idnits 2.17.1 draft-ietf-bfcpbis-rfc4583bis-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 22, 2016) is 2772 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC XXXX' on line 712 ** Obsolete normative reference: RFC 5750 (ref. '6') (Obsoleted by RFC 8550) ** Obsolete normative reference: RFC 4572 (ref. '10') (Obsoleted by RFC 8122) ** Obsolete normative reference: RFC 4566 (ref. '11') (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 6347 (ref. '12') (Obsoleted by RFC 9147) ** Obsolete normative reference: RFC 4582 (ref. '14') (Obsoleted by RFC 8855) ** Obsolete normative reference: RFC 4583 (ref. '15') (Obsoleted by RFC 8856) == Outdated reference: A later version (-54) exists of draft-ietf-mmusic-sdp-bundle-negotiation-32 == Outdated reference: A later version (-19) exists of draft-ietf-mmusic-sdp-mux-attributes-13 Summary: 6 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BFCPbis Working Group G. Camarillo 3 Internet-Draft Ericsson 4 Obsoletes: 4583 (if approved) T. Kristensen 5 Intended status: Standards Track P. Jones 6 Expires: March 25, 2017 Cisco 7 September 22, 2016 9 Session Description Protocol (SDP) Format for Binary Floor Control 10 Protocol (BFCP) Streams 11 draft-ietf-bfcpbis-rfc4583bis-16 13 Abstract 15 This document specifies how to describe Binary Floor Control Protocol 16 (BFCP) streams in Session Description Protocol (SDP) descriptions. 17 User agents using the offer/answer model to establish BFCP streams 18 use this format in their offers and answers. 20 This document obsoletes RFC 4583. Changes from RFC 4583 are 21 summarized in Section 14. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on March 25, 2017. 40 Copyright Notice 42 Copyright (c) 2016 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Fields in the 'm' Line . . . . . . . . . . . . . . . . . . . 3 60 4. Floor Control Server Determination . . . . . . . . . . . . . 4 61 4.1. SDP 'floorctrl' Attribute . . . . . . . . . . . . . . . . 4 62 5. SDP 'confid' and 'userid' Attributes . . . . . . . . . . . . 6 63 6. SDP 'floorid' Attribute . . . . . . . . . . . . . . . . . . . 6 64 7. SDP 'bfcpver' Attribute . . . . . . . . . . . . . . . . . . . 7 65 8. BFCP Connection Management . . . . . . . . . . . . . . . . . 7 66 8.1. TCP Connection Management . . . . . . . . . . . . . . . . 8 67 9. Authentication . . . . . . . . . . . . . . . . . . . . . . . 8 68 10. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 9 69 10.1. Generating the Initial SDP Offer . . . . . . . . . . . . 10 70 10.2. Generating the SDP Answer . . . . . . . . . . . . . . . 11 71 10.3. Offerer Processing of the SDP Answer . . . . . . . . . . 12 72 10.4. Modifying the Session . . . . . . . . . . . . . . . . . 12 73 10.5. DTLS Role Determination . . . . . . . . . . . . . . . . 13 74 11. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 12. Security Considerations . . . . . . . . . . . . . . . . . . . 15 76 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 77 13.1. Registration of SDP 'proto' Values . . . . . . . . . . . 15 78 13.2. Registration of the SDP 'floorctrl' Attribute . . . . . 16 79 13.3. Registration of the SDP 'confid' Attribute . . . . . . . 16 80 13.4. Registration of the SDP 'userid' Attribute . . . . . . . 17 81 13.5. Registration of the SDP 'floorid' Attribute . . . . . . 17 82 13.6. Registration of the SDP 'bfcpver' Attribute . . . . . . 17 83 14. Changes from RFC 4583 . . . . . . . . . . . . . . . . . . . . 18 84 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 85 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 86 16.1. Normative References . . . . . . . . . . . . . . . . . . 19 87 16.2. Informational References . . . . . . . . . . . . . . . . 21 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 90 1. Introduction 92 As discussed in the BFCP (Binary Floor Control Protocol) 93 specification [8], a given BFCP client needs a set of data in order 94 to establish a BFCP connection to a floor control server. This data 95 includes the transport address of the server, the conference 96 identifier, and the user identifier. 98 One way for clients to obtain this information is to use an SDP 99 offer/answer [4] exchange. This document specifies how to encode 100 this information in the SDP session descriptions that are part of 101 such an offer/answer exchange. 103 User agents typically use the offer/answer model to establish a 104 number of media streams of different types. Following this model, a 105 BFCP connection is described as any other media stream by using an 106 SDP 'm' line, possibly followed by a number of attributes encoded in 107 'a' lines. 109 2. Terminology 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 113 "OPTIONAL" in this document are to be interpreted as described in BCP 114 14, RFC 2119 [1] and indicate requirement levels for compliant 115 implementations. 117 3. Fields in the 'm' Line 119 This section describes how to generate an 'm' line for a BFCP stream. 121 According to the SDP specification [11], the 'm' line format is the 122 following: 124 m= ... 126 The media field MUST have a value of "application". 128 The port field is set depending on the value of the proto field, as 129 explained below. A port field value of zero has the standard SDP 130 meaning (i.e., rejection of the media stream) regardless of the proto 131 field. 133 When TCP is used as the transport, the port field is set following 134 the rules in [7]. Depending on the value of the 'setup' attribute 135 (discussed in Section 8.1), the port field contains the port to 136 which the remote endpoint will direct BFCP messages or is 137 irrelevant (i.e., the endpoint will initiate the connection 138 towards the remote endpoint) and should be set to a value of 9, 139 which is the discard port. 141 When UDP is used as the transport, the port field contains the 142 port to which the remote endpoint will direct BFCP messages 143 regardless of the value of the 'setup' attribute. 145 This document defines four values for the proto field: TCP/BFCP, 146 TCP/TLS/BFCP, UDP/BFCP, and UDP/TLS/BFCP. TCP/BFCP is used when BFCP 147 runs directly on top of TCP, TCP/TLS/BFCP is used when BFCP runs on 148 top of TLS, which in turn runs on top of TCP. Similarly, UDP/BFCP is 149 used when BFCP runs directly on top of UDP, and UDP/TLS/BFCP is used 150 when BFCP runs on top of DTLS [12], which in turn runs on top of UDP. 152 The fmt (format) list is not applicable to BFCP. The fmt list of 'm' 153 lines in the case of any proto field value related to BFCP SHOULD 154 contain a single "*" character. If the the fmt list contains any 155 other value it is ignored. 157 The following is an example of an 'm' line for a BFCP connection: 159 m=application 50000 TCP/TLS/BFCP * 161 4. Floor Control Server Determination 163 When two endpoints establish a BFCP stream, they need to determine 164 which of them acts as a floor control server. In the most common 165 scenario, a client establishes a BFCP stream with a conference server 166 that acts as the floor control server. Floor control server 167 determination is straight forward because one endpoint can only act 168 as a client and the other can only act as a floor control server. 170 However, there are scenarios where both endpoints could act as a 171 floor control server. For example, in a two-party session that 172 involves an audio stream and a shared whiteboard, the endpoints need 173 to decide which party will be acting as the floor control server. 175 Furthermore, there are situations where both the offerer and the 176 answerer act as both clients and floor control servers in the same 177 session. For example, in a two-party session that involves an audio 178 stream and a shared whiteboard, one party acts as the floor control 179 server for the audio stream and the other acts as the floor control 180 server for the shared whiteboard. 182 4.1. SDP 'floorctrl' Attribute 184 This document defines the 'floorctrl' SDP media-level attribute to 185 perform floor control server determination. Its Augmented BNF syntax 186 [2] is: 188 floor-control-attribute = "a=floorctrl:" role *(SP role) 189 role = "c-only" / "s-only" / "c-s" 191 The offerer includes this attribute to state all the roles it would 192 be willing to perform: 194 c-only: The offerer would be willing to act as a floor control 195 client only. 197 s-only: The offerer would be willing to act as a floor control 198 server only. 200 c-s: The offerer would be willing to act both as a floor control 201 client and as a floor control server. 203 If an SDP media description in an offer contains a 'floorctrl' 204 attribute, the answerer accepting that media MUST include a 205 'floorctrl' attribute in the corresponding media description of the 206 answer. The answerer includes this attribute to state which role the 207 answerer will perform. That is, the answerer chooses one of the 208 roles the offerer is willing to perform and generates an answer with 209 the corresponding role for the answerer. Table 1 shows the 210 corresponding roles for an answerer, depending on the offerer's role. 212 +---------+----------+ 213 | Offerer | Answerer | 214 +---------+----------+ 215 | c-only | s-only | 216 | s-only | c-only | 217 | c-s | c-s | 218 +---------+----------+ 220 Table 1: Roles 222 The following are the descriptions of the roles when they are chosen 223 by an answerer: 225 c-only: The answerer will act as a floor control client. 226 Consequently, the offerer will act as a floor control server. 228 s-only: The answerer will act as a floor control server. 229 Consequently, the offerer will act as a floor control client. 231 c-s: The answerer will act both as a floor control client and as a 232 floor control server. Consequently, the offerer will also act 233 both as a floor control client and as a floor control server. 235 Endpoints that use the offer/answer model to establish BFCP 236 connections MUST support the 'floorctrl' attribute. A floor control 237 server acting as an offerer or as an answerer SHOULD include this 238 attribute in its session descriptions. 240 If the 'floorctrl' attribute is not used in an offer/answer exchange, 241 by default the offerer and the answerer will act as a floor control 242 client and as a floor control server, respectively. 244 The following is an example of a 'floorctrl' attribute in an offer. 245 When this attribute appears in an answer, it only carries one role: 247 a=floorctrl:c-only s-only c-s 249 5. SDP 'confid' and 'userid' Attributes 251 This document defines the 'confid' and the 'userid' SDP media-level 252 attributes. These attributes are used by a floor control server to 253 provide a client with a conference ID and a user ID, respectively. 254 Their Augmented BNF syntax [2] is: 256 confid-attribute = "a=confid:" conference-id 257 conference-id = token 258 userid-attribute = "a=userid:" user-id 259 user-id = token 261 token-char = %x21 / %x23-27 / %x2A-2B / %x2D-2E / %x30-39 262 / %x41-5A / %x5E-7E 263 token = 1*(token-char) 265 The 'confid' and the 'userid' attributes carry the decimal integer 266 representation of a conference ID and a user ID, respectively. 268 The token-char and token elements are defined in [11] but included 269 here to provide support for the implementor of this SDP feature. 271 Endpoints that use the offer/answer model to establish BFCP 272 connections MUST support the 'confid' and the 'userid' attributes. A 273 floor control server acting as an offerer or as an answerer MUST 274 include these attributes in its session descriptions. 276 6. SDP 'floorid' Attribute 278 This document defines the 'floorid' SDP media-level attribute. This 279 attribute is used to provide an association between media streams and 280 floors. Its Augmented BNF syntax [2] is: 282 floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)] 284 The 'floorid' attribute is used in the SDP media description for BFCP 285 media. It defines a floor identifier and, possibly, associates it 286 with one or more media streams. The token representing the floor ID 287 is the integer representation of the Floor ID to be used in BFCP. 289 The token representing the media stream is a pointer to the media 290 stream, which is identified by an SDP label attribute [9]. 292 Endpoints that use the offer/answer model to establish BFCP 293 connections MUST support the 'floorid' and the 'label' attributes. A 294 floor control server acting as an offerer or as an answerer MUST 295 include these attributes in its session descriptions. 297 Note: In [15] 'm-stream' was erroneously used in Section 11. 298 Although the example was non-normative, it is implemented by some 299 vendors and occurs in cases where the endpoint is willing to act 300 as an server. Therefore, it is RECOMMENDED to support parsing and 301 interpreting 'm-stream' the same way as 'mstrm' when receiving. 303 7. SDP 'bfcpver' Attribute 305 This document defines the 'bfcpver' SDP media-level attribute. This 306 attribute is used for BFCP version negotiation. Its Augmented BNF 307 syntax [2] is: 309 bfcp-version-attribute = "a=bfcpver:" bfcp-version *(SP bfcp-version) 310 bfcp-version = token 312 The 'bfcpver' attribute defines the list of the versions of BFCP 313 supported by the endpoint. Tokens representing versions MUST be 314 integers matching the "Version" field that would be presented in the 315 BFCP COMMON-HEADER [8]. The version of BFCP to be used will then be 316 confirmed with a BFCP-level Hello/HelloAck. 318 Endpoints that use the offer/answer model to establish BFCP 319 connections SHOULD support the 'bfcpver' attribute. A floor control 320 server acting as an offerer or as an answerer SHOULD include this 321 attribute in its session descriptions. However, endpoints that 322 support RFC XXXX, and not only the [15] subset, are REQUIRED to 323 support and, when acting as a floor control server, to use the 324 'bfcpver' attribute. 326 If a 'bfcpver' attribute is not present, default values are inferred 327 from the transport specified in the 'm' line (Section 3). In 328 accordance with definition of the Version field in [8], when used 329 over a reliable transport the default value is "1", and when used 330 over an unreliable transport the default value is "2". 332 8. BFCP Connection Management 334 BFCP connections can use TCP or UDP as the underlying transport. 335 BFCP entities exchanging BFCP messages over UDP direct the BFCP 336 messages to the peer side connection address and port provided in the 337 SDP 'm' line. TCP connection management is more complicated and is 338 described below. 340 8.1. TCP Connection Management 342 The management of the TCP connection used to transport BFCP is 343 performed using the 'setup' and 'connection' attributes, as defined 344 in [7]. 346 The 'setup' attribute indicates which of the endpoints (client or 347 floor control server) initiates the TCP connection. The 'connection' 348 attribute handles TCP connection reestablishment. 350 The BFCP specification [8] describes a number of situations when the 351 TCP connection between a client and the floor control server needs to 352 be reestablished. However, that specification does not describe the 353 reestablishment process because this process depends on how the 354 connection was established in the first place. BFCP entities using 355 the offer/answer model follow the following rules. 357 When the existing TCP connection is closed and reestablished 358 following the rules in [8], the client MUST generate an offer towards 359 the floor control server in order to reestablish the connection. If 360 a TCP connection cannot deliver a BFCP message and times out, the 361 entity that attempted to send the message (i.e., the one that 362 detected the TCP timeout) MUST generate an offer in order to 363 reestablish the TCP connection. 365 Endpoints that use the offer/answer model to establish TCP 366 connections MUST support the 'setup' and 'connection' attributes. 368 9. Authentication 370 When a BFCP connection is established using the offer/answer model, 371 it is assumed that the offerer and the answerer authenticate each 372 other using some mechanism. TLS/DTLS is the preferred mechanism, but 373 other mechanisms are possible and outside the scope of this document. 374 Once this mutual authentication takes place, all the offerer and the 375 answerer need to ensure is that the entity they are receiving BFCP 376 messages from is the same as the one that generated the previous 377 offer or answer. 379 When SDP is used to perform an offer/answer exchange, the initial 380 mutual authentication takes place at the SIP level. Additionally, 381 SIP uses S/MIME [6] to provide an integrity-protected channel with 382 optional confidentiality for the offer/answer exchange. BFCP takes 383 advantage of this integrity-protected offer/answer exchange to 384 perform authentication. Within the offer/answer exchange, the 385 offerer and answerer exchange the fingerprints of their self-signed 386 certificates. These self-signed certificates are then used to 387 establish the TLS/DTLS connection that will carry BFCP traffic 388 between the offerer and the answerer. 390 BFCP clients and floor control servers follow the rules in [10] 391 regarding certificate choice and presentation. This implies that 392 unless a 'fingerprint' attribute is included in the session 393 description, the certificate provided at the TLS-/DTLS-level MUST 394 either be directly signed by one of the other party's trust anchors 395 or be validated using a certification path that terminates at one of 396 the other party's trust anchors [5]. Endpoints that use the offer/ 397 answer model to establish BFCP connections MUST support the 398 'fingerprint' attribute and MUST include it in their session 399 descriptions. 401 When TLS is used with TCP, once the underlying connection is 402 established, the answerer which may be the client or the floor 403 control server acts as the TLS server regardless of its role (passive 404 or active) in the TCP establishment procedure. If the TCP connection 405 is lost, the active endpoint is responsible for re-establishing the 406 TCP connection. Unless a new TLS session is negotiated, subsequent 407 SDP offers and answers will not impact the previously negotiated TLS 408 roles. 410 When DTLS is used with UDP, the requirements specified in Section 5 411 of [13] MUST be followed. 413 Informational note: How to determine which endpoint initiates the 414 TLS/DTLS association depends on the selected underlying transport. 415 It was decided to keep the original semantics in [15] for TCP to 416 retain backwards compatibility. When using UDP, the procedure 417 above was preferred since it adheres to [13] as used for DTLS- 418 SRTP, it does not overload offer/answer semantics, and it works 419 for offerless INVITE in scenarios with B2BUAs. 421 10. SDP Offer/Answer Procedures 423 This section defines the SDP offer/answer [4] procedures for 424 negotiating and establishing a BFCP connection. The generic 425 procedures for DTLS are defined in [13], the specific BFCP parts are 426 specified here. 428 If the 'm' line 'proto' value is 'TCP/TLS/BFCP' or 'UDP/TLS/BFCP', 429 each endpoint MUST provide a certificate fingerprint, using the SDP 430 'fingerprint' attribute [7], if the endpoint supports, and is willing 431 to use, a cipher suite with an associated certificate. 433 The authentication certificates are interpreted and validated as 434 defined in [10]. Self-signed certificates can be used securely, 435 provided that the integrity of the SDP description is assured as 436 defined in [10]. 438 Note: The procedures apply to a specific 'm' line describing a 439 BFCP connection. If an offer or answer contains multiple 'm' 440 lines describing BFCP connections, the procedures are applied 441 separately to each 'm' line. 443 Informational note: The use of source-specific parameters in SDP, 444 as defined in [16], is not applicable to BFCP. 446 Multiplexing of BFCP 'm' lines, as defined in BUNDLE [17], is not 447 defined by this specification and MUST NOT be included in a BUNDLE 448 group. An analysis of the SDP attributes defined in [15], with 449 regards to multiplexing of 'm' lines, is presented in Section 5.27 of 450 [18]. The analysis for the 'bfcpver' SDP attribute, defined in this 451 document is provided in Table 2. 453 +---------+------------------------+-------+--------------+ 454 | Name | Notes | Level | Mux Category | 455 +---------+------------------------+-------+--------------+ 456 | bfcpver | Needs further analysis | M | TBD | 457 +---------+------------------------+-------+--------------+ 459 Table 2: Multiplexing Attribute Analysis 461 10.1. Generating the Initial SDP Offer 463 When the offerer creates an initial offer, the offerer: 465 o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or 466 'UDP/TLS/BFCP', associate an SDP setup attribute, with an 467 'actpass' value, with the 'm' line; 469 o MUST, if the 'm' line proto value is 'TCP/BFCP' or 'TCP/TLS/BFCP', 470 associate an SDP 'connection' attribute, with a 'new' value, with 471 the 'm' line; and 473 In addition, if the offerer acts as the floor control server, the 474 offerer: 476 o SHOULD associate an SDP 'floorctrl' attribute defined in 477 Section 4.1, with the 'm' line; 479 o MUST associate an SDP 'confid' attribute defined in Section 5, 480 with the 'm' line; 482 o MUST associate an SDP 'userid' attribute defined in Section 5, 483 with the 'm' line; 485 o MUST associate an SDP 'floorid' attribute defined in Section 6, 486 with the 'm' line; 488 o MUST associate an SDP 'label' attribute as described in Section 6, 489 with the 'm' line; and 491 o SHOULD, if it supports only the RFC 4583 subset and MUST, if it 492 supports RFC XXXX associate an SDP 'bfcpver' attribute defined in 493 Section 7, with the 'm' line. 495 10.2. Generating the SDP Answer 497 When the answerer receives an offer, which contains an 'm' line 498 describing a BFCP connection, if the answerer accepts the 'm' line 499 it: 501 o MUST insert a corresponding 'm' line in the answer, with an 502 identical 'm' line proto value [4]; and 504 o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or 505 'UDP/TLS/BFCP', associate an SDP setup attribute, with an 'active' 506 or 'passive' value, with the 'm' line; 508 In addition, if the answerer acts as the floor control server, the 509 answerer: 511 o MUST, if the offer contains a 'floorctrl' attribute or else it 512 SHOULD associate an SDP 'floorctrl' attribute defined in 513 Section 4.1, with the 'm' line; 515 o MUST associate an SDP 'confid' attribute defined in Section 5, 516 with the 'm' line; 518 o MUST associate an SDP 'userid' attribute defined in Section 5, 519 with the 'm' line; 521 o MUST associate an SDP 'floorid' attribute defined in Section 6, 522 with the 'm' line; and 524 o MUST associate an SDP 'label' attribute as described in Section 6, 525 with the 'm' line. 527 o SHOULD, if it supports only the RFC 4583 subset and MUST, if it 528 supports RFC XXXX associate an SDP 'bfcpver' attribute defined in 529 Section 7, with the 'm' line. 531 Once the answerer has sent the answer, the answerer: 533 o MUST, if the answerer is the 'active' endpoint, and if a TCP 534 connection associated with the 'm' line is to be established (or 535 re-established), initiate the establishing of the TCP connection; 536 and 538 o MUST, if the answerer is the 'active' endpoint, and if an TLS/DTLS 539 connection associated with the 'm' line is to be established (or 540 re-established), initiate the establishing of the TLS/DTLS 541 connection (by sending a ClientHello message). 543 If the answerer does not accept the 'm' line in the offer, it MUST 544 assign a zero port value to the corresponding 'm' line in the answer. 545 In addition, the answerer MUST NOT establish a TCP connection or a 546 TLS/DTLS connection associated with the 'm' line. 548 10.3. Offerer Processing of the SDP Answer 550 When the offerer receives an answer, which contains an 'm' line with 551 a non-zero port value, describing a BFCP connection, the offerer: 553 o MUST, if the offer is the 'active' endpoint, and if a TCP 554 connection associated with the 'm' line is to be established (or 555 re-established), initiate the establishing of the TCP connection; 556 and 558 o MUST, if the offerer is the 'active' endpoint, and if an TLS/DTLS 559 connection associated with the 'm' line is to be established (or 560 re-established), initiate the establishing of the TLS/DTLS 561 connection (by sending a ClientHello message). 563 If the 'm' line in the answer contains a zero port value, the offerer 564 MUST NOT establish a TCP connection or a TLS/DTLS connection 565 associated with the 'm' line. 567 10.4. Modifying the Session 569 When an offerer sends an updated offer, in order to modify a 570 previously established BFCP connection, it follows the procedures in 571 Section 10.1, with the following exceptions: 573 o If the BFCP connection is carried on top of TCP, and unless the 574 offerer wants to re-establish an existing TCP connection, the 575 offerer MUST associate an SDP connection attribute, with an 576 'existing' value, with the 'm' line; and 578 o If the offerer wants to disable a previously established BFCP 579 connection, it MUST assign a zero port value to the 'm' line 580 associated with the BFCP connection, following the procedures in 581 [4]. 583 10.5. DTLS Role Determination 585 If the 'm' line proto value is 'UDP/TLS/BFCP', the 'active/passive' 586 status is used to determine the TLS roles. Following the procedures 587 in [10], the 'active' endpoint will take the TLS client role. 589 Once a DTLS connection has been established, if the 'active/passive' 590 status of the endpoints change during a session, a new DTLS 591 connection MUST be established. Therefore, endpoints SHOULD NOT 592 change the 'active/passive' status in subsequent offers and answers, 593 unless they want to establish a new DTLS connection. 595 The conditions above, and additional conditions under which endpoints 596 MUST establish a new DTLS connection, are the same as defined for 597 DTLS-SRTP in [13]. 599 11. Examples 601 For the purpose of brevity, the main portion of the session 602 description is omitted in the examples, which only show 'm' lines and 603 their attributes. 605 The following is an example of an offer sent by a conference server 606 to a client. 608 m=application 50000 TCP/TLS/BFCP * 609 a=setup:passive 610 a=connection:new 611 a=fingerprint:SHA-1 \ 612 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 613 a=floorctrl:s-only 614 a=confid:4321 615 a=userid:1234 616 a=floorid:1 mstrm:10 617 a=floorid:2 mstrm:11 618 a=bfcpver:1 619 m=audio 50002 RTP/AVP 0 620 a=label:10 621 m=video 50004 RTP/AVP 31 622 a=label:11 624 Note that due to RFC formatting conventions, this document splits SDP 625 across lines whose content would exceed 72 characters. A backslash 626 character marks where this line folding has taken place. This 627 backslash and its trailing CRLF and whitespace would not appear in 628 actual SDP content. 630 The following is the answer returned by the client. 632 m=application 9 TCP/TLS/BFCP * 633 a=setup:active 634 a=connection:new 635 a=fingerprint:SHA-1 \ 636 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 637 a=floorctrl:c-only 638 a=bfcpver:1 639 m=audio 55000 RTP/AVP 0 640 m=video 55002 RTP/AVP 31 642 A similar example using unreliable transport and DTLS is shown below, 643 where the offer is sent from a client. 645 m=application 50000 UDP/TLS/BFCP * 646 a=setup:actpass 647 a=dtls-id:abc3dl 648 a=fingerprint:SHA-1 \ 649 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 650 a=floorctrl:c-only s-only 651 a=confid:4321 652 a=userid:1234 653 a=floorid:1 mstrm:10 654 a=floorid:2 mstrm:11 655 a=bfcpver:2 656 m=audio 50002 RTP/AVP 0 657 a=label:10 658 m=video 50004 RTP/AVP 31 659 a=label:11 661 The following is the answer returned by the server. 663 m=application 55000 UDP/TLS/BFCP * 664 a=setup:active 665 a=dtls-id:abc3dl 666 a=fingerprint:SHA-1 \ 667 3D:B4:7B:E3:CC:FC:0D:1B:5D:31:33:9E:48:9B:67:FE:68:40:E8:21 668 a=floorctrl:s-only 669 a=confid:4321 670 a=userid:1234 671 a=floorid:1 mstrm:10 672 a=floorid:2 mstrm:11 673 a=bfcpver:2 674 m=audio 55002 RTP/AVP 0 675 m=video 55004 RTP/AVP 31 677 12. Security Considerations 679 The BFCP [8], SDP [11], and offer/answer [4] specifications discuss 680 security issues related to BFCP, SDP, and offer/answer, respectively. 681 In addition, [7] and [10] discuss security issues related to the 682 establishment of TCP and TLS connections using an offer/answer model. 683 Furthermore, when using DTLS over UDP, considerations for its use 684 with RTP and RTCP are presented in [13]. The requirements for the 685 offer/answer exchange, as listed in Section 5 of [13], MUST be 686 followed. 688 An initial integrity-protected channel is REQUIRED for BFCP to 689 exchange self-signed certificates between a client and the floor 690 control server. For session descriptions carried in SIP [3], S/MIME 691 [6] is the natural choice to provide such a channel. 693 13. IANA Considerations 695 [Editorial note: The changes in Section 13.1 instruct the IANA to 696 register the two new values UDP/BFCP and UDP/TLS/BFCP for the SDP 697 'proto' field. The new section Section 13.6 registers a new SDP 698 "bfcpver" attribute. The rest is unchanged from [14].] 700 13.1. Registration of SDP 'proto' Values 702 The IANA has registered the following values for the SDP 'proto' 703 field under the Session Description Protocol (SDP) Parameters 704 registry: 706 +--------------+------------+ 707 | Value | Reference | 708 +--------------+------------+ 709 | TCP/BFCP | [RFC XXXX] | 710 | TCP/TLS/BFCP | [RFC XXXX] | 711 | UDP/BFCP | [RFC XXXX] | 712 | UDP/TLS/BFCP | [RFC XXXX] | 713 +--------------+------------+ 715 Table 3: Values for the SDP 'proto' field 717 13.2. Registration of the SDP 'floorctrl' Attribute 719 The IANA has registered the following SDP att-field under the Session 720 Description Protocol (SDP) Parameters registry: 722 Contact name: Gonzalo.Camarillo@ericsson.com 724 Attribute name: floorctrl 726 Long-form attribute name: Floor Control 728 Type of attribute: Media level 730 Subject to charset: No 732 Purpose of attribute: The 'floorctrl' attribute is used to 733 perform floor control server determination. 735 Allowed attribute values: 1*("c-only" / "s-only" / "c-s") 737 13.3. Registration of the SDP 'confid' Attribute 739 The IANA has registered the following SDP att-field under the Session 740 Description Protocol (SDP) Parameters registry: 742 Contact name: Gonzalo.Camarillo@ericsson.com 744 Attribute name: confid 746 Long-form attribute name: Conference Identifier 748 Type of attribute: Media level 750 Subject to charset: No 752 Purpose of attribute: The 'confid' attribute carries the 753 integer representation of a Conference ID. 755 Allowed attribute values: A token 757 13.4. Registration of the SDP 'userid' Attribute 759 The IANA has registered the following SDP att-field under the Session 760 Description Protocol (SDP) Parameters registry: 762 Contact name: Gonzalo.Camarillo@ericsson.com 764 Attribute name: userid 766 Long-form attribute name: User Identifier 768 Type of attribute: Media level 770 Subject to charset: No 772 Purpose of attribute: The 'userid' attribute carries the 773 integer representation of a User ID. 775 Allowed attribute values: A token 777 13.5. Registration of the SDP 'floorid' Attribute 779 The IANA has registered the following SDP att-field under the Session 780 Description Protocol (SDP) Parameters registry: 782 Contact name: Gonzalo.Camarillo@ericsson.com 784 Attribute name: floorid 786 Long-form attribute name: Floor Identifier 788 Type of attribute: Media level 790 Subject to charset: No 792 Purpose of attribute: The 'floorid' attribute associates a 793 floor with one or more media streams. 795 Allowed attribute values: Tokens 797 13.6. Registration of the SDP 'bfcpver' Attribute 799 The IANA has registered the following SDP att-field under the Session 800 Description Protocol (SDP) Parameters registry: 802 Contact name: Gonzalo.Camarillo@ericsson.com 803 Attribute name: bfcpver 805 Long-form attribute name: BFCP Version 807 Type of attribute: Media level 809 Subject to charset: No 811 Purpose of attribute: The 'bfcpver' attribute lists supported 812 BFCP versions. 814 Allowed attribute values: Tokens 816 14. Changes from RFC 4583 818 Following is the list of technical changes and other fixes from [15]. 820 Main purpose of this work was to add signaling support necessary to 821 support BFCP over unreliable transport, as described in [8], 822 resulting in the following changes: 824 1. Fields in the 'm' line (Section 3): 825 The section is re-written to remove reference to the exclusivity 826 of TCP as a transport for BFCP streams. The proto field values 827 UDP/BFCP and UDP/TLS/BFCP added. 829 2. Authentication (Section 9): 830 In last paragraph, made clear that a TCP connection was 831 described. 833 3. Security Considerations (Section 12): 834 For the DTLS over UDP case, mention existing considerations and 835 requirements for the offer/answer exchange in [13]. 837 4. Registration of SDP 'proto' Values (Section 13.1): 838 Register the two new values UDP/BFCP and UDP/TLS/BFCP in the SDP 839 parameters registry. 841 5. BFCP Version Negotiation (Section 7): 842 A new 'bfcpver' SDP media-level attribute is added in order to 843 signal supported version number. 845 Clarification and bug fixes: 847 1. Errata ID: 712 (Section 4 and Section 6): 848 Language clarification. Don't use terms like an SDP attribute is 849 "used in an 'm' line", instead make clear that the attribute is a 850 media-level attribute. 852 2. Fix typo in example (Section 11): 853 Do not use 'm-stream' in the SDP example, use the correct 'mstrm' 854 as specified in Section 11. Recommend interpreting 'm-stream' if 855 it is received, since it is present in some implementations. 857 3. Assorted clarifications (Across the document): 858 Language clarifications as a result of reviews. Also, the 859 normative language where tightened where appropriate, i.e. 860 changed from SHOULD strength to MUST in a number of places. 862 15. Acknowledgements 864 Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and 865 Oscar Novo provided useful ideas for the original [15]. The authors 866 also acknowledge contributions to the revision of BFCP for use over 867 an unreliable transport from Geir Arne Sandbakken, Charles Eckel, 868 Alan Ford, Eoin McLeod and Mark Thompson. Useful and important final 869 reviews were done by Ali C. Begen, Mary Barnes and Charles Eckel. 871 16. References 873 16.1. Normative References 875 [1] Bradner, S., "Key words for use in RFCs to Indicate 876 Requirement Levels", BCP 14, RFC 2119, 877 DOI 10.17487/RFC2119, March 1997, 878 . 880 [2] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 881 Specifications: ABNF", STD 68, RFC 5234, 882 DOI 10.17487/RFC5234, January 2008, 883 . 885 [3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 886 A., Peterson, J., Sparks, R., Handley, M., and E. 887 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 888 DOI 10.17487/RFC3261, June 2002, 889 . 891 [4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 892 with Session Description Protocol (SDP)", RFC 3264, 893 DOI 10.17487/RFC3264, June 2002, 894 . 896 [5] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 897 Housley, R., and W. Polk, "Internet X.509 Public Key 898 Infrastructure Certificate and Certificate Revocation List 899 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 900 . 902 [6] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 903 Mail Extensions (S/MIME) Version 3.2 Certificate 904 Handling", RFC 5750, DOI 10.17487/RFC5750, January 2010, 905 . 907 [7] Yon, D. and G. Camarillo, "TCP-Based Media Transport in 908 the Session Description Protocol (SDP)", RFC 4145, 909 DOI 10.17487/RFC4145, September 2005, 910 . 912 [8] Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C. 913 Eckel, "The Binary Floor Control Protocol (BFCP)", draft- 914 ietf-bfcpbis-rfc4582bis-16 (work in progress), November 915 2015. 917 [9] Levin, O. and G. Camarillo, "The Session Description 918 Protocol (SDP) Label Attribute", RFC 4574, 919 DOI 10.17487/RFC4574, August 2006, 920 . 922 [10] Lennox, J., "Connection-Oriented Media Transport over the 923 Transport Layer Security (TLS) Protocol in the Session 924 Description Protocol (SDP)", RFC 4572, 925 DOI 10.17487/RFC4572, July 2006, 926 . 928 [11] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 929 Description Protocol", RFC 4566, DOI 10.17487/RFC4566, 930 July 2006, . 932 [12] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 933 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 934 January 2012, . 936 [13] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework 937 for Establishing a Secure Real-time Transport Protocol 938 (SRTP) Security Context Using Datagram Transport Layer 939 Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 940 2010, . 942 [14] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor 943 Control Protocol (BFCP)", RFC 4582, DOI 10.17487/RFC4582, 944 November 2006, . 946 [15] Camarillo, G., "Session Description Protocol (SDP) Format 947 for Binary Floor Control Protocol (BFCP) Streams", 948 RFC 4583, DOI 10.17487/RFC4583, November 2006, 949 . 951 16.2. Informational References 953 [16] Lennox, J., Ott, J., and T. Schierl, "Source-Specific 954 Media Attributes in the Session Description Protocol 955 (SDP)", RFC 5576, DOI 10.17487/RFC5576, June 2009, 956 . 958 [17] Holmberg, C., Alvestrand, H., and C. Jennings, 959 "Negotiating Media Multiplexing Using the Session 960 Description Protocol (SDP)", draft-ietf-mmusic-sdp-bundle- 961 negotiation-32 (work in progress), August 2016. 963 [18] Nandakumar, S., "A Framework for SDP Attributes when 964 Multiplexing", draft-ietf-mmusic-sdp-mux-attributes-13 965 (work in progress), June 2016. 967 Authors' Addresses 969 Gonzalo Camarillo 970 Ericsson 971 Hirsalantie 11 972 FI-02420 Jorvas 973 Finland 975 Email: Gonzalo.Camarillo@ericsson.com 977 Tom Kristensen 978 Cisco 979 Philip Pedersens vei 1 980 NO-1366 Lysaker 981 Norway 983 Email: tomkrist@cisco.com, tomkri@ifi.uio.no 984 Paul E. Jones 985 Cisco 986 7025 Kit Creek Rd. 987 Research Triangle Park, NC 27709 988 USA 990 Email: paulej@packetizer.com