draft-ietf-mmusic-sdp-bfcp-00.txt   draft-ietf-mmusic-sdp-bfcp-01.txt 
MMUSIC Working Group G. Camarillo MMUSIC Working Group G. Camarillo
Internet-Draft Ericsson Internet-Draft Ericsson
Expires: July 14, 2005 January 13, 2005 Expires: November 5, 2005 May 4, 2005
Session Description Protocol (SDP) Format for Binary Floor Control Session Description Protocol (SDP) Format for Binary Floor Control
Protocol (BFCP) Streams Protocol (BFCP) Streams
draft-ietf-mmusic-sdp-bfcp-00.txt draft-ietf-mmusic-sdp-bfcp-01.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions By submitting this Internet-Draft, each author represents that any
of section 3 of RFC 3667. By submitting this Internet-Draft, each applicable patent or other IPR claims of which he or she is aware
author represents that any applicable patent or other IPR claims of have been or will be disclosed, and any of which he or she becomes
which he or she is aware have been or will be disclosed, and any of aware will be disclosed, in accordance with Section 6 of BCP 79.
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as Internet-
Internet-Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 14, 2005. This Internet-Draft will expire on November 5, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document specifies how to describe BFCP streams in SDP session This document specifies how to describe BFCP streams in SDP session
descriptions. User agents using the offer/answer model to establish descriptions. User agents using the offer/answer model to establish
BFCP streams use this format in their offers and their answers. BFCP streams use this format in their offers and their answers.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fields in the m Line . . . . . . . . . . . . . . . . . . . . 3 3. Fields in the m Line . . . . . . . . . . . . . . . . . . . . . 3
4. The confid and userid SDP Attributes . . . . . . . . . . . . 4 4. Floor Control Server Determination . . . . . . . . . . . . . . 4
5. The k line . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. The 'confid' and 'userid' SDP Attributes . . . . . . . . . . . 4
6. The nonce Attribute . . . . . . . . . . . . . . . . . . . . 4 6. Association between Streams and Floors . . . . . . . . . . . . 5
7. Association between Streams and Floors . . . . . . . . . . . 5 7. TCP Connection Management . . . . . . . . . . . . . . . . . . 5
8. Certificate Choice and Presentation . . . . . . . . . . . . 5 8. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 6
9. TCP Connection Management . . . . . . . . . . . . . . . . . 6 8.1 Mutual Authentication Using Certificates and TLS . . . . . 6
10. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 6 8.2 Client Authentication at the BFCP Level . . . . . . . . . 7
11. Security Considerations . . . . . . . . . . . . . . . . . . 7 8.2.1 Generating a Shared Secret . . . . . . . . . . . . . . 7
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 7 8.2.2 The 'nonce' Attribute . . . . . . . . . . . . . . . . 8
12.1 Registration of the confid Attribute . . . . . . . . . . 8 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
12.2 Registration of the userid Attribute . . . . . . . . . . 8 9.1 Example Using TLS . . . . . . . . . . . . . . . . . . . . 8
12.3 Registration of the floorid Attribute . . . . . . . . . 8 9.2 Example Using the 'crypto' Attribute . . . . . . . . . . . 9
12.4 Registration of the nonce Attribute . . . . . . . . . . 9 10. Security Considerations . . . . . . . . . . . . . . . . . . 10
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 9 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 10
14. Normative References . . . . . . . . . . . . . . . . . . . . 9 11.1 Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP
Author's Address . . . . . . . . . . . . . . . . . . . . . . 10 'proto' values . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . 11 11.2 Registration of the SDP 'confid' Attribute . . . . . . . . 11
11.3 Registration of the SDP 'userid' Attribute . . . . . . . . 11
11.4 Registration of the SDP 'floorid' Attribute . . . . . . . 12
11.5 Registration of the SDP 'nonce' Attribute . . . . . . . . 12
11.6 Registration of the crypto-suites for 'TCP/BFCP' . . . . . 13
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 13
13. Normative References . . . . . . . . . . . . . . . . . . . . 13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . . 15
1. Introduction 1. Introduction
As discussed in the BFCP specification [7], a given BFCP client needs As discussed in the BFCP (Binary Floor Control Protocol)
a set of data in order to establish a BFCP connection to a floor specification [8], a given BFCP client needs a set of data in order
control server. These data include the transport address of the to establish a BFCP connection to a floor control server. These data
server, the conference identifier, and the user identifier. include the transport address of the server, the conference
identifier, and the user identifier.
One way for clients to obtain this information consists of using an One way for clients to obtain this information consists of using an
offer/answer [5] exchange. This document specifies how to encode offer/answer [5] exchange. This document specifies how to encode
this information in the SDP session descriptions which are part of an this information in the SDP session descriptions which are part of an
offer/answer exchange. offer/answer exchange.
User agents typically use the offer/answer model to establish a User agents typically use the offer/answer model to establish a
number of media streams of different types. Following this model, a number of media streams of different types. Following this model, a
BFCP connection is described as any other media stream by using an BFCP connection is described as any other media stream by using an
SDP 'm' line, possibly followed by a number of attributes encoded in SDP 'm' line, possibly followed by a number of attributes encoded in
'a' lines. 'a' lines.
2. Terminology 2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in BCP 14, RFC 2119 [1] and indicate requirement levels for described in BCP 14, RFC 2119 [2] and indicate requirement levels for
compliant implementations. compliant implementations.
3. Fields in the m Line 3. Fields in the m Line
According to RFC 2327 [3], the 'm'line format is the following: According to the SDP specification [11], the 'm'line format is the
following:
m=<media> <port> <transport> <fmt list> m=<media> <port> <transport> <fmt> ...
The media field MUST have a value of "application". The media field MUST have a value of "application".
The port field is set following the rules in [6]. Depending on the The port field is set following the rules in [7]. Depending on the
value of the 'setup' attribute (disccused in Section 9), the port value of the 'setup' attribute (disccused in Section 7), the port
field contains the port the remote endpoint will initiate its TCP field contains the port the remote endpoint will initiate its TCP
connection to, or is irrelevant (i.e., the endpoint will initiate the connection to, or is irrelevant (i.e., the endpoint will initiate the
connection towards the remote endpoint) and should be set to a value connection towards the remote endpoint) and should be set to a value
of 9, which is the discard port. Since BFCP only runs on top of TCP, of 9, which is the discard port. Since BFCP only runs on top of TCP,
the port is always a TCP port. A port field value of zero has the the port is always a TCP port. A port field value of zero has the
standard SDP meaning (i.e., rejection of the media stream). standard SDP meaning (i.e., rejection of the media stream).
We define two new values for the transport field: TCP/BFCP and TCP/ We define two new values for the transport field: TCP/BFCP and TCP/
TLS/BFCP. The former is used when BFCP runs directly on top of TCP TLS/BFCP. The former is used when BFCP runs directly on top of TCP
and the latter is used when BFCP runs on top of TLS, which in turn and the latter is used when BFCP runs on top of TLS, which in turn
runs on top of TCP. runs on top of TCP.
The fmt (format) list is ignored for BFCP. The fmt list of BFCP m The fmt (format) list is ignored for BFCP. The fmt list of BFCP m
lines SHOULD contain a single "*" character. lines SHOULD contain a single "*" character.
The following is an example of an m line for a BFCP connection: The following is an example of an m line for a BFCP connection:
m=application 20000 TCP/TLS/BFCP * m=application 20000 TCP/TLS/BFCP *
4. The confid and userid SDP Attributes 4. Floor Control Server Determination
The 'confid' and the 'userid' attributes are used by a floor control
server to provide a client with a conference ID and a user ID. In
the context of an offer/answer exchange, the entity including these
attributes is the floor control server.
The most common scenario consists of a client establishing a BFCP
stream with a floor control server. In this case, there is only one
floor control server (the offerer or the answerer). However, there
are scenarios where both the offerer and the answerer are both
clients and floor control servers. For example, in a two-party
session that involves an audio stream and a shared whiteboard, one
party acts as the floor control server for the audio stream and the
other acts as the floor control server for the shared whiteboard. In
such a case, both the offerer and the answerer would include the
'confid' and the 'userid' attributes in their respective session
descriptions.
5. The 'confid' and 'userid' SDP Attributes
We define the 'confid' and the 'userid' SDP media-level attributes. We define the 'confid' and the 'userid' SDP media-level attributes.
Their Augmented BNF syntax [2] is: These attributes attributes are used by a floor control server to
provide a client with a conference ID and a user ID respectively.
Their Augmented BNF syntax [3] is:
confid-attribute = "a=confid: " conference-id confid-attribute = "a=confid: " conference-id
conference-id = token conference-id = token
userid-attribute = "a=userid: " user-id userid-attribute = "a=userid: " user-id
user-id = token user-id = token
The confid and the userid attributes carry the integer representation The confid and the userid attributes carry the integer representation
of a conference ID and a user ID respectively. of a conference ID and a user ID respectively.
Endpoints which use the offer/answer model to establish BFCP Endpoints which use the offer/answer model to establish BFCP
connections MUST support the confid and the userid attributes. A connections MUST support the confid and the userid attributes. A
floor control server acting as an offerer or as an answerers SHOULD floor control server acting as an offerer or as an answerers SHOULD
include these attributes in its session descriptions. include these attributes in its session descriptions.
5. The k line 6. Association between Streams and Floors
The floor control server MAY use an SDP 'k' line to provide clients
with a shared secret to be used to calculate the value of the DIGEST
TLVs. The following is an example of a 'k' line:
k=base64:c2hhcmVkLXNlY3JldA==
Endpoints MAY use other mechanisms (including out-of-band mechanisms)
to come up with a share secret. However, if the 'k' line is used in
the way just described, the session description containing the 'k'
line with the shared secret MUST be encrypted.
6. The nonce Attribute
We define the 'nonce' attribute. Its Augmented BNF syntax [2] is:
nonce-attribute = "a=nonce: " nonce-value
nonce-value = token
The 'nonce' attribute carries the integer representation of the nonce
to be used by the client in its next BFCP message (typically the
first message from the client) towards the floor control server.
This is an optimization so that the client does not need to generate
an initial BFCP message only to have it rejected by the floor control
server with an Error response containing a nonce.
Endpoints which use the offer/answer model to establish BFCP
connections SHOULD support the 'nonce' attribute. A floor control
server acting as an offerer or as an answerers MAY include this
attribute in its session descriptions.
7. Association between Streams and Floors
We define the floorid SDP media-level attribute. Its Augmented BNF We define the floorid SDP media-level attribute. Its Augmented BNF
syntax [2] is: syntax [3] is:
floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)] floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)]
The floorid attribute is used in BFCP 'm' lines. It defined a floor The floorid attribute is used in BFCP 'm' lines. It defines a floor
identifier and, possibly, associates it with one or more media identifier and, possibly, associates it with one or more media
streams. The token representing the floor ID is the integer streams. The token representing the floor ID is the integer
representation of the Floor ID to be used in BFCP. The token representation of the Floor ID to be used in BFCP. The token
representing the media stream is a pointer to the media stream, which representing the media stream is a pointer to the media stream, which
is identified by an SDP label attribute [8] is identified by an SDP label attribute [9]
Endpoints which use the offer/answer model to establish BFCP Endpoints which use the offer/answer model to establish BFCP
connections MUST support the 'floorid' and the 'label' attributes. A connections MUST support the 'floorid' and the 'label' attributes. A
floor control server acting as an offerer or as an answerer SHOULD floor control server acting as an offerer or as an answerer SHOULD
include these attributes in its session descriptions. include these attributes in its session descriptions.
8. Certificate Choice and Presentation 7. TCP Connection Management
Floor control servers follow the rules in [9] regarding certificate
choice and presentation. This implies that unless the floor control
server includes a 'fingerprint' attribute in its session description,
the certificate provided by the floor control server must be signed
by a certificate authority known to the client.
Endpoints which use the offer/answer model to establish BFCP
connections MUST support the 'fingerprint' attribute. Floor control
servers SHOULD include this attribute in their session descriptions
(no matter whether they are offers or answers).
When TLS is used, once the underlaying TCP connection is established,
the floor control server acts as the TLS server regardless of its
role (passive or active) in the TCP establishment procedure.
9. TCP Connection Management
The management of the TCP connection used to transport BFCP is The management of the TCP connection used to transport BFCP is
performed using the 'setup' and 'connection' attributes as defined in performed using the 'setup' and 'connection' attributes as defined in
[6]. [7].
The setup attribute indicates which of the endpoints (client or floor The setup attribute indicates which of the endpoints (client or floor
control server) initiates the TCP connection. The 'connection' control server) initiates the TCP connection. The 'connection'
attribute handles TCP connection reestablishment. attribute handles TCP connection reestablishment.
The BFCP specification [7] describes a number of situations when the The BFCP specification [8] describes a number of situations when the
TCP connection between a client and the floor control server needs to TCP connection between a client and the floor control server needs to
be reestablished. However, that specification does not describe the be reestablished. However, that specification does not describe the
reestablishment process because this process depends on how the reestablishment process because this process depends on how the
connection was established in the first place. BFCP entities using connection was established in the first place. BFCP entities using
the offer/answer model follow the following rules. the offer/answer model follow the following rules.
When the existing TCP connection is reseted following the rules in When the existing TCP connection is reseted following the rules in
[7], the client SHOULD generate an offer towards the floor control [8], the client SHOULD generate an offer towards the floor control
server in order to reestablish the connection. If a TCP connection server in order to reestablish the connection. If a TCP connection
cannot deliver a BFCP message and times out, the entity that cannot deliver a BFCP message and times out, the entity that
attempted to send the message (i.e., the one that detected the TCP attempted to send the message (i.e., the one that detected the TCP
timeout) SHOULD generate an offer in order to reestablish the TCP timeout) SHOULD generate an offer in order to reestablish the TCP
connection. connection.
Endpoints which use the offer/answer model to establish BFCP Endpoints which use the offer/answer model to establish BFCP
connections MUST support the 'setup' and the 'connection' attributes. connections MUST support the 'setup' and the 'connection' attributes.
10. Example 8. Authentication
When a BFCP connection is established using the offer/answer model,
it is assumed that the offerer and the answerer authenticate each
other using some mechanism. Once this mutual authentication takes
place, all the offerer and the answerer need to make sure is that the
entity they are receiving BFCP messages from is the same as the one
that generated the previous offer or answer.
When SIP is used to perform an offer/answer exchange, the initial
mutual authentication takes place at the SIP level. Additionally,
SIP uses S/MIME to provide an integrity protected channel with
optional confidentiality for the offer/answer exchange. BFCP takes
advantage of this integrity protected offer/answer exchange to
perform authentication. Within the offer/answer exchange, the
offerer and the answerer exchange the fingerprints of their self-
signed certificates. These self-signed certificates are then used to
establish the TLS connection that will carry BFCP traffic between the
offerer and the answerer. Of course, certificates signed by a
certificate authority known to both parties can also be used.
Section 8.1 describes mutual authentication using certificates and
TLS, which is the RECOMMENDED mechanism to perform mutual
authentication.
BFCP also provides a digest mechanism based on a shared secret to
provide client authentication in situations where TLS is not used for
some reason. Section 8.2 describes how to set up this mechanism
using an offer/answer model. Note that when mutual authentication is
performed using TLS, it is not necessary to use this digest
mechanism.
8.1 Mutual Authentication Using Certificates and TLS
BFCP clients and floor control servers follow the rules in [10]
regarding certificate choice and presentation. This implies that
unless a 'fingerprint' attribute is included in the session
description, the certificate provided at the TLS-level must be signed
by a certificate authority known to other party. Endpoints which use
the offer/answer model to establish BFCP connections MUST support the
'fingerprint' attribute and SHOULD include it in their session
descriptions.
When TLS is used, once the underlaying TCP connection is established,
the answerer acts as the TLS server regardless of its role (passive
or active) in the TCP establishment procedure.
8.2 Client Authentication at the BFCP Level
Digest authentication in BFCP is based on a shared secret between the
client and the floor control server. Section 8.2.1 describes how to
set up such a secret using an encrypted offer/answer exchange.
Section 8.2.2 describes how a floor control server can provide a
client with an initial nonce.
8.2.1 Generating a Shared Secret
This section describes how to generate a shared secret between a
client and a floor control server using SDP security descriptions and
the SDP 'crypto' attribute [12].
The following is the format of the 'crypto' attribute as defined in
[12]:
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
The use of the tag field is specified in [12].
The possible values for the crypto-suite field are defined within the
context of a transport; TCP/BFCP in our case. Within the context of
TCP/BFCP, we define the following value for the crypto-suite field:
+-----------+-----------------+
| Value | BFCP Identifier |
+-----------+-----------------+
| HMAC-SHA1 | 0 |
+-----------+-----------------+
Table 1: Values for the crypto-suite field in TCP/BFCP
The IANA registry for Digest Algorithms in BFCP contains references
to the specifications that describe the usage of each digest
algorithm (identified by its BFCP identifier) in BFCP.
The key-params field SHOULD use the 'inline' key method followed by a
base64-encoded [6] unguessable secret [1].
The use of the optional session-params field is for further study.
The following is an example of a 'crypto' attribute:
a=crypto:1 HMAC-SHA1 inline:c2hhcmVkLXNlY3JldA==
The use of the 'crypto' attribute in an offer/answer exchange is
described in [12]. Additionally, when this attribute is used with
BFCP streams, the answerer MUST use the same value in the key-params
field as the one received in the offer.
Endpoints MAY use other mechanisms (including out-of-band mechanisms)
to generate a shared secret. However, if the mechanism described in
this section is used, the session descriptions MUST be encrypted.
8.2.2 The 'nonce' Attribute
We define the SDP media-level 'nonce' attribute. Its Augmented BNF
syntax [3] is:
nonce-attribute = "a=nonce: " nonce-value
nonce-value = token
The 'nonce' attribute carries the integer representation of the nonce
to be used by the client in its next BFCP message (typically the
first message from the client) towards the floor control server.
This is an optimization so that the client does not need to generate
an initial BFCP message only to have it rejected by the floor control
server with an Error response containing a nonce.
Endpoints which use the offer/answer model to establish BFCP
connections SHOULD support the 'nonce' attribute. A floor control
server acting as an offerer or as an answerers MAY include this
attribute in its session descriptions.
9. Examples
For the purpose of brevity, the main portion of the session
description is omitted in the examples, which only show 'm' lines and
their attributes.
9.1 Example Using TLS
The following is an example of an offer sent by a conference server The following is an example of an offer sent by a conference server
to a client. For the purpose of brevity, the main portion of the to a client.
session description is omitted in the examples, which only show m=
lines and their attributes.
m=application 20000 TCP/TLS/BFCP * m=application 20000 TCP/TLS/BFCP *
k=base64:c2hhcmVkLXNlY3JldA==
a=setup:passive a=setup:passive
a=connection:new a=connection:new
a=fingerprint:SHA-1 \ a=fingerprint:SHA-1 \
4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB
a=nonce:5678
a=confid:4321 a=confid:4321
a=userid:1234 a=userid:1234
a=floorid:1 m-stream:10 a=floorid:1 m-stream:10
a=floorid:2 m-stream:11 a=floorid:2 m-stream:11
m=audio 20000 RTP/AVP 0 m=audio 20000 RTP/AVP 0
a=label:10 a=label:10
m=video 30000 RTP/AVP 31 m=video 30000 RTP/AVP 31
a=label:11 a=label:11
Note that due to RFC formatting conventions, this document splits SDP Note that due to RFC formatting conventions, this document splits SDP
across lines whose content would exceed 72 characters. A backslash across lines whose content would exceed 72 characters. A backslash
character marks where this line folding has taken place. This character marks where this line folding has taken place. This
backslash and its trailing CRLF and whitespace would not appear in backslash and its trailing CRLF and whitespace would not appear in
actual SDP content. actual SDP content.
The following is the answer returned by the user. The following is the answer returned by the user.
m=application 9 TCP/TLS/BFCP *
a=setup:active
a=connection:new
m=audio 25000 RTP/AVP 0
m=video 35000 RTP/AVP 31
9.2 Example Using the 'crypto' Attribute
The following is an example of an offer sent by a conference server
to a client. In this case, TLS is not used to perform mutual
authentication. The 'crypto' attribute is used to generate a shared
secret between the client and the floor control server.
m=application 20000 TCP/BFCP *
a=setup:passive
a=connection:new
a=crypto:1 HMAC-SHA1 inline:c2hhcmVkLXNlY3JldA==
a=nonce:5736
a=confid:4321
a=userid:1234
a=floorid:1 m-stream:10
a=floorid:2 m-stream:11
m=audio 20000 RTP/AVP 0
a=label:10
m=video 30000 RTP/AVP 31
a=label:11
The following is the answer returned by the participant.
m=application 9 TCP/BFCP * m=application 9 TCP/BFCP *
a=setup:active a=setup:active
a=connection:new a=connection:new
a=crypto:1 HMAC-SHA1 inline:c2hhcmVkLXNlY3JldA==
m=audio 25000 RTP/AVP 0 m=audio 25000 RTP/AVP 0
m=video 35000 RTP/AVP 31 m=video 35000 RTP/AVP 31
11. Security Considerations 10. Security Considerations
The BFCP [7], SDP [3], and the offer/answer [5] specifications The BFCP [8], SDP [11], and the offer/answer [5] specifications
discuss security issues related to BFCP, SDP, and the offer/answer discuss security issues related to BFCP, SDP, and the offer/answer
respectively. In addition, [6] and [9] discuss security issues respectively. In addition, [7] and [10] discuss security issues
related to the establishment of TCP and TLS connections using an related to the establishment of TCP and TLS connections using an
offer/answer model. offer/answer model.
An issue which is discussed in the previous specifications and is of An issue which is discussed in the previous specifications and is of
particular importance for this specification relates to the usage of particular importance for this specification relates to the usage of
the 'k' line to provide shared secrets to clients. When the 'k' line the SDP 'crypto' attribute to generate shared secrets. When the
is used in this way, the session description carrying it SHOULD be 'crypto' attribute is used, the session description carrying it must
encrypted. Otherwise, an attacker could get access to the shared be encrypted, as specified in Section 8.2.1. Otherwise, an attacker
secret and impersonate the client. For session descriptions carried could get access to the shared secret and impersonate the client.
in SIP [4], S/MIME is the natural choice to provide such end-to-end For session descriptions carried in SIP [4], S/MIME is the natural
encryption. Other applications MAY use different encryption choice to provide such end-to-end encryption. Other applications MAY
mechanisms. use different encryption mechanisms.
12. IANA Considerations 11. IANA Considerations
This document instructs the IANA to register four new media-level SDP The following sections instruct the IANA to perform a set of actions.
attributes: 'confid', 'userid', 'floorid', and 'nonce'.
12.1 Registration of the confid Attribute 11.1 Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP 'proto'
values
This section instructs the IANA to register the following two new
values for the SDP 'proto' field under the Session Description
Protocol (SDP) Parameters registry:
+--------------+-----------+
| Value | Reference |
+--------------+-----------+
| TCP/BFCP | RFCxxxx |
| TCP/TLS/BFCP | RFCxxxx |
+--------------+-----------+
Table 2: Values for the SDP 'proto' field
[Note to the RFC editor: please, replace RFCxxxx with the RFC number
that this document will be assigned.]
11.2 Registration of the SDP 'confid' Attribute
This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters
registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: confid Attribute name: confid
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'confid' attribute carries the integer Purpose of attribute: The 'confid' attribute carries the integer
representation of a Conference ID. representation of a Conference ID.
Allowed attribute values: A token Allowed attribute values: A token
12.2 Registration of the userid Attribute 11.3 Registration of the SDP 'userid' Attribute
This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters
registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: userid Attribute name: userid
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'userid' attribute carries the integer Purpose of attribute: The 'userid' attribute carries the integer
representation of a User ID. representation of a User ID.
Allowed attribute values: A token Allowed attribute values: A token
12.3 Registration of the floorid Attribute 11.4 Registration of the SDP 'floorid' Attribute
This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters
registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: floorid Attribute name: floorid
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'floorid' attribute associates a floor Purpose of attribute: The 'floorid' attribute associates a floor
with one or more media streams. with one or more media streams.
Allowed attribute values: Tokens Allowed attribute values: Tokens
12.4 Registration of the nonce Attribute 11.5 Registration of the SDP 'nonce' Attribute
This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters
registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: nonce Attribute name: nonce
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'nonce' attribute carried a nonce to be Purpose of attribute: The 'nonce' attribute carried a nonce to be
used in the media stream (e.g., in the BFCP connection). used in the media stream (e.g., in the BFCP connection).
Allowed attribute values: A token Allowed attribute values: A token
13. Acknowledgments 11.6 Registration of the crypto-suites for 'TCP/BFCP'
This section instructs the IANA to register the 'TCP/BFCP' media
transport under the SDP Security Description registry. The key
methods supported is "inline". The reference for the SDP security
description for 'TCP/BFCP' is this document.
The following crypto-suite needs to be registered under the 'TCP/
BFCP' transport:
+-----------+-----------------+
| Value | BFCP Identifier |
+-----------+-----------------+
| HMAC-SHA1 | 0 |
+-----------+-----------------+
Table 3: Values for the crypto-suite field in TCP/BFCP
The IANA registry for Digest Algorithms in BFCP contains references
to the specifications that describe the usage of each digest
algorithm (identified by its BFCP identifier) in BFCP.
At this point, there are no session parameters defined for the 'TCP/
BFCP' media transport. Consequently, the IANA does not need to
create a session parameter subregistry under 'TCP/BFCP'.
12. Acknowledgments
Joerg Ott, Keith Drage, Alan Johnston, and Eric Rescorla provided Joerg Ott, Keith Drage, Alan Johnston, and Eric Rescorla provided
useful ideas for this document. useful ideas for this document.
14 Normative References 13. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Eastlake, D., Crocker, S., and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Crocker, D. and P. Overell, "Augmented BNF for Syntax [3] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[3] Handley, M. and V. Jacobson, "SDP: Session Description
Protocol", RFC 2327, April 1998.
[4] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., [4] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002. Session Initiation Protocol", RFC 3261, June 2002.
[5] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with [5] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
Session Description Protocol (SDP)", RFC 3264, June 2002. Session Description Protocol (SDP)", RFC 3264, June 2002.
[6] Yon, D., "Connection-Oriented Media Transport in the Session [6] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings",
Description Protocol (SDP)", draft-ietf-mmusic-sdp-comedia-09 RFC 3548, July 2003.
(work in progress), September 2004.
[7] Camarillo, G., "The Binary Floor Control Protocol (BFCP)", [7] Yon, D., "Connection-Oriented Media Transport in the Session
draft-ietf-xcon-bfcp-01 (work in progress), October 2004. Description Protocol (SDP)", draft-ietf-mmusic-sdp-comedia-10
(work in progress), November 2004.
[8] Levin, O. and G. Camarillo, "The SDP (Session Description [8] Camarillo, G., "The Binary Floor Control Protocol (BFCP)",
draft-ietf-xcon-bfcp-03 (work in progress), January 2005.
[9] Levin, O. and G. Camarillo, "The SDP (Session Description
Protocol) Label Attribute", Protocol) Label Attribute",
draft-levin-mmmusic-sdp-media-label-00 (work in progress), July draft-levin-mmmusic-sdp-media-label-00 (work in progress),
2004. July 2004.
[9] Lennox, J., "Connection-Oriented Media Transport over the [10] Lennox, J., "Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP)", draft-ietf-mmusic-comedia-tls-02 Description Protocol (SDP)", draft-ietf-mmusic-comedia-tls-02
(work in progress), October 2004. (work in progress), October 2004.
[11] Handley, M., "SDP: Session Description Protocol",
draft-ietf-mmusic-sdp-new-24 (work in progress), February 2005.
[12] Andreasen, F., Baugher, M., and D. Wing, "Session Description
Protocol Security Descriptions for Media Streams",
draft-ietf-mmusic-sdescriptions-09 (work in progress),
February 2005.
Author's Address Author's Address
Gonzalo Camarillo Gonzalo Camarillo
Ericsson Ericsson
Hirsalantie 11 Hirsalantie 11
Jorvas 02420 Jorvas 02420
Finland Finland
EMail: Gonzalo.Camarillo@ericsson.com Email: Gonzalo.Camarillo@ericsson.com
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/