Skip to main content

ENUM Service Registration for acct URI
draft-goix-appsawg-enum-acct-uri-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 7566.
Authors Laurent Walter Goix , Kepeng Li
Last updated 2012-12-07 (Latest revision 2012-09-11)
RFC stream Independent Submission
Formats
IETF conflict review conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri, conflict-review-goix-appsawg-enum-acct-uri
Additional resources
Stream ISE state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Became RFC 7566 (Experimental)
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-goix-appsawg-enum-acct-uri-00
" URI with the "enumdi" parameter set,
   that client SHOULD NOT perform subsequent ENUM queries over such
   numbers and SHOULD consider that the original requested number cannot
   be mapped.

   Furthermore the client MAY stop performing subsequent ENUM queries
   after the fifth recursive query as suggested in [RFC6116] section
   5.2.1.

7.  Security Considerations

   DNS, as used by ENUM, is a global, distributed database.  Should
   implementers of this specification use e164.arpa or any other
   publicly available domain as the tree for maintaining PSTN
   enumservice data, this information would be visible to anyone
   anonymously.

   As noted earlier, carriers, service providers, and other users may
   choose not to publish such information in the public e164.arpa tree.
   They may instead simply publish this in an internal ENUM
   infrastructure that is only able to be queried by trusted elements of
   their network, thus limiting threats.

   Per se, this enumservice does not introduce specific security
   considerations beyond [RFC6116], section 7.  However, it has to be
   acknowledged that the proposed enumservice could lead to the
   discovery or disclosure of Personally Identifiable Information (PII)
   when used in combination with the WebFinger protocol.  Please see
   [I-D.ietf-appsawg-webfinger] , section 10 for additional information
   regarding WebFinger security.

Goix & Li                Expires March 14, 2013                 [Page 6]
Internet-Draft     Enum Service ACCT URI Registration     September 2012

   Linking telephone numbers to Personally Identifiable Information
   (PII) is a very sensitive topic, because it provides a "reverse
   lookup" from the phone number to its owner.  Publication of such PII
   is covered by data-protection law in many legislations.  In most
   cases, the explicit consent of the affected individual is required.

   Users MUST therefore carefully consider the information provided in
   the resource identified by the ENUM record as well as in the record
   itself.  Considerations SHOULD include serving information only to
   entities of the user's choice and/or limiting the comprehension of
   the information provided based on the identity of the requestor.

   It is important to remind that the ENUM record itself does not need
   to contain any personal information but only contains a pointer to an
   account identifier.  This identifier may be queried through the
   Webfinger protocol to discover pointers to personal information (e.g.
   social network information) and an authorisation mechanism may be in
   place in that context with any level of granularity although it is
   out of scope of this document.

   Technically, ENUM records themselves could contain pointers to the
   same endpoints discoverable through Webfinger.  However the
   visibility of ENUM records cannot be controlled based on the
   requesting entity.  In that context the simple mapping of the phone
   number to the account identifier, notwithstanding the disclosure of
   the association itself, still enables the reuse of more advanced
   access policies.

8.  IANA Considerations

   This document requests the IANA registration of the enumservice with
   Type "acct" according to the definitions in this document, [RFC6116]
   and [RFC6117].

   Details of the registration are given in Section 4.

9.  Acknowledgements

   The authors would like to thank Gonzalo Salgueiro, Paul Jones,
   Lawrence Conroy, Enrico Marocco and Bert Greevenbosch for their
   valuable feedback to improve this document.

10.  References

Goix & Li                Expires March 14, 2013                 [Page 7]
Internet-Draft     Enum Service ACCT URI Registration     September 2012

10.1.  Normative References

   [I-D.ietf-appsawg-acct-uri]
              Saint-Andre, P., "The 'acct' URI Scheme",
              draft-ietf-appsawg-acct-uri-00 (work in progress),
              August 2012.

   [I-D.ietf-appsawg-webfinger]
              Jones, P., Salgueiro, G., and J. Smarr, "WebFinger",
              draft-ietf-appsawg-webfinger-00 (work in progress),
              July 2012.

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
              Leach, P., Luotonen, A., and L. Stewart, "HTTP
              Authentication: Basic and Digest Access Authentication",
              RFC 2617, June 1999.

   [RFC3966]  Schulzrinne, H., "The tel URI for Telephone Numbers",
              RFC 3966, December 2004.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66,
              RFC 3986, January 2005.

   [RFC4759]  Stastny, R., Shockey, R., and L. Conroy, "The ENUM Dip
              Indicator Parameter for the "tel" URI", RFC 4759,
              December 2006.

   [RFC4769]  Livingood, J. and R. Shockey, "IANA Registration for an
              Enumservice Containing Public Switched Telephone Network
              (PSTN) Signaling Information", RFC 4769, November 2006.

   [RFC6116]  Bradner, S., Conroy, L., and K. Fujiwara, "The E.164 to
              Uniform Resource Identifiers (URI) Dynamic Delegation
              Discovery System (DDDS) Application (ENUM)", RFC 6116,
              March 2011.

   [RFC6117]  Hoeneisen, B., Mayrhofer, A., and J. Livingood, "IANA
              Registration of Enumservices: Guide, Template, and IANA
              Considerations", RFC 6117, March 2011.

Goix & Li                Expires March 14, 2013                 [Page 8]
Internet-Draft     Enum Service ACCT URI Registration     September 2012

10.2.  Informative References

   [OMA-SNeW-ER]
              Open Mobile Alliance, "Social Network Web Enabler", OMA-
              ER-SNeW-V1_0 20120702-D, July 2012.

Authors' Addresses

   Laurent-Walter Goix
   Telecom Italia
   P.za Einaudi, 8
   Milano  20124
   Italy

   Email: laurentwalter.goix@telecomitalia.it

   Kepeng Li
   Huawei Technologies
   Huawei Base, Bantian, Longgang District
   Shenzhen  518129
   P. R. China

   Phone: +86-755-28971807
   Email: likepeng@huawei.com

Goix & Li                Expires March 14, 2013                 [Page 9]