SIP growing up Henning Schulzrinne Columbia University SIP

SIP – growing up Henning Schulzrinne Columbia University SIP 2003 – January 2003 Paris, France

Overview n What happened in 2002? n n n Outlook for 2003 n n standards milestones deployment substantial completion? SIP challenges

What happened in 2002? n New revision of SIP RFCs published n n RFC 3261: basic protocol specification RFC 3262: Reliability of Provisional Responses n n n RFC 3263: Locating SIP Servers RFC 3264: An Offer/Answer Model with the Session Description Protocol (SDP) RFC 3265: SIP-specific Event Notification

RFC 3261 n n Backward compatible with RFC 2543 – no new version Major changes: n specification behavior-oriented, not header-oriented n n n mandate support for UDP and TCP formal offer/answer model for media negotiation uses both SRV and NAPTR for server location, load balancing and redundancy much more complete security considerations n n n e. g. , separation into ‘layers’ “sips: ’’ for secured (TLS) path PGP removed due to lack of use Basic authentication removed as unsafe S/MIME added for protecting message bodies (and headers, via encapsulation) Route/Record-Route simplified

SIP and 3 G wireless networks n n n In July, 3 GPP adopts SIP as signaling protocol for Release 5 increased collaboration between organizations still somewhat different perspectives: 3 GPP IETF network doesn’t trust user only partially trusts network L 1/2 -specific generic walled garden open access

SIP adoption in 2002 n IBM, Novell support SIMPLE for group communications in the enterprise n n n but still confusion by Microsoft: MSN Messenger 5. 0 (no SIP) vs. Windows Messenger 4. 7 (SIP + MSN, but mostly for XP) AOL backing off from interoperability IETF adds Jabber to the IM standards confusion n PRIM and APEX fading 3 GPP adopts SIMPLE as IM/presence mechanism for Release 6 commercial services for consumers and businesses n n Vonage, Denwa, e. Stara, … MCI Worldcom, Delta. Three

SIP products n Still no cheap (< $100) phones, but getting closer n n snom 100 ($270), Cisco 7905 ($165), Teledex (but not all SIP yet…) but still not Wal-Mart video-conferencing equipment still lacking turn-key “IP PBX-in-abox” available from multiple vendors n n n many good software clients PDA clients emerging despite industry “issues”, robust set of participants at

SIP standardization in 2002 n Probably point of maximum activity for SIP work n There have been at least (in my collection of 6428 distinct IETF I-Ds)… n n n n 210 distinct I-Ds with –sip– (not counting -00, -01, etc. ) 83 with –sipping– 34 with –simple– Current status somewhat difficult to track n not all WG I-Ds are draft-ietf-* many drafts start as draftsomebody-* IETF draft tracking is iffy (complete only after WG done) JAIN activities in 2002: n n WG SIP servlet API JAIN SIP lite SIP RFCs IESG WG or I-Ds RFC editor 17 11 10 SIPPING 4 9 12 SIMPLE 0 6 0

Other SIP RFCs published in 2002 n n n n DHCP options for SIP servers The Session Initiation Protocol (SIP) UPDATE Method Integration of Resource Management and Session Initiation Protocol (SIP) Internet Media Type message/sipfrag A Privacy Mechanism for the Session Initiation Protocol (SIP) Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks Session Initiation Protocol (SIP) Extension for Instant Messaging The Reason Header Field for the Session Initiation Protocol (SIP) Extension Header Field for Registering Non. Adjacent Contacts User Requirements for the Session Initiation Protocol (SIP) in Support of Deaf, Hard of Hearing and Speech-impaired Individuals Session Initiation Protocol for Telephones (SIP-T): Context and Architectures Short Term Requirements for Network Asserted Identity Integrated Services Digital Network (ISDN) User Part (ISUP) to Session Initiation Protocol (SIP) Mapping

Major SIP standardization items left to do n Conferencing n n n n Debugging and call history Content indirection Emergency calls Presence and IM: n Application interaction n n conference creation – adhoc and pre-arranged call leg events conference membership tracking floor control = SIP events + SOAP n n DTMF control (instead of INFO, complementary to RFC 2833) e. g. , KPML for causing HTTP POST on digit combinations n n n User identity via S/MIME n n session mode (INVITEinitiated) UPDATE for presence updates is-composing event while typing limit message size delivery confirmation more detailed presence status SIMPLE Java APIs

SIP standardization n After this, mostly into maintenance mode n n track bugs and eventually issue RFC 3261 bis Will SIP progress to Draft Standard? n hardly unique: n n n 883 Proposed Standard RFCs, 99 Draft Standard, 66 Standard unlikely too many external dependencies (TLS, S/MIME, SRV, NAPTR, …) lots of work (interop statements) too little motivation

Is SIP still simple? n 25 SIP RFCs (+ SDP), 823 pages n n RFC 3261 is longest RFC ever n n and the call flows RFCs aren’t out yet by bytes, RFC 2801 (IOTP) wins by page count However… n n n probably only (3 GPP) proxy writers need to worry about most of these can still build a simple user agent in a (long) evening most effort is likely to be for security: n n TLS, digest, S/MIME, AAA, … DOS protection

What has SIP become? n n Session Initiation Protocol – 2 out of 3 words are wrong (or too narrow…) Plesiosynchronous end-to-end message delivery n n n Rendezvous: find end point via abstract address Components for specific functionality: n n n with real-time confirmation (unlike email) but modest rates (unlike RTP) either as session or stand-alone (“page-mode”) session setup and negotiation: INVITE, UPDATE, OPTIONS, ACK, INFO, BYE, PRACK event notification sessions: SUBSCRIBE, NOTIFY page-mode message delivery: MESSAGE binding management: REGISTER Transport: from UDP + TCP + SCTP + UDP

General Vo. IP infrastructure n n One cannot build a service on SIP alone Other items still need work: n n AAA for SIP, both RADIUS (widely used, but obsolete) and DIAMETER security infrastructure n n how to authenticate to callee? cheap identities even PKI mainly helps to identify caller on second call use OPTION to get callee certificate? configuration of SIP devices: n n configuring by keypad is a pain configuration by web page doesn’t scale tftp is insecure and for LAN only need configuration for identities, protocol parameters

Aside: SIP phone Qo. S n We measured mouth-to-ear one-way delay of a range of commercial SIP phones and software applications, in a LAN A B B A end-point B GSM PSTN 115 ms 109 ms 3 Com Cisco 51 ms 63 ms Net. Meeting 401 ms 421 ms Messenger XP 109 ms 120 ms

Emergency (911/112) services DHCP 120 th 500 W Room 815 MAC port IP “ 911” CDP: port 17, cepsr-7 -1 INVITE sip: sos@cs. columbia. edu Location: 500 W 120, Rm. 815 500 W 120 tel: 911 jurisdictional directory

SIP security infrastructure n need to store secret in semi-trusted devices single sign-on? CINEMA system: n n n i-button or magnetic swipe card sets up lines on phone controls environment all via SIP events but phone configuration via screen faking dim lights SIP events add “line” change station

SIP work at Columbia n n n Location-based services Event models and filtering Mesh-based conferencing End system service creation (CPL extension) Service discovery

Conclusion n SIP standardization nearing completion n core functionality sufficient to build n n n 3 G mobile system corporate PBX but need more operational experience efforts still telephony-centric, but combinations IM + Vo. IP emerging architectural model for “what’s-SIP-good -at” emerging, but different visions