfc-editor.org/info/rfc3262" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3262.xml">
990          <front>
991            <title>Reliability of Provisional Responses in Session Initiation Protocol (SIP)</title>
992            <seriesInfo name="DOI" value="10.17487/RFC3262"/>
993            <seriesInfo name="RFC" value="3262"/>
994            <author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
995              <organization/>
996            </author>
997            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
998              <organization/>
999            </author>
1000            <date year="2002" month="June"/>
1001            <abstract>
1002              <t>This document specifies an extension to the Session Initiation Protocol (SIP) providing reliable provisional response messages.  This extension uses the option tag 100rel and defines the Provisional Response ACKnowledgement (PRACK) method.  [STANDARDS-TRACK]</t>
1003            </abstract>
1004          </front>
1005        </reference>
1006        <reference anchor="RFC3326" target="https://www.rfc-editor.org/info/rfc3326" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3326.xml">
1007          <front>
1008            <title>The Reason Header Field for the Session Initiation Protocol (SIP)</title>
1009            <seriesInfo name="DOI" value="10.17487/RFC3326"/>
1010            <seriesInfo name="RFC" value="3326"/>
1011            <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
1012              <organization/>
1013            </author>
1014            <author initials="D." surname="Oran" fullname="D. Oran">
1015              <organization/>
1016            </author>
1017            <author initials="G." surname="Camarillo" fullname="G. Camarillo">
1018              <organization/>
1019            </author>
1020            <date year="2002" month="December"/>
1021            <abstract>
1022              <t>The REGISTER function is used in a Session Initiation Protocol (SIP) system primarily to associate a temporary contact address with an address-of-record.  This contact is generally in the form of a Uniform Resource Identifier (URI), such as Contact: &lt;sip:alice@pc33.atlanta.com&gt; and is generally dynamic and associated with the IP address or hostname of the SIP User Agent (UA).  The problem is that network topology may have one or more SIP proxies between the UA and the registrar, such that any request traveling from the user's home network to the registered UA must traverse these proxies.  The REGISTER method does not give us a mechanism to discover and record this sequence of proxies in the registrar for future use.  This document defines an extension header field, "Path" which provides such a mechanism.  [STANDARDS-TRACK]</t>
1023            </abstract>
1024          </front>
1025        </reference>
1026        <reference anchor="RFC6809" target="https://www.rfc-editor.org/info/rfc6809" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6809.xml">
1027          <front>
1028            <title>Mechanism to Indicate Support of Features and Capabilities in the Session Initiation Protocol (SIP)</title>
1029            <seriesInfo name="DOI" value="10.17487/RFC6809"/>
1030            <seriesInfo name="RFC" value="6809"/>
1031            <author initials="C." surname="Holmberg" fullname="C. Holmberg">
1032              <organization/>
1033            </author>
1034            <author initials="I." surname="Sedlacek" fullname="I. Sedlacek">
1035              <organization/>
1036            </author>
1037            <author initials="H." surname="Kaplan" fullname="H. Kaplan">
1038              <organization/>
1039            </author>
1040            <date year="2012" month="November"/>
1041            <abstract>
1042              <t>This specification defines a new SIP header field, Feature-Caps.  The Feature-Caps header field conveys feature-capability indicators that are used to indicate support of features and capabilities for SIP entities that are not represented by the Uniform Resource Identifier (URI) of the Contact header field.</t>
1043              <t>SIP entities that are represented by the URI of the SIP Contact header field can convey media feature tags in the Contact header field to indicate support of features and capabilities.</t>
1044              <t>This specification also defines feature-capability indicators and creates a new IANA registry, "Proxy-Feature Feature-Capability Indicator Trees", for registering feature-capability indicators. [STANDARDS-TRACK]</t>
1045            </abstract>
1046          </front>
1047        </reference>
1048        <reference anchor="RFC7095" target="https://www.rfc-editor.org/info/rfc7095" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7095.xml">
1049          <front>
1050            <title>jCard: The JSON Format for vCard</title>
1051            <seriesInfo name="DOI" value="10.17487/RFC7095"/>
1052            <seriesInfo name="RFC" value="7095"/>
1053            <author initials="P." surname="Kewisch" fullname="P. Kewisch">
1054              <organization/>
1055            </author>
1056            <date year="2014" month="January"/>
1057            <abstract>
1058              <t>This specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example, telephone numbers, email addresses, structured names, and delivery addresses.  JSON is a lightweight, text-based, language- independent data interchange format commonly used in Internet applications.</t>
1059            </abstract>
1060          </front>
1061        </reference>
1062        <reference anchor="RFC7515" target="https://www.rfc-editor.org/info/rfc7515" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7515.xml">
1063          <front>
1064            <title>JSON Web Signature (JWS)</title>
1065            <seriesInfo name="DOI" value="10.17487/RFC7515"/>
1066            <seriesInfo name="RFC" value="7515"/>
1067            <author initials="M." surname="Jones" fullname="M. Jones">
1068              <organization/>
1069            </author>
1070            <author initials="J." surname="Bradley" fullname="J. Bradley">
1071              <organization/>
1072            </author>
1073            <author initials="N." surname="Sakimura" fullname="N. Sakimura">
1074              <organization/>
1075            </author>
1076            <date year="2015" month="May"/>
1077            <abstract>
1078              <t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures.  Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification.  Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t>
1079            </abstract>
1080          </front>
1081        </reference>
1082        <reference anchor="RFC7518" target="https://www.rfc-editor.org/info/rfc7518" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7518.xml">
1083          <front>
1084            <title>JSON Web Algorithms (JWA)</title>
1085            <seriesInfo name="DOI" value="10.17487/RFC7518"/>
1086            <seriesInfo name="RFC" value="7518"/>
1087            <author initials="M." surname="Jones" fullname="M. Jones">
1088              <organization/>
1089            </author>
1090            <date year="2015" month="May"/>
1091            <abstract>
1092              <t>This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications.  It defines several IANA registries for these identifiers.</t>
1093            </abstract>
1094          </front>
1095        </reference>
1096        <reference anchor="RFC7519" target="https://www.rfc-editor.org/info/rfc7519" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
1097          <front>
1098            <title>JSON Web Token (JWT)</title>
1099            <seriesInfo name="DOI" value="10.17487/RFC7519"/>
1100            <seriesInfo name="RFC" value="7519"/>
1101            <author initials="M." surname="Jones" fullname="M. Jones">
1102              <organization/>
1103            </author>