idnits 2.17.1 draft-ietf-avt-rtp-cnames-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC3550, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. (Using the creation date from RFC3550, updated by this document, for RFC5378 checks: 1998-04-07) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 17, 2010) is 5033 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981) ** Downref: Normative reference to an Informational RFC: RFC 2104 Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 AVT A. Begen 3 Internet-Draft Cisco 4 Updates: 3550 (if approved) C. Perkins 5 Intended status: Standards Track University of Glasgow 6 Expires: December 19, 2010 D. Wing 7 Cisco 8 June 17, 2010 10 Guidelines for Choosing RTP Control Protocol (RTCP) Canonical Names 11 (CNAMEs) 12 draft-ietf-avt-rtp-cnames-00 14 Abstract 16 The RTP Control Protocol (RTCP) Canonical Name (CNAME) is a 17 persistent transport-level identifier for an RTP endpoint. While the 18 Synchronization Source (SSRC) identifier of an RTP endpoint may 19 change if a collision is detected, or when the RTP application is 20 restarted, the CNAME is meant to stay unchanged, so that RTP 21 endpoints can be uniquely identified and associated with their RTP 22 media streams. For proper functionality, CNAMEs should be unique 23 within the participants of an RTP session. However, the existing 24 guidelines for choosing the RTCP CNAME provided in the RTP standard 25 are insufficient to achieve this uniqueness. This memo updates these 26 guidelines to allow endpoints to choose unique CNAMEs. 28 Status of this Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on December 19, 2010. 45 Copyright Notice 47 Copyright (c) 2010 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . . 3 64 3. Deficiencies with Earlier RTCP CNAME Guidelines . . . . . . . . 3 65 4. Choosing an RTCP CNAME . . . . . . . . . . . . . . . . . . . . 4 66 4.1. Persistent vs. Per-Session CNAMEs . . . . . . . . . . . . . 4 67 4.2. Guidelines . . . . . . . . . . . . . . . . . . . . . . . . 5 68 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 69 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 70 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 71 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 72 8.1. Normative References . . . . . . . . . . . . . . . . . . . 6 73 8.2. Informative References . . . . . . . . . . . . . . . . . . 7 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 76 1. Introduction 78 In Section 6.5.1 of [RFC3550], there are a number of recommendations 79 for choosing a unique RTCP CNAME for an RTP endpoint. However, in 80 practice, some of these methods are not guaranteed to produce a 81 unique CNAME. This memo updates guidelines for choosing CNAMEs, 82 superceding those presented in Section 6.5.1 of [RFC3550]. 84 2. Requirements Notation 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 88 document are to be interpreted as described in [RFC2119]. 90 3. Deficiencies with Earlier RTCP CNAME Guidelines 92 The recommendation in [RFC3550] is to generate the CNAME of the form 93 "user@host" for multiuser systems, or "host" if the username is not 94 available. The "host" part is specified to be the fully qualified 95 domain name (FQDN) of the host from which the real-time data 96 originates. However, FQDNs are not necessarily unique, and can 97 sometimes be common across several endpoints in large service 98 provider networks. Thus, the use of FQDN as the CNAME is strongly 99 discouraged. 101 IPv4 addresses are also suggested for use in CNAMEs in [RFC3550], 102 where the "host" part of the RTCP CNAME is the numeric representation 103 of the IP address of the interface from which the RTP data 104 originates. As noted in [RFC3550], the use of private network 105 address space [RFC1918] can result in hosts having network addresses 106 that are not globally unique. However, this shared use of the same 107 IP address can also occur with public IP addresses if multiple hosts 108 are assigned the same public IP address and connected to a Network 109 Address Translation (NAT) device [RFC3022]. When multiple hosts 110 share the same IP address, whether private or public, using the IP 111 address as the CNAME leads to CNAMEs that are not necessarily unique. 113 [RFC3550] also notes that if hosts with private addresses and no 114 direct IP connectivity to the public Internet have their RTP packets 115 forwarded to the public Internet through an RTP-level translator, 116 they may end up having non-unique CNAMEs. [RFC3550] suggests that 117 such applications provide a configuration option to allow the user to 118 choose a unique CNAME, and puts the burden on the translator to 119 translate CNAMEs from private addresses to public addresses if 120 necessary to keep private addresses from being exposed. Experience 121 has shown that this does not work well in practice. 123 4. Choosing an RTCP CNAME 125 It is difficult, and in some cases impossible, for a host to 126 determine if there is a NAT between itself and its RTP peer. 127 Furthermore, even some public IPv4 addresses can be shared by 128 multiple hosts in the Internet. Thus, using the numeric 129 representation of the IPv4 address as the "host" part of the RTCP 130 CNAME is NOT RECOMMENDED. 132 4.1. Persistent vs. Per-Session CNAMEs 134 The RTCP CNAME can either be persistent across different RTP sessions 135 for an RTP endpoint, or it can be unique per session, meaning that an 136 RTP endpoint chooses a different CNAME for each RTP session. 138 Persistent CNAMEs: To provide a binding across multiple media tools 139 used by one participant in a set of related RTP sessions, the CNAME 140 SHOULD be fixed for that participant. An RTP endpoint that is 141 emitting multiple related streams that require synchronization at the 142 other endpoint(s) SHOULD use a persistent CNAME. A persistent CNAME 143 is also useful to facilitate third-party monitoring, allowing network 144 management tools to correlate the ongoing quality of service across 145 multiple RTP sessions for fault diagnosis and to understand long-term 146 network performance statistics. 148 Note: A persistent CNAME will not provide a unique identifier for 149 each source if an application permits a user to generate multiple 150 sources from one host. Such an application would have to rely on 151 the SSRC to further identify the source, or the profile for that 152 application would have to specify additional syntax for the CNAME 153 identifier. 155 Note: If each RTP application creates its CNAME independently, 156 the resulting CNAMEs may not be identical as would be required to 157 provide a binding across multiple media tools belonging to one 158 participant in a set of related RTP sessions. If cross-media 159 binding is required, it may be necessary for the CNAME of each 160 tool to be externally configured with the same value by a 161 coordination tool. 163 Per-Session CNAMEs: The advantage of this approach is that the CNAME 164 is unique for each RTP session. This prevents the CNAME from being 165 used for traffic analysis. In other words, the RTP endpoints cannot 166 be identified based on their CNAMEs. This provides privacy, but 167 inhibits the use of RTCP as a tool for long-term network management 168 and monitoring. 170 4.2. Guidelines 172 RTP endpoints SHOULD practice one of the following guidelines in 173 choosing RTCP CNAME: 175 o Given that IPv6 addresses are naturally unique, an endpoint MAY 176 use one of its IPv6 address(es) as the "host" part of its CNAME 177 regardless of whether that IPv6 interface is being used for RTP 178 communication or not. If the RTP endpoint is associated with an 179 IPv6 privacy address [RFC4941] or a unique local IPv6 unicast 180 address [RFC4193], that address MAY be used as well. The IPv6 181 address is converted to its textual representation 182 [I-D.ietf-6man-text-addr-representation], resulting in a printable 183 string representation as short as 24 bits and as long as 304 bits. 184 Using IPv6 addresses as the "host" part of a CNAME was originally 185 suggested in [RFC3550]. 187 o An endpoint that does not know its fully qualified domain name, 188 and is configured with a private IP address on the interface it is 189 using for RTP communication, MAY use the numeric representation of 190 the layer-2 (MAC) address of that interface as the "host" part of 191 its CNAME. For IEEE 802 MAC addresses, such as Ethernet, the 192 standard colon-separated hexadecimal format is to be used, e.g., 193 "00:23:32:af:9b:aa" resulting in a 136-bit printable string 194 representation. 196 o An endpoint MAY use its Universally Unique IDentifier (UUID) 197 [RFC4122] to generate the "host" part of its CNAME. The string 198 representation described in Section 3 of [RFC4122] SHOULD be used 199 without "urn:uuid:", which results in a 288-bit printable string 200 representation. 202 o To generate a per-session CNAME, an endpoint MAY perform SHA1-HMAC 203 [RFC2104] on the concatenated values of the RTP endpoint's initial 204 SSRC, the source and destination IP addresses and ports, and a 205 randomly-generated value [RFC4086], and then truncate the 160-bit 206 output to 96 bits and finally convert the 96 bits to ASCII using 207 Base64 encoding [RFC4648]. This results in a 128-bit printable 208 string representation. Note that the CNAME MUST NOT change if an 209 SSRC collision occurs, hence only the initial SSRC value chosen by 210 the endpoint is used. 212 Each of the techniques is equally effective in generating unique 213 CNAMEs, and an RTP application MAY choose any of these techniques to 214 use. 216 5. Security Considerations 218 The security considerations of [RFC3550] apply to this document as 219 well. 221 In some environments, notably telephony, a fixed CNAME value allows 222 separate RTP sessions to be correlated and eliminates the obfuscation 223 provided by IPv6 privacy addresses [RFC4941] or IPv4 NAPT [RFC3022]. 224 Secure RTP (SRTP) [RFC3711] can help prevent such correlation by 225 encrypting Secure RTCP (SRTCP) but it should be noted that SRTP only 226 mandates SRTCP integrity protection (not encryption). Thus, RTP 227 applications used in such environments should consider encrypting 228 their SRTCP or generate a per-session CNAME as discussed in 229 Section 4.1. 231 6. IANA Considerations 233 There are no IANA considerations in this document. 235 7. Acknowledgments 237 Thanks to Marc Petit-Huguenin who suggested to use UUIDs in 238 generating CNAMEs. 240 8. References 242 8.1. Normative References 244 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 245 Jacobson, "RTP: A Transport Protocol for Real-Time 246 Applications", STD 64, RFC 3550, July 2003. 248 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 249 Requirement Levels", BCP 14, RFC 2119, March 1997. 251 [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 252 Addresses", RFC 4193, October 2005. 254 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 255 Extensions for Stateless Address Autoconfiguration in 256 IPv6", RFC 4941, September 2007. 258 [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally 259 Unique IDentifier (UUID) URN Namespace", RFC 4122, 260 July 2005. 262 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 263 Hashing for Message Authentication", RFC 2104, 264 February 1997. 266 [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness 267 Requirements for Security", BCP 106, RFC 4086, June 2005. 269 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 270 Encodings", RFC 4648, October 2006. 272 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 273 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 274 RFC 3711, March 2004. 276 [I-D.ietf-6man-text-addr-representation] 277 Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 278 Address Text Representation", 279 draft-ietf-6man-text-addr-representation-07 (work in 280 progress), February 2010. 282 8.2. Informative References 284 [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and 285 E. Lear, "Address Allocation for Private Internets", 286 BCP 5, RFC 1918, February 1996. 288 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 289 Address Translator (Traditional NAT)", RFC 3022, 290 January 2001. 292 Authors' Addresses 294 Ali Begen 295 Cisco 296 181 Bay Street 297 Toronto, ON M5J 2T3 298 CANADA 300 Email: abegen@cisco.com 301 Colin Perkins 302 University of Glasgow 303 Department of Computing Science 304 Glasgow, G12 8QQ 305 UK 307 Email: csp@csperkins.org 309 Dan Wing 310 Cisco Systems, Inc. 311 170 West Tasman Dr. 312 San Jose, CA 95134 313 USA 315 Email: dwing@cisco.com