Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: "IETF-Announce" <firstname.lastname@example.org> Cc: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, "Flemming Andreasen" <email@example.com>, "The IESG" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Connection-Oriented Media Transport over TLS in SDP' to Proposed Standard (draft-ietf-mmusic-4572-update-13.txt) The IESG has approved the following document: - 'Connection-Oriented Media Transport over TLS in SDP' (draft-ietf-mmusic-4572-update-13.txt) as Proposed Standard This document is the product of the Multiparty Multimedia Session Control Working Group. The IESG contact persons are Alexey Melnikov, Ben Campbell and Alissa Cooper. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-mmusic-4572-update/
Technical Summary The document specifies how to establish secure connection-oriented media transport sessions over the Transport Layer Security (TLS) protocol using the Session Description Protocol (SDP). It defines a new SDP protocol identifier, 'TCP/TLS'. It also defines the syntax and semantics for an SDP 'fingerprint' attribute that identifies the certificate that will be presented for the TLS session. This mechanism allows media transport over TLS connections to be established securely, so long as the integrity of session descriptions is assured. This document obsoletes RFC 4572 but remains backwards compatible with older implementations. The changes from RFC 4572 are that it clarifies that multiple 'fingerprint' attributes can be used to carry fingerprints, calculated using different hash functions, associated with a given certificate, and to carry fingerprints associated with multiple certificates. The fingerprint matching procedure, when multiple fingerprints are provided, are also clarified. The document also updates the preferred cipher suite with a stronger cipher suite, and removes the requirement to use the same hash function for calculating a certificate fingerprint and certificate signature. Working Group Summary The document was adopted as a WG document in April 2016 and hence has progressed fairly quickly. WG adoption was based on strong consensus and a clear need; the document has subsequently seen good WG discussion. The document started out as an update to RFC 4572, but was more recently changed to obsolete RFC 4572 after some concerns were raised. The resulting document has solid consensus in the WG. Document Quality There are various implementations of the existing RFC 4572. The new specification is needed for RTCWeb and hence several vendors are expected to implement it. There were many individuals providing valuable input, however Martin Thomson and Roman Shpount in particular deserve special mention. Personnel Flemming Andreasen is the Document Shepherd and Ben Campbell is the Responsible AD.