Status of this Memo The Referred-By Mechanism

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Abstract The SIP REFER method [2] provides a mechanism where one party (the referror) provides a second party (the referree) with an arbitrary URI to reference. If that URI is a SIP URI, the referree will send a SIP request, often an INVITE, to that URI (the refer target). This document extends the REFER method allowing the referror to provide information about the reference to the refer target using the referree as an intermediary. This information includes the identity of the referror and the URI to which the referror referred. The mechanism utilizes S/MIME to help protect this information from a malicious intermediary. This protection is optional, but a recipient may refuse to accept a request unless it is present. 1. Overview The SIP REFER method [2] provides a mechanism where one party (the referror) provides a second party (the referree) with an arbitrary URI to reference. If that URI is a SIP URI, the referree will send a SIP request, often an INVITE, to that URI (the refer target). Nothing provided in [2] distinguishes this referenced request from any other request the referree might have sent to the refer target.There are applications of REFER, such as call transfer [4], where it is desirable to provide the refer target with certain information about the referror and the REFER request itself. This information may include, but is not limited to, the referror's identity, the referred to URI, and the time of the referral. The refer target can use this information when deciding whether to admit the referenced request. This draft defines one set of mechanisms to provide that information. All of the mechanisms in this draft involve placing information in the REFER request that the referee copies into the referenced request. This necessarily establishes the referee as an eavesdropper and places the referree in a position to launch man-in-the-middle attacks on that information. At the simplest level, this draft defines a mechanism for carrying the referror's identity, expressed as a …