ENUM Service Registration for acct URI
draft-goix-appsawg-enum-acct-uri-00
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7566.
|
|
---|---|---|---|
Authors | Laurent Walter Goix , Kepeng Li | ||
Last updated | 2012-12-07 (Latest revision 2012-09-11) | ||
RFC stream | Independent Submission | ||
Formats | |||
IETF conflict review | conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri | ||
Additional resources | |||
Stream | ISE state | (None) | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 7566 (Experimental) | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-goix-appsawg-enum-acct-uri-00
" URI with the "enumdi" parameter set, that client SHOULD NOT perform subsequent ENUM queries over such numbers and SHOULD consider that the original requested number cannot be mapped. Furthermore the client MAY stop performing subsequent ENUM queries after the fifth recursive query as suggested in [RFC6116] section 5.2.1. 7. Security Considerations DNS, as used by ENUM, is a global, distributed database. Should implementers of this specification use e164.arpa or any other publicly available domain as the tree for maintaining PSTN enumservice data, this information would be visible to anyone anonymously. As noted earlier, carriers, service providers, and other users may choose not to publish such information in the public e164.arpa tree. They may instead simply publish this in an internal ENUM infrastructure that is only able to be queried by trusted elements of their network, thus limiting threats. Per se, this enumservice does not introduce specific security considerations beyond [RFC6116], section 7. However, it has to be acknowledged that the proposed enumservice could lead to the discovery or disclosure of Personally Identifiable Information (PII) when used in combination with the WebFinger protocol. Please see [I-D.ietf-appsawg-webfinger] , section 10 for additional information regarding WebFinger security. Goix & Li Expires March 14, 2013 [Page 6] Internet-Draft Enum Service ACCT URI Registration September 2012 Linking telephone numbers to Personally Identifiable Information (PII) is a very sensitive topic, because it provides a "reverse lookup" from the phone number to its owner. Publication of such PII is covered by data-protection law in many legislations. In most cases, the explicit consent of the affected individual is required. Users MUST therefore carefully consider the information provided in the resource identified by the ENUM record as well as in the record itself. Considerations SHOULD include serving information only to entities of the user's choice and/or limiting the comprehension of the information provided based on the identity of the requestor. It is important to remind that the ENUM record itself does not need to contain any personal information but only contains a pointer to an account identifier. This identifier may be queried through the Webfinger protocol to discover pointers to personal information (e.g. social network information) and an authorisation mechanism may be in place in that context with any level of granularity although it is out of scope of this document. Technically, ENUM records themselves could contain pointers to the same endpoints discoverable through Webfinger. However the visibility of ENUM records cannot be controlled based on the requesting entity. In that context the simple mapping of the phone number to the account identifier, notwithstanding the disclosure of the association itself, still enables the reuse of more advanced access policies. 8. IANA Considerations This document requests the IANA registration of the enumservice with Type "acct" according to the definitions in this document, [RFC6116] and [RFC6117]. Details of the registration are given in Section 4. 9. Acknowledgements The authors would like to thank Gonzalo Salgueiro, Paul Jones, Lawrence Conroy, Enrico Marocco and Bert Greevenbosch for their valuable feedback to improve this document. 10. References Goix & Li Expires March 14, 2013 [Page 7] Internet-Draft Enum Service ACCT URI Registration September 2012 10.1. Normative References [I-D.ietf-appsawg-acct-uri] Saint-Andre, P., "The 'acct' URI Scheme", draft-ietf-appsawg-acct-uri-00 (work in progress), August 2012. [I-D.ietf-appsawg-webfinger] Jones, P., Salgueiro, G., and J. Smarr, "WebFinger", draft-ietf-appsawg-webfinger-00 (work in progress), July 2012. [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC4759] Stastny, R., Shockey, R., and L. Conroy, "The ENUM Dip Indicator Parameter for the "tel" URI", RFC 4759, December 2006. [RFC4769] Livingood, J. and R. Shockey, "IANA Registration for an Enumservice Containing Public Switched Telephone Network (PSTN) Signaling Information", RFC 4769, November 2006. [RFC6116] Bradner, S., Conroy, L., and K. Fujiwara, "The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)", RFC 6116, March 2011. [RFC6117] Hoeneisen, B., Mayrhofer, A., and J. Livingood, "IANA Registration of Enumservices: Guide, Template, and IANA Considerations", RFC 6117, March 2011. Goix & Li Expires March 14, 2013 [Page 8] Internet-Draft Enum Service ACCT URI Registration September 2012 10.2. Informative References [OMA-SNeW-ER] Open Mobile Alliance, "Social Network Web Enabler", OMA- ER-SNeW-V1_0 20120702-D, July 2012. Authors' Addresses Laurent-Walter Goix Telecom Italia P.za Einaudi, 8 Milano 20124 Italy Email: laurentwalter.goix@telecomitalia.it Kepeng Li Huawei Technologies Huawei Base, Bantian, Longgang District Shenzhen 518129 P. R. China Phone: +86-755-28971807 Email: likepeng@huawei.com Goix & Li Expires March 14, 2013 [Page 9]