draft-ietf-mmusic-dtls-sdp-01.txt   draft-ietf-mmusic-dtls-sdp-02.txt 
Network Working Group C. Holmberg Network Working Group C. Holmberg
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Standards Track R. Shpount Intended status: Standards Track R. Shpount
Expires: April 21, 2016 TurboBridge Expires: June 9, 2016 TurboBridge
October 19, 2015 December 7, 2015
Using the SDP Offer/Answer Mechanism for DTLS Using the SDP Offer/Answer Mechanism for DTLS
draft-ietf-mmusic-dtls-sdp-01.txt draft-ietf-mmusic-dtls-sdp-02.txt
Abstract Abstract
This draft defines the SDP offer/answer procedures for negotiating This draft defines the SDP offer/answer procedures for negotiating
and establishing a DTLS association. The draft also defines the and establishing a DTLS association. The draft also defines the
criteria for when a new DTLS association must be established. criteria for when a new DTLS association must be established.
This draft defines a new SDP media-level attribute, 'dtls- This draft defines a new SDP media-level attribute, 'dtls-
connection'. connection'.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2016. This Internet-Draft will expire on June 9, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Establishing a new DTLS Association . . . . . . . . . . . . . 3 4. Establishing a new DTLS Association . . . . . . . . . . . . . 3
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 3 4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 3
4.2. Change of Local Transport Parameters . . . . . . . . . . 3 4.2. Change of Local Transport Parameters . . . . . . . . . . 4
4.3. Change of ICE ufrag value . . . . . . . . . . . . . . . . 4 4.3. Change of ICE ufrag value . . . . . . . . . . . . . . . . 4
4.4. Multiple SDP fingerprint attributes . . . . . . . . . . . 4 4.4. Multiple SDP fingerprint attributes . . . . . . . . . . . 4
5. SDP DTLS-Connection Attribute . . . . . . . . . . . . . . . . 4 5. SDP dtls-connection Attribute . . . . . . . . . . . . . . . . 4
5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 4 5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.2. ABNF . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5.2. ABNF . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 5 6. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 5
6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.2. Generating the Initial SDP Offer . . . . . . . . . . . . 5 6.2. Generating the Initial SDP Offer . . . . . . . . . . . . 6
6.3. Generating the Answer . . . . . . . . . . . . . . . . . . 5 6.3. Generating the Answer . . . . . . . . . . . . . . . . . . 6
6.4. Offerer Processing of the SDP Answer . . . . . . . . . . 6 6.4. Offerer Processing of the SDP Answer . . . . . . . . . . 7
6.5. Modifying the Session . . . . . . . . . . . . . . . . . . 6 6.5. Modifying the Session . . . . . . . . . . . . . . . . . . 7
7. ICE Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. ICE Considerations . . . . . . . . . . . . . . . . . . . . . 8
8. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. Transport Protocol Considerations . . . . . . . . . . . . . . 8
9. RFC Updates . . . . . . . . . . . . . . . . . . . . . . . . . 7 8.1. Transport Re-Usage . . . . . . . . . . . . . . . . . . . 8
10. Security Considerations . . . . . . . . . . . . . . . . . . . 7 9. SIP Considerations . . . . . . . . . . . . . . . . . . . . . 8
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 10. RFC Updates . . . . . . . . . . . . . . . . . . . . . . . . . 9
11.1. Registration of New SDP Attribute . . . . . . . . . . . 7 10.1. General . . . . . . . . . . . . . . . . . . . . . . . . 9
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 10.2. Update to RFC 5763 . . . . . . . . . . . . . . . . . . . 9
13. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 8 10.3. Update to RFC 7345 . . . . . . . . . . . . . . . . . . . 14
14. Normative References . . . . . . . . . . . . . . . . . . . . 9 11. Security Considerations . . . . . . . . . . . . . . . . . . . 17
Appendix A. Design Considerations . . . . . . . . . . . . . . . 10 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
A.1. dtls-connection versus dtls-connection-id . . . . . . . . 10 12.1. Registration of New SDP Attribute . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18
14. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 18
15. Normative References . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
[RFC5763] defines SDP Offer/Answer procedures for SRTP-DTLS. This [RFC5763] defines SDP Offer/Answer procedures for SRTP-DTLS. This
draft defines the SDP Offer/Answer [RFC3264] procedures for draft defines the SDP Offer/Answer [RFC3264] procedures for
negotiation DTLS in general, based on the procedures in [RFC5763]. negotiation DTLS in general, based on the procedures in [RFC5763].
This draft also defines a new SDP attribute, 'dtls-connection'. The This draft also defines a new SDP attribute, 'dtls-connection'. The
attribute is used in SDP offers and answers to explicitly indicate attribute is used in SDP offers and answers to explicitly indicate
whether a new DTLS association is to be established. whether a new DTLS association is to be established.
skipping to change at page 4, line 19 skipping to change at page 4, line 27
either change its DTLS role, its fingerprint value and/or use the SDP either change its DTLS role, its fingerprint value and/or use the SDP
'dtls-connection' attribute with a 'new' value Section 5. 'dtls-connection' attribute with a 'new' value Section 5.
4.4. Multiple SDP fingerprint attributes 4.4. Multiple SDP fingerprint attributes
It is possible to associate multiple SDP fingerprint attribute values It is possible to associate multiple SDP fingerprint attribute values
to an 'm-' line. If any of the attribute values associated with an to an 'm-' line. If any of the attribute values associated with an
'm-' line are removed, or if any new attribute values are added, it 'm-' line are removed, or if any new attribute values are added, it
is considered a fingerprint value change. is considered a fingerprint value change.
5. SDP DTLS-Connection Attribute 5. SDP dtls-connection Attribute
5.1. General 5.1. General
The SDP 'connection' attribute [RFC4145] was originally defined for The SDP 'connection' attribute [RFC4145] was originally defined for
connection-oriented protocols, e.g. TCP and TLS. This section connection-oriented protocols, e.g. TCP and TLS. This section
defines a similar attribute, 'dtls-connection', to be used with DTLS. defines a similar attribute, 'dtls-connection', to be used with DTLS.
A 'dtls-connection' attribute value of 'new' indicates that a new A 'dtls-connection' attribute value of 'new' indicates that a new
DTLS association MUST be established. A 'dtls-connection' attribute DTLS association MUST be established. A 'dtls-connection' attribute
value of 'existing' indicates that a new DTLS association MUST NOT be value of 'existing' indicates that a new DTLS association MUST NOT be
skipping to change at page 5, line 9 skipping to change at page 5, line 17
The ABNF [RFC5234] grammar for the SDP 'dtls-connection' attributes The ABNF [RFC5234] grammar for the SDP 'dtls-connection' attributes
is: is:
dtls-connection-attr = "a=dtls-connection:" conn-value dtls-connection-attr = "a=dtls-connection:" conn-value
conn-value = "new" / "existing" conn-value = "new" / "existing"
6. SDP Offer/Answer Procedures 6. SDP Offer/Answer Procedures
6.1. General 6.1. General
This section defines the SDP offer/answer procedures for using the This section defines the generic SDP offer/answer procedures for
SDP 'dtls-connection' attribute for DTLS. The section also describes negotiating a DTLS association. Additional procedures (e.g.
how the usage of the SDP 'setup' attribute and the SDP 'fingerprint' regarding usage of usage specific SDP attributes etc) for individual
attribute [RFC4572] is affected. DTLS usages (e.g. SRTP-DTLS) are outside the scope of this
specification, and needs to be specified in a usage specific
specification.
The procedures in this section are based on the procedures for SRTP- NOTE: The procedures in this section are based on the procedures for
DTLS [RFC5763], with the addition of usage of the SDP 'dtls- SRTP-DTLS [RFC5763], with the addition of usage of the SDP 'dtls-
connection' attribute. connection' attribute.
The procedures in this section apply to an SDP media description
("m=" line) associated a DTLS-protected media/data stream.
In order to negotiate a DTLS association, the following SDP
attributes are used:
o The SDP 'setup' attribute, defined in [RFC4145], is used to
negotiate the DTLS roles;
o The SDP 'fingerprint' attribute, defined in [RFC4572], is used to
provide the fingerprint value; and
o The SDP 'dtls-connection' attribute, defined in this
specification, is used to explicitly indicate whether a new DTLS
association is to be established or whether a previous association
is to be used.
Endpoints MUST NOT use the SDP 'connection' attribute [RFC4145] when
negotiating a DTLS association.
NOTE: The SDP 'connection' attribute may be used if the usage is
associated with another protocol layer, e.g. SCTP or TCP, used
together with DTLS.
Unlike for TCP and TLS connections, endpoints MUST NOT use the SDP
'setup' attribute 'holdconn' value when negotiating a DTLS
association.
Endpoints MUST support SHA-256 for generating and verifying the
fingerprint value associated with the DTLS association. The use of
SHA-256 is preferred.
Endpoints MUST, at a minimum, support
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and MUST support
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. UDPTL over DTLS MUST prefer
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and any other Perfect Forward
Secrecy (PFS) cipher suites over non-PFS cipher suites.
Implementations SHOULD disable TLS-level compression.
The certificate received during the DTLS handshake MUST match the
fingerprint received in the SDP "fingerprint" attribute. If the
fingerprint does not match the hashed certificate, then the endpoint
MUST tear down the media session immediately. Note that it is
permissible to wait until the other side's fingerprint has been
received before establishing the connection; however, this may have
undesirable latency effects.
6.2. Generating the Initial SDP Offer 6.2. Generating the Initial SDP Offer
When the offerer sends the initial offer, and the offerer wants to When the offerer sends the initial offer, and the offerer wants to
establish a DTLS association, it MUST insert an SDP 'dtls-connection' establish a DTLS association, it MUST insert an SDP 'dtls-connection'
attribute with a 'new' value in the offer. In addition, the offerer attribute with a 'new' value in the offer. In addition, the offerer
MUST insert an SDP 'setup' attribute according to the procedures in MUST insert an SDP 'setup' attribute according to the procedures in
[RFC4145], and an SDP 'fingerprint' attribute according to the [RFC4145], and an SDP 'fingerprint' attribute according to the
procedures in [RFC4572], in the offer. procedures in [RFC4572], in the offer.
Unlike for TCP and TLS connections, in case of DTLS associations the If the offerer inserts the SDP 'setup' attribute with an 'actpass' or
SDP 'setup' attribute 'holdconn' value MUST NOT be used. 'passive' value, the offerer MUST be prepared to receive a DTLS
ClientHello message (if a new DTLS association is established by the
answerer) from the answerer before it receives the SDP answer.
6.3. Generating the Answer 6.3. Generating the Answer
If an answerer receives an offer that contains an SDP 'dtls- If an answerer receives an offer that contains an SDP 'dtls-
connection' attribute with a 'new' value, the answerer MUST insert a connection' attribute with a 'new' value, or if the answerer receives
'new' value in the associated answer. The same applies if the and offer that contains an 'dtls-connection' attribute with an
answerer receives an offer that contains an SDP 'dtls-connection' 'existing' value and the answerer determines (based on the criteria
attribute with a 'new' value, but the answerer determines (based on for establishing a new DTLS association) that a new DTLS association
the criteria for establishing a new DTLS association) that a new DTLS is to be established, the answerer MUST insert a 'new' value in the
association is to be established. In addition, the answerer MUST associated answer. In addition, the answerer MUST insert an SDP
insert an SDP 'setup' attribute according to the procedures in 'setup' attribute according to the procedures in [RFC4145], and an
[RFC4145], and an SDP 'fingerprint' attribute according to the SDP 'fingerprint' attribute according to the procedures in [RFC4572],
procedures in [RFC4572], in the answer. in the answer.
If the answerer does not accept the establishment of the DTLS If an answerer receives an offer that contains an SDP 'dtls-
association, it MUST reject the "m=" lines associated with the connection' attribute with a 'new' value, and if the answerer does
suggested DTLS association [RFC3264]. not accept the establishment of a new DTLS association, the answerer
MUST reject the "m=" lines associated with the suggested DTLS
association [RFC3264].
If an answerer receives an offer that contains a 'dtls-connection' If an answerer receives an offer that contains a 'dtls-connection'
attribute with an 'existing' value, and if the answerer determines attribute with an 'existing' value, and if the answerer determines
that a new DTLS association does not need to be established, it MUST that a new DTLS association is not to be established, the answerer
insert a connection attribute with an 'existing' value in the MUST insert a 'dtls-connection' attribute with an 'existing' value in
associated answer. In addition, the answerer MUST insert an SDP the associated answer. In addition, the answerer MUST insert an SDP
'setup' attribute with a value that does not change the previously 'setup' attribute with a value that does not change the previously
negotiated DTLS roles, and an SDP 'fingerprint' attribute with a negotiated DTLS roles, and an SDP 'fingerprint' attribute with a
value that does not change the fingerprint, in the answer. value that does not change the previously sent fingerprint, in the
answer.
If the answerer receives an offer that does not contain an SDP 'dtls- If the answerer receives an offer that does not contain an SDP 'dtls-
connection' attribute, the answerer MUST NOT insert a 'dtls- connection' attribute, the answerer MUST NOT insert a 'dtls-
connection' attribute in the answer. connection' attribute in the answer.
If a new DTLS association is to be established, and if the answerer If a new DTLS association is to be established, and if the answerer
becomes DTLS client, the answerer MUST initiate the procedures for inserts an SDP 'setup' attribute with an 'active' value in the
establishing the DTLS association. If the answerer becomes DTLS answer, the answerer MUST initiate a DTLS handshake by sending a DTLS
server, it MUST wait for the offerer to establish the DTLS ClientHello message towards the the offerer.
association.
6.4. Offerer Processing of the SDP Answer 6.4. Offerer Processing of the SDP Answer
When an offerer receives an answer that contains an SDP 'dtls- When an offerer receives an answer that contains an SDP 'dtls-
connection' attribute with a 'new' value, and if the offerer becomes connection' attribute with a 'new' value, and if the offerer becomes
DTLS client, the offerer MUST establish a DTLS association. If the DTLS client, the offerer MUST establish a DTLS association. If the
offerer becomes DTLS server, it MUST wait for the answerer to offerer becomes DTLS server, it MUST wait for the answerer to
establish the DTLS association. establish the DTLS association.
If the answer contains an SDP 'dtls-connection' attribute with an If the answer contains an SDP 'dtls-connection' attribute with an
'existing' value, the offerer will continue using the previously 'existing' value, the offerer will continue using the previously
established DTLS association. It is considered an error case if the established DTLS association. It is considered an error case if the
answer contains a 'dtls-connection' attribute with an 'existing' answer contains a 'dtls-connection' attribute with an 'existing'
value, and a DTLS association does not exist. value, and a DTLS association does not exist.
6.5. Modifying the Session 6.5. Modifying the Session
When the offerer sends a subsequent offer, and the offerer wants to When the offerer sends a subsequent offer, and if the offerer wants
establish a new DTLS association, the offerer MUST insert an SDP to establish a new DTLS association, the offerer MUST insert an SDP
'dtls-connection' attribute with a 'new' value in the offer. In 'dtls-connection' attribute with a 'new' value in the offer. In
addition, the offerer MUST insert an SDP 'setup' attribute according addition, the offerer MUST insert an SDP 'setup' attribute according
to the procedures in [RFC4145], and an SDP 'fingerprint' attribute to the procedures in [RFC4145], and an SDP 'fingerprint' attribute
according to the procedures in [RFC4572], in the offer. according to the procedures in [RFC4572], in the offer.
when the offerer sends a subsequent offer, and the offerer does not when the offerer sends a subsequent offer, and the offerer does not
want to establish a new DTLS association, if a previously established want to establish a new DTLS association, and if a previously
DTLS association exists, the offerer MUST insert an SDP 'dtls- established DTLS association exists, the offerer MUST insert an SDP
connection' attribute with an 'existing' value in the offer. In 'dtls-connection' attribute with an 'existing' value in the offer.
addition, the offerer MUST insert an SDP 'setup' attribute with a In addition, the offerer MUST insert an SDP 'setup' attribute with a
value that does not change the previously negotiated DTLS roles, and value that does not change the previously negotiated DTLS roles, and
an SDP 'fingerprint' attribute with a value that does not change the an SDP 'fingerprint' attribute with a value that does not change the
fingerprint, in the offer. previously sent fingerprint, in the offer.
NOTE: When a new DTLS association is established, each endpoint needs
to be prepared to receive data on both the new and old DTLS
associations as long as both are alive.
7. ICE Considerations 7. ICE Considerations
When ICE is used, the ICE connectivity checks are performed before
the DTLS handshake begins. Note that if aggressive nomination mode
is used, multiple candidate pairs may be marked valid before ICE
finally converges on a single candidate pair.
An ICE restart [RFC5245] does not by default require a new DTLS An ICE restart [RFC5245] does not by default require a new DTLS
association to be established. association to be established.
As defined in [RFC5763], each ICE candidate associated with a As defined in [RFC5763], each ICE candidate associated with a
component is treated as being part of the same DTLS association. component is treated as being part of the same DTLS association.
Therefore, from a DTLS perspective it is not considered a change of Therefore, from a DTLS perspective it is not considered a change of
local transport parameters when an endpoint switches between those local transport parameters when an endpoint switches between those
ICE candidates. ICE candidates.
8. SIP Considerations 8. Transport Protocol Considerations
8.1. Transport Re-Usage
If DTLS is transported on top of a connection-oriented transport
protocol (e.g. TCP or SCTP), where all IP packets are acknowledged,
all DTLS packets associated with a previous DTLS association MUST be
acknowledged (or timed out) before a new DTLS association can be
established on the same transport.
9. SIP Considerations
When the Session Initiation Protocol (SIP) [RFC3261] is used as the When the Session Initiation Protocol (SIP) [RFC3261] is used as the
signal protocol for establishing a multimedia session, dialogs signal protocol for establishing a multimedia session, dialogs
[RFC3261] might be established between the caller and multiple [RFC3261] might be established between the caller and multiple
callees. This is referred to as forking. If forking occurs, callees. This is referred to as forking. If forking occurs,
separate DTLS associations MUST be established between the caller and separate DTLS associations MUST be established between the caller and
each callee. each callee.
It is possible to send an INVITE request which does not contain an It is possible to send an INVITE request which does not contain an
SDP offer. Such INVITE request is often referred to as an 'empty SDP offer. Such INVITE request is often referred to as an 'empty
INVITE', or an 'offerless INVITE'. The receiving endpoint will INVITE', or an 'offerless INVITE'. The receiving endpoint will
include the SDP offer in a response associated with the response. include the SDP offer in a response associated with the response.
When the endpoint generates such SDP offer, it MUST assign an SDP When the endpoint generates such SDP offer, it MUST assign an SDP
connection attribute, with a 'new' value, to each 'm-' line that connection attribute, with a 'new' value, to each 'm-' line that
describes DTLS protected media. If ICE is used, the endpoint MUST describes DTLS protected media. If ICE is used, the endpoint MUST
allocate a new set of ICE candidates, in order to ensure that two allocate a new set of ICE candidates, in order to ensure that two
DTLS association would not be running over the same transport. DTLS association would not be running over the same transport.
9. RFC Updates 10. RFC Updates
Here we will add the RFC updates that are needed. 10.1. General
10. Security Considerations This section updates specifications that use DTLS-protected media, in
order to reflect the procedures defined in this specification.
This draft does not modify the security considerations associated 10.2. Update to RFC 5763
with DTLS, or the SDP offer/answer mechanism. The draft simply
clarifies the procedures for negotiating and establishing a DTLS
association.
11. IANA Considerations Update to section 5:
--------------------
11.1. Registration of New SDP Attribute OLD TEXT:
5. Establishing a Secure Channel
The two endpoints in the exchange present their identities as part of
the DTLS handshake procedure using certificates. This document uses
certificates in the same style as described in "Connection-Oriented
Media Transport over the Transport Layer Security (TLS) Protocol in
the Session Description Protocol (SDP)" [RFC4572].
If self-signed certificates are used, the content of the
subjectAltName attribute inside the certificate MAY use the uniform
resource identifier (URI) of the user. This is useful for debugging
purposes only and is not required to bind the certificate to one of
the communication endpoints. The integrity of the certificate is
ensured through the fingerprint attribute in the SDP. The
subjectAltName is not an important component of the certificate
verification.
The generation of public/private key pairs is relatively expensive.
Endpoints are not required to generate certificates for each session.
The offer/answer model, defined in [RFC3264], is used by protocols
like the Session Initiation Protocol (SIP) [RFC3261] to set up
multimedia sessions. In addition to the usual contents of an SDP
[RFC4566] message, each media description ("m=" line and associated
parameters) will also contain several attributes as specified in
[RFC5764], [RFC4145], and [RFC4572].
When an endpoint wishes to set up a secure media session with another
endpoint, it sends an offer in a SIP message to the other endpoint.
This offer includes, as part of the SDP payload, the fingerprint of
the certificate that the endpoint wants to use. The endpoint SHOULD
send the SIP message containing the offer to the offerer's SIP proxy
over an integrity protected channel. The proxy SHOULD add an
Identity header field according to the procedures outlined in
[RFC4474]. The SIP message containing the offer SHOULD be sent to
the offerer's SIP proxy over an integrity protected channel. When
the far endpoint receives the SIP message, it can verify the identity
of the sender using the Identity header field. Since the Identity
header field is a digital signature across several SIP header fields,
in addition to the body of the SIP message, the receiver can also be
certain that the message has not been tampered with after the digital
signature was applied and added to the SIP message.
The far endpoint (answerer) may now establish a DTLS association with
the offerer. Alternately, it can indicate in its answer that the
offerer is to initiate the TLS association. In either case, mutual
DTLS certificate-based authentication will be used. After completing
the DTLS handshake, information about the authenticated identities,
including the certificates, are made available to the endpoint
application. The answerer is then able to verify that the offerer's
certificate used for authentication in the DTLS handshake can be
associated to the certificate fingerprint contained in the offer in
the SDP. At this point, the answerer may indicate to the end user
that the media is secured. The offerer may only tentatively accept
the answerer's certificate since it may not yet have the answerer's
certificate fingerprint.
When the answerer accepts the offer, it provides an answer back to
the offerer containing the answerer's certificate fingerprint. At
this point, the offerer can accept or reject the peer's certificate
and the offerer can indicate to the end user that the media is
secured.
Note that the entire authentication and key exchange for securing the
media traffic is handled in the media path through DTLS. The
signaling path is only used to verify the peers' certificate
fingerprints.
The offer and answer MUST conform to the following requirements.
o The endpoint MUST use the setup attribute defined in [RFC4145].
The endpoint that is the offerer MUST use the setup attribute
value of setup:actpass and be prepared to receive a client_hello
before it receives the answer. The answerer MUST use either a
setup attribute value of setup:active or setup:passive. Note that
if the answerer uses setup:passive, then the DTLS handshake will
not begin until the answerer is received, which adds additional
latency. setup:active allows the answer and the DTLS handshake to
occur in parallel. Thus, setup:active is RECOMMENDED. Whichever
party is active MUST initiate a DTLS handshake by sending a
ClientHello over each flow (host/port quartet).
o The endpoint MUST NOT use the connection attribute defined in
[RFC4145].
o The endpoint MUST use the certificate fingerprint attribute as
specified in [RFC4572].
o The certificate presented during the DTLS handshake MUST match the
fingerprint exchanged via the signaling path in the SDP. The
security properties of this mechanism are described in Section 8.
o If the fingerprint does not match the hashed certificate, then the
endpoint MUST tear down the media session immediately. Note that
it is permissible to wait until the other side's fingerprint has
been received before establishing the connection; however, this
may have undesirable latency effects.
NEW TEXT:
5. Establishing a Secure Channel
The two endpoints in the exchange present their identities as part of
the DTLS handshake procedure using certificates. This document uses
certificates in the same style as described in "Connection-Oriented
Media Transport over the Transport Layer Security (TLS) Protocol in
the Session Description Protocol (SDP)" [RFC4572].
If self-signed certificates are used, the content of the
subjectAltName attribute inside the certificate MAY use the uniform
resource identifier (URI) of the user. This is useful for debugging
purposes only and is not required to bind the certificate to one of
the communication endpoints. The integrity of the certificate is
ensured through the fingerprint attribute in the SDP. The
subjectAltName is not an important component of the certificate
verification.
The generation of public/private key pairs is relatively expensive.
Endpoints are not required to generate certificates for each session.
The offer/answer model, defined in [RFC3264], is used by protocols
like the Session Initiation Protocol (SIP) [RFC3261] to set up
multimedia sessions.
When an endpoint wishes to set up a secure media session with another
endpoint, it sends an offer in a SIP message to the other endpoint.
This offer includes, as part of the SDP payload, the fingerprint of
the certificate that the endpoint wants to use. The endpoint SHOULD
send the SIP message containing the offer to the offerer's SIP proxy
over an integrity protected channel. The proxy SHOULD add an
Identity header field according to the procedures outlined in
[RFC4474]. The SIP message containing the offer SHOULD be sent to
the offerer's SIP proxy over an integrity protected channel. When
the far endpoint receives the SIP message, it can verify the identity
of the sender using the Identity header field. Since the Identity
header field is a digital signature across several SIP header fields,
in addition to the body of the SIP message, the receiver can also be
certain that the message has not been tampered with after the digital
signature was applied and added to the SIP message.
The far endpoint (answerer) may now establish a DTLS association with
the offerer. Alternately, it can indicate in its answer that the
offerer is to initiate the TLS association. In either case, mutual
DTLS certificate-based authentication will be used. After completing
the DTLS handshake, information about the authenticated identities,
including the certificates, are made available to the endpoint
application. The answerer is then able to verify that the offerer's
certificate used for authentication in the DTLS handshake can be
associated to the certificate fingerprint contained in the offer in
the SDP. At this point, the answerer may indicate to the end user
that the media is secured. The offerer may only tentatively accept
the answerer's certificate since it may not yet have the answerer's
certificate fingerprint.
When the answerer accepts the offer, it provides an answer back to
the offerer containing the answerer's certificate fingerprint. At
this point, the offerer can accept or reject the peer's certificate
and the offerer can indicate to the end user that the media is
secured.
Note that the entire authentication and key exchange for securing the
media traffic is handled in the media path through DTLS. The
signaling path is only used to verify the peers' certificate
fingerprints.
The offerer and answerer MUST follow the SDP offer/answer procedures
defined in [RFCXXXX].
Update to section 6.6:
----------------------
OLD TEXT:
6.6. Session Modification
Once an answer is provided to the offerer, either endpoint MAY
request a session modification that MAY include an updated offer.
This session modification can be carried in either an INVITE or
UPDATE request. The peers can reuse the existing associations if
they are compatible (i.e., they have the same key fingerprints and
transport parameters), or establish a new one following the same
rules are for initial exchanges, tearing down the existing
association as soon as the offer/answer exchange is completed. Note
that if the active/passive status of the endpoints changes, a new
connection MUST be established.
NEW TEXT:
6.6. Session Modification
Once an answer is provided to the offerer, either endpoint MAY
request a session modification that MAY include an updated offer.
This session modification can be carried in either an INVITE or
UPDATE request. The peers can reuse an existing DTLS association,
or establish a new one, following the procedures in [RFCXXXX].
Update to section 6.7.1:
------------------------
OLD TEXT:
6.7.1. ICE Interaction
Interactive Connectivity Establishment (ICE), as specified in
[RFC5245], provides a methodology of allowing participants in
multimedia sessions to verify mutual connectivity. When ICE is being
used, the ICE connectivity checks are performed before the DTLS
handshake begins. Note that if aggressive nomination mode is used,
multiple candidate pairs may be marked valid before ICE finally
converges on a single candidate pair. Implementations MUST treat all
ICE candidate pairs associated with a single component as part of the
same DTLS association. Thus, there will be only one DTLS handshake
even if there are multiple valid candidate pairs. Note that this may
mean adjusting the endpoint IP addresses if the selected candidate
pair shifts, just as if the DTLS packets were an ordinary media
stream.
Note that Simple Traversal of the UDP Protocol through NAT (STUN)
packets are sent directly over UDP, not over DTLS. [RFC5764]
describes how to demultiplex STUN packets from DTLS packets and SRTP
packets.
NEW TEXT:
6.7.1. ICE Interaction
The Interactive Connectivity Establishment (ICE) [RFC5245]
considerations for DTLS-protected media are described in
[RFCXXXX].
Note that Simple Traversal of the UDP Protocol through NAT (STUN)
packets are sent directly over UDP, not over DTLS. [RFC5764]
describes how to demultiplex STUN packets from DTLS packets and SRTP
packets.
10.3. Update to RFC 7345
Update to section 4:
--------------------
OLD TEXT:
4. SDP Offerer/Answerer Procedures
4.1. General
An endpoint (i.e., both the offerer and the answerer) MUST create an
SDP media description ("m=" line) for each UDPTL-over-DTLS media
stream and MUST assign a UDP/TLS/UDPTL value (see Table 1) to the
"proto" field of the "m=" line.
The procedures in this section apply to an "m=" line associated with
a UDPTL-over-DTLS media stream.
In order to negotiate a UDPTL-over-DTLS media stream, the following
SDP attributes are used:
o The SDP attributes defined for UDPTL over UDP, as described in
[ITU.T38.2010]; and
o The SDP attributes, defined in [RFC4145] and [RFC4572], as
described in this section.
The endpoint MUST NOT use the SDP "connection" attribute [RFC4145].
In order to negotiate the TLS roles for the UDPTL-over-DTLS transport
connection, the endpoint MUST use the SDP "setup" attribute
[RFC4145].
If the endpoint supports, and is willing to use, a cipher suite with
an associated certificate, the endpoint MUST include an SDP
"fingerprint" attribute [RFC4572]. The endpoint MUST support SHA-256
for generating and verifying the SDP "fingerprint" attribute value.
The use of SHA-256 is preferred. UDPTL over DTLS, at a minimum, MUST
support TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and MUST support
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. UDPTL over DTLS MUST prefer
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and any other Perfect Forward
Secrecy (PFS) cipher suites over non-PFS cipher suites.
Implementations SHOULD disable TLS-level compression.
If a cipher suite with an associated certificate is selected during
the DTLS handshake, the certificate received during the DTLS
handshake MUST match the fingerprint received in the SDP
"fingerprint" attribute. If the fingerprint does not match the
hashed certificate, then the endpoint MUST tear down the media
session immediately. Note that it is permissible to wait until the
other side's fingerprint has been received before establishing the
connection; however, this may have undesirable latency effects.
4.2. Generating the Initial Offer
The offerer SHOULD assign the SDP "setup" attribute with a value of
"actpass", unless the offerer insists on being either the sender or
receiver of the DTLS ClientHello message, in which case the offerer
can use either a value of "active" (the offerer will be the sender of
ClientHello) or "passive" (the offerer will be the receiver of
ClientHello). The offerer MUST NOT assign an SDP "setup" attribute
with a "holdconn" value.
If the offerer assigns the SDP "setup" attribute with a value of
"actpass" or "passive", the offerer MUST be prepared to receive a
DTLS ClientHello message before it receives the SDP answer.
4.3. Generating the Answer
If the answerer accepts the offered UDPTL-over-DTLS transport
connection, in the associated SDP answer, the answerer MUST assign an
SDP "setup" attribute with a value of either "active" or "passive",
according to the procedures in [RFC4145]. The answerer MUST NOT
assign an SDP "setup" attribute with a value of "holdconn".
If the answerer assigns an SDP "setup" attribute with a value of
"active" value, the answerer MUST initiate a DTLS handshake by
sending a DTLS ClientHello message on the negotiated media stream,
towards the IP address and port of the offerer.
4.4. Offerer Processing of the Answer
When the offerer receives an SDP answer, if the offerer ends up being
active it MUST initiate a DTLS handshake by sending a DTLS
ClientHello message on the negotiated media stream, towards the IP
address and port of the answerer.
4.5. Modifying the Session
Once an offer/answer exchange has been completed, either endpoint MAY
send a new offer in order to modify the session. The endpoints can
reuse the existing DTLS association if the key fingerprint values and
transport parameters indicated by each endpoint are unchanged.
Otherwise, following the rules for the initial offer/answer exchange,
the endpoints can negotiate and create a new DTLS association and,
once created, delete the previous DTLS association, following the
same rules for the initial offer/answer exchange. Each endpoint
needs to be prepared to receive data on both the new and old DTLS
associations as long as both are alive.
NEW TEXT:
4. SDP Offerer/Answerer Procedures
An endpoint (i.e., both the offerer and the answerer) MUST create an
SDP media description ("m=" line) for each UDPTL-over-DTLS media
stream and MUST assign a UDP/TLS/UDPTL value (see Table 1) to the
"proto" field of the "m=" line.
The offerer and answerer MUST follow the SDP offer/answer procedures
defined in [RFCXXXX] in order to negotiate the DTLS association
associated with the UDPTL-over-DTLS media stream. In addition,
the offerer and answerer MUST use the SDP attributes defined for
UDPTL over UDP, as defined in [ITU.T38.2010].
Update to section 5.2.1:
------------------------
OLD TEXT:
5.2.1. ICE Usage
When Interactive Connectivity Establishment (ICE) [RFC5245] is being
used, the ICE connectivity checks are performed before the DTLS
handshake begins. Note that if aggressive nomination mode is used,
multiple candidate pairs may be marked valid before ICE finally
converges on a single candidate pair. User Agents (UAs) MUST treat
all ICE candidate pairs associated with a single component as part of
the same DTLS association. Thus, there will be only one DTLS
handshake even if there are multiple valid candidate pairs. Note
that this may mean adjusting the endpoint IP addresses if the
selected candidate pair shifts, just as if the DTLS packets were an
ordinary media stream. In the case of an ICE restart, the DTLS
handshake procedure is repeated, and a new DTLS association is
created. Once the DTLS handshake is completed and the new DTLS
association has been created, the previous DTLS association is
deleted.
NEW TEXT:
5.2.1. ICE Usage
The Interactive Connectivity Establishment (ICE) [RFC5245]
considerations for DTLS-protected media are described in
[RFCXXXX].
11. Security Considerations
This specification does not modify the security considerations
associated with DTLS, or the SDP offer/answer mechanism. In addition
to the introduction of the SDP 'dtls-connection' attribute, the
specification simply clarifies the procedures for negotiating and
establishing a DTLS association.
12. IANA Considerations
12.1. Registration of New SDP Attribute
This document updates the "Session Description Protocol Parameters" This document updates the "Session Description Protocol Parameters"
registry as specified in Section 8.2.2 of [RFC4566]. Specifically, registry as specified in Section 8.2.2 of [RFC4566]. Specifically,
it adds the SDP attributes in Section 11.1 to the table for SDP media it adds the SDP attributes in Section 12.1 to the table for SDP media
level attributes. level attributes.
Attribute name: dtls-connection Attribute name: dtls-connection
Type of attribute: media-level Type of attribute: media-level
Subject to charset: no Subject to charset: no
Purpose: TBD Purpose: TBD
Appropriate Values: see Section X Appropriate Values: see Section X
Contact name: Christer Holmberg Contact name: Christer Holmberg
12. Acknowledgements 13. Acknowledgements
Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat and Jens Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat and Jens
Guballa for providing comments and suggestions on the draft. Guballa for providing comments and suggestions on the draft.
13. Change Log 14. Change Log
[RFC EDITOR NOTE: Please remove this section when publishing] [RFC EDITOR NOTE: Please remove this section when publishing]
Changes from draft-ietf-mmusic-sdp-dtls-01
o - Annex regarding 'dtls-connection-id' attribute removed.
o - Additional SDP offer/answer procedures, related to certificates,
added.
o - Updates to RFC 5763 and RFC 7345 added.
o - Transport protocol considerations added.
Changes from draft-ietf-mmusic-sdp-dtls-00 Changes from draft-ietf-mmusic-sdp-dtls-00
o - SDP 'connection' attribute replaced with new 'dtls-connection' o - SDP 'connection' attribute replaced with new 'dtls-connection'
attribute. attribute.
o - IANA Considerations added. o - IANA Considerations added.
o - E-mail regarding 'dtls-connection-id' attribute added as Annex. o - E-mail regarding 'dtls-connection-id' attribute added as Annex.
Changes from draft-holmberg-mmusic-sdp-dtls-01 Changes from draft-holmberg-mmusic-sdp-dtls-01
skipping to change at page 9, line 5 skipping to change at page 19, line 11
unchanged in associated answer. unchanged in associated answer.
o - SIP Considerations section added. o - SIP Considerations section added.
o - Section about multiple SDP fingerprint attributes added. o - Section about multiple SDP fingerprint attributes added.
Changes from draft-holmberg-mmusic-sdp-dtls-00 Changes from draft-holmberg-mmusic-sdp-dtls-00
o - Editorial changes and clarifications. o - Editorial changes and clarifications.
14. Normative References 15. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261, Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002, DOI 10.17487/RFC3261, June 2002,
skipping to change at page 10, line 11 skipping to change at page 20, line 17
Traversal for Offer/Answer Protocols", RFC 5245, Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010, DOI 10.17487/RFC5245, April 2010,
<http://www.rfc-editor.org/info/rfc5245>. <http://www.rfc-editor.org/info/rfc5245>.
[RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework
for Establishing a Secure Real-time Transport Protocol for Establishing a Secure Real-time Transport Protocol
(SRTP) Security Context Using Datagram Transport Layer (SRTP) Security Context Using Datagram Transport Layer
Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May
2010, <http://www.rfc-editor.org/info/rfc5763>. 2010, <http://www.rfc-editor.org/info/rfc5763>.
Appendix A. Design Considerations
A.1. dtls-connection versus dtls-connection-id
The text below is from an e-mail sent by Roman to the MMUSIC mailing
list, 1st October 2015. It is intended to serve as background
reading when discussing the way forward regarding the SDP attribute.
The "dtls-ufrag" has little to do with ICE and exists
in a completely different layer. We can call this
attribute "dtls-connection-id" if this will makes it
less spooky. The problem that I am trying to resolve
with new attribute is related to when new DTLS association
needs to be established. I would argue that original
intent was, that new DTLS association needs to be
established on change of one of the end points or
DTLS association setup attributes (setup role or
fingerprint).
Originally, end point change was detected based on
transport 5-tuple change. This, of cause, does not
work for ICE, where 5-tuple is not known in advance
and all 5-tuples associated with the same ICE component
should be treated as the same connection. One option was
to detect end point change when ICE is used based on
ICE ufrag change, but this does not work either since
ufrag can change due to ICE restart, but the same
endpoints will continue to communicate.
I would also argue that setting up new DTLS association
on 5-tuple change does not always work for non-ICE case
either, since we can have an end point which can initiate
a re-INVITE when it detects the local IP changes due to
DHCP lease expiration or any other reason. This transport
change does not necessarily require DTLS association
change, and new DTLS handshake is undesirable since it
will delay the media flow re-establishment but several
network round trips.
So, we need to detect when two new end-points are
communicating and new DTLS association needs to be
setup. What we originally proposed is that end point
will simply tell that it is setting up a new session
by using SDP connection attribute or some renamed
version of it.
What I am saying here is that end point cannot always
identify if it needs to setup a new DTLS association.
The problem arises when new offer is generated in
response to an offerless INVITE. In such case, an end
point does not know if it is continuing to communicate
with the same end-point or if this offer is intended
to be sent to a new end point.
There are two solution possible to this:
1. We specify that if an end points generates an offer in
response to an offer-less INVITE it should always assume
it is communicating with a new end point, it MUST add
"connection:new" and MUST make sure that none of the
existing transports can be possibly reused for this new
DTLS association by allocating new IP:port for non ICE
or a complete new set of ICE candidates in case of ICE.
This will work, but it is wasteful when offer-less INVITE
re-establishes connection between two existing end points.
In such cases additional ports will be consumed, TURN
tunnels will be allocated, and time spent on creating a
DTLS session when all of this can be simply reused.
2. Instead of asking the end point which generates the
offer to determine if it is establishing a new DTLS
association, we will ask the end point to identify itself.
So, instead of SDP connection attribute, an end point
will provide some sort of randomly generated end point
identifier in the new attribute (dtls-ufrag or
dtls-connection-id). When the connection ID pair stays
the same, the existing DTLS association continues to run
over the negotiated transport. If one of the connection
IDs changes, this would mean new DTLS association would
need to be established. This nicely uncouples end point
change identification from transport and makes negotiation
follow the original intent.
In case of response to an offer-less INVITE, an offer with
the existing connection ID will be generated. If this offer
is sent to a new end point, both end points will detect
that new DTLS association is required due to connection ID
change of the answering end point. If this offer will be
sent to an end point which is already a part of the existing
DTLS association, no new DTLS association will be necessary,
since both connection IDs will stay the same.
This also gives us path to a more "strategic" solution in the
future. DTLS handshake can be extended to include the
connection ID. Each DTLS handshake can negotiate a association
identifier similar to SSRC which can be used in the all
subsequent DTLS messages for this association. This way
multiple DTLS associations can be multiplexed over the single
transport and each of them can be tied to an m= line in
offer/answer. This, of cause, is not part of the current
draft and is outside of MMUSIC chapter, but does provide a
natural extension path for DTLS in the future.
In general Christer and I are trying to understand if there
is interest in formalizing the dtls-connection-id option
(more complex) or if we should stick with SDP
connection:new/existing attribute and force new DTLS association
always be established in response to offer-less INVITE (simpler
option but can waste resources).
Please let us know if these options need further clarification
or if you have any additional questions or opinions.
Authors' Addresses Authors' Addresses
Christer Holmberg Christer Holmberg
Ericsson Ericsson
Hirsalantie 11 Hirsalantie 11
Jorvas 02420 Jorvas 02420
Finland Finland
Email: christer.holmberg@ericsson.com Email: christer.holmberg@ericsson.com
 End of changes. 34 change blocks. 
186 lines changed or deleted 552 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/