From: The IESG To: IETF-Announce:; Message-Id: Date: Tue, 01 Jun 2004 16:41:49 -0400 Cc: sip mailing list , sip chair , Internet Architecture Board , sip chair , RFC Editor Subject: [Sip] Protocol Action: 'The Session Inititation Protocol (SIP) 'Join' Header' to Proposed Standard The IESG has approved the following document: - 'The Session Inititation Protocol (SIP) 'Join' Header ' as a Proposed Standard This document is the product of the Session Initiation Protocol Working Group. The IESG contact persons are Allison Mankin and Jon Peterson. Technical Summary This document defines a new header for use with SIP multi-party applications and call control. The Join header is used to logically join an existing SIP dialog with a new SIP dialog. This primitive can be used to enable services such as answering machine style Message-Screening. The document includes non-normative examples to describe the services. The extension specified in this document significantly changes the relative security of SIP devices. Currently in SIP, even if an eavesdropper learns the Call-ID, To, and From headers of a dialog, they cannot easily modify or destroy that dialog if Digest authentication or end-to-end message integrity are used. This extension can be used to insert or monitor potentially sensitive content in a multimedia conversation. As such, invitations with the Join header MUST only be accepted if the peer requesting replacement has been properly authenticated using a standard SIP mechanism (Digest or S/MIME), and authorized to be joined with the target dialog. (All SIP implementations are already required to support Digest Authentication.) Generally authorization for joins are configured as a matter of local policy as long-duration persistent relationships, such as the user and the message screening capability. Specific mechanisms for authorization are described. It is also possible to use Referred-by and the AuthID Body. Working Group Summary The Join header is an important element of the multi-party architecture in SIP. There were engineering considerations to get the details right, but there was consensus to advance this document. Protocol Quality Join has been implemented by multiple vendors and tested at the SIP interop gatherings. The protocol was reviewed for the IESG by Allison Mankin. RFC Editor Note: Add to the end of the Security Considerations - Section 4 describes specific mechanisms for authorization using Digest Authentication and S/MIME (RFC 3261) and Referred-by [9], the currently available capabilities in SIP. The document was submitted on the cusp of RFC 3667 approval. Please replace the boilerplate.