Internet DRAFT - draft-ietf-sipcore-sessiontimer-race

draft-ietf-sipcore-sessiontimer-race







SIPCORE Working Group                                        C. Holmberg
Internet-Draft                                                  Ericsson
Updates: 4028 (if approved)                              August 30, 2018
Intended status: Standards Track
Expires: March 3, 2019


     Session Initiation Protocol (SIP) Session Timer Glare Handling
                draft-ietf-sipcore-sessiontimer-race-02

Abstract

   This document updates RFC 4028, by clarifying the procedures for
   negotiating usage of the Session Initiation Protocol (SIP) session
   timer mechansim, in order to avoid a race condition where both
   endpoints trigger simultaneous negotiations.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 3, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Holmberg                  Expires March 3, 2019                 [Page 1]

Internet-Draft             Session timer glare               August 2018


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Problem Statement . . . . . . . . . . . . . . . . . . . .   2
     1.2.  Solution  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Update to RFC 4028  . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  Update to Section 7.2 . . . . . . . . . . . . . . . . . .   3
     3.2.  Update to Section 7.4 . . . . . . . . . . . . . . . . . .   4
     3.3.  Update to Section 8.1 . . . . . . . . . . . . . . . . . .   5
     3.4.  Update to Section 9 . . . . . . . . . . . . . . . . . . .   6
   4.  Security considerations . . . . . . . . . . . . . . . . . . .   7
   5.  IANA considerations . . . . . . . . . . . . . . . . . . . . .   7
   6.  Normative references  . . . . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   [RFC4028] defines a mechanism, where periodic SIP requests are sent
   in order to allow SIP user agents and proxies to determine whether a
   SIP session is still active.

   The usage of the mechanism is negotiated using two new SIP header
   fields (Session-Expires and Min-SE), a new option tag ('timer') and a
   new SIP response code (422).

1.1.  Problem Statement

   1.  Section 7.4 of [RFC4028] says that, in a session refresh request
   sent within a dialog with an active session timer, the Session-
   Expires header field should be included in the request.  However, the
   text is unclear regarding including the Session-Expires header field
   in a session refresh request when a negotiation of session timer
   usage is still ongoing, e.g., if one user agent is sending a request
   that contains a Session-Expires header field and, before it receives
   the associated 2xx response, receives a request from the peer user
   agent that also contains a Session-Expires header field.  Such
   scenario might cause a glare situation, with conflicting negotiation
   parameters.

   2.  The absence of the Session-Expires header field in a 2xx response
   to an (re-)INVITE request [RFC3261] or UPDATE request [RFC3311] means
   that the mechanism isn't used.  This can be used to reject the usage
   of the mechanism when sending a response.  However, the text is
   unclear that this only applies to cases where the associated SIP
   request contained a Session-Expires header field.





Holmberg                  Expires March 3, 2019                 [Page 2]

Internet-Draft             Session timer glare               August 2018


1.2.  Solution

   This document updates [RFC4028], by clarifying the procedures for
   negotiating usage of the Session Initiation Protocol (SIP) [RFC3261]
   session timer mechanism [RFC4028].  The following clarifications are
   provided:

   o  A Session-Expires header field can only be included in a session
      refresh request if there is no ongoing negotiation of usage of the
      session timer mechansim, and if there is no ongoing INVITE
      transaction.
   o  A user agent shall, if it receives a session refresh equest with a
      Session-Expires header field during an ongoing negotiation of
      usage of the session timer mechanism, or when there is an ongoing
      INVITE transaction, send a 491 (Request Pending) response to the
      request.
   o  The absence of a Session-Expires header field in a response will
      disable usage of the session timer mechanism only if the
      associated requuest contained a Session-Expires header field.

2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Update to RFC 4028

3.1.  Update to Section 7.2

   This section updates the third paragraph in section 7.2 of [RFC4028],
   by clarifying that the absence of a Session-Expires header field in a
   response will disable usage of the session timer mechanism only if
   the associated request contained a Session-Expires header field.

















Holmberg                  Expires March 3, 2019                 [Page 3]

Internet-Draft             Session timer glare               August 2018


 OLD TEXT:

    If the 2xx response did not contain a Session-Expires header field,
    there is no session expiration. In this case, no refreshes need to
    be sent. A 2xx without a Session-Expires can come for both initial
    and subsequent session refresh requests. This means that the session
    timer can be 'turned-off' in mid dialog by receiving a response
    without a Session-Expires header field.


 NEW TEXT:

    If the request contained a Session-Expires header field, and the
    associated 2xx response did not contain a Session-Expires header
    field, there is no session expiration. In this case, no refreshes
    need to be sent. A 2xx without a Session-Expires can come for both
    initial and subsequent session refresh requests. This means that
    the session timer can be 'turned-off' in mid dialog by receiving a
    response without a Session-Expires header field.


3.2.  Update to Section 7.4

   This section updates the fifth paragraph in section 7.4 of [RFC4028],
   by clarifying that the Session-Expires header field can only be
   included in a refresh request if there is no ongoing negotiation of
   usage of the session timer mechanism.
























Holmberg                  Expires March 3, 2019                 [Page 4]

Internet-Draft             Session timer glare               August 2018


 OLD TEXT:

    In a session refresh request sent within a dialog with an active
    session timer, the Session-Expires header field SHOULD be present.
    When present, it SHOULD be equal to the maximum of the Min-SE header
    field (recall that its default value when not present is 90 seconds)
    and the current session interval. Inclusion of the Session-Expires
    header field with this value avoids certain denial-of-service
    attacks, as documented in Section 11. As such, a UA should only
    ignore the SHOULD in unusual and singular cases where it is
    desirable to change the session interval mid-dialog.


 NEW TEXT:

    In a session refresh request sent within a dialog with an active
    session timer, if there is no ongoing negotiation of usage of the
    session timer mechanism and if there is no ongoing INVITE
    transaction (with or without session timer negotiation), the
    Session-Expires header field SHOULD be present. If there is an
    ongoing negotiation, or if there is an ongoing INVIET transaction,
    the Session-Expires header field MUST NOT be present. When present,
    it SHOULD be equal to the maximum of the Min-SE header field (recall
    that its default value when not present is 90 seconds) and the
    current session interval. Inclusion of the Session-Expires header
    field with this value avoids certain denial-of-service attacks, as
    documented in Section 11. As such, a UA should only ignore the
    SHOULD in unusual and singular cases where it is desirable to
    change the session interval mid-dialog.


3.3.  Update to Section 8.1

   This section updates the second paragraph section 8.1 of [RFC4028],
   by clarifying that a proxy can insert a Session-Expires header field
   in a request only if there is no ongoing negotiation of usage of the
   session timer mechanism and if there is no ongoing INVITE
   transaction.













Holmberg                  Expires March 3, 2019                 [Page 5]

Internet-Draft             Session timer glare               August 2018


 OLD TEXT:

    To request a session timer for a session, a proxy makes sure that a
    Session-Expires header field is present in a session refresh request
    for that session. A proxy MAY insert a Session-Expires header field
    in the request before forwarding it if none was present in the
    request. This Session-Expires header field may contain any desired
    expiration time the proxy would like, but not with a duration lower
    than the value in the Min-SE header field in the request, if it is
    present. The proxy MUST NOT include a refresher parameter in the
    header field value.

 NEW TEXT:

    To request a session timer for a session, a proxy makes sure that a
    Session-Expires header field is present in a session refresh request
    for that session. A proxy MAY insert a Session-Expires header field
    in the request before forwarding it if none was present in the
    request, if there is no ongoing negotiation of usage of the
    session timer mechanism and if there is no ongoing INVITE
    transaction (with or without session timer negotiation). This
    Session-Expires header field may contain any desired expiration time
    the proxy would like, but not with a duration lower than the value
    in the Min-SE header field in the request, if it is present. The
    proxy MUST NOT include a refresher parameter in the header field
    value.


3.4.  Update to Section 9

   This section updates section 8.1 of [RFC4028], by clarifying that a
   session refresh request that is received while there is an ongoing
   negotiation of usage of the session timer mechanism shall be rejected
   by a 491 (Request Pending) response.  The clarification is done by
   adding a new paragraph between the fouth and fifth paragraphs of the
   section.


  NEW TEXT:

     If an incoming request contains a Session-Expires header field,
     and there is on ongoing negotiation of usage of the session timer
     mechanism, or if there is an ongoing INVITE transaction (with or
     without session timer negotiation), the UAS MUST reject the request
     with a 491 (Request Pending) response.






Holmberg                  Expires March 3, 2019                 [Page 6]

Internet-Draft             Session timer glare               August 2018


4.  Security considerations

   The security considerations associated with the SIP Session-Timer
   mechanism are described in [RFC4028].  This specification adds
   clarification text for avoiding session-timer negotiation race
   conditions, and does not introduce new security considerations.

5.  IANA considerations

   This specification makes no requests from IANA.

6.  Normative references

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
              editor.org/info/rfc2119>.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              DOI 10.17487/RFC3261, June 2002, <https://www.rfc-
              editor.org/info/rfc3261>.

   [RFC3311]  Rosenberg, J., "The Session Initiation Protocol (SIP)
              UPDATE Method", RFC 3311, DOI 10.17487/RFC3311, October
              2002, <https://www.rfc-editor.org/info/rfc3311>.

   [RFC4028]  Donovan, S. and J. Rosenberg, "Session Timers in the
              Session Initiation Protocol (SIP)", RFC 4028,
              DOI 10.17487/RFC4028, April 2005, <https://www.rfc-
              editor.org/info/rfc4028>.

Author's Address

   Christer Holmberg
   Ericsson
   Hirsalantie 11
   Jorvas  02420
   Finland

   Email: christer.holmberg@ericsson.com









Holmberg                  Expires March 3, 2019                 [Page 7]