idnits 2.17.1 draft-ietf-mmusic-sctp-sdp-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 3 instances of too long lines in the document, the longest one being 19 characters in excess of 72. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 234 has weird spacing: '...-number proto...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (June 30, 2013) is 3925 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4288 (Obsoleted by RFC 6838) ** Obsolete normative reference: RFC 4347 (Obsoleted by RFC 6347) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) ** Obsolete normative reference: RFC 4572 (Obsoleted by RFC 8122) ** Obsolete normative reference: RFC 4960 (Obsoleted by RFC 9260) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) == Outdated reference: A later version (-09) exists of draft-ietf-behave-sctpnat-08 Summary: 7 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC S. Loreto 3 Internet-Draft G. Camarillo 4 Intended status: Standards Track Ericsson 5 Expires: January 1, 2014 June 30, 2013 7 Stream Control Transmission Protocol (SCTP)-Based Media Transport in the 8 Session Description Protocol (SDP) 9 draft-ietf-mmusic-sctp-sdp-04 11 Abstract 13 SCTP (Stream Control Transmission Protocol) is a transport protocol 14 used to establish associations between two endpoints. This document 15 describes how to express media transport over SCTP in SDP (Session 16 Description Protocol). This document defines the 'SCTP', 'SCTP/DTLS' 17 and 'DTLS/SCTP' protocol identifiers for SDP. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on January 1, 2014. 36 Copyright Notice 38 Copyright (c) 2013 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Protocol Identifier . . . . . . . . . . . . . . . . . . . . . 4 56 4. Media Formats . . . . . . . . . . . . . . . . . . . . . . . . 5 57 4.1. Media Descriptions . . . . . . . . . . . . . . . . . . . . 5 58 5. Media attributes . . . . . . . . . . . . . . . . . . . . . . . 6 59 5.1. sctpmap Attribute . . . . . . . . . . . . . . . . . . . . 6 60 6. The Setup and Connection Attributes and Association 61 Management . . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 7. Multihoming . . . . . . . . . . . . . . . . . . . . . . . . . 7 63 8. Network Address Translation (NAT) Considerations . . . . . . . 7 64 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 65 9.1. Actpass/Passive . . . . . . . . . . . . . . . . . . . . . 8 66 9.2. Existing Connection Reuse . . . . . . . . . . . . . . . . 9 67 9.3. SDP description for SCTP over DTLS Connection . . . . . . 9 68 10. Security Considerations . . . . . . . . . . . . . . . . . . . 10 69 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 70 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 71 12.1. Normative References . . . . . . . . . . . . . . . . . . . 10 72 12.2. Informative References . . . . . . . . . . . . . . . . . . 11 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 75 1. Introduction 77 SDP (Session Description Protocol) [RFC4566] provides a general- 78 purpose format for describing multimedia sessions in announcements or 79 invitations. TCP-Based Media Transport in the Session Description 80 Protocol (SDP) [RFC4145] specifies a general mechanism for describing 81 and establishing TCP (Transmission Control Protocol) streams. 82 Connection-Oriented Media Transport over the Transport Layer Security 83 (TLS) Protocol in the Session Description Protocol (SDP) [RFC4572] 84 extends RFC4145 [RFC4145] for describing TCP-based media streams that 85 are protected using TLS (Transport Layer Security) [RFC5246]. 87 This document defines three new protocol identifiers: 89 SCTP : to describe SCTP-based [RFC4960] media streams. 91 SCTP/DTLS : to allow the usage of the Datagram Transport Layer 92 Security (DTLS) [RFC4347] protocol over SCTP, as specified in 93 [RFC6083], using SDP. DTLS over SCTP provides communications 94 privacy for applications that use SCTP as their transport 95 protocol. 97 DTLS/SCTP : to allow the usage of SCTP on top of the Datagram 98 Transport Layer Security (DTLS) protocol, as defined in 99 [I-D.tuexen-tsvwg-sctp-dtls-encaps], using SDP. SCTP over DTLS is 100 used by the RTCWeb protocol suite for transporting non-media data 101 between browsers. 103 The authentication certificates are interpreted and validated as 104 defined in RFC4572 [RFC4572]. Self-signed certificates can be used 105 securely, provided that the integrity of the SDP description is 106 assured as defined in RFC4572 [RFC4572]. 108 TLS is designed to run on top of a byte-stream oriented transport 109 protocol providing a reliable, in-sequence delivery like TCP. Since 110 no-one so far has implemented SCTP over TLS, due to some serious 111 limitations described in [RFC6083], this document does not make use 112 of TLS over SCTP as described in RFC3436 [RFC3436]. 114 Additionally, this document specifies the use of the 'setup' and 115 'connection' SDP attributes to establish SCTP associations. These 116 attributes were defined in RFC4145 [RFC4145] for TCP. This document 117 discusses their use with SCTP. 119 2. Terminology 121 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 122 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT 123 RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as 124 described in BCP 14, RFC 2119 [RFC2119] and indicate requirement 125 levels for compliant implementations. 127 3. Protocol Identifier 129 The following is the format for an 'm' line, as specified in RFC4566 130 [RFC4566]: 132 m= ... 134 This document defines three new values for the 'proto' field: 'SCTP', 135 'SCTP/DTLS' and 'DTLS/SCTP'. 137 The 'SCTP', 'SCTP/DTLS' and 'DTLS/SCTP' protocol identifiers are 138 similar to both the 'UDP' and 'TCP' protocol identifiers in that they 139 only describe the transport protocol and not the upper-layer 140 protocol. 142 Media described using an 'm' line containing the 'SCTP' protocol 143 identifier are carried using SCTP [RFC4960]. 145 The 'SCTP/DTLS' protocol identifier indicates that the media 146 described will use the Datagram Transport Layer Security (DTLS) 147 [RFC4347] over SCTP as specified in [RFC6083]. 149 The 'DTLS/SCTP' protocol identifier indicates that the media 150 described will use SCTP on top of the Datagram Transport Layer 151 Security (DTLS) protocol as specified in 152 [I-D.tuexen-tsvwg-sctp-dtls-encaps]. The actual layer below DTLS can 153 be plain UDP or what ICE agrees on (in the case ICE is used to 154 negotiate the actual transport flow). The lower layer used is 155 identified from the elements present inside the m= line block. 157 An 'm' line that specifies 'SCTP' or 'SCTP/DTLS' or 'DTLS/SCTP' MUST 158 further qualify the application-layer protocol using an fmt 159 identifier. 161 An 'm' line that specifies 'SCTP/DTLS' or 'DTLS/SCTP' MUST further 162 provide a certificate fingerprint. An SDP attribute (an 'a' line) is 163 used to transport and exchange end point certificate. The 164 authentication certificates are interpreted and validated as defined 165 in [RFC4572]. 167 4. Media Formats 169 The SDP specification, [RFC4566], states that specifications defining 170 new proto values, like the SCTP, SCTP/DTLS and DTLS/SCTP proto values 171 defined in this RFC, must define the rules by which their media 172 format (fmt) namespace is managed. Use of an existing MIME subtype 173 for the format is encouraged. If no MIME subtype exists, it is 174 RECOMMENDED that a suitable one is registered through the IETF 175 process [RFC4288] [RFC4289] by production of, or reference to, a 176 standards-track RFC that defines the transport protocol for the 177 format. 179 4.1. Media Descriptions 181 The media description change slightly depending on the actual 182 . 184 If the sub-field is 'SCTP' or 'SCTP/DTLS' 186 the is the SCTP transport port and follows the same active/ 187 passive offer/answer model described in Section 4.1 of [RFC4145]; 189 the sub-field carries the same port number value specified 190 in the and the mandatory "a=sctpmap:" attribute contains 191 the actual media format within the protocol parameter. 193 m=application 54111 SCTP/DTLS 54111 194 a=sctpmap:54111 t38 1 196 Running SCTP over DTLS make possible to have multiple SCTP 197 associations on top of the same DTLS connection; each SCTP 198 association make use of a distinct port number that is mainly used to 199 demultiplex the associations. 201 If the sub-field is 'DTLS/SCTP' 203 the is the UDP transport port; 205 the sub-field carries the SCTP port number and the mandatory 206 "a=sctpmap:" attribute contains the actual media format within the 207 protocol parameter. 209 When a list of port number identifiers is given, this implies that 210 all of these associations MUST run on top of the same DTLS 211 connection. For the payload type assignments the "a=sctpmap:" 212 attribute (see Section 5.1) SHOULD be used to map from a port number 213 to a media encoding name that identifies the payload format 214 transported by the association or the actual application protocol 215 running on top of it. 217 m=application 54111 DTLS/SCTP 5000 5001 5002 218 c=IN IP4 79.97.215.79 219 a=sctpmap:5000 webrtc-datachannel 16 220 a=sctpmap:5001 bfcp 2 221 a=sctpmap:5002 t38 1 223 5. Media attributes 225 5.1. sctpmap Attribute 227 The sctpmap attribute maps from a port number (as used in an "m=" 228 line) to an encoding name denoting the payload format to be used on 229 top of the SCTP association or the actual protocol running on top of 230 it. It also can provide the number of streams to be supported by the 231 association. If this attribute is not present, the implementation 232 should provide a default, with a suggested value of 16. 234 sctpmap-attr = "a=sctpmap:" sctpmap-number protocol [streams] 235 sctpmap-number = 1*DIGIT 236 protocol = labelstring 237 labelstring = text 238 text = byte-string 239 streams = 1*DIGIT 241 6. The Setup and Connection Attributes and Association Management 243 The use of the 'setup' and 'connection' attributes in the context of 244 an SCTP association is identical to the use of these attributes in 245 the context of a TCP connection. That is, SCTP endpoints MUST follow 246 the rules in Sections 4 and 5 of RFC 4145 [RFC4145] when it comes to 247 the use of the 'setup' and 'connection' attributes in offer/answer 248 [RFC3264] exchanges. 250 The management of an SCTP association is identical to the management 251 of a TCP connection. That is, SCTP endpoints MUST follow the rules 252 in Section 6 of RFC 4145 [RFC4145] to manage SCTP associations. 253 Whether to use the SCTP ordered or unordered delivery service is up 254 to the applications using the SCTP association. 256 7. Multihoming 258 An SCTP endpoint, unlike a TCP endpoint, can be multihomed. An SCTP 259 endpoint is considered to be multihomed if it has more than one IP 260 address. A multihomed SCTP endpoint informs a remote SCTP endpoint 261 about all its IP addresses using the address parameters of the INIT 262 or the INIT-ACK chunk (depending on whether the multihomed endpoint 263 is the one initiating the establishment of the association). 264 Therefore, once the address provided in the 'c' line has been used to 265 establish the SCTP association (i.e., to send the INIT chunk), 266 address management is performed using SCTP. This means that two SCTP 267 endpoints can use addresses that were not listed in the 'c' line but 268 that were negotiated using SCTP mechanisms. 270 During the lifetime of an SCTP association, the endpoints can add and 271 remove new addresses from the association at any point [RFC5061]. If 272 an endpoint removes the IP address listed in its 'c' line from the 273 SCTP association, the endpoint SHOULD update the 'c' line (e.g., by 274 sending a re-INVITE with a new offer) so that it contains an IP 275 address that is valid within the SCTP association. 277 In some environments, intermediaries performing firewall control use 278 the addresses in offer/answer exchanges to perform media 279 authorization. That is, policy-enforcement network elements do not 280 let media through unless it is sent to the address in the 'c' line. 282 In such network environments, the SCTP endpoints can only exchange 283 media using the IP addresses listed in their 'c' lines. In these 284 environments, an endpoint wishing to use a different address needs to 285 update its 'c' line (e.g., by sending a re-INVITE with a new offer) 286 so that it contains the new IP address. 288 It is worth to underline that when using SCTP on top of DTLS, only 289 single homed SCTP associations can be used, since DTLS does not 290 expose any address management to its upper layer. 292 8. Network Address Translation (NAT) Considerations 294 SCTP specific features (not present in UDP/TCP), such as the checksum 295 (CRC32c) value calculated on the whole packet (not just the header) 296 or its multihoming capabilities, present new challenges for NAT 297 traversal. [I-D.ietf-behave-sctpnat] describes an SCTP specific 298 variant of NAT, which provides similar features of Network Address 299 and Port Translation (NAPT). 301 Current NATs do not typically support SCTP. As an alternative to 302 design SCTP specific NATs, Encapsulating SCTP into UDP [RFC6951] 303 makes it possible to use SCTP in networks with legacy NAT and 304 firewalls not supporting SCTP. 306 At the time of writing, the work on NAT traversal for SCTP is still 307 work in progress. Additionally, no extension has been defined to 308 integrate ICE (Interactive Connectivity Establishment) [RFC5768] with 309 SCTP and its multihoming capabilities either. Therefore, this 310 specification does not define how to describe SCTP-over-UDP streams 311 in SDP or how to establish and maintain SCTP associations using ICE. 312 Should these features be specified for SCTP in the future, there will 313 be a need to specify how to use them in an SDP environment as well. 315 9. Examples 317 The following examples show the use of the 'setup' and 'connection' 318 SDP attributes. As discussed in Section 6, the use of these 319 attributes with an SCTP association is identical to their use with a 320 TCP connection. For the purpose of brevity, the main portion of the 321 session description is omitted in the examples, which only show 'm' 322 lines and their attributes (including 'c' lines). 324 9.1. Actpass/Passive 326 An offerer at 192.0.2.2 signals its availability for an SCTP 327 association at SCTP port 54111. Additionally, this offerer is also 328 willing to initiate the SCTP association: 330 m=application 54111 SCTP 54111 331 c=IN IP4 192.0.2.2 332 a=setup:actpass 333 a=connection:new 334 a=sctpmap:54111 t38 1 336 Figure 1 338 The endpoint at 192.0.2.1 responds with the following description: 340 m=image 54321 SCTP 54321 341 c=IN IP4 192.0.2.1 342 a=setup:passive 343 a=connection:new 344 a=sctpmap:t54321 t38 1 346 Figure 2 348 This will cause the offerer (at 192.0.2.2) to initiate an SCTP 349 association to port 54321 at 192.0.2.1. 351 9.2. Existing Connection Reuse 353 Subsequent to the exchange in Section 9.1, another offer/answer 354 exchange is initiated in the opposite direction. The endpoint at 355 192.0.2.1, which now acts as the offerer, wishes to continue using 356 the existing association: 358 m=application 54321 SCTP * 359 c=IN IP4 192.0.2.1 360 a=setup:passive 361 a=connection:existing 363 Figure 3 365 The endpoint at 192.0.2.2 also wishes to use the existing SCTP 366 association and responds with the following description: 368 m=application 54111 SCTP * 369 c=IN IP4 192.0.2.2 370 a=setup:active 371 a=connection:existing 373 Figure 4 375 The existing SCTP association between 192.0.2.2 and 192.0.2.1 will be 376 reused. 378 9.3. SDP description for SCTP over DTLS Connection 380 This example shows the usage of SCTP over DTLS. 382 An offerer at 192.0.2.2 signals the availability of a T.38 fax 383 session over SCTP/DTLS. The DTLS connection runs on top of port 384 54111. 386 m=image 54111 DTLS/SCTP 5000 387 c=IN IP4 192.0.2.2 388 a=setup:actpass 389 a=connection:new 390 a=fingerprint:SHA-1 \ 391 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB 392 a=sctpmap:5000 webrtc-DataChannel 16 393 a=webrtc-DataChannel:5000 stream:1;label="channel 1";subprotocol="chat"; 394 a=webrtc-DataChannel:5000 stream:2;label="channel 2";subprotocol="file transfer" 395 Figure 5 397 10. Security Considerations 399 See RFC 4566 [RFC4566] for security considerations on the use of SDP 400 in general. See RFC 3264 [RFC3264], RFC 4145 [RFC4145] and RFC 4572 401 [RFC4572] for security considerations on establishing media streams 402 using offer/answer exchanges. See RFC 4960 [RFC4960] for security 403 considerations on SCTP in general and [RFC6083] for security 404 consideration using DTLS on top of SCTP. This specification does not 405 introduce any new security consideration in addition to the ones 406 discussed in those specifications. 408 11. IANA Considerations 410 This document defines three new proto values: 'SCTP', 'SCTP/DTLS' and 411 'DTLS/SCTP'. Their formats are defined in Section 3. These proto 412 values should be registered by the IANA under "Session Description 413 Protocol (SDP) Parameters" under "proto". 415 This document defines two SDP session and media-level attributes: 417 'sctpmap'. Its format is defined in Section 5.1. This attribute 418 should be registered by IANA under "Session Description Protocol 419 (SDP) Parameters" under "att-field" (both session and media 420 level)". 422 12. References 424 12.1. Normative References 426 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 427 Requirement Levels", BCP 14, RFC 2119, March 1997. 429 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 430 with Session Description Protocol (SDP)", RFC 3264, 431 June 2002. 433 [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in 434 the Session Description Protocol (SDP)", RFC 4145, 435 September 2005. 437 [RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and 438 Registration Procedures", RFC 4288, December 2005. 440 [RFC4289] Freed, N. and J. Klensin, "Multipurpose Internet Mail 441 Extensions (MIME) Part Four: Registration Procedures", 442 BCP 13, RFC 4289, December 2005. 444 [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 445 Security", RFC 4347, April 2006. 447 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 448 Description Protocol", RFC 4566, July 2006. 450 [RFC4572] Lennox, J., "Connection-Oriented Media Transport over the 451 Transport Layer Security (TLS) Protocol in the Session 452 Description Protocol (SDP)", RFC 4572, July 2006. 454 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", 455 RFC 4960, September 2007. 457 [RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M. 458 Kozuka, "Stream Control Transmission Protocol (SCTP) 459 Dynamic Address Reconfiguration", RFC 5061, 460 September 2007. 462 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 463 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 465 [I-D.tuexen-tsvwg-sctp-dtls-encaps] 466 Jesup, R., Loreto, S., Stewart, R., and M. Tuexen, "DTLS 467 Encapsulation of SCTP Packets for RTCWEB", 468 draft-tuexen-tsvwg-sctp-dtls-encaps-01 (work in progress), 469 July 2012. 471 12.2. Informative References 473 [RFC3436] Jungmaier, A., Rescorla, E., and M. Tuexen, "Transport 474 Layer Security over Stream Control Transmission Protocol", 475 RFC 3436, December 2002. 477 [RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram 478 Transport Layer Security (DTLS) for Stream Control 479 Transmission Protocol (SCTP)", RFC 6083, January 2011. 481 [RFC5768] Rosenberg, J., "Indicating Support for Interactive 482 Connectivity Establishment (ICE) in the Session Initiation 483 Protocol (SIP)", RFC 5768, April 2010. 485 [RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream 486 Control Transmission Protocol (SCTP) Packets for End-Host 487 to End-Host Communication", RFC 6951, May 2013. 489 [I-D.ietf-behave-sctpnat] 490 Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control 491 Transmission Protocol (SCTP) Network Address Translation", 492 draft-ietf-behave-sctpnat-08 (work in progress), 493 February 2013. 495 Authors' Addresses 497 Salvatore Loreto 498 Ericsson 499 Hirsalantie 11 500 Jorvas 02420 501 Finland 503 Email: Salvatore.Loreto@ericsson.com 505 Gonzalo Camarillo 506 Ericsson 507 Hirsalantie 11 508 Jorvas 02420 509 Finland 511 Email: Gonzalo.Camarillo@ericsson.com