Theo Zourzouvillys / Θεοδόσιος Ζορζοβίλης :: Theo's Blog: SIP URI syntax is broken with IPv6 & Generic URIs

Friday, March 6, 2009

SIP URI syntax is broken with IPv6 & Generic URIs

Well, actually, the way a bunch of commonly used URI schemes define their IPv6 syntax doesn't match what is allowed in the generic syntax defined in RFC 3986.

SIP, (as well as a number of other URI schemes) define IPv6 literal URIs to be enclosed in square brackets to differentiate them, for example:

sip:[XXXX:XXXX::XXXX]:5060

iax:[2001:db8::1]:4569/alice?friends

Presumably, this is because of the "host" ABNF rule defined in RFC 3986:

host = IP-literal / IPv4address / reg-name

IP-literal = "[" ( IPv6address / IPvFuture ) "]"

The problem with this is that the host rule is only used when the absolute-URI contains '://':

absolute-URI = scheme ":" hier-part [ "?" query ]

hier-part     = "//" authority path-abempty
                 / path-absolute
                 / path-rootless
                 / path-empty

authority     = [ userinfo "@" ] host [ ":" port ]

so URI schemes such as sip where the URI doesn't contain a ://, then an IPv6 address would instead match path-rootless:

path-rootless = segment-nz *( "/" segment )

segment-nz    = 1*pchar

pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"

pct-encoded   = "%" HEXDIG HEXDIG

unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"

reserved      = gen-delims / sub-delims

gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"

sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

Specifically, this means that only the following un-escaped characters are allowed:

A-Za-z
0-9
: @
! $ & " ( ) * + , ; =

Any other characters must be encoded using %XX format.

While this won't break SIP elements out there, one thing is will break is trying to use an IPv6 address literal somewhere where a generic URI is expected, for example:

Generic URI parser
XML Schema "anyURI" datatype
HTML href attribute

... and anything else that expects a URI.

Note that implementations of above may use RFC 2396 (and RFC 2397 to add support for IPv6 literals) instead.

The following other URIs schemes are also affected:

h323
im
mailto
pres
xmpp

It seems that most people think that RFC 3986 needs to be updated.

The original thread discussing this on sip@ietf.org.org can be found here.

Labels: ietf, sip

posted by Theo Zourzouvillys at 12:55 PM

0 Comments:

Links to this post:

<$BlogBacklinkTitle$>: <$BlogBacklinkSnippet$>
<$I18NPostedByBacklinkAuthor$> @ <$BlogBacklinkDateTime$>

Create a Link

<< Home