idnits 2.17.1 draft-ietf-mmusic-connectivity-precon-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 19. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 753. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 764. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 771. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 777. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Line 446 has weird spacing: '...ypes of preco...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 19, 2007) is 6003 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCxxxx' is mentioned on line 614, but not defined == Unused Reference: 'I-D.ietf-mmusic-ice-tcp' is defined on line 693, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2733 (Obsoleted by RFC 5109) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) -- Obsolete informational reference (is this intentional?): RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) == Outdated reference: A later version (-16) exists of draft-ietf-mmusic-ice-tcp-04 == Outdated reference: A later version (-18) exists of draft-ietf-behave-rfc3489bis-13 Summary: 3 errors (**), 0 flaws (~~), 6 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 MMUSIC Working Group F. Andreasen 2 Internet-Draft Cisco Systems, Inc. 3 Intended status: Standards Track G. Camarillo 4 Expires: May 22, 2008 Ericsson 5 D. Oran 6 D. Wing 7 Cisco Systems, Inc. 8 November 19, 2007 10 Connectivity Preconditions for Session Description Protocol Media 11 Streams 12 draft-ietf-mmusic-connectivity-precon-03.txt 14 Status of this Memo 16 By submitting this Internet-Draft, each author represents that any 17 applicable patent or other IPR claims of which he or she is aware 18 have been or will be disclosed, and any of which he or she becomes 19 aware will be disclosed, in accordance with Section 6 of BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt. 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 This Internet-Draft will expire on May 22, 2008. 39 Copyright Notice 41 Copyright (C) The IETF Trust (2007). 43 Abstract 45 This document defines a new connectivity precondition for the Session 46 Description Protocol (SDP) precondition framework. A connectivity 47 precondition can be used to delay session establishment or 48 modification until media stream connectivity has been successfully 49 verified. The method of verification may vary depending on the type 50 of transport used for the media. For unreliable datagram transports 51 such as UDP, verification involves probing the stream with data or 52 control packets. For reliable connection-oriented transports such as 53 TCP, verification can be achieved simply by successful connection 54 establishment or by probing the connection with data or control 55 packets, depending on the situation. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 3. Connectivity Precondition Definition . . . . . . . . . . . . . 3 62 3.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3.2. Operational Semantics . . . . . . . . . . . . . . . . . . 4 64 3.3. Status Type . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.4. Direction Tag . . . . . . . . . . . . . . . . . . . . . . 5 66 3.5. Precondition Strength . . . . . . . . . . . . . . . . . . 5 67 4. Verifying Connectivity . . . . . . . . . . . . . . . . . . . . 6 68 4.1. Media Stream to Dialog Correlation . . . . . . . . . . . . 6 69 4.2. Explicit Connectivity Verification Mechanisms . . . . . . 7 70 4.3. Verifying Connectivity for Connection-Oriented 71 Transports . . . . . . . . . . . . . . . . . . . . . . . . 9 72 5. Connectivity and Other Precondition Types . . . . . . . . . . 9 73 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 75 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 76 9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 15 77 9.1. Changes since -02 . . . . . . . . . . . . . . . . . . . . 15 78 9.2. Changes since -01 . . . . . . . . . . . . . . . . . . . . 15 79 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 80 10.1. Normative References . . . . . . . . . . . . . . . . . . . 15 81 10.2. Informative References . . . . . . . . . . . . . . . . . . 16 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 83 Intellectual Property and Copyright Statements . . . . . . . . . . 18 85 1. Introduction 87 The concept of a Session Description Protocol (SDP) [RFC4566] 88 precondition in the Session Initiation Protocol (SIP) [RFC3261] is 89 defined in [RFC3312] (updated by [RFC4032]). A precondition is a 90 condition that has to be satisfied for a given media stream in order 91 for session establishment or modification to proceed. When the 92 precondition is not met, session progress is delayed until the 93 precondition is satisfied or the session establishment fails. For 94 example, [RFC3312] defines the Quality of Service precondition, which 95 is used to ensure availability of network resources prior to 96 establishing a session (i.e., prior to starting alerting the callee). 98 SIP sessions are typically established in order to setup one or more 99 media streams. Even though a media stream may be negotiated 100 successfully through an SDP offer-answer exchange, the actual media 101 stream itself may fail. For example, when there is one or more 102 Network Address Translators (NATs) or firewalls in the media path, 103 the media stream may not be received by the far end. In cases where 104 the media is carried over a connection-oriented transport such as TCP 105 [RFC0793], the connection-establishment procedures may fail. The 106 connectivity precondition defined in this document ensures that 107 session progress is delayed until media stream connectivity has been 108 verified. 110 The connectivity precondition type defined in this document follows 111 the guidelines provided in [RFC4032] to extend the SIP preconditions 112 framework. 114 2. Terminology 116 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 117 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 118 document are to be interpreted as described in [RFC2119]. 120 3. Connectivity Precondition Definition 122 3.1. Syntax 124 The connectivity precondition type is defined by the string "conn" 125 and hence we modify the grammar found in [RFC3312] as follows: 127 precondition-type = "conn" | "qos" | token 129 This precondition tag is registered with the IANA in Section 8. 131 3.2. Operational Semantics 133 According to [RFC4032], documents defining new precondition types 134 need to describe the behavior of UAs (User Agents) from the moment 135 session establishment is suspended due to a set of preconditions 136 until is resumed when these preconditions are met. An entity that 137 wishes to delay session establishment or modification until media 138 stream connectivity has been established uses this precondition-type 139 in an offer. When a mandatory connectivity precondition is received 140 in an offer, session establishment or modification is delayed until 141 the connectivity precondition has been met (i.e., until media stream 142 connectivity has been established in the desired direction or 143 directions). The delay of session establishment defined here implies 144 that alerting of the called party does not occur until the 145 precondition has been satisfied. 147 Packets may be both sent and received on the media streams in 148 question. However, such packets SHOULD be limited to packets that 149 are necessary to verify connectivity between the two endpoints 150 involved on the media stream. That is, the underlying media stream 151 SHOULD NOT be cut through. For example, STUN packets 152 [I-D.ietf-behave-rfc3489bis], RTP [RFC3550] No-Op 153 [I-D.ietf-avt-rtp-no-op] packets and their corresponding RTCP 154 reports, as well as TCP SYN and ACK packets can be exchanged on media 155 streams that support them as a way of verifying connectivity. 157 Some media streams are described by a single 'm' line but, 158 nevertheless, involve multiple addresses. For example, [RFC2733] 159 specifies how to send FEC (Forward Error Correction) information as a 160 separate stream (the address for the FEC stream is provided in an 161 'a=fmtp' line). When a media stream consists of multiple destination 162 addresses, connectivity to all of them MUST be verified in order for 163 the precondition to be met. In the case of RTP-based media streams, 164 RTCP connectivity MAY be verified, but it is not a requirement. 166 3.3. Status Type 168 [RFC3312] defines support for two kinds of status types, namely 169 segmented and end-to-end. The connectivity precondition-type defined 170 here MUST be used with the end-to-end status type; use of the 171 segmented status type is undefined. 173 3.4. Direction Tag 175 The direction attributes defined in [RFC3312] are interpreted as 176 follows: 178 o send: the party that generated the session description is sending 179 packets on the media stream to the other party, and the other 180 party has received at least one of those packets. That is, there 181 is connectivity in the forward (sending) direction. 183 o recv: the other party is sending packets on the media stream to 184 the party that generated the session description, and this party 185 has received at least one of those packets. That is, there is 186 connectivity in the backwards (receiving) direction. 188 o sendrecv: both the send and recv conditions hold. 190 Note that a "send" connectivity precondition from the offerer's point 191 of view corresponds to a "recv" connectivity precondition from the 192 answerer's point of view, and vice versa. If media stream 193 connectivity in both directions is required before session 194 establishment or modification continues, the desired status needs to 195 be set to "sendrecv". 197 3.5. Precondition Strength 199 Connectivity preconditions may have a strength-tag of either 200 "mandatory" or "optional". 202 When a mandatory connectivity precondition is offered and the 203 answerer cannot satisfy the connectivity precondition (e.g., because 204 the offer does not include parameters that enable connectivity to be 205 verified without media cut through) the offer MUST be rejected as 206 described in [RFC3312]. 208 When an optional connectivity precondition is offered, the answerer 209 MUST generate its answer SDP as soon as possible. Since session 210 progress is not delayed in this case, it is not known whether the 211 associated media streams will have connectivity. If the answerer 212 wants to delay session progress until connectivity has been verified, 213 the answerer MUST increase the strength of the connectivity 214 precondition by using a strength-tag of "mandatory" in the answer. 216 Note that use of a "mandatory" precondition requires the presence of 217 a SIP "Require" header with the option tag "precondition". Any SIP 218 UA that does not support a mandatory precondition will reject such 219 requests. To get around this issue, an optional connectivity 220 precondition and the SIP "Supported" header with the option tag 221 "precondition" can be used instead. 223 Offers with connectivity preconditions in re-INVITEs or UPDATEs 224 follow the rules given in Section 6 of [RFC3312]. That is: 226 "Both user agents SHOULD continue using the old session parameters 227 until all the mandatory preconditions are met. At that moment, 228 the user agents can begin using the new session parameters." 230 4. Verifying Connectivity 232 Media stream connectivity is ascertained by use of a connectivity 233 verification mechanism between the media endpoints. A connectivity 234 verification mechanism may be an explicit mechanism, such as ICE 235 [I-D.ietf-mmusic-ice], or it may be an implicit mechanism, such as 236 TCP. Explicit mechanisms provide specifications for when 237 connectivity between two endpoints using an offer/answer exchange is 238 ascertained, whereas implicit mechanisms do not. The verification 239 mechanism is negotiated as part of the normal offer/answer exchange, 240 however it is not identified explicitly. More than one mechanism may 241 be negotiated, but the offerer and answerer need not use the same. 242 The following rules guide which connectivity verification mechanism 243 to use: 245 1. if an explicit connectivity verification mechanism (e.g., ICE) is 246 negotiated, the precondition is met when the mechanism verifies 247 connectivity successfully, otherwise 249 2. if a connection-oriented transport (e.g., TCP) is negotiated, the 250 precondition is met when the connection is established. 252 3. in other cases, an implicit verification mechanism may be 253 provided by the transport itself or the media stream data using 254 the transport (e.g., RTP no-op) 256 4. if none of the above apply, connectivity cannot be verified 257 reliably and the connectivity precondition will never be 258 satisfied if requested. 260 This document does not mandate any particular connectivity 261 verification mechanism; however, in the following, we provide 262 additional considerations for verification mechanisms. 264 4.1. Media Stream to Dialog Correlation 266 SIP and SDP do not provide any inherent capabilities for an incoming 267 media stream packet with a particular dialog. Thus, when an offerer 268 is trying to ascertain connectivity, and an incoming media stream 269 packet is received, the offerer may not know which dialog had its 270 "recv" connectivity verified. Explicit connectivity verification 271 mechanisms therefore typically provide a means to correlate the media 272 stream, whose connectivity is being verified, with a particular SIP 273 dialog. However, some connectivity verification mechanisms may not 274 provide such a correlation. Therefore, in the absence of a dialog- 275 to-media-stream correlation mechanism (e.g., ICE), a UAS (User Agent 276 Server) MUST NOT require the offerer to confirm a connectivity 277 precondition. 279 4.2. Explicit Connectivity Verification Mechanisms 281 Explicit connectivity verification mechanisms typically use probe 282 traffic with some sort of feedback to inform the sender whether 283 reception was successful. Below we provide two examples of such 284 mechanisms, and how they are used with connectivity preconditions: 286 Interactive Connectivity Establishment (ICE) [I-D.ietf-mmusic-ice] 287 provides one or more candidate addresses in signaling between the 288 offerer and the answerer and then uses STUN Binding Requests to 289 determine which pairs of candidate addresses have connectivity. Each 290 STUN Binding Request contains a password which is communicated in the 291 SDP as well; this enables correlation between STUN Binding Requests 292 and candidate addresses for a particular media stream. This 293 furthermore provides correlation with a particular SIP dialog. 295 ICE implementations may be either Full or Lite (see [I-D.ietf-mmusic- 296 ice]). Full implementations generate and respond to STUN Binding 297 Requests, whereas Lite implementations only respond to them. With 298 ICE, one side is a controlling agent, and the other side is a 299 controlled agent. A Full implementation can take on either role, 300 whereas a Lite implementation can only be a controlled agent. The 301 controlling agent decides which valid candidate to use and informs 302 the controlled agent of it by identifying the pair as the nominated 303 pair. This leads to the following connectivity precondition rules: 305 o A Full implementation ascertains both "send" and "recv" 306 connectivity when it operates as a STUN client and has sent a STUN 307 Binding Request that resulted in a successful check for all the 308 components of the media stream (as defined further in ICE). 310 o A Full or a Lite implementation ascertains "recv" connectivity 311 when it operates as a STUN server and has received a STUN Binding 312 Request that resulted in a successful response for all the 313 components of the media stream (as defined further in ICE). 315 o A Lite implementation ascertains "send" and "recv" connectivity 316 when the controlling agent has informed it of the nominated pair 317 for all the components of the media stream. 319 A simpler and slightly more delay-prone alternative to the above 320 rules is for all ICE implementations to ascertain "send" and "recv" 321 connectivity for a media stream when the ICE state for that media 322 stream has moved to Completed. 324 Note that there is never a need for the UAS to request confirmation 325 of the connectivity precondition when using ICE: the answerer can 326 determine the status locally. Also note, that when ICE is used to 327 verify connectivity preconditions, the precondition is not satisfied 328 until connectivity has been verified for all the component transport 329 addresses used by the media stream. For example, with an RTP-based 330 media stream where RTCP is not suppressed, connectivity MUST be 331 ascertained for both RTP and RTCP; this is a tightening of the 332 general operational semantics provided in Section Section 3.2, which 333 is imposed by ICE. Finally, it should be noted, that although 334 connectivity has been ascertained, a new offer/answer exchange may be 335 required before media can flow (per ICE). 337 RTP no-op [I-D.ietf-avt-rtp-no-op] enables the sender of an RTP No-Op 338 payload to verify send connectivity by examining the RTCP report(s) 339 being returned. In particular, the source SSRC in the RTCP report 340 block is used for correlation. The RTCP report block also contains 341 the SSRC of the sender of the report and the SSRC of incoming RTP 342 No-Op packets identifies the sender of the RTP packet. Thus, once 343 send connectivity has been ascertained, receipt of an RTP No-Op 344 packet from the same SSRC provides the necessary correlation to 345 determine receive connectivity. Alternatively, the duality of send 346 and receive preconditions can be exploited, with one side confirming 347 when his send precondition is satisfied, which in turn implies the 348 other sides recv precondition is satisfied. 350 The above are merely examples of explicit connectivity verification 351 mechanisms. Other techniques can be used as well. It is however 352 RECOMMENDED that ICE be supported by entities that support 353 connectivity preconditions. Use of ICE has the benefit of working 354 for all media streams (not just RTP) as well as facilitate NAT and 355 firewall traversal, which may otherwise interfere with connectivity. 356 Furthermore, the ICE recommendation provides a baseline to ensure 357 that all entities that require probe traffic to support the 358 connectivity preconditions have a common way of ascertaining 359 connectivity. 361 4.3. Verifying Connectivity for Connection-Oriented Transports 363 Connection-oriented transport protocols generally provide an implicit 364 connectivity verification mechanism. Connection establishment 365 involves sending traffic in both directions thereby verifying 366 connectivity at the transport protocol level. When the connection- 367 oriented protocol uses a three-way (or more) handshake for connection 368 establishment, there is no difference between the "send" and "recv" 369 precondition. In the case of TCP for example, once the TCP three-way 370 handshake has completed (SYN, SYN-ACK, ACK), the TCP connection is 371 established and data can be sent and received by either party (i.e., 372 both a send and a receive connectivity precondition has been 373 satisfied). SCTP [RFC4960] connections have similar semantics as TCP 374 and SHOULD be treated the same. 376 When a connection-oriented transport is part of an offer, it may be 377 passive, active, or active/passive [RFC4145]. When it is passive, 378 the offerer expects the answerer to initiate the connection 379 establishment, and when it is active, the offerer wants to initiate 380 the connection establishment. When it is active/passive, the 381 answerer decides. As noted earlier, lack of a media-stream-to-dialog 382 correlation mechanism can make it difficult to guarantee with whom 383 connectivity has been ascertained. When the offerer takes on the 384 passive role, the offerer will not necessarily know which SIP dialog 385 originated an incoming connection request. If the offerer instead is 386 active, this problem is avoided. 388 5. Connectivity and Other Precondition Types 390 The role of a connectivity precondition is to ascertain media stream 391 connectivity before establishing or modifying a session. The 392 underlying intent is for the two parties to be able to exchange media 393 packets successfully. Connectivity by itself however may not fully 394 satisfy this. Quality of Service for example may be required for the 395 media stream; this can be addressed by use of the "qos" preconditions 396 defined in [RFC3312]. Similarly, succesful security parameter 397 negotiation may be another prequisite to meeting this; this can be 398 addressed by use of the "sec" preconditions defined in [RFC5027]. 400 6. Examples 402 The first example uses the connectivity precondition with TCP in the 403 context of a session involving a wireless access medium. Both UAs 404 use a radio access network that does not allow them to send any data 405 (not even a TCP SYN) until a radio bearer has been setup for the 406 connection. Figure 1 shows the message flow of this example (the 407 PRACK transaction has been omitted for clarity): 409 A B 410 | INVITE | 411 | a=curr:conn e2e none | 412 | a=des:conn mandatory e2e sendrecv | 413 | a=setup:holdconn | 414 |----------------------------------->| 415 | | 416 | 183 Session Progress | 417 | a=curr:conn e2e none | 418 | a=des:conn mandatory e2e sendrecv | 419 | a=setup:holdconn | 420 |<-----------------------------------| 421 | | 422 | UPDATE | 423 | a=curr:conn e2e none | 424 | a=des:conn mandatory e2e sendrecv | 425 A's radio | a=setup:actpass | 426 bearer is +----------------------------------->| 427 up | | 428 | 200 OK | 429 | a=curr:conn e2e none | 430 | a=des:conn mandatory e2e sendrecv | 431 | a=setup:active | 432 |<-----------------------------------| 433 | | 434 | | 435 | | 436 | | B's radio 437 |<---TCP Connection Establishment--->+ bearer is up 438 | | B sends TCP SYN 439 | | 440 | | 441 | 180 Ringing | TCP connection 442 |<-----------------------------------+ is up 443 | | B alerts the user 444 | | 446 Figure 1: Message flow with two types of preconditions 448 A sends an INVITE requesting connection-establishment preconditions. 449 The setup attribute in the offer is set to holdconn [RFC4145] because 450 A cannot send or receive any data before setting up a radio bearer 451 for the connection. 453 B agrees to use the connectivity precondition by sending a 183 454 (Session Progress) response. The setup attribute in the answer is 455 also set to holdconn because B, like A, cannot send or receive any 456 data before setting up a radio bearer for the connection. 458 When A's radio bearer is ready, A sends an UPDATE to B with a setup 459 attribute with a value of actpass. This attribute indicates that A 460 can perform an active or a passive TCP open. A is letting B choose 461 which endpoint will initiate the connection. 463 Since B's radio bearer is not ready yet, B chooses to be the one 464 initiating the connection and indicates so with a setup attribute 465 with a value of active. At a later point, when B's radio bearer is 466 ready, B initiates the TCP connection towards A. 468 Once the TCP connection is established successfully, B alerts the 469 callee and sends a 180 (Ringing) response. 471 The second example shows a basic SIP session establishment using SDP 472 connectivity preconditions and RTP No-Op. Note that not all SDP 473 details are provided in the following. The message flow for this 474 scenario is shown in Figure 2 below. 476 A B 478 | | 479 |-------------(1) INVITE SDP1--------------->| 480 | | 481 |<------(2) 183 Session Progress SDP2--------| 482 | | 483 |<~~~~~ Connectivity check to A ~~~~~~~~~~~~~| 484 | | 485 |----------------(3) PRACK------------------>| 486 | | 487 |~~~~~ Connectivity to A OK ~~~~~~~~~~~~~~~~>| 488 | | 489 |<-----------(4) 200 OK (PRACK)--------------| 490 | | 491 |~~~~~ Connectivity check to B ~~~~~~~~~~~~~>| 492 |<~~~~ Connectivity to B OK ~~~~~~~~~~~~~~~~~| 493 | | 494 |-------------(5) UPDATE SDP3--------------->| 495 | | 496 |<--------(6) 200 OK (UPDATE) SDP4-----------| 497 | | 498 |<-------------(7) 180 Ringing---------------| 499 | | 500 | | 501 | | 503 Figure 2: Connectivity precondition with RTP no-op 505 SDP1: A includes a mandatory end-to-end connectivity precondition 506 with a desired status of "sendrecv"; this will ensure media stream 507 connectivity in both directions before continuing with the session 508 setup. Since media stream connectivity in either direction is 509 unknown at this point, the current status is set to "none". A's 510 local status table (see [RFC3312]) for the connectivity precondition 511 is as follows: 513 Direction | Current | Desired Strength | Confirm 514 -----------+----------+------------------+---------- 515 send | no | mandatory | no 516 recv | no | mandatory | no 518 and the resulting offer SDP is: 520 m=audio 20000 RTP/AVP 0 96 521 c=IN IP4 192.0.2.1 522 a=rtpmap:96 no-op/8000 523 a=curr:conn e2e none 524 a=des:conn mandatory e2e sendrecv 526 SDP2: When B receives the offer, B sees the mandatory sendrecv 527 connectivity precondition. B can ascertain connectivity to A ("send" 528 from B's point of view) by use of the RTP No-Op, however B wants A to 529 inform it about connectivity in the other direction ("recv" from B's 530 point of view). B's local status table therefore looks as follows: 532 Direction | Current | Desired Strength | Confirm 533 -----------+----------+------------------+---------- 534 send | no | mandatory | no 535 recv | no | mandatory | no 537 Since B wants to ask A for confirmation about the "recv" (from B's 538 point of view) connectivity precondition, the resulting answer SDP 539 becomes: 541 m=audio 30000 RTP/AVP 0 96 542 a=rtpmap:96 no-op/8000 543 c=IN IP4 192.0.2.4 544 a=curr:conn e2e none 545 a=des:conn mandatory e2e sendrecv 546 a=conf:conn e2e recv 548 Meanwhile, B performs a connectivity check to A, which succeeds and 549 hence B's local status table is updated as follows: 551 Direction | Current | Desired Strength | Confirm 552 -----------+----------+------------------+---------- 553 send | yes | mandatory | no 554 recv | no | mandatory | no 556 Since the "recv" connectivity precondition (from B's point of view) 557 is still not satisfied, session establishment remains suspended. 559 SDP3: When A receives the answer SDP, A notes that confirmation was 560 requested for B's "recv" connectivity precondition, which is the 561 "send" precondition from A's point of view. A performs a 562 connectivity check to B, which succeeds, and A's local status table 563 becomes: 565 Direction | Current | Desired Strength | Confirm 566 -----------+----------+------------------+---------- 567 send | yes | mandatory | yes 568 recv | no | mandatory | no 570 Since B asked for confirmation about the "send" connectivity (from 571 A's point of view), A now sends an UPDATE (5) to B to confirm the 572 connectivity from A to B: 574 m=audio 20000 RTP/AVP 0 96 575 a=rtpmap:96 no-op/8000 576 c=IN IP4 192.0.2.1 577 a=curr:conn e2e send 578 a=des:conn mandatory e2e sendrecv 580 7. Security Considerations 582 In addition to the general security considerations for preconditions 583 provided in [RFC3312], the following security issues, which are 584 specific to connectivity preconditions, should be considered. 586 Connectivity preconditions rely on mechanisms beyond SDP such as 587 TCP[RFC0793] connection establishment, RTP No-Op 588 [I-D.ietf-avt-rtp-no-op], or STUN [I-D.ietf-behave-rfc3489bis] to 589 establish and verify connectivity between an offerer and an answerer. 590 An attacker that prevents those mechanism from succeeding can prevent 591 media sessions from being established and hence it is RECOMMENDED 592 that such mechanisms are adequately secured by message authentication 593 and integrity protection. Also, the mechanisms SHOULD consider how 594 to prevent denial of service attacks. Similarly, an attacker that 595 can forge packets for these mechanisms can enable sessions to be 596 established when there in fact is no media connectivity, which may 597 lead to a poor user experience. Authentication and integrity 598 protection of such mechanisms can prevent this type of attacks and 599 hence use of it is RECOMMENDED. 601 It is also strongly RECOMMENDED that integrity protection be applied 602 to the SDP session descriptions. S/MIME [RFC3853] is the natural 603 choice to provide such end-to-end integrity protection, as described 604 in [RFC3261]. 606 8. IANA Considerations 608 IANA is hereby requested to register a new precondition type under 609 the Precondition Types used with SIP subregistry, which is located 610 under the Session Initiation Protocol (SIP) Parameters registry. 612 Precondition-Type Description Reference 613 ----------------- ----------------------------------- --------- 614 conn Connectivity precondition [RFCxxxx] 616 [Note to the RFC Editor: replace RFCxxxx with the number assigned to 617 this RFC.] 619 9. Change Log 621 9.1. Changes since -02 623 Connectivity preconditions are now mechanism agnostic. Clarified 624 when and how to use ICE, RTP no-op, and connection establishment 625 procedures to check connectivity. Clarified relation with other 626 precondition types. 628 9.2. Changes since -01 630 There are no changes since the previous version of the document. 632 10. References 634 10.1. Normative References 636 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 637 Requirement Levels", BCP 14, RFC 2119, March 1997. 639 [RFC2733] Rosenberg, J. and H. Schulzrinne, "An RTP Payload Format 640 for Generic Forward Error Correction", RFC 2733, 641 December 1999. 643 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 644 A., Peterson, J., Sparks, R., Handley, M., and E. 645 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 646 June 2002. 648 [RFC3312] Camarillo, G., Marshall, W., and J. Rosenberg, 649 "Integration of Resource Management and Session Initiation 650 Protocol (SIP)", RFC 3312, October 2002. 652 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 653 Jacobson, "RTP: A Transport Protocol for Real-Time 654 Applications", STD 64, RFC 3550, July 2003. 656 [RFC3853] Peterson, J., "S/MIME Advanced Encryption Standard (AES) 657 Requirement for the Session Initiation Protocol (SIP)", 658 RFC 3853, July 2004. 660 [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session 661 Initiation Protocol (SIP) Preconditions Framework", 662 RFC 4032, March 2005. 664 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 665 Description Protocol", RFC 4566, July 2006. 667 10.2. Informative References 669 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, 670 RFC 793, September 1981. 672 [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in 673 the Session Description Protocol (SDP)", RFC 4145, 674 September 2005. 676 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", 677 RFC 4960, September 2007. 679 [RFC5027] Andreasen, F. and D. Wing, "Security Preconditions for 680 Session Description Protocol (SDP) Media Streams", 681 RFC 5027, October 2007. 683 [I-D.ietf-avt-rtp-no-op] 684 Andreasen, F., "A No-Op Payload Format for RTP", 685 draft-ietf-avt-rtp-no-op-04 (work in progress), May 2007. 687 [I-D.ietf-mmusic-ice] 688 Rosenberg, J., "Interactive Connectivity Establishment 689 (ICE): A Protocol for Network Address Translator (NAT) 690 Traversal for Offer/Answer Protocols", 691 draft-ietf-mmusic-ice-19 (work in progress), October 2007. 693 [I-D.ietf-mmusic-ice-tcp] 694 Rosenberg, J., "TCP Candidates with Interactive 695 Connectivity Establishment (ICE", 696 draft-ietf-mmusic-ice-tcp-04 (work in progress), 697 July 2007. 699 [I-D.ietf-behave-rfc3489bis] 700 Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 701 "Session Traversal Utilities for (NAT) (STUN)", 702 draft-ietf-behave-rfc3489bis-13 (work in progress), 703 November 2007. 705 Authors' Addresses 707 Flemming Andreasen 708 Cisco Systems, Inc. 709 499 Thornall Street, 8th Floor 710 Edison, NJ 08837 711 USA 713 Email: fandreas@cisco.com 715 Gonzalo Camarillo 716 Ericsson 717 Hirsalantie 11 718 Jorvas 02420 719 Finland 721 Email: Gonzalo.Camarillo@ericsson.com 723 David Oran 724 Cisco Systems, Inc. 725 7 Ladyslipper Lane 726 Acton, MA 01720 727 USA 729 Email: oran@cisco.com 731 Dan Wing 732 Cisco Systems, Inc. 733 170 West Tasman Drive 734 San Jose, CA 94301 735 USA 737 Email: dwing@cisco.com 739 Full Copyright Statement 741 Copyright (C) The IETF Trust (2007). 743 This document is subject to the rights, licenses and restrictions 744 contained in BCP 78, and except as set forth therein, the authors 745 retain all their rights. 747 This document and the information contained herein are provided on an 748 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 749 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 750 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 751 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 752 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 753 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 755 Intellectual Property 757 The IETF takes no position regarding the validity or scope of any 758 Intellectual Property Rights or other rights that might be claimed to 759 pertain to the implementation or use of the technology described in 760 this document or the extent to which any license under such rights 761 might or might not be available; nor does it represent that it has 762 made any independent effort to identify any such rights. Information 763 on the procedures with respect to rights in RFC documents can be 764 found in BCP 78 and BCP 79. 766 Copies of IPR disclosures made to the IETF Secretariat and any 767 assurances of licenses to be made available, or the result of an 768 attempt made to obtain a general license or permission for the use of 769 such proprietary rights by implementers or users of this 770 specification can be obtained from the IETF on-line IPR repository at 771 http://www.ietf.org/ipr. 773 The IETF invites any interested party to bring to its attention any 774 copyrights, patents or patent applications, or other proprietary 775 rights that may cover technology that may be required to implement 776 this standard. Please address the information to the IETF at 777 ietf-ipr@ietf.org. 779 Acknowledgment 781 Funding for the RFC Editor function is provided by the IETF 782 Administrative Support Activity (IASA).