idnits 2.17.1 draft-ietf-bfcpbis-rfc4583bis-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 11, 2015) is 3149 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC XXXX' on line 686 ** Obsolete normative reference: RFC 5750 (ref. '6') (Obsoleted by RFC 8550) == Outdated reference: A later version (-16) exists of draft-ietf-bfcpbis-rfc4582bis-13 ** Obsolete normative reference: RFC 4572 (ref. '10') (Obsoleted by RFC 8122) ** Obsolete normative reference: RFC 4566 (ref. '11') (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 6347 (ref. '12') (Obsoleted by RFC 9147) ** Obsolete normative reference: RFC 4582 (ref. '14') (Obsoleted by RFC 8855) ** Obsolete normative reference: RFC 4583 (ref. '15') (Obsoleted by RFC 8856) Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BFCPbis Working Group G. Camarillo 3 Internet-Draft Ericsson 4 Obsoletes: 4583 (if approved) T. Kristensen 5 Intended status: Standards Track P. Jones 6 Expires: March 14, 2016 Cisco 7 September 11, 2015 9 Session Description Protocol (SDP) Format for Binary Floor Control 10 Protocol (BFCP) Streams 11 draft-ietf-bfcpbis-rfc4583bis-12 13 Abstract 15 This document specifies how to describe Binary Floor Control Protocol 16 (BFCP) streams in Session Description Protocol (SDP) descriptions. 17 User agents using the offer/answer model to establish BFCP streams 18 use this format in their offers and answers. 20 This document obsoletes RFC 4583. Changes from RFC 4583 are 21 summarized in Section 14. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on March 14, 2016. 40 Copyright Notice 42 Copyright (c) 2015 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Fields in the 'm' Line . . . . . . . . . . . . . . . . . . . . 3 60 4. Floor Control Server Determination . . . . . . . . . . . . . . 4 61 4.1. SDP 'floorctrl' Attribute . . . . . . . . . . . . . . . . 5 62 5. SDP 'confid' and 'userid' Attributes . . . . . . . . . . . . . 6 63 6. SDP 'floorid' Attribute . . . . . . . . . . . . . . . . . . . 7 64 7. SDP 'bfcpver' Attribute . . . . . . . . . . . . . . . . . . . 7 65 8. BFCP Connection Management . . . . . . . . . . . . . . . . . . 8 66 8.1. TCP Connection Management . . . . . . . . . . . . . . . . 8 67 9. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 9 68 10. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 10 69 10.1. Generating the Initial SDP Offer . . . . . . . . . . . . . 10 70 10.2. Generating the SDP Answer . . . . . . . . . . . . . . . . 11 71 10.3. Offerer Processing of the SDP Answer . . . . . . . . . . . 12 72 10.4. Modifying the Session . . . . . . . . . . . . . . . . . . 12 73 10.5. DTLS Role Determination . . . . . . . . . . . . . . . . . 13 74 11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 12. Security Considerations . . . . . . . . . . . . . . . . . . . 15 76 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 77 13.1. Registration of SDP 'proto' Values . . . . . . . . . . . . 16 78 13.2. Registration of the SDP 'floorctrl' Attribute . . . . . . 16 79 13.3. Registration of the SDP 'confid' Attribute . . . . . . . . 17 80 13.4. Registration of the SDP 'userid' Attribute . . . . . . . . 17 81 13.5. Registration of the SDP 'floorid' Attribute . . . . . . . 17 82 13.6. Registration of the SDP 'bfcpver' Attribute . . . . . . . 18 83 14. Changes from RFC 4583 . . . . . . . . . . . . . . . . . . . . 18 84 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19 85 16. Normative References . . . . . . . . . . . . . . . . . . . . . 19 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 88 1. Introduction 90 As discussed in the BFCP (Binary Floor Control Protocol) 91 specification [8], a given BFCP client needs a set of data in order 92 to establish a BFCP connection to a floor control server. This data 93 includes the transport address of the server, the conference 94 identifier, and the user identifier. 96 One way for clients to obtain this information is to use an SDP 97 offer/answer [4] exchange. This document specifies how to encode 98 this information in the SDP session descriptions that are part of 99 such an offer/answer exchange. 101 User agents typically use the offer/answer model to establish a 102 number of media streams of different types. Following this model, a 103 BFCP connection is described as any other media stream by using an 104 SDP 'm' line, possibly followed by a number of attributes encoded in 105 'a' lines. 107 2. Terminology 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 111 "OPTIONAL" in this document are to be interpreted as described in BCP 112 14, RFC 2119 [1] and indicate requirement levels for compliant 113 implementations. 115 3. Fields in the 'm' Line 117 This section describes how to generate an 'm' line for a BFCP stream. 119 According to the SDP specification [11], the 'm' line format is the 120 following: 122 m= ... 124 The media field MUST have a value of "application". 126 The port field is set depending on the value of the proto field, as 127 explained below. A port field value of zero has the standard SDP 128 meaning (i.e., rejection of the media stream) regardless of the proto 129 field. 131 When TCP is used as the transport, the port field is set following 132 the rules in [7]. Depending on the value of the 'setup' attribute 133 (discussed in Section 8.1), the port field contains the port to 134 which the remote endpoint will direct BFCP messages or is 135 irrelevant (i.e., the endpoint will initiate the connection 136 towards the remote endpoint) and should be set to a value of 9, 137 which is the discard port. 139 When UDP is used as the transport, the port field contains the 140 port to which the remote endpoint will direct BFCP messages 141 regardless of the value of the 'setup' attribute. 143 This document defines four values for the proto field: TCP/BFCP, TCP/ 144 TLS/BFCP, UDP/BFCP, and UDP/TLS/BFCP. TCP/BFCP is used when BFCP 145 runs directly on top of TCP, TCP/TLS/BFCP is used when BFCP runs on 146 top of TLS, which in turn runs on top of TCP. Similarly, UDP/BFCP is 147 used when BFCP runs directly on top of UDP, and UDP/TLS/BFCP is used 148 when BFCP runs on top of DTLS [12], which in turn runs on top of UDP. 150 The fmt (format) list is not applicable to BFCP. The fmt list of 'm' 151 lines in the case of any proto field value related to BFCP SHOULD 152 contain a single "*" character. If the the fmt list contains any 153 other value it is ignored. 155 The following is an example of an 'm' line for a BFCP connection: 157 m=application 50000 TCP/TLS/BFCP * 159 4. Floor Control Server Determination 161 When two endpoints establish a BFCP stream, they need to determine 162 which of them acts as a floor control server. In the most common 163 scenario, a client establishes a BFCP stream with a conference server 164 that acts as the floor control server. Floor control server 165 determination is straight forward because one endpoint can only act 166 as a client and the other can only act as a floor control server. 168 However, there are scenarios where both endpoints could act as a 169 floor control server. For example, in a two-party session that 170 involves an audio stream and a shared whiteboard, the endpoints need 171 to decide which party will be acting as the floor control server. 173 Furthermore, there are situations where both the offerer and the 174 answerer act as both clients and floor control servers in the same 175 session. For example, in a two-party session that involves an audio 176 stream and a shared whiteboard, one party acts as the floor control 177 server for the audio stream and the other acts as the floor control 178 server for the shared whiteboard. 180 4.1. SDP 'floorctrl' Attribute 182 This document defines the 'floorctrl' SDP media-level attribute to 183 perform floor control server determination. Its Augmented BNF syntax 184 [2] is: 186 floor-control-attribute = "a=floorctrl:" role *(SP role) 187 role = "c-only" / "s-only" / "c-s" 189 The offerer includes this attribute to state all the roles it would 190 be willing to perform: 192 c-only: The offerer would be willing to act as a floor control 193 client only. 195 s-only: The offerer would be willing to act as a floor control 196 server only. 198 c-s: The offerer would be willing to act both as a floor control 199 client and as a floor control server. 201 If an SDP media description in an offer contains a 'floorctrl' 202 attribute, the answerer accepting that media MUST include a 203 'floorctrl' attribute in the corresponding media description of the 204 answer. The answerer includes this attribute to state which role the 205 answerer will perform. That is, the answerer chooses one of the 206 roles the offerer is willing to perform and generates an answer with 207 the corresponding role for the answerer. Table 1 shows the 208 corresponding roles for an answerer, depending on the offerer's role. 210 +---------+----------+ 211 | Offerer | Answerer | 212 +---------+----------+ 213 | c-only | s-only | 214 | s-only | c-only | 215 | c-s | c-s | 216 +---------+----------+ 218 Table 1: Roles 220 The following are the descriptions of the roles when they are chosen 221 by an answerer: 223 c-only: The answerer will act as a floor control client. 224 Consequently, the offerer will act as a floor control server. 226 s-only: The answerer will act as a floor control server. 227 Consequently, the offerer will act as a floor control client. 229 c-s: The answerer will act both as a floor control client and as a 230 floor control server. Consequently, the offerer will also act 231 both as a floor control client and as a floor control server. 233 Endpoints that use the offer/answer model to establish BFCP 234 connections MUST support the 'floorctrl' attribute. A floor control 235 server acting as an offerer or as an answerer SHOULD include this 236 attribute in its session descriptions. 238 If the 'floorctrl' attribute is not used in an offer/answer exchange, 239 by default the offerer and the answerer will act as a floor control 240 client and as a floor control server, respectively. 242 The following is an example of a 'floorctrl' attribute in an offer. 243 When this attribute appears in an answer, it only carries one role: 245 a=floorctrl:c-only s-only c-s 247 5. SDP 'confid' and 'userid' Attributes 249 This document defines the 'confid' and the 'userid' SDP media-level 250 attributes. These attributes are used by a floor control server to 251 provide a client with a conference ID and a user ID, respectively. 252 Their Augmented BNF syntax [2] is: 254 confid-attribute = "a=confid:" conference-id 255 conference-id = token 256 userid-attribute = "a=userid:" user-id 257 user-id = token 259 token-char = %x21 / %x23-27 / %x2A-2B / %x2D-2E / %x30-39 260 / %x41-5A / %x5E-7E 261 token = 1*(token-char) 263 The 'confid' and the 'userid' attributes carry the decimal integer 264 representation of a conference ID and a user ID, respectively. 266 The token-char and token elements are defined in [11] but included 267 here to provide support for the implementor of this SDP feature. 269 Endpoints that use the offer/answer model to establish BFCP 270 connections MUST support the 'confid' and the 'userid' attributes. A 271 floor control server acting as an offerer or as an answerer MUST 272 include these attributes in its session descriptions. 274 6. SDP 'floorid' Attribute 276 This document defines the 'floorid' SDP media-level attribute. This 277 attribute is used to provide an association between media streams and 278 floors. Its Augmented BNF syntax [2] is: 280 floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)] 282 The 'floorid' attribute is used in the SDP media description for BFCP 283 media. It defines a floor identifier and, possibly, associates it 284 with one or more media streams. The token representing the floor ID 285 is the integer representation of the Floor ID to be used in BFCP. 286 The token representing the media stream is a pointer to the media 287 stream, which is identified by an SDP label attribute [9]. 289 Endpoints that use the offer/answer model to establish BFCP 290 connections MUST support the 'floorid' and the 'label' attributes. A 291 floor control server acting as an offerer or as an answerer MUST 292 include these attributes in its session descriptions. 294 Note: In [15] 'm-stream' was erroneously used in Section 11. 295 Although the example was non-normative, it is implemented by some 296 vendors and occurs in cases where the endpoint is willing to act 297 as an server. Therefore, it is RECOMMENDED to support parsing and 298 interpreting 'm-stream' the same way as 'mstrm' when receiving. 300 7. SDP 'bfcpver' Attribute 302 This document defines the 'bfcpver' SDP media-level attribute. This 303 attribute is used for BFCP version negotiation. Its Augmented BNF 304 syntax [2] is: 306 bfcp-version-attribute = "a=bfcpver:" bfcp-version *(SP bfcp-version) 307 bfcp-version = token 309 The 'bfcpver' attribute defines the list of the versions of BFCP 310 supported by the endpoint. Tokens representing versions MUST be 311 integers matching the "Version" field that would be presented in the 312 BFCP COMMON-HEADER [8]. The version of BFCP to be used will then be 313 confirmed with a BFCP-level Hello/HelloAck. 315 Endpoints that use the offer/answer model to establish BFCP 316 connections SHOULD support the 'bfcpver' attribute. A floor control 317 server acting as an offerer or as an answerer SHOULD include this 318 attribute in its session descriptions. However, endpoints that 319 support RFC XXXX, and not only the [15] subset, are REQUIRED to 320 support and, when acting as a floor control server, to use the 321 'bfcpver' attribute. 323 If a 'bfcpver' attribute is not present, default values are inferred 324 from the transport specified in the 'm' line (Section 3). In 325 accordance with definition of the Version field in [8], when used 326 over a reliable transport the default value is "1", and when used 327 over an unreliable transport the default value is "2". 329 8. BFCP Connection Management 331 BFCP connections can use TCP or UDP as the underlying transport. 332 BFCP entities exchanging BFCP messages over UDP direct the BFCP 333 messages to the peer side connection address and port provided in the 334 SDP 'm' line. TCP connection management is more complicated and is 335 described below. 337 8.1. TCP Connection Management 339 The management of the TCP connection used to transport BFCP is 340 performed using the 'setup' and 'connection' attributes, as defined 341 in [7]. 343 The 'setup' attribute indicates which of the endpoints (client or 344 floor control server) initiates the TCP connection. The 'connection' 345 attribute handles TCP connection reestablishment. 347 The BFCP specification [8] describes a number of situations when the 348 TCP connection between a client and the floor control server needs to 349 be reestablished. However, that specification does not describe the 350 reestablishment process because this process depends on how the 351 connection was established in the first place. BFCP entities using 352 the offer/answer model follow the following rules. 354 When the existing TCP connection is closed and reestablished 355 following the rules in [8], the client MUST generate an offer towards 356 the floor control server in order to reestablish the connection. If 357 a TCP connection cannot deliver a BFCP message and times out, the 358 entity that attempted to send the message (i.e., the one that 359 detected the TCP timeout) MUST generate an offer in order to 360 reestablish the TCP connection. 362 Endpoints that use the offer/answer model to establish TCP 363 connections MUST support the 'setup' and 'connection' attributes. 365 9. Authentication 367 When a BFCP connection is established using the offer/answer model, 368 it is assumed that the offerer and the answerer authenticate each 369 other using some mechanism. TLS/DTLS is the preferred mechanism, but 370 other mechanisms are possible and outside the scope of this document. 371 Once this mutual authentication takes place, all the offerer and the 372 answerer need to ensure is that the entity they are receiving BFCP 373 messages from is the same as the one that generated the previous 374 offer or answer. 376 When SIP is used to perform an offer/answer exchange, the initial 377 mutual authentication takes place at the SIP level. Additionally, 378 SIP uses S/MIME [6] to provide an integrity-protected channel with 379 optional confidentiality for the offer/answer exchange. BFCP takes 380 advantage of this integrity-protected offer/answer exchange to 381 perform authentication. Within the offer/answer exchange, the 382 offerer and answerer exchange the fingerprints of their self-signed 383 certificates. These self-signed certificates are then used to 384 establish the TLS/DTLS connection that will carry BFCP traffic 385 between the offerer and the answerer. 387 BFCP clients and floor control servers follow the rules in [10] 388 regarding certificate choice and presentation. This implies that 389 unless a 'fingerprint' attribute is included in the session 390 description, the certificate provided at the TLS-/DTLS-level MUST 391 either be directly signed by one of the other party's trust anchors 392 or be validated using a certification path that terminates at one of 393 the other party's trust anchors [5]. Endpoints that use the offer/ 394 answer model to establish BFCP connections MUST support the 395 'fingerprint' attribute and MUST include it in their session 396 descriptions. 398 When TLS is used with TCP, once the underlying connection is 399 established, the answerer which may be the client or the floor 400 control server acts as the TLS server regardless of its role (passive 401 or active) in the TCP establishment procedure. If the TCP connection 402 is lost, the active endpoint is responsible for re-establishing the 403 TCP connection. Unless a new TLS session is negotiated, subsequent 404 SDP offers and answers will not impact the previously negotiated TLS 405 roles. 407 When DTLS is used with UDP, the requirements specified in Section 5 408 of [13] MUST be followed. 410 Informational note: How to determine which endpoint initiates the 411 TLS/DTLS association depends on the selected underlying transport. 412 It was decided to keep the original semantics in [15] for TCP to 413 retain backwards compatibility. When using UDP, the procedure 414 above was preferred since it adheres to [13] as used for DTLS- 415 SRTP, it does not overload offer/answer semantics, and it works 416 for offerless INVITE in scenarios with B2BUAs. 418 10. SDP Offer/Answer Procedures 420 This section defines the SDP offer/answer [4] procedures for 421 negotiating and establishing a BFCP connection. 423 If the 'm' line 'proto' value is 'TCP/TLS/BFCP' or 'UDP/TLS/BFCP', 424 each endpoint MUST provide a certificate fingerprint, using the SDP 425 'fingerprint' attribute [7], if the endpoint supports, and is willing 426 to use, a cipher suite with an associated certificate. 428 The authentication certificates are interpreted and validated as 429 defined in [10]. Self-signed certificates can be used securely, 430 provided that the integrity of the SDP description is assured as 431 defined in [10]. 433 Note: The procedures apply to a specific 'm' line describing a 434 BFCP connection. If an offer or answer contains multiple 'm' 435 lines describing BFCP connections, the procedures are applied 436 separately to each 'm' line. 438 10.1. Generating the Initial SDP Offer 440 When the offerer creates an initial offer, the offerer: 442 o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or 443 'UDP/TLS/BFCP', associate an SDP setup attribute, with an 444 'actpass' value, with the 'm' line; 446 o MUST, if the 'm' line proto value is 'TCP/BFCP' or 'TCP/TLS/BFCP', 447 associate an SDP 'connection' attribute, with a 'new' value, with 448 the 'm' line; and 450 In addition, if the offerer acts as the floor control server, the 451 offerer: 453 o SHOULD associate an SDP 'floorctrl' attribute defined in 454 Section 4.1, with the 'm' line; 456 o MUST associate an SDP 'confid' attribute defined in Section 5, 457 with the 'm' line; 459 o MUST associate an SDP 'userid' attribute defined in Section 5, 460 with the 'm' line; 462 o MUST associate an SDP 'floorid' attribute defined in Section 6, 463 with the 'm' line; 465 o MUST associate an SDP 'label' attribute as described in Section 6, 466 with the 'm' line; and 468 o SHOULD, if it supports only the RFC 4583 subset and MUST, if it 469 supports RFC XXXX associate an SDP 'bfcpver' attribute defined in 470 Section 7, with the 'm' line. 472 10.2. Generating the SDP Answer 474 When the answerer receives an offer, which contains an 'm' line 475 describing a BFCP connection, if the answerer accepts the 'm' line 476 it: 478 o MUST insert a corresponding 'm' line in the answer, with an 479 identical 'm' line proto value [4]; and 481 o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or 482 'UDP/TLS/BFCP', associate an SDP setup attribute, with an 'active' 483 or 'passive' value, with the 'm' line; 485 In addition, if the answerer acts as the floor control server, the 486 answerer: 488 o MUST, if the offer contains a 'floorctrl' attribute or else it 489 SHOULD associate an SDP 'floorctrl' attribute defined in 490 Section 4.1, with the 'm' line; 492 o MUST associate an SDP 'confid' attribute defined in Section 5, 493 with the 'm' line; 495 o MUST associate an SDP 'userid' attribute defined in Section 5, 496 with the 'm' line; 498 o MUST associate an SDP 'floorid' attribute defined in Section 6, 499 with the 'm' line; and 501 o MUST associate an SDP 'label' attribute as described in Section 6, 502 with the 'm' line. 504 o SHOULD, if it supports only the RFC 4583 subset and MUST, if it 505 supports RFC XXXX associate an SDP 'bfcpver' attribute defined in 506 Section 7, with the 'm' line. 508 Once the answerer has sent the answer, the answerer: 510 o MUST, if the answerer is the 'active' endpoint, and if a TCP 511 connection associated with the 'm' line is to be established (or 512 re-established), initiate the establishing of the TCP connection; 513 and 515 o MUST, if the answerer is the 'active' endpoint, and if an TLS/DTLS 516 connection associated with the 'm' line is to be established (or 517 re-established), initiate the establishing of the TLS/DTLS 518 connection (by sending a ClientHello message). 520 If the answerer does not accept the 'm' line in the offer, it MUST 521 assign a zero port value to the corresponding 'm' line in the answer. 522 In addition, the answerer MUST NOT establish a TCP connection or a 523 TLS/DTLS connection associated with the 'm' line. 525 10.3. Offerer Processing of the SDP Answer 527 When the offerer receives an answer, which contains an 'm' line with 528 a non-zero port value, describing a BFCP connection, the offerer: 530 o MUST, if the offer is the 'active' endpoint, and if a TCP 531 connection associated with the 'm' line is to be established (or 532 re-established), initiate the establishing of the TCP connection; 533 and 535 o MUST, if the offerer is the 'active' endpoint, and if an TLS/DTLS 536 connection associated with the 'm' line is to be established (or 537 re-established), initiate the establishing of the TLS/DTLS 538 connection (by sending a ClientHello message). 540 If the 'm' line in the answer contains a zero port value, the offerer 541 MUST NOT establish a TCP connection or a TLS/DTLS connection 542 associated with the 'm' line. 544 10.4. Modifying the Session 546 When an offerer sends an updated offer, in order to modify a 547 previously established BFCP connection, it follows the procedures in 548 Section 10.1, with the following exceptions: 550 o If the BFCP connection is carried on top of TCP, and unless the 551 offerer wants to re-establish an existing TCP connection, the 552 offerer MUST associate an SDP connection attribute, with an 553 'existing' value, with the 'm' line; and 555 o If the offerer wants to disable a previously established BFCP 556 connection, it MUST assign a zero port value to the 'm' line 557 associated with the BFCP connection, following the procedures in 558 [4]. 560 10.5. DTLS Role Determination 562 If the 'm' line proto value is 'UDP/TLS/BFCP', the 'active/passive' 563 status is used to determine the TLS roles. Following the procedures 564 in [10], the 'active' endpoint will take the TLS client role. 566 Once a DTLS connection has been established, if the 'active/passive' 567 status of the endpoints change during a session, a new DTLS 568 connection MUST be established. Therefore, endpoints SHOULD NOT 569 change the 'active/passive' status in subsequent offers and answers, 570 unless they want to establish a new DTLS connection. 572 The conditions under which endpoints MUST establish a new DTLS 573 connection are as the same defined for DTLS-SRTP in [13]. 575 11. Examples 577 For the purpose of brevity, the main portion of the session 578 description is omitted in the examples, which only show 'm' lines and 579 their attributes. 581 The following is an example of an offer sent by a conference server 582 to a client. 584 m=application 50000 TCP/TLS/BFCP * 585 a=setup:passive 586 a=connection:new 587 a=fingerprint:SHA-1 \ 588 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 589 a=floorctrl:s-only 590 a=confid:4321 591 a=userid:1234 592 a=floorid:1 mstrm:10 593 a=floorid:2 mstrm:11 594 a=bfcpver:1 595 m=audio 50002 RTP/AVP 0 596 a=label:10 597 m=video 50004 RTP/AVP 31 598 a=label:11 600 Note that due to RFC formatting conventions, this document splits SDP 601 across lines whose content would exceed 72 characters. A backslash 602 character marks where this line folding has taken place. This 603 backslash and its trailing CRLF and whitespace would not appear in 604 actual SDP content. 606 The following is the answer returned by the client. 608 m=application 9 TCP/TLS/BFCP * 609 a=setup:active 610 a=connection:new 611 a=fingerprint:SHA-1 \ 612 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 613 a=floorctrl:c-only 614 a=bfcpver:1 615 m=audio 55000 RTP/AVP 0 616 m=video 55002 RTP/AVP 31 618 A similar example using unreliable transport and DTLS is shown below, 619 where the offer is sent from a client. 621 m=application 50000 UDP/TLS/BFCP * 622 a=setup:actpass 623 a=fingerprint:SHA-1 \ 624 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 625 a=floorctrl:c-only s-only 626 a=confid:4321 627 a=userid:1234 628 a=floorid:1 mstrm:10 629 a=floorid:2 mstrm:11 630 a=bfcpver:2 631 m=audio 50002 RTP/AVP 0 632 a=label:10 633 m=video 50004 RTP/AVP 31 634 a=label:11 636 The following is the answer returned by the server. 638 m=application 55000 UDP/TLS/BFCP * 639 a=setup:active 640 a=fingerprint:SHA-1 \ 641 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 642 a=floorctrl:s-only 643 a=confid:4321 644 a=userid:1234 645 a=floorid:1 mstrm:10 646 a=floorid:2 mstrm:11 647 a=bfcpver:2 648 m=audio 55002 RTP/AVP 0 649 m=video 55004 RTP/AVP 31 651 12. Security Considerations 653 The BFCP [8], SDP [11], and offer/answer [4] specifications discuss 654 security issues related to BFCP, SDP, and offer/answer, respectively. 655 In addition, [7] and [10] discuss security issues related to the 656 establishment of TCP and TLS connections using an offer/answer model. 657 Furthermore, when using DTLS over UDP, considerations for its use 658 with RTP and RTCP are presented in [13]. The requirements for the 659 offer/answer exchange, as listed in Section 5 of [13], MUST be 660 followed. 662 An initial integrity-protected channel is REQUIRED for BFCP to 663 exchange self-signed certificates between a client and the floor 664 control server. For session descriptions carried in SIP [3], S/MIME 665 [6] is the natural choice to provide such a channel. 667 13. IANA Considerations 669 [Editorial note: The changes in Section 13.1 instruct the IANA to 670 register the two new values UDP/BFCP and UDP/TLS/BFCP for the SDP 671 'proto' field. The new section Section 13.6 registers a new SDP 672 "bfcpver" attribute. The rest is unchanged from [14].] 674 13.1. Registration of SDP 'proto' Values 676 The IANA has registered the following values for the SDP 'proto' 677 field under the Session Description Protocol (SDP) Parameters 678 registry: 680 +--------------+------------+ 681 | Value | Reference | 682 +--------------+------------+ 683 | TCP/BFCP | [RFC XXXX] | 684 | TCP/TLS/BFCP | [RFC XXXX] | 685 | UDP/BFCP | [RFC XXXX] | 686 | UDP/TLS/BFCP | [RFC XXXX] | 687 +--------------+------------+ 689 Table 2: Values for the SDP 'proto' field 691 13.2. Registration of the SDP 'floorctrl' Attribute 693 The IANA has registered the following SDP att-field under the Session 694 Description Protocol (SDP) Parameters registry: 696 Contact name: Gonzalo.Camarillo@ericsson.com 698 Attribute name: floorctrl 700 Long-form attribute name: Floor Control 702 Type of attribute: Media level 704 Subject to charset: No 706 Purpose of attribute: The 'floorctrl' attribute is used to perform 707 floor control server determination. 709 Allowed attribute values: 1*("c-only" / "s-only" / "c-s") 711 13.3. Registration of the SDP 'confid' Attribute 713 The IANA has registered the following SDP att-field under the Session 714 Description Protocol (SDP) Parameters registry: 716 Contact name: Gonzalo.Camarillo@ericsson.com 718 Attribute name: confid 720 Long-form attribute name: Conference Identifier 722 Type of attribute: Media level 724 Subject to charset: No 726 Purpose of attribute: The 'confid' attribute carries the integer 727 representation of a Conference ID. 729 Allowed attribute values: A token 731 13.4. Registration of the SDP 'userid' Attribute 733 The IANA has registered the following SDP att-field under the Session 734 Description Protocol (SDP) Parameters registry: 736 Contact name: Gonzalo.Camarillo@ericsson.com 738 Attribute name: userid 740 Long-form attribute name: User Identifier 742 Type of attribute: Media level 744 Subject to charset: No 746 Purpose of attribute: The 'userid' attribute carries the integer 747 representation of a User ID. 749 Allowed attribute values: A token 751 13.5. Registration of the SDP 'floorid' Attribute 753 The IANA has registered the following SDP att-field under the Session 754 Description Protocol (SDP) Parameters registry: 756 Contact name: Gonzalo.Camarillo@ericsson.com 758 Attribute name: floorid 760 Long-form attribute name: Floor Identifier 762 Type of attribute: Media level 764 Subject to charset: No 766 Purpose of attribute: The 'floorid' attribute associates a floor 767 with one or more media streams. 769 Allowed attribute values: Tokens 771 13.6. Registration of the SDP 'bfcpver' Attribute 773 The IANA has registered the following SDP att-field under the Session 774 Description Protocol (SDP) Parameters registry: 776 Contact name: Gonzalo.Camarillo@ericsson.com 778 Attribute name: bfcpver 780 Long-form attribute name: BFCP Version 782 Type of attribute: Media level 784 Subject to charset: No 786 Purpose of attribute: The 'bfcpver' attribute lists supported BFCP 787 versions. 789 Allowed attribute values: Tokens 791 14. Changes from RFC 4583 793 Following is the list of technical changes and other fixes from [15]. 795 Main purpose of this work was to add signaling support necessary to 796 support BFCP over unreliable transport, as described in [8], 797 resulting in the following changes: 799 1. Fields in the 'm' line (Section 3): 800 The section is re-written to remove reference to the exclusivity 801 of TCP as a transport for BFCP streams. The proto field values 802 UDP/BFCP and UDP/TLS/BFCP added. 804 2. Authentication (Section 9): 805 In last paragraph, made clear that a TCP connection was 806 described. 808 3. Security Considerations (Section 12): 809 For the DTLS over UDP case, mention existing considerations and 810 requirements for the offer/answer exchange in [13]. 812 4. Registration of SDP 'proto' Values (Section 13.1): 813 Register the two new values UDP/BFCP and UDP/TLS/BFCP in the SDP 814 parameters registry. 816 5. BFCP Version Negotiation (Section 7): 817 A new 'bfcpver' SDP media-level attribute is added in order to 818 signal supported version number. 820 Clarification and bug fixes: 822 1. Errata ID: 712 (Section 4 and Section 6): 823 Language clarification. Don't use terms like an SDP attribute is 824 "used in an 'm' line", instead make clear that the attribute is a 825 media-level attribute. 827 2. Fix typo in example (Section 11): 828 Do not use 'm-stream' in the SDP example, use the correct 'mstrm' 829 as specified in Section 11. Recommend interpreting 'm-stream' if 830 it is received, since it is present in some implementations. 832 3. Assorted clarifications (Across the document): 833 Language clarifications as a result of reviews. Also, the 834 normative language where tightened where appropriate, i.e. 835 changed from SHOULD strength to MUST in a number of places. 837 15. Acknowledgements 839 Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and 840 Oscar Novo provided useful ideas for the original [15]. The authors 841 also acknowledge contributions to the revision of BFCP for use over 842 an unreliable transport from Geir Arne Sandbakken, Charles Eckel, 843 Alan Ford, Eoin McLeod and Mark Thompson. Useful and important final 844 reviews were done by Ali C. Begen, Mary Barnes and Charles Eckel. 846 16. Normative References 848 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 849 Levels", BCP 14, RFC 2119, March 1997. 851 [2] Crocker, D. and P. Overell, "Augmented BNF for Syntax 852 Specifications: ABNF", STD 68, RFC 5234, January 2008. 854 [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., 855 Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: 856 Session Initiation Protocol", RFC 3261, June 2002. 858 [4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with 859 Session Description Protocol (SDP)", RFC 3264, June 2002. 861 [5] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, 862 R., and W. Polk, "Internet X.509 Public Key Infrastructure 863 Certificate and Certificate Revocation List (CRL) Profile", 864 RFC 5280, May 2008. 866 [6] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail 867 Extensions (S/MIME) Version 3.2 Certificate Handling", 868 RFC 5750, January 2010. 870 [7] Yon, D. and G. Camarillo, "TCP-Based Media Transport in the 871 Session Description Protocol (SDP)", RFC 4145, September 2005. 873 [8] Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C. 874 Eckel, "The Binary Floor Control Protocol (BFCP)", 875 draft-ietf-bfcpbis-rfc4582bis-13 (work in progress), 876 February 2015. 878 [9] Levin, O. and G. Camarillo, "The Session Description Protocol 879 (SDP) Label Attribute", RFC 4574, August 2006. 881 [10] Lennox, J., "Connection-Oriented Media Transport over the 882 Transport Layer Security (TLS) Protocol in the Session 883 Description Protocol (SDP)", RFC 4572, July 2006. 885 [11] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 886 Description Protocol", RFC 4566, July 2006. 888 [12] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 889 Security Version 1.2", RFC 6347, January 2012. 891 [13] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework for 892 Establishing a Secure Real-time Transport Protocol (SRTP) 893 Security Context Using Datagram Transport Layer Security 894 (DTLS)", RFC 5763, May 2010. 896 [14] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor Control 897 Protocol (BFCP)", RFC 4582, November 2006. 899 [15] Camarillo, G., "Session Description Protocol (SDP) Format for 900 Binary Floor Control Protocol (BFCP) Streams", RFC 4583, 901 November 2006. 903 Authors' Addresses 905 Gonzalo Camarillo 906 Ericsson 907 Hirsalantie 11 908 FI-02420 Jorvas 909 Finland 911 Email: Gonzalo.Camarillo@ericsson.com 913 Tom Kristensen 914 Cisco 915 Philip Pedersens vei 1 916 NO-1366 Lysaker 917 Norway 919 Email: tomkrist@cisco.com, tomkri@ifi.uio.no 921 Paul E. Jones 922 Cisco 923 7025 Kit Creek Rd. 924 Research Triangle Park, NC 27709 925 USA 927 Email: paulej@packetizer.com