draft-ietf-mmusic-dtls-sdp-04.txt   draft-ietf-mmusic-dtls-sdp-05.txt 
Network Working Group C. Holmberg Network Working Group C. Holmberg
Internet-Draft Ericsson Internet-Draft Ericsson
Updates: 5763,7315 (if approved) R. Shpount Updates: 5763,7315 (if approved) R. Shpount
Intended status: Standards Track TurboBridge Intended status: Standards Track TurboBridge
Expires: July 21, 2016 January 18, 2016 Expires: July 21, 2016 January 18, 2016
Using the SDP Offer/Answer Mechanism for DTLS Using the SDP Offer/Answer Mechanism for DTLS
draft-ietf-mmusic-dtls-sdp-04.txt draft-ietf-mmusic-dtls-sdp-05.txt
Abstract Abstract
This draft defines the SDP offer/answer procedures for negotiating This draft defines the SDP offer/answer procedures for negotiating
and establishing a DTLS association. The draft also defines the and establishing a DTLS association. The draft also defines the
criteria for when a new DTLS association must be established. criteria for when a new DTLS association must be established.
This draft defines a new SDP media-level attribute, 'dtls- This draft defines a new SDP media-level attribute, 'dtls-
connection'. connection'.
skipping to change at page 3, line 38 skipping to change at page 3, line 38
o The fingerprint (certificate) value changes; or o The fingerprint (certificate) value changes; or
o The establishment of a new DTLS association is explicitly o The establishment of a new DTLS association is explicitly
signaled; signaled;
NOTE: The first two items list above are based on the procedures in NOTE: The first two items list above are based on the procedures in
[RFC5763]. This draft adds the support for explicit signaling. [RFC5763]. This draft adds the support for explicit signaling.
Whenever an entity determines, based on the criteria above, that a Whenever an entity determines, based on the criteria above, that a
new DTLS association is the entity MUST initiate an associated SDP new DTLS association is required, the entity MUST initiate an
offer/answer transaction, following to the procedures in Section 5. associated SDP offer/answer transaction, following to the procedures
in Section 5.
The sections below describe typical cases where a new DTLS The sections below describe typical cases where a new DTLS
association needs to be established. association needs to be established.
3.2. Change of Local Transport Parameters 3.2. Change of Local Transport Parameters
If an endpoint modifies its local transport parameters (IP address If an endpoint modifies its local transport parameters (IP address
and/or port), and if the modification requires a new DTLS and/or port), and if the modification requires a new DTLS
association, the endpoint MUST either change its DTLS role, its association, the endpoint MUST either change its DTLS role, its
fingerprint value and/or use the SDP 'dtls-connection' attribute with fingerprint value and/or use the SDP 'dtls-connection' attribute with
skipping to change at page 6, line 9 skipping to change at page 6, line 9
negotiating a DTLS association. negotiating a DTLS association.
The SDP 'connection' attribute MAY be used if the usage is associated The SDP 'connection' attribute MAY be used if the usage is associated
with another protocol layer, e.g. SCTP or TCP, used together with with another protocol layer, e.g. SCTP or TCP, used together with
DTLS. DTLS.
Unlike for TCP and TLS connections, endpoints MUST NOT use the SDP Unlike for TCP and TLS connections, endpoints MUST NOT use the SDP
'setup' attribute 'holdconn' value when negotiating a DTLS 'setup' attribute 'holdconn' value when negotiating a DTLS
association. association.
Endpoints MUST support the algorithms defined in **** Endpoints MUST Endpoints MUST support SHA-256 for generating and verifying the
support SHA-256 for generating and verifying the fingerprint value fingerprint value associated with the DTLS association. The use of
associated with the DTLS association. The use of SHA-256 is SHA-256 is preferred.
preferred.
Endpoints MUST, at a minimum, support Endpoints MUST, at a minimum, support
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and MUST support TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and MUST support
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. UDPTL over DTLS MUST prefer TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. UDPTL over DTLS MUST prefer
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and any other Perfect Forward TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and any other Perfect Forward
Secrecy (PFS) cipher suites over non-PFS cipher suites. Secrecy (PFS) cipher suites over non-PFS cipher suites.
Implementations SHOULD disable TLS-level compression. Implementations SHOULD disable TLS-level compression.
The certificate received during the DTLS handshake MUST match the The certificate received during the DTLS handshake MUST match the
fingerprint received in the SDP "fingerprint" attribute. If the fingerprint received in the SDP "fingerprint" attribute. If the
skipping to change at page 18, line 21 skipping to change at page 18, line 21
12. Acknowledgements 12. Acknowledgements
Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat and Jens Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat and Jens
Guballa for providing comments and suggestions on the draft. Guballa for providing comments and suggestions on the draft.
13. Change Log 13. Change Log
[RFC EDITOR NOTE: Please remove this section when publishing] [RFC EDITOR NOTE: Please remove this section when publishing]
Changes from draft-ietf-mmusic-sdp-dtls-04
o Editorial nits fixed based on comments from Paul Kyzivat:
Changes from draft-ietf-mmusic-sdp-dtls-03 Changes from draft-ietf-mmusic-sdp-dtls-03
o Changes based on comments from Paul Kyzivat: o Changes based on comments from Paul Kyzivat:
o - Modification of dtls-connection attribute section. o - Modification of dtls-connection attribute section.
o - Removal of IANA considerations subsection. o - Removal of IANA considerations subsection.
o - Making note into normative text in o/a section. o - Making note into normative text in o/a section.
 End of changes. 4 change blocks. 
7 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/