Disruptive Telephony

In the usual (and ongoing) flurry of IETF announcements, there was one notice that caught my attention.  It announces that an Internet Draft document about "dialstrings" has been approved to become a standards-track RFC.  So what, you say?  Well here's a bit more info:

This document provides a way of incorporating a dial string into the SIP or SIPS URI scheme. A dial string is a cousin of a telephone number, but rather than taking the form of a fully-qualified E.164 or national-specific telephone number, it is a description of a literal set of dialed digits that would be delivered over a POTS line. As such, it may include pauses, omit prefixes like area codes, and its applicability is necessarily restricted to a particular context (an enterprise, a LATA, etc). Support for dialstrings was formerly a feature of the tel: URI scheme specification (back in RFC2806); since that functionality did not make it into the revision (RFC3966), it is provided here specifically for the SIP and SIPS case.

Think of it as extra digits you have to type when making a call... or extra keys you have to press to start a service.  The challenge is that SIP proxies and other services need to know that it is a string of numbers that should be handled in a special manner, rather than just thought of as part of a SIP address or something like that.  I mention it here only because it's one of those really low-level things that you can do on the PSTN but until now haven't had a (standard) way to do in SIP. It's also one that ultimately anyone implementing SIP will need to implement.  No RFC number yet, but that will come soon.  Note the nice security warning:

Dialstrings exposed to the Internet may reveal information about internal network details or service invocations that could allow attackers to use the PSTN or the Internet to attack such internal systems. Dialstrings normally SHOULD NOT be sent beyond the domain of the UAC. If they are sent across the Internet, they SHOULD be protected against eavesdropping with TLS per the procedures in [RFC3261].

Yep... as we've been saying over at VOIPSA and Blue Box, you definitely need to think about encrypting SIP if you are sending it across the Internet.  If not, bad things will happen eventually.