SIP
Click on the red underlined text to get to the source
... voice, video, or text messages. The Session
Initiation Protocol (SIP) works in concert with these protocols by
enabling Internet ...
... like to share. For locating prospective session participants, and
for other functions, SIP enables the creation of an infrastructure of
network hosts ...
... registrations, invitations to sessions, and other requests. SIP is
an agile, general-purpose tool for creating, modifying, and
...
... Overview of SIP Functionality ...
... multimedia sessions (conferences) such as
Internet telephony calls. SIP can also invite participants to
already existing sessions, such as multicast ...
... be added to (and removed from) an existing session. SIP
transparently supports name mapping and redirection services, which
...
... network location.
SIP supports five facets of establishing and terminating multimedia
communications:
...
... services.
SIP is not a vertically integrated communications system. SIP is
rather a component that can be used with other IETF protocols ...
...
SIP is not a vertically integrated communications system. SIP is
rather a component that can be used with other IETF protocols to
...
... 1]) for describing
multimedia sessions. Therefore, SIP should be used in conjunction
with other protocols in order to provide complete services ...
... with other protocols in order to provide complete services to the
users. However, the basic functionality and operation of SIP does
not depend on any of these protocols.
...
... not depend on any of these protocols.
SIP does not provide services. Rather, SIP provides primitives that
...
... SIP does not provide services. Rather, SIP provides primitives that
can be used to implement different services. For example, SIP ...
... SIP provides primitives that
can be used to implement different services. For example, SIP can
locate a user and deliver an opaque object to his current location.
...
... services.
SIP does not offer conference control services such as floor control
or voting and does not prescribe how a conference is to be managed.
...
... services such as floor control
or voting and does not prescribe how a conference is to be managed.
SIP can be used to initiate a session that uses some other conference
control protocol ...
... session that uses some other conference
control protocol. Since SIP messages and the sessions they establish
can pass through entirely different networks ...
... sessions they establish
can pass through entirely different networks, SIP cannot, and does
not, provide any kind of network resource reservation ...
... services provided make security particularly
important. To that end, SIP provides a suite of security services,
which include denial-of-service ...
...
This section introduces the basic operations of SIP using simple
examples. This section is tutorial in nature and does not contain
any normative statements.
...
... any normative statements.
The first example shows the basic functions of SIP: location of an
end point, signal of a desire to communicate, negotiation of session
parameters ...
... established.
Figure 1 shows a typical example of a SIP message exchange between
two users, Alice and Bob. (Each message is labeled with the letter
"F" and a number for reference by the text.) In this example, Alice
...
... two users, Alice and Bob. (Each message is labeled with the letter
"F" and a number for reference by the text.) In this example, Alice
uses a SIP application on her PC (referred to as a softphone) to call
Bob on his SIP ...
... SIP application on her PC (referred to as a softphone) to call
Bob on his SIP phone over the Internet. Also shown are two SIP proxy
servers that act on behalf of Alice and Bob to facilitate the session
establishment ...
... Bob on his SIP phone over the Internet. Also shown are two SIP proxy
servers that act on behalf of Alice and Bob to facilitate the session
establishment. This typical arrangement is often referred to as the
"SIP ...
... SIP proxy
servers that act on behalf of Alice and Bob to facilitate the session
establishment. This typical arrangement is often referred to as the
"SIP trapezoid" as shown by the geometric shape of the dotted lines
in Figure 1.
...
... in Figure 1.
Alice "calls" Bob using his SIP identity, a type of Uniform Resource
Identifier (URI ...
... identity, a type of Uniform Resource
Identifier (URI) called a SIP URI. SIP URIs are defined in Section
...
... Uniform Resource
Identifier (URI) called a SIP URI. SIP URIs are defined in Section
19.1. It has a similar form to an email address ...
... host name. In this case, it is
sip:bob@biloxi.com, where biloxi.com is the domain of Bob's SIP
service provider. Alice has a SIP URI ...
... SIP
service provider. Alice has a SIP URI of sip:alice@atlanta.com.
Alice might have typed in Bob's URI or perhaps clicked on a hyperlink
...
... URI or perhaps clicked on a hyperlink
or an entry in an address book. SIP also provides a secure URI,
called a SIPS URI ...
... transaction begins with Alice's softphone sending
an INVITE request addressed to Bob's SIP URI. INVITE is an example
of a SIP ...
... SIP URI. INVITE is an example
of a SIP method that specifies the action that the requestor (Alice)
wants the server (Bob) to take. The INVITE ...
... . .
Alice's . . . . . . . . . . . . . . . . . . . . Bob's
softphone SIP Phone
| | | |
| INVITE ...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds
Max-Forwards: 70
...
... transaction.
To contains a display name (Bob) and a SIP or SIPS URI
(sip:bob@biloxi.com) towards which the request was originally
...
... 3].
From also contains a display name (Alice) and a SIP or SIPS URI
(sip:alice@atlanta.com) that indicate the originator of the request.
...
... and Call-ID completely defines a peer-to-peer SIP relationship
between Alice and Bob and is referred to as a dialog.
...
... message body.
The complete set of SIP header fields is defined in Section 20.
The details of the session ...
... codec, or
sampling rate, are not described using SIP. Rather, the body of a
SIP message contains a description of the session ...
... sampling rate, are not described using SIP. Rather, the body of a
SIP message contains a description of the session, encoded in some
other protocol format. One such format is the Session Description
Protocol ...
... SDP message (not shown in the
example) is carried by the SIP message in a way that is analogous to
a document attachment being carried by an email message, or a web
...
... HTTP message.
Since the softphone does not know the location of Bob or the SIP
server in the biloxi.com domain, the softphone sends the INVITE ...
... domain, the softphone sends the INVITE to
the SIP server that serves Alice's domain, atlanta.com. The address
...
... domain, atlanta.com. The address
of the atlanta.com SIP server could have been configured in Alice's
softphone, or it could have been discovered by DHCP, for example.
...
... DHCP, for example.
The atlanta.com SIP server is a type of SIP server known as a proxy
server. A proxy server ...
...
The atlanta.com SIP server is a type of SIP server known as a proxy
server. A proxy server receives SIP requests ...
... SIP server known as a proxy
server. A proxy server receives SIP requests and forwards them on
behalf of the requestor. In this example, the proxy server receives
...
... the INVITE to the destination. Responses in SIP use a three-digit
code followed by a descriptive phrase. This response contains the
same To, From, Call-ID ...
... (Domain Name Service) lookup to find the SIP server that serves the
biloxi.com domain. This is described in [4 ...
... alerts Bob to the incoming
call from Alice so that Bob can decide whether to answer the call,
that is, Bob's phone rings. Bob's SIP phone indicates this in a 180
(Ringing) response, which is routed back through the two proxies in
...
...
In this example, Bob decides to answer the call. When he picks up
the handset, his SIP phone sends a 200 (OK) response to indicate that
the call has been answered. The 200 (OK) contains a message body
...
... no media session being
established. The complete list of SIP response codes is in Section
21. The 200 (OK) (message F9 in Figure 1) might look like this as
...
... SIP/2.0 200 OK
Via: SIP/2.0/UDP server10.biloxi.com
;branch=z9hG4bKnashds8;received=192.0.2.3
...
... UDP server10.biloxi.com
;branch=z9hG4bKnashds8;received=192.0.2.3
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com
;branch=z9hG4bK77ef4c2312983.1;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com
;branch=z9hG4bK77ef4c2312983.1;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com
;branch=z9hG4bK776asdhds ;received=192.0.2.1
...
... INVITE request. (There are three Via header field values - one
added by Alice's SIP phone, one added by the atlanta.com proxy, and
one added by the biloxi.com proxy ...
... proxy, and
one added by the biloxi.com proxy.) Bob's SIP phone has added a tag
parameter to the To header field ...
... header field
contains a URI at which Bob can be directly reached at his SIP phone.
The Content-Type and Content-Length ...
... proxy servers can make flexible "routing decisions" to
decide where to send a request. For example, if Bob's SIP phone
returned a 486 (Busy Here) response, the biloxi.com proxy server
...
... softphone sends an acknowledgement message, ACK, to Bob's SIP phone
to confirm the reception of the final response (200 (OK)). In this
example, the ACK ...
... to confirm the reception of the final response (200 (OK)). In this
example, the ACK is sent directly from Alice's softphone to Bob's SIP
phone, bypassing the two proxies. This occurs because the endpoints ...
... ACK three-way handshake used to establish
SIP sessions. Full details on session setup are in Section 13.
...
... In general, the end-to-end media packets take a different path from
the SIP signaling messages.
...
... INVITE will be discussed later, but relate to
the reliability mechanisms in SIP, the length of time it can take for
a ringing phone to be answered, and forking. For this reason,
request handling in SIP ...
... SIP, the length of time it can take for
a ringing phone to be answered, and forking. For this reason,
request handling in SIP is often classified as either INVITE or non-
INVITE ...
...
In some cases, it may be useful for proxies in the SIP signaling path
to see all the messaging between the endpoints ...
... session. For example, if the biloxi.com proxy server wished to
remain in the SIP messaging path beyond the initial INVITE, it would
add to the INVITE ...
... IP address of
the proxy. This information would be received by both Bob's SIP
phone and (due to the Record-Route header field being passed back in
...
...
Registration is another common operation in SIP. Registration is one
way that the biloxi.com server can learn the current location of Bob.
...
... way that the biloxi.com server can learn the current location of Bob.
Upon initialization, and at periodic intervals, Bob's SIP phone sends
REGISTER messages to a server in the biloxi.com domain ...
... REGISTER messages to a server in the biloxi.com domain known as a SIP
registrar. The REGISTER messages associate Bob's SIP or SIPS URI ...
... domain known as a SIP
registrar. The REGISTER messages associate Bob's SIP or SIPS URI
(sip:bob@biloxi.com) with the machine into which he is currently
...
... SIPS URI
(sip:bob@biloxi.com) with the machine into which he is currently
logged (conveyed as a SIP or SIPS URI in the Contact header field).
...
... proxy for that domain. It is an
important concept that the distinction between types of SIP servers
is logical, not physical.
...
...
Bob is not limited to registering from a single device. For example,
both his SIP phone at home and the one in the office could send
registrations. This information is stored together in the location
...
... administrator.
Finally, it is important to note that in SIP, registration is used
for routing ...
... registration is used
for routing incoming SIP requests and has no role in authorizing
outgoing requests. Authorization ...
... Authorization and authentication are handled in
SIP either on a request-by-request basis with a challenge/response
mechanism, or by using a lower layer scheme as discussed in Section
...
... 26.
The complete set of SIP message details for this registration example
is in Section 24.1.
...
... is in Section 24.1.
Additional operations in SIP, such as querying for the capabilities
of a SIP server or client ...
... Additional operations in SIP, such as querying for the capabilities
of a SIP server or client using OPTIONS, or canceling a pending
request using CANCEL, will be introduced in later sections.
...
...
SIP is structured as a layered protocol, which means that its
behavior is described in terms of a set of fairly independent
processing stages with only a loose coupling between each stage. The
...
... BNF). The
complete BNF is specified in Section 25; an overview of a SIP
message's structure can be found in Section 7.
The second layer ...
... sends requests and receives responses and how a server receives
requests and sends responses over the network. All SIP elements
contain a transport layer. The transport layer ...
... layer. Transactions are a
fundamental component of SIP. A transaction is a request sent by a
client ...
... layer is called the transaction user
(TU). Each of the SIP entities, except the stateless proxy, is a
...
... registrations play an important role in
SIP, a UAS that handles a REGISTER is given the special name
...
... Certain other requests are sent within a dialog. A dialog is a
peer-to-peer SIP relationship between two user agents that persists
for some time. The dialog facilitates sequencing of messages and
...
... the purposes of communication. Section 13 discusses how sessions are
initiated, resulting in one or more SIP dialogs. Section 14
discusses how characteristics of that session are modified through
...
...
The following terms have special significance for SIP.
Address-of-Record ...
... Client: A client is any network element that sends SIP requests
and receives SIP responses. Clients ...
... network element that sends SIP requests
and receives SIP responses. Clients may or may not interact
directly with a human user ...
...
Core: Core designates the functions specific to a particular type
of SIP entity, i.e., specific to either a stateful or stateless
proxy ...
...
Dialog: A dialog is a peer-to-peer SIP relationship between two
UAs that persists for some time. A dialog is established by
...
... UAs that persists for some time. A dialog is established by
SIP messages, such as a 2xx response to an INVITE request. A
dialog is identified by a call identifier ...
... user agent server.
Final Response: A response that terminates a SIP transaction, as
opposed to a provisional response that does not. All 2xx, 3xx,
...
... Header: A header is a component of a SIP message that conveys
information about the message. It is structured as a sequence
of header fields ...
... Home Domain: The domain providing service to a SIP user.
Typically, this is the domain present in the URI ...
... Location Service: A location service is used by a SIP redirect or
proxy server to obtain information about a callee's possible
...
... router.
Message: Data sent between SIP elements as part of the protocol.
SIP messages are either requests or responses.
...
... Message: Data sent between SIP elements as part of the protocol.
SIP messages are either requests or responses.
Method ...
... Provisional Response: A response used by the server to indicate
progress, but that does not terminate a SIP transaction. 1xx
responses are provisional, other responses are considered
...
... ACK, or CANCEL.
Request: A SIP message sent from a client to a server, for the
purpose of invoking a particular operation.
...
... purpose of invoking a particular operation.
Response: A SIP message sent from a server to a client, for
indicating the status of a request sent from the client to the
server ...
... Route Set: A route set is a collection of ordered SIP or SIPS URI
which represent a list of proxies ...
... transaction.
Spiral: A spiral is a SIP request that is routed to a proxy,
forwarded onwards, and arrives once again at that proxy ...
... user agent server is a logical entity
that generates a response to a SIP request. The response
accepts, rejects, or redirects the request. This role lasts
...
... SIP Messages ...
... 7]).
A SIP message is either a request from a client to a server, or a
response from a server to a client ...
... 3], even though the syntax differs in
character set and syntax specifics. (SIP allows header fields that
would not be valid ...
...
Except for the above difference in character sets, much of SIP's
message and header field syntax is identical to HTTP/1.1 ...
...
SIP requests are distinguished by having a Request-Line for a start-
line. A Request-Line contains a method ...
... sessions, BYE for terminating sessions, and
OPTIONS for querying servers about their capabilities. SIP
extensions, documented in standards track RFCs, may define
additional methods ...
... Request-URI: The Request-URI is a SIP or SIPS URI as described in
Section 19.1 or a general URI ...
... control
characters and MUST NOT be enclosed in "<>".
SIP elements MAY support Request-URIs with schemes other than
"sip" and "sips", for example the "tel" URI scheme ...
... 2806(-> 3966prop) [9]. SIP elements MAY translate non-SIP URIs using any
mechanism at their disposal, resulting in SIP URI ...
... SIP URIs using any
mechanism at their disposal, resulting in SIP URI, SIPS URI,
or some other scheme.
...
... request and response messages include the
version of SIP in use, and follow [H3.1] (with HTTP replaced
...
... by SIP, and HTTP/1.1 replaced by SIP/2.0) regarding version
ordering, compliance requirements ...
... requirements, and upgrading of version
numbers. To be compliant with this specification,
applications sending SIP messages MUST include a SIP-Version
...
... version
numbers. To be compliant with this specification,
applications sending SIP messages MUST include a SIP-Version
of "SIP ...
...
SIP responses are distinguished from requests by having a Status-Line
as their start-line. A Status-Line consists of the protocol version ...
... referred to as a "1xx response", any response with a status code
between 200 and 299 as a "2xx response", and so on. SIP/2.0 allows
six values for the first digit:
...
...
SIP header fields are similar to HTTP header fields in both syntax
and semantics. In particular, SIP header fields ...
... SIP header fields are similar to HTTP header fields in both syntax
and semantics. In particular, SIP header fields follow the [H4.2]
definitions of syntax for the message-header and the rules for
...
... name whose value is a comma-separated list can be combined into one
header field. That applies to SIP as well, but the specific rule is
different because of the different grammars. Specifically, any SIP
...
... header field. That applies to SIP as well, but the specific rule is
different because of the different grammars. Specifically, any SIP
header whose grammar is of the form
...
...
SIP provides a mechanism to represent common header field names in an
abbreviated form. This may be useful when messages would otherwise
...
... header field that does not contain multipart.
SIP messages MAY contain binary bodies or body parts. When no
explicit charset parameter is provided by the sender ...
... The "chunked" transfer encoding of HTTP/1.1 MUST NOT be used for SIP.
(Note: The chunked encoding modifies the body of a message in order
...
... Framing SIP Messages ...
...
Unlike HTTP, SIP implementations can use UDP or other unreliable
datagram protocols. Each such datagram ...
... Content-Length header field value is used to locate the end of
each SIP message in a stream. It will always be present when SIP
messages are sent over stream ...
... each SIP message in a stream. It will always be present when SIP
messages are sent over stream-oriented transports.
...
... peer-to-peer relationship
between user agents and are established by specific SIP methods, such
as INVITE ...
...
A valid SIP request formulated by a UAC MUST, at a minimum, contain
the following header fields ...
... Call-ID, Max-Forwards,
and Via; all of these header fields are mandatory in all SIP
requests. These six header fields are the fundamental building
blocks of a SIP message ...
... SIP
requests. These six header fields are the fundamental building
blocks of a SIP message, as they jointly provide for most of the
critical message routing ...
... UA by a user or service provider
manually, or through some other non-SIP mechanism. When a provider
wishes to configure a UA ...
... not be the ultimate recipient of the request. The To header field
MAY contain a SIP or SIPS URI, but it may also make use of other URI
schemes (the tel URL ...
... 2806(-> 3966prop) [9]), for example) when appropriate.
All SIP implementations MUST support the SIP URI scheme. Any
implementation that supports TLS ...
... 9]), for example) when appropriate.
All SIP implementations MUST support the SIP URI scheme. Any
implementation that supports TLS MUST support the SIPS URI scheme ...
... to choose how to interpret this input. Using the string to form the
user part of a SIP URI implies that the UA wishes the name to be
resolved in the domain ...
... resolved in the domain to the right-hand side (RHS) of the at-sign in
the SIP URI (for instance, sip:bob@example.com). Using the string to
form the user part of a SIPS URI ...
... header field, it contains a URI and optionally a display name. It is
used by SIP elements to determine which processing rules to apply to
a request (for example, automatic call rejection). As such, it is
...
... globally unique
identifier over space and time unless overridden by method-specific
behavior. All SIP UAs must have a means to guarantee that the Call-
ID header fields ...
... originates with a value that SHOULD be 70. This number was chosen to
be sufficiently large to guarantee that a request would not be
dropped in any SIP network when there were no loops, but not so large
as to consume proxy resources when a loop does occur. Lower values
...
... version in the header field
MUST be SIP and 2.0, respectively. The Via header field value MUST
contain a branch parameter. This parameter is used to identify the
...
...
The Contact header field provides a SIP or SIPS URI that can be used
to contact that specific instance of the UA ...
... UA for subsequent requests.
The Contact header field MUST be present and contain exactly one SIP
or SIPS URI in any request that can result in the establishment of a
...
...
If the UAC supports extensions to SIP that can be applied by the
server to the response, the UAC SHOULD include a Supported header
field ...
... In some cases, the response returned by the transaction layer will
not be a SIP message, but rather a transaction layer error. When a
...
... URI scheme not supported by the
server. The client SHOULD retry the request, this time, using a SIP
URI.
If a 420 (Bad Extension) response is received (Section 21.4.15), the
...
... header field is used by a UAC to tell a UAS about SIP
extensions that the UAC expects the UAS ...
...
Note that Require and Proxy-Require MUST NOT be used in a SIP CANCEL
request, or in an ACK request sent for a non-2xx response. These
...
... header field in the request. If the
desired extension is not supported, the server SHOULD rely only on
baseline SIP and any other extensions supported by the client. In
rare circumstances, where the server cannot process the request
...
...
A redirect server does not issue any SIP requests of its own. After
receiving a request other than CANCEL, the server either refuses the
...
... well-formed CANCEL requests, it SHOULD return a 2xx response. This
response ends the SIP transaction. The redirect server maintains
...
... parameters such as a different server or multicast address to try, or
a change of SIP transport from UDP to TCP ...
... Note that a Contact header field value MAY also refer to a different
resource than the one originally called. For example, a SIP call
connected to PSTN gateway may need to deliver a special informational
...
... header field can contain any suitable URI
indicating where the called party can be reached, not limited to SIP
URIs. For example, it could contain URIs ...
...
SIP offers a discovery capability. If a user wants to initiate a
session with another user, SIP ...
... SIP offers a discovery capability. If a user wants to initiate a
session with another user, SIP must discover the current host(s) at
which the destination ...
... which the destination user is reachable. This discovery process is
frequently accomplished by SIP network elements such as proxy servers
...
... receiving a request,
determining where to send it based on knowledge of the location of
the user, and then sending it there. To do this, SIP network
elements consult an abstract service ...
... domain. These
address bindings map an incoming SIP or SIPS URI, sip:bob@biloxi.com,
for example, to one or more URIs ...
... Bob is known to be a member of the engineering department through
access to a corporate database. However, SIP provides a mechanism
for a UA to create ...
... elements.
SIP does not mandate a particular mechanism for implementing the
location service. The only requirement ...
... reading that same data. A registrar MAY be co-located with a
particular SIP proxy server for the same domain.
...
... registration is meant (for example,
"sip:chicago.com"). The "userinfo" and "@" components of the
SIP URI MUST NOT be present.
To: The To header field ...
... REGISTER request sent to a registrar includes the contact
address(es) to which SIP requests for the address-of-record should be
forwarded. The address-of-record ...
... The Contact header field values of the request typically consist of
SIP or SIPS URIs that identify particular SIP endpoints (for example,
...
... SIP or SIPS URIs that identify particular SIP endpoints (for example,
"sip:carol@cube2214a.chicago.com"), but they MAY use any URI scheme.
...
... "sip:carol@cube2214a.chicago.com"), but they MAY use any URI scheme.
A SIP UA can choose to register telephone numbers ...
... address-of-record "sip:carol@chicago.com",
would register with the SIP registrar of the domain chicago.com. Her
registrations ...
... address is guaranteed by other means.
This may be applicable to URIs that invoke protocols other than SIP,
or SIP devices secured by protocols other than TLS ...
... URIs that invoke protocols other than SIP,
or SIP devices secured by protocols other than TLS.
...
... Request-URI and address the request there, using the
normal SIP server location mechanisms [4]. For example, the UA for
...
... registrations are addressed to the well-known "all SIP servers"
multicast address "sip.mcast.net" (224.0.1.75 for IPv4 ...
... IPv6 multicast address has been allocated; such an allocation
will be documented separately when needed. SIP UAs MAY listen to
that address ...
... UAC. Mechanisms for the
authentication of SIP user agents are described in Section 22.
Registration behavior in no way overrides the generic
...
... authentication framework for SIP. If no authentication
mechanism is available, the registrar MAY take the From address
...
... Request-URI,
which could identify another UA or a SIP server. If the OPTIONS is
addressed to a proxy server, the Request-URI ...
...
An OPTIONS request is constructed using the standard rules for a SIP
request as discussed in Section 8.1.1.
A Contact header field ...
... OPTIONS sip:carol@chicago.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKhjhs8ass877
Max-Forwards: 70
...
...
The response to an OPTIONS is constructed using the standard rules
for a SIP response as discussed in Section 8.2.6. The response code
chosen MUST be the same that would have been chosen had the request
...
... SIP/2.0 200 OK
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKhjhs8ass877
;received=192.0.2.4
...
... user agent is that of a dialog. A dialog
represents a peer-to-peer SIP relationship between two user agents
that persists for some time. The dialog facilitates sequencing of
...
... between both of them. The dialog represents a context in which to
interpret SIP messages. Section 8 discussed method independent UA
...
... request that contains a tag in the To field. The rules for computing
the dialog ID of a message depend on whether the SIP element is a UAC
or UAS ...
... host. The URI provided in the Contact header field MUST be a SIP
or SIPS URI. If the request that initiated the dialog contained a
...
... UAC sends a request that can establish a dialog (such as an
INVITE) it MUST provide a SIP or SIPS URI with global scope (i.e.,
the same SIP URI ...
... SIP or SIPS URI with global scope (i.e.,
the same SIP URI can be used in messages outside this dialog) in the
Contact header field of the request. If the request has a Request-
...
... Content-Disposition is "session".
SIP uses an offer/answer model where one UA sends a session ...
... offer/answer exchange is within the
context of a dialog, so that if a SIP INVITE results in multiple
dialogs, each is a separate offer/answer ...
... (for example, you cannot make a new offer while one is in progress).
This results in restrictions on where the offers and answers can
appear in SIP messages. In this specification, offers and answers
can only appear in INVITE requests and responses, and ACK ...
... This section describes the procedures for terminating a session
established by SIP. The state of the session and the state ...
... ACK for its 2xx response or until the server
transaction times out. If no SIP extensions have defined other
application layer states associated with the dialog, the BYE also
...
... established by any 2xx responses, or MAY terminate them with BYE.
The notion of "hanging up" is not well defined within SIP. It is
specific to a particular, albeit common, user interface.
...
... proxies are elements that route SIP requests to user agent
servers and SIP responses to user agent ...
... route SIP requests to user agent
servers and SIP responses to user agent clients. A request may
...
... Being a proxy is a logical role for a SIP element. When a request
arrives, an element that can play the role ...
...
When stateful, a proxy is purely a SIP transaction processing engine.
Its behavior is modeled here in terms of the server and client ...
... header field (Section 20.22) is used to limit the
number of elements a SIP request can traverse.
If the request does not contain a Max-Forwards header field ...
... service
created by a SIP Registrar, reading a database, consulting a presence
server, utilizing other protocols, or simply performing an
...
... dynamic source of information while building the target set (for
instance, if it consults a SIP Registrar), it SHOULD monitor that
source for the duration of processing the request. New locations
SHOULD be added to the target set ...
... identity of that next hop,
expressed as a SIP or SIPS URI, is inserted as the top-most Route
...
... URI placed in the Record-Route header field value MUST be a
SIP or SIPS URI. This URI MUST contain an lr parameter (see
...
... element, so it must
restrict itself to the mandatory elements of a SIP
implementation: SIP URIs ...
... server location procedures of [4] are applied to it, so that
subsequent requests reach the same SIP element. If the
Request-URI contains a SIPS URI ...
...
The Record-Route process is designed to work for any SIP
request that initiates a dialog. INVITE is the only such
request in this specification, but extensions to the protocol
...
... proxy has already attempted.
3xx responses may contain a mixture of SIP, SIPS, and non-SIP
URIs ...
... URIs. A proxy may choose to recurse on the SIP and SIPS URIs
and place the remainder into the response context ...
... URI Scheme) response to
a request whose Request-URI scheme was not SIP, but the scheme
in the original received request was SIP or SIPS (that is, the
...
... Request-URI scheme was not SIP, but the scheme
in the original received request was SIP or SIPS (that is, the
proxy changed the scheme from SIP ...
... SIP or SIPS (that is, the
proxy changed the scheme from SIP or SIPS to something else
when it proxied a request), the proxy SHOULD add a new URI ...
... SIP URI version of the
non-SIP URI that was just tried. In the case of the tel URL,
this is accomplished by placing the telephone ...
... of the tel URL into the user part of the SIP URI, and setting
the hostpart to the domain where the prior request was sent.
...
... the hostpart to the domain where the prior request was sent.
See Section 19.1.6 for more detail on forming SIP URIs from tel
URLs ...
... As with a 3xx response, if a proxy "recurses" on the 416 by
trying a SIP or SIPS URI instead, the 416 response SHOULD NOT
be added to the response context ...
... Basic SIP Trapezoid ...
...
This scenario is the basic SIP trapezoid, U1 -> P1 -> P2 -> U2, with
both proxies record-routing ...
... domain.com gets this and responds with a 200 OK:
SIP/2.0 200 OK
Contact: sip:callee@u2.domain.com
...
... lr parameter, so before sending, it reformats the request to be:
BYE sip:p3.middle.com SIP/2.0
Route: <sip:p2.example.com;lr>
...
... router, so it forwards the following to P2:
BYE sip:p2.example.com;lr SIP/2.0
Route: <sip:p1.example.com;lr>
...
...
BYE sip:caller@u1.example.com SIP/2.0
Since P1 is not responsible for u1.example.com and there is no Route ...
... INVITE sip:callee@gateway.leftprivatespace.com SIP/2.0
Contact: <sip:caller@u1.leftprivatespace.com>
...
...
INVITE sip:callee@rightprivatespace.com SIP/2.0
Contact: <sip:caller@u1.leftprivatespace.com>
...
... U2 sends this 200 (OK) back to P1:
SIP/2.0 200 OK
Contact: <sip:callee@u2.rightprivatespace.com>
Record-Route ...
... U1 will find useful, and sends the following to U1:
SIP/2.0 200 OK
Contact: <sip:callee@u2.rightprivatespace.com>
Record-Route ...
... Later, U1 sends the following BYE request to P1:
BYE sip:callee@u2.rightprivatespace.com SIP/2.0
Route: <sip:gateway ...
... which P1 forwards to U2 as:
BYE sip:callee@u2.rightprivatespace.com SIP/2.0
...
...
SIP is a transactional protocol: interactions between components take
place in a series of independent message exchanges. Specifically, a
...
... place in a series of independent message exchanges. Specifically, a
SIP transaction consists of a single request and any responses to
that request, which include zero or more provisional responses and
...
... and the UA or stateful proxy on the other side. As far as SIP
transactions are concerned, stateless ...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKkjshdyff
To: Bob <sip:bob@biloxi.com>
...
... ACK sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKkjshdyff
To: Bob <sip:bob@biloxi.com>;tag ...
... retransmissions.
That is not an error; multicast SIP provides only a rudimentary
"single-hop-discovery-like" service that is limited to processing a
...
... message size and the MTU
accommodates the fact that the response in SIP can be larger than
the request. This happens due to the addition of Record-Route
header field values to the responses to INVITE ...
...
These rules result in a purposeful limitation of multicast in SIP.
Its primary function is to provide a "single-hop-discovery-like"
...
... transport combination that can be the result of a DNS lookup
on a SIP or SIPS URI [4] that is handed out for the purposes of
...
... URI can also be "handed out" by placing it
on a web page or business card. It is also RECOMMENDED that a server
listen for requests on the default SIP ports (5060 for TCP and UDP ...
... INVITE sip:bob@Biloxi.com SIP/2.0
Via: SIP/2.0/UDP bobspc.biloxi.com:5060;received=192.0.2.4
...
...
There are certain components of SIP messages that appear in various
places within SIP messages (and sometimes, outside of them) that
...
... There are certain components of SIP messages that appear in various
places within SIP messages (and sometimes, outside of them) that
merit separate discussion.
...
... SIP and SIPS Uniform Resource Indicators ...
... SIPS URI identifies a communications resource. Like all
URIs, SIP and SIPS URIs may be placed in web pages, email messages,
...
... security mechanism depends on
the policy of the domain. Any resource described by a SIP URI can be
"upgraded" to a SIPS URI by just changing the scheme, if it is
...
... mailto URL, allowing the specification
of SIP request-header fields and the SIP message-body. This makes it
...
... of SIP request-header fields and the SIP message-body. This makes it
possible to specify the subject, media type ...
... email message. The
formal syntax for a SIP or SIPS URI is presented in Section 25. Its
general form, in the case of a SIP URI ...
... SIP or SIPS URI is presented in Section 25. Its
general form, in the case of a SIP URI, is:
sip:user:password ...
... host itself is the resource being identified. If the @ sign is
present in a SIP or SIPS URI, the user field MUST NOT be empty.
...
... password: A password associated with the user. While the SIP and
SIPS URI syntax allows this field to be present, its use is NOT
...
... host: The host providing the SIP resource. The host part contains
either a fully-qualified domain name ...
... transport parameter determines the transport mechanism to
be used for sending SIP messages, as specified in [4]. SIP can
...
... be used for sending SIP messages, as specified in [4]. SIP can
use any network transport protocol ...
... parameter value "phone" SHOULD be present. Even without this
parameter, recipients of SIP and SIPS URIs MAY interpret the
pre-@ part as a telephone number ...
...
Since the uri-parameter mechanism is extensible, SIP elements
MUST silently ignore any uri-parameters that they do not
...
...
Headers fields in the SIP request can be specified with the "?"
mechanism within a URI. The header names ...
... special hname "body" indicates that the associated hvalue is
the message-body of the SIP request.
Table 1 summarizes the use of SIP ...
... URI appears. The external column describes
URIs appearing anywhere outside of a SIP message, for instance on a
web page or business card. Entries marked "m" are mandatory, those
marked "o" are optional, and those marked "-" are not allowed.
...
... Table 1: Use and default values of URI components for SIP header
field values, Request-URI and references
...
... Request-URI and references
SIP follows the requirements and guidelines of RFC 2396(-> 3986std66) [5 ...
... 2396(-> 3986std66) [5] when
defining the set of characters that must be escaped in a SIP URI, and
uses its ""%" HEX HEX" mechanism for escaping. From RFC 2396(-> 3986std66) [5 ...
... characters in various syntax elements that need to be escaped when
used in SIP URIs. Any characters occurring in a telephone-subscriber ...
... Note that character escaping is not allowed in the host component of
a SIP or SIPS URI (the % character is not valid in its expansion).
...
... this protocol, the field is opaque. The structure of that value is
only useful to the SIP element responsible for the resource.
...
...
Some operations in this specification require determining whether two
SIP or SIPS URIs are equivalent. In this specification, registrars
need to compare bindings ...
... URIs in REGISTER requests (see
Section 10.3.). SIP and SIPS URIs are compared for equality
according to the following rules:
...
...
o Comparison of the userinfo of SIP and SIPS URIs is case-
sensitive. This includes userinfo containing passwords ...
... o The ordering of parameters and header fields is not significant
in comparing SIP and SIPS URIs.
...
... URIs within each of the following sets are not equivalent:
SIP:ALICE@AtLanTa.CoM;Transport=udp (different usernames)
...
... URI is
not a valid SIP request, the URI is invalid. An implementation MUST
NOT proceed with transmitting ...
... subscriber portion of the tel URL, including any
parameters, is placed into the userinfo part of the SIP or SIPS URI.
...
...
In general, equivalent "tel" URLs converted to SIP or SIPS URIs in
this fashion may not produce equivalent SIP ...
... SIP or SIPS URIs in
this fashion may not produce equivalent SIP or SIPS URIs. The
userinfo of SIP ...
... SIP or SIPS URIs. The
userinfo of SIP and SIPS URIs are compared as a case-sensitive
string. Variance in case-insensitive ...
... URL parameters does not affect tel URL equivalence,
but does affect the equivalence of SIP URIs formed from them.
...
... telephone-subscriber
fields to place in the userinfo part of a SIP or SIPS URI SHOULD fold
any case-insensitive ...
... Option tags are unique identifiers used to designate new options
(extensions) in SIP. These tags are used in Require (Section 20.32),
Proxy ...
... The "tag" parameter is used in the To and From header fields of SIP
messages. It serves as a general mechanism to identify a dialog,
which is the combination of the Call-ID along with two tags ...
... contributes the second half in the To header field. The forking of
SIP requests means that multiple dialogs can be established from a
single request. This also explains the need for the two-sided dialog
identifier ...
... H3.5] that are acceptable in the response. See
[H14.3]. The semantics in SIP are identical to those defined in
[H14.3].
...
... [H14.4]. The rules for ordering the languages based on the "q"
parameter apply to SIP as well.
Example:
...
... Content-Disposition header are
defined by SIP. The value "session" indicates that the body part
describes a session ...
... displayed as a part of the rendering of the entire message (since the
MIME bodies of SIP messages oftentimes are not displayed to users).
For backward-compatibility, if the Content-Disposition ...
... Date header field contains the date and time. Unlike HTTP/1.1,
SIP only supports the most recent RFC 1123std3 [20] format for dates. As
...
... INVITE, resulting
in a recorded announcement session being established. A non-SIP URI
MAY be rendered to the user.
...
... Examples:
SIP/2.0 404 The number you have dialed is not in service
Error-Info: <sip:not-in-service ...
...
The Max-Forwards header field must be used with any SIP method to
limit the number of proxies ...
... The Organization header field conveys the name of the organization to
which the SIP element issuing the request or response belongs.
The field MAY be used by client software ...
... header field describes the
priority that the SIP request should have to the receiving human or
its agent ...
... option tags, described in
Section 19.2. Each option tag defines a SIP extension that MUST be
understood to process the request. Frequently, this is used to
indicate that a specific set of extension header ...
... normative behavior defined here that makes use of the header, it
allows for extensions or SIP applications to obtain RTT estimates.
...
... TCP. When a request is sent to a SIPS URI, the
protocol still indicates "SIP", and the transport protocol is TLS.
...
... UDP erlang.bell-telephone.com:5060;branch=z9hG4bK87asdks7
Via: SIP/2.0/UDP 192.0.2.1:5060 ;received=192.0.2.207
;branch=z9hG4bK77asjd
...
... network address and port number are not required to
follow the SIP URI syntax. Specifically, LWS on either side of the
":" or "/" is allowed, as shown here:
...
... ":" or "/" is allowed, as shown here:
Via: SIP / 2.0 / UDP first.example.com: 4000;ttl=16
;maddr=224.2.0.1 ;branch=z9hG4bKa7c6a8dlze.1
...
... session description.
The first digit of warning codes beginning with "3" indicates
warnings specific to SIP. Warnings 300 through 329 are reserved for
indicating problems with keywords in the session description, 330
...
... those that are appropriate are given here. Other HTTP/1.1 response
codes SHOULD NOT be used. Also, SIP defines a new class, 6xx.
...
... The choices SHOULD also be listed as Contact fields (Section 20.10).
Unlike HTTP, the SIP response MAY contain several Contact fields or a
list of addresses in a Contact field. UAs ...
... client MUST first authenticate itself with the proxy. SIP access
authentication is explained in Sections 26 and 22.3.
...
... not listed in the Supported header field, servers SHOULD process the
request using baseline SIP capabilities and any extensions supported
by the client.
...
... sip:lee@example.com:
SIP/2.0 485 Ambiguous
Contact: Carol Lee <sip:carol.lee@example.com>
Contact: Ping ...
...
The server does not support, or refuses to support, the SIP protocol
version that was used in the request. The server is indicating that
...
... confidentiality. Protective measures above and
beyond those provided by Digest need to be taken to prevent active
attackers from modifying SIP requests and responses.
Note that due to its weak security ...
... challenge, realm, realm-value, and credentials is identical (although
the usage of "Basic" as a scheme is not permitted). In SIP, a UAS
uses the 401 (Unauthorized) response to challenge the identity ...
... root URL, the
notion of protection spaces is interpreted differently in SIP. The
realm string alone defines the protection domain. This is a change
...
... the UAC. Also, the previous definition depended on the presence
of a SIP URI in the Request-URI and seemed to rule out alternative
URI schemes ...
... Authorization: Digest realm="biloxi.com", <...>
Generally, SIP authentication is meaningful for a specific realm, a
protection domain ...
... password, rather than accounts for particular users, for their realm.
While a server can legitimately challenge most SIP requests, there
are two requests defined by this document that require special
handling for authentication ...
... to apply the HTTP Digest authentication scheme to SIP. The SIP
scheme usage is almost completely identical to that for HTTP ...
... HTTP Digest authentication scheme to SIP. The SIP
scheme usage is almost completely identical to that for HTTP [17 ...
... 2069(-> 2617draft) [39],
SIP servers supporting RFC 2617draft MUST ensure they are backwards
compatible with RFC 2069(-> 2617draft) ...
... 2069(-> 2617draft). Procedures for this backwards
compatibility are specified in RFC 2617draft. Note, however, that SIP
servers MUST NOT accept or request Basic authentication.
...
... Digest
authentication is not enclosed in quotation marks. (The
example in Section 3.5 of RFC 2617draft is correct.) For SIP, the
'uri' MUST be enclosed in quotation marks.
...
... 4. The example procedure for choosing a nonce based on Etag does
not work for SIP.
5. The text in RFC 2617draft ...
... URI included in the Authorization header
field point to the same resource. In a SIP context, these two
URIs ...
... URIs may refer to different users, due to forwarding at some
proxy. Therefore, in SIP, a server MAY check that the
Request-URI in the Authorization ...
... implementers should assume, when the entity-body is
empty (that is, when SIP messages have no body) that the hash
of the entity ...
... network intermediaries (not typical proxy servers) that
rely on viewing or modifying the bodies of SIP messages (especially
SDP), and that secure MIME ...
... encrypting the header fields and bodies of
SIP messages described in RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop) has been deprecated.
...
... composed of the concatenation of the "userinfo" "@" and "domainname"
portions of a SIP or SIPS URI (in other words, an email address of
...
... certificates are also associated with keys that are used to
sign or encrypt bodies of SIP messages. Bodies are signed with the
private key of the sender ...
... deployments in which a previous trust
relationship exists between all SIP entities.
Above and beyond the problem of acquiring an end-user ...
...
SIP itself can also be used as a means to distribute public keys in
the following manner.
...
... CMS SignedData message is used in S/MIME for SIP, it
MUST contain the certificate bearing the public key ...
... certificate corresponds to the From header field
of the SIP request, or if the user (after notification) explicitly
authorizes the use of the certificate ...
... There are two types of secure MIME bodies that are of interest to
SIP: use of these bodies should follow the S/MIME specification [24]
...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
To: Bob <sip:bob@biloxi.com>
...
... S/MIME can
encapsulate entire SIP messages within MIME bodies of type
"message/sip" and then apply MIME ...
... MIME security to these bodies in the
same manner as typical SIP bodies. These encapsulated SIP requests
...
... same manner as typical SIP bodies. These encapsulated SIP requests
and responses do not constitute a separate dialog or transaction,
...
... are given in this section.
Note that for the purposes of loose timestamping, all SIP messages
that tunnel "message/sip" SHOULD contain a Date header ...
... in the signed body with that in the "outer" messages using the
comparison rules of SIP as described in 20.
Header fields ...
... MIME bodies they preface) should be
treated as normal MIME header fields and bodies received in a SIP
message.
It is not particularly useful to encrypt ...
... values.
Note that extensions to SIP may define additional header fields; the
authors of these extensions should describe the integrity ...
... confidentiality properties of such header fields. If a SIP UA
encounters an unknown header field ...
... S/MIME bodies can provide integrity for
SIP header fields if the header fields that the sender wishes to
...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
To: Bob <sip:bob@biloxi.com>
...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
To: Bob <bob@biloxi.com>
...
... end-to-end security. Headers defined by future
SIP applications might also require obfuscation.
Another possible application of encrypting ...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
To: Bob <sip:bob@biloxi.com>
...
... INVITE sip:bob@biloxi.com SIP/2.0 *
* Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8 *
* To: Bob <bob@biloxi.com> *
...
... |--------------->|
Figure 9: SIP Registration Example
...
... REGISTER sip:registrar.biloxi.com SIP/2.0
Via: SIP/2.0/UDP bobspc.biloxi.com:5060;branch=z9hG4bKnashds7
Max-Forwards: 70
...
... SIP/2.0 200 OK
Via: SIP/2.0/UDP bobspc.biloxi.com:5060;branch=z9hG4bKnashds7
;received=192.0.2.4
...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
Max-Forwards: 70
...
...
SIP/2.0 100 Trying
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
... INVITE sip:bob@biloxi.com SIP/2.0
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
Via: SIP ...
... SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
...
SIP/2.0 100 Trying
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
... INVITE sip:bob@192.0.2.4 SIP/2.0
Via: SIP/2.0/UDP server10.biloxi.com;branch=z9hG4bK4b43c2ff8.1
Via: SIP ...
... SIP/2.0/UDP server10.biloxi.com;branch=z9hG4bK4b43c2ff8.1
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
...
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP server10.biloxi.com;branch=z9hG4bK4b43c2ff8.1
;received=192.0.2.3
...
... UDP server10.biloxi.com;branch=z9hG4bK4b43c2ff8.1
;received=192.0.2.3
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
...
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
...
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
...
SIP/2.0 200 OK
Via: SIP/2.0/UDP server10.biloxi.com;branch=z9hG4bK4b43c2ff8.1
;received=192.0.2.3
...
... UDP server10.biloxi.com;branch=z9hG4bK4b43c2ff8.1
;received=192.0.2.3
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
...
SIP/2.0 200 OK
Via: SIP/2.0/UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
...
... UDP bigbox3.site3.atlanta.com;branch=z9hG4bK77ef4c2312983.1
;received=192.0.2.2
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds8
;received=192.0.2.1
...
... ACK sip:bob@192.0.2.4 SIP/2.0
Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bKnashds9
Max-Forwards: 70
...
... media session between Alice and Bob is now established.
Bob hangs up first. Note that Bob's SIP phone maintains its own CSeq
numbering space, which, in this example, begins with 231. Since Bob
...
... BYE sip:alice@pc33.atlanta.com SIP/2.0
Via: SIP/2.0/UDP 192.0.2.4;branch=z9hG4bKnashds10
Max-Forwards: 70
...
...
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.0.2.4;branch=z9hG4bKnashds10
From: Bob <sip:bob@biloxi.com>;tag ...
... Content-Length: 0
The SIP Call Flows document [40] contains further examples of SIP
messages ...
... Augmented BNF for the SIP Protocol ...
... HEXDIG
SIP header field values can be folded onto multiple lines if the
continuation line begins with a space or horizontal tab. All linear
white space, including folding, has the same semantics ...
... 7]). The TEXT-UTF8-TRIM rule is used for descriptive field
contents that are n t quoted strings, where leading and trailing LWS
is not meaningful. In this regard, SIP differs from HTTP, which uses
the ISO 8859-1 ...
... DIGIT / %x61-66 ;lowercase a-f
Many SIP header field values consist of words separated by LWS or
special characters. Unless otherwise stated, tokens are case-
...
... RDQUOT = DQUOTE SWS ; close double quotation mark
Comments can be included in some SIP header fields by surrounding the
comment text with parentheses. Comments are only allowed in fields
containing "comment" as part of their field value definition. In all
...
... quoted-pair = "\" (%x00-09 / %x0B-0C
/ %x0E-7F)
SIP-URI = "sip:" [ userinfo ] hostport
uri-parameters ...
... however, that any characters allowed there that are not allowed in
the user part of the SIP URI MUST be escaped.
uri-parameters = *( ";" ...
... hvalue = *( hnv-unreserved / unreserved / escaped )
hnv-unreserved = "[" / "]" / "/" / "?" / ":" / "+" / "$"
SIP-message = Request / Response
Request = Request-Line
*( message-header ...
... / addr-spec) *(SEMI contact-params)
name-addr = [ display-name ] LAQUOT addr-spec RAQUOT
addr-spec = SIP-URI / SIPS-URI / absoluteURI
...
...
SIP is not an easy protocol to secure. Its use of intermediaries,
its multi-faceted trust relationships, its expected usage between
...
... of environments and usages. In order to meet these diverse needs,
several distinct mechanisms applicable to different aspects and
usages of SIP will be required.
Note that the security ...
... signaling itself has no bearing on the
security of protocols used in concert with SIP such as RTP, or with
the security implications ...
... RTP, or with
the security implications of any specific bodies SIP might carry
(although MIME security ...
... MIME security plays a substantial role in securing SIP).
Any media associated with a session can be encrypted ...
... The considerations that follow first examine a set of classic threat
models that broadly identify the security needs of SIP. The set of
security services required to address ...
... requirements for
implementers of SIP are enumerated, along with exemplary deployments
in which these security mechanisms ...
... security mechanisms could be used to improve the
security of SIP. Some notes on privacy conclude this section.
...
... This section details some threats that should be common to most
deployments of SIP. These threats have been chosen specifically to
illustrate each of the security services that SIP ...
... SIP. These threats have been chosen specifically to
illustrate each of the security services that SIP requires.
The following examples by no means provide an exhaustive list of the
...
...
The following examples by no means provide an exhaustive list of the
threats against SIP; rather, these are "classic" threats that
demonstrate the need for particular security services that can
...
... potentially read any packet on the network - it is anticipated that
SIP will frequently be used on the public Internet. Attackers on the
...
...
The From header field of a SIP request, however, can be modified
arbitrarily by the owner of a UA, and this opens the door to
...
... This threat belongs to a family of threats that rely on the absence
of cryptographic assurance of a request's originator. Any SIP UAS
that represents a valuable service ...
... that represents a valuable service (a gateway that interworks SIP
requests with traditional telephone calls, for example) might want to
control access to its resources by authenticating requests that it
...
... receives. Even end-user UAs, for example SIP phones, have an
interest in ascertaining the identities of originators of requests.
...
... This threat demonstrates the need for security services that enable
SIP entities to authenticate the originators of requests.
...
... the redirect server at chicago.com answers with a forged response
that has appropriate SIP header fields for a response from
biloxi.com. The forged contact addresses in the redirection response
...
... session keys, but to most
conceivable forms of content carried end-to-end in SIP. These might
include MIME bodies that should be rendered to the user, SDP ...
...
For these reasons, the UA might want to secure SIP message bodies,
and in some limited cases header fields, end-to-end ...
...
In many architectures, SIP proxy servers face the public Internet in
order to accept requests from worldwide IP ...
... order to accept requests from worldwide IP endpoints. SIP creates a
number of potential opportunities for distributed denial-of-service
attacks ...
... denial-of-service
attacks that must be recognized and addressed by the implementers and
operators of SIP systems.
Attackers ...
... targeted host as the originator of the request and then send this
request to a large number of SIP network elements, thereby using
hapless SIP ...
... SIP network elements, thereby using
hapless SIP UAs or proxies to generate denial-of-service ...
... Record-Route could be used to similar effect when the attacker is
certain that the SIP dialog initiated by the request will result in
numerous transactions originating in the backwards direction.
...
...
The use of multicast to transmit SIP requests can greatly increase
the potential for denial-of-service attacks.
...
... From the threats described above, we gather that the fundamental
security services required for the SIP protocol are: preserving the
confidentiality and integrity of messaging, preventing replay attacks ...
... the participants in a session, and preventing denial-of-service
attacks. Bodies within SIP messages separately require the security
services of confidentiality, integrity ...
...
Rather than defining new security mechanisms specific to SIP, SIP
reuses wherever possible existing security models ...
... Rather than defining new security mechanisms specific to SIP, SIP
reuses wherever possible existing security models derived from the
...
... confidentiality of signaling - it can also guarantee that messages
are not modified by any malicious intermediaries. However, SIP
requests and responses cannot be naively encrypted end-to-end in
...
... network architectures
so that SIP requests are routed correctly. Note that proxy servers
need to modify some features of messages as well (such as adding Via
...
... need to modify some features of messages as well (such as adding Via
header field values) in order for SIP to function. Proxy servers
must therefore be trusted, to some degree, by SIP ...
... SIP to function. Proxy servers
must therefore be trusted, to some degree, by SIP UAs. To this
purpose, low-layer ...
...
encrypt the entire SIP requests or responses on the wire on a hop-
by-hop basis, and that allow endpoints to verify the identity ...
... proxy servers to whom they send requests.
SIP entities also have a need to identify one another in a secure
fashion. When a SIP endpoint asserts the identity ...
... SIP entities also have a need to identify one another in a secure
fashion. When a SIP endpoint asserts the identity of its user to a
peer UA ...
... verifiable. A cryptographic authentication mechanism is provided in
SIP to address this requirement.
...
...
An independent security mechanism for SIP message bodies supplies an
alternative means of end-to-end mutual authentication ...
... In many architectures IPSec does not require integration with SIP
applications; IPSec is perhaps best suited to deployments ...
... profile describing the protocol
tools that would be required to secure SIP. No such profile is given
in this document.
...
...
TLS must be tightly coupled with a SIP application. Note that
transport mechanisms are specified on a hop-by-hop ...
... transport mechanisms are specified on a hop-by-hop basis in SIP, thus
a UA that sends requests over TLS ...
... a minimum by implementers when TLS is used in a SIP application. For
purposes of backwards compatibility, proxy servers ...
...
The SIPS URI scheme adheres to the syntax of the SIP URI (described
in 19), although the scheme string is "sips" rather than "sip". The
semantics ...
... in 19), although the scheme string is "sips" rather than "sip". The
semantics of SIPS are very different from the SIP URI, however. SIPS
allows resources to specify that they should be reached securely.
...
... Request-URI of a
request, the SIPS scheme signifies that each hop over which the
request is forwarded, until the request reaches the SIP entity
responsible for the domain portion of the Request-URI ...
... domain be so secured.
The SIPS scheme is applicable to many of the other ways in which SIP
URIs are used in SIP ...
...
SIP provides a challenge capability, based on HTTP authentication,
that relies on the 401 and 407 response codes ...
... HTTP Digest authentication scheme in
SIP allows for replay protection and one-way authentication.
...
...
The usage of Digest authentication in SIP is detailed in Section 22.
...
...
As is discussed above, encrypting entire SIP messages end-to-end for
the purpose of confidentiality ...
... route messages correctly, and if these
intermediaries are excluded from security associations, then SIP
messages will essentially be non-routable.
However, S/MIME ...
... UAs to encrypt MIME bodies within SIP,
securing these bodies end-to-end without affecting message headers ...
... mutual authentication with TLS, but no
provisions are set forth in this document for their use. All SIP
elements that support TLS MUST have a mechanism for validating
certificates ...
... certificates for web browsers).
All SIP elements that support TLS MUST also support the SIPS URI
scheme.
...
... UAC SHOULD initiate a TLS connection over which it
will send SIP messages. In some architectures, UASs MAY receive
requests over such TLS connections ...
... certificate for comparison with the header fields of SIP
messages. The atlanta.com proxy server, for example, SHOULD verify
at this stage that the certificate ...
...
Such security policies could be instituted to prevent the SIP
equivalent of SMTP 'open relays' that are frequently exploited to
...
... end-to-end security such as
S/MIME). In this respect the SIP trapezoid model can provide a nice
structure where conventions of agreement between the site proxies ...
...
When the host on which a SIP proxy server is operating is routable
from the public Internet, it SHOULD be deployed in an administrative
domain ...
... hosts can also take the brunt of
denial-of-service attacks, ensuring that SIP hosts within the
administrative domain ...
... traffic from reaching its destination. There is a
computational expense associated with processing a SIP transaction at
a proxy server ...
... service. This commensurately makes it harder for attackers to
make innocent SIP nodes into agents of amplification.
...
...
One of the primary limitations of using HTTP Digest in SIP is that
the integrity mechanisms in Digest do not work very well for SIP ...
... SIP is that
the integrity mechanisms in Digest do not work very well for SIP.
Specifically, they offer protection of the Request-URI and the method ...
... replay protection mechanisms described in RFC 2617draft also
have some limitations for SIP. The next-nonce mechanism, for
example, does not support pipelined requests. The nonce ...
... certificates (or certificates that cannot be verified by one
of the participants in a dialog) are used, the SIP-based key exchange
mechanism described in Section 23.2 is susceptible to a man-in-the-
...
... connections. The use
of key fingerprints could provide some assistance to SIP, just as it
does for SSH. For example, if two parties use SIP ...
... SIP, just as it
does for SSH. For example, if two parties use SIP to establish a
voice communications session ...
... Another, more prosaic difficulty with the S/MIME mechanism is that it
can result in very large messages, especially when the SIP tunneling
mechanism described in Section 23.4 is used. For that reason, it is
RECOMMENDED that TCP ...
... AOR, and these tools are free to map SIPS URIs to SIP URIs as
appropriate. When queried for bindings ...
... Section 16.6). Such malicious intermediaries could, for example,
retarget a request from a SIPS URI to a SIP URI in an attempt to
downgrade security.
...
...
Alternatively, an intermediary might legitimately retarget a request
from a SIP to a SIPS URI. Recipients of a request whose Request-URI
...
... address these concerns, it is RECOMMENDED that recipients of a
request whose Request-URI contains a SIP or SIPS URI inspect the To
header field ...
...
End users will undoubtedly discern the difference between SIPS and
SIP URIs, and they may manually edit them in response to stimuli.
This can either benefit or degrade security ...
... however, sees that repeated calls to a SIPS AOR are failing, they
could on some devices manually convert the scheme from SIPS to SIP
and retry. Of course, there are some safeguards against this (if the
...
... users might also divine that 'SIPS' would be valid even when they are
presented only with a SIP URI.
...
...
SIP messages frequently contain sensitive information about their
senders - not just what they have to say, but with whom they
...
... callers. This is a whole class of problem that is
expected to be studied further in ongoing SIP work.
In some cases, users may want to conceal personal information in
...
... status codes, and option tags
used in SIP applications are registered with IANA through
instructions in an IANA ...
... header fields such as Require, Supported,
Proxy-Require, and Unsupported in support of SIP compatibility
mechanisms for extensions (Section 19.2). The option tag ...
... mechanisms for extensions (Section 19.2). The option tag itself is a
string that is associated with a particular SIP option (that is, an
extension). It identifies the option to SIP endpoints.
...
... string that is associated with a particular SIP option (that is, an
extension). It identifies the option to SIP endpoints.
Option tags ...
... Warning codes provide information supplemental to the status code in
SIP response messages when the failure of the transaction results
from a Session Description Protocol ...
...
The "warn-code" consists of three digits. A first digit of "3"
indicates warnings specific to SIP. Until a future specification
describes uses of warn-codes other than 3xx, only 3xx warn-codes may
be registered.
...
... header fields MAY be assigned one-letter
compact forms (Section 7.3.3). Compact forms can only be assigned
after SIP working group review, followed by RFC publication.
...
... document registers the "message/sip" MIME media type in order to
allow SIP messages to be tunneled as bodies within SIP, primarily for
end-to-end security ...
... MIME media type in order to
allow SIP messages to be tunneled as bodies within SIP, primarily for
end-to-end security purposes. This media type ...
... version
version: The SIP-Version number of the enclosed message (e.g.,
"2.0"). If not present, the version ...
... optionally followed by a binary MIME data object. As such, SIP
messages must be treated as binary. Under normal circumstances
SIP messages are transported over binary-capable transports ...
... data object. As such, SIP
messages must be treated as binary. Under normal circumstances
SIP messages are transported over binary-capable transports, no
special encodings ...
... 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop).
o The SIP BNF was converted to be RFC 2234(-> 4234draft) compliant.
...
... 2234(-> 4234draft) compliant.
o SIP URL BNF was made more general, allowing a greater set of
...
... 13], and more fully specified as a formal offer/answer exchange
process that is effectively tunneled through SIP. SDP is allowed
in INVITE ...
... in INVITE/200 or 200/ACK for baseline SIP implementations; RFC
2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop) alluded to the ability to use it in INVITE ...
... Handley, M., Schulzrinne, H., Schooler, E. and J. Rosenberg, "SIP: Session Initiation Protocol", RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop), March 1999. ...
... Johnston, A., Donovan, S., Sparks, R., Cunningham, C., Willis, D., Rosenberg, J., Summers, K. and H. Schulzrinne, "SIP Call Flow Examples", Work in Progress. ...
...
We wish to thank the members of the IETF MMUSIC and SIP WGs for their
comments and suggestions. Detailed comments were provided by Ofir
...