MMUSIC Working Group F. Andreasen Internet-Draft Cisco Systems, Inc. Intended status: Standards Track G. Camarillo Expires:
May 22,July 26, 2008 Ericsson D. Oran D. Wing Cisco Systems, Inc. November 19, 2007January 23, 2008 Connectivity Preconditions for Session Description Protocol Media Streams draft-ietf-mmusic-connectivity-precon-03.txtdraft-ietf-mmusic-connectivity-precon-04.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 22,July 26, 2008. Copyright Notice Copyright (C) The IETF Trust (2007).(2008). Abstract This document defines a new connectivity precondition for the Session Description Protocol (SDP) precondition framework. A connectivity precondition can be used to delay session establishment or modification until media stream connectivity has been successfully verified. The method of verification may vary depending on the type of transport used for the media. For unreliable datagram transports such as UDP, verification involves probing the stream with data or control packets. For reliable connection-oriented transports such as TCP, verification can be achieved simply by successful connection establishment or by probing the connection with data or control packets, depending on the situation. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Connectivity Precondition Definition . . . . . . . . . . . . . 3 3.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Operational Semantics . . . . . . . . . . . . . . . . . . 4 3.3. Status Type . . . . . . . . . . . . . . . . . . . . . . . 4 3.4. Direction Tag . . . . . . . . . . . . . . . . . . . . . . 5 3.5. Precondition Strength . . . . . . . . . . . . . . . . . . 5 4. Verifying Connectivity . . . . . . . . . . . . . . . . . . . . 6 4.1. Media Stream to Dialog Correlation . . . . . . . . . . . . 6 4.2. Explicit Connectivity Verification Mechanisms . . . . . . 7 4.3. Verifying Connectivity for Connection-Oriented Transports . . . . . . . . . . . . . . . . . . . . . . . . 9 5. Connectivity and Other Precondition Types . . . . . . . . . . 9 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 1415 9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 15 9.1. Changes since -02-03 . . . . . . . . . . . . . . . . . . . . 15 9.2. Changes since -02 . . . . . . . . . . . . . . . . . . . . 15 9.3. Changes since -01 . . . . . . . . . . . . . . . . . . . . 15 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 10.1. Normative References . . . . . . . . . . . . . . . . . . . 15 10.2. Informative References . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 Intellectual Property and Copyright Statements . . . . . . . . . . 18 1. Introduction The concept of a Session Description Protocol (SDP) [RFC4566] precondition in the Session Initiation Protocol (SIP) [RFC3261] is defined in [RFC3312] (updated by [RFC4032]). A precondition is a condition that has to be satisfied for a given media stream in order for session establishment or modification to proceed. When the precondition is not met, session progress is delayed until the precondition is satisfied or the session establishment fails. For example, [RFC3312] defines the Quality of Service precondition, which is used to ensure availability of network resources prior to establishing a session (i.e., prior to starting alerting the callee). SIP sessions are typically established in order to setup one or more media streams. Even though a media stream may be negotiated successfully through an SDP offer-answer exchange, the actual media stream itself may fail. For example, when there is one or more Network Address Translators (NATs) or firewalls in the media path, the media stream may not be received by the far end. In cases where the media is carried over a connection-oriented transport such as TCP [RFC0793], the connection-establishment procedures may fail. The connectivity precondition defined in this document ensures that session progress is delayed until media stream connectivity has been verified. The connectivity precondition type defined in this document follows the guidelines provided in [RFC4032] to extend the SIP preconditions framework. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Connectivity Precondition Definition 3.1. Syntax The connectivity precondition type is defined by the string "conn" and hence we modify the grammar found in [RFC3312] as follows: precondition-type = "conn" | "qos" | token This precondition tag is registered with the IANA in Section 8. 3.2. Operational Semantics According to [RFC4032], documents defining new precondition types need to describe the behavior of UAs (User Agents) from the moment session establishment is suspended due to a set of preconditionspreconditions, until it is resumed when these preconditions are met. An entity that wishes to delay session establishment or modification until media stream connectivity has been established uses this precondition-type in an offer. When a mandatory connectivity precondition is received in an offer, session establishment or modification is delayed until the connectivity precondition has been met (i.e., until media stream connectivity has been established in the desired direction or directions). The delay of session establishment defined here implies that alerting of the called party does not occur until the precondition has been satisfied. Packets may be both sent and received on the media streams in question. However, such packets SHOULD be limited to packets that are necessary to verify connectivity between the two endpoints involved on the media stream. That is, the underlying media stream SHOULD NOT be cut through. For example, STUN packets [I-D.ietf-behave-rfc3489bis], RTP [RFC3550] No-Op [I-D.ietf-avt-rtp-no-op] packets and their corresponding RTCP reports, as well as TCP SYN and ACK packets can be exchanged on media streams that support them as a way of verifying connectivity. Some media streams are described by a single 'm' line but, nevertheless, involve multiple addresses. For example, [RFC2733][RFC5109] specifies how to send FEC (Forward Error Correction) information as a separate stream (the address for the FEC stream is provided in an 'a=fmtp' line). When a media stream consists of multiple destination addresses, connectivity to all of them MUST be verified in order for the precondition to be met. In the case of RTP-based media streams, RTCP connectivity MAY be verified, but it is not a requirement. 3.3. Status Type [RFC3312] defines support for two kinds of status types, namely segmented and end-to-end. The connectivity precondition-type defined here MUST be used with the end-to-end status type; use of the segmented status type is undefined. 3.4. Direction Tag The direction attributes defined in [RFC3312] are interpreted as follows: o send: the party that generated the session description is sending packets on the media stream to the other party, and the other party has received at least one of those packets. That is, there is connectivity in the forward (sending) direction. o recv: the other party is sending packets on the media stream to the party that generated the session description, and this party has received at least one of those packets. That is, there is connectivity in the backwards (receiving) direction. o sendrecv: both the send and recv conditions hold. Note that a "send" connectivity precondition from the offerer's point of view corresponds to a "recv" connectivity precondition from the answerer's point of view, and vice versa. If media stream connectivity in both directions is required before session establishment or modification continues, the desired status needs to be set to "sendrecv". 3.5. Precondition Strength Connectivity preconditions may have a strength-tag of either "mandatory" or "optional". When a mandatory connectivity precondition is offered and the answerer cannot satisfy the connectivity precondition (e.g., because the offer does not include parameters that enable connectivity to be verified without media cut through) the offer MUST be rejected as described in [RFC3312]. When an optional connectivity precondition is offered, the answerer MUST generate its answer SDP as soon as possible. Since session progress is not delayed in this case, it is not known whether the associated media streams will have connectivity. If the answerer wants to delay session progress until connectivity has been verified, the answerer MUST increase the strength of the connectivity precondition by using a strength-tag of "mandatory" in the answer. Note that use of a "mandatory" precondition requires the presence of a SIP "Require" header with the option tag "precondition". Any SIP UA that does not support a mandatory precondition will reject such requests. To get around this issue, an optional connectivity precondition and the SIP "Supported" header with the option tag "precondition" can be used instead. Offers with connectivity preconditions in re-INVITEs or UPDATEs follow the rules given in Section 6 of [RFC3312]. That is: "Both user agents SHOULD continue using the old session parameters until all the mandatory preconditions are met. At that moment, the user agents can begin using the new session parameters." 4. Verifying Connectivity Media stream connectivity is ascertained by use of a connectivity verification mechanism between the media endpoints. A connectivity verification mechanism may be an explicit mechanism, such as ICE [I-D.ietf-mmusic-ice],[I-D.ietf-mmusic-ice] or ICE TCP [I-D.ietf-mmusic-ice-tcp], or it may be an implicit mechanism, such as TCP. Explicit mechanisms provide specifications for when connectivity between two endpoints using an offer/answer exchange is ascertained, whereas implicit mechanisms do not. The verification mechanism is negotiated as part of the normal offer/answer exchange, however it is not identified explicitly. More than one mechanism may be negotiated, but the offerer and answerer need not use the same. The following rules guide which connectivity verification mechanism to use: 1. if an explicit connectivity verification mechanism (e.g., ICE) is negotiated, the precondition is met when the mechanism verifies connectivity successfully, otherwise 2. if a connection-oriented transport (e.g., TCP) is negotiated, the precondition is met when the connection is established. 3. in other cases, an implicit verification mechanism may be provided by the transport itself or the media stream data using the transport (e.g., RTP no-op)No-Op) 4. if none of the above apply, connectivity cannot be verified reliably and the connectivity precondition will never be satisfied if requested. This document does not mandate any particular connectivity verification mechanism; however, in the following, we provide additional considerations for verification mechanisms. 4.1. Media Stream to Dialog Correlation SIP and SDP do not provide any inherent capabilities for associating an incoming media stream packet with a particular dialog. Thus, when an offerer is trying to ascertain connectivity, and an incoming media stream packet is received, the offerer may not know which dialog had its "recv" connectivity verified. Explicit connectivity verification mechanisms therefore typically provide a means to correlate the media stream, whose connectivity is being verified, with a particular SIP dialog. However, some connectivity verification mechanisms may not provide such a correlation. Therefore, inIn the absence of a dialog- to-media-streamdialog-to-media- stream correlation mechanism (e.g., ICE), a UAS (User Agent Server) MUST NOT require the offerer to confirm a connectivity precondition. 4.2. Explicit Connectivity Verification Mechanisms Explicit connectivity verification mechanisms typically use probe traffic with some sort of feedback to inform the sender whether reception was successful. Below we provide two examples of such mechanisms, and how they are used with connectivity preconditions: Interactive Connectivity Establishment (ICE) [I-D.ietf-mmusic-ice] provides one or more candidate addresses in signaling between the offerer and the answerer and then uses STUN Binding Requests to determine which pairs of candidate addresses have connectivity. Each STUN Binding Request contains a password which is communicated in the SDP as well; this enables correlation between STUN Binding Requests and candidate addresses for a particular media stream. This furthermoreIt also provides correlation with a particular SIP dialog. ICE implementations may be either Full or Lite (see [I-D.ietf-mmusic- ice]).[I-D.ietf-mmusic-ice]). Full implementations generate and respond to STUN Binding Requests, whereas Lite implementations only respond to them. With ICE, one side is a controlling agent, and the other side is a controlled agent. A Full implementation can take on either role, whereas a Lite implementation can only be a controlled agent. The controlling agent decides which valid candidate to use and informs the controlled agent of it by identifying the pair as the nominated pair. This leads to the following connectivity precondition rules: o A Full implementation ascertains both "send" and "recv" connectivity when it operates as a STUN client and has sent a STUN Binding Request that resulted in a successful check for all the components of the media stream (as defined further in ICE). o A Full or a Lite implementation ascertains "recv" connectivity when it operates as a STUN server and has received a STUN Binding Request that resulted in a successful response for all the components of the media stream (as defined further in ICE). o A Lite implementation ascertains "send" and "recv" connectivity when the controlling agent has informed it of the nominated pair for all the components of the media stream. A simpler and slightly more delay-prone alternative to the above rules is for all ICE implementations to ascertain "send" and "recv" connectivity for a media stream when the ICE state for that media stream has moved to Completed. Note that there is never a need for the UASanswerer to request confirmation of the connectivity precondition when using ICE: the answerer can determine the status locally. Also note, that when ICE is used to verify connectivity preconditions, the precondition is not satisfied until connectivity has been verified for all the component transport addresses used by the media stream. For example, with an RTP-based media stream where RTCP is not suppressed, connectivity MUST be ascertained for both RTP and RTCP; this is a tightening of the general operational semantics provided in Section Section3.2, which is imposed by ICE. Finally, it should be noted, that although connectivity has been ascertained, a new offer/answer exchange may be required before media can flow (per ICE). RTP no-opNo-Op [I-D.ietf-avt-rtp-no-op] enables the sender of an RTP No-Op payload to verify send connectivity by examining the RTCP report(s) being returned. In particular, the source SSRC in the RTCP report block is used for correlation. The RTCP report block also contains the SSRC of the sender of the report and the SSRC of incoming RTP No-Op packets identifies the sender of the RTP packet. Thus, once send connectivity has been ascertained, receipt of an RTP No-Op packet from the same SSRC provides the necessary correlation to determine receive connectivity. Alternatively, the duality of send and receive preconditions can be exploited, with one side confirming when his send precondition is satisfied, which in turn implies the other sides recv precondition is satisfied. The above are merely examples of explicit connectivity verification mechanisms. Other techniques can be used as well. It is however RECOMMENDED that ICE be supported by entities that support connectivity preconditions. Use of ICE has the benefit of working for all media streams (not just RTP) as well as facilitate NAT and firewall traversal, which may otherwise interfere with connectivity. Furthermore, the ICE recommendation provides a baseline to ensure that all entities that require probe traffic to support the connectivity preconditions have a common way of ascertaining connectivity. 4.3. Verifying Connectivity for Connection-Oriented Transports Connection-oriented transport protocols generally provide an implicit connectivity verification mechanism. Connection establishment involves sending traffic in both directions thereby verifying connectivity at the transport protocol level. When the connection- oriented protocol usesa three-way (or more) handshake for connection establishment, thereestablishment succeeds, bi-directional communication is no difference betweenconfirmed and both the "send" and "recv" precondition.preconditions are satisfied whether requested or not. In the case of TCP for example, once the TCP three-way handshake has completed (SYN, SYN-ACK, ACK), the TCP connection is established and data can be sent and received by either party (i.e., both a send and a receive connectivity precondition has been satisfied). SCTP [RFC4960] connections have similar semantics as TCP and SHOULD be treated the same. When a connection-oriented transport is part of an offer, it may be passive, active, or active/passive [RFC4145]. When it is passive, the offerer expects the answerer to initiate the connection establishment, and when it is active, the offerer wants to initiate the connection establishment. When it is active/passive, the answerer decides. As noted earlier, lack of a media-stream-to-dialog correlation mechanism can make it difficult to guarantee with whom connectivity has been ascertained. When the offerer takes on the passive role, the offerer will not necessarily know which SIP dialog originated an incoming connection request. If the offerer instead is active, this problem is avoided. 5. Connectivity and Other Precondition Types The role of a connectivity precondition is to ascertain media stream connectivity before establishing or modifying a session. The underlying intent is for the two parties to be able to exchange media packets successfully. Connectivity by itself however may not fully satisfy this. Quality of Service for example may be required for the media stream; this can be addressed by use of the "qos" preconditionsprecondition defined in [RFC3312]. Similarly, succesful security parameter negotiation may be another prequisite to meeting this;prequisite; this can be addressed by use of the "sec" preconditionsprecondition defined in [RFC5027]. 6. Examples The first example uses the connectivity precondition with TCP in the context of a session involving a wireless access medium. Both UAs use a radio access network that does not allow them to send any data (not even a TCP SYN) until a radio bearer has been setup for the connection. Figure 1 shows the message flow of this example (the required PRACK transaction has been omitted for clarity): A B | INVITE | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | | a=setup:holdconn | |----------------------------------->| | | | 183 Session Progress | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | | a=setup:holdconn | |<-----------------------------------| | | | UPDATE | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | A's radio | a=setup:actpass | bearer is +----------------------------------->| up | | | 200 OK | | a=curr:conn e2e none | | a=des:conn mandatory e2e sendrecv | | a=setup:active | |<-----------------------------------| | | | | | | | | B's radio |<---TCP Connection Establishment--->+ bearer is up | | B sends TCP SYN | | | | | 180 Ringing | TCP connection |<-----------------------------------+ is up | | B alerts the user | | Figure 1: Message flow with two types of preconditions A sends an INVITE requesting connection-establishment preconditions. The setup attribute in the offer is set to holdconn [RFC4145] because A cannot send or receive any data before setting up a radio bearer for the connection. B agrees to use the connectivity precondition by sending a 183 (Session Progress) response. The setup attribute in the answer is also set to holdconn because B, like A, cannot send or receive any data before setting up a radio bearer for the connection. When A's radio bearer is ready, A sends an UPDATE to B with a setup attribute with a value of actpass. This attribute indicates that A can perform an active or a passive TCP open. A is letting B choose which endpoint will initiate the connection. Since B's radio bearer is not ready yet, B chooses to be the one initiating the connection and indicates so with a setup attribute with a value of active. At a later point, when B's radio bearer is ready, B initiates the TCP connection towards A. Once the TCP connection is established successfully, B knows the "sendrecv" precondition is satisfied, and B proceeds with the session (i.e., alerts the calleeCallee), and sends a 180 (Ringing) response. The second example shows a basic SIP session establishment using SDP connectivity preconditions and RTP No-Op. Note that not allNo-Op (the required PRACK transaction and some SDP details are provided in the following.have been omitted for clarity). The message flow for this scenario is shown in Figure 2 below. A B | | |-------------(1) INVITE SDP1--------------->| | | |<------(2) 183 Session Progress SDP2--------| | | |<~~~~~ Connectivity check to A ~~~~~~~~~~~~~| | | |----------------(3) PRACK------------------>| | ||~~~~~ Connectivity to A OK ~~~~~~~~~~~~~~~~>| | | |<-----------(4) 200 OK (PRACK)--------------| | ||~~~~~ Connectivity check to B ~~~~~~~~~~~~~>| |<~~~~ Connectivity to B OK ~~~~~~~~~~~~~~~~~| | | |-------------(5)|-------------(3) UPDATE SDP3--------------->| | | |<--------(6)|<--------(4) 200 OK (UPDATE) SDP4-----------| | | |<-------------(7)|<-------------(5) 180 Ringing---------------| | | | | | |Figure 2: Connectivity precondition with RTP no-opNo-Op SDP1: A includes a mandatory end-to-end connectivity precondition with a desired status of "sendrecv"; this will ensure media stream connectivity in both directions before continuing with the session setup. Since media stream connectivity in either direction is unknown at this point, the current status is set to "none". A's local status table (see [RFC3312]) for the connectivity precondition is as follows: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | no | mandatory | no recv | no | mandatory | no and the resulting offer SDP is: m=audio 20000 RTP/AVP 0 96 c=IN IP4 192.0.2.1 a=rtpmap:96 no-op/8000 a=curr:conn e2e none a=des:conn mandatory e2e sendrecv SDP2: When B receives the offer, B sees the mandatory sendrecv connectivity precondition. B can ascertain connectivity to A ("send" from B's point of view) by use of the RTP No-Op, however B wants A to inform it about connectivity in the other direction ("recv" from B's point of view). B's local status table therefore looks as follows: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | no | mandatory | no recv | no | mandatory | no Since B wants to ask A for confirmation about the "recv" (from B's point of view) connectivity precondition, the resulting answer SDP becomes: m=audio 30000 RTP/AVP 0 96 a=rtpmap:96 no-op/8000 c=IN IP4 192.0.2.4 a=curr:conn e2e none a=des:conn mandatory e2e sendrecv a=conf:conn e2e recv Meanwhile, B performs a successful send connectivity check to A, which succeedsA by sending an RTP No-Op packet to A and hencereceiving a corresponding RTCP report. B's local status table is updated as follows: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | yes | mandatory | no recv | no | mandatory | no Since the "recv" connectivity precondition (from B's point of view) is still not satisfied, session establishment remains suspended. SDP3: When A receives the answer SDP, A notes that confirmation was requested for B's "recv" connectivity precondition, which is the "send" precondition from A's point of view. A performs a successful send connectivity check to B, which succeeds,B by sending an RTP No-Op packet to B and receiving a corresponding RTCP report, and A's local status table becomes: Direction | Current | Desired Strength | Confirm -----------+----------+------------------+---------- send | yes | mandatory | yes recv | no | mandatory | no Since B asked for confirmation about the "send" connectivity (from A's point of view), A now sends an UPDATE (5) to B to confirm the connectivity from A to B: m=audio 20000 RTP/AVP 0 96 a=rtpmap:96 no-op/8000 c=IN IP4 192.0.2.1 a=curr:conn e2e send a=des:conn mandatory e2e sendrecv B has both send and recv connectivity confirmed at this point and the session can continue. 7. Security Considerations In addition to the general security considerations for preconditions provided in [RFC3312], the following security issues, which are specific to connectivity preconditions, should be considered. Connectivity preconditions rely on mechanisms beyond SDP such as TCP[RFC0793] connection establishment, RTP No-Op [I-D.ietf-avt-rtp-no-op], or STUN [I-D.ietf-behave-rfc3489bis] to establish and verify connectivity between an offerer and an answerer. An attacker that prevents those mechanism from succeeding can prevent media sessions from being established and hence it is RECOMMENDED that such mechanisms are adequately secured by message authentication and integrity protection. Also, the mechanisms SHOULD consider how to prevent denial of service attacks. Similarly, an attacker that can forge packets for these mechanisms can enable sessions to be established when there in fact is no media connectivity, which may lead to a poor user experience. Authentication and integrity protection of such mechanisms can prevent this type of attacks and hence use of it is RECOMMENDED. It is also strongly RECOMMENDED that integrity protection be applied to the SDP session descriptions. S/MIME [RFC3853] is the natural choice to provideprovides such end-to-endend- to-end integrity protection, as described in [RFC3261]. 8. IANA Considerations IANA is hereby requested to register a new precondition type under the Precondition Types used with SIP subregistry, which is located under the Session Initiation Protocol (SIP) Parameters registry. Precondition-Type Description Reference ----------------- ----------------------------------- --------- conn Connectivity precondition [RFCxxxx] [Note to the RFC Editor: replace RFCxxxx with the number assigned to this RFC.] 9. Change Log 9.1. Changes since -03 Minor fixes here and there. 9.2. Changes since -02 Connectivity preconditions are now mechanism agnostic. Clarified when and how to use ICE, RTP no-op,No-Op, and connection establishment procedures to check connectivity. Clarified relation with other precondition types. 184.108.40.206. Changes since -01 There are no changes since the previous version of the document. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2733] Rosenberg, J. and H. Schulzrinne, "An RTP[RFC5109] Li, A., "RTP Payload Format for Generic Forward Error Correction", RFC 2733,5109, December 1999.2007. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC3312] Camarillo, G., Marshall, W., and J. Rosenberg, "Integration of Resource Management and Session Initiation Protocol (SIP)", RFC 3312, October 2002. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003. [RFC3853] Peterson, J., "S/MIME Advanced Encryption Standard (AES) Requirement for the Session Initiation Protocol (SIP)", RFC 3853, July 2004. [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session Initiation Protocol (SIP) Preconditions Framework", RFC 4032, March 2005. [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. 10.2. Informative References [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981. [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in the Session Description Protocol (SDP)", RFC 4145, September 2005. [RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007. [RFC5027] Andreasen, F. and D. Wing, "Security Preconditions for Session Description Protocol (SDP) Media Streams", RFC 5027, October 2007. [I-D.ietf-avt-rtp-no-op] Andreasen, F., "A No-Op Payload Format for RTP", draft-ietf-avt-rtp-no-op-04 (work in progress), May 2007. [I-D.ietf-mmusic-ice] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", draft-ietf-mmusic-ice-19draft-ietf-mmusic-ice-16 (work in progress), OctoberJune 2007. [I-D.ietf-mmusic-ice-tcp] Rosenberg, J., "TCP Candidates with Interactive Connectivity Establishment (ICE", draft-ietf-mmusic-ice-tcp-04draft-ietf-mmusic-ice-tcp-03 (work in progress), JulyMarch 2007. [I-D.ietf-behave-rfc3489bis] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,"Session Traversal Utilities for (NAT) (STUN)", draft-ietf-behave-rfc3489bis-13draft-ietf-behave-rfc3489bis-06 (work in progress), NovemberMarch 2007. Authors' Addresses Flemming Andreasen Cisco Systems, Inc. 499 Thornall Street, 8th Floor Edison, NJ 08837 USA Email: firstname.lastname@example.org Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas 02420 Finland Email: Gonzalo.Camarillo@ericsson.com David Oran Cisco Systems, Inc. 7 Ladyslipper Lane Acton, MA 01720 USA Email: email@example.com Dan Wing Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94301 USA Email: firstname.lastname@example.org Full Copyright Statement Copyright (C) The IETF Trust (2007).(2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at email@example.com. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).