Session Description Protocol (SDP) Format for Binary Floor Control Protocol (BFCP) Streams
draft-ietf-bfcpbis-rfc4583bis-17
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 8856.
|
|
|---|---|---|---|
| Authors | Gonzalo Camarillo , Tom Kristensen , Paul Jones | ||
| Last updated | 2017-07-03 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
GENART Last Call review
(of
-26)
by Pete Resnick
Ready w/issues
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | Mary Barnes | ||
| IESG | IESG state | Became RFC 8856 (Proposed Standard) | |
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-bfcpbis-rfc4583bis-17
BFCPbis Working Group G. Camarillo
Internet-Draft Ericsson
Obsoletes: 4583 (if approved) T. Kristensen
Intended status: Standards Track P. Jones
Expires: January 4, 2018 Cisco
July 3, 2017
Session Description Protocol (SDP) Format for Binary Floor Control
Protocol (BFCP) Streams
draft-ietf-bfcpbis-rfc4583bis-17
Abstract
This document specifies how to describe Binary Floor Control Protocol
(BFCP) streams in Session Description Protocol (SDP) descriptions.
User agents using the offer/answer model to establish BFCP streams
use this format in their offers and answers.
This document obsoletes RFC 4583. Changes from RFC 4583 are
summarized in Section 14.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Camarillo, et al. Expires January 4, 2018 [Page 1]
Internet-Draft BFCP July 2017
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fields in the 'm' Line . . . . . . . . . . . . . . . . . . . 3
4. Floor Control Server Determination . . . . . . . . . . . . . 4
4.1. SDP 'floorctrl' Attribute . . . . . . . . . . . . . . . . 5
5. SDP 'confid' and 'userid' Attributes . . . . . . . . . . . . 6
6. SDP 'floorid' Attribute . . . . . . . . . . . . . . . . . . . 7
7. SDP 'bfcpver' Attribute . . . . . . . . . . . . . . . . . . . 7
8. BFCP Connection Management . . . . . . . . . . . . . . . . . 8
8.1. TCP Connection Management . . . . . . . . . . . . . . . . 8
9. Authentication . . . . . . . . . . . . . . . . . . . . . . . 8
10. ICE Considerations . . . . . . . . . . . . . . . . . . . . . 10
11. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 11
11.1. Generating the Initial SDP Offer . . . . . . . . . . . . 12
11.2. Generating the SDP Answer . . . . . . . . . . . . . . . 13
11.3. Offerer Processing of the SDP Answer . . . . . . . . . . 14
11.4. Modifying the Session . . . . . . . . . . . . . . . . . 14
12. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 14
13. Security Considerations . . . . . . . . . . . . . . . . . . . 16
14. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
14.1. Registration of SDP 'proto' Values . . . . . . . . . . . 17
14.2. Registration of the SDP 'floorctrl' Attribute . . . . . 17
14.3. Registration of the SDP 'confid' Attribute . . . . . . . 18
14.4. Registration of the SDP 'userid' Attribute . . . . . . . 18
14.5. Registration of the SDP 'floorid' Attribute . . . . . . 18
14.6. Registration of the SDP 'bfcpver' Attribute . . . . . . 19
15. Changes from RFC 4583 . . . . . . . . . . . . . . . . . . . . 19
16. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
17. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
17.1. Normative References . . . . . . . . . . . . . . . . . . 20
17.2. Informational References . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction
As discussed in the BFCP (Binary Floor Control Protocol)
specification [8], a given BFCP client needs a set of data in order
to establish a BFCP connection to a floor control server. This data
includes the transport address of the server, the conference
identifier, and the user identifier.
Camarillo, et al. Expires January 4, 2018 [Page 2]
Internet-Draft BFCP July 2017
One way for clients to obtain this information is to use an SDP
offer/answer [4] exchange. This document specifies how to encode
this information in the SDP session descriptions that are part of
such an offer/answer exchange.
User agents typically use the offer/answer model to establish a
number of media streams of different types. Following this model, a
BFCP connection is described as any other media stream by using an
SDP 'm' line, possibly followed by a number of attributes encoded in
'a' lines.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14, RFC 2119 [1] and indicate requirement levels for compliant
implementations.
3. Fields in the 'm' Line
This section describes how to generate an 'm' line for a BFCP stream.
According to the SDP specification [11], the 'm' line format is the
following:
m=<media> <port> <proto> <fmt> ...
The media field MUST have a value of "application".
The port field is set depending on the value of the proto field, as
explained below. A port field value of zero has the standard SDP
meaning (i.e., rejection of the media stream) regardless of the proto
field.
When TCP is used as the transport, the port field is set following
the rules in [7]. Depending on the value of the 'setup' attribute
(discussed in Section 8.1), the port field contains the port to
which the remote endpoint will direct BFCP messages or is
irrelevant (i.e., the endpoint will initiate the connection
towards the remote endpoint) and should be set to a value of 9,
which is the discard port.
When UDP is used as the transport, the port field contains the
port to which the remote endpoint will direct BFCP messages
regardless of the value of the 'setup' attribute.
Camarillo, et al. Expires January 4, 2018 [Page 3]
Internet-Draft BFCP July 2017
This document defines five values for the proto field: TCP/BFCP,
TCP/DTLS/BFCP, TCP/TLS/BFCP, UDP/BFCP, and UDP/TLS/BFCP.
TCP/BFCP is used when BFCP runs directly on top of TCP. TCP/TLS/BFCP
is used when BFCP runs on top of TLS, which in turn runs on top of
TCP. TCP/DTLS/BFCP is used when running BFCP on top of DTLS [12], as
described in this specification, which in turn runs on top of TCP
using the framing method defined in [13] with DTLS packets being sent
and received instead of RTP/RTCP packets using the shim defined in
RFC4571 such that the length field defined in RFC4571 precedes each
DTLS message.
Similarly, UDP/BFCP is used when BFCP runs directly on top of UDP,
and UDP/TLS/BFCP is used when BFCP runs on top of DTLS, which in turn
runs on top of UDP.
The fmt (format) list is not applicable to BFCP. The fmt list of 'm'
lines in the case of any proto field value related to BFCP SHOULD
contain a single "*" character. If the the fmt list contains any
other value it is ignored.
The following is an example of an 'm' line for a BFCP connection:
m=application 50000 TCP/TLS/BFCP *
4. Floor Control Server Determination
When two endpoints establish a BFCP stream, they need to determine
which of them acts as a floor control server. In the most common
scenario, a client establishes a BFCP stream with a conference server
that acts as the floor control server. Floor control server
determination is straight forward because one endpoint can only act
as a client and the other can only act as a floor control server.
However, there are scenarios where both endpoints could act as a
floor control server. For example, in a two-party session that
involves an audio stream and a shared whiteboard, the endpoints need
to decide which party will be acting as the floor control server.
Furthermore, there are situations where both the offerer and the
answerer act as both clients and floor control servers in the same
session. For example, in a two-party session that involves an audio
stream and a shared whiteboard, one party acts as the floor control
server for the audio stream and the other acts as the floor control
server for the shared whiteboard.
Camarillo, et al. Expires January 4, 2018 [Page 4]
Internet-Draft BFCP July 2017
4.1. SDP 'floorctrl' Attribute
This document defines the 'floorctrl' SDP media-level attribute to
perform floor control server determination. Its Augmented BNF syntax
[2] is:
floor-control-attribute = "a=floorctrl:" role *(SP role)
role = "c-only" / "s-only" / "c-s"
The offerer includes this attribute to state all the roles it would
be willing to perform:
c-only: The offerer would be willing to act as a floor control
client only.
s-only: The offerer would be willing to act as a floor control
server only.
c-s: The offerer would be willing to act both as a floor control
client and as a floor control server.
If an SDP media description in an offer contains a 'floorctrl'
attribute, the answerer accepting that media MUST include a
'floorctrl' attribute in the corresponding media description of the
answer. The answerer includes this attribute to state which role the
answerer will perform. That is, the answerer chooses one of the
roles the offerer is willing to perform and generates an answer with
the corresponding role for the answerer. Table 1 shows the
corresponding roles for an answerer, depending on the offerer's role.
+---------+----------+
| Offerer | Answerer |
+---------+----------+
| c-only | s-only |
| s-only | c-only |
| c-s | c-s |
+---------+----------+
Table 1: Roles
The following are the descriptions of the roles when they are chosen
by an answerer:
c-only: The answerer will act as a floor control client.
Consequently, the offerer will act as a floor control server.
s-only: The answerer will act as a floor control server.
Consequently, the offerer will act as a floor control client.
Camarillo, et al. Expires January 4, 2018 [Page 5]
Internet-Draft BFCP July 2017
c-s: The answerer will act both as a floor control client and as a
floor control server. Consequently, the offerer will also act
both as a floor control client and as a floor control server.
Endpoints that use the offer/answer model to establish BFCP
connections MUST support the 'floorctrl' attribute. A floor control
server acting as an offerer or as an answerer SHOULD include this
attribute in its session descriptions.
If the 'floorctrl' attribute is not used in an offer/answer exchange,
by default the offerer and the answerer will act as a floor control
client and as a floor control server, respectively.
The following is an example of a 'floorctrl' attribute in an offer.
When this attribute appears in an answer, it only carries one role:
a=floorctrl:c-only s-only c-s
5. SDP 'confid' and 'userid' Attributes
This document defines the 'confid' and the 'userid' SDP media-level
attributes. These attributes are used by a floor control server to
provide a client with a conference ID and a user ID, respectively.
Their Augmented BNF syntax [2] is:
confid-attribute = "a=confid:" conference-id
conference-id = token
userid-attribute = "a=userid:" user-id
user-id = token
token-char = %x21 / %x23-27 / %x2A-2B / %x2D-2E / %x30-39
/ %x41-5A / %x5E-7E
token = 1*(token-char)
The 'confid' and the 'userid' attributes carry the decimal integer
representation of a conference ID and a user ID, respectively.
The token-char and token elements are defined in [11] but included
here to provide support for the implementor of this SDP feature.
Endpoints that use the offer/answer model to establish BFCP
connections MUST support the 'confid' and the 'userid' attributes. A
floor control server acting as an offerer or as an answerer MUST
include these attributes in its session descriptions.
Camarillo, et al. Expires January 4, 2018 [Page 6]
Internet-Draft BFCP July 2017
6. SDP 'floorid' Attribute
This document defines the 'floorid' SDP media-level attribute. This
attribute is used to provide an association between media streams and
floors. Its Augmented BNF syntax [2] is:
floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)]
The 'floorid' attribute is used in the SDP media description for BFCP
media. It defines a floor identifier and, possibly, associates it
with one or more media streams. The token representing the floor ID
is the integer representation of the Floor ID to be used in BFCP.
The token representing the media stream is a pointer to the media
stream, which is identified by an SDP label attribute [9].
Endpoints that use the offer/answer model to establish BFCP
connections MUST support the 'floorid' and the 'label' attributes. A
floor control server acting as an offerer or as an answerer MUST
include these attributes in its session descriptions.
Note: In [18] 'm-stream' was erroneously used in Section 12.
Although the example was non-normative, it is implemented by some
vendors and occurs in cases where the endpoint is willing to act
as an server. Therefore, it is RECOMMENDED to support parsing and
interpreting 'm-stream' the same way as 'mstrm' when receiving.
7. SDP 'bfcpver' Attribute
This document defines the 'bfcpver' SDP media-level attribute. This
attribute is used for BFCP version negotiation. Its Augmented BNF
syntax [2] is:
bfcp-version-attribute = "a=bfcpver:" bfcp-version *(SP bfcp-version)
bfcp-version = token
The 'bfcpver' attribute defines the list of the versions of BFCP
supported by the endpoint. Tokens representing versions MUST be
integers matching the "Version" field that would be presented in the
BFCP COMMON-HEADER [8]. The version of BFCP to be used will then be
confirmed with a BFCP-level Hello/HelloAck.
Endpoints that use the offer/answer model to establish BFCP
connections SHOULD support the 'bfcpver' attribute. A floor control
server acting as an offerer or as an answerer SHOULD include this
attribute in its session descriptions. However, endpoints that
support RFC XXXX, and not only the [18] subset, are REQUIRED to
support and, when acting as a floor control server, to use the
'bfcpver' attribute.
Camarillo, et al. Expires January 4, 2018 [Page 7]
Internet-Draft BFCP July 2017
If a 'bfcpver' attribute is not present, default values are inferred
from the transport specified in the 'm' line (Section 3). In
accordance with definition of the Version field in [8], when used
over a reliable transport the default value is "1", and when used
over an unreliable transport the default value is "2".
8. BFCP Connection Management
BFCP connections can use TCP or UDP as the underlying transport.
BFCP entities exchanging BFCP messages over UDP direct the BFCP
messages to the peer side connection address and port provided in the
SDP 'm' line. TCP connection management is more complicated and is
described below.
8.1. TCP Connection Management
The management of the TCP connection used to transport BFCP is
performed using the 'setup' and 'connection' attributes, as defined
in [7].
The 'setup' attribute indicates which of the endpoints (client or
floor control server) initiates the TCP connection. The 'connection'
attribute handles TCP connection reestablishment.
The BFCP specification [8] describes a number of situations when the
TCP connection between a client and the floor control server needs to
be reestablished. However, that specification does not describe the
reestablishment process because this process depends on how the
connection was established in the first place. BFCP entities using
the offer/answer model follow the following rules.
When the existing TCP connection is closed and reestablished
following the rules in [8], the client MUST generate an offer towards
the floor control server in order to reestablish the connection. If
a TCP connection cannot deliver a BFCP message and times out, the
entity that attempted to send the message (i.e., the one that
detected the TCP timeout) MUST generate an offer in order to
reestablish the TCP connection.
Endpoints that use the offer/answer model to establish TCP
connections MUST support the 'setup' and 'connection' attributes.
9. Authentication
When a BFCP connection is established using the offer/answer model,
it is assumed that the offerer and the answerer authenticate each
other using some mechanism. TLS/DTLS is the preferred mechanism, but
other mechanisms are possible and outside the scope of this document.
Camarillo, et al. Expires January 4, 2018 [Page 8]
Internet-Draft BFCP July 2017
Once this mutual authentication takes place, all the offerer and the
answerer need to ensure is that the entity they are receiving BFCP
messages from is the same as the one that generated the previous
offer or answer.
When SDP is used to perform an offer/answer exchange, the initial
mutual authentication takes place at the SIP level. Additionally,
SIP uses S/MIME [6] to provide an integrity-protected channel with
optional confidentiality for the offer/answer exchange. BFCP takes
advantage of this integrity-protected offer/answer exchange to
perform authentication. Within the offer/answer exchange, the
offerer and answerer exchange the fingerprints of their self-signed
certificates. These self-signed certificates are then used to
establish the TLS/DTLS connection that will carry BFCP traffic
between the offerer and the answerer.
BFCP clients and floor control servers follow the rules in [10]
regarding certificate choice and presentation. This implies that
unless a 'fingerprint' attribute is included in the session
description, the certificate provided at the TLS-/DTLS-level MUST
either be directly signed by one of the other party's trust anchors
or be validated using a certification path that terminates at one of
the other party's trust anchors [5]. Endpoints that use the offer/
answer model to establish BFCP connections MUST support the
'fingerprint' attribute and MUST include it in their session
descriptions.
When TLS is used with TCP, once the underlying connection is
established, the answerer which may be the client or the floor
control server acts as the TLS server regardless of its role (passive
or active) in the TCP establishment procedure. If the TCP connection
is lost, the active endpoint is responsible for re-establishing the
TCP connection. Unless a new TLS session is negotiated, subsequent
SDP offers and answers will not impact the previously negotiated TLS
roles.
When DTLS is used with UDP, the requirements specified in Section 5
of [16] MUST be followed.
Informational note: How to determine which endpoint initiates the
TLS/DTLS association depends on the selected underlying transport.
It was decided to keep the original semantics in [18] for TCP to
retain backwards compatibility. When using UDP, the procedure
above was preferred since it adheres to [16] as used for DTLS-
SRTP, it does not overload offer/answer semantics, and it works
for offerless INVITE in scenarios with B2BUAs.
Camarillo, et al. Expires January 4, 2018 [Page 9]
Internet-Draft BFCP July 2017
10. ICE Considerations
When BFCP is used with UDP based ICE candidates [14] then the
procedures for UDP/TLS/BFCP are used.
When BFCP is used with TCP based ICE candidates [15] then the
procedures for TCP/DTLS/BFCP are used.
In ICE environments, during the nomination process, endpoints go
through multiple ICE candidate pairs, until the most preferred
candidate pair is found. During the nomination process, data can be
sent as soon as the first working candidate pair is found, but the
nomination process still continues and selected candidate pairs can
still change while data is sent.
Furthermore, if endpoints roam between networks, for instance when
mobile endpoint switches from mobile connection to WiFi, endpoints
will initiate an ICE restart, which will trigger a new nomination
process between the new set of candidates and likely result in the
new nominated candidate pair.
Implementations MUST treat all ICE candidate pairs associated with an
BFCP session on top of a DTLS association as part of the same DTLS
association. Thus, there will only be one BFCP session setup and one
DTLS handshake even if there are multiple valid candidate pairs, and
shifting from one candidate pair to another, including switching
between UDP to TCP candidate pairs, will not impact the BFCP session
or DTLS associations. If new candidates are added, they will also be
part of the same BFCP session and DTLS associations. When
transitioning between candidate pairs, different candidate pairs can
be currently active in different directions and implementations MUST
be ready to receive data on any of the candidates, even if this means
sending and receiving data using UDP/TLS/BFCP and TCP/DTLS/BFCP at
the same time in different directions.
In order to maximize the likelihood of interoperability between the
endpoints, all ICE enabled BFCP endpoints SHOULD implement support
for UDP/TLS/BFCP.
When an SDP offer or answer is sent with multiple ICE candidates
during initial connection negotiation or after ICE restart, UDP based
candidates SHOULD be included and default candidate SHOULD be chosen
from one of those UDP candidates. The proto value MUST match the
transport protocol associated with the default candidate. If UDP
transport is used for the default candidate, then 'UDP/TLS/BFCP'
proto value MUST be used. If TCP transport is used for the default
candidate, then 'TCP/DTLS/BFCP' proto value MUST be used. Note that
Camarillo, et al. Expires January 4, 2018 [Page 10]
Internet-Draft BFCP July 2017
under normal circumstances the proto value for offers and answers
sent during ICE nomination SHOULD be 'UDP/TLS/BFCP'.
When a subsequent SDP offer or answer is sent after ICE nomination is
complete and does not initiate ICE restart, it will contain only the
currently negotiated ICE candidate pair. In this case, the proto
value MUST match the transport protocol associated with the currently
negotiated ICE candidate pair. If UDP transport is used for the
currently negotiated pair, then 'UDP/TLS/BFCP' proto value MUST be
used. If TCP transport is used for the currently negotiated pair,
then 'TCP/DTLS/BFCP' proto value MUST be used. Please note that if
an endpoint switches between TCP-based and UDP-based candidates
during the nomination process the endpoint is not required to send an
SDP offer for the sole purpose of keeping the proto value of the
associated 'm' line in sync.
Note: The text in the paragraph above only applies when the usage
of ICE has been negotiated. If ICE is not used, the proto value
MUST always reflect the transport protocol used at any given time.
Note: Using ICE with protocols other then UDP/TLS/BFCP and
TCP/DTLS/BFCP is outside of scope for this specification.
11. SDP Offer/Answer Procedures
This section defines the SDP offer/answer [4] procedures for
negotiating and establishing a BFCP connection. The generic
procedures for DTLS are defined in [16], the specific BFCP parts are
specified here.
If the 'm' line 'proto' value is 'TCP/TLS/BFCP', 'TCP/DTLS/BFCP' or
'UDP/TLS/BFCP', each endpoint MUST provide a certificate fingerprint,
using the SDP 'fingerprint' attribute [7], if the endpoint supports,
and is willing to use, a cipher suite with an associated certificate.
The authentication certificates are interpreted and validated as
defined in [10]. Self-signed certificates can be used securely,
provided that the integrity of the SDP description is assured as
defined in [10].
Note: The procedures apply to a specific 'm' line describing a
BFCP connection. If an offer or answer contains multiple 'm'
lines describing BFCP connections, the procedures are applied
separately to each 'm' line.
Informational note: The use of source-specific parameters in SDP,
as defined in [19], is not applicable to BFCP.
Camarillo, et al. Expires January 4, 2018 [Page 11]
Internet-Draft BFCP July 2017
Multiplexing of BFCP 'm' lines, as defined in BUNDLE [20], is not
defined by this specification and MUST NOT be included in a BUNDLE
group. An analysis of the SDP attributes defined in [18], with
regards to multiplexing of 'm' lines, is presented in Section 5.27 of
[21]. The analysis for the 'bfcpver' SDP attribute, defined in this
document is provided in Table 2.
+---------+------------------------+-------+--------------+
| Name | Notes | Level | Mux Category |
+---------+------------------------+-------+--------------+
| bfcpver | Needs further analysis | M | TBD |
+---------+------------------------+-------+--------------+
Table 2: Multiplexing Attribute Analysis
11.1. Generating the Initial SDP Offer
When the offerer creates an initial offer, the offerer:
o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP',
'TCP/DTLS/TCP' or 'UDP/TLS/BFCP', associate an SDP setup
attribute, with an 'actpass' value, with the 'm' line;
o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/TLS/BFCP' or
'TCP/DTLS/BFCP', associate an SDP 'connection' attribute, with a
'new' value, with the 'm' line; and
In addition, if the offerer acts as the floor control server, the
offerer:
o SHOULD associate an SDP 'floorctrl' attribute defined in
Section 4.1, with the 'm' line;
o MUST associate an SDP 'confid' attribute defined in Section 5,
with the 'm' line;
o MUST associate an SDP 'userid' attribute defined in Section 5,
with the 'm' line;
o MUST associate an SDP 'floorid' attribute defined in Section 6,
with the 'm' line;
o MUST associate an SDP 'label' attribute as described in Section 6,
with the 'm' line; and
o SHOULD, if it supports only the RFC 4583 subset and MUST, if it
supports RFC XXXX associate an SDP 'bfcpver' attribute defined in
Section 7, with the 'm' line.
Camarillo, et al. Expires January 4, 2018 [Page 12]
Internet-Draft BFCP July 2017
11.2. Generating the SDP Answer
When the answerer receives an offer, which contains an 'm' line
describing a BFCP connection, if the answerer accepts the 'm' line
it:
o MUST insert a corresponding 'm' line in the answer, with an
identical 'm' line proto value [4]; and
o MUST, if the 'm' line proto value is 'TCP/BFCP', 'TCP/DTLS/BFCP',
'TCP/TLS/BFCP' or 'UDP/TLS/BFCP', associate an SDP setup
attribute, with an 'active' or 'passive' value, with the 'm' line;
In addition, if the answerer acts as the floor control server, the
answerer:
o MUST, if the offer contains a 'floorctrl' attribute or else it
SHOULD associate an SDP 'floorctrl' attribute defined in
Section 4.1, with the 'm' line;
o MUST associate an SDP 'confid' attribute defined in Section 5,
with the 'm' line;
o MUST associate an SDP 'userid' attribute defined in Section 5,
with the 'm' line;
o MUST associate an SDP 'floorid' attribute defined in Section 6,
with the 'm' line; and
o MUST associate an SDP 'label' attribute as described in Section 6,
with the 'm' line.
o SHOULD, if it supports only the RFC 4583 subset and MUST, if it
supports RFC XXXX associate an SDP 'bfcpver' attribute defined in
Section 7, with the 'm' line.
Once the answerer has sent the answer, the answerer:
o MUST, if the answerer is the 'active' endpoint, and if a TCP
connection associated with the 'm' line is to be established (or
re-established), initiate the establishing of the TCP connection;
and
o MUST, if the answerer is the 'active' endpoint, and if an TLS/DTLS
connection associated with the 'm' line is to be established (or
re-established), initiate the establishing of the TLS/DTLS
connection (by sending a ClientHello message).
Camarillo, et al. Expires January 4, 2018 [Page 13]
Internet-Draft BFCP July 2017
If the answerer does not accept the 'm' line in the offer, it MUST
assign a zero port value to the corresponding 'm' line in the answer.
In addition, the answerer MUST NOT establish a TCP connection or a
TLS/DTLS connection associated with the 'm' line.
11.3. Offerer Processing of the SDP Answer
When the offerer receives an answer, which contains an 'm' line with
a non-zero port value, describing a BFCP connection, the offerer:
o MUST, if the offer is the 'active' endpoint, and if a TCP
connection associated with the 'm' line is to be established (or
re-established), initiate the establishing of the TCP connection;
and
o MUST, if the offerer is the 'active' endpoint, and if an TLS/DTLS
connection associated with the 'm' line is to be established (or
re-established), initiate the establishing of the TLS/DTLS
connection (by sending a ClientHello message).
If the 'm' line in the answer contains a zero port value, the offerer
MUST NOT establish a TCP connection or a TLS/DTLS connection
associated with the 'm' line.
11.4. Modifying the Session
When an offerer sends an updated offer, in order to modify a
previously established BFCP connection, it follows the procedures in
Section 11.1, with the following exceptions:
o If the BFCP connection is carried on top of TCP, and unless the
offerer wants to re-establish an existing TCP connection, the
offerer MUST associate an SDP connection attribute, with an
'existing' value, with the 'm' line; and
o If the offerer wants to disable a previously established BFCP
connection, it MUST assign a zero port value to the 'm' line
associated with the BFCP connection, following the procedures in
[4].
12. Examples
For the purpose of brevity, the main portion of the session
description is omitted in the examples, which only show 'm' lines and
their attributes.
The following is an example of an offer sent by a conference server
to a client.
Camarillo, et al. Expires January 4, 2018 [Page 14]
Internet-Draft BFCP July 2017
m=application 50000 TCP/TLS/BFCP *
a=setup:passive
a=connection:new
a=fingerprint:sha-256 \
19:E2:1C:3B:4B:9F:81:E6:B8:5C:F4:A5:A8:D8:73:04: \
BB:05:2F:70:9F:04:A9:0E:05:E9:26:33:E8:70:88:A2
a=floorctrl:s-only
a=confid:4321
a=userid:1234
a=floorid:1 mstrm:10
a=floorid:2 mstrm:11
a=bfcpver:1
m=audio 50002 RTP/AVP 0
a=label:10
m=video 50004 RTP/AVP 31
a=label:11
Note that due to RFC formatting conventions, this document splits SDP
across lines whose content would exceed 72 characters. A backslash
character marks where this line folding has taken place. This
backslash and its trailing CRLF and whitespace would not appear in
actual SDP content.
The following is the answer returned by the client.
m=application 9 TCP/TLS/BFCP *
a=setup:active
a=connection:new
a=fingerprint:sha-256 \
6B:8B:F0:65:5F:78:E2:51:3B:AC:6F:F3:3F:46:1B:35: \
DC:B8:5F:64:1A:24:C2:43:F0:A1:58:D0:A1:2C:19:08
a=floorctrl:c-only
a=bfcpver:1
m=audio 55000 RTP/AVP 0
m=video 55002 RTP/AVP 31
A similar example using unreliable transport and DTLS is shown below,
where the offer is sent from a client.
Camarillo, et al. Expires January 4, 2018 [Page 15]
Internet-Draft BFCP July 2017
m=application 50000 UDP/TLS/BFCP *
a=setup:actpass
a=dtls-id:abc3dl
a=fingerprint:sha-256 \
19:E2:1C:3B:4B:9F:81:E6:B8:5C:F4:A5:A8:D8:73:04: \
BB:05:2F:70:9F:04:A9:0E:05:E9:26:33:E8:70:88:A2
a=floorctrl:c-only s-only
a=confid:4321
a=userid:1234
a=floorid:1 mstrm:10
a=floorid:2 mstrm:11
a=bfcpver:2
m=audio 50002 RTP/AVP 0
a=label:10
m=video 50004 RTP/AVP 31
a=label:11
The following is the answer returned by the server.
m=application 55000 UDP/TLS/BFCP *
a=setup:active
a=dtls-id:abc3dl
a=fingerprint:sha-256 \
6B:8B:F0:65:5F:78:E2:51:3B:AC:6F:F3:3F:46:1B:35: \
DC:B8:5F:64:1A:24:C2:43:F0:A1:58:D0:A1:2C:19:08
a=floorctrl:s-only
a=confid:4321
a=userid:1234
a=floorid:1 mstrm:10
a=floorid:2 mstrm:11
a=bfcpver:2
m=audio 55002 RTP/AVP 0
m=video 55004 RTP/AVP 31
13. Security Considerations
The BFCP [8], SDP [11], and offer/answer [4] specifications discuss
security issues related to BFCP, SDP, and offer/answer, respectively.
In addition, [7] and [10] discuss security issues related to the
establishment of TCP and TLS connections using an offer/answer model.
Furthermore, when using DTLS over UDP, considerations for its use
with RTP and RTCP are presented in [16]. The requirements for the
offer/answer exchange, as listed in Section 5 of [16], MUST be
followed.
An initial integrity-protected channel is REQUIRED for BFCP to
exchange self-signed certificates between a client and the floor
Camarillo, et al. Expires January 4, 2018 [Page 16]
Internet-Draft BFCP July 2017
control server. For session descriptions carried in SIP [3], S/MIME
[6] is the natural choice to provide such a channel.
14. IANA Considerations
[Editorial note: The changes in Section 14.1 instruct the IANA to
register the three new values TCP/DTLS/BFCP, UDP/BFCP and UDP/TLS/
BFCP for the SDP 'proto' field. The new section Section 14.6
registers a new SDP "bfcpver" attribute. The rest is unchanged
from [17].]
14.1. Registration of SDP 'proto' Values
The IANA has registered the following values for the SDP 'proto'
field under the Session Description Protocol (SDP) Parameters
registry:
+---------------+------------+
| Value | Reference |
+---------------+------------+
| TCP/BFCP | [RFC XXXX] |
| TCP/DTLS/BFCP | [RFC XXXX] |
| TCP/TLS/BFCP | [RFC XXXX] |
| UDP/BFCP | [RFC XXXX] |
| UDP/TLS/BFCP | [RFC XXXX] |
+---------------+------------+
Table 3: Values for the SDP 'proto' field
14.2. Registration of the SDP 'floorctrl' Attribute
The IANA has registered the following SDP att-field under the Session
Description Protocol (SDP) Parameters registry:
Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: floorctrl
Long-form attribute name: Floor Control
Type of attribute: Media level
Subject to charset: No
Purpose of attribute: The 'floorctrl' attribute is used to
perform floor control server determination.
Allowed attribute values: 1*("c-only" / "s-only" / "c-s")
Camarillo, et al. Expires January 4, 2018 [Page 17]
Internet-Draft BFCP July 2017
14.3. Registration of the SDP 'confid' Attribute
The IANA has registered the following SDP att-field under the Session
Description Protocol (SDP) Parameters registry:
Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: confid
Long-form attribute name: Conference Identifier
Type of attribute: Media level
Subject to charset: No
Purpose of attribute: The 'confid' attribute carries the
integer representation of a Conference ID.
Allowed attribute values: A token
14.4. Registration of the SDP 'userid' Attribute
The IANA has registered the following SDP att-field under the Session
Description Protocol (SDP) Parameters registry:
Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: userid
Long-form attribute name: User Identifier
Type of attribute: Media level
Subject to charset: No
Purpose of attribute: The 'userid' attribute carries the
integer representation of a User ID.
Allowed attribute values: A token
14.5. Registration of the SDP 'floorid' Attribute
The IANA has registered the following SDP att-field under the Session
Description Protocol (SDP) Parameters registry:
Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: floorid
Camarillo, et al. Expires January 4, 2018 [Page 18]
Internet-Draft BFCP July 2017
Long-form attribute name: Floor Identifier
Type of attribute: Media level
Subject to charset: No
Purpose of attribute: The 'floorid' attribute associates a
floor with one or more media streams.
Allowed attribute values: Tokens
14.6. Registration of the SDP 'bfcpver' Attribute
The IANA has registered the following SDP att-field under the Session
Description Protocol (SDP) Parameters registry:
Contact name: Gonzalo.Camarillo@ericsson.com
Attribute name: bfcpver
Long-form attribute name: BFCP Version
Type of attribute: Media level
Subject to charset: No
Purpose of attribute: The 'bfcpver' attribute lists supported
BFCP versions.
Allowed attribute values: Tokens
15. Changes from RFC 4583
Following is the list of technical changes and other fixes from [18].
Main purpose of this work was to add signaling support necessary to
support BFCP over unreliable transport, as described in [8],
resulting in the following changes:
1. Fields in the 'm' line (Section 3):
The section is re-written to remove reference to the exclusivity
of TCP as a transport for BFCP streams. The proto field values
TCP/DTLS/BFCP, UDP/BFCP and UDP/TLS/BFCP added.
2. Authentication (Section 9):
In last paragraph, made clear that a TCP connection was
described.
Camarillo, et al. Expires January 4, 2018 [Page 19]
Internet-Draft BFCP July 2017
3. Security Considerations (Section 13):
For the DTLS over UDP case, mention existing considerations and
requirements for the offer/answer exchange in [16].
4. Registration of SDP 'proto' Values (Section 14.1):
Register the three new values TCP/DTLS/BFCP, UDP/BFCP and
UDP/TLS/BFCP in the SDP parameters registry.
5. BFCP Version Negotiation (Section 7):
A new 'bfcpver' SDP media-level attribute is added in order to
signal supported version number.
Clarification and bug fixes:
1. Errata ID: 712 (Section 4 and Section 6):
Language clarification. Don't use terms like an SDP attribute is
"used in an 'm' line", instead make clear that the attribute is a
media-level attribute.
2. Fix typo in example (Section 12):
Do not use 'm-stream' in the SDP example, use the correct 'mstrm'
as specified in Section 12. Recommend interpreting 'm-stream' if
it is received, since it is present in some implementations.
3. Assorted clarifications (Across the document):
Language clarifications as a result of reviews. Also, the
normative language where tightened where appropriate, i.e.
changed from SHOULD strength to MUST in a number of places.
16. Acknowledgements
Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and
Oscar Novo provided useful ideas for the original [18]. The authors
also acknowledge contributions to the revision of BFCP for use over
an unreliable transport from Geir Arne Sandbakken, Charles Eckel,
Alan Ford, Eoin McLeod and Mark Thompson. Useful and important final
reviews were done by Ali C. Begen, Mary Barnes and Charles Eckel.
In the final stages, Roman Shpount made a considerable effort in
adding proper ICE support and considerations.
17. References
17.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
Camarillo, et al. Expires January 4, 2018 [Page 20]
Internet-Draft BFCP July 2017
[2] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<http://www.rfc-editor.org/info/rfc5234>.
[3] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002,
<http://www.rfc-editor.org/info/rfc3261>.
[4] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264,
DOI 10.17487/RFC3264, June 2002,
<http://www.rfc-editor.org/info/rfc3264>.
[5] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<http://www.rfc-editor.org/info/rfc5280>.
[6] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
Mail Extensions (S/MIME) Version 3.2 Certificate
Handling", RFC 5750, DOI 10.17487/RFC5750, January 2010,
<http://www.rfc-editor.org/info/rfc5750>.
[7] Yon, D. and G. Camarillo, "TCP-Based Media Transport in
the Session Description Protocol (SDP)", RFC 4145,
DOI 10.17487/RFC4145, September 2005,
<http://www.rfc-editor.org/info/rfc4145>.
[8] Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C.
Eckel, "The Binary Floor Control Protocol (BFCP)", draft-
ietf-bfcpbis-rfc4582bis-16 (work in progress), November
2015.
[9] Levin, O. and G. Camarillo, "The Session Description
Protocol (SDP) Label Attribute", RFC 4574,
DOI 10.17487/RFC4574, August 2006,
<http://www.rfc-editor.org/info/rfc4574>.
[10] Lennox, J. and C. Holmberg, "Connection-Oriented Media
Transport over the Transport Layer Security (TLS) Protocol
in the Session Description Protocol (SDP)", RFC 8122,
DOI 10.17487/RFC8122, March 2017,
<http://www.rfc-editor.org/info/rfc8122>.
Camarillo, et al. Expires January 4, 2018 [Page 21]
Internet-Draft BFCP July 2017
[11] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
Description Protocol", RFC 4566, DOI 10.17487/RFC4566,
July 2006, <http://www.rfc-editor.org/info/rfc4566>.
[12] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>.
[13] Lazzaro, J., "Framing Real-time Transport Protocol (RTP)
and RTP Control Protocol (RTCP) Packets over Connection-
Oriented Transport", RFC 4571, DOI 10.17487/RFC4571, July
2006, <http://www.rfc-editor.org/info/rfc4571>.
[14] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010,
<http://www.rfc-editor.org/info/rfc5245>.
[15] Rosenberg, J., Keranen, A., Lowekamp, B., and A. Roach,
"TCP Candidates with Interactive Connectivity
Establishment (ICE)", RFC 6544, DOI 10.17487/RFC6544,
March 2012, <http://www.rfc-editor.org/info/rfc6544>.
[16] Holmberg, C. and R. Shpount, "Using the SDP Offer/Answer
Mechanism for DTLS", draft-ietf-mmusic-dtls-sdp-26 (work
in progress), June 2017.
[17] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor
Control Protocol (BFCP)", RFC 4582, DOI 10.17487/RFC4582,
November 2006, <http://www.rfc-editor.org/info/rfc4582>.
[18] Camarillo, G., "Session Description Protocol (SDP) Format
for Binary Floor Control Protocol (BFCP) Streams",
RFC 4583, DOI 10.17487/RFC4583, November 2006,
<http://www.rfc-editor.org/info/rfc4583>.
17.2. Informational References
[19] Lennox, J., Ott, J., and T. Schierl, "Source-Specific
Media Attributes in the Session Description Protocol
(SDP)", RFC 5576, DOI 10.17487/RFC5576, June 2009,
<http://www.rfc-editor.org/info/rfc5576>.
[20] Holmberg, C., Alvestrand, H., and C. Jennings,
"Negotiating Media Multiplexing Using the Session
Description Protocol (SDP)", draft-ietf-mmusic-sdp-bundle-
negotiation-38 (work in progress), April 2017.
Camarillo, et al. Expires January 4, 2018 [Page 22]
Internet-Draft BFCP July 2017
[21] Nandakumar, S., "A Framework for SDP Attributes when
Multiplexing", draft-ietf-mmusic-sdp-mux-attributes-16
(work in progress), December 2016.
Authors' Addresses
Gonzalo Camarillo
Ericsson
Hirsalantie 11
FI-02420 Jorvas
Finland
Email: Gonzalo.Camarillo@ericsson.com
Tom Kristensen
Cisco
Philip Pedersens vei 1
NO-1366 Lysaker
Norway
Email: tomkrist@cisco.com, tomkri@ifi.uio.no
Paul E. Jones
Cisco
7025 Kit Creek Rd.
Research Triangle Park, NC 27709
USA
Email: paulej@packetizer.com
Camarillo, et al. Expires January 4, 2018 [Page 23]