idnits 2.17.1 draft-ietf-mmusic-sdp-capability-negotiation-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 3543. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 3513. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 3520. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 3526. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 2 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 28, 2007) is 6023 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'S' is mentioned on line 2776, but not defined == Missing Reference: 'F' is mentioned on line 2776, but not defined ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 4234 (Obsoleted by RFC 5234) ** Obsolete normative reference: RFC 4566 (Obsoleted by RFC 8866) -- Obsolete informational reference (is this intentional?): RFC 3388 (Obsoleted by RFC 5888) -- Obsolete informational reference (is this intentional?): RFC 3851 (Obsoleted by RFC 5751) -- Obsolete informational reference (is this intentional?): RFC 4474 (Obsoleted by RFC 8224) -- Obsolete informational reference (is this intentional?): RFC 4756 (Obsoleted by RFC 5956) Summary: 4 errors (**), 0 flaws (~~), 5 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MMUSIC Working Group F. Andreasen 3 Internet-Draft Cisco Systems 4 Intended Status: Proposed Standard October 28, 2007 5 Expires: April 2008 7 SDP Capability Negotiation 8 draft-ietf-mmusic-sdp-capability-negotiation-07.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that 13 any applicable patent or other IPR claims of which he or she is 14 aware have been or will be disclosed, and any of which he or she 15 becomes aware will be disclosed, in accordance with Section 6 of 16 BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six 24 months and may be updated, replaced, or obsoleted by other documents 25 at any time. It is inappropriate to use Internet-Drafts as 26 reference material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html 34 This Internet-Draft will expire on April 28, 2008. 36 Copyright Notice 38 Copyright (C) The IETF Trust (2007). 40 Abstract 42 The Session Description Protocol (SDP) was intended for describing 43 multimedia sessions for the purposes of session announcement, 44 session invitation, and other forms of multimedia session 45 initiation. SDP was not intended to provide capability indication or 46 capability negotiation, however over the years, SDP has seen 47 widespread adoption and as a result it has been gradually extended 48 to provide limited support for these, notably in the form of the 49 offer/answer model defined in RFC 3264. SDP and its current 50 extensions do not define how to negotiate one or more alternative 51 transport protocols (e.g. RTP profiles) or attributes. This makes it 52 difficult to deploy new RTP profiles such as secure RTP or RTP with 53 RTCP-based feedback, negotiate use of different security keying 54 mechanisms, etc. It also presents problems for some forms of media 55 negotiation. 57 The purpose of this document is to address these shortcomings by 58 extending SDP with capability negotiation parameters and associated 59 offer/answer procedures to use those parameters in a backwards 60 compatible manner. 62 The document defines a general SDP Capability Negotiation framework. 63 It also specifies how to provide attributes and transport protocols 64 as capabilities and negotiate them using the framework. Extensions 65 for other types of capabilities (e.g. media types and media formats) 66 may be provided in other documents. 68 Table of Contents 70 1. Introduction...................................................3 71 2. Conventions used in this document..............................7 72 3. SDP Capability Negotiation Solution............................7 73 3.1. SDP Capability Negotiation Model..........................7 74 3.2. Solution Overview........................................10 75 3.3. Version and Extension Indication Attributes..............13 76 3.3.1. Supported Capability Negotiation Extensions Attribute13 77 3.3.2. Required Capability Negotiation Extensions Attribute14 78 3.4. Capability Attributes....................................16 79 3.4.1. Attribute Capability Attribute......................16 80 3.4.2. Transport Protocol Capability Attribute.............18 81 3.4.3. Extension Capability Attributes.....................19 82 3.5. Configuration Attributes.................................19 83 3.5.1. Potential Configuration Attribute...................19 84 3.5.2. Actual Configuration Attribute......................27 85 3.6. Offer/Answer Model Extensions............................29 86 3.6.1. Generating the Initial Offer........................29 87 3.6.2. Generating the Answer...............................32 88 3.6.2.1. Example Views of Potential Configurations......38 89 3.6.3. Offerer Processing of the Answer....................40 90 3.6.4. Modifying the Session...............................41 91 3.7. Interactions with ICE....................................42 92 3.8. Interactions with SIP Option Tags........................43 93 3.9. Processing Media before Answer...........................44 94 3.10. Indicating Bandwidth Usage..............................45 95 3.11. Dealing with Large Number of Potential Configurations...46 96 3.12. SDP Capability Negotiation and Intermediaries...........47 97 3.13. Considerations for Specific Attribute Capabilities......48 98 3.13.1. The rtpmap and fmtp Attributes.....................48 99 3.13.2. Direction Attributes...............................49 100 3.14. Relationship to RFC 3407................................50 101 4. Examples......................................................50 102 4.1. Best-Effort Secure RTP...................................50 103 4.2. Multiple Transport Protocols.............................53 104 4.3. Best-Effort SRTP with Session-Level MIKEY and Media Level 105 Security Descriptions.........................................57 106 4.4. SRTP with Session-Level MIKEY and Media Level Security 107 Descriptions as Alternatives..................................62 108 5. Security Considerations.......................................64 109 6. IANA Considerations...........................................67 110 6.1. New SDP Attributes.......................................67 111 6.2. New SDP Capability Negotiation Option Tag Registry.......68 112 6.3. New SDP Capability Negotiation Potential Configuration 113 Parameter Registry............................................69 114 7. Acknowledgments...............................................69 115 8. Change Log....................................................69 116 8.1. draft-ietf-mmusic-sdp-capability-negotiation-07..........69 117 8.2. draft-ietf-mmusic-sdp-capability-negotiation-06..........70 118 8.3. draft-ietf-mmusic-sdp-capability-negotiation-05..........71 119 8.4. draft-ietf-mmusic-sdp-capability-negotiation-04..........72 120 8.5. draft-ietf-mmusic-sdp-capability-negotiation-03..........73 121 8.6. draft-ietf-mmusic-sdp-capability-negotiation-02..........73 122 8.7. draft-ietf-mmusic-sdp-capability-negotiation-01..........74 123 8.8. draft-ietf-mmusic-sdp-capability-negotiation-00..........75 124 9. References....................................................76 125 9.1. Normative References.....................................76 126 9.2. Informative References...................................76 127 Author's Addresses...............................................78 128 Intellectual Property Statement..................................78 129 Full Copyright Statement.........................................79 130 Acknowledgment...................................................79 132 1. Introduction 134 The Session Description Protocol (SDP) was intended for describing 135 multimedia sessions for the purposes of session announcement, 136 session invitation, and other forms of multimedia session 137 initiation. The SDP contains one or more media stream descriptions 138 with information such as IP-address and port, type of media stream 139 (e.g. audio or video), transport protocol (possibly including 140 profile information, e.g. RTP/AVP or RTP/SAVP), media formats (e.g. 141 codecs), and various other session and media stream parameters that 142 define the session. 144 Simply providing media stream descriptions is sufficient for session 145 announcements for a broadcast application, where the media stream 146 parameters are fixed for all participants. When a participant wants 147 to join the session, he obtains the session announcement and uses 148 the media descriptions provided, e.g., joins a multicast group and 149 receives media packets in the encoding format specified. If the 150 media stream description is not supported by the participant, he is 151 unable to receive the media. 153 Such restrictions are not generally acceptable to multimedia session 154 invitations, where two or more entities attempt to establish a media 155 session, that uses a set of media stream parameters acceptable to 156 all participants. First of all, each entity must inform the other of 157 its receive address, and secondly, the entities need to agree on the 158 media stream parameters to use for the session, e.g. transport 159 protocols and codecs. To solve this, RFC 3264 [RFC3264] defined the 160 offer/answer model, whereby an offerer constructs an offer SDP that 161 lists the media streams, codecs, and other SDP parameters that the 162 offerer is willing to use. This offer SDP is sent to the answerer, 163 which chooses from among the media streams, codecs and other SDP 164 parameters provided, and generates an answer SDP with his 165 parameters, based on that choice. The answer SDP is sent back to the 166 offerer thereby completing the session negotiation and enabling the 167 establishment of the negotiated media streams. 169 Taking a step back, we can make a distinction between the 170 capabilities supported by each participant, the way in which those 171 capabilities can be supported, and the parameters that can actually 172 be used for the session. More generally, we can say that we have the 173 following: 175 o A set of capabilities for the session and its associated media 176 stream components, supported by each side. The capability 177 indications by themselves do not imply a commitment to use the 178 capabilities in the session. 180 Capabilities can for example be that the "RTP/SAVP" profile is 181 supported, that the "PCMU" codec is supported, or that the 182 "crypto" attribute is supported with a particular value. 184 o A set of potential configurations indicating which combinations 185 of those capabilities can be used for the session and its 186 associated media stream components. Potential configurations are 187 not ready for use. Instead, they provide an alternative that may 188 be used, subject to further negotiation. 190 A potential configuration can for example indicate that the 191 "PCMU" codec and the "RTP/SAVP" transport protocol are not only 192 supported (i.e. listed as capabilities), but they are offered for 193 potential use in the session. 195 o An actual configuration for the session and its associated media 196 stream components, that specifies which combinations of session 197 parameters and media stream components can be used currently and 198 with what parameters. Use of an actual configuration does not 199 require any further negotiation. 201 An actual configuration can for example be that the "PCMU" codec 202 and the "RTP/SAVP" transport protocol are offered for use 203 currently. 205 o A negotiation process that takes the set of actual and potential 206 configurations (combinations of capabilities) as input and 207 provides the negotiated actual configurations as output. 209 SDP by itself was designed to provide only one of these, namely 210 listing of the actual configurations, however over the years, use of 211 SDP has been extended beyond its original scope. Of particular 212 importance are the session negotiation semantics that were defined 213 by the offer/answer model in RFC 3264. In this model, both the offer 214 and the answer contain actual configurations; separate capabilities 215 and potential configurations are not supported. 217 Other relevant extensions have been defined as well. RFC 3407 218 [RFC3407] defined simple capability declarations, which extends SDP 219 with a simple and limited set of capability descriptions. Grouping 220 of media lines, which defines how media lines in SDP can have other 221 semantics than the traditional "simultaneous media streams" 222 semantics, was defined in RFC 3388 [RFC3388], etc. 224 Each of these extensions was designed to solve a specific limitation 225 of SDP. Since SDP had already been stretched beyond its original 226 intent, a more comprehensive capability declaration and negotiation 227 process was intentionally not defined. Instead, work on a "next 228 generation" of a protocol to provide session description and 229 capability negotiation was initiated [SDPng]. SDPng defined a 230 comprehensive capability negotiation framework and protocol that was 231 not bound by existing SDP constraints. SDPng was not designed to be 232 backwards compatible with existing SDP and hence required both sides 233 to support it, with a graceful fallback to legacy operation when 234 needed. This, combined with lack of ubiquitous multipart MIME 235 support in the protocols that would carry SDP or SDPng, made it 236 challenging to migrate towards SDPng. In practice, SDPng has not 237 gained traction but rather remained as work in progress for an 238 extended period of time. Existing real-time multimedia 239 communication protocols such as SIP, RTSP, Megaco, and MGCP continue 240 to use SDP. However, SDP and its current extensions do not address 241 an increasingly important problem: the ability to negotiate one or 242 more alternative transport protocols (e.g., RTP profiles) and 243 associated parameters (e.g. SDP attributes). This makes it 244 difficult to deploy new RTP profiles such as secure RTP (SRTP) 245 [RFC3711], RTP with RTCP-Based Feedback [RFC4585], etc. The problem 246 is exacerbated by the fact that RTP profiles are defined 247 independently. When a new profile is defined and N other profiles 248 already exist, there is a potential need for defining N additional 249 profiles, since profiles cannot be combined automatically. For 250 example, in order to support the plain and secure RTP version of RTP 251 with and without RTCP-based feedback, four separate profiles (and 252 hence profile definitions) are needed: RTP/AVP [RFC3551], RTP/SAVP 253 [RFC3711], RTP/AVPF [RFC4585], and RTP/SAVPF [SAVPF]. In addition 254 to the pressing profile negotiation problem, other important real- 255 life limitations have been found as well. Keying material and other 256 parameters for example need to be negotiated with some of the 257 transport protocols, but not others. Similarly, some media formats 258 and types of media streams need to negotiate a variety of different 259 parameters. 261 The purpose of this document is to define a mechanism that enables 262 SDP to provide limited support for indicating capabilities and their 263 associated potential configurations, and negotiate the use of those 264 potential configurations as actual configurations. It is not the 265 intent to provide a full-fledged capability indication and 266 negotiation mechanism along the lines of SDPng or ITU-T H.245. 267 Instead, the focus is on addressing a set of well-known real-life 268 limitations. More specifically, the solution provided in this 269 document provides a general SDP Capability Negotiation framework 270 that is backwards compatible with existing SDP. It also defines 271 specifically how to provide attributes and transport protocols as 272 capabilities and negotiate them using the framework. Extensions for 273 other types of capabilities (e.g. media types and formats) may be 274 provided in other documents. 276 As mentioned above, SDP is used by several protocols, and hence the 277 mechanism should be usable by all of these. One particularly 278 important protocol for this problem is the Session Initiation 279 Protocol (SIP) [RFC3261]. SIP uses the offer/answer model [RFC3264] 280 (which is not specific to SIP) to negotiate sessions and hence the 281 mechanism defined here provides the offer/answer procedures to use 282 for the capability negotiation framework. 284 The rest of the document is structured as follows. In Section 3. we 285 present the SDP Capability Negotiation solution, which consists of 286 new SDP attributes and associated offer/answer procedures. In 287 Section 4. we provide examples illustrating its use and in Section 288 5. we provide the security considerations. 290 2. Conventions used in this document 292 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 293 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 294 document are to be interpreted as described in [RFC2119]. 296 3. SDP Capability Negotiation Solution 298 In this section we first present the conceptual model behind the SDP 299 capability negotiation framework followed by an overview of the SDP 300 Capability Negotiation solution. We then define new SDP attributes 301 for the solution and provide its associated updated offer/answer 302 procedures. 304 3.1. SDP Capability Negotiation Model 306 Our model uses the concepts of 308 o Capabilities 310 o Potential Configurations 312 o Actual Configurations 314 o Negotiation Process 316 as defined in Section 1. Conceptually, we want to offer not just the 317 actual configuration SDP (which is done with the current 318 offer/answer model), but the actual configuration SDP as well as one 319 or more alternative SDPs, i.e. potential configurations. The 320 answerer must choose either the actual configuration, or one of the 321 potential configurations, and generate an answer SDP based on that. 323 The offerer may need to perform processing on the answer, which 324 depends on the offer that was chosen (actual or potential 325 configuration). The answerer therefore informs the offerer which 326 configuration the answerer chose. The process can be viewed 327 *conceptually* as follows: 329 Offerer Answerer 330 ======= ======== 332 1) Generate offer with actual 333 configuration and alternative 334 potential configurations 335 2) Send offer with all configurations 337 +------------+ 338 | SDP o1 | 339 | (actual | 340 | config | 341 | |-+ Offer 342 +------------+ | -----> 3) Process offered configurations 343 | SDP o2 | in order of preference indicated 344 | (potential | 4) Generate answer based on chosen 345 | config 1) |-+ configuration (e.g. o2), and 346 inform 347 +------------+ | offerer which one was chosen 348 | SDP o3 | 349 | (potential | 350 | config 2) |-+ 351 +------------+ | 352 | SDP ... | 353 : : 355 +------------+ 356 | SDP a1 | 357 Answer | (actual | 358 <----- | config,o2)| 359 | | 360 5) Process answer based on +------------+ 361 the configuration that was 362 chosen (o2), as indicated in 363 the answer 365 The above illustrates the conceptual model: The actual solution uses 366 a single SDP, which contains the actual configuration (as with 367 current SDP and the current offer/answer model) and several new 368 attributes and associated procedures, that encode the capabilities 369 and potential configurations. A more accurate depiction of the 370 actual offer SDP is therefore as follows: 372 +--------------------+ 373 | SDP o1 | 374 | (actual | 375 | config | 376 | | 377 | +-------------+ | 378 | | capability 1| | 379 | | capability 2| | 380 | | ... | | 381 | +-------------+ | Offer 382 | | -----> 383 | +-------------+ | 384 | | potential | | 385 | | config 1 | | 386 | | potential | | 387 | | config 2 | | 388 | | ... | | 389 | +-------------+ | 390 | | 391 +--------------------+ 393 The above structure is used for two reasons: 395 o Backwards compatibility: As noted above, support for multipart 396 MIME is not ubiquitous. By encoding both capabilities and 397 potential configurations in SDP attributes, we can represent 398 everything in a single SDP thereby avoiding any multipart MIME 399 support issues. Furthermore, since unknown SDP attributes are 400 ignored by the SDP recipient, we ensure that entities that do not 401 support the framework simply perform the regular RFC 3264 402 offer/answer procedures. This provides us with seamless backwards 403 compatibility. 405 o Message size efficiency: When we have multiple media streams, 406 each of which may potentially use two or more different transport 407 protocols with a variety of different associated parameters, the 408 number of potential configurations can be large. If each possible 409 alternative is represented as a complete SDP in an offer, we can 410 easily end up with large messages. By providing a more compact 411 encoding, we get more efficient message sizes. 413 In the next section, we describe the exact structure and specific 414 SDP parameters used to represent this. 416 3.2. Solution Overview 418 The solution consists of the following: 420 o Two new attributes to support extensions to the framework itself 421 as follows: 423 o A new attribute ("a=csup") that lists the supported base 424 (optionally) and any supported extension options to the 425 framework. 427 o A new attribute ("a=creq") that lists the extensions to the 428 framework that are required to be supported by the entity 429 receiving the SDP in order to do capability negotiation. 431 o Two new attributes used to express capabilities as follows 432 (additional attributes can be defined as extensions): 434 o A new attribute ("a=acap") that defines how to list an 435 attribute name and its associated value (if any) as a 436 capability. 438 o A new attribute ("a=tcap") that defines how to list transport 439 protocols (e.g. "RTP/AVP") as capabilities. 441 o Two new attributes to negotiate configurations as follows: 443 o A new attribute ("a=pcfg") that lists potential 444 configurations supported. This is done by reference to the 445 capabilities from the SDP in question. Extension capabilities 446 can be defined and referenced in the potential 447 configurations. Alternative potential configurations have an 448 explicit ordering associated with them. 450 o A new attribute ("a=acfg") to be used in an answer SDP. The 451 attribute identifies a potential configuration from an offer 452 SDP which was used as an actual configuration to form the 453 answer SDP. Extension capabilities can be included as well. 455 o Extensions to the offer/answer model that allow for capabilities 456 and potential configurations to be included in an offer. 457 Capabilities can be provided at the session level and the media 458 level. Potential configurations can be included at the media 459 level only, where they constitute alternative offers that may be 460 accepted by the answerer instead of the actual configuration(s) 461 included in the "m=" line(s) and associated parameters. The 462 answerer indicates which (if any) of the potential configurations 463 it used to form the answer by including the actual configuration 464 attribute ("a=acfg") in the answer. Capabilities may be included 465 in answers as well, where they can aid in guiding a subsequent 466 new offer. 468 The mechanism is illustrated by the offer/answer exchange below, 469 where Alice sends an offer to Bob: 471 Alice Bob 473 | (1) Offer (SRTP and RTP) | 474 |--------------------------------->| 475 | | 476 | (2) Answer (SRTP) | 477 |<---------------------------------| 478 | | 480 Alice's offer includes RTP and SRTP as alternatives. RTP is the 481 default (actual configuration), but SRTP is the preferred one 482 (potential configuration): 484 v=0 485 o=- 25678 753849 IN IP4 192.0.2.1 486 s= 487 c=IN IP4 192.0.2.1 488 t=0 0 489 m=audio 53456 RTP/AVP 0 18 490 a=tcap:1 RTP/SAVP 491 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32 492 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 493 a=pcfg:1 t=1 a=1 495 The "m=" line indicates that Alice is offering to use plain RTP with 496 PCMU or G.729. The capabilities are provided by the "a=tcap" and 497 "a=acap" attributes. The transport capabilities ("a=tcap") indicate 498 that secure RTP under the AVP profile ("RTP/SAVP") is supported with 499 an associated transport capability handle of 1. The "acap" attribute 500 provides an attribute capability with a handle of 1. The attribute 501 capability is a "crypto" attribute, which provides the keying 502 material for SRTP using SDP security descriptions [RFC4568]. The 503 "a=pcfg" attribute provides the potential configuration included in 504 the offer by reference to the capability parameters. One 505 alternative is provided; it has a configuration number of 1 and it 506 consists of transport protocol capability 1 (i.e. the RTP/SAVP 507 profile - secure RTP), and the attribute capability 1, i.e. the 508 crypto attribute provided. Potential configurations are preferred 509 over the actual configuration included in the offer SDP, and hence 510 Alice is expressing a preference for using secure RTP. 512 Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP 513 Capability Negotiation framework, and hence he accepts the 514 (preferred) potential configuration for Secure RTP provided by Alice 515 and generates the following answer SDP: 517 v=0 518 o=- 24351 621814 IN IP4 192.0.2.2 519 s= 520 c=IN IP4 192.0.2.2 521 t=0 0 522 m=audio 54568 RTP/SAVP 0 18 523 a=crypto:1 AES_CM_128_HMAC_SHA1_80 524 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 525 a=acfg:1 t=1 a=1 527 Bob includes the "a=acfg" attribute in the answer to inform Alice 528 that he based his answer on an offer containing the potential 529 configuration with transport protocol capability 1 and attribute 530 capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the 531 keying material provided). Bob also includes his keying material in 532 a "crypto" attribute. If Bob supported one or more extensions to the 533 capability negotiation framework, he would have included option tags 534 for those in the answer as well (in an "a=csup" attribute). 536 Note that in this particular example, the answerer supported the 537 capability negotiation extensions defined here. Had he not, he would 538 simply have ignored the new attributes and accepted the (actual 539 configuration) offer to use normal RTP. In that case, the following 540 answer would have been generated instead: 542 v=0 543 o=- 24351 621814 IN IP4 192.0.2.2 544 s= 545 c=IN IP4 192.0.2.2 546 t=0 0 547 m=audio 54568 RTP/AVP 0 18 549 3.3. Version and Extension Indication Attributes 551 In this section, we present the new attributes associated with 552 indicating the SDP Capability Negotiation extensions supported and 553 required. 555 3.3.1. Supported Capability Negotiation Extensions Attribute 557 The SDP Capability Negotiation solution allows for capability 558 negotiation extensions to be defined. Associated with each such 559 extension is an option tag that identifies the extension in 560 question. Option-tags MUST be registered with IANA per the 561 procedures defined in Section 6. 563 The Supported Capability Negotiation Extensions attribute ("a=csup") 564 contains a comma-separated list of option tags identifying the SDP 565 Capability Negotiation extensions supported by the entity that 566 generated the SDP. The attribute is defined as follows: 568 a=csup: 570 RFC 4566, Section 9, provides the ABNF [RFC4234] for SDP attributes. 571 The "csup" attribute adheres to the RFC 4566 "attribute" production, 572 with an att-value defined as follows: 574 att-value = option-tag-list 575 option-tag-list = option-tag *("," option-tag) 576 option-tag = token ; defined in [RFC4566] 578 A special base option tag with a value of "cap-v0" is defined for 579 the basic SDP Capability Negotiation framework defined in this 580 document. Entities can use this option tag with the "a=csup" 581 attribute to indicate support for the SDP Capability Negotiation 582 framework specified in this document. 584 The following examples illustrate use of the "a=csup" attribute with 585 the "cap-v0" option tag and two hypothetical option tags, "foo" and 586 "bar" (note the lack of white space): 588 a=csup:cap-v0 590 a=csup:foo 591 a=csup:bar 593 a=csup:cap-v0,foo,bar 595 The "a=csup" attribute can be provided at the session and the media- 596 level. When provided at the session-level, it applies to the entire 597 SDP. When provided at the media-level, it applies to the media 598 description in question only (option-tags provided at the session 599 level apply as well). There can be at most one "a=csup" attribute at 600 the session-level and at most one at the media-level (one per media 601 description in the latter case). 603 Whenever an entity that supports one or more extensions to the SDP 604 Capability Negotiation framework generates an SDP, it SHOULD include 605 the "a=csup" attribute with the option tags for the extensions it 606 supports at the session and/or media-level, unless those option tags 607 are already provided in one or more "a=creq" attribute (see Section 608 3.3.2. ) at the relevant levels. Inclusion of the base option tag is 609 OPTIONAL; support for the base framework can be inferred from 610 presence of the "a=pcfg" attribute defined in Section 3.5.1. 612 Use of the base option tag may still be useful in some scenarios, 613 e.g. when using SIP OPTIONS [RFC3261] or generating an answer to 614 an offer that did not use the SDP Capability Negotiation 615 framework. 617 3.3.2. Required Capability Negotiation Extensions Attribute 619 The Required Capability Negotiation Extensions attribute ("a=creq") 620 contains a comma-separated list of option tags (see Section 3.3.1. ) 621 specifying the SDP Capability Negotiation extensions that MUST be 622 supported by the entity receiving the SDP, in order for that entity 623 to properly process the SDP Capability Negotiation attributes and 624 associated procedures. Support for the basic negotiation framework 625 is implied by the presence of an "a=pcfg" attribute (see Section 626 3.5.1. ) and hence there is no need to include the "a=creq" 627 attribute with the base option-tag ("cap-v0"). Still, it is allowed 628 to do so. 630 The attribute is defined as follows: 632 a=creq: 634 The "creq" attribute adheres to the RFC 4566 "attribute" production, 635 with an att-value defined as follows: 637 att-value = option-tag-list 639 The following examples illustrate use of the "a=creq" attribute with 640 the "cap-v0" base option tag and two hypothetical option tags, "foo" 641 and "bar" (note the lack of white space): 643 a=creq:cap-v0 645 a=creq:foo 647 a=creq:bar 649 a=creq:cap-v0,foo,bar 651 The "a=creq" attribute can be provided at the session and the media- 652 level. When provided at the session-level, it applies to the entire 653 SDP. When provided at the media-level, it applies to the media 654 description in question only (required option tags provided at the 655 session level apply as well). There can be at most one "a=creq" 656 attribute at the session-level and at most one "a=creq" attribute at 657 the media-level (one per media description in the latter case). 659 When an entity generates an SDP and it requires the recipient of 660 that SDP to support one or more SDP Capability Negotiation 661 extensions (except for the base) at the session or media level in 662 order to properly process the SDP Capability Negotiation, the 663 "a=creq" attribute MUST be included with option-tags that identify 664 the required extensions at the session and/or media level. If 665 support for an extension is needed only in one or more specific 666 potential configurations, the potential configuration provides a way 667 to indicate that instead (see Section 3.5.1. ). Support for the 668 basic negotiation framework is implied by the presence of an 669 "a=pcfg" attribute (see Section 3.5.1. ) and hence it is not 670 required to include the "a=creq" attribute with the base option-tag 671 ("cap-v0"). 673 A recipient that receives an SDP and does not support one or more of 674 the required extensions listed in a "creq" attribute, MUST NOT 675 perform the SDP Capability Negotiation defined in this document. For 676 non-supported extensions provided at the session-level, this implies 677 that SDP Capability Negotiation MUST NOT be performed at all. For 678 non-supported extensions at the media-level, this implies that SDP 679 Capability Negotiation MUST NOT be performed for the media stream in 680 question. 682 An entity that does not support the SDP Capability Negotiation 683 framework at all, will ignore these attributes (as well as the 684 other SDP Capability Negotiation attributes) and not perform any 685 SDP Capability Negotiation in the first place. 687 When an entity does not support one or more required SDP Capability 688 Negotiation extensions listed in the option tags, the entity MUST 689 proceed as if the SDP Capability Negotiation attributes were not 690 included in the first place, i.e. all the capability negotiation 691 attributes should be ignored. In that case, the entity SHOULD 692 include a "csup" attribute listing the SDP Capability Negotiation 693 extensions it actually supports. 695 This ensures that introduction of the SDP Capability Negotiation 696 mechanism by itself does not lead to session failures. 698 3.4. Capability Attributes 700 In this section, we present the new attributes associated with 701 indicating the capabilities for use by the SDP Capability 702 Negotiation. 704 3.4.1. Attribute Capability Attribute 706 Attributes and their associated values can be expressed as 707 capabilities by use of a new attribute capability attribute 708 ("a=acap"), which is defined as follows: 710 a=acap: 712 where is an integer between 1 and 2^31-1 (both 713 included) used to number the attribute capability and is 714 an attribute ("a=") in its full '=' form (see 715 [RFC4566]). 717 The "acap" attribute adheres to the RFC 4566 "attribute" production, 718 with an att-value defined as follows: 720 att-value = att-cap-num 1*WSP att-par 721 att-cap-num = 1*DIGIT ;defined in [RFC4234] 722 att-par = attribute ;defined in RFC 4566 724 Note that white-space is not permitted before the att-cap-num. 726 The "acap" attribute can be provided at the session level only when 727 the attribute capability contains session-level attributes, whereas 728 media level attributes can be provided in attribute capabilities at 729 either the media level or session-level. The base SDP Capability 730 Negotiation framework however only defines procedures for use of 731 media-level attribute capabilities at the media level (extensions 732 may define use at the session level). 734 Each occurrence of the "acap" attribute in the entire session 735 description MUST use a different value of . 737 There is a need to be able to reference both session-level and 738 media-level attributes in potential configurations at the media 739 level, and this provides for a simple solution to avoiding overlap 740 between the references (handles) to each attribute capability. 742 The values provided are independent of similar values provided for other types of capabilities, i.e., they 744 form a separate name-space for attribute capabilities. 746 The following examples illustrate use of the "acap" attribute: 748 a=acap:1 ptime:20 750 a=acap:2 ptime:30 752 a=acap:3 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyONQ6gAA 753 AAAGEEoo2pee4hp2UaDX8ZE22YwKAAAPZG9uYWxkQGR1Y2suY29tAQAAAAAAAQAk0 754 JKpgaVkDaawi9whVBtBt0KZ14ymNuu62+Nv3ozPLygwK/GbAV9iemnGUIZ19fWQUO 755 SrzKTAv9zV 757 a=acap:4 crypto:1 AES_CM_128_HMAC_SHA1_32 758 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 760 The first two attribute capabilities provide attribute values for 761 the ptime attribute. The third provides SRTP parameters by using 762 MIKEY [RFC3830] with the key-mgmt attribute [RFC4567]. The fourth 763 provides SRTP parameters by use of security descriptions with the 764 crypto attribute [RFC4568]. Note that the line-wrapping and new- 765 lines in example three and four are provided for formatting reasons 766 only - they are not permitted in actual SDP. 768 Readers familiar with RFC 3407 may notice the similarity between 769 the RFC 3407 "cpar" attribute and the above. There are however a 770 couple of important differences, notably that the "acap" attribute 771 contains a handle that enables referencing it and it furthermore 772 supports attributes only (the "cpar" attribute defined in RFC 3407 773 supports bandwidth information as well). The "acap" attribute also 774 is not automatically associated with any particular capabilities. 775 See Section 3.14. for the relationship to RFC 3407. 777 3.4.2. Transport Protocol Capability Attribute 779 Transport Protocols can be expressed as capabilities by use of a new 780 Transport Protocol Capability attribute ("a=tcap") defined as 781 follows: 783 a=tcap: 785 where is an integer between 1 and 2^31-1 (both 786 included) used to number the transport address capability for later 787 reference, and is one or more , separated by 788 white space, as defined in the SDP "m=" line. 790 The "tcap" attribute adheres to the RFC 4566 "attribute" production, 791 with an att-value defined as follows: 793 att-value = trpr-cap-num 1*WSP proto-list 794 trpr-cap-num = 1*DIGIT ;defined in [RFC4234] 795 proto-list = proto *(1*WSP proto) ; defined in RFC 4566 797 Note that white-space is not permitted before the trpr-cap-num. 799 The "tcap" attribute can be provided at the session-level and the 800 media-level. There can be at most one "a=tcap" attribute at the 801 session-level and at most one at the media-level (one per media 802 description in the latter case). Each occurrence of the "tcap" 803 attribute in the entire session description MUST use a different 804 value of . When multiple values are provided, 805 the first one is associated with the value , the 806 second one with the value one higher, etc. There MUST NOT be any 807 capability number overlap between different "tcap" attributes in the 808 entire SDP. The values provided are independent of 809 similar values provided for other capability attributes, 810 i.e., they form a separate name-space for transport protocol 811 capabilities. 813 Below, we provide examples of the "a=tcap" attribute: 815 a=tcap:1 RTP/AVP 817 a=tcap:2 RTP/AVPF 819 a=tcap:3 RTP/SAVP RTP/SAVPF 821 The first one provides a capability for the "RTP/AVP" profile 822 defined in [RFC3551] and the second one provides a capability for 823 the RTP with RTCP-Based Feedback profile defined in [RFC4585]. The 824 third one provides capabilities for the "RTP/SAVP" (transport 825 capability number 3) and "RTP/SAVPF" profiles (transport protocol 826 capability number 4). 828 Transport capabilities are inherently included in the "m=" line, 829 however they still need to be specified explicitly in a "tcap" 830 attribute if they are to be used as a capability. 832 This may seem redundant (and indeed it is from the offerer's point 833 of view), however it is done to protect against intermediaries 834 (e.g. middle-boxes) that may modify "m=" lines while passing 835 unknown attributes through. If an implicit transport capability 836 were used instead (e.g. a reserved transport capability number 837 could be used to refer to the transport protocol in the "m=" 838 line), and an intermediary were to modify the transport protocol 839 in the "m=" line (e.g. to translate between plain RTP and secure 840 RTP), then the potential configuration referencing that implicit 841 transport capability may no longer be correct. With explicit 842 capabilities, we avoid this pitfall; however, the potential 843 configuration preference (see Section 3.5.1. ) may not reflect 844 that of the intermediary (which some may view as a feature). 846 3.4.3. Extension Capability Attributes 848 The SDP Capability Negotiation framework allows for new types of 849 capabilities to be defined as extensions and used with the general 850 capability negotiation framework. The syntax and semantics of such 851 new capability attributes are not defined here, however in order to 852 be used with potential configurations, they SHOULD allow for a 853 numeric handle to be associated with each capability. This handle 854 can be used as a reference within the potential and actual 855 configuration attributes (see Section 3.5.1. and 3.5.2. ). The 856 definition of such extension capability attributes MUST also state 857 whether they can be applied at the session-level, media-level, or 858 both. 860 3.5. Configuration Attributes 862 3.5.1. Potential Configuration Attribute 864 Potential Configurations can be expressed by use of a new Potential 865 Configuration Attribute ("a=pcfg") defined as follows: 867 a=pcfg: [] 869 where is an integer between 1 and 2^31-1 (both 870 included). 872 The "pcfg" attribute adheres to the RFC 4566 "attribute" production, 873 with an att-value defined as follows: 875 att-value = config-number [1*WSP pot-cfg-list] 876 config-number = 1*DIGIT ;defined in [RFC4234] 877 pot-cfg-list = pot-config *(1*WSP pot-config) 878 pot-config = attribute-config-list / 879 transport-protocol-config-list / 880 extension-config-list 882 The missing productions are defined below. Note that white-space is 883 not permitted before the config-number. 885 The potential configuration attribute can be provided at the media- 886 level only and there can be multiple instances of it within a given 887 media description. The attribute includes a configuration number, 888 which is an integer between 1 and 2^31-1 (both included). The 889 configuration number MUST be unique within the media description 890 (i.e. it has media level scope only). The configuration number also 891 indicates the relative preference of potential configurations; lower 892 numbers are preferred over higher numbers. 894 A potential configuration list is normally provided after the 895 configuration number. When the potential configuration list is 896 omitted, the potential configuration equals the actual 897 configuration. The potential configuration list contains one or more 898 of attribute, transport and extension configuration lists. The 899 configuration lists generally reference one or more capabilities 900 (extension configuration lists MAY use a different format). Those 901 capabilities are (conceptually) used to construct a new internal 902 version of the SDP by use of purely syntactic add and (possibly) 903 delete operations on the original SDP (actual configuration). This 904 provides an alternative potential configuration SDP that can be used 905 by conventional SDP and offer/answer procedures if selected. 907 This document defines attribute configuration lists and transport 908 protocol configuration lists. Each of these MUST NOT be present 909 more than once in a particular potential configuration attribute. 910 Extension configuration lists can be included as well. There can be 911 more than one extension configuration list, however each particular 912 extension MUST NOT be present more than once in a given "a=pcfg" 913 attribute. Together, the various configuration lists define a 914 potential configuration. 916 There can be multiple potential configurations in a media 917 description. Each of these indicates not only a willingness, but in 918 fact a desire to use the potential configuration. 920 The example SDP below contains two potential configurations: 922 v=0 923 o=- 25678 753849 IN IP4 192.0.2.1 924 s= 925 c=IN IP4 192.0.2.1 926 t=0 0 927 m=audio 53456 RTP/AVP 0 18 928 a=tcap:1 RTP/SAVP RTP/SAVPF 929 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32 930 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 931 a=pcfg:1 t=1 a=1 932 a=pcfg:2 t=2 a=1 934 Potential configuration 1 contains a transport protocol 935 configuration list that references transport capability 1 936 ("RTP/SAVP") and an attribute configuration list that references 937 attribute capability 1 ("a=crypto:..."). Potential configuration 2 938 contains a transport protocol configuration list that references 939 transport capability 2 ("RTP/SAVPF") and an attribute configuration 940 list that references attribute capability 1 ("a=crypto:..."). 942 Attribute capabilities are used in a potential configuration by use 943 of the attribute-config-list parameter, which is defined by the 944 following ABNF: 946 attribute-config-list 947 = "a=" [delete-attributes ":"] 948 mo-att-cap-list *(BAR mo-att-cap-list) 950 delete-attributes = DELETE ( "m" ; media attributes 951 / "s" ; session attributes 952 / "ms" ) ; media and session attributes 954 mo-att-cap-list = mandatory-optional-att-cap-list | 955 mandatory-att-cap-list | 956 optional-att-cap-list 958 mandatory-optional-att-cap-list = mandatory-att-cap-list 959 "," optional-att-cap-list 960 mandatory-att-cap-list = att-cap-list 961 optional-att-cap-list = "[" att-cap-list "]" 963 att-cap-list = att-cap-num *("," att-cap-num) 964 att-cap-num = 1*DIGIT ;defined in [RFC4234] 965 BAR = "|" 966 DELETE = "-" 968 Note that white space is not permitted within this production. 970 Each attribute configuration list can optionally begin with 971 instructions for how to handle attributes that are part of the 972 actual configuration SDP (i.e., the "a=" lines present in the 973 original SDP). By default, such attributes will remain as part of 974 the configuration in question. However, if delete-attributes 975 indicates "-m", then all attribute lines within the media 976 description in question will be deleted (i.e., all "a=" lines under 977 the "m=" line in question). If delete-attributes indicates "-s", 978 then all attribute lines at the session-level will be deleted (i.e., 979 all "a=" lines before the first "m=" line). If delete-attributes 980 indicates "-ms", then all attribute lines within this media 981 description ("m=" line) and all attribute lines at the session-level 982 will be deleted. 984 The attribute capability list comes next. It contains one or more 985 alternative lists of attribute capabilities. The alternative 986 attribute capability lists are separated by a vertical bar ("|"), 987 and each list contains one or more attribute capabilities separated 988 by commas (","). The attribute capabilities are either mandatory or 989 optional. Mandatory attribute capabilities MUST be supported in 990 order to use the potential configuration, whereas optional attribute 991 capabilities MAY be supported in order to use the potential 992 configuration. 994 Within each attribute capability list, all the mandatory attribute 995 capabilities (if any) are listed first, and all the optional 996 attribute capabilities (if any) are listed last. The optional 997 attribute capabilities are contained within a pair of angle brackets 998 ("[" and "]"). Each attribute capability is merely an attribute 999 capability number (att-cap-num) that identifies a particular 1000 attribute capability by referring to attribute capability numbers 1001 defined above and hence MUST be between 1 and 2^31-1 (both 1002 included). The following example illustrates the above: 1004 a=pcfg:1 a=-m:1,2,[3,4]|1,7,[5] 1006 where 1008 o "a=-m:1,2,[3,4]|1,7,[5]" is the attribute configuration list 1010 o "-m" is the delete-attributes 1012 o "1,2,[3,4]" and "1,7,[5]" are both attribute capability lists. 1013 The two lists are alternatives, since they are separated by a 1014 vertical bar above 1016 o "1", "2" and "7" are mandatory attribute capabilities 1018 o "3", "4" and "5" are optional attribute capabilities 1020 Note that in the example above, we have a single handle ("1") for 1021 the potential configuration(s), but there are actually two different 1022 potential configurations (separated by a vertical bar). This is done 1023 for message size efficiency reasons, which is especially important 1024 when we add other types of capabilities to the potential 1025 configuration. If there is a need to provide a unique handle for 1026 each, then separate "a=pcfg" attributes with different handles MUST 1027 be used instead. 1029 Each referenced attribute capability in the potential configuration 1030 will result in the corresponding attribute name and its associated 1031 value (contained inside the attribute capability) being added to the 1032 resulting potential configuration SDP. 1034 Alternative attribute capability lists are separated by a vertical 1035 bar ("|"), the scope of which extends to the next alternative (i.e., 1036 "," has higher precedence than "|"). The alternatives are ordered by 1037 preference with the most preferred listed first. In order for a 1038 recipient of the SDP (e.g., an answerer receiving this in an offer) 1039 to use this potential configuration, exactly one of the alternative 1040 lists MUST be selected in its entirety. This requires that all 1041 mandatory attribute capabilities referenced by the potential 1042 configuration are supported with the attribute values provided. 1044 Transport protocol configuration lists are included in a potential 1045 configuration by use of the transport-protocol-config-list 1046 parameter, which is defined by the following ABNF: 1048 transport-protocol-config-list = 1049 "t=" trpr-cap-num *(BAR trpr-cap-num) 1050 trpr-cap-num = 1*DIGIT ; defined in [RFC4234] 1052 Note that white-space is not permitted within this production. 1054 The trpr-cap-num refers to transport protocol capability numbers 1055 defined above and hence MUST be between 1 and 2^31-1 (both 1056 included). Alternative transport protocol capabilities are separated 1057 by a vertical bar ("|"). The alternatives are ordered by preference 1058 with the most preferred listed first. If there are no transport 1059 protocol capabilities included in a potential configuration at the 1060 media level, the transport protocol information from the associated 1061 "m=" line MUST be used. In order for a recipient of the SDP (e.g., 1062 an answerer receiving this in an offer) to use this potential 1063 configuration, exactly one of the alternatives MUST be selected. 1064 This requires that the transport protocol in question is supported. 1066 In the presence of intermediaries (the existence of which may not 1067 be known), care should be taken with assuming that the transport 1068 protocol in the "m=" line will not be modified by an intermediary. 1069 Use of an explicit transport protocol capability will guard 1070 against capability negotiation implications of that. 1072 Extension capabilities can be included in a potential configuration 1073 as well by use of extension configuration lists. Such extension 1074 configuration lists MUST adhere to the following ABNF: 1076 extension-config-list= ["+"] ext-cap-name "=" 1077 ext-cap-list 1078 ext-cap-name = 1*(ALPHA / DIGIT) 1079 ext-cap-list = 1*VCHAR ; defined in [RFC4234] 1081 Note that white-space is not permitted within this production. 1083 The ext-cap-name refers to the name of the extension capability and 1084 the ext-cap-list is here merely defined as a sequence of visible 1085 characters. The actual extension supported MUST refine both of these 1086 further. For extension capabilities that merely need to be 1087 referenced by a capability number, it is RECOMMENDED to follow a 1088 structure similar to what has been specified above. Unsupported or 1089 unknown potential extension configuration lists in a potential 1090 configuration attribute MUST be ignored, unless they are prefixed 1091 with the plus ("+") sign, which indicates that the extension is 1092 mandatory and MUST be supported in order to use that potential 1093 configuration. 1095 The "creq" attribute and its associated rules can be used to 1096 ensure that required extensions are supported in the first place. 1098 Potential configuration attributes can be provided at the media 1099 level only, however it is possible to reference capabilities 1100 provided at either the session or media level. There are certain 1101 semantic rules and restrictions associated with this: 1103 A (media level) potential configuration attribute in a given media 1104 description MUST NOT reference a media-level capability provided in 1105 a different media description; doing so invalidates that potential 1106 configuration (note that a potential configuration attribute can 1107 contain more than one potential configuration by use of 1108 alternatives). A potential configuration attribute can however 1109 reference a session-level capability. The semantics of doing so 1110 depends on the type of capability. In the case of transport protocol 1111 capabilities it has no particular implication. In the case of 1112 attribute capabilities however, it does. More specifically, the 1113 attribute name and value (provided within that attribute capability) 1114 will be considered part of the resulting SDP for that particular 1115 configuration at the *session* level. In other words, it will be as- 1116 if that attribute was provided with that value at the session-level 1117 in the first place. As a result, the base SDP Capability Negotiation 1118 framework REQUIRES that potential configurations do not reference 1119 any session-level attribute capabilities that contain media-level 1120 attributes (since that would place a media-level attribute at the 1121 session level). Extensions may modify this behavior, as long as it 1122 is fully backwards compatible with the base specification. 1124 Individual media streams perform capability negotiation 1125 individually, and hence it is possible that one media stream (where 1126 the attribute was part of a potential configuration) chose a 1127 configuration without a session level attribute that was chosen by 1128 another media stream. The session-level attribute however remains 1129 "active" and applies to the entire resulting potential configuration 1130 SDP. In theory, this is problematic if one or more session-level 1131 attributes either conflicts with or potentially interacts with 1132 another session-level or media-level attribute in an undefined 1133 manner. In practice, such examples seem to be rare (at least with 1134 the currently defined SDP attributes). 1136 A related set of problems can occur if we need coordination 1137 between session-level attributes from multiple media streams in 1138 order for a particular functionality to work. The grouping 1139 framework [RFC3388] is an example of this. If we use the SDP 1140 Capability Negotiation framework to select a session-level group 1141 attribute (provided as an attribute capability), and we require 1142 two media descriptions to do this consistently, we could have a 1143 problem. The FEC grouping semantics [RFC4756] is one example where 1144 this in theory could cause problems, however in practice, it is 1145 unclear that there is a significant problem with the currently 1146 defined grouping semantics. 1148 Resolving the above issues in general requires inter-media stream 1149 constraints and synchronized potential configuration processing; 1150 this would add considerable complexity to the overall solution. In 1151 practice, with the currently defined SDP attributes, it does not 1152 seem to be a significant problem, and hence the core SDP Capability 1153 Negotiation solution does not provide a solution to this issue. 1154 Instead, it is RECOMMENDED that use of session-level attributes in a 1155 potential configuration is avoided when possible, and when not, that 1156 such use is examined closely for any potential interaction issues. 1157 If interaction is possible, the entity generating the SDP SHOULD NOT 1158 assume that well-defined operation will occur at the receiving 1159 entity. 1161 The session-level operation of extension capabilities is undefined: 1162 Consequently, each new session-level extension capability defined 1163 MUST specify the implication of making it part of a configuration at 1164 the media level. 1166 Below, we provide an example of the "a=pcfg" attribute in a complete 1167 media description in order to properly indicate the supporting 1168 attributes: 1170 v=0 1171 o=- 25678 753849 IN IP4 192.0.2.1 1172 s= 1173 c=IN IP4 192.0.2.1 1174 t=0 0 1175 m=audio 53456 RTP/AVPF 0 18 1176 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32 1177 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 1178 a=tcap:1 RTP/AVPF RTP/AVP 1179 a=tcap:3 RTP/SAVP RTP/SAVPF 1180 a=pcfg:1 t=4|3 a=1 1181 a=pcfg:8 t=1|2 1183 We have two potential configuration attributes listed here. The 1184 first one (and most preferred, since its configuration number is 1185 "1") indicates that either of the profiles RTP/SAVPF or RTP/SAVP 1186 (specified by the transport protocol capability numbers 4 and 3) can 1187 be supported with attribute capability 1 (the "crypto" attribute); 1188 RTP/SAVPF is preferred over RTP/SAVP since its capability number (4) 1189 is listed first in the preferred potential configuration. Note that 1190 although we have a single potential configuration attribute and 1191 associated handle, we have two potential configurations. 1193 The second potential configuration attribute indicates that the 1194 RTP/AVPF or RTP/AVP profiles can be used, with RTP/AVPF being the 1195 preferred one. This non secure RTP alternative is the less preferred 1196 one since its configuration number is "8". Again, note that we have 1197 two potential configurations here and hence a total of four 1198 potential configurations in the SDP above. 1200 3.5.2. Actual Configuration Attribute 1202 The actual configuration attribute identifies which of the potential 1203 configurations from an offer SDP was selected and used as the actual 1204 configuration to generate an answer SDP. This is done by including 1205 the configuration number and the configuration lists (if any) from 1206 the offer that were selected and used by the answerer in his 1207 offer/answer procedure as follows: 1209 o A selected attribute configuration MUST include the delete- 1210 attributes and the selected alternative mo-att-cap-list (i.e., 1211 containing all mandatory and optional capability numbers from the 1212 potential configuration, irrespective of whether the optional 1213 ones were supported or not). If delete-attributes were not 1214 included in the potential configuration, they will of course not 1215 be present here either. 1217 o A selected transport protocol configuration MUST include the 1218 selected transport protocol capability number. 1220 o A selected potential extension configuration MUST include the 1221 selected extension configuration parameters as specified for that 1222 particular extension. 1224 o When a configuration list contains alternatives (separated by 1225 "|"), the selected configuration only MUST be provided. 1227 Note that the selected configuration number and all selected 1228 capability numbers used in the actual configuration attribute refer 1229 to those from the offer; not the answer. 1231 The answer may for example include capabilities as well to inform 1232 the offerer of the answerers capabilities above and beyond the 1233 negotiated configuration. The actual configuration attribute does 1234 not refer to any of those answer capabilities though. 1236 The Actual Configuration Attribute ("a=acfg") is defined as follows: 1238 a=acfg: [] 1240 where is an integer between 1 and 2^31-1 (both 1241 included). 1243 The "acfg" attribute adheres to the RFC 4566 "attribute" production, 1244 with an att-value defined as follows: 1246 att-value = config-number [1*WSP sel-cfg-list] 1247 ;config-number defined in Section 3.5.1. 1248 sel-cfg-list = sel-cfg *(1*WSP sel-cfg) 1249 sel-cfg = sel-attribute-config / 1250 sel-transport-protocol-config / 1251 sel-extension-config 1253 sel-attribute-config = 1254 "a=" [delete-attributes ":"] mo-att-cap-list 1255 ; defined in Section 3.5.1. 1257 sel-transport-protocol-config = 1258 "t=" trpr-cap-num ; defined in Section 3.5.1. 1260 sel-extension-config = 1261 ext-cap-name "=" 1*VCHAR ; defined in Section 3.5.1. 1263 Note that white-space is not permitted before the config-number. 1265 The actual configuration ("a=acfg") attribute can be provided at the 1266 media-level only. There MUST NOT be more than one occurrence of an 1267 actual configuration attribute within a given media description. 1269 Below, we provide an example of the "a=acfg" attribute (building on 1270 the previous example with the potential configuration attribute): 1272 v=0 1273 o=- 24351 621814 IN IP4 192.0.2.2 1274 s= 1275 c=IN IP4 192.0.2.2 1276 t=0 0 1277 m=audio 54568 RTP/SAVPF 0 1278 a=crypto:1 AES_CM_128_HMAC_SHA1_32 1279 inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32 1280 a=acfg:1 t=4 a=1 1282 It indicates that the answerer used an offer consisting of potential 1283 configuration number 1 with transport protocol capability 4 from the 1284 offer (RTP/SAVPF) and attribute capability 1 (the "crypto" 1285 attribute). The answerer includes his own "crypto" attribute as 1286 well. 1288 3.6. Offer/Answer Model Extensions 1290 In this section, we define extensions to the offer/answer model 1291 defined in [RFC3264] to allow for potential configurations to be 1292 included in an offer, where they constitute alternative offers that 1293 may be accepted by the answerer instead of the actual 1294 configuration(s) included in the "m=" line(s). 1296 The procedures defined in the following subsections apply to both 1297 unicast and multicast streams. 1299 3.6.1. Generating the Initial Offer 1301 An offerer that wants to use the SDP Capability Negotiation defined 1302 in this document MUST include the following in the offer: 1304 o An attribute capability attribute ("a=acap") as defined in 1305 Section 3.4.1. for each attribute name and associated value (if 1306 any) that needs to be indicated as a capability in the offer. 1308 Session-level attributes and associated values MUST be provided 1309 in attribute capabilities at the session-level only, whereas 1310 media-level attributes and associated values can be provided in 1311 attribute capabilities at either the media-level or session- 1312 level. Attributes that are allowed at either the session- or 1313 media-level can be provided in attribute capabilities at either 1314 level. If there is no need to indicate any attributes as 1315 attribute capabilities, then there will not be any "a=acap" 1316 attributes either. 1318 o One or more transport protocol capability attributes ("a=tcap") 1319 as defined in Section 3.4.2. with values for each transport 1320 protocol that needs to be indicated as a capability in the offer. 1321 Transport protocol capabilities that apply to multiple media 1322 descriptions SHOULD be provided at the session-level whereas 1323 transport protocol capabilities that apply to a specific media 1324 description ("m=" line) only, SHOULD be provided within that 1325 particular media description. In either case, there MUST NOT be 1326 more than a single "a=tcap" attribute at the session-level and a 1327 single "a=tcap" attribute in each media description. If there is 1328 no need to indicate any transport protocols as transport protocol 1329 capabilities, then there will not be any "a=tcap" attributes 1330 either. 1332 o One or more extension capability attributes (as outlined in 1333 Section 3.4.3. ) for each extension capability that is referenced 1334 by a potential configuration. Extension capability attributes 1335 that are not referenced by a potential configuration MAY be 1336 provided as well. 1338 o One or more potential configuration attributes ("a=pcfg"), as 1339 defined in Section 3.5.1. , in each media description where 1340 alternative potential configurations are to be negotiated. Each 1341 potential configuration attribute MUST adhere to the rules 1342 provided in Section 3.5.1. and the additional rules provided 1343 below. 1345 If the offerer requires support for more or extensions (besides the 1346 base protocol defined here), then the offerer MUST include one or 1347 more "a=creq" attribute as follows: 1349 o If support for one or more capability negotiation extensions is 1350 required for the entire session description, then option tags for 1351 those extensions MUST be included in a single session-level 1352 "creq" attribute. 1354 o For each media description that requires support for one or more 1355 capability negotiation extensions not listed at the session- 1356 level, a single "creq" attribute containing all the required 1357 extensions for that media description MUST be included within the 1358 media description (in accordance with Section 3.3.2. ). 1360 Note that extensions that only need to be supported by a particular 1361 potential configuration can use the "mandatory" extension prefix 1362 ("+") within the potential configuration (see Section 3.5.1. ). 1364 The offerer SHOULD furthermore include the following: 1366 o A supported capability negotiation extension attribute ("a=csup") 1367 at the session-level and/or media-level as defined in Section 1368 3.3.2. for each capability negotiation extension supported by the 1369 offerer and not included in a corresponding "a=creq" attribute 1370 (i.e., at the session-level or in the same media description). 1371 Option tags provided in a "a=csup" attribute at the session-level 1372 indicate extensions supported for the entire session description, 1373 whereas option tags provided in a "a=csup" attribute in a media 1374 description indicate extensions supported for that particular 1375 media description only. 1377 Capabilities provided in an offer merely indicate what the offerer 1378 is capable of doing. They do not constitute a commitment or even an 1379 indication to use them. In contrast, each potential configuration 1380 constitutes an alternative offer that the offerer would like to use. 1381 The potential configurations MUST be used by the answerer to 1382 negotiate and establish the session. 1384 The offerer MUST include one or more potential configuration 1385 attributes ("a=pcfg") in each media description where the offerer 1386 wants to provide alternative offers (in the form of potential 1387 configurations). Each potential configuration attribute in a given 1388 media description MUST contain a unique configuration number and one 1389 or more potential configuration lists, as described in Section 1390 3.5.1. Each potential configuration list MUST refer to capabilities 1391 that are provided at the session-level or within that particular 1392 media description; otherwise, the potential configuration is 1393 considered invalid. The base SDP Capability Negotiation framework 1394 REQUIRES that potential configurations do not reference any session- 1395 level attribute capabilities that contain media-level only 1396 attributes, however extensions may modify this behavior, as long as 1397 it is fully backwards compatible with the base specification. 1398 Furthermore, it is RECOMMENDED that potential configurations avoid 1399 use of session-level capabilities whenever possible; refer to 1400 Section 3.5.1. 1402 The current actual configuration is included in the "m=" line (as 1403 defined by [RFC3264]) and any associated parameters for the media 1404 description (e.g., attribute ("a=") and bandwidth ("b=") lines). 1405 Note that the actual configuration is by default the least-preferred 1406 configuration, and hence the answerer will seek to negotiate use of 1407 one of the potential configurations instead. If the offerer wishes a 1408 different preference for the actual configuration, the offerer MUST 1409 include a corresponding potential configuration with the relevant 1410 configuration number (which indicates the relative preference 1411 between potential configurations); this corresponding potential 1412 configuration should simply duplicate the actual configuration. 1414 This can either be done implicitly (by not referencing any 1415 capabilities), or explicitly (by providing and using capabilities 1416 for the transport protocol and all the attributes that are part of 1417 the actual configuration). The latter may help detect 1418 intermediaries that modify the actual configuration but are not 1419 SDP Capability Negotiation aware. 1421 Per [RFC3264], once the offerer generates the offer, he must be 1422 prepared to receive incoming media in accordance with that offer. 1423 That rule applies here as well, but for the actual configurations 1424 provided in the offer only: Media received by the offerer according 1425 to one of the potential configurations MAY be discarded, until the 1426 offerer receives an answer indicating what the actual selected 1427 configuration is. Once that answer is received, incoming media MUST 1428 be processed in accordance with the actual selected configuration 1429 indicated and the answer received (provided the offer/answer 1430 exchange completed successfully). 1432 The above rule assumes that the offerer can determine whether 1433 incoming media adheres to the actual configuration offered or one of 1434 the potential configurations instead; this may not always be the 1435 case. If the offerer wants to ensure he does not play out any 1436 garbage, the offerer SHOULD discard all media received before the 1437 answer SDP is received. Conversely, if the offerer wants to avoid 1438 clipping, he should attempt to play any incoming media as soon as it 1439 is received (at the risk of playing out garbage). For further 1440 details, please refer to Section 3.9. 1442 3.6.2. Generating the Answer 1444 When receiving an offer, the answerer MUST check for the presence of 1445 a required capability negotiation extension attribute ("a=creq") 1446 provided at the session level. If one is found, then capability 1447 negotiation MUST be performed. If none is found, then the answerer 1448 MUST check each offered media description for the presence of a 1449 required capability negotiation extension attribute ("a=creq") and 1450 one or more potential configuration attributes ("a=pcfg"). 1451 Capability negotiation MUST be performed for each media description 1452 where either of those is present in accordance with the procedures 1453 described below. 1455 The answerer MUST first ensure that it supports any required 1456 capability negotiation extensions: 1458 o If a session-level "creq" attribute is provided, and it contains 1459 an option-tag that the answerer does not support, then the 1460 answerer MUST NOT use any of the potential configuration 1461 attributes provided for any of the media descriptions. Instead, 1462 the normal offer/answer procedures MUST continue as per 1463 [RFC3264]. Furthermore, the answerer MUST include a session-level 1464 supported capability negotiation extensions attribute ("a=csup") 1465 with option tags for the capability negotiation extensions 1466 supported by the answerer. 1468 o If a media-level "creq" attribute is provided, and it contains an 1469 option tag that the answerer does not support, then the answerer 1470 MUST NOT use any of the potential configuration attributes 1471 provided for that particular media description. Instead, the 1472 offer/answer procedures for that media description MUST continue 1473 as per [RFC3264] (SDP Capability Negotiation is still performed 1474 for other media descriptions in the SDP). Furthermore, the 1475 answerer MUST include a supported capability negotiation 1476 extensions attribute ("a=csup") in that media description with 1477 option tags for the capability negotiation extensions supported 1478 by the answerer for that media description. 1480 Assuming all required capability negotiation extensions are 1481 supported, the answerer now proceeds as follows. 1483 For each media description where capability negotiation is to be 1484 performed (i.e. all required capability negotiation extensions are 1485 supported and at least one valid potential configuration attribute 1486 is present), the answerer MUST attempt to perform capability 1487 negotiation by using the most preferred potential configuration that 1488 is valid to the answerer. A potential configuration is valid to the 1489 answerer if: 1491 1. It is in accordance with the syntax and semantics provided in 1492 Section 3.5.1. 1494 2. It contains a configuration number that is unique within that 1495 media description. 1497 3. All attribute capabilities referenced by the potential 1498 configuration are valid themselves (as defined in Section 3.4.1. 1499 ) and each of them is provided either at the session-level or 1500 within this particular media description. For session-level 1501 attribute capabilities referenced, the attributes contained 1502 inside them MUST NOT be media-level only attributes. 1504 4. All transport protocol capabilities referenced by the potential 1505 configuration are valid themselves (as defined in Section 3.4.2. 1506 ) and each of them is furthermore provided either at the session- 1507 level or within this particular media description. 1509 5. All extension capabilities referenced by the potential 1510 configuration and supported by the answerer are valid themselves 1511 (as defined by that particular extension) and each of them are 1512 furthermore provided either at the session-level or within this 1513 particular media description. Unknown or unsupported extension 1514 capabilities MUST be ignored, unless they are prefixed with the 1515 plus ("+") sign, which indicates that the extension MUST be 1516 supported in order to use that potential configuration. If the 1517 extension is not supported, that potential configuration is not 1518 valid to the answerer. 1520 The most preferred valid potential configuration in a media 1521 description is the valid potential configuration with the lowest 1522 configuration number. The answerer MUST now process the offer for 1523 that media stream based on the most preferred valid potential 1524 configuration. Conceptually, this entails the answerer constructing 1525 an (internal) offer that consists of the actual configuration offer 1526 SDP, with the following changes for each media stream offered: 1528 o If a transport protocol capability is included in the potential 1529 configuration, then it replaces the transport protocol provided 1530 in the "m=" line for that media description. 1532 o If attribute capabilities are present with a delete-attributes 1533 session indication ("-s"), then all session-level attributes from 1534 the actual configuration SDP MUST be deleted in accordance with 1535 the procedures in Section 3.5.1. If attribute capabilities are 1536 present with a delete-attributes media indication ("-m"), then 1537 all attributes from the actual configuration SDP inside this 1538 media description MUST be deleted. 1540 o If a session-level attribute capability is included, the 1541 attribute (and its associated value, if any) contained in it MUST 1542 be added to the resulting SDP. All such added session-level 1543 attributes MUST be listed before the session-level attributes 1544 that were initially present in the SDP. Furthermore, the added 1545 session-level attributes MUST be added in the order they were 1546 provided in the potential configuration (see also Section 3.5.1. 1547 ). 1549 This allows for attributes with implicit preference ordering 1550 to be added in the desired order; the "crypto" attribute 1551 [RFC4568] is one such example. 1553 o If a media-level attribute capability is included, then the 1554 attribute (and its associated value, if any) MUST be added to the 1555 resulting SDP within the media description in question. All such 1556 added media-level attributes MUST be listed before the media- 1557 level attributes that were initially present in the SDP in the 1558 media description in question. Furthermore, the added media-level 1559 attributes MUST be added in the order they were provided in the 1560 potential configuration (see also Section 3.5.1. ). 1562 o If a supported extension capability is included, then it MUST be 1563 processed in accordance with the rules provided for that 1564 particular extension capability. 1566 Note that a transport protocol from the potential configuration 1567 replaces the transport protocol in the actual configuration, but an 1568 attribute capability from the potential configuration is simply 1569 added to the actual configuration. In some cases, this can result in 1570 having one or more meaningless attributes in the resulting potential 1571 configuration SDP, or worse, ambiguous or potentially even illegal 1572 attributes. Use of delete-attributes for the session and/or media 1573 level attributes MUST be done to avoid such scenarios. Nevertheless, 1574 it is RECOMMENDED that implementations ignore meaningless attributes 1575 that may result from potential configurations. 1577 For example, if the actual configuration was using Secure RTP and 1578 included an "a=crypto" attribute for the SRTP keying material, 1579 then use of a potential configuration that uses plain RTP would 1580 make the "crypto" attribute meaningless. The answerer may or may 1581 not ignore such a meaningless attribute. The offerer can here 1582 ensure correct operation by using delete-attributes to remove the 1583 crypto attribute (but will then need to provide attribute 1584 capabilities to reconstruct the SDP with the necessary attributes 1585 deleted, e.g. rtpmaps). 1587 Please refer to Section 3.6.2.1. for examples of how the answerer 1588 may conceptually "see" the resulting offered alternative potential 1589 configurations. 1591 The answerer MUST check that he supports all mandatory attribute 1592 capabilities from the potential configuration (if any), the 1593 transport protocol capability (if any) from the potential 1594 configuration, and all mandatory extension capabilities from the 1595 potential configuration (if any) in accordance with the rules 1596 provided for these. If he does not, the answerer MUST proceed to the 1597 second-most preferred valid potential configuration for the media 1598 description, etc. In the case of attribute capabilities, support 1599 implies that the attribute name contained in the capability is 1600 supported and it can (and will) be used successfully in the 1601 negotiation process with the value provided. This does not 1602 necessarily imply that the value provided is supported in its 1603 entirety. For example, the "a=fmtp" parameter is often provided with 1604 one or more values in a list, where the offerer and answerer 1605 negotiate use of some subset of the values provided. Other 1606 attributes may include mandatory and optional parts to their values; 1607 support for the mandatory part is all that is required here. 1609 A side-effect of the above rule is that whenever an "fmtp" or 1610 "rtpmap" parameter is provided as a mandatory attribute 1611 capability, the corresponding media format (codec) must be 1612 supported and use of it negotiated successfully. If this is not 1613 the offerer's intent, the corresponding attribute capabilities 1614 must be listed as optional instead. 1616 If the answerer has exhausted all potential configurations for the 1617 media description, without finding a valid one that is also 1618 supported, then the answerer MUST process the offered media stream 1619 based on the actual configuration plus any session-level attributes 1620 added by a valid and supported potential configuration from another 1621 media description in the offered SDP. 1623 The above process describes potential configuration selection as a 1624 per media stream process. Inter-media stream coordination of 1625 selected potential configurations however is required in some cases. 1626 First of all, session-level attributes added by a potential 1627 configuration for one media description MUST NOT cause any problems 1628 for potential configurations selected by other media descriptions in 1629 the offer SDP. If the session-level attributes are mandatory, then 1630 those session-level attributes MUST furthermore be supported by the 1631 session as a whole (i.e., all the media descriptions if relevant). 1632 As mentioned earlier, this adds additional complexity to the overall 1633 processing and hence it is RECOMMENDED not to use session-level 1634 attribute capabilities in potential configurations, unless 1635 absolutely necessary. 1637 Once the answerer has selected a valid and supported offered 1638 potential configuration for all of the media streams (or has fallen 1639 back to the actual configuration plus any added session attributes), 1640 the answerer MUST generate a valid answer SDP based on the selected 1641 potential configuration SDP, as "seen" by the answerer (see Section 1642 3.6.2.1. for examples). Furthermore, if the answerer selected one of 1643 the potential configurations in a media description, the answerer 1644 MUST include an actual configuration attribute ("a=acfg") within 1645 that media description. The "a=acfg" attribute MUST identify the 1646 configuration number for the selected potential configuration as 1647 well as the actual parameters that were used from that potential 1648 configuration; if the potential configuration included alternatives, 1649 the selected alternatives only MUST be included. Only the known and 1650 supported parameters will be included. Unknown or unsupported 1651 parameters MUST NOT be included in the actual configuration 1652 attribute. In the case of attribute capabilities, only the known and 1653 supported capabilities are included; unknown or unsupported 1654 attribute capabilities MUST NOT be included. 1656 If the answerer supports one or more capability negotiation 1657 extensions that were not included in a required capability 1658 negotiation extensions attribute in the offer, then the answerer 1659 SHOULD furthermore include a supported capability negotiation 1660 attribute ("a=csup") at the session-level with option tags for the 1661 extensions supported across media streams. Also, if the answerer 1662 supports one or more capability negotiation extensions for 1663 particular media descriptions only, then a supported capability 1664 negotiation attribute with those option-tags SHOULD be included 1665 within each relevant media description. 1667 The offerer's originally provided actual configuration is contained 1668 in the offer media description's "m=" line (and associated 1669 parameters). The answerer MAY send media to the offerer in 1670 accordance with that actual configuration as soon as it receives the 1671 offer, however it MUST NOT send media based on that actual 1672 configuration if it selects an alternative potential configuration. 1673 If the answerer selects one of the potential configurations, then 1674 the answerer MAY immediately start to send media to the offerer in 1675 accordance with the selected potential configuration, however the 1676 offerer MAY discard such media or play out garbage until the offerer 1677 receives the answer. Please refer to section 3.9. for additional 1678 considerations and possible alternative solutions outside the base 1679 SDP Capability Negotiation framework. 1681 If the offerer selected a potential configuration instead of the 1682 actual configuration, then it is RECOMMENDED that the answerer sends 1683 back an answer SDP as soon as possible. This minimizes the risk of 1684 having media discarded or played out as garbage by the offerer. In 1685 the case of SIP [RFC3261] without any extensions, this implies that 1686 if the offer was received in an INVITE message, then the answer SDP 1687 should be provided in the first non-100 provisional response sent 1688 back (per RFC3261, the answer would need to be repeated in the 200 1689 response as well, unless a relevant extension such as [RFC3262] is 1690 being used). 1692 3.6.2.1. Example Views of Potential Configurations 1694 The following examples illustrate how the answerer may conceptually 1695 "see" a potential configuration. Consider the following offered SDP: 1697 v=0 1698 o=alice 2891092738 2891092738 IN IP4 lost.example.com 1699 s= 1700 t=0 0 1701 c=IN IP4 lost.example.com 1702 a=tool:foo 1703 a=acap:1 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 1704 a=tcap:1 RTP/SAVP RTP/AVP 1705 m=audio 59000 RTP/AVP 98 1706 a=rtpmap:98 AMR/8000 1707 a=acap:2 crypto:1 AES_CM_128_HMAC_SHA1_32 1708 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 1709 a=pcfg:1 t=1 a=1|2 1710 m=video 52000 RTP/AVP 31 1711 a=rtpmap:31 H261/90000 1712 a=acap:3 crypto:1 AES_CM_128_HMAC_SHA1_80 1713 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 1714 a=pcfg:1 t=1 a=1|3 1716 This particular SDP offers an audio stream and a video stream, each 1717 of which can either use plain RTP (actual configuration) or secure 1718 RTP (potential configuration). Furthermore, two different keying 1719 mechanisms are offered, namely session-level Key Management 1720 Extensions using MIKEY (attribute capability 1) and media-level SDP 1721 Security Descriptions (attribute capabilities 2 and 3). There are 1722 several potential configurations here, however, below we show the 1723 one the answerer "sees" when using potential configuration 1 for 1724 both audio and video, and furthermore using attribute capability 1 1725 (MIKEY) for both (we have removed all the capability negotiation 1726 attributes for clarity): 1728 v=0 1729 o=alice 2891092738 2891092738 IN IP4 lost.example.com 1730 s= 1731 t=0 0 1732 c=IN IP4 lost.example.com 1733 a=tool:foo 1734 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 1735 m=audio 59000 RTP/SAVP 98 1736 a=rtpmap:98 AMR/8000 1737 m=video 52000 RTP/SAVP 31 1738 a=rtpmap:31 H261/90000 1740 Note that the transport protocol in the media descriptions indicate 1741 use of secure RTP. 1743 Below, we show the offer the answerer "sees" when using potential 1744 configuration 1 for both audio and video and furthermore using 1745 attribute capability 2 and 3 respectively (SDP security 1746 descriptions) for the audio and video stream - note the order in 1747 which the resulting attributes are provided: 1749 v=0 1750 o=alice 2891092738 2891092738 IN IP4 lost.example.com 1751 s= 1752 t=0 0 1753 c=IN IP4 lost.example.com 1754 a=tool:foo 1755 m=audio 59000 RTP/SAVP 98 1756 a=crypto:1 AES_CM_128_HMAC_SHA1_32 1757 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 1758 a=rtpmap:98 AMR/8000 1759 m=video 52000 RTP/SAVP 31 1760 a=crypto:1 AES_CM_128_HMAC_SHA1_80 1761 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 1762 a=rtpmap:31 H261/90000 1764 Again, note that the transport protocol in the media descriptions 1765 indicate use of secure RTP. 1767 And finally, we show the offer the answerer "sees" when using 1768 potential configuration 1 with attribute capability 1 (MIKEY) for 1769 the audio stream, and potential configuration 1 with attribute 1770 capability 3 (SDP security descriptions) for the video stream: 1772 v=0 1773 o=alice 2891092738 2891092738 IN IP4 lost.example.com 1774 s= 1775 t=0 0 1776 c=IN IP4 lost.example.com 1777 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 1778 a=tool:foo 1779 m=audio 59000 RTP/SAVP 98 1780 a=rtpmap:98 AMR/8000 1781 m=video 52000 RTP/SAVP 31 1782 a=crypto:1 AES_CM_128_HMAC_SHA1_80 1783 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 1784 a=rtpmap:31 H261/90000 1786 3.6.3. Offerer Processing of the Answer 1788 When the offerer attempted to use SDP Capability Negotiation in the 1789 offer, the offerer MUST examine the answer for actual use of SDP 1790 Capability Negotiation. 1792 For each media description where the offerer included a potential 1793 configuration attribute ("a=pcfg"), the offerer MUST first examine 1794 that media description for the presence of an actual configuration 1795 attribute ("a=acfg"). If an actual configuration attribute is not 1796 present in a media description, then the offerer MUST process the 1797 answer SDP for that media stream per the normal offer/answer rules 1798 defined in [RFC3264]. However, if one is found, the offerer MUST 1799 instead process the answer as follows: 1801 o The actual configuration attribute specifies which of the 1802 potential configurations was used by the answerer to generate the 1803 answer for this media stream. This includes all the supported 1804 attribute capabilities and the transport capabilities referenced 1805 by the potential configuration selected, where the attribute 1806 capabilities have any associated delete-attributes included. 1807 Extension capabilities supported by the answerer are included as 1808 well. 1810 o The offerer MUST now process the answer in accordance with the 1811 rules in [RFC3264], except that it must be done as if the offer 1812 consisted of the selected potential configuration instead of the 1813 original actual configuration, including any transport protocol 1814 changes in the media ("m=") line(s), attributes added and deleted 1815 by the potential configuration at the media and session level, 1816 and any extensions used. 1818 If the offer/answer exchange was successful, and if the answerer 1819 selected one of the potential configurations from the offer as the 1820 actual configuration, then the offerer MAY perform another 1821 offer/answer exchange: This new offer SHOULD contain the selected 1822 potential configuration as the actual configuration, i.e., with the 1823 actual configuration used in the "m=" line and any other relevant 1824 attributes and extensions. This second offer/answer exchange will 1825 not modify the session in any way, however it will help 1826 intermediaries (e.g. middleboxes) that look at the SDP, but do not 1827 understand or support the capability negotiation extensions, to 1828 understand the details of the media stream(s) that were actually 1829 negotiated. If it is known or suspected that one or more such 1830 intermediaries exist, then this second offer/answer SHOULD be 1831 performed (this is already done when using Interactive Connectivity 1832 Establishment [ICE], and in those cases, there will not be a need 1833 for a third offer/answer exchange). Note that, per normal 1834 offer/answer rules, the second offer/answer exchange still needs to 1835 update the version number in the "o=" line (( in 1836 [RFC4566]). Attribute lines carrying keying material SHOULD repeat 1837 the keys from the previous offer, unless re-keying is necessary, 1838 e.g. due to a previously forked SIP INVITE request. Please refer to 1839 Section 3.12. for additional considerations related to 1840 intermediaries. 1842 3.6.4. Modifying the Session 1844 Capabilities and potential configurations may be included in 1845 subsequent offers as defined in [RFC3264], Section 8. The procedure 1846 for doing so is similar to that described above with the answer 1847 including an indication of the actual selected configuration used by 1848 the answerer. 1850 If the answer indicates use of a potential configuration from the 1851 offer, then the guidelines provided in Section 3.6.3. for doing a 1852 second offer/answer exchange using that potential configuration as 1853 the actual configuration apply. 1855 3.7. Interactions with ICE 1857 Interactive Connectivity Establishment (ICE) [ICE] provides a 1858 mechanism for verifying connectivity between two endpoints by 1859 sending STUN messages directly between the media endpoints. The 1860 basic ICE specification [ICE] is defined to support UDP-based 1861 connectivity only, however it allows for extensions to support other 1862 transport protocols, such as TCP, which is being specified in 1863 [ICETCP]. ICE defines a new "a=candidate" attribute, which, among 1864 other things, indicates the possible transport protocol(s) to use 1865 and then associates a priority with each of them. The most preferred 1866 transport protocol that *successfully* verifies connectivity will 1867 end up being used. 1869 When using ICE, it is thus possible that the transport protocol that 1870 will be used differs from what is specified in the "m=" line. Since 1871 both ICE and SDP Capability Negotiation may specify alternative 1872 transport protocols, there is a potentially unintended interaction 1873 when using these together. 1875 We provide the following guidelines for addressing that. 1877 There are two basic scenarios to consider: 1879 1) A particular media stream can run over different transport 1880 protocols (e.g. UDP, TCP, or TCP/TLS), and the intent is simply to 1881 use the one that works (in the preference order specified). 1883 2) A particular media stream can run over different transport 1884 protocols (e.g. UDP, TCP, or TCP/TLS) and the intent is to have the 1885 negotiation process decide which one to use (e.g. T.38 over TCP or 1886 UDP). 1888 In scenario 1, there should be ICE "a=candidate" attributes for UDP, 1889 TCP, etc. but otherwise nothing special in the potential 1890 configuration attributes to indicate the desire to use different 1891 transport protocols (e.g. UDP, or TCP). The ICE procedures 1892 essentially cover the capability negotiation required (by having the 1893 answerer select something it supports and then use of trial and 1894 error connectivity checks). 1896 Scenario 2 does not require a need to support or use ICE. Instead, 1897 we simply use transport protocol capabilities and potential 1898 configuration attributes to indicate the desired outcome. 1900 The scenarios may be combined, e.g. by offering potential 1901 configuration alternatives where some of them can support one 1902 transport protocol only (e.g. UDP), whereas others can support 1903 multiple transport protocols (e.g. UDP or TCP). In that case, there 1904 is a need for tight control over the ICE candidates that will be 1905 used for a particular configuration, yet the actual configuration 1906 may want to use all of the ICE candidates. In that case, the ICE 1907 candidate attributes can be defined as attribute capabilities and 1908 the relevant ones should then be included in the proper potential 1909 configurations (for example candidate attributes for UDP only for 1910 potential configurations that are restricted to UDP, whereas there 1911 could be candidate attributes for UDP, TCP, and TCP/TLS for 1912 potential configurations that can use all three). Furthermore, use 1913 of the delete-attributes in a potential configuration can be used to 1914 ensure that ICE will not end up using a transport protocol that is 1915 not desired for a particular configuration. 1917 3.8. Interactions with SIP Option Tags 1919 SIP [RFC3261] allows for SIP extensions to define a SIP option tag 1920 that identifies the SIP extension. Support for one or more such 1921 extensions can be indicated by use of the SIP Supported header, and 1922 required support for one or more such extensions can be indicated by 1923 use of the SIP Require header. The "a=csup" and "a=creq" attributes 1924 defined by the SDP Capability Negotiation framework are similar, 1925 except that support for these two attributes by themselves cannot be 1926 guaranteed (since they are specified as extensions to the SDP 1927 specification [RFC4566] itself). 1929 SIP extensions with associated option tags can introduce 1930 enhancements to not only SIP, but also SDP. This is for example the 1931 case for SIP preconditions defined in [RFC3312]. When using SDP 1932 Capability Negotiation, some potential configurations may include 1933 certain SDP extensions, whereas others may not. Since the purpose of 1934 the SDP Capability Negotiation is to negotiate a session based on 1935 the features supported by both sides, use of the SIP Require header 1936 for such extensions may not produce the desired result. For example, 1937 if one potential configuration requires SIP preconditions support, 1938 another does not, and the answerer does not support preconditions, 1939 then use of the SIP Require header for preconditions would result in 1940 a session failure, in spite of the fact that a valid and supported 1941 potential configuration was included in the offer. 1943 In general, this can be alleviated by use of mandatory and optional 1944 attribute capabilities in a potential configuration. There are 1945 however cases where permissible SDP values are tied to the use of 1946 the SIP Require header. SIP preconditions [RFC3312] is one such 1947 example, where preconditions with a "mandatory" strength-tag can 1948 only be used when a SIP Require header with the SIP option tag 1949 "precondition" is included. Future SIP extensions that may want to 1950 use the SDP Capability Negotiation framework should avoid such 1951 coupling. 1953 3.9. Processing Media before Answer 1955 The offer/answer model requires an offerer to be able to receive 1956 media in accordance with the offer prior to receiving the answer. 1957 This property is retained with the SDP Capability Negotiation 1958 extensions defined here, but only when the actual configuration is 1959 selected by the answerer. If a potential configuration is chosen, it 1960 is permissible for the offerer to not process any media received 1961 before the answer is received. This may lead to clipping. 1962 Consequently, the SDP Capability Negotiation framework recommends 1963 sending back an answer SDP as soon as possible. 1965 The issue can be resolved by introducing a three-way handshake. In 1966 the case of SIP, this can for example be done by defining a 1967 precondition [RFC3312] for capability negotiation (or use an 1968 existing precondition that is known to generate a second 1969 offer/answer exchange before proceeding with the session). However, 1970 preconditions are often viewed as complicated to implement and they 1971 may add to overall session establishment delay by requiring an extra 1972 offer/answer exchange. 1974 An alternative three-way handshake can be performed by use of ICE 1975 [ICE]. When ICE is being used, and the answerer receives a STUN 1976 Binding Request for any one of the accepted media streams from the 1977 offerer, the answerer knows the offer has received his answer. At 1978 that point, the answerer knows that the offerer will be able to 1979 process incoming media according to the negotiated configuration and 1980 hence he can start sending media without the risk of the offerer 1981 either discarding it or playing garbage. 1983 In some use cases a three-way handshake is not needed. An example is 1984 when the offerer does not need information from the answer, such as 1985 keying material in the SDP, in order to process incoming media. The 1986 SDP Capability Negotiation framework does not define any such 1987 solutions, however extensions may do so. For example, one technique 1988 proposed for best-effort SRTP in [BESRTP] is to provide different 1989 RTP payload type mappings for different transport protocols used, 1990 outside of the actual configuration, while still allowing them to be 1991 used by the answerer (exchange of keying material is still needed, 1992 e.g. inband). The basic SDP Capability Negotiation framework defined 1993 here does not include the ability to do so, however extensions that 1994 enable that may be defined. 1996 3.10. Indicating Bandwidth Usage 1998 The amount of bandwidth to use for a particular media stream depends 1999 on the codecs, transport protocol and other parameters being used. 2000 For example use of Secure RTP [RFC3711] with integrity protection 2001 requires more bandwidth than plain RTP [RFC3551]. SDP defines the 2002 bandwidth ("b=") parameter to indicate the proposed bandwidth for 2003 the session or media stream,. 2005 In current SDP, each media description contains one transport 2006 protocol and one or more codecs. When specifying the proposed 2007 bandwidth, the worst case scenario must be taken into account, i.e., 2008 use of the highest bandwidth codec provided, the transport protocol 2009 indicated, and the worst case (bandwidth-wise) parameters that can 2010 be negotiated (e.g., a 32-bit HMAC or an 80-bit HMAC). 2012 The core SDP capability negotiation framework does not provide a way 2013 to negotiate bandwidth parameters. The issue thus remains, however 2014 it is potentially worse than with current SDP, since it is easier to 2015 negotiate additional codecs, and furthermore possible to negotiate 2016 different transport protocols. The recommended approach for 2017 addressing this is the same as for plain SDP; the worst case (now 2018 including potential configurations) needs to be taken into account 2019 when specifying the bandwidth parameters in the actual 2020 configuration. This can make the bandwidth value less accurate than 2021 in current SDP (due to potential greater variability in the 2022 potential configuration bandwidth use). Extensions can be defined to 2023 address this shortcoming. Also, the Transport Independent 2024 Application Specific Maximum (TIAS) bandwidth type defined in 2025 [RFC3890] can be used to alleviate bandwidth variability concerns 2026 due to different transport protocols. 2028 Note, that when using RTP retransmission [RFC4588] with the RTCP- 2029 based feedback profile [RFC4585] (RTP/AVPF), the retransmitted 2030 packets are part of the media stream bandwidth when using SSRC- 2031 multiplexing. If a non-feedback based protocol is offered as an 2032 alternative transport protocol, it is possible that the bandwidth 2033 indication should have been lower. 2035 3.11. Dealing with Large Number of Potential Configurations 2037 When using the SDP Capability Negotiation, it is easy to generate 2038 offers that contain a large number of potential configurations. For 2039 example, in the offer: 2041 v=0 2042 o=- 25678 753849 IN IP4 192.0.2.1 2043 s= 2044 c=IN IP4 192.0.2.1 2045 t=0 0 2046 m=audio 53456 RTP/AVP 0 18 2047 a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF 2048 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_80 2049 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 2050 FEC_ORDER=FEC_SRTP 2051 a=acap:2 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 2052 a=acap:3 rtcp-fb:0 nack 2053 a=pcfg:1 t=1 a=1,3|2,3 2054 a=pcfg:2 t=2 a=1|2 2055 a=pcfg:3 t=3 a=3 2057 we have 5 potential configurations on top of the actual 2058 configuration for a single media stream. Adding an extension 2059 capability with just two alternatives for each would double that 2060 number (to 10), and doing the equivalent with two media streams 2061 would again double that number (to 20). While it is easy (and 2062 inexpensive) for the offerer to generate such offers, processing 2063 them at the answering side may not be. Consequently, it is 2064 RECOMMENDED that offerers do not create offers with unnecessarily 2065 large number of potential configurations in them. 2067 On the answering side, implementers MUST take care to avoid 2068 excessive memory and CPU consumption. For example, a naﶥ 2069 implementation that first generates all the valid potential 2070 configuration SDPs internally, could find itself being memory 2071 exhausted, especially if it supports a large number of endpoints. 2072 Similarly, a naﶥ implementation that simply performs iterative 2073 trial-and-error processing on each possible potential configuration 2074 SDP (in the preference order specified) could find itself being CPU 2075 constrained. An alternative strategy is to prune the search space 2076 first by discarding the set of offered potential configurations 2077 where the transport protocol indicated (if any) is not supported, 2078 and/or one or more mandatory attribute capabilities (if any) are 2079 either not supported or not valid. Potential configurations with 2080 unsupported mandatory extension configurations in them can be 2081 discarded as well. 2083 3.12. SDP Capability Negotiation and Intermediaries 2085 An intermediary is here defined as an entity between a SIP user 2086 agent A and a SIP user agent B, that need to perform some kind of 2087 processing on the SDP exchanged between A and B, in order for the 2088 session establishment to operate as intended. Examples of such 2089 intermediaries include Session Border Controllers (SBCs) that may 2090 perform media relaying, Proxy Call Session Control Functions (P- 2091 CSCF) that may authorize use of a certain amount of network 2092 resources (bandwidth), etc. The presence and design of such 2093 intermediaries may not follow the "Internet" model or the SIP 2094 requirements for proxies (which are not supposed to look in message 2095 bodies such as SDP), however they are a fact of life in some 2096 deployment scenarios currently and hence deserve consideration. 2098 If the intermediary needs to understand the characteristics of the 2099 media sessions being negotiated, e.g. the amount of bandwidth used 2100 or the transport protocol negotiated, then use of the SDP Capability 2101 Negotiation framework may impact them. For example, some 2102 intermediaries are known to disallow answers where the transport 2103 protocol differs from the one in the offer. Use of the SDP 2104 Capability Negotiation framework in the presence of such 2105 intermediaries could lead to session failures. Intermediaries that 2106 need to authorize use of network resources based on the negotiated 2107 media stream parameters are affected as well. If they inspect only 2108 the offer, then they may authorize parameters assuming a different 2109 transport protocol, codecs, etc. than what is actually being 2110 negotiated. For these, and other, reasons it is RECOMMENDED that 2111 implementers of intermediaries add support for the SDP Capability 2112 Negotiation framework. 2114 The SDP Capability Negotiation framework itself attempts to help out 2115 these intermediaries as well, by optionally performing a second 2116 offer/answer exchange when use of a potential configuration has been 2117 negotiated (see Section 3.6.3. ). However, there are several 2118 limitations with this approach. First of all, the second 2119 offer/answer exchange is not required and hence may not be 2120 performed. Secondly, the intermediary may refuse the initial answer, 2121 e.g. due to perceived transport protocol mismatch. Thirdly, the 2122 strategy is not foolproof, since the offer/answer procedures 2123 [RFC3264] leave the original offer/answer exchange in effect when a 2124 subsequent one fails; consider the following example: 2126 1. Offerer generates an SDP offer with the actual configuration 2127 specifying a low bandwidth configuration (e.g. plain RTP) and a 2128 potential configuration specifying a high(er) bandwidth 2129 configuration (e.g. secure RTP with integrity). 2131 2. An intermediary (e.g. an SBC or P-CSCF), that does not support 2132 SDP Capability Negotiation, authorizes the session based on the 2133 actual configuration it sees in the SDP. 2135 3. The answerer chooses the high(er) bandwidth potential 2136 configuration and generates an answer SDP based on that. 2138 4. The intermediary passes through the answer SDP. 2140 5. The offerer sees the accepted answer, and generates an updated 2141 offer that contains the selected potential configuration as the 2142 actual configuration. In other words, the high(er) bandwidth 2143 configuration (which has already been negotiated successfully) is 2144 now the actual configuration in the offer SDP. 2146 6. The intermediary sees the new offer, however it does not 2147 authorize the use of the high(er) bandwidth configuration, and 2148 consequently generates a rejection message to the offerer. 2150 7. The offerer receives the rejected offer. 2152 After step 7, per RFC 3264, the offer/answer exchange that completed 2153 in step 5 remains in effect, however the intermediary may not have 2154 authorized the necessary network resources and hence the media 2155 stream may experience quality issues. The solution to this problem 2156 is to upgrade the intermediary to support the SDP Capability 2157 Negotiation framework. 2159 3.13. Considerations for Specific Attribute Capabilities 2161 3.13.1. The rtpmap and fmtp Attributes 2163 The core SDP Capability Negotiation framework defines transport 2164 capabilities and attribute capabilities. Media capabilities, which 2165 can be used to describe media formats and their associated 2166 parameters, are not defined in this document, however the "rtpmap" 2167 and "fmtp" attributes can nevertheless be used as attribute 2168 capabilities. Using such attribute capabilities in a potential 2169 configuration requires a bit of care though. 2171 The rtpmap parameter binds an RTP payload type to a media format 2172 (e.g. codec). While it is possible to provide rtpmaps for payload 2173 types not found in the corresponding "m=" line, such rtpmaps provide 2174 no value in normal offer/answer exchanges, since only the payload 2175 types found in the "m=" line are part of the offer (or answer). This 2176 applies to the core SDP Capability Negotiation framework as well: 2177 Only the media formats (e.g. RTP payload types) provided in the "m=" 2178 line are actually offered; inclusion of rtpmap attributes with other 2179 RTP payload types in a potential configuration does not change this 2180 fact and hence they do not provide any useful information there. 2181 They may still be useful as pure capabilities though (outside a 2182 potential configuration) in order to inform a peer of additional 2183 codecs supported. 2185 It is possible to provide an rtpmap attribute capability with a 2186 payload type mapping to a different codec than a corresponding 2187 actual configuration "rtpmap" attribute for the media description 2188 has. Such practice is permissible as a way of indicating a 2189 capability. If that capability is included in a potential 2190 configuration, then delete-attributes (see Section 3.5.1. ) MUST be 2191 used to ensure that there is not multiple rtpmap attributes for the 2192 same payload type in a given media description (which would not be 2193 allowed by SDP [RFC4566]). 2195 Similar considerations and rules apply to the "fmtp" attribute. An 2196 fmtp attribute capability for a media format not included in the 2197 "m=" line is useless in a potential configuration (but may be useful 2198 as a capability by itself). An fmtp attribute capability in a 2199 potential configuration for a media format that already has an fmtp 2200 attribute in the actual configuration may lead to multiple fmtp 2201 format parameters for that media format and that is not allowed by 2202 SDP [RFC4566]. The delete-attributes MUST be used to ensure that 2203 there is not multiple fmtp attributes for a given media format in a 2204 media description. 2206 Extensions to the core SDP Capability Negotiation framework may 2207 change the above behavior. 2209 3.13.2. Direction Attributes 2211 SDP defines the "inactive", "sendonly", "recvonly", and "sendrecv" 2212 direction attributes. The direction attributes can be applied at 2213 either the session-level or the media-level. In either case, it is 2214 possible to define attribute capabilities for these direction 2215 capabilities; if used by a potential configuration, the normal 2216 offer/answer procedures still apply. For example, if an offered 2217 potential configuration includes the "sendonly" direction attribute, 2218 and it is selected as the actual configuration, then the answer MUST 2219 include a corresponding "recvonly" (or "inactive") attribute. 2221 3.14. Relationship to RFC 3407 2223 RFC 3407 defines capability descriptions with limited abilities to 2224 describe attributes, bandwidth parameters, transport protocols and 2225 media formats. RFC 3407 does not define any negotiation procedures 2226 for actually using those capability descriptions. 2228 This document defines new attributes for describing attribute 2229 capabilities and transport capabilities. It also defines procedures 2230 for using those capabilities as part of an offer/answer exchange. In 2231 contrast to RFC 3407, this document does not define bandwidth 2232 parameters, and it also does not define how to express ranges of 2233 values. Extensions to this document may be defined in order to fully 2234 cover all the capabilities provided by RFC 3407 (for example more 2235 general media capabilities). 2237 It is RECOMMENDED that implementations use the attributes and 2238 procedures defined in this document instead of those defined in 2239 [RFC3407]. If capability description interoperability with legacy 2240 RFC 3407 implementations is desired, implementations MAY include 2241 both RFC 3407 capability descriptions and capabilities defined by 2242 this document. The offer/answer negotiation procedures defined in 2243 this document will not use the RFC 3407 capability descriptions. 2245 4. Examples 2247 In this section, we provide examples showing how to use the SDP 2248 Capability Negotiation. 2250 4.1. Best-Effort Secure RTP 2252 The following example illustrates how to use the SDP Capability 2253 Negotiation extensions to support so-called Best-Effort Secure RTP. 2254 In that scenario, the offerer supports both RTP and Secure RTP. If 2255 the answerer does not support secure RTP (or the SDP Capability 2256 Negotiation extensions), an RTP session will be established. 2257 However, if the answerer supports Secure RTP and the SDP Capability 2258 Negotiation extensions, a Secure RTP session will be established. 2260 The best-effort Secure RTP negotiation is illustrated by the 2261 offer/answer exchange below, where Alice sends an offer to Bob: 2263 Alice Bob 2265 | (1) Offer (SRTP and RTP) | 2266 |--------------------------------->| 2267 | | 2268 | (2) Answer (SRTP) | 2269 |<---------------------------------| 2270 | | 2271 | (3) Offer (SRTP) | 2272 |--------------------------------->| 2273 | | 2274 | (4) Answer (SRTP) | 2275 |<---------------------------------| 2276 | | 2278 Alice's offer includes RTP and SRTP as alternatives. RTP is the 2279 default, but SRTP is the preferred one: 2281 v=0 2282 o=- 25678 753849 IN IP4 192.0.2.1 2283 s= 2284 c=IN IP4 192.0.2.1 2285 t=0 0 2286 m=audio 53456 RTP/AVP 0 18 2287 a=tcap:1 RTP/SAVP RTP/AVP 2288 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_80 2289 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 2290 FEC_ORDER=FEC_SRTP 2291 a=pcfg:1 t=1 a=1 2293 The "m=" line indicates that Alice is offering to use plain RTP with 2294 PCMU or G.729. The capabilities are provided by the "a=tcap" and 2295 "a=acap" attributes. The "tcap" capability indicates that both 2296 Secure RTP and normal RTP are supported. The "acap" attribute 2297 provides an attribute capability with a handle of 1. The capability 2298 is a "crypto" attribute, which provides the keying material for SRTP 2299 using SDP security descriptions [RFC4568]. The "a=pcfg" attribute 2300 provides the potential configurations included in the offer by 2301 reference to the capabilities. A single potential configuration 2302 with a configuration number of "1" is provided. It includes the 2303 transport protocol capability 1 (RTP/SAVP, i.e. secure RTP) together 2304 with the attribute capability 1, i.e. the crypto attribute provided. 2305 Note that attribute capability 1 is mandatory, and hence it must be 2306 supported in order for the potential configuration to be used. 2308 Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP 2309 Capability Negotiation framework, and hence he accepts the potential 2310 configuration for Secure RTP provided by Alice: 2312 v=0 2313 o=- 24351 621814 IN IP4 192.0.2.2 2314 s= 2315 c=IN IP4 192.0.2.2 2316 t=0 0 2317 m=audio 54568 RTP/SAVP 0 18 2318 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2319 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 2320 a=acfg:1 t=1 a=1 2322 Bob includes the "a=acfg" attribute in the answer to inform Alice 2323 that he based his answer on an offer containing the potential 2324 configuration with transport protocol capability 1 and attribute 2325 capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the 2326 keying material provided). Bob also includes his keying material in 2327 a crypto attribute. 2329 When Alice receives Bob's answer, session negotiation has completed, 2330 however Alice nevertheless chooses to generate a new offer using the 2331 actual configuration. This is done purely to assist any 2332 intermediaries that may reside between Alice and Bob but do not 2333 support the SDP Capability Negotiation framework (and hence may not 2334 understand the negotiation that just took place): 2336 Alice's updated offer includes only SRTP, and it is not using the 2337 SDP Capability Negotiation framework (Alice could have included the 2338 capabilities as well is she wanted to): 2340 v=0 2341 o=- 25678 753850 IN IP4 192.0.2.1 2342 s= 2343 c=IN IP4 192.0.2.1 2344 t=0 0 2345 m=audio 53456 RTP/SAVP 0 18 2346 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2347 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 2348 FEC_ORDER=FEC_SRTP 2350 The "m=" line now indicates that Alice is offering to use secure RTP 2351 with PCMU or G.729. The "crypto" attribute, which provides the SRTP 2352 keying material, is included with the same value again. 2354 Bob receives the SDP offer from Alice, which he accepts, and then 2355 generates an answer to Alice: 2357 v=0 2358 o=- 24351 621815 IN IP4 192.0.2.2 2359 s= 2360 c=IN IP4 192.0.2.2 2361 t=0 0 2362 m=audio 54568 RTP/SAVP 0 18 2363 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2364 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 2366 Bob includes the same crypto attribute as before, and the session 2367 proceeds without change. Although Bob did not include any 2368 capabilities in his answer, he could have done so if he wanted to. 2370 Note that in this particular example, the answerer supported the SDP 2371 Capability Negotiation framework, and hence the attributes and 2372 procedures defined here, however had he not, the answerer would 2373 simply have ignored the new attributes received in step 1 and 2374 accepted the offer to use normal RTP. In that case, the following 2375 answer would have been generated in step 2 instead: 2377 v=0 2378 o=- 24351 621814 IN IP4 192.0.2.2 2379 s= 2380 c=IN IP4 192.0.2.2 2381 t=0 0 2382 m=audio 54568 RTP/AVP 0 18 2384 4.2. Multiple Transport Protocols 2386 The following example illustrates how to use the SDP Capability 2387 Negotiation extensions to negotiate use of one out of several 2388 possible transport protocols. As in the previous example, the 2389 offerer uses the expected least-common-denominator (plain RTP) as 2390 the actual configuration, and the alternative transport protocols as 2391 the potential configurations. 2393 The example is illustrated by the offer/answer exchange below, where 2394 Alice sends an offer to Bob: 2396 Alice Bob 2398 | (1) Offer (RTP/[S]AVP[F]) | 2399 |--------------------------------->| 2400 | | 2401 | (2) Answer (RTP/AVPF) | 2402 |<---------------------------------| 2403 | | 2404 | (3) Offer (RTP/AVPF) | 2405 |--------------------------------->| 2406 | | 2407 | (4) Answer (RTP/AVPF) | 2408 |<---------------------------------| 2409 | | 2411 Alice's offer includes plain RTP (RTP/AVP), RTP with RTCP-based 2412 feedback (RTP/AVPF), Secure RTP (RTP/SAVP), and Secure RTP with 2413 RTCP-based feedback (RTP/SAVPF) and SRTP as alternatives. RTP is the 2414 default, with RTP/SAVPF, RTP/SAVP, and RTP/AVPF as the alternatives 2415 and preferred in the order listed: 2417 v=0 2418 o=- 25678 753849 IN IP4 192.0.2.1 2419 s= 2420 c=IN IP4 192.0.2.1 2421 t=0 0 2422 m=audio 53456 RTP/AVP 0 18 2423 a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF 2424 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_80 2425 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 2426 FEC_ORDER=FEC_SRTP 2427 a=acap:2 rtcp-fb:0 nack 2428 a=pcfg:1 t=1 a=1,[2] 2429 a=pcfg:2 t=2 a=1 2430 a=pcfg:3 t=3 a=[2] 2432 The "m=" line indicates that Alice is offering to use plain RTP with 2433 PCMU or G.729. The capabilities are provided by the "a=tcap" and 2434 "a=acap" attributes. The "tcap" capability indicates that Secure 2435 RTP with RTCP-Based feedback (RTP/SAVPF), Secure RTP (RTP/SAVP), and 2436 RTP with RTCP-Based feedback are supported. The first "acap" 2437 attribute provides an attribute capability with a handle of 1. The 2438 capability is a "crypto" attribute, which provides the keying 2439 material for SRTP using SDP security descriptions [RFC4568]. The 2440 second "acap" attribute provides an attribute capability with a 2441 handle of 2. The capability is an "rtcp-fb" attribute, which is used 2442 by the RTCP-based feedback profiles to indicate that payload type 0 2443 (PCMU) supports feedback type "nack". The "a=pcfg" attributes 2444 provide the potential configurations included in the offer by 2445 reference to the capabilities. There are three potential 2446 configurations: 2448 o Potential configuration 1, which is the most preferred potential 2449 configuration specifies use of transport protocol capability 1 2450 (RTP/SAVPF) and attribute capabilities 1 (the "crypto" attribute) 2451 and 2 (the "rtcp-fb" attribute). Support for the first one is 2452 mandatory whereas support for the second one is optional. 2454 o Potential configuration 2, which is the second most preferred 2455 potential configuration specifies use of transport protocol 2456 capability 2 (RTP/SAVP) and mandatory attribute capability 1 (the 2457 "crypto" attribute). 2459 o Potential configuration 3, which is the least preferred potential 2460 configuration (but the second least preferred configuration 2461 overall, since the actual configuration provided by the "m=" line 2462 is always the least preferred configuration), specifies use of 2463 transport protocol capability 3 (RTP/AVPF) and optional attribute 2464 capability 2 (the "rtcp-fb" attribute). 2466 Bob receives the SDP offer from Alice. Bob does not support any 2467 secure RTP profiles, however he supports plain RTP and RTP with 2468 RTCP-based feedback, as well as the SDP Capability Negotiation 2469 extensions, and hence he accepts the potential configuration for RTP 2470 with RTCP-based feedback provided by Alice: 2472 v=0 2473 o=- 24351 621814 IN IP4 192.0.2.2 2474 s= 2475 c=IN IP4 192.0.2.2 2476 t=0 0 2477 m=audio 54568 RTP/AVPF 0 18 2478 a=rtcp-fb:0 nack 2479 a=acfg:1 t=3 a=[2] 2481 Bob includes the "a=acfg" attribute in the answer to inform Alice 2482 that he based his answer on an offer containing the potential 2483 configuration with transport protocol capability 3 and optional 2484 attribute capability 2 from the offer SDP (i.e. the RTP/AVPF profile 2485 using the "rtcp-fb" value provided). Bob also includes an "rtcp-fb" 2486 attribute with the value "nack" value for RTP payload type 0. 2488 When Alice receives Bob's answer, session negotiation has completed, 2489 however Alice nevertheless chooses to generate a new offer using the 2490 actual configuration. This is done purely to assist any 2491 intermediaries that may reside between Alice and Bob but do not 2492 support the SDP Capability Negotiation framework (and hence may not 2493 understand the negotiation that just took place): 2495 Alice's updated offer includes only RTP/AVPF, and it is not using 2496 the SDP Capability Negotiation framework (Alice could have included 2497 the capabilities as well if she wanted to): 2499 v=0 2500 o=- 25678 753850 IN IP4 192.0.2.1 2501 s= 2502 c=IN IP4 192.0.2.1 2503 t=0 0 2504 m=audio 53456 RTP/AVPF 0 18 2505 a=rtcp-fb:0 nack 2507 The "m=" line now indicates that Alice is offering to use RTP with 2508 RTCP-based feedback and using PCMU or G.729. The "rtcp-fb" 2509 attribute provides the feedback type "nack" for payload type 0 again 2510 (but as part of the actual configuration). 2512 Bob receives the SDP offer from Alice, which he accepts, and then 2513 generates an answer to Alice: 2515 v=0 2516 o=- 24351 621815 IN IP4 192.0.2.2 2517 s= 2518 c=IN IP4 192.0.2.2 2519 t=0 0 2520 m=audio 54568 RTP/AVPF 0 18 2521 a=rtcp-fb:0 nack 2523 Bob includes the same "rtcp-fb" attribute as before, and the session 2524 proceeds without change. Although Bob did not include any 2525 capabilities in his answer, he could have done so if he wanted to. 2527 Note that in this particular example, the answerer supported the SDP 2528 Capability Negotiation framework and hence the attributes and 2529 procedures defined here, however had he not, the answerer would 2530 simply have ignored the new attributes received in step 1 and 2531 accepted the offer to use normal RTP. In that case, the following 2532 answer would have been generated in step 2 instead: 2534 v=0 2535 o=- 24351 621814 IN IP4 192.0.2.2 2536 s= 2537 c=IN IP4 192.0.2.2 2538 t=0 0 2539 m=audio 54568 RTP/AVP 0 18 2541 4.3. Best-Effort SRTP with Session-Level MIKEY and Media Level Security 2542 Descriptions 2544 The following example illustrates how to use the SDP Capability 2545 Negotiation extensions to support so-called Best-Effort Secure RTP 2546 as well as alternative keying mechanisms, more specifically MIKEY 2547 [RFC3830] and SDP Security Descriptions. The offerer (Alice) wants 2548 to establish an audio and video session. Alice prefers to use 2549 session-level MIKEY as the key management protocol, but supports SDP 2550 security descriptions as well. 2552 The example is illustrated by the offer/answer exchange below, where 2553 Alice sends an offer to Bob: 2555 Alice Bob 2557 | (1) Offer (RTP/[S]AVP[F], SDES|MIKEY) | 2558 |--------------------------------------->| 2559 | | 2560 | (2) Answer (RTP/SAVP, SDES) | 2561 |<---------------------------------------| 2562 | | 2563 | (3) Offer (RTP/SAVP, SDES) | 2564 |--------------------------------------->| 2565 | | 2566 | (4) Answer (RTP/SAVP, SDES) | 2567 |<---------------------------------------| 2568 | | 2570 Alice's offer includes an audio and a video stream. The audio stream 2571 offers use of plain RTP and secure RTP as alternatives, whereas the 2572 video stream offers use of plain RTP, RTP with RTCP-based feedback, 2573 Secure RTP, and Secure RTP with RTCP-based feedback as alternatives: 2575 v=0 2576 o=- 25678 753849 IN IP4 192.0.2.1 2577 s= 2578 t=0 0 2579 c=IN IP4 192.0.2.1 2580 a=acap:1 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 2581 a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF 2582 m=audio 59000 RTP/AVP 98 2583 a=rtpmap:98 AMR/8000 2584 a=acap:2 crypto:1 AES_CM_128_HMAC_SHA1_32 2585 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 2586 a=pcfg:1 t=2 a=1|2 2587 m=video 52000 RTP/AVP 31 2588 a=rtpmap:31 H261/90000 2589 a=acap:3 crypto:1 AES_CM_128_HMAC_SHA1_80 2590 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 2591 a=acap:4 rtcp-fb:* nack 2592 a=pcfg:1 t=1 a=1,4|3,4 2593 a=pcfg:2 t=2 a=1|3 2594 a=pcfg:3 t=3 a=4 2596 The potential configuration for the audio stream specifies use of 2597 transport capability 2 (RTP/SAVP) and either attribute capability 1 2598 (session-level MIKEY as the keying mechanism) or 2 (SDP Security 2599 Descriptions as the keying mechanism). Support for either of these 2600 attribute capabilities is mandatory. There are three potential 2601 configurations for the video stream. 2603 o The first configuration with configuration number 1 uses 2604 transport capability 1 (RTP/SAVPF) with either attribute 2605 capabilities 1 and 4 (session-level MIKEY and the "rtcp-fb" 2606 attribute) or attribute capabilities 3 and 4 (SDP security 2607 descriptions and the "rtcp-fb" attribute). In this example, the 2608 offerer insists on not only the keying mechanism being supported, 2609 but also that the "rtcp-fb" attribute is supported with the value 2610 indicated. Consequently, all the attribute capabilities are 2611 marked as mandatory in this potential configuration. 2613 o The second configuration with configuration number 2 uses 2614 transport capability 2 (RTP/SAVP) and either attribute capability 2615 1 (session-level MIKEY) or attribute capability 3 (SDP security 2616 descriptions). Both attribute capabilities are mandatory in this 2617 configuration. 2619 o The third configuration with configuration number 3 uses 2620 transport capability 3 (RTP/AVPF) and mandatory attribute 2621 capability 4 (the "rtcp-fb" attribute). 2623 Bob receives the SDP offer from Alice. Bob supports Secure RTP, 2624 Secure RTP with RTCP-based feedback and the SDP Capability 2625 Negotiation extensions. Bob also supports SDP Security Descriptions, 2626 but not MIKEY, and hence he generates the following answer: 2628 v=0 2629 o=- 24351 621814 IN IP4 192.0.2.2 2630 s= 2631 t=0 0 2632 c=IN IP4 192.0.2.2 2633 m=audio 54568 RTP/SAVP 98 2634 a=rtpmap:98 AMR/8000 2635 a=crypto:1 AES_CM_128_HMAC_SHA1_32 2636 inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32 2637 a=acfg:1 t=2 a=2 2638 m=video 55468 RTP/SAVPF 31 2639 a=rtpmap:31 H261/90000 2640 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2641 inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32 2642 a=rtcp-fb:* nack 2643 a=acfg:1 t=1 a=3,4 2645 For the audio stream, Bob accepted the use of secure RTP, and hence 2646 the profile in the "m=" line is "RTP/SAVP". Bob also includes a 2647 "crypto" attribute with his own keying material, and an "acfg" 2648 attribute identifying actual configuration 1 for the audio media 2649 stream from the offer, using transport capability 2 (RTP/SAVP) and 2650 attribute capability 2 (the crypto attribute from the offer). For 2651 the video stream, Bob accepted the use of secure RTP with RTCP-based 2652 feedback, and hence the profile in the "m=" line is "RTP/SAVPF". Bob 2653 also includes a "crypto" attribute with his own keying material, and 2654 an "acfg" attribute identifying actual configuration 1 for the video 2655 stream from the offer, using transport capability 1 (RTP/SAVPF) and 2656 attribute capabilities 3 (the crypto attribute from the offer) and 4 2657 (the "rtcp-fb" attribute from the offer). 2659 When Alice receives Bob's answer, session negotiation has completed, 2660 however Alice nevertheless chooses to generate a new offer using the 2661 actual configuration. This is done purely to assist any 2662 intermediaries that may reside between Alice and Bob but do not 2663 support the capability negotiation extensions (and hence may not 2664 understand the negotiation that just took place): 2666 Alice's updated offer includes only SRTP for the audio stream SRTP 2667 with RTCP-based feedback for the video stream, and it is not using 2668 the SDP Capability Negotiation framework (Alice could have included 2669 the capabilities as well is she wanted to): 2671 v=0 2672 o=- 25678 753849 IN IP4 192.0.2.1 2673 s= 2674 t=0 0 2675 c=IN IP4 192.0.2.1 2676 m=audio 59000 RTP/SAVP 98 2677 a=rtpmap:98 AMR/8000 2678 a=crypto:1 AES_CM_128_HMAC_SHA1_32 2679 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 2680 m=video 52000 RTP/SAVPF 31 2681 a=rtpmap:31 H261/90000 2682 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2683 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 2684 a=rtcp-fb:* nack 2686 The "m=" line for the audio stream now indicates that Alice is 2687 offering to use secure RTP with PCMU or G.729, whereas the "m=" line 2688 for the video stream indicates that Alice is offering to use secure 2689 RTP with RTCP-based feedback and H.261. Each media stream includes a 2690 "crypto" attribute, which provides the SRTP keying material, with 2691 the same value again. 2693 Bob receives the SDP offer from Alice, which he accepts, and then 2694 generates an answer to Alice: 2696 v=0 2697 o=- 24351 621814 IN IP4 192.0.2.2 2698 s= 2699 t=0 0 2700 c=IN IP4 192.0.2.2 2701 m=audio 54568 RTP/SAVP 98 2702 a=rtpmap:98 AMR/8000 2703 a=crypto:1 AES_CM_128_HMAC_SHA1_32 2704 inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32 2705 m=video 55468 RTP/SAVPF 31 2706 a=rtpmap:31 H261/90000 2707 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2708 inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32 2709 a=rtcp-fb:* nack 2711 Bob includes the same crypto attribute as before, and the session 2712 proceeds without change. Although Bob did not include any 2713 capabilities in his answer, he could have done so if he wanted to. 2715 Note that in this particular example, the answerer supported the 2716 capability extensions defined here, however had he not, the answerer 2717 would simply have ignored the new attributes received in step 1 and 2718 accepted the offer to use normal RTP. In that case, the following 2719 answer would have been generated in step 2 instead: 2721 v=0 2722 o=- 24351 621814 IN IP4 192.0.2.2 2723 s= 2724 t=0 0 2725 c=IN IP4 192.0.2.2 2726 m=audio 54568 RTP/AVP 98 2727 a=rtpmap:98 AMR/8000 2728 m=video 55468 RTP/AVP 31 2729 a=rtpmap:31 H261/90000 2730 a=rtcp-fb:* nack 2732 Finally, if Bob had chosen to use session-level MIKEY instead of SDP 2733 security descriptions instead, the following answer would have been 2734 generated: 2736 v=0 2737 o=- 25678 753849 IN IP4 192.0.2.1 2738 s= 2739 t=0 0 2740 c=IN IP4 192.0.2.1 2741 a=key-mgmt:mikey AQEFgM0XflABAAAAAAAAAAAAAAYAyO... 2742 m=audio 59000 RTP/AVP 98 2743 a=rtpmap:98 AMR/8000 2744 a=acfg:1 t=2 a=1 2745 m=video 52000 RTP/SAVPF 31 2746 a=rtpmap:31 H261/90000 2747 a=rtcp-fb:* nack 2748 a=acfg:1 t=1 a=1,4 2750 It should be noted, that although Bob could have chosen session- 2751 level MIKEY for one media stream, and SDP Security Descriptions for 2752 another media stream, there are no well-defined offerer processing 2753 rules of the resulting answer for this, and hence the offerer may 2754 incorrectly assume use of MIKEY for both streams. To avoid this, if 2755 the answerer chooses session-level MIKEY, then all secure RTP based 2756 media streams SHOULD use MIKEY (this applies irrespective of whether 2757 SDP Capability Negotiation is being used or not). Use of media-level 2758 MIKEY does not have a similar constraint. 2760 4.4. SRTP with Session-Level MIKEY and Media Level Security 2761 Descriptions as Alternatives 2763 The following example illustrates how to use the SDP Capability 2764 Negotiation framework to negotiate use of either MIKEY or SDP 2765 Security Descriptions, when one of them is included as part of the 2766 actual configuration, and the other one is being selected. The 2767 offerer (Alice) wants to establish an audio and video session. Alice 2768 prefers to use session-level MIKEY as the key management protocol, 2769 but supports SDP security descriptions as well. 2771 The example is illustrated by the offer/answer exchange below, where 2772 Alice sends an offer to Bob: 2774 Alice Bob 2776 | (1) Offer (RTP/[S]AVP[F], SDES|MIKEY) | 2777 |--------------------------------------->| 2778 | | 2779 | (2) Answer (RTP/SAVP, SDES) | 2780 |<---------------------------------------| 2781 | | 2783 Alice's offer includes an audio and a video stream. Both the audio 2784 and the video stream offer use of secure RTP: 2786 v=0 2787 o=- 25678 753849 IN IP4 192.0.2.1 2788 s= 2789 t=0 0 2790 c=IN IP4 192.0.2.1 2791 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 2792 m=audio 59000 RTP/SAVP 98 2793 a=rtpmap:98 AMR/8000 2794 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32 2795 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 2796 a=pcfg:1 a=-s:1 2797 m=video 52000 RTP/SAVP 31 2798 a=rtpmap:31 H261/90000 2799 a=acap:2 crypto:1 AES_CM_128_HMAC_SHA1_80 2800 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 2801 a=pcfg:1 a=-s:2 2803 Alice does not know whether Bob supports MIKEY or SDP Security 2804 Descriptions. She could include attributes for both, however the 2805 resulting procedures and potential interactions are not well- 2806 defined. Instead, she places a session-level key-mgmt attribute for 2807 MIKEY in the actual configuration with SDP security descriptions as 2808 an alternative in the potential configuration. The potential 2809 configuration for the audio stream specifies that all session level 2810 attributes are to be deleted (i.e. the session-level "a=key-mgmt" 2811 attribute) and that mandatory attribute capability 2 is to be used 2812 (i.e. the crypto attribute). The potential configuration for the 2813 video stream is similar, except it uses it's own mandatory crypto 2814 attribute capability (2). Note how deletion of the session-level 2815 attributes does not affect the media-level attributes. 2817 Bob receives the SDP offer from Alice. Bob supports Secure RTP and 2818 the SDP Capability Negotiation framework. Bob also supports both SDP 2819 Security Descriptions and MIKEY. Since the potential configuration 2820 is more preferred than the actual configuration, Bob (conceptually) 2821 generates an internal potential configuration SDP that contains the 2822 crypto attributes for the audio and video stream, but not the key- 2823 mgmt attribute for MIKEY, thereby avoiding any ambiguity between the 2824 two keying mechanisms. As a result, he generates the following 2825 answer: 2827 v=0 2828 o=- 24351 621814 IN IP4 192.0.2.2 2829 s= 2830 t=0 0 2831 c=IN IP4 192.0.2.2 2832 m=audio 54568 RTP/SAVP 98 2833 a=rtpmap:98 AMR/8000 2834 a=crypto:1 AES_CM_128_HMAC_SHA1_32 2835 inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32 2836 a=acfg:1 a=-s:1 2837 m=video 55468 RTP/SAVP 31 2838 a=rtpmap:31 H261/90000 2839 a=crypto:1 AES_CM_128_HMAC_SHA1_80 2840 inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32 2841 a=acfg:1 a=-s:2 2843 For the audio stream, Bob accepted the use of secure RTP using SDP 2844 security descriptions. Bob therefore includes a "crypto" attribute 2845 with his own keying material, and an "acfg" attribute identifying 2846 actual configuration 1 for the audio media stream from the offer, 2847 with the delete-attributes ("-s") and attribute capability 1 (the 2848 crypto attribute from the offer). For the video stream, Bob also 2849 accepted the use of secure RTP using SDP security descriptions. Bob 2850 therefore includes a "crypto" attribute with his own keying 2851 material, and an "acfg" attribute identifying actual configuration 1 2852 for the video stream from the offer, with the delete-attributes ("- 2853 s") and attribute capability 2. 2855 Below, we illustrate the offer SDP, when Bob instead offers the 2856 "crypto" attribute as the actual configuration keying mechanism and 2857 "key-mgmt" as the potential configuration: 2859 v=0 2860 o=- 25678 753849 IN IP4 192.0.2.1 2861 s= 2862 t=0 0 2863 c=IN IP4 192.0.2.1 2864 a=acap:1 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... 2865 m=audio 59000 RTP/SAVP 98 2866 a=rtpmap:98 AMR/8000 2867 a=crypto:1 AES_CM_128_HMAC_SHA1_32 2868 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 2869 a=acap:2 rtpmap:98 AMR/8000 2870 a=pcfg:1 a=-m:1,2 2871 m=video 52000 RTP/SAVP 31 2872 a=rtpmap:31 H261/90000 2873 a=acap:3 crypto:1 AES_CM_128_HMAC_SHA1_80 2874 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 2875 a=acap:4 rtpmap:31 H261/90000 2876 a=pcfg:1 a=-m:1,4 2878 Note how we this time need to perform delete-attributes at the 2879 media-level instead of the session-level. When doing that, all 2880 attributes from the actual configuration SDP, including the rtpmaps 2881 provided, are removed. Consequently, we had to include these rtpmaps 2882 as capabilities as well, and then include them in the potential 2883 configuration, thereby effectively recreating the original rtpmap 2884 attributes in the resulting potential configuration SDP. 2886 5. Security Considerations 2888 The SDP Capability Negotiation Framework is defined to be used 2889 within the context of the offer/answer model, and hence all the 2890 offer/answer security considerations apply here as well. Similarly, 2891 the Session Initiation Protocol (SIP) uses SDP and the offer/answer 2892 model, and hence, when used in that context, the SIP security 2893 considerations apply as well. 2895 However, SDP Capability Negotiation introduces additional security 2896 issues. Its use as a mechanism to enable alternative transport 2897 protocol negotiation (secure and non-secure) as well as its ability 2898 to negotiate use of more or less secure keying methods and material 2899 warrant further security considerations. Also, the (continued) 2900 support for receiving media before answer combined with negotiation 2901 of alternative transport protocols (secure and non-secure) warrant 2902 further security considerations. We discuss these issues below. 2904 The SDP Capability Negotiation framework allows for an offered media 2905 stream to both indicate and support various levels of security for 2906 that media stream. Different levels of security can for example be 2907 negotiated by use of alternative attribute capabilities each 2908 indicating more or less secure keying methods as well as more or 2909 less strong ciphers. Since the offerer indicates support for each of 2910 these alternatives, he will presumably accept the answerer seemingly 2911 selecting any of the offered alternatives. If an attacker can modify 2912 the SDP offer, he can thereby force the negotiation of the weakest 2913 security mechanism that the offerer is willing to accept. This may 2914 enable the attacker to compromise the security of the negotiated 2915 media stream. Similarly, if the offerer wishes to negotiate use of a 2916 secure media stream (e.g. secure RTP), but includes a non-secure 2917 media stream (e.g. plain RTP) as a valid (but less preferred) 2918 alternative, then an attacker that can modify the offered SDP will 2919 be able to force the establishment of an insecure media stream. The 2920 solution to both of these problems involves the use of integrity 2921 protection over the SDP. Ideally, this integrity protection provides 2922 end-to-end integrity protection in order to protect from any man-in- 2923 the-middle attack; secure multiparts such as S/MIME [RFC3851] 2924 provide one such solution, however S/MIME requires use and 2925 availability of a Public Key Infrastructure (PKI). A slightly less 2926 secure alternative when using SIP, but generally much easier to 2927 deploy in practice (since it does not require a PKI), is to use SIP 2928 Identity [RFC4474]; this requires the existence of an authentication 2929 service (see [RFC4474]). Yet another, and considerably less secure, 2930 alternative is to use hop-by-hop security only, e.g. TLS or IPSec 2931 thereby ensuring the integrity of the offered SDP on a hop-by-hop 2932 basis. Note however that SIP proxies or other intermediaries 2933 processing the SIP request at each hop are able to perform a man-in- 2934 the-middle attack by modifying the offered SDP. 2936 Per the normal offer/answer procedures, as soon as the offerer has 2937 generated an offer, the offerer must be prepared to receive media in 2938 accordance with that offer. The SDP Capability Negotiation preserves 2939 that behavior for the actual configuration in the offer, however the 2940 offerer has no way of knowing which configuration (actual or 2941 potential) configuration was selected by the offerer, until an 2942 answer indication is received. This opens up a new security issue 2943 where an attacker may be able to interject media towards the offerer 2944 until the answer is received. For example, the offerer may use plain 2945 RTP as the actual configuration and secure RTP as an alternative 2946 potential configuration. Even though the answerer selects secure 2947 RTP, the offerer will not know that until he receives the answer, 2948 and hence an attacker will be able to send media to the offerer 2949 meanwhile. The easiest protection against such an attack is to not 2950 offer use of the non-secure media stream in the actual 2951 configuration, however that may in itself have undesirable side- 2952 effects: If the answerer does not support the secure media stream 2953 and also does not support the capability negotiation framework, then 2954 negotiation of the media stream will fail. Alternatively, SDP 2955 security preconditions [RFC5027] can be used. This will ensure that 2956 media is not flowing until session negotiation has completed and 2957 hence the selected configuration is known. Use of preconditions 2958 however requires both sides to support them. If they don't, and use 2959 of them is required, the session will fail. As a (limited) work 2960 around to this, it is RECOMMENDED that SIP entities generate an 2961 answer SDP and send it to the offerer as soon as possible, for 2962 example in a 183 Session Progress message. This will limit the time 2963 during which an attacker can send media to the offerer. Section 3.9. 2964 presents other alternatives as well. 2966 Additional security considerations apply to the answer SDP as well. 2967 The actual configuration attribute tells the offerer which potential 2968 configuration the answer was based on, and hence an attacker that 2969 can either modify or remove the actual configuration attribute in 2970 the answer can cause session failure as well as extend the time 2971 window during which the offerer will accept incoming media that does 2972 not conform to the actual answer. The solutions to this SDP answer 2973 integrity problem are the same as for the offer, i.e. use of end-to- 2974 end integrity protection, SIP identity, or hop-by-hop protection. 2975 The mechanism to use depends on the mechanisms supported by the 2976 offerer as well as the acceptable security trade-offs. 2978 As described in Section 3.1. , SDP Capability Negotiation 2979 conceptually allows an offerer to include many different offers in a 2980 single SDP. This can cause the answerer to process a large number of 2981 alternative potential offers, which can consume significant memory 2982 and CPU resources. An attacker can use this amplification feature to 2983 launch a denial of service attack against the answerer. The answerer 2984 MUST protect itself from such attacks. As explained in Section 3.10. 2985 , the answerer can help reduce the effects of such an attack by 2986 first discarding all potential configurations that contain 2987 unsupported transport protocols, unsupported or invalid mandatory 2988 attribute capabilities, or unsupported mandatory extension 2989 configurations. The answerer SHOULD also look out for potential 2990 configurations that are designed to pass the above test, but 2991 nevertheless produce a large number of potential configuration SDPs 2992 that cannot be supported. 2994 A possible way of achieving that is for an attacker to find a 2995 valid session-level attribute that causes conflicts or otherwise 2996 interferes with individual media description configurations. 2997 Currently, we do not know of such an SDP attribute, however this 2998 does not mean it does not exist, or that it will not exist in the 2999 future. If such attributes are found to exist, implementers should 3000 explicitly protect against them. 3002 A significant number of valid and supported potential configurations 3003 may remain. However, since all of those contain only valid and 3004 supported transport protocols and attributes, it is expected that 3005 only a few of them will need to be processed on average. Still, the 3006 answerer MUST ensure that it does not needlessly consume large 3007 amounts of memory or CPU resources when processing those as well as 3008 be prepared to handle the case where a large number of potential 3009 configurations still need to be processed. 3011 6. IANA Considerations 3013 6.1. New SDP Attributes 3015 The IANA is hereby requested to register the following new SDP 3016 attributes as follows: 3018 Attribute name: csup 3019 Long form name: Supported capability negotiation extensions 3020 Type of attribute: Session-level and media-level 3021 Subject to charset: No 3022 Purpose: Option tags for supported SDP capability 3023 negotiation extensions 3024 Appropriate values: See Section 3.3.1. 3026 Attribute name: creq 3027 Long form name: Required capability negotiation extensions 3028 Type of attribute: Session-level and media-level 3029 Subject to charset: No 3030 Purpose: Option tags for required SDP capability 3031 negotiation extensions 3032 Appropriate values: See Section 3.3.2. 3034 Attribute name: acap 3035 Long form name: Attribute capability 3036 Type of attribute: Session-level and media-level 3037 Subject to charset: No 3038 Purpose: Attribute capability containing an attribute 3039 name and associated value 3040 Appropriate values: See Section 3.4.1. 3042 Attribute name: tcap 3043 Long form name: Transport Protocol Capability 3044 Type of attribute: Session-level and media-level 3045 Subject to charset: No 3046 Purpose: Transport protocol capability listing one or 3047 more transport protocols 3048 Appropriate values: See Section 3.4.2. 3050 Attribute name: pcfg 3051 Long form name: Potential Configuration 3052 Type of attribute: Media-level 3053 Subject to charset: No 3054 Purpose: Potential configuration for SDP capability 3055 negotiation 3056 Appropriate values: See Section 3.5.1. 3058 Attribute name: acfg 3059 Long form name: Actual configuration 3060 Type of attribute: Media-level 3061 Subject to charset: No 3062 Purpose: Actual configuration for SDP capability 3063 negotiation 3064 Appropriate values: See Section 3.5.2. 3066 6.2. New SDP Capability Negotiation Option Tag Registry 3068 The IANA is hereby requested to create a new SDP Capability 3069 Negotiation Option Tag registry. An IANA SDP Capability Negotiation 3070 option tag registration MUST be documented in an RFC in accordance 3071 with the [RFC2434] Specification Required policy. The RFC MUST 3072 provide the name of the option tag, a syntax and a semantic 3073 specification of any new SDP attributes and any extensions to the 3074 potential and actual configuration attributes provided in this 3075 document. New SDP attributes that are intended to be capabilities 3076 for use by the capability negotiation framework MUST adhere to the 3077 guidelines provided in Section 3.4.3. Extensions to the potential 3078 and actual configuration attributes MUST adhere to the syntax 3079 provided in Section 3.5.1. and 3.5.2. 3081 The option tag "cap-v0" is defined in this document and the IANA is 3082 hereby requested to register this option tag. 3084 6.3. New SDP Capability Negotiation Potential Configuration Parameter 3085 Registry 3087 The IANA is hereby requested to create a new SDP Capability 3088 Negotiation Potential Configuration Parameter registry. An IANA SDP 3089 Capability Negotiation potential configuration registration MUST be 3090 documented in an RFC in accordance with the [RFC2434] Specification 3091 Required policy. The RFC MUST define the syntax and semantics of 3092 each new potential configuration parameter. The syntax MUST adhere 3093 to the syntax provided for extensions in Section 3.5.1. and the 3094 semantics MUST adhere to the semantics provided for extensions in 3095 Section 3.5.1. and 3.5.2. Associated with each registration MUST be 3096 the encoding name for the parameter as well as a short descriptive 3097 name for it. 3099 The potential configuration parameters "a" for "attribute" and "t" 3100 for "transport protocol" are defined in this document and the IANA 3101 is hereby requested to register these. 3103 7. Acknowledgments 3105 This document is heavily influenced by the discussions and work done 3106 by the SDP Capability Negotiation Design team. The following people 3107 in particular provided useful comments and suggestions to either the 3108 document itself or the overall direction of the solution defined in 3109 here: Francois Audet, John Elwell, Roni Even, Robert Gilman, Cullen 3110 Jennings, Jonathan Lennox, Matt Lepinski, Joerg Ott, Colin Perkins, 3111 Jonathan Rosenberg, Thomas Stach, and Dan Wing. 3113 8. Change Log 3115 8.1. draft-ietf-mmusic-sdp-capability-negotiation-07 3117 o Removed the ability to have attribute capabilities provide 3118 attribute names without values, when those attributes otherwise 3119 require an associated value. 3121 o Document no longer obsoletes RFC 3407 but instead recommends that 3122 it is being used instead of RFC 3407. 3124 o Added ability to specific that specific extensions in a potential 3125 configuration are mandatory. 3127 o Changed ABNF for extension-config-list in potential 3128 configurations. 3130 o Removed the redundant "a=" part of attribute capabilities. 3132 o Clarified what it means to support an attribute capability in the 3133 offer/answer procedures. 3135 o Changed "a=acap" attribute and offer/answer procedures to include 3136 only the known and supported attribute capabilities. 3138 o Added new section on indicating bandwidth usage. 3140 8.2. draft-ietf-mmusic-sdp-capability-negotiation-06 3142 o Added additional background text on terminology used, and a new 3143 section on the negotiation model. 3145 o Allowed for session-level attribute capabilities to contain 3146 media-level only attributes, albeit the base framework does not 3147 define (or allow) them to be used in a potential configuration 3148 (extensions may change that) 3150 o Disallowing multiple "a=tcap" attributes at the session-level 3151 and/or on a per media description basis; at most one at the 3152 session-level and per media description now. 3154 o Changed the "a=pcfg" attribute to make a potential configuration 3155 list optional in order to allow for the actual configuration to 3156 be referenced. 3158 o Removed the ability to delete and replace individual attributes 3159 from the actual configuration SDP. 3161 o Introduced the notion of mandatory and optional attribute 3162 capabilities in a potential configuration and updated the 3163 "a=pcfg" attribute and associated procedures accordingly. 3165 o Specified that mandatory attribute capabilities and the transport 3166 protocol (if any) from a potential configuration need to be 3167 supported in order to select that potential configuration. 3168 Offer/answer procedures updated accordingly as well. 3170 o Noted potential interaction and synchronization issues with use 3171 of session-level attributes and attribute capabilities and added 3172 recommendation to avoid use of session-level attributes when 3173 possible. 3175 o Fixed error in "a=acfg" grammar (missing config-number) and 3176 updated attribute definition in accordance with the "a=pcfg" 3177 attribute changes. 3179 o Updated text associated with processing media before answer to 3180 allow for playing out garbage or discard until answer received. 3181 Additional detail on alternative solutions provided as well. 3183 o Added recommendation to send back answer SDP as soon as possible, 3184 when a potential configuration different from the actual 3185 configuration has been chosen. 3187 o Added new section on interactions with SIP option tags. 3189 o Added new section on dealing with large number of potential 3190 configurations. 3192 o Added new section on SDP capability negotiation and 3193 intermediaries. 3195 o Updated examples in accordance with other changes and to 3196 illustrate use of mandatory and optional attribute capabilities 3197 in a potential configuration. 3199 o Updated security considerations to address potential denial of 3200 service attack caused by large number of potential 3201 configurations. 3203 o Various editorial updates throughout. 3205 8.3. draft-ietf-mmusic-sdp-capability-negotiation-05 3207 o Allowed for '=' attributes to be listed as attribute 3208 capabilities the attribute name only. 3210 o Changed IP-address to conform to RFC 3330 guidelines. 3212 o Added section on relationship to RFC 3407 and "Obsoletes: 3407" 3213 in the front. 3215 o Disallowed use of white space in a number of places for more 3216 consistency with existing SDP practice 3218 o Changed "csup" and "creq" attributes to not allow multiple 3219 instances at the session-level and multiple instances per media 3220 description (only one for each now) 3222 o Changed to not require use of "creq" with base option tag ("cap- 3223 v0"). 3225 o Relaxed restrictions on extension capabilities 3227 o Updated potential configuration attribute syntax and semantics. 3228 In particular, potential configuration attributes can now replace 3229 and delete various existing attributes in original SDP to better 3230 control potential attribute interactions with the actual 3231 configuration while preserving message size efficiency. 3233 o Updated actual configuration attribute to align with the updates 3234 to the potential configuration attributes. 3236 o Updated offer/answer procedures to align with other changes. 3238 o Changed recommendation for second offer/answer exchange to "MAY" 3239 strength, unless for the cases where it is known or suspected 3240 that it is needed. 3242 o Updated ICE interactions to explain how the new attribute 3243 delete/replace features can solve certain potential interactions. 3245 o Updated rtpmap and fmtp section to allow potential configurations 3246 to use remapped payload types in attribute capabilities for 3247 rtpmaps and fmtp parameters. 3249 o Added section on direction attributes. 3251 o Added another example showing SRTP with session-level MIKEY and 3252 SDP Security Descriptions using the attribute capability DELETE 3253 operator. 3255 8.4. draft-ietf-mmusic-sdp-capability-negotiation-04 3257 The following are the major changes compared to version -03: 3259 o Added explicit ordering rules for attributes added by potential 3260 configurations. 3262 o Noted that ICE interaction issues (ice-tcp specifically) may not 3263 be as clear as originally thought. 3265 o Added considerations on using rtpmap and fmtp attributes as 3266 attribute capabilities. 3268 o Added multiple transport protocol example. 3270 o Added session-level MIKEY and media level security descriptions 3271 example. 3273 8.5. draft-ietf-mmusic-sdp-capability-negotiation-03 3275 The following are the major changes compared to version -02: 3277 o Base option tag name changed from "v0" to "cap-v0". 3279 o Added new section on extension capability attributes 3281 o Firmed up offer/answer procedures. 3283 o Added security considerations 3285 o Added IANA considerations 3287 8.6. draft-ietf-mmusic-sdp-capability-negotiation-02 3289 The following are the major changes compared to version -01: 3291 o Potential configurations are no longer allowed at the session 3292 level 3294 o Renamed capability attributes ("capar" to "acap" and "ctrpr" to 3295 "tcap") 3297 o Changed name and semantics of the initial number (now called 3298 configuration number) in potential configuration attributes; must 3299 now be unique and can be used as a handle 3301 o Actual configuration attribute now includes configuration number 3302 from the selected potential configuration attribute 3304 o Added ABNF throughout 3306 o Specified that answerer should include "a=csup" in case of 3307 unsupported required extensions in offer. 3309 o Specified use of second offer/answer exchange when answerer 3310 selected a potential configuration 3312 o Updated rules (and added restrictions) for referencing media- and 3313 session-level capabilities in potential configurations (at the 3314 media level) 3316 o Added initial section on ICE interactions 3318 o Added initial section on receiving media before answer 3320 8.7. draft-ietf-mmusic-sdp-capability-negotiation-01 3322 The following are the major changes compared to version -00: 3324 o Media capabilities are no longer considered a core capability and 3325 hence have been removed. This leaves transport protocols and 3326 attributes as the only capabilities defined by the core. 3328 o Version attribute has been removed and an option tag to indicate 3329 the actual version has been defined instead. 3331 o Clarified rules for session-level and media level attributes 3332 provided at either level as well how they can be used in 3333 potential configurations. 3335 o Potential configuration parameters no longer have implicit 3336 ordering; an explicit preference indicator is now included. 3338 o The parameter name for transport protocols in the potential and 3339 actual configuration attributes have been changed "p" to "t". 3341 o Clarified operator precedence within potential and actual 3342 configuration attributes. 3344 o Potential configurations at the session level now limited to 3345 indicate latent capability configurations. Consequently, an 3346 actual configuration attribute can no longer be provided at the 3347 session level. 3349 o Cleaned up capability and potential configuration terminology - 3350 they are now two clearly different things. 3352 8.8. draft-ietf-mmusic-sdp-capability-negotiation-00 3354 Version 00 is the initial version. The solution provided in this 3355 initial version is based on an earlier (individual submission) 3356 version of [SDPCapNeg]. The following are the major changes compared 3357 to that document: 3359 o Solution no longer based on RFC 3407, but defines a set of 3360 similar attributes (with some differences). 3362 o Various minor changes to the previously defined attributes. 3364 o Multiple transport capabilities can be included in a single 3365 "tcap" attribute 3367 o A version attribute is now included. 3369 o Extensions to the framework are formally supported. 3371 o Option tags and the ability to list supported and required 3372 extensions are supported. 3374 o A best-effort SRTP example use case has been added. 3376 o Some terminology change throughout to more clearly indicate what 3377 constitutes capabilities and what constitutes configurations. 3379 9. References 3381 9.1. Normative References 3383 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3384 Requirement Levels", BCP 14, RFC 2119, March 1997. 3386 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 3387 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 3388 October 1998. 3390 [RFC3264] Rosenberg, J., and H. Schulzrinne, "An Offer/Answer Model 3391 with Session Description Protocol (SDP)", RFC 3264, June 3392 2002. 3394 [RFC3407] F. Andreasen, "Session Description Protocol (SDP) Simple 3395 Capability Declaration", RFC 3407, October 2002. 3397 [RFC4234] Crocker, D., and P. Overell, "Augmented BNF for Syntax 3398 Specifications: ABNF", RFC 4234, October 2005. 3400 [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 3401 Description Protocol", RFC 4566, July 2006. 3403 9.2. Informative References 3405 [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, 3406 A., Peterson, J., Sparks, R., Handley, M., and E. 3407 Schooler, "SIP: Session Initiation Protocol", RFC 3261, 3408 June 2002. 3410 [RFC3312] G. Camarillo, W. Marshall, and J. Rosenberg, "Integration 3411 of Resource Management and Session Initiatio Protocol 3412 (SIP)", RFC 3312, October 2002. 3414 [RFC3262] J. Rosenberg, and H. Schulzrinne, "Reliability of 3415 Provisional Responses in Session Initiation Protocol 3416 (SIP)", RFC 3262, June 2002. 3418 [RFC3388] Camarillo, G., Eriksson, G., Holler, J., and H. 3419 Schulzrinne, "Grouping of Media Lines in the Session 3420 Description Protocol (SDP)", RFC 3388, December 2002. 3422 [RFC3551] Schulzrinne, H., and S. Casner, "RTP Profile for Audio and 3423 Video Conferences with Minimal Control", RFC 3551, July 3424 2003. 3426 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 3427 Norrman, "The Secure Real-time Transport Protocol 3428 (SRTP).", RFC 3711, March 2004. 3430 [RFC3830] J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. 3431 Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830, 3432 August 2004. 3434 [RFC3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions 3435 (S/MIME) Version 3.1 Message Specification", RFC 3851, 3436 July 2004. 3438 [RFC3890] M. Westerlund, "A Transport Independent Bandwidth Modifier 3439 for the Session Description Protocol (SDP).", RFC 3890, 3440 September 2004. 3442 [RFC4474] J. Peterson, and C. Jennings, "Enhancements for 3443 Authenticated Identity Management in the Session 3444 Initiation Protocol (SIP)", RFC 4474, August 2006. 3446 [RFC4567] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E. 3447 Carrara, "Key Management Extensions for Session 3448 Description Protocol (SDP) and Real Time Streaming 3449 Protocol (RTSP)", RFC 4567, July 2006. 3451 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 3452 Description Protocol Security Descriptions for Media 3453 Streams", RFC 4568, July 2006. 3455 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 3456 "Extended RTP Profile for Real-Time Transport Control 3457 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, July 3458 2006. 3460 [RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. 3461 Hakenberg, "RTP Retransmission Payload Format", RFC 4588, 3462 July 2006. 3464 [RFC4756] A. Li, "Forward Error Correction Grouping Semantics in 3465 Session Description Protocol", RFC 4756, November 2006. 3467 [RFC5027] Andreasen, F. and D. Wing, "Security Preconditions for 3468 Session Description Protocol Media Streams", RFC 5027, 3469 October 2007. 3471 [BESRTP] Kaplan, H., and F. Audet, "Session Description Protocol 3472 (SDP) Offer/Answer Negotiation for Best-Effort Secure 3473 Real-Time Transport Protocol, Work in progress, August 3474 2006. 3476 [ICE] J. Rosenberg, "Interactive Connectivity Establishment 3477 (ICE): A Methodology for Network Address Translator (NAT) 3478 Traversal for Offer/Answer Protocols", work in progress, 3479 September 2007. 3481 [ICETCP] J. Rosenberg, "TCP Candidates with Interactive 3482 Connectivity Establishment (ICE)", work in progress, July 3483 2007. 3485 [SAVPF] Ott, J., and E Carrara, "Extended Secure RTP Profile for 3486 RTCP-based Feedback (RTP/SAVPF)", Work in Progress, May 3487 2007. 3489 [SDPCapNeg] Andreasen, F. "SDP Capability Negotiation", work in 3490 progress, December 2006. 3492 [SDPng] Kutscher, D., Ott, J., and C. Bormann, "Session 3493 Description and Capability Negotiation", Work in Progress, 3494 February 2005. 3496 Author's Addresses 3498 Flemming Andreasen 3499 Cisco Systems 3500 Edison, NJ 3502 Email: fandreas@cisco.com 3504 Intellectual Property Statement 3506 The IETF takes no position regarding the validity or scope of any 3507 Intellectual Property Rights or other rights that might be claimed 3508 to pertain to the implementation or use of the technology described 3509 in this document or the extent to which any license under such 3510 rights might or might not be available; nor does it represent that 3511 it has made any independent effort to identify any such rights. 3512 Information on the procedures with respect to rights in RFC 3513 documents can be found in BCP 78 and BCP 79. 3515 Copies of IPR disclosures made to the IETF Secretariat and any 3516 assurances of licenses to be made available, or the result of an 3517 attempt made to obtain a general license or permission for the use 3518 of such proprietary rights by implementers or users of this 3519 specification can be obtained from the IETF on-line IPR repository 3520 at http://www.ietf.org/ipr. 3522 The IETF invites any interested party to bring to its attention any 3523 copyrights, patents or patent applications, or other proprietary 3524 rights that may cover technology that may be required to implement 3525 this standard. Please address the information to the IETF at 3526 ietf-ipr@ietf.org. 3528 Full Copyright Statement 3530 Copyright (C) The IETF Trust (2007). 3532 This document is subject to the rights, licenses and restrictions 3533 contained in BCP 78, and except as set forth therein, the authors 3534 retain all their rights. 3536 This document and the information contained herein are provided on 3537 an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 3538 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE 3539 IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL 3540 WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 3541 WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE 3542 ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS 3543 FOR A PARTICULAR PURPOSE. 3545 Acknowledgment 3547 Funding for the RFC Editor function is currently provided by the 3548 Internet Society.