Guidelines for Choosing RTP Control Protocol (RTCP) Canonical Names (CNAMEs)
draft-ietf-avtcore-6222bis-05
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7022.
|
|
|---|---|---|---|
| Authors | Ali C. Begen , Colin Perkins , Dan Wing , Eric Rescorla | ||
| Last updated | 2013-07-08 | ||
| Replaces | draft-rescorla-avtcore-6222bis | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Magnus Westerlund | ||
| Shepherd write-up | Show Last changed 2013-06-21 | ||
| IESG | IESG state | Became RFC 7022 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date |
(None)
Needs a YES. Needs 10 more YES or NO OBJECTION positions to pass. |
||
| Responsible AD | Richard Barnes | ||
| Send notices to | avtcore-chairs@tools.ietf.org, draft-ietf-avtcore-6222bis@tools.ietf.org | ||
| IANA | IANA review state | Version Changed - Review Needed |
draft-ietf-avtcore-6222bis-05
Network Working Group A. Begen
Internet-Draft Cisco
Obsoletes: 6222 (if approved) C. Perkins
Updates: 3550 (if approved) University of Glasgow
Intended status: Standards Track D. Wing
Expires: January 09, 2014 Cisco
E. Rescorla
RTFM, Inc.
July 08, 2013
Guidelines for Choosing RTP Control Protocol (RTCP)
Canonical Names (CNAMEs)
draft-ietf-avtcore-6222bis-05
Abstract
The RTP Control Protocol (RTCP) Canonical Name (CNAME) is a
persistent transport-level identifier for an RTP endpoint. While the
Synchronization Source (SSRC) identifier of an RTP endpoint may
change if a collision is detected or when the RTP application is
restarted, its RTCP CNAME is meant to stay unchanged, so that RTP
endpoints can be uniquely identified and associated with their RTP
media streams.
For proper functionality, RTCP CNAMEs should be unique within the
participants of an RTP session. However, the existing guidelines for
choosing the RTCP CNAME provided in the RTP standard are insufficient
to achieve this uniqueness. RFC 6222 was published to update those
guidelines to allow endpoints to choose unique RTCP CNAMEs.
Unfortunately, later investigations showed that some parts of the new
algorithms were unnecessarily complicated and/or ineffective. This
document addresses these concerns and replaces RFC 6222.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Begen, et al. Expires January 09, 2014 [Page 1]
Internet-Draft Choosing an RTCP CNAME July 2013
This Internet-Draft will expire on January 09, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3
3. Deficiencies with Earlier Guidelines for Choosing an RTCP
CNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Choosing an RTCP CNAME . . . . . . . . . . . . . . . . . . . 4
4.1. Persistent RTCP CNAMEs versus Per-Session RTCP CNAMEs . . 4
4.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 5
5. Procedure to Generate a Unique Identifier . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6.1. Considerations on Uniqueness of RTCP CNAMEs . . . . . . . 7
6.2. Session Correlation Based on RTCP CNAMEs . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 8
1. Introduction
Begen, et al. Expires January 09, 2014 [Page 2]
Internet-Draft Choosing an RTCP CNAME July 2013
In Section 6.5.1 of [RFC3550], there are a number of recommendations
for choosing a unique RTCP CNAME for an RTP endpoint. However, in
practice, some of these methods are not guaranteed to produce a
unique RTCP CNAME. [RFC6222] updated the guidelines for choosing
RTCP CNAMEs, superseding those presented in Section 6.5.1 of
[RFC3550]. Unfortunately, some parts of the new algorithms are
rather complicated and also produce RTCP CNAMEs which in some cases
are potentially linkable over multiple RTCP sessions even if a new
RTCP CNAME is generated for each session. This document specifies a
replacement for the algorithm in Section 5 of [RFC6222], which does
not have this limitation and is also simpler to implement.
For a discussion on the linkability of RTCP CNAMES produced by
[RFC6222], refer to [I-D.rescorla-avtcore-random-cname].
2. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
3. Deficiencies with Earlier Guidelines for Choosing an RTCP CNAME
The recommendation in [RFC3550] is to generate an RTCP CNAME of the
form "user@host" for multiuser systems, or "host" if the username is
not available. The "host" part is specified to be the fully
qualified domain name (FQDN) of the host from which the real-time
data originates. While this guidance was appropriate at the time
[RFC3550] was written, FQDNs are no longer necessarily unique and can
sometimes be common across several endpoints in large service
provider networks. This document replaces the use of FQDN as an RTCP
CNAME by alternative mechanisms.
IPv4 addresses are also suggested for use in RTCP CNAMEs in
[RFC3550], where the "host" part of the RTCP CNAME is the numeric
representation of the IPv4 address of the interface from which the
RTP data originates. As noted in [RFC3550], the use of private
network address space [RFC1918] can result in hosts having network
addresses that are not globally unique. Additionally, this shared
use of the same IPv4 address can also occur with public IPv4
addresses if multiple hosts are assigned the same public IPv4 address
and connected to a Network Address Translation (NAT) device
[RFC3022]. When multiple hosts share the same IPv4 address, whether
private or public, using the IPv4 address as the RTCP CNAME leads to
RTCP CNAMEs that are not necessarily unique.
Begen, et al. Expires January 09, 2014 [Page 3]
Internet-Draft Choosing an RTCP CNAME July 2013
It is also noted in [RFC3550] that if hosts with private addresses
and no direct IP connectivity to the public Internet have their RTP
packets forwarded to the public Internet through an RTP-level
translator, they could end up having non-unique RTCP CNAMEs. The
suggestion in [RFC3550] is that such applications provide a
configuration option to allow the user to choose a unique RTCP CNAME;
this technique puts the burden on the translator to translate RTCP
CNAMEs from private addresses to public addresses if necessary to
keep private addresses from being exposed. Experience has shown that
this does not work well in practice.
4. Choosing an RTCP CNAME
It is difficult, and in some cases impossible, for a host to
determine if there is a NAT between itself and its RTP peer.
Furthermore, even some public IPv4 addresses can be shared by
multiple hosts in the Internet. Using the numeric representation of
the IPv4 address as the "host" part of the RTCP CNAME is NOT
RECOMMENDED.
4.1. Persistent RTCP CNAMEs versus Per-Session RTCP CNAMEs
The RTCP CNAME can be either persistent across different RTP sessions
for an RTP endpoint or unique per session, meaning that an RTP
endpoint chooses a different RTCP CNAME for each RTP session.
An RTP endpoint that is emitting multiple related RTP streams that
require synchronization at the other endpoint(s) MUST use the same
RTCP CNAME for all streams that are to be synchronized. This
requires a short-term persistent RTCP CNAME that is common across
several RTP streams, and potentially across several related RTP
sessions. A common example of such use occurs when lip-syncing audio
and video streams in a multimedia session, where a single participant
has to use the same RTCP CNAME for its audio RTP session and for its
video RTP session. Another example might be to synchronize the
layers of a layered audio codec, where the same RTCP CNAME has to be
used for each layer.
If the multiple RTP streams in an RTP session are not related, thus
do not require synchronization, an RTP endpoint can use different
RTCP CNAMEs for these streams.
A longer-term persistent RTCP CNAME is sometimes useful to facilitate
third-party monitoring, consistent with [RFC3550]. One such use
might be to allow network management tools to correlate the ongoing
quality of service for a participant across multiple RTP sessions for
fault diagnosis, and to understand long-term network performance
statistics. An application developer that wishes to discourage this
Begen, et al. Expires January 09, 2014 [Page 4]
Internet-Draft Choosing an RTCP CNAME July 2013
type of third-party monitoring can choose to generate a unique RTCP
CNAME for each RTP session, or group of related RTP sessions, that
the application will join. Such a per-session RTCP CNAME cannot be
used for traffic analysis, and so provides some limited form of
privacy. Note that there are non-RTP means that can be used by a
third party to correlate RTP sessions, so the use of per-session RTCP
CNAMEs will not prevent a determined traffic analyst from monitoring
such sessions.
This memo defines several different ways by which an implementation
can choose an RTCP CNAME. It is possible, and legitimate, for
independent implementations to make different choices of RTCP CNAME
when running on the same host. This can hinder third-party
monitoring, unless some external means is provided to configure a
persistent choice of RTCP CNAME for those implementations.
Note that there is no backwards compatibility issue (with
[RFC3550]-compatible implementations) introduced in this memo, since
the RTCP CNAMEs are opaque strings to remote peers.
4.2. Requirements
RTP endpoints will choose to generate RTCP CNAMEs that are persistent
or per-session. An RTP endpoint that wishes to generate a persistent
RTCP CNAME MUST use one of the following two methods:
o To produce a long-term persistent RTCP CNAME, an RTP endpoint MUST
generate and store a Universally Unique IDentifier (UUID)
[RFC4122] for use as the "host" part of its RTCP CNAME. The UUID
MUST be version 1, 2, or 4, as described in [RFC4122], with the
"urn:uuid:" stripped, resulting in a 36-octet printable string
representation.
o To produce a short-term persistent RTCP CNAME, an RTP endpoint
MUST generate and use an identifier by following the procedure
described in Section 5. That procedure is performed at least once
per initialization of the software. After obtaining an
identifier, minimally the least significant 96 bits SHOULD be
converted to ASCII using Base64 encoding [RFC4648] (to compromise
between packet size and uniqueness - refer to Section 6.1). If 96
bits are used, the resulting string will be 16 octets.
In the two cases above, the "user@" part of the RTCP CNAME MAY be
omitted on single-user systems and MAY be replaced by an opaque token
on multi-user systems, to preserve privacy.
An RTP endpoint that wishes to generate a per-session RTCP CNAME MUST
use the following method:
Begen, et al. Expires January 09, 2014 [Page 5]
quot;
This Internet-Draft will expire on April 23, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
This document may not be modified, and derivative works of it may not
be created, except to format it for publication as an RFC or to
translate it into languages other than English.
Table of Contents
1. Background and Introduction . . . . . . . . . . . . . . . . . 3
2. Overview of Saratoga File Transfer . . . . . . . . . . . . . 6
3. Optional Parts of Saratoga . . . . . . . . . . . . . . . . . 11
3.1. Optional but useful functions in Saratoga . . . . . . . . 11
3.2. Optional congestion control . . . . . . . . . . . . . . . 12
3.3. Optional functionality requiring other protocols . . . . 12
4. Packet Types . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1. BEACON . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2. REQUEST . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.3. METADATA . . . . . . . . . . . . . . . . . . . . . . . . 26
4.4. DATA . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.5. STATUS . . . . . . . . . . . . . . . . . . . . . . . . . 35
5. The Directory Entry . . . . . . . . . . . . . . . . . . . . . 42
6. Behaviour of a Saratoga Peer . . . . . . . . . . . . . . . . 45
6.1. Saratoga Sessions . . . . . . . . . . . . . . . . . . . . 45
6.2. Beacons . . . . . . . . . . . . . . . . . . . . . . . . . 48
6.3. Upper-Layer Interface . . . . . . . . . . . . . . . . . . 49
6.4. Inactivity Timer . . . . . . . . . . . . . . . . . . . . 49
6.5. Streams and wrapping . . . . . . . . . . . . . . . . . . 50
6.6. Completing file delivery and ending the session . . . . . 50
7. Mailing list . . . . . . . . . . . . . . . . . . . . . . . . 51
8. Security Considerations . . . . . . . . . . . . . . . . . . . 51
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 52
Wood, et al. Expires April 23, 2014 [Page 2]
Internet-Draft Saratoga October 2013
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 52
11. A Note on Naming . . . . . . . . . . . . . . . . . . . . . . 52
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 53
12.1. Normative References . . . . . . . . . . . . . . . . . . 53
12.2. Informative References . . . . . . . . . . . . . . . . . 53
Appendix A. Timestamp/Nonce field considerations . . . . . . . . 54
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 56
1. Background and Introduction
Saratoga is a file transfer and content dissemination protocol
capable of efficiently sending both small (kilobyte) and very large
(exabyte) files, as well as streaming continuous content. Saratoga
was originally designed for the purpose of large file transfer from
small low-Earth-orbiting satellites. It has been used in daily
operations since 2004 to move mission imaging data files of the order
of several hundred megabytes each from the Disaster Monitoring
Constellation (DMC) remote-sensing satellites to ground stations.
The DMC satellites, built at the University of Surrey by Surrey
Satellite Technology Ltd (SSTL), all use IP for payload
communications and delivery of Earth imagery. At the time of this
writing, in March 2013, nine DMC satellites have been launched into
orbit since 2002, five of those are currently operational in orbit,
and three more are planned. The DMC satellites use Saratoga to
provide Earth imagery under the aegis of the International Charter on
Space and Major Disasters. A pass of connectivity between a
satellite and ground station offers an 8-12 minute time window in
which to transfer imagery files using a minimum of an 8.1 Mbps
downlink and a 9.6 kbps uplink. The latest operational DMC
satellites have faster downlinks, capable of 20, 40, 80, 105 or 201
Mbps. Newer satellites are expected to use downlinks to 400 Mbps,
without significant increases in uplink rates. This high degree of
link asymmetry, with the need to fully utilize the available downlink
capacity to move the volume of data required within the limited time
available, motivates much of Saratoga's design.
Further details on how these DMC satellites use IP to communicate
with the ground and the terrestrial Internet are discussed elsewhere
[Hogie05][Wood07a]. Saratoga has also been evaluated for use in
high-speed private ground networks supporting radio astronomy sensors
[Wood11].
Store-and-forward delivery relies on reliable hop-by-hop transfers of
files, removing the need for the final receiver to talk to the
original sender across long delays and allowing for the possibility
that an end-to-end path may never exist between sender and receiver
at any given time. Breaking an end-to-end path into multiple hops
Wood, et al. Expires April 23, 2014 [Page 3]
Internet-Draft Saratoga October 2013
allows data to be transferred as quickly as possible across each
link; congestion on a longer Internet path is then not detrimental to
the transfer rate on a space downlink. Use of store-and-forward hop-
by-hop delivery is typical of scenarios in space exploration for both
near-Earth and deep-space missions, and useful for other scenarios,
such as underwater networking, ad-hoc sensor networks, and some
message-ferrying relay scenarios. Saratoga is intended to be useful
for relaying data in these scenarios.
Saratoga can optionally also be used to carry the Bundle Protocol
"bundles" intended for Delay and Disruption-Tolerant Networking (DTN)
by the IRTF DTN Research Group [RFC5050]. This has been tested from
orbit using the UK-DMC satellite [Ivancic10]. How Saratoga can
optionally function as a "bundle convergence layer" alongside a DTN
bundle agent is specified in a companion document
[I-D.wood-dtnrg-saratoga].
Saratoga contains a Selective Negative Acknowledgement (SNACK)
'holestofill' mechanism to provide reliable retransmission of data.
This is intended to correct losses of corrupted link-layer frames due
to channel noise over a space link. Packet losses in the DMC are due
to corruption introducing non-recoverable errors in the frame. The
DMC design uses point-to-point links and scheduling of applications
in order, so that the link is dedicated to one application transfer
at a time, meaning that packet loss cannot be due to congestion when
applications compete for link capacity simultaneously. In other
wireless environments that may be shared by many nodes and
applications, allocation of channel resources to nodes becomes a MAC-
layer function. Forward Error Coding (FEC) to get the most reliable
transmission through a channel is best left near the physical layer
so that it can be tailored for the channel. Use of FEC complements
Saratoga's transport-level negative-acknowledgement approach that
provides a reliable ARQ mechanism.
Saratoga is scalable in that it is capable of efficiently
transferring small or large files, by choosing a width of file offset
descriptor appropriate for the filesize, and advertising accepted
offset descriptor sizes. 16-bit, 32-bit, 64-bit and 128-bit
descriptors can be selected, for maximum file sizes of 64KiB-1 (<64
Kilobytes of disk space), 4GiB-1 (<4 Gigabytes), 16EiB-1 (<16
Exabytes) and 256 EiEiB-1 (<256 Exa-exabytes) respectively.
Earth imaging files currently transferred by Saratoga are mostly up
to a few gigabytes in size. Some implementations do transfer more
than 4 GiB in size, and so require offset descriptors larger than 32
bits. We believe that supporting a 128-bit descriptor can satisfy
all future needs, but we expect current implementations to only
support up to 32-bit or 64-bit descriptors, depending on their
Wood, et al. Expires April 23, 2014 [Page 4]
Internet-Draft Saratoga October 2013
application needs. The 16-bit descriptor is useful for small
messages, including messages from 8-bit devices, and is always
supported. The 128-bit descriptor can be used for moving very large
files stored on a 128-bit filesystem, such as on OpenSolaris ZFS.
As a UDP-based protocol, Saratoga can be used with either IPv4 or
IPv6. Compatibility between Saratoga and the wide variety of links
that can already carry IP traffic is assured.
High link utilization is important during periods of limited
connectivity. Given that Saratoga was originally developed for
scheduled peer-to-peer communications over dedicated links in private
networks, where each application has the entire link for the duration
of its transfer, many Saratoga implementations deliberately lack any
form of congestion control and send at line rate to maximise
throughput and link utilisation in their limited, carefully
controlled, environments. In accordance with UDP Guidelines
[RFC5405] for protocols able to traverse the public Internet, newer
implementations may perform TCP-Friendly Rate Control (TFRC)
[RFC5348] or other congestion control mechanisms. This is described
further in [I-D.wood-tsvwg-saratoga-congestion-control].
Saratoga was originally implemented as outlined in [Jackson04], but
the specification given here differs substantially, as we have added
a number of capabilities while cleaning up the initial Saratoga
specification. The original Saratoga code uses a version number of
0, while code that implements this version of the protocol advertises
a version number of 1. Further discussion of the history and
development of Saratoga is given in [Wood07b].
This document contains an overview of the transfer process and
sessions using Saratoga in Section 2, followed by a formal definition
of the packet types used by Saratoga in Section 4, and the details of
the various protocol mechanisms in Section 6.
Here, Saratoga session types are labelled with underscores around
lowercase names (such as a "_get_" session), while Saratoga packet
types are labelled in all capitals (such as a "REQUEST" packet) in
order to distinguish between the two.
The remainder of this specification uses 'file' as a shorthand for
'binary object', which may be a file, or other type of data, such as
a DTN bundle. This specification uses 'file' when also discussing
streaming of data of indeterminate length. Saratoga uses unsigned
integers in its fields, and does not use signed types.
Wood, et al. Expires April 23, 2014 [Page 5]
Internet-Draft Saratoga October 2013
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY&Internet-Draft Choosing an RTCP CNAME July 2013
o For every new RTP session, a new RTCP CNAME is generated following
the procedure described in Section 5. After performing that
procedure, minimally the least significant 96 bits SHOULD be
converted to ASCII using Base64 encoding [RFC4648]. The RTCP
CNAME cannot change over the life of an RTP session [RFC3550].
The "user@" part of the RTCP CNAME is omitted when generating
per-session RTCP CNAMEs.
It is believed that obtaining uniqueness (with a high probability) is
an important property that requires careful evaluation of the method.
This document provides a number of methods, at least one of which
would be suitable for all deployment scenarios. This document
therefore does not provide for the implementor to define and select
an alternative method.
A future specification might define an alternative method for
generating RTCP CNAMEs, as long as the proposed method has
appropriate uniqueness and there is consistency between the methods
used for multiple RTP sessions that are to be correlated. However,
such a specification needs to be reviewed and approved before
deployment.
The mechanisms described in this document are to be used to generate
RTCP CNAMEs, and they are not to be used for generating general-
purpose unique identifiers.
5. Procedure to Generate a Unique Identifier
To locally produce a unique identifier, one simply generates a
cryptographically pseudorandom value as described in [RFC4086]. This
value MUST be at least 96 bits and MAY be up to 512 bits.
The biggest bottleneck to implementation of this algorithm is the
availability of an appropriate cryptographically secure pseudorandom
number generator (CSPRNG). In any setting which already has a secure
PRNG, this algorithm described is far simpler than the algorithm
described in Section 5 of [RFC6222]. SIP stacks [RFC3261] are
required to use cryptographically random numbers to generate To and
From tags (Section 19.3). RTCWEB implementations
[I-D.ietf-rtcweb-security-arch] will need to have secure PRNGs to
implement ICE [RFC5245] and DTLS-SRTP [RFC5764]. And, of course,
essentially every Web browser already supports TLS, which requires a
secure PRNG.
6. Security Considerations
The security considerations of [RFC3550] apply to this memo.
Begen, et al. Expires January 09, 2014 [Page 6]
Internet-Draft Choosing an RTCP CNAME July 2013
6.1. Considerations on Uniqueness of RTCP CNAMEs
The considerations in this section apply to random RTCP CNAMEs.
The recommendations given in this document for RTCP CNAME generation
ensure that a set of cooperating participants in an RTP session will,
with very high probability, have unique RTCP CNAMEs. However,
neither [RFC3550] nor this document provides any way to ensure that
participants will choose RTCP CNAMEs appropriately, and thus
implementations MUST NOT rely on the uniqueness of RTCP CNAMEs for
any essential security services. This is consistent with [RFC3550],
which does not require that RTCP CNAMEs are unique within a session
but instead says that condition SHOULD hold. As described in the
Security Considerations section of [RFC3550], because each
participant in a session is free to choose its own RTCP CNAME, they
can do so in such a way as to impersonate another participant. That
is, participants are trusted to not impersonate each other. No
recommendation for generating RTCP CNAMEs can prevent this
impersonation, because an attacker can neglect the stipulation.
Secure RTP (SRTP) [RFC3711] keeps unauthorized entities out of an RTP
session, but it does not aim to prevent impersonation attacks from
authorized entities.
Because of the properties of the PRNG, there is no significant
privacy/linkability difference between long and short RTCP CNAMEs.
However, the requirement to generate unique RTCP CNAMEs implies a
certain minimum length. A length of 96 bits allows on the order of
2^{40} RTCP CNAMEs globally before there is a large chance of
collision (there is about a 50% chance of one collision after 2^{48}
RTCP CNAMEs).
6.2. Session Correlation Based on RTCP CNAMEs
Earlier recommendations for RTCP CNAME generation allowed a fixed
RTCP CNAME value, which allows an attacker to easily link separate
RTP sessions, eliminating the obfuscation provided by IPv6 privacy
addresses [RFC4941] or IPv4 Network Address Port Translation (NAPT)
[RFC3022].
This specification no longer describes a procedure to generate fixed
RTCP CNAME values, so RTCP CNAME values no longer provide such
linkage between RTP sessions. This was necessary to eliminate such
linking by an attacker, but of course complicates linking by traffic
analysis devices (e.g., devices that are looking for dropped or
delayed packets).
7. IANA Considerations
Begen, et al. Expires January 09, 2014 [Page 7]
Internet-Draft Choosing an RTCP CNAME July 2013
No IANA actions are required.
8. Acknowledgments
Thanks to Marc Petit-Huguenin, who suggested using UUIDs in
generating RTCP CNAMEs. Also, thanks to David McGrew for providing
text for the Security Considerations section in RFC 6222.
9. References
9.1. Normative References
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, July
2005.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006.
[RFC5342] Eastlake, D., "IANA Considerations and IETF Protocol Usage
for IEEE 802 Parameters", BCP 141, RFC 5342, September
2008.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005.
9.2. Informative References
[RFC6222] Begen, A., Perkins, C., and D. Wing, "Guidelines for
Choosing RTP Control Protocol (RTCP) Canonical Names
(CNAMEs)", RFC 6222, April 2011.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets", BCP
5, RFC 1918, February 1996.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, January
2001.
Begen, et al. Expires January 09, 2014 [Page 8]
Internet-Draft Choosing an RTCP CNAME July 2013
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, April
2010.
[RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer
Security (DTLS) Extension to Establish Keys for the Secure
Real-time Transport Protocol (SRTP)", RFC 5764, May 2010.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002.
[I-D.ietf-rtcweb-security-arch]
Rescorla, E., "RTCWEB Security Architecture", draft-ietf-
rtcweb-security-arch-06 (work in progress), January 2013.
[I-D.rescorla-avtcore-random-cname]
Rescorla, E., "Random algorithm for RTP CNAME generation",
draft-rescorla-avtcore-random-cname-00 (work in progress),
July 2012.
Authors' Addresses
Ali Begen
Cisco
181 Bay Street
Toronto, ON M5J 2T3
CANADA
EMail: abegen@cisco.com
Begen, et al. Expires January 09, 2014 [Page 9]
Internet-Draft Choosing an RTCP CNAME July 2013
Colin Perkins
University of Glasgow
School of Computing Science
Glasgow G12 8QQ
UK
EMail: csp@csperkins.org
Dan Wing
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134
USA
EMail: dwing@cisco.com
Eric Rescorla
RTFM, Inc.
2064 Edgewood Drive
Palo Alto, CA 94303
USA
Phone: +1 650 678 2350
EMail: ekr@rtfm.com
Begen, et al. Expires January 09, 2014 [Page 10]