Network Working Group A. Mayrhofer Request for Comments: 4979 enum.at Category: Standards Track August 2007
IANA Registration for Enumservice 'XMPP'
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The IETF Trust (2007).
This document requests IANA registration of an Enumservice for XMPP, the Extensible Messaging and Presence Protocol. This Enumservice specifically allows the use of 'xmpp' Uniform Resource Identifiers (URIs) in the context of E.164 Number Mapping (ENUM).
E.164 Number Mapping (ENUM)  uses the Domain Name System (DNS)  to refer from E.164 numbers  to Uniform Resource Identifiers (URIs) . Specific services to be used with ENUM must be registered with IANA. Section 3 of RFC 3761 describes the process of such an Enumservice registration.
The Extensible Messaging and Presence Protocol (XMPP)  provides means for streaming Extensible Markup Language (XML)  elements between endpoints in close to real time. The XMPP framework is mainly used to provide instant messaging, presence, and streaming media services.
RFC 4622  registers a Uniform Resource Identifier (URI) scheme for identifying an XMPP entity as a URI or as an Internationalized Resource Identifier (IRI) . The Enumservice specified in this document allows the provisioning of such "xmpp" URIs (and the URI representations of "xmpp" IRIs) in ENUM.
XMPP IRIs/URIs optionally contain an "Authority Component" (see Section 2.3 of RFC 4622). The presence of such an Authority Component in an IRI/URI signals the processing application to authenticate as the user indicated in the URI/IRI rather than using the preconfigured identity.
In the context of this Enumservice, arbitrary clients may discover and use the XMPP URIs/IRIs associated to an E.164 number. Hence, in most cases, those clients will not be able to authenticate as requested in the Authority Component.
Therefore, URIs/IRIs that result from processing an XMPP Enumservice record SHOULD NOT contain an Authority Component.
General security considerations of the protocols on which this Enumservice registration is based are addressed in Sections 3.1.3 and 6 of RFC 3761 (ENUM) and Section 14 of RFC 3920 (XMPP).
Since ENUM uses DNS -- a publicly available database -- any information contained in records provisioned in ENUM domains must be considered public as well. Even after revoking the DNS entry and removing the referred resource, copies of the information could still be available.
Information published in ENUM records could reveal associations between E.164 numbers and their owners -- especially if IRIs/URIs contain personal identifiers or domain names for which ownership information can be obtained easily.
However, it is important to note that the ENUM record itself does not need to contain any personal information. It just points to a location where access to personal information could be granted.
ENUM records pointing to third-party resources can easily be provisioned on purpose by the ENUM domain owner -- so any assumption about the association between a number and an entity could therefore be completely bogus unless some kind of identity verification is in place. This verification is out of scope for this memo.
Some text from RFC 4622 was used in the Introduction of this document. Charles Clancy, Miguel Garcia, Andrew Newton, Jon Peterson, and Peter Saint-Andre provided extensive reviews and valuable feedback.
 Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987.
 ITU-T, "The international public telecommunication numbering plan", Recommendation E.164 (02/05), Feb. 2005.
 Maler, E., Paoli, J., Bray, T., Yergeau, F., and C. Sperberg- McQueen, "Extensible Markup Language (XML) 1.0 (Third Edition)", World Wide Web Consortium FirstEdition REC-xml-20040204, February 2004, <http://www.w3.org/TR/2004/REC-xml-20040204>.
 Saint-Andre, P., Ed., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 3920, October 2004.
Mayrhofer Standards Track [Page 5]
RFC 4979 XMPP Enumservice August 2007
Alexander Mayrhofer enum.at GmbH Karlsplatz 1/2/9 Wien A-1010 Austria
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at firstname.lastname@example.org.
Funding for the RFC Editor function is currently provided by the Internet Society.