Session Description Protocol (SDP) Offer/Answer Considerations for Datagram Transport Layer Security (DTLS)
and Transport Layer Security (TLS)
EricssonHirsalantie 11Jorvas02420Finlandchrister.holmberg@ericsson.comTurboBridge4905 Del Ray Avenue, Suite 300BethesdaMD20814USA+1 (240) 292-6632rshpount@turbobridge.com
RAI
This document defines the Session Description Protocol (SDP) offer/answer procedures for
negotiating and establishing a Datagram Transport Layer Security (DTLS) association.
The document also defines the criteria for when a new DTLS association must be established.
The document updates RFC 5763 and RFC 7345, by replacing common SDP offer/answer procedures
with a reference to this specification.
This document defines a new SDP media-level attribute, 'tls-id'.
This document also defines how the 'tls-id' attribute can be used for negotiating
and establishing a Transport Layer Security (TLS) connection, in conjunction with
the procedures in RFC 4145 and RFC 8122.
defines Session Description Protocol (SDP)
offer/answer procedures for Secure Realtime Transport Protocol Using Datagram Transport Layer Security (DTLS-SRTP).
defines SDP offer/answer procedures for
UDP Transport Layer over Datagram Transport Layer Security (UDPTL-DTLS). This specification
defines general offer/answer procedures for DTLS, based on the procedures in .
Other specifications, defining specific DTLS usages, can then reference this specification,
in order to ensure that the DTLS aspects are common among all usages. Having common
procedures is essential when multiple usages share the same
DTLS association .
The document updates
and , by replacing common
SDP offer/answer procedures with a reference to this specification.
NOTE: Since the publication of ,
has been obsoleted by
. The updating
of the references (and the associated procedures) within is outside the scope of this document. However, implementers of
applications are encouraged to
implement instead
of .
As defined in , a new DTLS association
MUST be established when transport parameters are changed. Transport parameter change is not
well defined when Interactive Connectivity Establishment (ICE) is used. One possible way to determine a transport change is
based on ufrag change,
but the ufrag value is changed both when ICE is negotiated
and when ICE restart occurs. These events
do not always require a new DTLS association to be established, but previously there was no way
to explicitly indicate in an SDP offer or answer whether a new DTLS association is required.
To solve that problem, this document defines a new SDP attribute, 'tls-id'. The pair of
SDP 'tls-id' attribute values (the attribute values of the offerer and the answerer)
uniquely identifies the DTLS association. Providing a new value of the 'tls-id' attribute in an SDP offer
or answers can be used to indicate whether a new DTLS association is to be established.
The SDP 'tls-id' attribute can be specified when negotiating a Transport Layer Security (TLS) connection, using
the procedures in this document in conjunction with the procedures in and .
The unique combination of SDP 'tls-id' attribute values can be used to identity the negotiated
TLS connection. The unique value can be used, for example, within TLS protocol extensions to
differentiate between multiple TLS connections and correlate those connections with specific
offer/answer exchanges. The TLS specific considerations are described in .
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 when, and only
when, they appear in all capitals, as shown here.
A new DTLS association must be established between two endpoints after a
successful SDP offer/answer exchange in the following cases:
The negotiated DTLS setup roles change; or
One or more fingerprint values are modified, added
or removed in either an SDP offer or answer; or
The intent to establish a new DTLS association is
explicitly signaled using SDP, by changing the value of the
SDP 'tls-id' attribute defined in this document;
NOTE: The first two items above are based on the procedures
in .
This specification adds the support for explicit signaling using the SDP 'tls-id' attribute.
A new DTLS association can only be established as a result of the successful SDP offer/answer exchange.
Whenever an entity determines that a new DTLS association is required, the entity MUST initiate an
SDP offer/answer exchange, following the procedures in .
The sections below describe typical cases where a new DTLS association needs to be established.
In this document, a "new DTLS association" between two endpoints refers to either
an initial DTLS association (when no DTLS association is currently established between
the endpoints) or an DTLS association replacing a previously established DTLS association.
If an endpoint modifies its local transport parameters (address and/or port), and if the modification
requires a new DTLS association, the endpoint MUST change its local SDP 'tls-id'
attribute value (see ).
If the underlying transport protocol prohibits a DTLS association from spanning multiple 5-tuples
(transport/source address/source port/destination address/destination port),
and if the 5-tuple is changed, the endpoint MUST change its local SDP 'tls-id' attribute value (see ).
An example of such a case is when DTLS is carried over the Stream Control Transmission Protocol (SCTP),
as described in .
If an endpoint uses ICE, and modifies a local ufrag value, and if the modification
requires a new DTLS association, the endpoint MUST change its local SDP 'tls-id'
attribute value (see ).
The pair of SDP 'tls-id' attribute values (the attribute values of the offerer and the answerer)
uniquely identifies the DTLS association or TLS connection.
Every time an endpoint requests to establish a new DTLS association, the endpoint MUST
generate a new local 'tls-id' attribute value. A non-changed local 'tls-id' attribute
value, in combination with non-changed fingerprints, indicates that the endpoint
intends to reuse the existing DTLS association.
The 'tls-id' attribute value MUST be generated using a strong random function
and include at least 120 bits of randomness.
No default value is defined for the SDP 'tls-id' attribute.
Implementations that wish to use the attribute MUST explicitly
include it in SDP offers and answers. If an offer or answer does not
contain a 'tls-id' attribute (this could happen if the offerer or
answerer represents an existing implementation that has not been
updated to support the 'tls-id' attribute), unless there is
another mechanism to explicitly indicate that a new DTLS association
is to be established, a modification of one or more of the following
characteristics MUST be treated as an indication that an endpoint
wants to establish a new DTLS association:
DTLS setup role; or
fingerprint set; or
local transport parameters
NOTE: A modification of the ufrag value is not treated as an indication
that an endpoint wants to establish a new DTLS assocation. In order to
indicate that a new DTLS association is to be established, one or more
of the characteristics listed above have to be modified.
The mux category
for the 'tls-id' attribute is 'IDENTICAL', which means that
the attribute value applies to all media descriptions
being multiplexed .
However, as described in ,
in order to avoid duplication the attribute is only associated with the "m=" line
representing the offerer/answerer BUNDLE-tag.
For RTP-based media, the 'tls-id' attribute applies to the whole associated
media description. The attribute MUST NOT be defined per source (using the
SDP 'ssrc' attribute ).
The SDP offer/answer
procedures associated with the attribute are defined in .
This section defines the generic SDP offer/answer procedures for negotiating
a DTLS association. Additional procedures (e.g., regarding usage of specific SDP
attributes etc.) for individual DTLS usages (e.g., DTLS-SRTP) are outside the scope
of this specification, and need to be specified in a usage specific specification.
NOTE: The procedures in this section are generalizations of procedures first
specified in DTLS-SRTP ,
with the addition of usage of the SDP 'tls-id' attribute. That document is
herein updated to make use of these new procedures.
The procedures in this section apply to an SDP media description ("m=" line) associated
with DTLS-protected media/data.
When an offerer or answerer indicates that it wants to establish a new DTLS association, it needs to make sure that
media packets associated with any previously established DTLS association and the new DTLS association can be de-multiplexed. In case
of an ordered transport (e.g., SCTP) this can be done simply by sending packets for the new DTLS association
after all packets associated with a previously established DTLS association has been sent. In case of an unordered transport, such as
UDP, packets associated with a previously established DTLS association can arrive after the answer SDP was received and after the first
packets associated with the new DTLS association were received. The only way to de-multiplex packets associated with
with a previously established DTLS association and the new DTLS association is on the basis of the 5-tuple. Because of this, if an unordered transport
is used for the DTLS association, a new 3-tuple (transport/source address/source port) MUST be allocated by at least one
of the endpoints so that DTLS packets can be de-multiplexed.
When an offerer needs to establish a new DTLS association, and if an unordered transport (e.g., UDP)
is used, the offerer MUST allocate a new 3-tuple for the offer in such a way that the offerer can
disambiguate any packets associated with the new DTLS association from any packets associated with
any other DTLS association. This typically means using a local address and/or port, or a set of
ICE candidates (see ), which were
not recently used for any other DTLS association.
When an answerer needs to establish a new DTLS association, if an unordered transport is used, and if
the offerer did not allocate a new 3-tuple, the answerer MUST allocate a new 3-tuple for the
answer in such a way that it can disambiguate any packets associated with the new DTLS association from any
packets associated with any other DTLS association. This typically means using a local address and/or
port, or a set of ICE candidates (see ),
which were not recently used for any other DTLS association.
In order to negotiate a DTLS association, the following SDP attributes are used:
The SDP 'setup' attribute, defined in , is used to negotiate the DTLS roles;
The SDP 'fingerprint' attribute, defined in , is used to
provide one or more fingerprint values; and
The SDP 'tls-id' attribute, defined in this specification, is used to identity
the DTLS association.
This specification does not define the usage of the SDP 'connection' attribute
for negotiating a DTLS
association. However, the attribute MAY be used if the DTLS association is used
together with another protocol (e.g., SCTP or TCP) for which the usage of the
attribute has been defined.
Unlike for TCP and TLS connections, endpoints MUST NOT use the
SDP 'setup' attribute 'holdconn' value when negotiating a DTLS association.
Endpoints MUST support the hash functions as defined in
.
The certificate received during the DTLS handshake MUST match a certificate
fingerprint received in SDP 'fingerprint' attributes according to the procedures
defined in .
If fingerprints do not match the hashed certificate, then an endpoint MUST tear
down the media session immediately (see ).
SDP offerers and answerers might reuse certificates across multiple DTLS
associations, and provide identical fingerprint values for each DTLS
association. The combination of the SDP 'tls-id' attribute values of the SDP
offerer and answerer identifies each individual DTLS association.
NOTE: There are cases where the SDP 'tls-id' attribute value generated by the
offerer will end up being used for multiple DTLS associations. For that reason
the combination of the attribute values of the offerer and answerer is needed
in order to identity a DTLS association. An example of such case is where the
offerer sends an updated offer (), without modifying its
attribute value, but the answerer determines that a new DTLS association is to
be created. The answerer will generate a new local attribute value for the new
DTLS association (), while the offerer will use the
same attribute value that it used for the current association. Another example is
when the Session Initiation Protocol (SIP) is used for signalling, and an offer is forked to multiple answerers.
The attribute value generated by the offerer will be used for DTLS associations
established by each answerer.
When an offerer sends the initial offer, the offerer MUST insert an SDP 'setup' attribute
with an 'actpass' attribute value, and
one or more SDP 'fingerprint' attributes according to the procedures in . In addition, the offerer MUST insert in the offer an SDP
'tls-id' attribute with a unique attribute value.
As the offerer inserts the SDP 'setup' attribute with an 'actpass' attribute value, the
offerer MUST be prepared to receive a DTLS ClientHello message (if a new DTLS association is established by the answerer) from the answerer
before the offerer receives the SDP answer.
If the offerer receives a DTLS ClientHello message, and a DTLS association is established,
before the offerer receives the SDP Answer carrying the fingerprint associated with the DTLS
association, any data received on the DTLS association before the fingerprint MUST be
considered coming from an unverified source. The processing of such data, and sending of data
by the offerer to the unverified source, is outside the scope of this document.
When an answerer sends an answer, the answerer MUST insert in the answer an SDP 'setup' attribute
according to the procedures in , and one
or more SDP 'fingerprint' attributes according to the procedures in .
If the answerer determines, based on the criteria specified in ,
that a new DTLS association is to be established, the answerer MUST insert in the associated answer
an SDP 'tls-id' attribute with a new unique attribute value. Note that the offerer and answerer generate
their own local 'tls-id' attribute values, and the combination of both values identify the
DTLS association.
If the answerer receives an offer that requires establishment of a new DTLS association, and if the
answerer does not accept the establishment of a new DTLS association, the answerer MUST reject
the "m=" lines associated with the suggested DTLS association
.
If an answerer receives an offer that does not require the establishment of a new DTLS association,
and if the answerer determines that a new DTLS association is not to be established,
the answerer MUST insert an SDP 'tls-id' attribute with the previously assigned attribute value in the
associated answer. In addition, the answerer MUST insert an SDP 'setup' attribute with an
attribute value that does not change the previously negotiated DTLS roles, and one or more SDP 'fingerprint'
attributes values that do not change the previously sent fingerprint set, in the associated answer.
If the answerer receives an offer that does not contain an SDP 'tls-id' attribute,
the answerer MUST NOT insert a 'tls-id' attribute in the answer.
If a new DTLS association is to be established, and if the answerer inserts an SDP 'setup'
attribute with an 'active' attribute value in the answer, the answerer MUST initiate a DTLS handshake
) by sending a DTLS ClientHello message towards the offerer.
Even though an offerer is required to insert an 'SDP' setup attribute with an 'actpass' attribute value
in initial offers () and subsequent offers (),
the answerer MUST be able to receive initial and subsequent offers with other attribute values, in order
to be backward compatible with older implementations that might insert other attribute values in initial and
subsequent offers.
When an offerer receives an answer that establishes a new DTLS association based on
criteria defined in , and if the offerer
becomes DTLS client (based on the value of the SDP 'setup' attribute value
), the offerer MUST
establish a DTLS association. If the offerer becomes DTLS server, it MUST wait for the answerer
to establish the DTLS association.
If the offerer indicated a desire to reuse an existing DTLS association and the
answerer does not request the establishment of a new DTLS association, the offerer will
continue to use the previously established DTLS association.
A new DTLS association can be established based on changes in either an SDP offer or answer.
When communicating with legacy endpoints, an offerer can receive an answer that includes the same
fingerprint set and setup role. A new DTLS association will still be established if such an answer
was received as a response to an offer which requested the establishment of a new DTLS association,
as the transport parameters would have been changed in the offer.
When an offerer sends a subsequent offer, and if the offerer wants to establish a new
DTLS association, the offerer MUST insert an SDP 'setup' attribute with an 'actpass' attribute value, and one or more SDP 'fingerprint'
attributes according to the procedures in .
In addition, the offerer MUST insert in the offer an SDP 'tls-id' attribute with a new unique
attribute value.
When an offerer sends a subsequent offer, and the offerer does not want to establish
a new DTLS association, and if a previously established DTLS association exists,
the offerer MUST insert an SDP 'setup' attribute with an 'actpass' attribute value, and
one or more SDP 'fingerprint' attributes with attribute values that do not change the previously
sent fingerprint set, in the offer. In addition, the offerer MUST insert an SDP 'tls-id'
attribute with the previously assigned attribute value in the offer.
NOTE: When a new DTLS association is being established, each endpoint needs to be prepared to receive
data on both the new and old DTLS associations as long as both are alive.
When the Interactive Connectivity Establishment (ICE) mechanism
is used, the
ICE connectivity checks are performed before the DTLS
handshake begins. Note that if aggressive nomination mode is used,
multiple candidate pairs may be marked valid before ICE finally
converges on a single candidate pair.
NOTE: Aggressive nomination has been deprecated from ICE, but must still be
supported for backwards compatibility reasons .
When a new DTLS association is established over an unordered transport, in order to
disambiguate any packets associated with the newly established DTLS association, at least
one of the endpoints MUST allocate a completely new set of ICE candidates which
were not recently used for any other DTLS association. This means the answerer
cannot initiate a new DTLS association unless the offerer initiated ICE restart
. If the answerer wants
to initiate a new DTLS association, it needs to initiate an ICE restart
and a new offer/answer exchange on its own. However, an ICE restart does not by
default require a new DTLS association
to be established.
NOTE: Simple Traversal of the UDP Protocol through NAT (STUN) packets are sent directly
over UDP, not over DTLS. describes
how to demultiplex STUN packets from DTLS packets and SRTP packets.
Each ICE candidate associated with a component is treated as being part of the
same DTLS association. Therefore, from a DTLS perspective it is not considered
a change of local transport parameters when an endpoint switches between those
ICE candidates.
The procedures in this document can also be used for negotiating and
establishing a TLS connection, with the restriction described below.
As specified in ,
the SDP 'connection' attribute is used to indicate whether to establish a new
TLS connection. An offerer and answerer MUST ensure that the 'connection'
attribute value and the 'tls-id' attribute value does not cause a conflict
regarding whether a new TLS connection is to be established or not.
NOTE: Even though the SDP 'connection' attribute can be used to indicate
whether a new TLS connection is to be established, the unique combination
of SDP 'tls-id' attribute values can be used to identity a TLS connection.
The unique value can be used e.g., within TLS protocol extensions to differentiate
between multiple TLS connections and correlate those connections with specific
offer/answer exchanges. One such extension is defined in
.
If an offerer or answerer inserts an SDP 'connection' attribute with a 'new'
value in the offer/answer and also inserts an SDP 'tls-id' attribute,
the value of tls-id' attribute MUST be new and unique.
If an offerer or answerer inserts an SDP 'connection' attribute with a 'existing'
value in the offer/answer, if a previously established TLS connection exists, and
if the offerer/answerer previously inserted an SDP 'tls-id' attribute associated with
the same TLS connection in an offer/answer, the offerer/answerer MUST also insert
an SDP 'tls-id' attribute with the previously assigned value in the offer/answer.
If an offerer or answerer receives an offer/answer with conflicting attribute values,
the offerer/answerer MUST process the offer/answer as misformed.
An endpoint MUST NOT make assumptions regarding the support of the SDP 'tls-id'
attribute by the peer. Therefore, to avoid ambiguity, both offerers and answerers
MUST always use the 'connection' attribute in conjunction with the 'tls-id' attribute.
NOTE: As defined in , if the
SDP 'connection' attribute is not explicitly present, the implicit default value is 'new'.
The SDP example below is based on the example in section 3.4 of
, with the addition of
the SDP 'tls-id' attribute.
When the Session Initiation Protocol (SIP) is used as the signal protocol for establishing a multimedia
session, dialogs might be
established between the caller and multiple callees. This is referred to as forking.
If forking occurs, separate DTLS associations will be established between the caller
and each callee.
When forking occurs, an SDP offerer can receive DTLS ClientHello messages and SDP
answerers from multiple remote locations. Because of this, the offerer might have to
wait for multiple SDP answers (from different remote locations) until it receives
a certificate fingerprint that matches the certificate associated with a specific
DTLS handshake. The offerer MUST NOT declare a fingerprint mismatch until it
determines that it will not receive SDP answers from any additional remote locations.
It is possible to send an INVITE request which does not contain an SDP offer. Such
an INVITE request is often referred to as an 'empty INVITE', or an 'offer-less INVITE'.
The receiving endpoint will include the SDP offer in a response to the request.
When the endpoint generates such SDP offer, if a previously established
DTLS association exists, the offerer MUST insert an SDP 'tls-id'
attribute, and one or more SDP 'fingerprint' attributes, with previously assigned
attribute values. If a previously established DTLS association did not exist,
the offer MUST be generated based on the same rules as a new offer (see ).
Regardless of the previous existence of a DTLS association, the SDP 'setup' attribute
MUST be included according to the rules defined in . Furthermore, if ICE is used, according to the third party call control
considerations described in , ICE restart
MUST be initiated.
This section updates specifications that use DTLS-protected media, in
order to reflect the procedures defined in this specification.
The reference to is replaced
with a reference to .The text in section 5 (Establishing a Secure Channel) is modified by replacing generic
SDP offer/answer procedures for DTLS with a reference to this specification:
The text in section 6.6 (Session Modification) is modified by replacing generic
SDP offer/answer procedures for DTLS with a reference to this specification:
The text in section 6.7.1 (ICE Interaction) is modified by replacing the ICE procedures with
a reference to this specification:
The subsections (4.1.-4.5.) in section 4 (SDP Offerer/Answerer Procedures) are removed, and replaced with the new text below:The text in section 5.2.1 (ICE Usage) is modified by replacing the ICE procedures with
a reference to this specification:
A reference to is added to section 10.1 (Normative References):
This specification does not modify the security considerations associated with DTLS, or
the SDP offer/answer mechanism. In addition to the introduction of the SDP
'tls-id' attribute, the specification simply clarifies the procedures for
negotiating and establishing a DTLS association.
This specification does not modify the actual TLS connection setup procedures. The
SDP 'tls-is' attribute as such cannot be used to correlate an SDP Offer/Answer exchange with a
TLS connection setup. Thus, this draft does not introduce new security considerations
related to correlating an SDP Offer/Answer exchange with a TLS connection setup.
This document updates the "Session Description Protocol Parameters" registry
as specified in Section 8.2.2 of .
Specifically, it adds the SDP 'tls-id' attribute to the table for SDP
media level attributes.
Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat, Jens Guballa,
Charles Eckel, Gonzalo Salgueiro and Paul Jones for providing comments and
suggestions on the document. Ben Campbell performed an AD review. Paul
Kyzivat performed a gen-art review.
[RFC EDITOR NOTE: Please remove this section when publishing]Changes from draft-ietf-mmusic-sdp-dtls-31
Changes based on IESG comments from Eric RChanges from draft-ietf-mmusic-sdp-dtls-30
Changes based on IESG comments from Mirja KChanges from draft-ietf-mmusic-sdp-dtls-29
Removal of ufrag value change as a trigger for a new DTLS associationChanges from draft-ietf-mmusic-sdp-dtls-28
Changes based on IESG review by Adam Roach, Eric Rescorla, Alexey Melnikov and Mirja Kuhlewind:- Document title changed- Transport Protocol Considerations section removed- Additional text to Security Considerations section- Editorial changesChanges from draft-ietf-mmusic-sdp-dtls-27
Reference fixes based on Gen-ART review by Paul Kyzivat.Changes from draft-ietf-mmusic-sdp-dtls-26
Editorial fixes based on Gen-ART review by Paul Kyzivat.Changes from draft-ietf-mmusic-sdp-dtls-25
Minor editorial nits.Changes from draft-ietf-mmusic-sdp-dtls-24
Changes based on 2nd WGLC comments from Roman S and Martin T:- RFC update structure shortened (old text removed).- Guidance regarding receiving ClientHello before SDP answer added.- Additional SIP considerations regarding forking.- SDP setup attribute value restriction in initial and subsequent offers based on comment from Ekr.Changes from draft-ietf-mmusic-sdp-dtls-23
Editorial change to make it clear that the document does not
modify the procedures in RFC 8122.Changes from draft-ietf-mmusic-sdp-dtls-22
Support for TLS added.Editorial changes based on sec-dir review by Rich Salz.Editorial changes based on gen-art review by Paul Kyzivat.Editorial changes based on ops-dir review by Carlos Pignataro.Changes from draft-ietf-mmusic-sdp-dtls-21
Changes based on AD review by Ben Campbell.(https://www.ietf.org/mail-archive/web/mmusic/current/msg17707.html)Changes from draft-ietf-mmusic-sdp-dtls-20
Change to length and randomness of tls-id attribute value.Changes from draft-ietf-mmusic-sdp-dtls-19
Change based on comment from Roman.Changes from draft-ietf-mmusic-sdp-dtls-18
Changes based on comments from Flemming.- Change in tls-id value definition.- Editorial fixes.Changes from draft-ietf-mmusic-sdp-dtls-17
Reference fix.Changes from draft-ietf-mmusic-sdp-dtls-16
Editorial changes based on 2nd WGLC comments
from Christian Groves and Nevenka Biondic.Changes from draft-ietf-mmusic-sdp-dtls-15
tls-id attribute value made globally uniqueChanges from draft-ietf-mmusic-sdp-dtls-14
Changes based on comments from Flemming:- Additional dtls-is clarifications- Editorial fixesChanges from draft-ietf-mmusic-sdp-dtls-13
Text about the updated RFCs added to Abstract and IntroductionReference to RFC 5763 removed from section 6 (ICE Considerations)Reference to RFC 5763 removed from section 8 (SIP Considerations)Changes from draft-ietf-mmusic-sdp-dtls-12
"unreliable" changed to "unordered"Changes from draft-ietf-mmusic-sdp-dtls-11
Attribute name changed to tls-idAdditional text based on comments from Roman Shpount.Changes from draft-ietf-mmusic-sdp-dtls-10
Modified document to use tls-id instead of dtls-connectionChanges are based on comments from Eric Rescorla, Justin Uberti, and Paul Kyzivat.Changes from draft-ietf-mmusic-sdp-dtls-08
Offer/Answer section modified in order to allow sending of multiple SDP 'fingerprint' attributes.Terminology made consistent: 'DTLS connection' replaced with 'DTLS association'.Editorial changes based on comments from Paul Kyzivat.Changes from draft-ietf-mmusic-sdp-dtls-07
Reference to RFC 7315 replaced with reference to RFC 7345.Changes from draft-ietf-mmusic-sdp-dtls-06
Text on restrictions regarding spanning a DTLS association over multiple transports added.Mux category added to IANA Considerations.Normative text regarding mux category and source-specific applicability added.Reference to RFC 7315 added.Clarified that offerer/answerer that has not been updated to support this specification will
not include the tls-id attribute in offers and answers.Editorial corrections based on WGLC comments from Charles Eckel.Changes from draft-ietf-mmusic-sdp-dtls-05
Text on handling offer/answer error conditions added.Changes from draft-ietf-mmusic-sdp-dtls-04
Editorial nits fixed based on comments from Paul Kyzivat:Changes from draft-ietf-mmusic-sdp-dtls-03
Changes based on comments from Paul Kyzivat:- Modification of tls-id attribute section.- Removal of IANA considerations subsection.- Making note into normative text in o/a section.Changes based on comments from Martin Thompson:- Abbreviations section removed.- Clarify that a new DTLS association requires a new o/a transaction.Changes from draft-ietf-mmusic-sdp-dtls-02
- Updated RFCs added to boilerplate.Changes from draft-ietf-mmusic-sdp-dtls-01
- Annex regarding 'tls-id-id' attribute removed.- Additional SDP offer/answer procedures, related to certificates, added.- Updates to RFC 5763 and RFC 7345 added.- Transport protocol considerations added.Changes from draft-ietf-mmusic-sdp-dtls-00
- SDP 'connection' attribute replaced with new 'tls-id' attribute.- IANA Considerations added.- E-mail regarding 'tls-id-id' attribute added as Annex.Changes from draft-holmberg-mmusic-sdp-dtls-01
- draft-ietf-mmusic version of draft submitted.- Draft file name change (sdp-dtls -> dtls-sdp) due to collision with another expired draft.- Clarify that if ufrag in offer is unchanged, it must be unchanged in associated answer.- SIP Considerations section added.- Section about multiple SDP fingerprint attributes added.Changes from draft-holmberg-mmusic-sdp-dtls-00
- Editorial changes and clarifications.Procedures for real-time Group 3 facsimile communication over IP networksInternational Telecommunications Union