idnits 2.17.1 draft-ietf-mmusic-sctp-sdp-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (March 12, 2012) is 4421 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4288 (Obsoleted by RFC 6838) ** Obsolete normative reference: RFC 4347 (Obsoleted by RFC 6347) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 4572 (Obsoleted by RFC 8122) ** Obsolete normative reference: RFC 4960 (Obsoleted by RFC 9260) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) == Outdated reference: A later version (-01) exists of draft-tuexen-tsvwg-sctp-dtls-encaps-00 == Outdated reference: A later version (-09) exists of draft-ietf-behave-sctpnat-04 == Outdated reference: A later version (-07) exists of draft-tuexen-sctp-udp-encaps-06 Summary: 6 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC S. Loreto 3 Internet-Draft G. Camarillo 4 Intended status: Standards Track Ericsson 5 Expires: September 13, 2012 March 12, 2012 7 Stream Control Transmission Protocol (SCTP)-Based Media Transport in the 8 Session Description Protocol (SDP) 9 draft-ietf-mmusic-sctp-sdp-01 11 Abstract 13 SCTP (Stream Control Transmission Protocol) is a transport protocol 14 used to establish associations between two endpoints. This document 15 describes how to express media transport over SCTP in SDP (Session 16 Description Protocol). This document defines the 'SCTP', 'SCTP/DTLS' 17 and 'DTLS/SCTP' protocol identifiers for SDP. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on September 13, 2012. 36 Copyright Notice 38 Copyright (c) 2012 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Protocol Identifier . . . . . . . . . . . . . . . . . . . . . 4 56 4. The Setup and Connection Attributes and Association 57 Management . . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 5. Multihoming . . . . . . . . . . . . . . . . . . . . . . . . . 5 59 6. Network Address Translation (NAT) Considerations . . . . . . . 5 60 7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 7.1. Actpass/Passive . . . . . . . . . . . . . . . . . . . . . 6 62 7.2. Existing Connection Reuse . . . . . . . . . . . . . . . . 7 63 7.3. SDP description for DTLS Connection . . . . . . . . . . . 7 64 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 65 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 66 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 67 10.1. Normative References . . . . . . . . . . . . . . . . . . . 8 68 10.2. Informative References . . . . . . . . . . . . . . . . . . 9 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 71 1. Introduction 73 SDP (Session Description Protocol) [RFC4566] provides a general- 74 purpose format for describing multimedia sessions in announcements or 75 invitations. RFC4145 [RFC4145] specifies a general mechanism for 76 describing and establishing TCP (Transmission Control Protocol) 77 streams. RFC 4572 [RFC4572] extends RFC4145 [RFC4145] for describing 78 TCP-based media streams that are protected using TLS (Transport Layer 79 Security) [RFC5246]. 81 This document defines a new protocol identifier, 'SCTP', to describe 82 SCTP-based [RFC4960] media streams. Additionally, this document 83 specifies the use of the 'setup' and 'connection' SDP attributes to 84 establish SCTP associations. These attributes were defined in 85 RFC4145 [RFC4145] for TCP. This document discusses their use with 86 SCTP. 88 Additionally this document defines two new protocol identifiers: 90 SCTP/DTLS : to allow the usage of the Datagram Transport Layer 91 Security (DTLS) [RFC4347] protocol over SCTP, as specified in 92 [RFC6083], using SDP. DTLS over SCTP provides communications 93 privacy for applications that use SCTP as their transport 94 protocol. 96 DTLS/SCTP : to allow the usage of SCTP on top of the Datagram 97 Transport Layer Security (DTLS) protocol, as defined in 98 [I-D.tuexen-tsvwg-sctp-dtls-encaps], using SDP. SCTP over DTLS is 99 used by the RTCWeb protocol suite for transporting non- media data 100 between browsers. 102 The authentication certificates are interpreted and validated as 103 defined in RFC4572 [RFC4572]. Self-signed certificates can be used 104 securely, provided that the integrity of the SDP description is 105 assured as defined in RFC4572 [RFC4572]. 107 TLS is designed to run on top of a byte-stream oriented transport 108 protocol providing a realible, in-sequence delivery like TCP. Since 109 no-one so far has implemented SCTP over TLS, due to some serious 110 limitations described in [RFC6083], this document does not make use 111 of TLS over SCTP as described in RFC3436 [RFC3436]. 113 2. Terminology 115 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 116 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT 117 RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as 118 described in BCP 14, RFC 2119 [RFC2119] and indicate requirement 119 levels for compliant implementations. 121 3. Protocol Identifier 123 The following is the format for an 'm' line, as specified in RFC4566 124 [RFC4566]: 126 m= ... 128 This document defines three new values for the 'proto' field: 'SCTP', 129 'SCTP/DTLS' and 'DTLS/SCTP'. 131 The 'SCTP' protocol identifier is similar to both the 'UDP' and 'TCP' 132 protocol identifiers in that it only describes the transport protocol 133 and not the upper-layer protocol. Media described using an 'm' line 134 containing the 'SCTP' protocol identifier are carried using SCTP 135 [RFC4960]. 137 The 'SCTP/DTLS' protocol identifier indicates that the media 138 described will use the Datagram Transport Layer Security (DTLS) 139 [RFC4347] over SCTP as specified in [RFC6083]. 141 The 'DTLS/SCTP' protocol identifier indicates that the media 142 described will use SCTP on top of the Datagram Transport Layer 143 Security (DTLS) protocol as specified in 144 [I-D.tuexen-tsvwg-sctp-dtls-encaps]. 146 An 'm' line that specifies 'SCTP' or 'SCTP/DTLS' or 'DTLS/SCTP' MUST 147 further qualify the application-layer protocol using an fmt 148 identifier. 150 An 'm' line that specifies 'SCTP/DTLS' or 'DTLS/SCTP' MUST further 151 provide a certificate fingerprint. An SDP attribute (an 'a' line) is 152 used to transport and exchange end point certificate. The 153 authentication certificates are interpreted and validated as defined 154 in [RFC4572]. 156 4. The Setup and Connection Attributes and Association Management 158 The use of the 'setup' and 'connection' attributes in the context of 159 an SCTP association is identical to the use of these attributes in 160 the context of a TCP connection. That is, SCTP endpoints MUST follow 161 the rules in Sections 4 and 5 of RFC 4145 [RFC4145] when it comes to 162 the use of the 'setup' and 'connection' attributes in offer/answer 163 [RFC3264] exchanges. 165 The management of an SCTP association is identical to the management 166 of a TCP connection. That is, SCTP endpoints MUST follow the rules 167 in Section 6 of RFC 4145 [RFC4145] to manage SCTP associations. 168 Whether to use the SCTP ordered or unordered delivery service is up 169 to the applications using the SCTP association. 171 5. Multihoming 173 An SCTP endpoint, unlike a TCP endpoint, can be multihomed. An SCTP 174 endpoint is considered to be multihomed if it has more than one IP 175 address. A multihomed SCTP endpoint informs a remote SCTP endpoint 176 about all its IP addresses using the address parameters of the INIT 177 or the INIT-ACK chunk (depending on whether the multihomed endpoint 178 is the one initiating the establishment of the association). 179 Therefore, once the address provided in the 'c' line has been used to 180 establish the SCTP association (i.e., to send the INIT chunk), 181 address management is performed using SCTP. This means that two SCTP 182 endpoints can use addresses that were not listed in the 'c' line but 183 that were negotiated using SCTP mechanisms. 185 During the lifetime of an SCTP association, the endpoints can add and 186 remove new addresses from the association at any point [RFC5061]. If 187 an endpoint removes the IP address listed in its 'c' line from the 188 SCTP association, the endpoint MUST update the 'c' line (e.g., by 189 sending a re-INVITE with a new offer) so that it contains an IP 190 address that is valid within the SCTP association. 192 In some environments, intermediaries performing firewall control use 193 the addresses in offer/answer exchanges to perform media 194 authorization. That is, policy-enforcement network elements do not 195 let media through unless it is sent to the address in the 'c' line. 197 In such network environments, the SCTP endpoints can only exchange 198 media using the IP addresses listed in their 'c' lines. In these 199 environments, an endpoint wishing to use a different address needs to 200 update its 'c' line (e.g., by sending a re-INVITE with a new offer) 201 so that it contains the new IP address. 203 It is worth to underline that when using SCTP on top of DTLS, only 204 single homed SCTP associations can be used, since DTLS does not 205 expose any address management to its upper layer. 207 6. Network Address Translation (NAT) Considerations 209 SCTP specific features (not present in UDP/TCP), such as the checksum 210 (CRC32c) value calculated on the whole packet (not just the header) 211 or its multihoming capabilities, present new challenges for NAT 212 traversal. [I-D.ietf-behave-sctpnat] describes an SCTP specific 213 variant of NAT, which provides similar features of Network Address 214 and Port Translation (NAPT). 216 Current NATs do not typically support SCTP. As an alternative to 217 design SCTP specific NATs, Encapsulating SCTP into UDP 218 [I-D.tuexen-sctp-udp-encaps] makes it possible to use SCTP in 219 networks with legacy NAT and firewalls not supporting SCTP. 221 At the time of writing, the work on NAT traversal for SCTP is still 222 work in progress. Additionally, no extension has been defined to 223 integrate ICE (Interactive Connectivity Establishment) [RFC5768] with 224 SCTP and its multihoming capabilities either. Therefore, this 225 specification does not define how to describe SCTP-over-UDP streams 226 in SDP or how to establish and maintain SCTP associations using ICE. 227 Should these features be specified for SCTP in the future, there will 228 be a need to specify how to use them in an SDP environment as well. 230 7. Examples 232 The following examples show the use of the 'setup' and 'connection' 233 SDP attributes. As discussed in Section 4, the use of these 234 attributes with an SCTP association is identical to their use with a 235 TCP connection. For the purpose of brevity, the main portion of the 236 session description is omitted in the examples, which only show 'm' 237 lines and their attributes (including 'c' lines). 239 7.1. Actpass/Passive 241 An offerer at 192.0.2.2 signals its availability for an SCTP 242 association at SCTP port 54111. Additionally, this offerer is also 243 willing to initiate the SCTP association: 245 m=image 54111 SCTP * 246 c=IN IP4 192.0.2.2 247 a=setup:actpass 248 a=connection:new 250 Figure 1 252 The endpoint at 192.0.2.1 responds with the following description: 254 m=image 54321 SCTP * 255 c=IN IP4 192.0.2.1 256 a=setup:passive 257 a=connection:new 259 Figure 2 261 This will cause the offerer (at 192.0.2.2) to initiate an SCTP 262 association to port 54321 at 192.0.2.1. 264 7.2. Existing Connection Reuse 266 Subsequent to the exchange in Section 7.1, another offer/answer 267 exchange is initiated in the opposite direction. The endpoint at 268 192.0.2.1, which now acts as the offerer, wishes to continue using 269 the existing association: 271 m=application 54321 SCTP * 272 c=IN IP4 192.0.2.1 273 a=setup:passive 274 a=connection:new 276 Figure 3 278 The endpoint at 192.0.2.2 also wishes to use the existing SCTP 279 association and responds with the following description: 281 m=application 9 SCTP * 282 c=IN IP4 192.0.2.2 283 a=setup:active 284 a=connection:new 286 Figure 4 288 The existing SCTP association between 192.0.2.2 and 192.0.2.1 will be 289 reused. 291 7.3. SDP description for DTLS Connection 293 An offerer at 192.0.2.2 signals the availability of a T.38 fax 294 session over SCTP/DTLS. 296 m=image 54111 SCTP/DTLS t38 297 c=IN IP4 192.0.2.2 298 a=setup:actpass 299 a=connection:new 300 a=fingerprint:SHA-1 \ 301 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 303 Figure 5 305 8. Security Considerations 307 See RFC 4566 [RFC4566] for security considerations on the use of SDP 308 in general. See RFC 3264 [RFC3264], RFC 4145 [RFC4145] and RFC 4572 309 [RFC4572] for security considerations on establishing media streams 310 using offer/answer exchanges. See RFC 4960 [RFC4960] for security 311 considerations on SCTP in general and [RFC6083] for security 312 consideration using DTLS on top of SCTP. This specification does not 313 introduce any new security consideration in addition to the ones 314 discussed in those specifications. 316 9. IANA Considerations 318 This document defines three new proto values: 'SCTP', 'SCTP/DTLS' and 319 'DTLS/SCTP'. Their formats are defined in Section 3. These proto 320 values should be registered by the IANA under "Session Description 321 Protocol (SDP) Parameters" under "proto". 323 The SDP specification, [RFC4566], states that specifications defining 324 new proto values, like the SCTP, SCTP/DTLS and DTLS/SCTP proto values 325 defined in this RFC, must define the rules by which their media 326 format (fmt) namespace is managed. For the SCTP protocol, new 327 formats SHOULD have an associated MIME registration. Use of an 328 existing MIME subtype for the format is encouraged. If no MIME 329 subtype exists, it is RECOMMENDED that a suitable one is registered 330 through the IETF process [RFC4288] [RFC4289] by production of, or 331 reference to, a standards-track RFC that defines the transport 332 protocol for the format. 334 10. References 336 10.1. Normative References 338 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 339 Requirement Levels", BCP 14, RFC 2119, March 1997. 341 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 342 with Session Description Protocol (SDP)", RFC 3264, 343 June 2002. 345 [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in 346 the Session Description Protocol (SDP)", RFC 4145, 347 September 2005. 349 [RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and 350 Registration Procedures", BCP 13, RFC 4288, December 2005. 352 [RFC4289] Freed, N. and J. Klensin, "Multipurpose Internet Mail 353 Extensions (MIME) Part Four: Registration Procedures", 354 BCP 13, RFC 4289, December 2005. 356 [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 357 Security", RFC 4347, April 2006. 359 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 360 Description Protocol", RFC 4566, July 2006. 362 [RFC4572] Lennox, J., "Connection-Oriented Media Transport over the 363 Transport Layer Security (TLS) Protocol in the Session 364 Description Protocol (SDP)", RFC 4572, July 2006. 366 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", 367 RFC 4960, September 2007. 369 [RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M. 370 Kozuka, "Stream Control Transmission Protocol (SCTP) 371 Dynamic Address Reconfiguration", RFC 5061, 372 September 2007. 374 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 375 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 377 [I-D.tuexen-tsvwg-sctp-dtls-encaps] 378 Jesup, R., Loreto, S., Stewart, R., and M. Tuexen, "DTLS 379 Encapsulation of SCTP Packets for RTCWEB", 380 draft-tuexen-tsvwg-sctp-dtls-encaps-00 (work in progress), 381 March 2012. 383 10.2. Informative References 385 [RFC3436] Jungmaier, A., Rescorla, E., and M. Tuexen, "Transport 386 Layer Security over Stream Control Transmission Protocol", 387 RFC 3436, December 2002. 389 [RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram 390 Transport Layer Security (DTLS) for Stream Control 391 Transmission Protocol (SCTP)", RFC 6083, January 2011. 393 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 394 Connectivity Establishment (ICE) in the Session Initiation 395 Protocol (SIP)", RFC 5768, April 2010. 397 [I-D.ietf-behave-sctpnat] 398 Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control 399 Transmission Protocol (SCTP) Network Address Translation", 400 draft-ietf-behave-sctpnat-04 (work in progress), 401 December 2010. 403 [I-D.tuexen-sctp-udp-encaps] 404 Tuexen, M. and R. Stewart, "UDP Encapsulation of SCTP 405 Packets", draft-tuexen-sctp-udp-encaps-06 (work in 406 progress), January 2011. 408 Authors' Addresses 410 Salvatore Loreto 411 Ericsson 412 Hirsalantie 11 413 Jorvas 02420 414 Finland 416 Email: Salvatore.Loreto@ericsson.com 418 Gonzalo Camarillo 419 Ericsson 420 Hirsalantie 11 421 Jorvas 02420 422 Finland 424 Email: Gonzalo.Camarillo@ericsson.com