| BFCPbis Working Group | G. Camarillo |
| Internet-Draft | Ericsson |
| Obsoletes: 4583 (if approved) | T. Kristensen |
| Intended status: Standards Track | P. Jones |
| Expires: May 3, 2018 | Cisco |
| October 30, 2017 |
Session Description Protocol (SDP) Format for Binary Floor Control Protocol (BFCP) Streams
draft-ietf-bfcpbis-rfc4583bis-18
This document defines the Session Description Protocol (SDP) offer/answer procedures for negotiating and establishing Binary Floor Control Protocol (BFCP) streams.
This document obsoletes RFC 4583. Changes from RFC 4583 are summarized in Section 15.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 3, 2018.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
As discussed in the BFCP (Binary Floor Control Protocol) specification [7], a given BFCP client needs a set of data in order to establish a BFCP connection to a floor control server. This data includes the transport address of the server, the conference identifier, and the user identifier.
One way for clients to obtain this information is to use an SDP offer/answer [4] exchange. This document specifies how to encode this information in the SDP session descriptions that are part of such an offer/answer exchange.
User agents typically use the offer/answer model to establish a number of media streams of different types. Following this model, a BFCP connection is described as any other media stream by using an SDP 'm' line, possibly followed by a number of attributes encoded in 'a' lines.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 and indicate requirement levels for compliant implementations.
This section describes how to generate an 'm' line for a BFCP stream.
According to the SDP specification [10], the 'm' line format is the following:
The media field MUST have a value of "application".
The port field is set depending on the value of the proto field, as explained below. A port field value of zero has the standard SDP meaning (i.e., rejection of the media stream) regardless of the proto field.
This document defines five values for the proto field: TCP/BFCP, TCP/DTLS/BFCP, TCP/TLS/BFCP, UDP/BFCP, and UDP/TLS/BFCP.
TCP/BFCP is used when BFCP runs directly on top of TCP. TCP/TLS/BFCP is used when BFCP runs on top of TLS, which in turn runs on top of TCP. TCP/DTLS/BFCP is used when running BFCP on top of DTLS [11], as described in this specification, which in turn runs on top of TCP using the framing method defined in [12] with DTLS packets being sent and received instead of RTP/RTCP packets using the shim defined in RFC4571 such that the length field defined in RFC4571 precedes each DTLS message.
Similarly, UDP/BFCP is used when BFCP runs directly on top of UDP, and UDP/TLS/BFCP is used when BFCP runs on top of DTLS, which in turn runs on top of UDP.
The fmt (format) list is not applicable to BFCP. The fmt list of 'm' lines in the case of any proto field value related to BFCP MUST contain a single "*" character. If the the fmt list contains any other value it is ignored.
The following is an example of an 'm' line for a BFCP connection:
m=application 50000 TCP/TLS/BFCP *
When two endpoints establish a BFCP stream, they need to determine which of them acts as a floor control server. In the most common scenario, a client establishes a BFCP stream with a conference server that acts as the floor control server. Floor control server determination is straight forward because one endpoint can only act as a client and the other can only act as a floor control server.
However, there are scenarios where both endpoints could act as a floor control server. For example, in a two-party session that involves an audio stream and a shared whiteboard, the endpoints need to decide which party will be acting as the floor control server.
Furthermore, there are situations where both endpoints act as both clients and floor control servers in the same session. For example, in a two-party session that involves an audio stream and a shared whiteboard, one party acts as the floor control server for the audio stream and the other acts as the floor control server for the shared whiteboard.
This document defines the 'floorctrl' SDP media-level attribute to perform floor control server determination. Its Augmented BNF syntax [2] is:
floor-control-attribute = "a=floorctrl:" role *(SP role)
role = "c-only" / "s-only" / "c-s"
The offerer will include one or more roles in its offer; the answerer MUST include only one role.
The offerer includes this attribute to state all the roles it would be willing to perform once negotiation is complete:
If an SDP media description in an offer contains a 'floorctrl' attribute, the answerer accepting that media MUST include a 'floorctrl' attribute in the corresponding media description of the answer. The answerer includes this attribute to state which role the answerer will perform. That is, the answerer chooses one of the roles the offerer is willing to perform and generates an answer with the corresponding role for the answerer. Table 1 shows the corresponding roles for an answerer, depending on the offerer's role.
| Offerer | Answerer |
|---|---|
| c-only | s-only |
| s-only | c-only |
| c-s | c-s |
The following are the descriptions of the roles when they are chosen by an answerer:
Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'floorctrl' attribute. A floor control server acting as an offerer or as an answerer MUST include this attribute in its session descriptions.
If the 'floorctrl' attribute is not used in an offer/answer exchange, by default the offerer and the answerer will act as a floor control client and as a floor control server, respectively.
The following is an example of a 'floorctrl' attribute in an offer:
a=floorctrl:c-only s-only c-s
When a 'floorctrl' attribute appears in an answer, it MUST include one and only one role.
This document defines the 'confid' and the 'userid' SDP media-level attributes. These attributes are used by a floor control server to provide a client with a conference ID and a user ID, respectively. Their Augmented BNF syntax [2] is:
confid-attribute = "a=confid:" conference-id
conference-id = token
userid-attribute = "a=userid:" user-id
user-id = token
token-char = %x21 / %x23-27 / %x2A-2B / %x2D-2E / %x30-39
/ %x41-5A / %x5E-7E
token = 1*(token-char)
The 'confid' and the 'userid' attributes carry the decimal integer representation of a conference ID and a user ID, respectively.
The token-char and token elements are defined in [10] but included here to provide support for the implementor of this SDP feature.
Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'confid' and the 'userid' attributes. A floor control server acting as an offerer or as an answerer MUST include these attributes in its session descriptions.
This document defines the 'floorid' SDP media-level attribute. This attribute is used to provide an association between media streams and floors. Its Augmented BNF syntax [2] is:
floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)]
The 'floorid' attribute is used in the SDP media description for BFCP media. It defines a floor identifier and, possibly, associates it with one or more media streams. The token representing the floor ID is the integer representation of the Floor ID to be used in BFCP. The token representing the media stream is a pointer to the media stream, which is identified by an SDP 'label' attribute [8].
Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'floorid' and the 'label' attributes. A floor control server acting as an offerer or as an answerer MUST include the 'floorid' attribute, and the 'label' attribute if using the 'mstrm' parameter, in its session descriptions.
This document defines the 'bfcpver' SDP media-level attribute. This attribute is used for BFCP version negotiation. Its Augmented BNF syntax [2] is:
bfcp-version-attribute = "a=bfcpver:" bfcp-version *(SP bfcp-version)
bfcp-version = token
The 'bfcpver' attribute defines the list of the versions of BFCP supported by the endpoint. Tokens representing versions MUST be integers matching the "Version" field that would be presented in the BFCP COMMON-HEADER [7]. The version of BFCP to be used will then be confirmed with a BFCP-level Hello/HelloAck.
Endpoints that use the offer/answer model to establish BFCP connections SHOULD support the 'bfcpver' attribute. A floor control server acting as an offerer or as an answerer SHOULD include this attribute in its session descriptions. However, endpoints that support RFC XXXX, and not only the [17] subset, are REQUIRED to support and, when acting as a floor control server, to use the 'bfcpver' attribute.
If a 'bfcpver' attribute is not present, default values are inferred from the transport specified in the 'm' line (Section 3). In accordance with definition of the Version field in [7], when used over a reliable transport the default value is "1", and when used over an unreliable transport the default value is "2".
Multiplexing of BFCP ‘m' lines, as defined in BUNDLE [19], is not defined by this specification and MUST NOT be included in a BUNDLE group. An analysis of the SDP attributes defined in [17], with regards to multiplexing of 'm' lines, is presented in Section 5.27 of [20]. The analysis for the 'bfcpver' SDP attribute, defined in this document is provided in Table 2.
| Name | Notes | Level | Mux Category |
|---|---|---|---|
| bfcpver | Needs further analysis | M | TBD |
BFCP connections can use TCP or UDP as the underlying transport. BFCP entities exchanging BFCP messages over UDP direct the BFCP messages to the peer side connection address and port provided in the SDP 'm' line. TCP connection management is more complicated and is described in the following Section.
The management of the TCP connection used to transport BFCP is performed using the 'setup' and 'connection' attributes, as defined in [6].
The 'setup' attribute indicates which of the endpoints (client or floor control server) initiates the TCP connection. The 'connection' attribute handles TCP connection re-establishment.
The BFCP specification [7] describes a number of situations when the TCP connection between a client and the floor control server needs to be re-established. However, that specification does not describe the re-establishment process because this process depends on how the connection was established in the first place. BFCP entities using the offer/answer model follow the following rules.
When the existing TCP connection is closed and re-established following the rules in [7], the client MUST generate an offer towards the floor control server in order to re-establish the connection. If a TCP connection cannot deliver a BFCP message and times out, the entity that attempted to send the message (i.e., the one that detected the TCP timeout) MUST generate an offer in order to re-establish the TCP connection.
Endpoints that use the offer/answer model to establish TCP connections MUST support the 'setup' and 'connection' attributes.
When a BFCP connection is established using the offer/answer model, it is assumed that the offerer and the answerer authenticate each other using some mechanism. TLS/DTLS is the preferred mechanism, but other mechanisms are possible and outside the scope of this document. Once this mutual authentication takes place, all the offerer and the answerer need to ensure is that the entity they are receiving BFCP messages from is the same as the one that generated the previous offer or answer.
When SDP is used to perform an offer/answer exchange, the initial mutual authentication SHOULD take place at the signaling level. Additionally, signaling can use S/MIME [5] to provide an integrity-protected channel with optional confidentiality for the offer/answer exchange. BFCP takes advantage of this integrity-protected offer/answer exchange to perform authentication. Within the offer/answer exchange, the offerer and answerer exchange the fingerprints of their self-signed certificates. These self-signed certificates are then used to establish the TLS/DTLS connection that will carry BFCP traffic between the offerer and the answerer.
BFCP clients and floor control servers follow the rules in [9] regarding certificate choice and presentation. Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'fingerprint' attribute and MUST include it in their session descriptions.
When TLS is used with TCP, once the underlying connection is established, the answerer, which may be the client or the floor control server, acts as the TLS server regardless of its role (passive or active) in the TCP establishment procedure. If the TCP connection is lost, the active endpoint is responsible for re-establishing the TCP connection. Unless a new TLS session is negotiated, subsequent SDP offers and answers will not impact the previously negotiated TLS roles.
When DTLS is used with UDP, the requirements specified in Section 5 of [15] MUST be followed.
When BFCP is used with UDP based ICE candidates [13] then the procedures for UDP/TLS/BFCP are used.
When BFCP is used with TCP based ICE candidates [14] then the procedures for TCP/DTLS/BFCP are used.
In ICE environments, during the nomination process, endpoints go through multiple ICE candidate pairs, until the most preferred candidate pair is found. During the nomination process, data can be sent as soon as the first working candidate pair is found, but the nomination process still continues and selected candidate pairs can still change while data is sent. Furthermore, if endpoints roam between networks, for instance when mobile endpoint switches from mobile connection to WiFi, endpoints will initiate an ICE restart, which will trigger a new nomination process between the new set of candidates and likely result in the new nominated candidate pair.
Implementations MUST treat all ICE candidate pairs associated with an BFCP association on top of a DTLS association as part of the same DTLS association. Thus, there will only be one BFCP handshake and one DTLS handshake even if there are multiple valid candidate pairs, and shifting from one candidate pair to another, including switching between UDP to TCP candidate pairs, will not impact the BFCP or DTLS associations. If new candidates are added, they will also be part of the same BFCP and DTLS associations. When transitioning between candidate pairs, different candidate pairs can be currently active in different directions and implementations MUST be ready to receive data on any of the candidates, even if this means sending and receiving data using UDP/TLS/BFCP and TCP/DTLS/BFCP at the same time in different directions.
In order to maximize the likelihood of interoperability between the endpoints, all ICE enabled BFCP-over-DTLS endpoints SHOULD implement support for UDP/TLS/BFCP.
When an SDP offer or answer is sent with multiple ICE candidates during initial connection negotiation or after ICE restart, UDP based candidates SHOULD be included and default candidate SHOULD be chosen from one of those UDP candidates. The proto value MUST match the transport protocol associated with the default candidate. If UDP transport is used for the default candidate, then 'UDP/TLS/BFCP' proto value MUST be used. If TCP transport is used for the default candidate, then 'TCP/DTLS/BFCP' proto value MUST be used. Note that under normal circumstances the proto value for offers and answers sent during ICE nomination SHOULD be 'UDP/TLS/BFCP'.
When a subsequent SDP offer or answer is sent after ICE nomination is complete, and does not initiate ICE restart, it will contain only the currently nominated ICE candidate pair. In this case, the proto value MUST match the transport protocol associated with the nominated ICE candidate pair. If UDP transport is used for the nominated pair, then 'UDP/TLS/BFCP' proto value MUST be used. If TCP transport is used for the nominated pair, then 'TCP/DTLS/BFCP' proto value MUST be used. Please note that if an endpoint switches between TCP-based and UDP-based candidates during the nomination process the endpoint is not required to send an SDP offer for the sole purpose of keeping the proto value of the associated 'm' line in sync.
This section defines the SDP offer/answer [4] procedures for negotiating and establishing a BFCP connection. The generic procedures for DTLS are defined in [15], the specific BFCP parts are specified here.
If the 'm' line 'proto' value is 'TCP/TLS/BFCP', 'TCP/DTLS/BFCP' or 'UDP/TLS/BFCP', each endpoint MUST provide a certificate fingerprint, using the SDP 'fingerprint' attribute [9].
The authentication certificates are interpreted and validated as defined in [9]. Self-signed certificates can be used securely, provided that the integrity of the SDP description is assured as defined in [9].
When the offerer creates an initial offer, the offerer:
In addition, if the offerer acts as the floor control server, the offerer:
When the answerer receives an offer, which contains an 'm' line describing a BFCP connection, if the answerer accepts the 'm' line it:
In addition, if the answerer acts as the floor control server, the answerer:
Once the answerer has sent the answer, the answerer:
If the answerer does not accept the 'm' line in the offer, it MUST assign a zero port value to the corresponding 'm' line in the answer. In addition, the answerer MUST NOT establish a TCP connection or a TLS/DTLS connection associated with the 'm' line.
When the offerer receives an answer, which contains an 'm' line with a non-zero port value, describing a BFCP connection, the offerer:
If the 'm' line in the answer contains a zero port value, the offerer MUST NOT establish a TCP connection or a TLS/DTLS connection associated with the 'm' line.
When an offerer sends an updated offer, in order to modify a previously established BFCP connection, it follows the procedures in Section 11.1, with the following exceptions:
For the purpose of brevity, the main portion of the session description is omitted in the examples, which only show 'm' lines and their attributes.
The following is an example of an offer sent by a conference server to a client.
m=application 50000 TCP/TLS/BFCP *
a=setup:actpass
a=connection:new
a=fingerprint:sha-256 \
19:E2:1C:3B:4B:9F:81:E6:B8:5C:F4:A5:A8:D8:73:04: \
BB:05:2F:70:9F:04:A9:0E:05:E9:26:33:E8:70:88:A2
a=floorctrl:c-only s-only
a=confid:4321
a=userid:1234
a=floorid:1 mstrm:10
a=floorid:2 mstrm:11
a=bfcpver:1
m=audio 50002 RTP/AVP 0
a=label:10
m=video 50004 RTP/AVP 31
a=label:11
Note that due to RFC formatting conventions, this document splits SDP across lines whose content would exceed 72 characters. A backslash character marks where this line folding has taken place. This backslash and its trailing CRLF and whitespace would not appear in actual SDP content.
The following is the answer returned by the client.
m=application 9 TCP/TLS/BFCP *
a=setup:active
a=connection:new
a=fingerprint:sha-256 \
6B:8B:F0:65:5F:78:E2:51:3B:AC:6F:F3:3F:46:1B:35: \
DC:B8:5F:64:1A:24:C2:43:F0:A1:58:D0:A1:2C:19:08
a=floorctrl:c-only
a=bfcpver:1
m=audio 55000 RTP/AVP 0
m=video 55002 RTP/AVP 31
A similar example using unreliable transport and DTLS is shown below, where the offer is sent from a client.
m=application 50000 UDP/TLS/BFCP *
a=setup:actpass
a=dtls-id:abc3dl
a=fingerprint:sha-256 \
19:E2:1C:3B:4B:9F:81:E6:B8:5C:F4:A5:A8:D8:73:04: \
BB:05:2F:70:9F:04:A9:0E:05:E9:26:33:E8:70:88:A2
a=floorctrl:c-only s-only
a=confid:4321
a=userid:1234
a=floorid:1 mstrm:10
a=floorid:2 mstrm:11
a=bfcpver:2
m=audio 50002 RTP/AVP 0
a=label:10
m=video 50004 RTP/AVP 31
a=label:11
The following is the answer returned by the server.
m=application 55000 UDP/TLS/BFCP *
a=setup:active
a=dtls-id:abc3dl
a=fingerprint:sha-256 \
6B:8B:F0:65:5F:78:E2:51:3B:AC:6F:F3:3F:46:1B:35: \
DC:B8:5F:64:1A:24:C2:43:F0:A1:58:D0:A1:2C:19:08
a=floorctrl:s-only
a=confid:4321
a=userid:1234
a=floorid:1 mstrm:10
a=floorid:2 mstrm:11
a=bfcpver:2
m=audio 55002 RTP/AVP 0
m=video 55004 RTP/AVP 31
The BFCP [7], SDP [10], and offer/answer [4] specifications discuss security issues related to BFCP, SDP, and offer/answer, respectively. In addition, [6] and [9] discuss security issues related to the establishment of TCP and TLS connections using an offer/answer model. Furthermore, when using DTLS over UDP, considerations for its use with RTP and RTCP are presented in [15]. The requirements for the offer/answer exchange, as listed in Section 5 of [15], MUST be followed.
An initial integrity-protected channel is REQUIRED for BFCP to exchange self-signed certificates between a client and the floor control server. For session descriptions carried in SIP [3], S/MIME [5] is the natural choice to provide such a channel.
The IANA has registered the following values for the SDP 'proto' field under the Session Description Protocol (SDP) Parameters registry:
| Value | Reference |
|---|---|
| TCP/BFCP | [RFC XXXX] |
| TCP/DTLS/BFCP | [RFC XXXX] |
| TCP/TLS/BFCP | [RFC XXXX] |
| UDP/BFCP | [RFC XXXX] |
| UDP/TLS/BFCP | [RFC XXXX] |
The IANA has registered the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
The IANA has registered the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
The IANA has registered the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
The IANA has registered the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
The IANA has registered the following SDP att-field under the Session Description Protocol (SDP) Parameters registry:
Following is the list of technical changes and other fixes from [17].
Main purpose of this work was to add signaling support necessary to support BFCP over unreliable transport, as described in [7], resulting in the following changes:
Clarification and bug fixes:
Joerg Ott, Keith Drage, Alan Johnston, Eric Rescorla, Roni Even, and Oscar Novo provided useful ideas for the original [17]. The authors also acknowledge contributions to the revision of BFCP for use over an unreliable transport from Geir Arne Sandbakken, Charles Eckel, Alan Ford, Eoin McLeod and Mark Thompson. Useful and important final reviews were done by Ali C. Begen, Mary Barnes and Charles Eckel. In the final stages, Roman Shpount made a considerable effort in adding proper ICE support and considerations.
| [18] | Lennox, J., Ott, J. and T. Schierl, "Source-Specific Media Attributes in the Session Description Protocol (SDP)", RFC 5576, DOI 10.17487/RFC5576, June 2009. |
| [19] | Holmberg, C., Alvestrand, H. and C. Jennings, "Negotiating Media Multiplexing Using the Session Description Protocol (SDP)", Internet-Draft draft-ietf-mmusic-sdp-bundle-negotiation-39, August 2017. |
| [20] | Nandakumar, S., "A Framework for SDP Attributes when Multiplexing", Internet-Draft draft-ietf-mmusic-sdp-mux-attributes-16, December 2016. |