draft-ietf-mmusic-sdp-bfcp-02.txt   draft-ietf-mmusic-sdp-bfcp-03.txt 
MMUSIC Working Group G. Camarillo MMUSIC Working Group G. Camarillo
Internet-Draft Ericsson Internet-Draft Ericsson
Expires: January 19, 2006 July 18, 2005 Expires: June 2, 2006 November 29, 2005
Session Description Protocol (SDP) Format for Binary Floor Control Session Description Protocol (SDP) Format for Binary Floor Control
Protocol (BFCP) Streams Protocol (BFCP) Streams
draft-ietf-mmusic-sdp-bfcp-02.txt draft-ietf-mmusic-sdp-bfcp-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 19, 2006. This Internet-Draft will expire on June 2, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document specifies how to describe BFCP streams in SDP session This document specifies how to describe BFCP streams in SDP session
descriptions. User agents using the offer/answer model to establish descriptions. User agents using the offer/answer model to establish
BFCP streams use this format in their offers and their answers. BFCP streams use this format in their offers and their answers.
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fields in the 'm' Line . . . . . . . . . . . . . . . . . . . . 3 3. Fields in the 'm' Line . . . . . . . . . . . . . . . . . . . . 3
4. Floor Control Server Determination . . . . . . . . . . . . . . 4 4. Floor Control Server Determination . . . . . . . . . . . . . . 4
5. The 'confid' and 'userid' SDP Attributes . . . . . . . . . . . 6 5. The 'confid' and 'userid' SDP Attributes . . . . . . . . . . . 6
6. Association between Streams and Floors . . . . . . . . . . . . 6 6. Association between Streams and Floors . . . . . . . . . . . . 6
7. TCP Connection Management . . . . . . . . . . . . . . . . . . 7 7. TCP Connection Management . . . . . . . . . . . . . . . . . . 7
8. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 7 8. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1 Mutual Authentication Using Certificates and TLS . . . . . 8 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.2 Client Authentication at the BFCP Level . . . . . . . . . 8 10. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8.2.1 Generating a Shared Secret . . . . . . . . . . . . . . 8 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
8.2.2 The 'nonce' Attribute . . . . . . . . . . . . . . . . 9 11.1. Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP
9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 'proto' values . . . . . . . . . . . . . . . . . . . . . 9
9.1 Example Using TLS . . . . . . . . . . . . . . . . . . . . 10 11.2. Registration of the SDP 'floorctrl' Attribute . . . . . . 10
9.2 Example Using the 'crypto' Attribute . . . . . . . . . . . 11 11.3. Registration of the SDP 'confid' Attribute . . . . . . . 10
10. Security Considerations . . . . . . . . . . . . . . . . . . 11 11.4. Registration of the SDP 'userid' Attribute . . . . . . . 10
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 12 11.5. Registration of the SDP 'floorid' Attribute . . . . . . . 11
11.1 Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
'proto' values . . . . . . . . . . . . . . . . . . . . . . 12 13. Normative References . . . . . . . . . . . . . . . . . . . . . 11
11.2 Registration of the SDP 'floorctrl' Attribute . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13
11.3 Registration of the SDP 'confid' Attribute . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 14
11.4 Registration of the SDP 'userid' Attribute . . . . . . . . 13
11.5 Registration of the SDP 'floorid' Attribute . . . . . . . 14
11.6 Registration of the SDP 'nonce' Attribute . . . . . . . . 14
11.7 Registration of the crypto-suites for 'TCP/BFCP' . . . . . 15
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 15
13. Normative References . . . . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 17
Intellectual Property and Copyright Statements . . . . . . . . 18
1. Introduction 1. Introduction
As discussed in the BFCP (Binary Floor Control Protocol) As discussed in the BFCP (Binary Floor Control Protocol)
specification [8], a given BFCP client needs a set of data in order specification [8], a given BFCP client needs a set of data in order
to establish a BFCP connection to a floor control server. These data to establish a BFCP connection to a floor control server. These data
include the transport address of the server, the conference include the transport address of the server, the conference
identifier, and the user identifier. identifier, and the user identifier.
One way for clients to obtain this information consists of using an One way for clients to obtain this information consists of using an
offer/answer [5] exchange. This document specifies how to encode offer/answer [4] exchange. This document specifies how to encode
this information in the SDP session descriptions which are part of this information in the SDP session descriptions which are part of
such an offer/answer exchange. such an offer/answer exchange.
User agents typically use the offer/answer model to establish a User agents typically use the offer/answer model to establish a
number of media streams of different types. Following this model, a number of media streams of different types. Following this model, a
BFCP connection is described as any other media stream by using an BFCP connection is described as any other media stream by using an
SDP 'm' line, possibly followed by a number of attributes encoded in SDP 'm' line, possibly followed by a number of attributes encoded in
'a' lines. 'a' lines.
2. Terminology 2. Terminology
In this document, the key words "MUST", "MUST NOT", "REQUIRED", In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as
described in BCP 14, RFC 2119 [2] and indicate requirement levels for described in BCP 14, RFC 2119 [1] and indicate requirement levels for
compliant implementations. compliant implementations.
3. Fields in the 'm' Line 3. Fields in the 'm' Line
This Section describes how to generate an 'm' line for a BFCP stream. This Section describes how to generate an 'm' line for a BFCP stream.
According to the SDP specification [11], the 'm' line format is the According to the SDP specification [11], the 'm' line format is the
following: following:
m=<media> <port> <transport> <fmt> ... m=<media> <port> <transport> <fmt> ...
skipping to change at page 4, line 13 skipping to change at page 4, line 15
We define two new values for the transport field: TCP/BFCP and TCP/ We define two new values for the transport field: TCP/BFCP and TCP/
TLS/BFCP. The former is used when BFCP runs directly on top of TCP TLS/BFCP. The former is used when BFCP runs directly on top of TCP
and the latter is used when BFCP runs on top of TLS, which in turn and the latter is used when BFCP runs on top of TLS, which in turn
runs on top of TCP. runs on top of TCP.
The fmt (format) list is ignored for BFCP. The fmt list of BFCP m The fmt (format) list is ignored for BFCP. The fmt list of BFCP m
lines SHOULD contain a single "*" character. lines SHOULD contain a single "*" character.
The following is an example of an 'm' line for a BFCP connection: The following is an example of an 'm' line for a BFCP connection:
m=application 20000 TCP/TLS/BFCP * m=application 50000 TCP/TLS/BFCP *
4. Floor Control Server Determination 4. Floor Control Server Determination
When two endpoints establish a BFCP stream, they need to determine When two endpoints establish a BFCP stream, they need to determine
which of them acts as a floor control server. The most common which of them acts as a floor control server. The most common
scenario consists of a client establishing a BFCP stream with scenario consists of a client establishing a BFCP stream with
conference server that acts as the floor control server. Floor conference server that acts as the floor control server. Floor
control server determination is straight forward because one endpoint control server determination is straight forward because one endpoint
can only act as a client and the other can only act as a floor can only act as a client and the other can only act as a floor
control server. control server.
skipping to change at page 4, line 38 skipping to change at page 4, line 40
to decide which party will be acting as the floor control server. to decide which party will be acting as the floor control server.
Furthermore, there are situations where both the offerer and the Furthermore, there are situations where both the offerer and the
answerer act as both clients and floor control servers in the same answerer act as both clients and floor control servers in the same
session. For example, in a two-party session that involves an audio session. For example, in a two-party session that involves an audio
stream and a shared whiteboard, one party acts as the floor control stream and a shared whiteboard, one party acts as the floor control
server for the audio stream and the other acts as the floor control server for the audio stream and the other acts as the floor control
server for the shared whiteboard. server for the shared whiteboard.
We define the 'floorctrl' SDP media-level attribute to perform floor We define the 'floorctrl' SDP media-level attribute to perform floor
control determination. Its Augmented BNF syntax [3] is: control determination. Its Augmented BNF syntax [2] is:
floor-control-attribute = "a=floorctrl:" role *(SP role) floor-control-attribute = "a=floorctrl:" role *(SP role)
role = "c-only" / "s-only" / "c-s" role = "c-only" / "s-only" / "c-s"
The offerer includes this attribute to state all the roles it would The offerer includes this attribute to state all the roles it would
be willing to perform: be willing to perform:
c-only: The offerer would be willing to only act as a floor control c-only: The offerer would be willing to only act as a floor control
client. client.
s-only: The offerer would be willing to only act as a floor control s-only: The offerer would be willing to only act as a floor control
skipping to change at page 6, line 12 skipping to change at page 6, line 12
The following is an example of a 'floorctrl' attribute in an offer. The following is an example of a 'floorctrl' attribute in an offer.
When this attribute appears in an answer, it only carries one role: When this attribute appears in an answer, it only carries one role:
a=floorctrl:c-only s-only c-s a=floorctrl:c-only s-only c-s
5. The 'confid' and 'userid' SDP Attributes 5. The 'confid' and 'userid' SDP Attributes
We define the 'confid' and the 'userid' SDP media-level attributes. We define the 'confid' and the 'userid' SDP media-level attributes.
These attributes attributes are used by a floor control server to These attributes attributes are used by a floor control server to
provide a client with a conference ID and a user ID respectively. provide a client with a conference ID and a user ID respectively.
Their Augmented BNF syntax [3] is: Their Augmented BNF syntax [2] is:
confid-attribute = "a=confid:" conference-id confid-attribute = "a=confid:" conference-id
conference-id = token conference-id = token
userid-attribute = "a=userid:" user-id userid-attribute = "a=userid:" user-id
user-id = token user-id = token
The confid and the userid attributes carry the integer representation The confid and the userid attributes carry the integer representation
of a conference ID and a user ID respectively. of a conference ID and a user ID respectively.
Endpoints which use the offer/answer model to establish BFCP Endpoints which use the offer/answer model to establish BFCP
connections MUST support the confid and the userid attributes. A connections MUST support the confid and the userid attributes. A
floor control server acting as an offerer or as an answerers SHOULD floor control server acting as an offerer or as an answerers SHOULD
include these attributes in its session descriptions. include these attributes in its session descriptions.
6. Association between Streams and Floors 6. Association between Streams and Floors
We define the floorid SDP media-level attribute. Its Augmented BNF We define the floorid SDP media-level attribute. Its Augmented BNF
syntax [3] is: syntax [2] is:
floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)] floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)]
The floorid attribute is used in BFCP 'm' lines. It defines a floor The floorid attribute is used in BFCP 'm' lines. It defines a floor
identifier and, possibly, associates it with one or more media identifier and, possibly, associates it with one or more media
streams. The token representing the floor ID is the integer streams. The token representing the floor ID is the integer
representation of the Floor ID to be used in BFCP. The token representation of the Floor ID to be used in BFCP. The token
representing the media stream is a pointer to the media stream, which representing the media stream is a pointer to the media stream, which
is identified by an SDP label attribute [9] is identified by an SDP label attribute [9]
skipping to change at page 7, line 44 skipping to change at page 7, line 44
When a BFCP connection is established using the offer/answer model, When a BFCP connection is established using the offer/answer model,
it is assumed that the offerer and the answerer authenticate each it is assumed that the offerer and the answerer authenticate each
other using some mechanism. Once this mutual authentication takes other using some mechanism. Once this mutual authentication takes
place, all the offerer and the answerer need to make sure is that the place, all the offerer and the answerer need to make sure is that the
entity they are receiving BFCP messages from is the same as the one entity they are receiving BFCP messages from is the same as the one
that generated the previous offer or answer. that generated the previous offer or answer.
When SIP is used to perform an offer/answer exchange, the initial When SIP is used to perform an offer/answer exchange, the initial
mutual authentication takes place at the SIP level. Additionally, mutual authentication takes place at the SIP level. Additionally,
SIP uses S/MIME to provide an integrity protected channel with SIP uses S/MIME [6] to provide an integrity protected channel with
optional confidentiality for the offer/answer exchange. BFCP takes optional confidentiality for the offer/answer exchange. BFCP takes
advantage of this integrity protected offer/answer exchange to advantage of this integrity protected offer/answer exchange to
perform authentication. Within the offer/answer exchange, the perform authentication. Within the offer/answer exchange, the
offerer and the answerer exchange the fingerprints of their self- offerer and the answerer exchange the fingerprints of their self-
signed certificates. These self-signed certificates are then used to signed certificates. These self-signed certificates are then used to
establish the TLS connection that will carry BFCP traffic between the establish the TLS connection that will carry BFCP traffic between the
offerer and the answerer. Of course, certificates signed by a offerer and the answerer.
certificate authority known to both parties can also be used.
Section 8.1 describes mutual authentication using certificates and
TLS, which is the RECOMMENDED mechanism to perform mutual
authentication.
BFCP also provides a digest mechanism based on a shared secret to
provide client authentication in situations where TLS is not used for
some reason. Section 8.2 describes how to set up this mechanism
using an offer/answer model. Note that when mutual authentication is
performed using TLS, it is not necessary to use this digest
mechanism.
8.1 Mutual Authentication Using Certificates and TLS
BFCP clients and floor control servers follow the rules in [10] BFCP clients and floor control servers follow the rules in [10]
regarding certificate choice and presentation. This implies that regarding certificate choice and presentation. This implies that
unless a 'fingerprint' attribute is included in the session unless a 'fingerprint' attribute is included in the session
description, the certificate provided at the TLS-level must be signed description, the certificate provided at the TLS-level MUST either be
by a certificate authority known to other party. Endpoints which use directly signed by one of the other party's trust anchors or be
the offer/answer model to establish BFCP connections MUST support the validated using a certification path that terminates at one of the
other party's trust anchors [5]. Endpoints which use the offer/
answer model to establish BFCP connections MUST support the
'fingerprint' attribute and SHOULD include it in their session 'fingerprint' attribute and SHOULD include it in their session
descriptions. descriptions.
When TLS is used, once the underlaying TCP connection is established, When TLS is used, once the underlaying TCP connection is established,
the answerer acts as the TLS server regardless of its role (passive the answerer acts as the TLS server regardless of its role (passive
or active) in the TCP establishment procedure. or active) in the TCP establishment procedure.
8.2 Client Authentication at the BFCP Level
Digest authentication in BFCP is based on a shared secret between the
client and the floor control server. Section 8.2.1 describes how to
set up such a secret using an encrypted offer/answer exchange.
Section 8.2.2 describes how a floor control server can provide a
client with an initial nonce.
8.2.1 Generating a Shared Secret
This section describes how to generate a shared secret between a
client and a floor control server using SDP security descriptions and
the SDP 'crypto' attribute [12].
The following is the format of the 'crypto' attribute as defined in
[12]:
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
The use of the tag field is specified in [12].
The possible values for the crypto-suite field are defined within the
context of a transport; TCP/BFCP in our case. Within the context of
TCP/BFCP, we define the following value for the crypto-suite field:
+-----------+-----------------+
| Value | BFCP Identifier |
+-----------+-----------------+
| HMAC-SHA1 | 0 |
+-----------+-----------------+
Table 2: Values for the crypto-suite field in TCP/BFCP
The IANA registry for Digest Algorithms in BFCP contains references
to the specifications that describe the usage of each digest
algorithm (identified by its BFCP identifier) in BFCP.
The key-params field SHOULD use the 'inline' key method followed by a
base64-encoded [6] unguessable secret [1].
The use of the optional session-params field is for further study.
The following is an example of a 'crypto' attribute:
a=crypto:1 HMAC-SHA1 inline:c2hhcmVkLXNlY3JldA==
The use of the 'crypto' attribute in an offer/answer exchange is
described in [12]. Additionally, when this attribute is used with
BFCP streams, the answerer MUST use the same value in the key-params
field as the one received in the offer.
Endpoints MAY use other mechanisms (including out-of-band mechanisms)
to generate a shared secret. However, if the mechanism described in
this section is used, the session descriptions MUST be encrypted.
8.2.2 The 'nonce' Attribute
We define the SDP media-level 'nonce' attribute. Its Augmented BNF
syntax [3] is:
nonce-attribute = "a=nonce:" nonce-value
nonce-value = token
The 'nonce' attribute carries the integer representation of the nonce
to be used by the client in its next BFCP message (typically the
first message from the client) towards the floor control server.
This is an optimization so that the client does not need to generate
an initial BFCP message only to have it rejected by the floor control
server with an Error response containing a nonce.
Endpoints which use the offer/answer model to establish BFCP
connections SHOULD support the 'nonce' attribute. A floor control
server acting as an offerer or as an answerers MAY include this
attribute in its session descriptions.
9. Examples 9. Examples
For the purpose of brevity, the main portion of the session For the purpose of brevity, the main portion of the session
description is omitted in the examples, which only show 'm' lines and description is omitted in the examples, which only show 'm' lines and
their attributes. their attributes.
9.1 Example Using TLS
The following is an example of an offer sent by a conference server The following is an example of an offer sent by a conference server
to a client. to a client.
m=application 20000 TCP/TLS/BFCP * m=application 50000 TCP/TLS/BFCP *
a=setup:passive a=setup:passive
a=connection:new a=connection:new
a=fingerprint:SHA-1 \ a=fingerprint:SHA-1 \
4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB
a=floorctrl:s-only a=floorctrl:s-only
a=confid:4321 a=confid:4321
a=userid:1234 a=userid:1234
a=floorid:1 m-stream:10 a=floorid:1 m-stream:10
a=floorid:2 m-stream:11 a=floorid:2 m-stream:11
m=audio 20000 RTP/AVP 0 m=audio 50002 RTP/AVP 0
a=label:10 a=label:10
m=video 30000 RTP/AVP 31 m=video 50004 RTP/AVP 31
a=label:11 a=label:11
Note that due to RFC formatting conventions, this document splits SDP Note that due to RFC formatting conventions, this document splits SDP
across lines whose content would exceed 72 characters. A backslash across lines whose content would exceed 72 characters. A backslash
character marks where this line folding has taken place. This character marks where this line folding has taken place. This
backslash and its trailing CRLF and whitespace would not appear in backslash and its trailing CRLF and whitespace would not appear in
actual SDP content. actual SDP content.
The following is the answer returned by the user. The following is the answer returned by the client.
m=application 9 TCP/TLS/BFCP * m=application 9 TCP/TLS/BFCP *
a=setup:active a=setup:active
a=connection:new a=connection:new
a=fingerprint:SHA-1 \ a=fingerprint:SHA-1 \
3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21
a=floorctrl:c-only a=floorctrl:c-only
m=audio 25000 RTP/AVP 0 m=audio 55000 RTP/AVP 0
m=video 35000 RTP/AVP 31 m=video 55002 RTP/AVP 31
9.2 Example Using the 'crypto' Attribute
The following is an example of an offer sent by a client to a
conference server. In this case, TLS is not used to perform mutual
authentication. The 'crypto' attribute is used to generate a shared
secret between the client and the floor control server.
m=application 9 TCP/BFCP *
a=setup:active
a=connection:new
a=crypto:1 HMAC-SHA1 inline:c2hhcmVkLXNlY3JldA==
a=floorctrl:c-only
m=audio 25000 RTP/AVP 0
m=video 35000 RTP/AVP 31
The following is the answer returned by the conference server.
m=application 20000 TCP/BFCP *
a=setup:passive
a=connection:new
a=crypto:1 HMAC-SHA1 inline:c2hhcmVkLXNlY3JldA==
a=nonce:5736
a=floorctrl:s-only
a=confid:4321
a=userid:1234
a=floorid:1 m-stream:10
a=floorid:2 m-stream:11
m=audio 20000 RTP/AVP 0
a=label:10
m=video 30000 RTP/AVP 31
a=label:11
10. Security Considerations 10. Security Considerations
The BFCP [8], SDP [11], and the offer/answer [5] specifications The BFCP [8], SDP [11], and the offer/answer [4] specifications
discuss security issues related to BFCP, SDP, and the offer/answer discuss security issues related to BFCP, SDP, and the offer/answer
respectively. In addition, [7] and [10] discuss security issues respectively. In addition, [7] and [10] discuss security issues
related to the establishment of TCP and TLS connections using an related to the establishment of TCP and TLS connections using an
offer/answer model. offer/answer model.
An issue which is discussed in the previous specifications and is of BFCP assumes an initial integrity-protected channel used to exchange
particular importance for this specification relates to the usage of self-signed certificates between a client and the floor control
the SDP 'crypto' attribute to generate shared secrets. When the server. For session descriptions carried in SIP [3], S/MIME [6] is
'crypto' attribute is used, the session description carrying it must the natural choice to provide such a channel.
be encrypted, as specified in Section 8.2.1. Otherwise, an attacker
could get access to the shared secret and impersonate the client.
For session descriptions carried in SIP [4], S/MIME is the natural
choice to provide such end-to-end encryption. Other applications MAY
use different encryption mechanisms.
11. IANA Considerations 11. IANA Considerations
The following sections instruct the IANA to perform a set of actions. The following sections instruct the IANA to perform a set of actions.
11.1 Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP 'proto' 11.1. Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP 'proto'
values values
This section instructs the IANA to register the following two new This section instructs the IANA to register the following two new
values for the SDP 'proto' field under the Session Description values for the SDP 'proto' field under the Session Description
Protocol (SDP) Parameters registry: Protocol (SDP) Parameters registry:
+--------------+-----------+ +--------------+-----------+
| Value | Reference | | Value | Reference |
+--------------+-----------+ +--------------+-----------+
| TCP/BFCP | RFCxxxx | | TCP/BFCP | RFCxxxx |
| TCP/TLS/BFCP | RFCxxxx | | TCP/TLS/BFCP | RFCxxxx |
+--------------+-----------+ +--------------+-----------+
Table 3: Values for the SDP 'proto' field Table 2: Values for the SDP 'proto' field
[Note to the RFC editor: please, replace RFCxxxx with the RFC number [Note to the RFC editor: please, replace RFCxxxx with the RFC number
that this document will be assigned.] that this document will be assigned.]
11.2 Registration of the SDP 'floorctrl' Attribute 11.2. Registration of the SDP 'floorctrl' Attribute
This section instructs the IANA to register the following SDP att- This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters field under the Session Description Protocol (SDP) Parameters
registry: registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: floorctrl Attribute name: floorctrl
Long-form attribute name: Floor Control Long-form attribute name: Floor Control
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'floorctrl' attribute is used to Purpose of attribute: The 'floorctrl' attribute is used to perform
perform floor control server determination. floor control server determination.
Allowed attribute values: 1*("c-only" / "s-only" / "c-s") Allowed attribute values: 1*("c-only" / "s-only" / "c-s")
11.3 Registration of the SDP 'confid' Attribute 11.3. Registration of the SDP 'confid' Attribute
This section instructs the IANA to register the following SDP att- This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters field under the Session Description Protocol (SDP) Parameters
registry: registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: confid Attribute name: confid
Long-form attribute name: Conference Identifier Long-form attribute name: Conference Identifier
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'confid' attribute carries the integer Purpose of attribute: The 'confid' attribute carries the integer
representation of a Conference ID. representation of a Conference ID.
Allowed attribute values: A token Allowed attribute values: A token
11.4 Registration of the SDP 'userid' Attribute 11.4. Registration of the SDP 'userid' Attribute
This section instructs the IANA to register the following SDP att- This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters field under the Session Description Protocol (SDP) Parameters
registry: registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: userid Attribute name: userid
Long-form attribute name: User Identifier Long-form attribute name: User Identifier
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'userid' attribute carries the integer Purpose of attribute: The 'userid' attribute carries the integer
representation of a User ID. representation of a User ID.
skipping to change at page 14, line 17 skipping to change at page 11, line 20
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'userid' attribute carries the integer Purpose of attribute: The 'userid' attribute carries the integer
representation of a User ID. representation of a User ID.
Allowed attribute values: A token Allowed attribute values: A token
11.5 Registration of the SDP 'floorid' Attribute 11.5. Registration of the SDP 'floorid' Attribute
This section instructs the IANA to register the following SDP att- This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters field under the Session Description Protocol (SDP) Parameters
registry: registry:
Contact name: Gonzalo.Camarillo@ericsson.com Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: floorid Attribute name: floorid
Long-form attribute name: Floor Identifier Long-form attribute name: Floor Identifier
Type of attribute Media level Type of attribute Media level
Subject to charset: No Subject to charset: No
Purpose of attribute: The 'floorid' attribute associates a floor Purpose of attribute: The 'floorid' attribute associates a floor
with one or more media streams. with one or more media streams.
Allowed attribute values: Tokens Allowed attribute values: Tokens
11.6 Registration of the SDP 'nonce' Attribute
This section instructs the IANA to register the following SDP att-
field under the Session Description Protocol (SDP) Parameters
registry:
Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: nonce
Long-form attribute name: Nonce
Type of attribute Media level
Subject to charset: No
Purpose of attribute: The 'nonce' attribute carried a nonce to
be used in the media stream (e.g., in the BFCP connection).
Allowed attribute values: A token
11.7 Registration of the crypto-suites for 'TCP/BFCP'
This section instructs the IANA to register the 'TCP/BFCP' media
transport under the SDP Security Description registry. The key
methods supported is "inline". The reference for the SDP security
description for 'TCP/BFCP' is this document.
The following crypto-suite needs to be registered under the 'TCP/
BFCP' transport:
+-----------+-----------------+
| Value | BFCP Identifier |
+-----------+-----------------+
| HMAC-SHA1 | 0 |
+-----------+-----------------+
Table 4: Values for the crypto-suite field in TCP/BFCP
The IANA registry for Digest Algorithms in BFCP contains references
to the specifications that describe the usage of each digest
algorithm (identified by its BFCP identifier) in BFCP.
At this point, there are no session parameters defined for the 'TCP/
BFCP' media transport. Consequently, the IANA does not need to
create a session parameter subregistry under 'TCP/BFCP'.
12. Acknowledgments 12. Acknowledgments
Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and
Oscar Novo provided useful ideas for this document. Oscar Novo provided useful ideas for this document.
13. Normative References 13. Normative References
[1] Eastlake, D., Crocker, S., and J. Schiller, "Randomness [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Recommendations for Security", RFC 1750, December 1994.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[3] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [2] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[4] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002. Session Initiation Protocol", RFC 3261, June 2002.
[5] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with [4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
Session Description Protocol (SDP)", RFC 3264, June 2002. Session Description Protocol (SDP)", RFC 3264, June 2002.
[6] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", [5] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509
RFC 3548, July 2003. Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 3280, April 2002.
[7] Yon, D., "Connection-Oriented Media Transport in the Session [6] Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
Description Protocol (SDP)", draft-ietf-mmusic-sdp-comedia-10 (S/MIME) Version 3.1 Certificate Handling", RFC 3850,
(work in progress), November 2004. July 2004.
[7] Yon, D. and G. Camarillo, "TCP-Based Media Transport in the
Session Description Protocol (SDP)", RFC 4145, September 2005.
[8] Camarillo, G., "The Binary Floor Control Protocol (BFCP)", [8] Camarillo, G., "The Binary Floor Control Protocol (BFCP)",
draft-ietf-xcon-bfcp-04 (work in progress), May 2005. draft-ietf-xcon-bfcp-05 (work in progress), July 2005.
[9] Levin, O. and G. Camarillo, "The SDP (Session Description [9] Levin, O. and G. Camarillo, "The SDP (Session Description
Protocol) Label Attribute", Protocol) Label Attribute",
draft-levin-mmmusic-sdp-media-label-00 (work in progress), draft-ietf-mmusic-sdp-media-label-01 (work in progress),
July 2004. January 2005.
[10] Lennox, J., "Connection-Oriented Media Transport over the [10] Lennox, J., "Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP)", draft-ietf-mmusic-comedia-tls-04 Description Protocol (SDP)", draft-ietf-mmusic-comedia-tls-05
(work in progress), July 2005. (work in progress), September 2005.
[11] Handley, M., "SDP: Session Description Protocol", [11] Handley, M., "SDP: Session Description Protocol",
draft-ietf-mmusic-sdp-new-24 (work in progress), February 2005. draft-ietf-mmusic-sdp-new-25 (work in progress), July 2005.
[12] Andreasen, F., "Session Description Protocol Security
Descriptions for Media Streams",
draft-ietf-mmusic-sdescriptions-11 (work in progress),
June 2005.
Author's Address Author's Address
Gonzalo Camarillo Gonzalo Camarillo
Ericsson Ericsson
Hirsalantie 11 Hirsalantie 11
Jorvas 02420 Jorvas 02420
Finland Finland
Email: Gonzalo.Camarillo@ericsson.com Email: Gonzalo.Camarillo@ericsson.com
 End of changes. 41 change blocks. 
251 lines changed or deleted 68 lines changed or added

This html diff was produced by rfcdiff 1.27, available from http://www.levkowetz.com/ietf/tools/rfcdiff/