Guidelines for Choosing RTP Control Protocol (RTCP) Canonical Names (CNAMEs)
RFC 6222
Document | Type |
RFC
- Proposed Standard
(April 2011)
Obsoleted by RFC 7022
Updates RFC 3550
|
|
---|---|---|---|
Authors | Colin Perkins , Ali C. Begen , Dan Wing | ||
Last updated | 2015-10-14 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
IESG | Responsible AD | Robert Sparks | |
Send notices to | (None) |
RFC 6222
RFC 6222 Choosing an RTCP CNAME April 2011 4.2. Requirements RTP endpoints will choose to generate RTCP CNAMEs that are persistent or per-session. An RTP endpoint that wishes to generate a persistent RTCP CNAME MUST use one of the following two methods: o To produce a long-term persistent RTCP CNAME, an RTP endpoint MUST generate and store a Universally Unique IDentifier (UUID) [RFC4122] for use as the "host" part of its RTCP CNAME. The UUID MUST be version 1, 2, or 4, as described in [RFC4122], with the "urn:uuid:" stripped, resulting in a 36-octet printable string representation. o To produce a short-term persistent RTCP CNAME, an RTP endpoint MUST either (a) use the numeric representation of the layer-2 (Media Access Control (MAC)) address of the interface that is used to initiate the RTP session as the "host" part of its RTCP CNAME or (b) generate and use an identifier by following the procedure described in Section 5. In either case, the procedure is performed once per initialization of the software. After obtaining an identifier by doing (a) or (b), the least significant 48 bits are converted to the standard colon-separated hexadecimal format [RFC5342], e.g., "00:23:32:af:9b:aa", resulting in a 17-octet printable string representation. In the two cases above, the "user@" part of the RTCP CNAME MAY be omitted on single-user systems and MAY be replaced by an opaque token on multi-user systems, to preserve privacy. An RTP endpoint that wishes to generate a per-session RTCP CNAME MUST use the following method: o For every new RTP session, a new CNAME is generated following the procedure described in Section 5. After performing that procedure, the least significant 96 bits are used to generate an identifier (to compromise between packet size and security), which is converted to ASCII using Base64 encoding [RFC4648]. This results in a 16-octet string representation. The RTCP CNAME cannot change over the life of an RTP session [RFC3550]; hence, only the initial SSRC value chosen by the endpoint is used. The "user@" part of the RTCP CNAME is omitted when generating per-session RTCP CNAMEs. Begen, et al. Standards Track [Page 5] RFC 6222 Choosing an RTCP CNAME April 2011 It is believed that obtaining uniqueness (with a high probability) is an important property that requires careful evaluation of the method. This document provides a number of methods, at least one of which would be suitable for all deployment scenarios. This document therefore does not provide for the implementor to define and select an alternative method. A future specification might define an alternative method for generating RTCP CNAMEs, as long as the proposed method has appropriate uniqueness and there is consistency between the methods used for multiple RTP sessions that are to be correlated. However, such a specification needs to be reviewed and approved before deployment. The mechanisms described in this document are to be used to generate RTCP CNAMEs, and they are not to be used for generating general- purpose unique identifiers. 5. Procedure to Generate a Unique Identifier The algorithm described below is intended to be used for locally generated unique identifiers. 1. Obtain the current time of day in 64-bit NTP format [RFC5905]. 2. Obtain a modified EUI-64 identifier from the system running this algorithm [RFC4291]. If such a system does not exist, an identifier can be created from a 48-bit MAC address, as specified in [RFC4291]. If one cannot be obtained or created, a suitably unique identifier, local to the node, should be used (e.g., system serial number). 3. Concatenate the time of day with the system-specific identifier in order to create a key. 4. If generating a per-session CNAME, also concatenate the RTP endpoint's initial SSRC, the source and destination IP addresses, and ports to the key. 5. Compute the 256-bit output of the SHA-256 digest of the key, as specified in [RFC4634]. Begen, et al. Standards Track [Page 6] RFC 6222 Choosing an RTCP CNAME April 2011 6. Security Considerations The security considerations of [RFC3550] apply to this memo. 6.1. Considerations on Uniqueness of RTCP CNAMEs The recommendations given in this document for RTCP CNAME generation ensure that a set of cooperating participants in an RTP session will, with very high probability, have unique RTCP CNAMEs. However, neither [RFC3550] nor this document provides any way to ensure that participants will choose RTCP CNAMEs appropriately, and thus implementations MUST NOT rely on the uniqueness of CNAMEs for any essential security services. This is consistent with [RFC3550], which does not require that RTCP CNAMEs are unique within a session but instead says that condition SHOULD hold. As described in the Security Considerations section of [RFC3550], because each participant in a session is free to choose its own RTCP CNAME, they can do so in such a way as to impersonate another participant. That is, participants are trusted to not impersonate each other. No recommendation for generating RTCP CNAMEs can prevent this impersonation, because an attacker can neglect the stipulation. Secure RTP (SRTP) [RFC3711] keeps unauthorized entities out of an RTP session, but it does not aim to prevent impersonation attacks from unauthorized entities. This document uses a hash function to ensure the uniqueness of RTCP CNAMEs. A cryptographic hash function is used because such functions provide the randomness properties that are needed. However, no security assumptions are made on the hash function. The hash function is not assumed to be collision resistant, preimage resistant, or second preimage resistant in an adversarial setting; as described above, an attacker attempting an impersonation attack could merely set the RTCP CNAME directly rather than attacking the hash function. Similarly, the hash function is not assumed to be a one- way function or pseudorandom in a cryptographic sense. No confidentiality is provided on the data used as input to the RTCP CNAME generation algorithm. It might be possible for an attacker who observes an RTCP CNAME to determine the inputs that were used to generate that value. 6.2. Session Correlation Based on RTCP CNAMEs In some environments, notably telephony, a fixed RTCP CNAME value allows separate RTP sessions to be correlated and eliminates the obfuscation provided by IPv6 privacy addresses [RFC4941] or IPv4 Network Address Port Translation (NAPT) [RFC3022]. SRTP [RFC3711] can help prevent such correlation by encrypting Secure RTCP (SRTCP), Begen, et al. Standards Track [Page 7] RFC 6222 Choosing an RTCP CNAME April 2011 but it should be noted that SRTP only mandates SRTCP integrity protection (not encryption). Thus, RTP applications used in such environments should consider encrypting their SRTCP or generate a per-session RTCP CNAME as discussed in Section 4.1. 7. Acknowledgments Thanks to Marc Petit-Huguenin, who suggested using UUIDs in generating RTCP CNAMEs. Also, thanks to David McGrew for providing text for the Security Considerations section. 8. References 8.1. Normative References [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, July 2005. [RFC4634] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and HMAC-SHA)", RFC 4634, July 2006. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, June 2010. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. [RFC5342] Eastlake 3rd, D., "IANA Considerations and IETF Protocol Usage for IEEE 802 Parameters", BCP 141, RFC 5342, September 2008. Begen, et al. Standards Track [Page 8] RFC 6222 Choosing an RTCP CNAME April 2011 8.2. Informative References [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, February 1996. [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, January 2001. [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, March 2004. [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, September 2007. Authors' Addresses Ali Begen Cisco 181 Bay Street Toronto, ON M5J 2T3 CANADA EMail: abegen@cisco.com Colin Perkins University of Glasgow School of Computing Science Glasgow G12 8QQ UK EMail: csp@csperkins.org Dan Wing Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA EMail: dwing@cisco.com Begen, et al. Standards Track [Page 9]