idnits 2.17.1 draft-ietf-bfcpbis-rfc4583bis-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 9, 2016) is 2992 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC XXXX' on line 689 ** Obsolete normative reference: RFC 5750 (ref. '6') (Obsoleted by RFC 8550) ** Obsolete normative reference: RFC 4572 (ref. '10') (Obsoleted by RFC 8122) ** Obsolete normative reference: RFC 4566 (ref. '11') (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 6347 (ref. '12') (Obsoleted by RFC 9147) ** Obsolete normative reference: RFC 4582 (ref. '14') (Obsoleted by RFC 8855) ** Obsolete normative reference: RFC 4583 (ref. '15') (Obsoleted by RFC 8856) Summary: 6 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BFCPbis Working Group G. Camarillo 3 Internet-Draft Ericsson 4 Obsoletes: 4583 (if approved) T. Kristensen 5 Intended status: Standards Track P. Jones 6 Expires: August 12, 2016 Cisco 7 February 9, 2016 9 Session Description Protocol (SDP) Format for Binary Floor Control 10 Protocol (BFCP) Streams 11 draft-ietf-bfcpbis-rfc4583bis-13 13 Abstract 15 This document specifies how to describe Binary Floor Control Protocol 16 (BFCP) streams in Session Description Protocol (SDP) descriptions. 17 User agents using the offer/answer model to establish BFCP streams 18 use this format in their offers and answers. 20 This document obsoletes RFC 4583. Changes from RFC 4583 are 21 summarized in Section 14. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on August 12, 2016. 40 Copyright Notice 42 Copyright (c) 2016 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Fields in the 'm' Line . . . . . . . . . . . . . . . . . . . 3 60 4. Floor Control Server Determination . . . . . . . . . . . . . 4 61 4.1. SDP 'floorctrl' Attribute . . . . . . . . . . . . . . . . 4 62 5. SDP 'confid' and 'userid' Attributes . . . . . . . . . . . . 6 63 6. SDP 'floorid' Attribute . . . . . . . . . . . . . . . . . . . 6 64 7. SDP 'bfcpver' Attribute . . . . . . . . . . . . . . . . . . . 7 65 8. BFCP Connection Management . . . . . . . . . . . . . . . . . 7 66 8.1. TCP Connection Management . . . . . . . . . . . . . . . . 8 67 9. Authentication . . . . . . . . . . . . . . . . . . . . . . . 8 68 10. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 9 69 10.1. Generating the Initial SDP Offer . . . . . . . . . . . . 10 70 10.2. Generating the SDP Answer . . . . . . . . . . . . . . . 10 71 10.3. Offerer Processing of the SDP Answer . . . . . . . . . . 12 72 10.4. Modifying the Session . . . . . . . . . . . . . . . . . 12 73 10.5. DTLS Role Determination . . . . . . . . . . . . . . . . 12 74 11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 12. Security Considerations . . . . . . . . . . . . . . . . . . . 14 76 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 77 13.1. Registration of SDP 'proto' Values . . . . . . . . . . . 15 78 13.2. Registration of the SDP 'floorctrl' Attribute . . . . . 15 79 13.3. Registration of the SDP 'confid' Attribute . . . . . . . 16 80 13.4. Registration of the SDP 'userid' Attribute . . . . . . . 16 81 13.5. Registration of the SDP 'floorid' Attribute . . . . . . 16 82 13.6. Registration of the SDP 'bfcpver' Attribute . . . . . . 17 83 14. Changes from RFC 4583 . . . . . . . . . . . . . . . . . . . . 17 84 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 85 16. Normative References . . . . . . . . . . . . . . . . . . . . 18 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 88 1. Introduction 90 As discussed in the BFCP (Binary Floor Control Protocol) 91 specification [8], a given BFCP client needs a set of data in order 92 to establish a BFCP connection to a floor control server. This data 93 includes the transport address of the server, the conference 94 identifier, and the user identifier. 96 One way for clients to obtain this information is to use an SDP 97 offer/answer [4] exchange. This document specifies how to encode 98 this information in the SDP session descriptions that are part of 99 such an offer/answer exchange. 101 User agents typically use the offer/answer model to establish a 102 number of media streams of different types. Following this model, a 103 BFCP connection is described as any other media stream by using an 104 SDP 'm' line, possibly followed by a number of attributes encoded in 105 'a' lines. 107 2. Terminology 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 111 "OPTIONAL" in this document are to be interpreted as described in BCP 112 14, RFC 2119 [1] and indicate requirement levels for compliant 113 implementations. 115 3. Fields in the 'm' Line 117 This section describes how to generate an 'm' line for a BFCP stream. 119 According to the SDP specification [11], the 'm' line format is the 120 following: 122 m= ... 124 The media field MUST have a value of "application". 126 The port field is set depending on the value of the proto field, as 127 explained below. A port field value of zero has the standard SDP 128 meaning (i.e., rejection of the media stream) regardless of the proto 129 field. 131 When TCP is used as the transport, the port field is set following 132 the rules in [7]. Depending on the value of the 'setup' attribute 133 (discussed in Section 8.1), the port field contains the port to 134 which the remote endpoint will direct BFCP messages or is 135 irrelevant (i.e., the endpoint will initiate the connection 136 towards the remote endpoint) and should be set to a value of 9, 137 which is the discard port. 139 When UDP is used as the transport, the port field contains the 140 port to which the remote endpoint will direct BFCP messages 141 regardless of the value of the 'setup' attribute. 143 This document defines four values for the proto field: TCP/BFCP, 144 TCP/TLS/BFCP, UDP/BFCP, and UDP/TLS/BFCP. TCP/BFCP is used when BFCP 145 runs directly on top of TCP, TCP/TLS/BFCP is used when BFCP runs on 146 top of TLS, which in turn runs on top of TCP. Similarly, UDP/BFCP is 147 used when BFCP runs directly on top of UDP, and UDP/TLS/BFCP is used 148 when BFCP runs on top of DTLS [12], which in turn runs on top of UDP. 150 The fmt (format) list is not applicable to BFCP. The fmt list of 'm' 151 lines in the case of any proto field value related to BFCP SHOULD 152 contain a single "*" character. If the the fmt list contains any 153 other value it is ignored. 155 The following is an example of an 'm' line for a BFCP connection: 157 m=application 50000 TCP/TLS/BFCP * 159 4. Floor Control Server Determination 161 When two endpoints establish a BFCP stream, they need to determine 162 which of them acts as a floor control server. In the most common 163 scenario, a client establishes a BFCP stream with a conference server 164 that acts as the floor control server. Floor control server 165 determination is straight forward because one endpoint can only act 166 as a client and the other can only act as a floor control server. 168 However, there are scenarios where both endpoints could act as a 169 floor control server. For example, in a two-party session that 170 involves an audio stream and a shared whiteboard, the endpoints need 171 to decide which party will be acting as the floor control server. 173 Furthermore, there are situations where both the offerer and the 174 answerer act as both clients and floor control servers in the same 175 session. For example, in a two-party session that involves an audio 176 stream and a shared whiteboard, one party acts as the floor control 177 server for the audio stream and the other acts as the floor control 178 server for the shared whiteboard. 180 4.1. SDP 'floorctrl' Attribute 182 This document defines the 'floorctrl' SDP media-level attribute to 183 perform floor control server determination. Its Augmented BNF syntax 184 [2] is: 186 floor-control-attribute = "a=floorctrl:" role *(SP role) 187 role = "c-only" / "s-only" / "c-s" 189 The offerer includes this attribute to state all the roles it would 190 be willing to perform: 192 c-only: The offerer would be willing to act as a floor control 193 client only. 195 s-only: The offerer would be willing to act as a floor control 196 server only. 198 c-s: The offerer would be willing to act both as a floor control 199 client and as a floor control server. 201 If an SDP media description in an offer contains a 'floorctrl' 202 attribute, the answerer accepting that media MUST include a 203 'floorctrl' attribute in the corresponding media description of the 204 answer. The answerer includes this attribute to state which role the 205 answerer will perform. That is, the answerer chooses one of the 206 roles the offerer is willing to perform and generates an answer with 207 the corresponding role for the answerer. Table 1 shows the 208 corresponding roles for an answerer, depending on the offerer's role. 210 +---------+----------+ 211 | Offerer | Answerer | 212 +---------+----------+ 213 | c-only | s-only | 214 | s-only | c-only | 215 | c-s | c-s | 216 +---------+----------+ 218 Table 1: Roles 220 The following are the descriptions of the roles when they are chosen 221 by an answerer: 223 c-only: The answerer will act as a floor control client. 224 Consequently, the offerer will act as a floor control server. 226 s-only: The answerer will act as a floor control server. 227 Consequently, the offerer will act as a floor control client. 229 c-s: The answerer will act both as a floor control client and as a 230 floor control server. Consequently, the offerer will also act 231 both as a floor control client and as a floor control server. 233 Endpoints that use the offer/answer model to establish BFCP 234 connections MUST support the 'floorctrl' attribute. A floor control 235 server acting as an offerer or as an answerer SHOULD include this 236 attribute in its session descriptions. 238 If the 'floorctrl' attribute is not used in an offer/answer exchange, 239 by default the offerer and the answerer will act as a floor control 240 client and as a floor control server, respectively. 242 The following is an example of a 'floorctrl' attribute in an offer. 243 When this attribute appears in an answer, it only carries one role: 245 a=floorctrl:c-only s-only c-s 247 5. SDP 'confid' and 'userid' Attributes 249 This document defines the 'confid' and the 'userid' SDP media-level 250 attributes. These attributes are used by a floor control server to 251 provide a client with a conference ID and a user ID, respectively. 252 Their Augmented BNF syntax [2] is: 254 confid-attribute = "a=confid:" conference-id 255 conference-id = token 256 userid-attribute = "a=userid:" user-id 257 user-id = token 259 token-char = %x21 / %x23-27 / %x2A-2B / %x2D-2E / %x30-39 260 / %x41-5A / %x5E-7E 261 token = 1*(token-char) 263 The 'confid' and the 'userid' attributes carry the decimal integer 264 representation of a conference ID and a user ID, respectively. 266 The token-char and token elements are defined in [11] but included 267 here to provide support for the implementor of this SDP feature. 269 Endpoints that use the offer/answer model to establish BFCP 270 connections MUST support the 'confid' and the 'userid' attributes. A 271 floor control server acting as an offerer or as an answerer MUST 272 include these attributes in its session descriptions. 274 6. SDP 'floorid' Attribute 276 This document defines the 'floorid' SDP media-level attribute. This 277 attribute is used to provide an association between media streams and 278 floors. Its Augmented BNF syntax [2] is: 280 floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)] 282 The 'floorid' attribute is used in the SDP media description for BFCP 283 media. It defines a floor identifier and, possibly, associates it 284 with one or more media streams. The token representing the floor ID 285 is the integer representation of the Floor ID to be used in BFCP. 287 The token representing the media stream is a pointer to the media 288 stream, which is identified by an SDP label attribute [9]. 290 Endpoints that use the offer/answer model to establish BFCP 291 connections MUST support the 'floorid' and the 'label' attributes. A 292 floor control server acting as an offerer or as an answerer MUST 293 include these attributes in its session descriptions. 295 Note: In [15] 'm-stream' was erroneously used in Section 11. 296 Although the example was non-normative, it is implemented by some 297 vendors and occurs in cases where the endpoint is willing to act 298 as an server. Therefore, it is RECOMMENDED to support parsing and 299 interpreting 'm-stream' the same way as 'mstrm' when receiving. 301 7. SDP 'bfcpver' Attribute 303 This document defines the 'bfcpver' SDP media-level attribute. This 304 attribute is used for BFCP version negotiation. Its Augmented BNF 305 syntax [2] is: 307 bfcp-version-attribute = "a=bfcpver:" bfcp-version *(SP bfcp-version) 308 bfcp-version = token 310 The 'bfcpver' attribute defines the list of the versions of BFCP 311 supported by the endpoint. Tokens representing versions MUST be 312 integers matching the "Version" field that would be presented in the 313 BFCP COMMON-HEADER [8]. The version of BFCP to be used will then be 314 confirmed with a BFCP-level Hello/HelloAck. 316 Endpoints that use the offer/answer model to establish BFCP 317 connections SHOULD support the 'bfcpver' attribute. A floor control 318 server acting as an offerer or as an answerer SHOULD include this 319 attribute in its session descriptions. However, endpoints that 320 support RFC XXXX, and not only the [15] subset, are REQUIRED to 321 support and, when acting as a floor control server, to use the 322 'bfcpver' attribute. 324 If a 'bfcpver' attribute is not present, default values are inferred 325 from the transport specified in the 'm' line (Section 3). In 326 accordance with definition of the Version field in [8], when used 327 over a reliable transport the default value is "1", and when used 328 over an unreliable transport the default value is "2". 330 8. BFCP Connection Management 332 BFCP connections can use TCP or UDP as the underlying transport. 333 BFCP entities exchanging BFCP messages over UDP direct the BFCP 334 messages to the peer side connection address and port provided in the 335 SDP 'm' line. TCP connection management is more complicated and is 336 described below. 338 8.1. TCP Connection Management 340 The management of the TCP connection used to transport BFCP is 341 performed using the 'setup' and 'connection' attributes, as defined 342 in [7]. 344 The 'setup' attribute indicates which of the endpoints (client or 345 floor control server) initiates the TCP connection. The 'connection' 346 attribute handles TCP connection reestablishment. 348 The BFCP specification [8] describes a number of situations when the 349 TCP connection between a client and the floor control server needs to 350 be reestablished. However, that specification does not describe the 351 reestablishment process because this process depends on how the 352 connection was established in the first place. BFCP entities using 353 the offer/answer model follow the following rules. 355 When the existing TCP connection is closed and reestablished 356 following the rules in [8], the client MUST generate an offer towards 357 the floor control server in order to reestablish the connection. If 358 a TCP connection cannot deliver a BFCP message and times out, the 359 entity that attempted to send the message (i.e., the one that 360 detected the TCP timeout) MUST generate an offer in order to 361 reestablish the TCP connection. 363 Endpoints that use the offer/answer model to establish TCP 364 connections MUST support the 'setup' and 'connection' attributes. 366 9. Authentication 368 When a BFCP connection is established using the offer/answer model, 369 it is assumed that the offerer and the answerer authenticate each 370 other using some mechanism. TLS/DTLS is the preferred mechanism, but 371 other mechanisms are possible and outside the scope of this document. 372 Once this mutual authentication takes place, all the offerer and the 373 answerer need to ensure is that the entity they are receiving BFCP 374 messages from is the same as the one that generated the previous 375 offer or answer. 377 When SIP is used to perform an offer/answer exchange, the initial 378 mutual authentication takes place at the SIP level. Additionally, 379 SIP uses S/MIME [6] to provide an integrity-protected channel with 380 optional confidentiality for the offer/answer exchange. BFCP takes 381 advantage of this integrity-protected offer/answer exchange to 382 perform authentication. Within the offer/answer exchange, the 383 offerer and answerer exchange the fingerprints of their self-signed 384 certificates. These self-signed certificates are then used to 385 establish the TLS/DTLS connection that will carry BFCP traffic 386 between the offerer and the answerer. 388 BFCP clients and floor control servers follow the rules in [10] 389 regarding certificate choice and presentation. This implies that 390 unless a 'fingerprint' attribute is included in the session 391 description, the certificate provided at the TLS-/DTLS-level MUST 392 either be directly signed by one of the other party's trust anchors 393 or be validated using a certification path that terminates at one of 394 the other party's trust anchors [5]. Endpoints that use the offer/ 395 answer model to establish BFCP connections MUST support the 396 'fingerprint' attribute and MUST include it in their session 397 descriptions. 399 When TLS is used with TCP, once the underlying connection is 400 established, the answerer which may be the client or the floor 401 control server acts as the TLS server regardless of its role (passive 402 or active) in the TCP establishment procedure. If the TCP connection 403 is lost, the active endpoint is responsible for re-establishing the 404 TCP connection. Unless a new TLS session is negotiated, subsequent 405 SDP offers and answers will not impact the previously negotiated TLS 406 roles. 408 When DTLS is used with UDP, the requirements specified in Section 5 409 of [13] MUST be followed. 411 Informational note: How to determine which endpoint initiates the 412 TLS/DTLS association depends on the selected underlying transport. 413 It was decided to keep the original semantics in [15] for TCP to 414 retain backwards compatibility. When using UDP, the procedure 415 above was preferred since it adheres to [13] as used for DTLS- 416 SRTP, it does not overload offer/answer semantics, and it works 417 for offerless INVITE in scenarios with B2BUAs. 419 10. SDP Offer/Answer Procedures 421 This section defines the SDP offer/answer [4] procedures for 422 negotiating and establishing a BFCP connection. 424 If the 'm' line 'proto' value is 'TCP/TLS/BFCP' or 'UDP/TLS/BFCP', 425 each endpoint MUST provide a certificate fingerprint, using the SDP 426 'fingerprint' attribute [7], if the endpoint supports, and is willing 427 to use, a cipher suite with an associated certificate. 429 The authentication certificates are interpreted and validated as 430 defined in [10]. Self-signed certificates can be used securely, 431 provided that the integrity of the SDP description is assured as 432 defined in [10]. 434 Note: The procedures apply to a specific 'm' line describing a 435 BFCP connection. If an offer or answer contains multiple 'm' 436 lines describing BFCP connections, the procedures are applied 437 separately to each 'm' line. 439 10.1. Generating the Initial SDP Offer 441 When the offerer creates an initial offer, the offerer: 443 o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or 444 'UDP/TLS/BFCP', associate an SDP setup attribute, with an 445 'actpass' value, with the 'm' line; 447 o MUST, if the 'm' line proto value is 'TCP/BFCP' or 'TCP/TLS/BFCP', 448 associate an SDP 'connection' attribute, with a 'new' value, with 449 the 'm' line; and 451 In addition, if the offerer acts as the floor control server, the 452 offerer: 454 o SHOULD associate an SDP 'floorctrl' attribute defined in 455 Section 4.1, with the 'm' line; 457 o MUST associate an SDP 'confid' attribute defined in Section 5, 458 with the 'm' line; 460 o MUST associate an SDP 'userid' attribute defined in Section 5, 461 with the 'm' line; 463 o MUST associate an SDP 'floorid' attribute defined in Section 6, 464 with the 'm' line; 466 o MUST associate an SDP 'label' attribute as described in Section 6, 467 with the 'm' line; and 469 o SHOULD, if it supports only the RFC 4583 subset and MUST, if it 470 supports RFC XXXX associate an SDP 'bfcpver' attribute defined in 471 Section 7, with the 'm' line. 473 10.2. Generating the SDP Answer 475 When the answerer receives an offer, which contains an 'm' line 476 describing a BFCP connection, if the answerer accepts the 'm' line 477 it: 479 o MUST insert a corresponding 'm' line in the answer, with an 480 identical 'm' line proto value [4]; and 482 o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or 483 'UDP/TLS/BFCP', associate an SDP setup attribute, with an 'active' 484 or 'passive' value, with the 'm' line; 486 In addition, if the answerer acts as the floor control server, the 487 answerer: 489 o MUST, if the offer contains a 'floorctrl' attribute or else it 490 SHOULD associate an SDP 'floorctrl' attribute defined in 491 Section 4.1, with the 'm' line; 493 o MUST associate an SDP 'confid' attribute defined in Section 5, 494 with the 'm' line; 496 o MUST associate an SDP 'userid' attribute defined in Section 5, 497 with the 'm' line; 499 o MUST associate an SDP 'floorid' attribute defined in Section 6, 500 with the 'm' line; and 502 o MUST associate an SDP 'label' attribute as described in Section 6, 503 with the 'm' line. 505 o SHOULD, if it supports only the RFC 4583 subset and MUST, if it 506 supports RFC XXXX associate an SDP 'bfcpver' attribute defined in 507 Section 7, with the 'm' line. 509 Once the answerer has sent the answer, the answerer: 511 o MUST, if the answerer is the 'active' endpoint, and if a TCP 512 connection associated with the 'm' line is to be established (or 513 re-established), initiate the establishing of the TCP connection; 514 and 516 o MUST, if the answerer is the 'active' endpoint, and if an TLS/DTLS 517 connection associated with the 'm' line is to be established (or 518 re-established), initiate the establishing of the TLS/DTLS 519 connection (by sending a ClientHello message). 521 If the answerer does not accept the 'm' line in the offer, it MUST 522 assign a zero port value to the corresponding 'm' line in the answer. 523 In addition, the answerer MUST NOT establish a TCP connection or a 524 TLS/DTLS connection associated with the 'm' line. 526 10.3. Offerer Processing of the SDP Answer 528 When the offerer receives an answer, which contains an 'm' line with 529 a non-zero port value, describing a BFCP connection, the offerer: 531 o MUST, if the offer is the 'active' endpoint, and if a TCP 532 connection associated with the 'm' line is to be established (or 533 re-established), initiate the establishing of the TCP connection; 534 and 536 o MUST, if the offerer is the 'active' endpoint, and if an TLS/DTLS 537 connection associated with the 'm' line is to be established (or 538 re-established), initiate the establishing of the TLS/DTLS 539 connection (by sending a ClientHello message). 541 If the 'm' line in the answer contains a zero port value, the offerer 542 MUST NOT establish a TCP connection or a TLS/DTLS connection 543 associated with the 'm' line. 545 10.4. Modifying the Session 547 When an offerer sends an updated offer, in order to modify a 548 previously established BFCP connection, it follows the procedures in 549 Section 10.1, with the following exceptions: 551 o If the BFCP connection is carried on top of TCP, and unless the 552 offerer wants to re-establish an existing TCP connection, the 553 offerer MUST associate an SDP connection attribute, with an 554 'existing' value, with the 'm' line; and 556 o If the offerer wants to disable a previously established BFCP 557 connection, it MUST assign a zero port value to the 'm' line 558 associated with the BFCP connection, following the procedures in 559 [4]. 561 10.5. DTLS Role Determination 563 If the 'm' line proto value is 'UDP/TLS/BFCP', the 'active/passive' 564 status is used to determine the TLS roles. Following the procedures 565 in [10], the 'active' endpoint will take the TLS client role. 567 Once a DTLS connection has been established, if the 'active/passive' 568 status of the endpoints change during a session, a new DTLS 569 connection MUST be established. Therefore, endpoints SHOULD NOT 570 change the 'active/passive' status in subsequent offers and answers, 571 unless they want to establish a new DTLS connection. 573 The conditions above, and additional conditions under which endpoints 574 MUST establish a new DTLS connection, are the same as defined for 575 DTLS-SRTP in [13]. 577 11. Examples 579 For the purpose of brevity, the main portion of the session 580 description is omitted in the examples, which only show 'm' lines and 581 their attributes. 583 The following is an example of an offer sent by a conference server 584 to a client. 586 m=application 50000 TCP/TLS/BFCP * 587 a=setup:passive 588 a=connection:new 589 a=fingerprint:SHA-1 \ 590 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 591 a=floorctrl:s-only 592 a=confid:4321 593 a=userid:1234 594 a=floorid:1 mstrm:10 595 a=floorid:2 mstrm:11 596 a=bfcpver:1 597 m=audio 50002 RTP/AVP 0 598 a=label:10 599 m=video 50004 RTP/AVP 31 600 a=label:11 602 Note that due to RFC formatting conventions, this document splits SDP 603 across lines whose content would exceed 72 characters. A backslash 604 character marks where this line folding has taken place. This 605 backslash and its trailing CRLF and whitespace would not appear in 606 actual SDP content. 608 The following is the answer returned by the client. 610 m=application 9 TCP/TLS/BFCP * 611 a=setup:active 612 a=connection:new 613 a=fingerprint:SHA-1 \ 614 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 615 a=floorctrl:c-only 616 a=bfcpver:1 617 m=audio 55000 RTP/AVP 0 618 m=video 55002 RTP/AVP 31 619 A similar example using unreliable transport and DTLS is shown below, 620 where the offer is sent from a client. 622 m=application 50000 UDP/TLS/BFCP * 623 a=setup:actpass 624 a=dtls-connection:new 625 a=fingerprint:SHA-1 \ 626 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 627 a=floorctrl:c-only s-only 628 a=confid:4321 629 a=userid:1234 630 a=floorid:1 mstrm:10 631 a=floorid:2 mstrm:11 632 a=bfcpver:2 633 m=audio 50002 RTP/AVP 0 634 a=label:10 635 m=video 50004 RTP/AVP 31 636 a=label:11 638 The following is the answer returned by the server. 640 m=application 55000 UDP/TLS/BFCP * 641 a=setup:active 642 a=dtls-connection:new 643 a=fingerprint:SHA-1 \ 644 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 645 a=floorctrl:s-only 646 a=confid:4321 647 a=userid:1234 648 a=floorid:1 mstrm:10 649 a=floorid:2 mstrm:11 650 a=bfcpver:2 651 m=audio 55002 RTP/AVP 0 652 m=video 55004 RTP/AVP 31 654 12. Security Considerations 656 The BFCP [8], SDP [11], and offer/answer [4] specifications discuss 657 security issues related to BFCP, SDP, and offer/answer, respectively. 658 In addition, [7] and [10] discuss security issues related to the 659 establishment of TCP and TLS connections using an offer/answer model. 660 Furthermore, when using DTLS over UDP, considerations for its use 661 with RTP and RTCP are presented in [13]. The requirements for the 662 offer/answer exchange, as listed in Section 5 of [13], MUST be 663 followed. 665 An initial integrity-protected channel is REQUIRED for BFCP to 666 exchange self-signed certificates between a client and the floor 667 control server. For session descriptions carried in SIP [3], S/MIME 668 [6] is the natural choice to provide such a channel. 670 13. IANA Considerations 672 [Editorial note: The changes in Section 13.1 instruct the IANA to 673 register the two new values UDP/BFCP and UDP/TLS/BFCP for the SDP 674 'proto' field. The new section Section 13.6 registers a new SDP 675 "bfcpver" attribute. The rest is unchanged from [14].] 677 13.1. Registration of SDP 'proto' Values 679 The IANA has registered the following values for the SDP 'proto' 680 field under the Session Description Protocol (SDP) Parameters 681 registry: 683 +--------------+------------+ 684 | Value | Reference | 685 +--------------+------------+ 686 | TCP/BFCP | [RFC XXXX] | 687 | TCP/TLS/BFCP | [RFC XXXX] | 688 | UDP/BFCP | [RFC XXXX] | 689 | UDP/TLS/BFCP | [RFC XXXX] | 690 +--------------+------------+ 692 Table 2: Values for the SDP 'proto' field 694 13.2. Registration of the SDP 'floorctrl' Attribute 696 The IANA has registered the following SDP att-field under the Session 697 Description Protocol (SDP) Parameters registry: 699 Contact name: Gonzalo.Camarillo@ericsson.com 701 Attribute name: floorctrl 703 Long-form attribute name: Floor Control 705 Type of attribute: Media level 707 Subject to charset: No 709 Purpose of attribute: The 'floorctrl' attribute is used to 710 perform floor control server determination. 712 Allowed attribute values: 1*("c-only" / "s-only" / "c-s") 714 13.3. Registration of the SDP 'confid' Attribute 716 The IANA has registered the following SDP att-field under the Session 717 Description Protocol (SDP) Parameters registry: 719 Contact name: Gonzalo.Camarillo@ericsson.com 721 Attribute name: confid 723 Long-form attribute name: Conference Identifier 725 Type of attribute: Media level 727 Subject to charset: No 729 Purpose of attribute: The 'confid' attribute carries the 730 integer representation of a Conference ID. 732 Allowed attribute values: A token 734 13.4. Registration of the SDP 'userid' Attribute 736 The IANA has registered the following SDP att-field under the Session 737 Description Protocol (SDP) Parameters registry: 739 Contact name: Gonzalo.Camarillo@ericsson.com 741 Attribute name: userid 743 Long-form attribute name: User Identifier 745 Type of attribute: Media level 747 Subject to charset: No 749 Purpose of attribute: The 'userid' attribute carries the 750 integer representation of a User ID. 752 Allowed attribute values: A token 754 13.5. Registration of the SDP 'floorid' Attribute 756 The IANA has registered the following SDP att-field under the Session 757 Description Protocol (SDP) Parameters registry: 759 Contact name: Gonzalo.Camarillo@ericsson.com 761 Attribute name: floorid 762 Long-form attribute name: Floor Identifier 764 Type of attribute: Media level 766 Subject to charset: No 768 Purpose of attribute: The 'floorid' attribute associates a 769 floor with one or more media streams. 771 Allowed attribute values: Tokens 773 13.6. Registration of the SDP 'bfcpver' Attribute 775 The IANA has registered the following SDP att-field under the Session 776 Description Protocol (SDP) Parameters registry: 778 Contact name: Gonzalo.Camarillo@ericsson.com 780 Attribute name: bfcpver 782 Long-form attribute name: BFCP Version 784 Type of attribute: Media level 786 Subject to charset: No 788 Purpose of attribute: The 'bfcpver' attribute lists supported 789 BFCP versions. 791 Allowed attribute values: Tokens 793 14. Changes from RFC 4583 795 Following is the list of technical changes and other fixes from [15]. 797 Main purpose of this work was to add signaling support necessary to 798 support BFCP over unreliable transport, as described in [8], 799 resulting in the following changes: 801 1. Fields in the 'm' line (Section 3): 802 The section is re-written to remove reference to the exclusivity 803 of TCP as a transport for BFCP streams. The proto field values 804 UDP/BFCP and UDP/TLS/BFCP added. 806 2. Authentication (Section 9): 807 In last paragraph, made clear that a TCP connection was 808 described. 810 3. Security Considerations (Section 12): 811 For the DTLS over UDP case, mention existing considerations and 812 requirements for the offer/answer exchange in [13]. 814 4. Registration of SDP 'proto' Values (Section 13.1): 815 Register the two new values UDP/BFCP and UDP/TLS/BFCP in the SDP 816 parameters registry. 818 5. BFCP Version Negotiation (Section 7): 819 A new 'bfcpver' SDP media-level attribute is added in order to 820 signal supported version number. 822 Clarification and bug fixes: 824 1. Errata ID: 712 (Section 4 and Section 6): 825 Language clarification. Don't use terms like an SDP attribute is 826 "used in an 'm' line", instead make clear that the attribute is a 827 media-level attribute. 829 2. Fix typo in example (Section 11): 830 Do not use 'm-stream' in the SDP example, use the correct 'mstrm' 831 as specified in Section 11. Recommend interpreting 'm-stream' if 832 it is received, since it is present in some implementations. 834 3. Assorted clarifications (Across the document): 835 Language clarifications as a result of reviews. Also, the 836 normative language where tightened where appropriate, i.e. 837 changed from SHOULD strength to MUST in a number of places. 839 15. Acknowledgements 841 Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and 842 Oscar Novo provided useful ideas for the original [15]. The authors 843 also acknowledge contributions to the revision of BFCP for use over 844 an unreliable transport from Geir Arne Sandbakken, Charles Eckel, 845 Alan Ford, Eoin McLeod and Mark Thompson. Useful and important final 846 reviews were done by Ali C. Begen, Mary Barnes and Charles Eckel. 848 16. Normative References 850 [1] Bradner, S., "Key words for use in RFCs to Indicate 851 Requirement Levels", BCP 14, RFC 2119, 852 DOI 10.17487/RFC2119, March 1997, 853 . 855 [2] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 856 Specifications: ABNF", STD 68, RFC 5234, 857 DOI 10.17487/RFC5234, January 2008, 858 . 860 [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 861 A., Peterson, J., Sparks, R., Handley, M., and E. 862 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 863 DOI 10.17487/RFC3261, June 2002, 864 . 866 [4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 867 with Session Description Protocol (SDP)", RFC 3264, 868 DOI 10.17487/RFC3264, June 2002, 869 . 871 [5] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 872 Housley, R., and W. Polk, "Internet X.509 Public Key 873 Infrastructure Certificate and Certificate Revocation List 874 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 875 . 877 [6] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 878 Mail Extensions (S/MIME) Version 3.2 Certificate 879 Handling", RFC 5750, DOI 10.17487/RFC5750, January 2010, 880 . 882 [7] Yon, D. and G. Camarillo, "TCP-Based Media Transport in 883 the Session Description Protocol (SDP)", RFC 4145, 884 DOI 10.17487/RFC4145, September 2005, 885 . 887 [8] Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C. 888 Eckel, "The Binary Floor Control Protocol (BFCP)", draft- 889 ietf-bfcpbis-rfc4582bis-16 (work in progress), November 890 2015. 892 [9] Levin, O. and G. Camarillo, "The Session Description 893 Protocol (SDP) Label Attribute", RFC 4574, 894 DOI 10.17487/RFC4574, August 2006, 895 . 897 [10] Lennox, J., "Connection-Oriented Media Transport over the 898 Transport Layer Security (TLS) Protocol in the Session 899 Description Protocol (SDP)", RFC 4572, 900 DOI 10.17487/RFC4572, July 2006, 901 . 903 [11] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 904 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 905 July 2006, . 907 [12] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 908 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 909 January 2012, . 911 [13] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework 912 for Establishing a Secure Real-time Transport Protocol 913 (SRTP) Security Context Using Datagram Transport Layer 914 Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 915 2010, . 917 [14] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor 918 Control Protocol (BFCP)", RFC 4582, DOI 10.17487/RFC4582, 919 November 2006, . 921 [15] Camarillo, G., "Session Description Protocol (SDP) Format 922 for Binary Floor Control Protocol (BFCP) Streams", 923 RFC 4583, DOI 10.17487/RFC4583, November 2006, 924 . 926 Authors' Addresses 928 Gonzalo Camarillo 929 Ericsson 930 Hirsalantie 11 931 FI-02420 Jorvas 932 Finland 934 Email: Gonzalo.Camarillo@ericsson.com 936 Tom Kristensen 937 Cisco 938 Philip Pedersens vei 1 939 NO-1366 Lysaker 940 Norway 942 Email: tomkrist@cisco.com, tomkri@ifi.uio.no 943 Paul E. Jones 944 Cisco 945 7025 Kit Creek Rd. 946 Research Triangle Park, NC 27709 947 USA 949 Email: paulej@packetizer.com