scope:

As specified in IETF RFC 4412, Communications Resource Priority for the Session Initiation Protocol (SIP), the Session Initiation Protocol (SIP) Resource-Priority Header (RPH) field may be used by SIP user agents, including Public Switched Telephone Network (PSTN) gateways and terminals, and SIP proxy servers to influence prioritization afforded to communication sessions, including PSTN calls. As discussed in 3GPP TS 24.229, Technical Specification Group Services and System Aspects; IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3, where the network has a requirement to prioritize emergency calls, it can use the "esnet" namespace in the Resource-Priority Header field (as defined in IETF RFC 7135, Registering a SIP Resource Priority Header Field Namespace for Local Emergency Communications, to do so. Where the Resource-Priority Header field is used for this purpose, it is inserted by the entity identifying the emergency call, i.e., the Proxy Call Session Control Function (P-CSCF) or the Interconnection Border Control Function (IBCF). There is no usage of this namespace from the User Agent (UA), and when this namespace is used, the trust domain implementation removes it if set by the UA.

After an emergency call is received by a Public Safety Answering Point (PSAP), it is sometimes necessary for the call taker to call the emergency caller back (e.g., if the caller disconnects prematurely). IETF RFC 7090, Public Safety Answering Point (PSAP) Callback, describes the use of the SIP Priority header field, with the value "psapcallback" to mark such calls to allow special network handling of the call, such as bypassing services that might preclude the call from completing. There is no protection against misuse of the SIP Priority field, and because, as IETF RFC 7090 [Ref 10] illustrates, the SIP Priority header field may affect routing, it is desirable to protect it from modification.

Like caller identity information associated with emergency calls and callback calls, the SIP RPH and Priority header fields could also be spoofed by unauthorized entities, impacting Public Safety communications and emergency response. Next Generation 9-1-1 (NG9-1-1) Emergency Services Networks receiving SIP RPHs across Internet Protocol Network-to-Network Interfaces (IP NNIs) from Internet Protocol (IP) originating networks cannot easily determine whether the SIP RPH was populated by an authorized Originating Service Provider or by an unauthorized entity. Likewise, the home network of an emergency caller cannot determine whether the SIP Priority header associated with a callback call was populated by an authorized party and can be trusted.

This ATIS standard leverages the Signature-based Handling of Asserted information using toKENs (SHAKEN) model specified in ATIS-1000074-E, Errata on ATIS Standard on Signature-based Handling of Asserted information using toKENs (SHAKEN), to cryptographically sign and verify the SIP RPH and Priority header fields associated with emergency calls and callback calls using the Personal Assertion Token (PASSporT) extension defined in IETF RFC 8443 [Ref 16] with the assertion values described in RFC 9027 [Ref 7] and the associated Secure Telephone Identity (STI) protocols described in 3GPP TS 24.229 [Ref 2]. Note that application of SIP RPH signing to emergency calls and SIP RPH and Priority header signing to callback calls is in addition to the caller identity authentication and verification defined in ATIS-1000074-E [Ref 5].

This ATIS standard is intended to provide a framework and guidance on how to use the PASSporT extension defined in IETF RFC 8443 [Ref 16], with the RPH assertion values and SIP Priority header claim specified in RFC 9027 [Ref 07] and the associated STI protocols to cryptographically sign and verify the SIP RPH and Priority header values associated with emergency calls or callback calls that cross IP NNI boundaries.

The scope of this ATIS standard is limited to the cryptographic signing and verifying of SIP RPH and Priority header field contents associated with emergency and callback calls (i.e., RPH values in the "esnet" namespace and a Priority header value of "psap-callback"). This standard does not address caller identity (SHAKEN) authentication and verification associated with emergency calls and callback calls, except in the context of call flow descriptions, nor does it discuss specific impacts to call processing or routing procedures associated with the use of the Priority header to mark callback calls. Finally, the display of information associated with the verification of SIP RPH and Priority header values is outside the scope of this document.

Purpose

Illegitimate spoofing of SIP RPH values in the "esnet" namespace in the signaling associated with emergency calls and callback calls is a concern for Public Safety. NG9-1-1 System Service Providers will interconnect with multiple Originating Service Providers and will benefit from knowing whether the SIP RPH value received in incoming signaling can be trusted. Likewise, home network providers serving emergency callers will benefit from knowing whether the Priority header accompanying a callback call can be trusted before applying special processing or routing to such calls. The purpose of this standard is to provide a framework for cryptographically signing the SIP RPH and Priority header fields and verifying that the SIP RPH and Priority header fields can be trusted to mitigate against unauthorized spoofing of, or tampering with, the information conveyed in the SIP RPH or Priority header. This framework will leverage the SHAKEN infrastructure for caller identity authentication and verification and will describe how the PASSporT "rph" extension defined in IETF RFC 8443 [Ref 16], with the RPH assertion values and SIP Priority header claim described in RFC 9027 [Ref 7], can be used for the purpose of providing a trust mechanism for the SIP RPH associated with emergency calls and the SIP RPH and Priority header associated with callback calls that cross IP NNI boundaries.