| Sieve Working Group | A. Melnikov |
| Internet-Draft | Isode Limited |
| Intended status: Standards Track | Q. Sun |
| Expires: March 10, 2012 | B. Leiba |
| K. Li | |
| Huawei Technologies | |
| September 07, 2011 |
Sieve Notification Mechanism: SIP MESSAGE
draft-ietf-sieve-notify-sip-message-05
This document describes a profile of the Sieve extension for notifications, to allow notifications to be sent over SIP MESSAGE.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 10, 2012.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The Notify extension [RFC5435] to the Sieve mail filtering language [RFC5228] is a framework for providing notifications by employing URIs that specify the notification mechanism. This document defines how SIP URIs RFC 3261 [RFC3261] are used to generate notifications via SIP MESSAGE RFC 3428 [RFC3428].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
This document inherits terminology from the Sieve email filtering language [RFC5228], the Sieve Notify extension [RFC5435], and RFC 3261 [RFC3261].
The SIP MESSAGE mechanism defined in this document results in the sending of a SIP MESSAGE request to notify a recipient about an email message.
The "method" parameter MUST be a URI that conforms to the SIP or SIPS URI scheme (as specified in RFC 3261 [RFC3261]) and that identifies a SIP or SIPS recipient of the notification. The URI MAY include the resource identifier portion of a SIP address and URI parameters. The URI parameter "method" MUST be included and MUST contain the value "MESSAGE". (Note that future specifications might extend this document and define Sieve notifications that use other SIP methods.) The processing application MUST form a request according to the rules specified in RFC 3261 [RFC3261].
Note that other URI schemes can also trigger SIP processing, but only SIP and SIPS are defined here. Future extensions might define other notification methods using SIP, using other URI schemes.
The value of the ":from" tag MUST use the SIP "From" header field syntax; if the :from value is specified, has valid syntax, and is valid according to the implementation-specific security checks (see Section 3.3 of Sieve Notify [RFC5435]), then the notification SHOULD include the "From" SIP header field containing the value of the :from notify tag. If the specified value is not valid, then it is ignored.
All SIP authentication, including challenges and client certificates, SHOULD be done in the context of the Sieve engine -- the Sieve engine is the identity being authenticated. This avoids security issues associated with the Sieve engine's having access to the end user's SIP authentication credentials. The Sieve engine MAY use server-wide credentials (including applicable certificates) that are the same for all scripts. Alternatively, it MAY, for auditing purposes, use different sets of Sieve-engine credentials when operating on behalf of different users.
See section 22 of RFC 3261 [RFC3261] for more information about SIP authentication.
Handling of the ":options" tag is implementation specific. This document doesn't require presence of any option and doesn't define how options are processed.
The ":importance" tag is intended to convey the importance of the SIP MESSAGE notification, not the importance of the email message that generated the notification. The value of the ":importance" tag MAY, therefore, be transformed into SIP "Priority" header field (in addition to or instead of including it in the body of the message). If this is done, the value of the "Priority" header field MUST be "urgent" if the value of the ":importance" tag is "1", "normal" if the value of the ":importance" tag is "2", and "non-urgent" if the value of the ":importance" tag is "3".
If the ":message" tag is included, it MUST be transformed into the message-body of a SIP MESSAGE, which MUST have Content-Type value of "text/plain" with CHARSET="UTF-8". If the ":message" tag is not included, a default message will be used. The default message body SHOULD contain the values of the "From" and "Subject" header fields of the triggering email message (and MAY include the value of the ":importance" tag, if one is specified), as shown in Section 3.2 below.
Implementations MUST comply with the SIP MESSAGE size limits, as discussed in section 8 of RFC 3428 [RFC3428].
An implementation MUST ignore any URI parameter it does not understand (the URI MUST be processed as if the parameter were not present). Implementations SHOULD NOT use the hname "body" parameter value as the message-body of the SIP MESSAGE request. If the hname "body" parameter and ":message" tag are present at the same time, the "body" parameter MUST be ignored.
If the notification request fails, there will be a SIP error code describing the failure. The policy for retrying delivery of failed notifications is specified in RFC 3261 [RFC3261], according to the error code. In other words, unlike the situation with some other Sieve notification methods, retries for SIP MESSAGE notifications are controlled by the notification protocol itself (SIP).
Because it is impossible to tell in advance whether the notification recipient is online and able to receive a SIP MESSAGE, the notify_method_capability test for "online" will always return "maybe" for this notification method.
In the following examples, the sender of the email has an address of juliet@example.org, the entity to be notified has a SIP address of <sip:romeo@example.com>, and the notification service has a SIP address <sip:notifier@example.com>.
The following is a basic Sieve notify action with only a method:
notify "sip:romeo@example.com;method=MESSAGE"
The resulting SIP MESSAGE request might be as follows:
MESSAGE sip:romeo@example.com SIP/2.0 Via: SIP/2.0/TCP notifier.example.com;branch=z9hG4bK776sgdkse Max-Forwards: 70 From: sip:notifier@example.com;tag=32328 To: sip:romeo@example.com Call-ID: asd88asd77a@1.2.3.4 CSeq: 1 MESSAGE Date: Sat, 13 Nov 2010 23:29:00 GMT Content-Type: text/plain Content-Length: 53 <juliet@example.com> wrote: Contact me immediately!
In the example above the email message was received from juliet@example.com and had "Subject: Contact me immediately!"
The following is a more advanced Sieve notify action with a method, importance, subject, and message:
notify :importance "1"
:message "You got new mail!"
"sip:romeo@example.com;method=MESSAGE?subject=SIEVE"
MESSAGE sip:romeo@example.com SIP/2.0
Via: SIP/2.0/TCP notifier.example.com;branch=z9hG4bK776sgdkse
Max-Forwards: 70
From: sip:notifier@example.com;tag=32328
To: sip:romeo@example.com
Subject: SIEVE
Priority: urgent
Call-ID: asd88asd77a@1.2.3.4
CSeq: 1 MESSAGE
Date: Fri, 08 Apr 2011 06:54:00 GMT
Content-Type: text/plain
Content-Length: 19
You got new mail!
Section 3.8 of Sieve Notify [RFC5435] specifies a set of requirements for Sieve notification methods. A checklist is provided here to show conformance of the SIP MESSAGE notification method.
Depending on the information included, sending a notification can be comparable to forwarding mail to the notification recipient. Care must be taken when forwarding mail automatically, to ensure that confidential information is not sent into an insecure environment or over an insecure channel.
User agents that support the SIP MESSAGE request MUST implement end-to-end authentication, body integrity, and body confidentiality mechanisms.
The Sieve Notify extension specifies that notification methods MUST provide mechanisms for avoiding notification loops. In this case, the SIP protocol itself prevents loops, and no explicit work is needed within the notification mechanism. In situations where a SIP MESSAGE notification can result in an email message, which could generate another SIP MESSAGE notification, loop prevention through rate limiting might be necessary.
Other security considerations given in the Sieve base specification [RFC5228], the Sieve Notify extension [RFC5435], and RFC 3261 [RFC3261] are also relevant to this document.
The following template provides the IANA registration of the Sieve notification mechanism specified in this document. This information should be added to the list of Sieve notification mechanisms maintained at <http://www.iana.org/assignments/sieve-notification>.
To: iana@iana.org
Subject: Registration of new Sieve notification mechanism
Mechanism name: sip-message
Mechanism URI: SIP/SIPS as specified in RFC 3261 [RFC3261]
Mechanism-specific options: none
Standards Track/IESG-approved experimental RFC number: [RFC XXXX]
Person and email address to contact for further information:
See authors of [RFC XXXX]
This document borrows some text from draft-ietf-sieve-notify-xmpp.
Henning Schulzrinne (hgs@cs.columbia.edu) was a special contributor to this document, with early work and reviews.
The authors would like to thank Adam Roach and Eric Burger for their helpful comments. Ben Campbell did a very thorough RAI-team review, as well as a follow-up review to make sure we resolved all of his issues satisfactorily. This document was greatly improved by their input.
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
| [RFC5228] | Guenther, P. and T. Showalter, "Sieve: An Email Filtering Language", RFC 5228, January 2008. |
| [RFC5435] | Melnikov, A., Leiba, B., Segmuller, W. and T. Martin, "Sieve Email Filtering: Extension for Notifications", RFC 5435, January 2009. |
| [RFC3261] | Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. |
| [RFC3428] | Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C. and D. Gurle, "Session Initiation Protocol (SIP) Extension for Instant Messaging", RFC 3428, December 2002. |
| [RFC3629] | Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003. |