Location Source Parameter for the SIP Geolocation Header Field
draft-ietf-sipcore-locparam-06

[Ballot comment]
**********************************************************************
* Note, that I am conducting an experiment when people aspiring to be*
* Area Directors get exposed to AD work ("AD shadowing experiment"). *
* As a part of this experiment they get to review documents on IESG  *
* telechats according to IESG Discuss criteria document and their    *
* comments get relayed pretty much verbatim to relevant editors/WGs. *
* As an AD I retain responsibility in defending their position when  *
* I agree with it.                                                  *
* Recipients of these reviews are encouraged to reply to me directly *
* about perceived successes or failures of this experiment.          *
**********************************************************************

The following comments were provided by Benjamin Schwartz :

Benjamin would have balloted *YES* on this document.

## Section 1

Typo: “to identity itself”

Purpose: “How the entity adding the locationValue to the header field obtains the location information is out of scope of this document.” -> OK, but if this document isn’t intending to change the semantic intent of the Geolocation header, then it should say so.  In the current text, it’s hard to tell whether the field indicates the location of the endpoint or the intermediary.  Some text like “this parameter does not alter the subject of the locationValue” would help.

## Section 7

“If such trust domain is not given, it is strongly recommended to delete the location information.” -> Is this consistent with the example in Figure 2?  I think this is worth clarifying in the example text.

[Ballot comment]
**********************************************************************
*  Note, that I am conducting an experiment when people aspiring to be *
* Area Directors get exposed to AD work ("AD shadowing experiment").  *
* As a part of this experiment they get to review documents on IESG        *
* telechats according to IESG Discuss criteria document and their            *
* comments get relayed pretty much verbatim to relevant editors/WGs.  *
* As an AD I retain responsibility in defending their position when          *
* I agree with it.
* Recipients of these reviews are encouraged to reply to me directly        *
* about perceived successes or failures of this experiment.                          *
**********************************************************************

The following comments were provided by Benjamin Schwartz :

Benjamin would have balloted *YES* on this document.

## Section 1

Typo: “to identity itself”

Purpose: “How the entity adding the locationValue to the header field obtains the location information is out of scope of this document.” -> OK, but if this document isn’t intending to change the semantic intent of the Geolocation header, then it should say so.  In the current text, it’s hard to tell whether the field indicates the location of the endpoint or the intermediary.  Some text like “this parameter does not alter the subject of the locationValue” would help.

## Section 7

“If such trust domain is not given, it is strongly recommended to delete the location information.” -> Is this consistent with the example in Figure 2?  I think this is worth clarifying in the example text.

[Ballot comment]
I agree with Ben’s comments, and have only some editorial ones of my own to add:

— Section 4 —

  Only a fully qualified host name is valid.  The syntax does not
  support IP addresses, and if an entity conforming to this
  specification receives a Geolocation header field with a "loc-src"
  parameter containing an IP address then the parameter MUST be
  removed.

It’s a small point, but as you’re already identifying a subject (“an entity conforming to this specification”), it’s unnecessarily awkward to use oassive voice:

NEW
  Only a fully qualified host name is valid.  The syntax does not
  support IP addresses, and if an entity conforming to this
  specification receives a Geolocation header field with a "loc-src"
  parameter containing an IP address, it MUST remove the
  parameter.
END

— Section 7 —

  This document introduces the ability of a SIP intermediary to insert
  a host name indicating that they added the specific locationValue to
  the Geolocation header field.

Make it “indicating that it added”; there aren’t multiple intermediaries here.

  If such trust domain is not given, it is
  strongly recommended to delete the location information.

I think the right fix to Ben’s comment here is “If a sufficient trust relationship does not exist, it is strongly recommended that the location information be deleted.”

[Ballot comment]
** Section 7.  It is likely worth emphasizing that the veracity of the “loc-src” parameter, like all elements of locationValue, is dependent on the security properties of the architectures conveying the information; and the trust placed in the participating nodes.  Put another way, just because it is there, does mean the loc-src is accurate or the true source.

** Editorial Nits
-- Section 3.  s/Each has it own/Each has its own/

-- Per [M493], s/Februar 2015/February 2015/

[Ballot comment]
Thank you for the work put into this document. I found the document easy to read even for a non SIP-fluent person like me.

I have just one non-blocking comment/question. Your reply will be appreciated.

-- Section 7 --
If the source of location is critical, then I wonder why this source is not cryptographically authenticated... Having hop-by-hop TLS protection is not enough probably as the UE (or any adverse proxy on the path) could insert a fake Geoloc with a fake loc-src.

I hope that this helps to improve the document,

Regards,

-éric

[Ballot comment]
Thanks for this easy-to-read document!
I do have a few comments, including places where we could improve
the internal consistency of our recommendations and requirements.

Section 3

  The primary intent of the "loc-src" parameter in this specification
  is for use in emergency calling.  There are various architectures
  defined for providing emergency calling using SIP-based messaging.

It's a little interesting to see this listed as the "primary intent" to the
implied exclusion of the other uses of location envisoned by RFC 6442.
Would those other uses for location information not also be interested in
the origin of a given piece of location information?

  The "loc-src" parameter is not included in a SIP message sent to
  another network if there is no trust relationship.  The "loc-src"
  parameter is not applicable if the administrative domain manages
  emergency calls in a way that does not require any generation of the
  location.

This statement seems to provide stronger constraints (e.g., be in conflict
with) the previous quote about "primary intent", and corresponds more to
"sole intent" than "primary intent".

  The functional architecture described within ETSI [M493] is an
  example of an architecture where it makes sense to use this
  parameter.

nit: I expect that there are many architectures specified by ETSI, so
additional qualifiers (e.g., "telephony" or "emergency telephony") might be
appropriate.

Section 6

  This document doesn't change any of the privacy considerations
  described in [RFC6442].  While the addition of the "loc-src"
  parameter identifies the entity that added the location in the
  signaling path, this addition provides little more exposure than
  adding a proxy identity to the Record-Route header field.

Are the privacy considerations of adding a proxy identity to the
Record-Route header field documented somewhere we could reference?

Section 7

  This document introduces the ability of a SIP intermediary to insert
  a host name indicating that they added the specific locationValue to
  the Geolocation header field.  The intent is for this field to be
  used by the location recipient in the event that the SIP message
  contains multiple locationValues.  As a consequence this parameter
  should only be used by the location recipient in a trusted network.

I see that essentially the same sentiment is already included in the
following paragraph, but I might consider noting here that "adding this
parameter in an untrusted network serves solely to give location information
to untrusted parties, and is disrecommended" out of some sense of
parallelism.  But that' purely stylistic, so do what sounds best to you!

  As already stated in [RFC6442], securing the location hop-by-hop,
  using TLS, protects the message from eavesdropping and modification
  in transit, but exposes the information to all SIP intermediaries on

Hmm, though RFC 6442 does not seem to require use of TLS (or equivalent).
It would be reasonable to include a brief discussion of the risks incurred
by not using TLS, though I don't insist on it.

  the path as well as the endpoint.  The "loc-src" parameter is
  applicable within a single private administrative domain or between
  different administrative domains where there is a trust relationship
  between the domains.  If such trust domain is not given, it is
  strongly recommended to delete the location information.

nit: I'm not sure if "If such trust domain is not given" parses properly; is
there a missing word or two?

  multiple locations.  To avoid problems with misinterpretation of the
  "loc-src" parameter, the value may be removed when passed to another
  domain.

I think we already made a suggestion stronger than "may" to do so.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-sipcore-locparam-04. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete.

In the Header Field Parameters and Parameter Values registry on the Session Initiation Protocol (SIP) Parameters registry page located at:

https://www.iana.org/assignments/sip-parameters/

a single, new registration is to be made as follows:

Header Field: Geolocation
Parameter Name: loc-src
Predefined Values: No
Reference: [ RFC-to-be ]

The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2020-01-27):

From: The IESG
To: IETF-Announce
CC: Jean Mahoney , adam@nostrum.com, sipcore-chairs@ietf.org, draft-ietf-sipcore-locparam@ietf.org, sipcore@ietf.org, mahoney@nostrum.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Location Source Parameter for the SIP Geolocation Header Field) to Proposed Standard


The IESG has received a request from the Session Initiation Protocol Core WG
(sipcore) to consider the following document: - 'Location Source Parameter
for the SIP Geolocation Header Field'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-01-27. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  There are some circumstances where a Geolocation header field may
  contain more than one locationValue.  Knowing the identity of the
  node adding the locationValue allows the recipient more freedom in
  selecting the value to look at first rather than relying solely on
  the order of the locationValues.  This document defines the "loc-src"
  parameter so that the entity adding the locationValue to Geolocation
  header field can identify itself using its hostname.  This document
  updates RFC 6442.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-sipcore-locparam/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-sipcore-locparam/ballot/


No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc3325: Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks (Informational - IETF stream)

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

Proposed Standard, which is indicated in the title header.


(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

The Geolocation SIP header field [RFC6442] indicates that the SIP message conveys location information, which is typically provided by a user agent client (UAC), such as a person's cell phone. However, a UAC is not the only SIP element that can add geolocation information. Mobile networks also have location information about the UACs that use their networks. SIP proxies and intermediaries can add this location information to the SIP message, but there has not been a way to identify which SIP entity contributed the location information. This specification defines a new parameter for the Geolocation header field that identifies the source that added the location information to the SIP message.


Working Group Summary

This document started out in the DISPATCH working group, where it was discussed on list and presented at IETF 93. The DISPATCH plan originally was to have an AD sponsor the draft, but with the change in SIPCORE's charter allowing the WG to consider small, self-contained SIP extensions, the draft was dispatched to SIPCORE, where it was adopted. 


Document Quality

The draft received extensive feedback from both DISPATCH and SIPCORE participants, and reviewers have been thanked in the Acknowledgments section.

Implementation notes:  this extension to the Geolocation header field has been requested by regulatory bodies and is expected to be deployed in European mobile networks. As of this writing, there is at least one implementation.


Personnel

  Who is the Document Shepherd? Jean Mahoney

  Who is the Responsible Area Director? Adam Roach


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document shepherd checked that all feedback provided on both the DISPATCH and SIPCORE lists was incorporated or otherwise addressed in document updates. This document is ready to be forwarded to the IESG.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

No.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

The shepherd has no concerns about this document. 


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

None of the authors have IPR on this document or know of any.


(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

No.


(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

The draft received support on the DISPATCH list before being sent SIPCORE. The SIPCORE WG adopted the draft with the support of seven SIPCORE WG participants and no objections. Feedback focused on the ABNF of the parameter with some feedback on the privacy and security considerations sections. 


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

No.


(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

This document has a Normative reference to an Informational RFC: RFC 3325.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

None required. This document adds a header field parameter to an IANA subregistry, but the registration procedure is "RFC required" and not expert review.


(13) Have all references within this document been identified as
either normative or informative?

Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

This document has a Normative reference to an Informational RFC: RFC 3325, Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks.


(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

This document updates RFC 6442. This information is clearly captured in the header, abstract, and introduction.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 8126).

The IANA Considerations section clearly identifies the "Header Field Parameters and Parameter Values" sub-registry within the "Session Initiation Protocols" registry and shows how to create a new row for the header field parameter specified in the document. 


(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

N/A


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

The ABNF was hand checked and also checked with Bill's ABNF Parser (https://tools.ietf.org/tools/bap/abnf.cgi).

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

Proposed Standard, which is indicated in the title header.


(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

The Geolocation SIP header field [RFC6442] indicates that the SIP message conveys location information, which is typically provided by a user agent client (UAC), such as a person's cell phone. However, a UAC is not the only SIP element that can add geolocation information. Mobile networks also have location information about the UACs that use their networks. SIP proxies and intermediaries can add this location information to the SIP message, but there has not been a way to identify which SIP entity contributed the location information. This specification defines a new parameter for the Geolocation header field that identifies the source that added the location information to the SIP message.


Working Group Summary

This document started out in the DISPATCH working group, where it was discussed on list and presented at IETF 93. The DISPATCH plan originally was to have an AD sponsor the draft, but with the change in SIPCORE's charter allowing the WG to consider small, self-contained SIP extensions, the draft was dispatched to SIPCORE, where it was adopted. 


Document Quality

The draft received extensive feedback from both DISPATCH and SIPCORE participants, and reviewers have been thanked in the Acknowledgments section.

Implementation notes:  this extension to the Geolocation header field has been requested by regulatory bodies and is expected to be deployed in European mobile networks. As of this writing, there is at least one implementation.


Personnel

  Who is the Document Shepherd? Jean Mahoney

  Who is the Responsible Area Director? Adam Roach


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document shepherd checked that all feedback provided on both the DISPATCH and SIPCORE lists was incorporated or otherwise addressed in document updates. This document is ready to be forwarded to the IESG.


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

No.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

The shepherd has no concerns about this document. 


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

None of the authors have IPR on this document or know of any.


(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

No.


(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

The draft received support on the DISPATCH list before being sent SIPCORE. The SIPCORE WG adopted the draft with the support of seven SIPCORE WG participants and no objections. Feedback focused on the ABNF of the parameter with some feedback on the privacy and security considerations sections. 


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

No.


(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

This document has a Normative reference to an Informational RFC: RFC 3325.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

None required. This document adds a header field parameter to an IANA subregistry, but the registration procedure is "RFC required" and not expert review.


(13) Have all references within this document been identified as
either normative or informative?

Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

This document has a Normative reference to an Informational RFC: RFC 3325, Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks.


(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

This document updates RFC 6442. This information is clearly captured in the header, abstract, and introduction.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 8126).

The IANA Considerations section clearly identifies the "Header Field Parameters and Parameter Values" sub-registry within the "Session Initiation Protocols" registry and shows how to create a new row for the header field parameter specified in the document. 


(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

N/A


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

The ABNF was hand checked and also checked with Bill's ABNF Parser (https://tools.ietf.org/tools/bap/abnf.cgi).