draft-ietf-mmusic-dtls-sdp-21.txt   draft-ietf-mmusic-dtls-sdp-22.txt 
Network Working Group C. Holmberg Network Working Group C. Holmberg
Internet-Draft Ericsson Internet-Draft Ericsson
Updates: 5763,7345 (if approved) R. Shpount Updates: 5763,7345 (if approved) R. Shpount
Intended status: Standards Track TurboBridge Intended status: Standards Track TurboBridge
Expires: September 13, 2017 March 12, 2017 Expires: September 16, 2017 March 15, 2017
Using the SDP Offer/Answer Mechanism for DTLS Using the SDP Offer/Answer Mechanism for DTLS
draft-ietf-mmusic-dtls-sdp-21.txt draft-ietf-mmusic-dtls-sdp-22.txt
Abstract Abstract
This document defines the SDP offer/answer procedures for negotiating This document defines the SDP offer/answer procedures for negotiating
and establishing a DTLS association. The document also defines the and establishing a DTLS association. The document also defines the
criteria for when a new DTLS association must be established. The criteria for when a new DTLS association must be established. The
document updates RFC 5763 and RFC 7345, by replacing common SDP document updates RFC 5763 and RFC 7345, by replacing common SDP
offer/answer procedures with a reference to this specification. offer/answer procedures with a reference to this specification.
This document defines a new SDP media-level attribute, 'dtls-id'. This document defines a new SDP media-level attribute, 'dtls-id'.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 13, 2017. This Internet-Draft will expire on September 16, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 5 skipping to change at page 3, line 5
[RFC7345] defines SDP offer/answer procedures for UDPTL-DTLS. This [RFC7345] defines SDP offer/answer procedures for UDPTL-DTLS. This
specification defines general offer/answer procedures for DTLS, based specification defines general offer/answer procedures for DTLS, based
on the procedures in [RFC5763]. Other specifications, defining on the procedures in [RFC5763]. Other specifications, defining
specific DTLS usages, can then reference this specification, in order specific DTLS usages, can then reference this specification, in order
to ensure that the DTLS aspects are common among all usages. Having to ensure that the DTLS aspects are common among all usages. Having
common procedures is essential when multiple usages share the same common procedures is essential when multiple usages share the same
DTLS association [I-D.ietf-mmusic-sdp-bundle-negotiation]. The DTLS association [I-D.ietf-mmusic-sdp-bundle-negotiation]. The
document updates [RFC5763] and [RFC7345], by replacing common SDP document updates [RFC5763] and [RFC7345], by replacing common SDP
offer/answer procedures with a reference to this specification. offer/answer procedures with a reference to this specification.
NOTE: Since the publication of [RFC5763], [RFC4474] has been
obsoleted by [I-D.ietf-stir-rfc4474bis]. The updating of the
references (and the associated procedures) within [RFC5763] is
outside the scope of this document. However, implementers of
[RFC5763] applications are encouraged to implement
[I-D.ietf-stir-rfc4474bis] instead of [RFC4474].
As defined in [RFC5763], a new DTLS association MUST be established As defined in [RFC5763], a new DTLS association MUST be established
when transport parameters are changed. Transport parameter change is when transport parameters are changed. Transport parameter change is
not well defined when Interactive Connectivity Establishment (ICE) not well defined when Interactive Connectivity Establishment (ICE)
[I-D.ietf-ice-rfc5245bis] is used. One possible way to determine a [I-D.ietf-ice-rfc5245bis] is used. One possible way to determine a
transport change is based on ufrag change, but the ufrag value is transport change is based on ufrag change, but the ufrag value is
changed both when ICE is negotiated and when ICE restart changed both when ICE is negotiated and when ICE restart
[I-D.ietf-ice-rfc5245bis] occurs. These events do not always require [I-D.ietf-ice-rfc5245bis] occurs. These events do not always require
a new DTLS association to be established, but currently there is no a new DTLS association to be established, but currently there is no
way to explicitly indicate in an SDP offer or answer whether a new way to explicitly indicate in an SDP offer or answer whether a new
DTLS association is required. To solve that problem, this document DTLS association is required. To solve that problem, this document
skipping to change at page 3, line 31 skipping to change at page 3, line 38
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Establishing a new DTLS Association 3. Establishing a new DTLS Association
3.1. General 3.1. General
A new DTLS association MUST be established after a successful SDP A new DTLS association must be established between two endpoints
offer/answer exchange in the following cases: after a successful SDP offer/answer exchange in the following cases:
o The negotiated DTLS setup roles change; or o The negotiated DTLS setup roles change; or
o One or more fingerprint values are modified, added or removed in o One or more fingerprint values are modified, added or removed in
either an SDP offer or answer; or either an SDP offer or answer; or
o The intent to establish a new DTLS association is explicitly o The intent to establish a new DTLS association is explicitly
signaled by changing the value of the SDP 'dtls-id' attribute signaled using SDP, by changing the value of the SDP 'dtls-id'
defined in this document; attribute defined in this document;
NOTE: The first two items above are based on the procedures in NOTE: The first two items above are based on the procedures in
[RFC5763]. This specification adds the support for explicit [RFC5763]. This specification adds the support for explicit
signaling using the SDP 'dtls-id' attribute. signaling using the SDP 'dtls-id' attribute.
A new DTLS association can only be established as a result of the A new DTLS association can only be established as a result of the
successful SDP offer/answer exchange. Whenever an entity determines successful SDP offer/answer exchange. Whenever an entity determines
that a new DTLS association is required, the entity MUST initiate an that a new DTLS association is required, the entity MUST initiate an
SDP offer/answer exchange, following the procedures in Section 5. SDP offer/answer exchange, following the procedures in Section 5.
The sections below describe typical cases where a new DTLS The sections below describe typical cases where a new DTLS
association needs to be established. association needs to be established.
In this document, a "new DTLS association" between two endpoints
refers to either an initial DTLS association (when no DTLS
association is currently established between the endpoints) or an
DTLS association replacing a previously established DTLS association.
3.2. Change of Local Transport Parameters 3.2. Change of Local Transport Parameters
If an endpoint modifies its local transport parameters (address and/ If an endpoint modifies its local transport parameters (address and/
or port), and if the modification requires a new DTLS association, or port), and if the modification requires a new DTLS association,
the endpoint MUST change its local SDP 'dtls-id' attribute value (see the endpoint must change its local SDP 'dtls-id' attribute value (see
Section 4). Section 4).
If the underlying transport explicitly prohibits a DTLS association If the underlying transport prohibits a DTLS association from
to span multiple transports, and if the transport is changed, the spanning multiple transports, and if the transport is changed, the
endpoint MUST change its local SDP 'dtls-id' attribute value (see endpoint must change its local SDP 'dtls-id' attribute value (see
Section 4). An example of such a case is when DTLS is carried over Section 4). An example of such a case is when DTLS is carried over
SCTP, as described in [RFC6083]. SCTP, as described in [RFC6083].
3.3. Change of ICE ufrag value 3.3. Change of ICE ufrag value
If an endpoint uses ICE, and modifies a local ufrag value, and if the If an endpoint uses ICE, and modifies a local ufrag value, and if the
modification requires a new DTLS association, the endpoint MUST modification requires a new DTLS association, the endpoint MUST
change its local SDP 'dtls-id' attribute value (see Section 4). change its local SDP 'dtls-id' attribute value (see Section 4).
4. SDP dtls-id Attribute 4. SDP dtls-id Attribute
skipping to change at page 5, line 40 skipping to change at page 5, line 40
the existing DTLS association. the existing DTLS association.
The 'dtls-id' attribute value MUST be generated using a cryptographic The 'dtls-id' attribute value MUST be generated using a cryptographic
random function and include at least 120 bits of randomness. random function and include at least 120 bits of randomness.
No default value is defined for the SDP 'dtls-id' attribute. No default value is defined for the SDP 'dtls-id' attribute.
Implementations that wish to use the attribute MUST explicitly Implementations that wish to use the attribute MUST explicitly
include it in SDP offers and answers. If an offer or answer does not include it in SDP offers and answers. If an offer or answer does not
contain a 'dtls-id' attribute (this could happen if the offerer or contain a 'dtls-id' attribute (this could happen if the offerer or
answerer represents an existing implementation that has not been answerer represents an existing implementation that has not been
updated to support the 'dtls-id' attribute), the offer or answer MUST updated to support the 'dtls-id' attribute), unless there is another
be treated as if no 'dtls-id' attribute is included. Unless there is mechanism to explicitly indicate that a new DTLS association is to be
another mechanism to explicitly indicate that a new DTLS association established, a modification of one or more of the following
is to be established, a modification of one or more of the following
characteristics MUST be treated as an indication that an endpoint characteristics MUST be treated as an indication that an endpoint
wants to establish a new DTLS association: wants to establish a new DTLS association:
o DTLS setup role; or o DTLS setup role; or
o fingerprint set; or o fingerprint set; or
o local transport parameters; or
o local transport parameters; or
o ICE ufrag value o ICE ufrag value
The mux category [I-D.ietf-mmusic-sdp-mux-attributes] for the 'dtls- The mux category [I-D.ietf-mmusic-sdp-mux-attributes] for the 'dtls-
id' attribute is 'IDENTICAL', which means that the attribute value id' attribute is 'IDENTICAL', which means that the attribute value
must be identical across all media descriptions being multiplexed must be identical across all media descriptions being multiplexed
[I-D.ietf-mmusic-sdp-bundle-negotiation]. [I-D.ietf-mmusic-sdp-bundle-negotiation].
For RTP-based media, the 'dtls-id' attribute applies to the whole For RTP-based media, the 'dtls-id' attribute applies to the whole
associated media description. The attribute MUST NOT be defined per associated media description. The attribute MUST NOT be defined per
source (using the SDP 'ssrc' attribute [RFC5576]). source (using the SDP 'ssrc' attribute [RFC5576]).
skipping to change at page 6, line 50 skipping to change at page 6, line 48
existing DTLS association and new DTLS association can be de- existing DTLS association and new DTLS association can be de-
multiplexed. In case of an ordered transport (e.g., SCTP) this can multiplexed. In case of an ordered transport (e.g., SCTP) this can
be done simply by sending packets for the new DTLS association after be done simply by sending packets for the new DTLS association after
all packets for the existing DTLS association have been sent. In all packets for the existing DTLS association have been sent. In
case of an unordered transport, such as UDP, packets for the old DTLS case of an unordered transport, such as UDP, packets for the old DTLS
association can arrive after the answer SDP was received and after association can arrive after the answer SDP was received and after
the first packets for the new DTLS association were received. The the first packets for the new DTLS association were received. The
only way to de-multiplex packets belonging to the old and new DTLS only way to de-multiplex packets belonging to the old and new DTLS
association is on the basis of transport 5-tuple. Because of this, association is on the basis of transport 5-tuple. Because of this,
if an unordered transport is used for the DTLS association, a new if an unordered transport is used for the DTLS association, a new
transport (3-tuple) MUST be allocated by at least one of the end transport (3-tuple) must be allocated by at least one of the
points so that DTLS packets can be de-multiplexed. endpoints so that DTLS packets can be de-multiplexed.
When an offerer needs to establish a new DTLS association, and if an When an offerer needs to establish a new DTLS association, and if an
unordered transport (e.g., UDP) is used, the offerer MUST allocate a unordered transport (e.g., UDP) is used, the offerer MUST allocate a
new transport (3-tuple) for the offer in such a way that the offerer new transport (3-tuple) for the offer in such a way that the offerer
can disambiguate any packets associated with the new DTLS association can disambiguate any packets associated with the new DTLS association
from any packets associated with any other DTLS association. This from any packets associated with any other DTLS association. This
typically means using a local address and/or port, or a set of ICE typically means using a local address and/or port, or a set of ICE
candidates (see Section 6), which were not recently used for any candidates (see Section 6), which were not recently used for any
other DTLS association. other DTLS association.
skipping to change at page 10, line 25 skipping to change at page 10, line 25
6. ICE Considerations 6. ICE Considerations
When the Interactive Connectivity Establishment (ICE) mechanism When the Interactive Connectivity Establishment (ICE) mechanism
[I-D.ietf-ice-rfc5245bis] is used, the ICE connectivity checks are [I-D.ietf-ice-rfc5245bis] is used, the ICE connectivity checks are
performed before the DTLS handshake begins. Note that if aggressive performed before the DTLS handshake begins. Note that if aggressive
nomination mode is used, multiple candidate pairs may be marked valid nomination mode is used, multiple candidate pairs may be marked valid
before ICE finally converges on a single candidate pair. before ICE finally converges on a single candidate pair.
NOTE: Aggressive nomination has been deprecated from ICE, but must NOTE: Aggressive nomination has been deprecated from ICE, but must
still be supported for backwards compatibility reasons. still be supported for backwards compatibility reasons
[I-D.ietf-ice-rfc5245bis].
When a new DTLS association is established over an unordered When a new DTLS association is established over an unordered
transport, in order to disambiguate any packets associated with the transport, in order to disambiguate any packets associated with the
newly established DTLS association, at least one of the endpoints newly established DTLS association, at least one of the endpoints
MUST allocate a completely new set of ICE candidates which were not MUST allocate a completely new set of ICE candidates which were not
recently used for any other DTLS association. This means the recently used for any other DTLS association. This means the
answerer cannot initiate a new DTLS association unless the offerer answerer cannot initiate a new DTLS association unless the offerer
initiated ICE restart [I-D.ietf-ice-rfc5245bis]. If the answerer initiated ICE restart [I-D.ietf-ice-rfc5245bis]. If the answerer
wants to initiate a new DTLS association, it needs to initiate an ICE wants to initiate a new DTLS association, it needs to initiate an ICE
restart and a new offer/answer exchange on its own. However, an ICE restart and a new offer/answer exchange on its own. However, an ICE
skipping to change at page 11, line 21 skipping to change at page 11, line 21
all DTLS packets associated with a previous DTLS association MUST be all DTLS packets associated with a previous DTLS association MUST be
acknowledged (or timed out) before a new DTLS association can be acknowledged (or timed out) before a new DTLS association can be
established on the same instance of that transport (5-tuple). established on the same instance of that transport (5-tuple).
8. SIP Considerations 8. SIP Considerations
When the Session Initiation Protocol (SIP) [RFC3261] is used as the When the Session Initiation Protocol (SIP) [RFC3261] is used as the
signal protocol for establishing a multimedia session, dialogs signal protocol for establishing a multimedia session, dialogs
[RFC3261] might be established between the caller and multiple [RFC3261] might be established between the caller and multiple
callees. This is referred to as forking. If forking occurs, callees. This is referred to as forking. If forking occurs,
separate DTLS associations MUST be established between the caller and separate DTLS associations will be established between the caller and
each callee. each callee.
It is possible to send an INVITE request which does not contain an It is possible to send an INVITE request which does not contain an
SDP offer. Such an INVITE request is often referred to as an 'empty SDP offer. Such an INVITE request is often referred to as an 'empty
INVITE', or an 'offer-less INVITE'. The receiving endpoint will INVITE', or an 'offer-less INVITE'. The receiving endpoint will
include the SDP offer in a response to the request. When the include the SDP offer in a response to the request. When the
endpoint generates such SDP offer, if a previously established DTLS endpoint generates such SDP offer, if a previously established DTLS
association exists, the offerer SHOULD insert an SDP 'dtls-id' association exists, the offerer MUST insert an SDP 'dtls-id'
attribute, and one or more SDP 'fingerprint' attributes, with attribute, and one or more SDP 'fingerprint' attributes, with
previously assigned attribute values. If a previously established previously assigned attribute values. If a previously established
DTLS association did not exist, the offer SHOULD be generated based DTLS association did not exist, the offer MUST be generated based on
on the same rules as a new offer (see Section 5.2). Regardless of the same rules as a new offer (see Section 5.2). Regardless of the
the previous existence of a DTLS association, the SDP 'setup' previous existence of a DTLS association, the SDP 'setup' attribute
attribute MUST be included according to the rules defined in MUST be included according to the rules defined in [RFC4145] and if
[RFC4145] and if ICE is used, ICE restart MUST be initiated. ICE is used, ICE restart MUST be initiated.
9. RFC Updates 9. RFC Updates
9.1. General 9.1. General
This section updates specifications that use DTLS-protected media, in This section updates specifications that use DTLS-protected media, in
order to reflect the procedures defined in this specification. order to reflect the procedures defined in this specification.
9.2. Update to RFC 5763 9.2. Update to RFC 5763
skipping to change at page 14, line 37 skipping to change at page 14, line 37
like the Session Initiation Protocol (SIP) [RFC3261] to set up like the Session Initiation Protocol (SIP) [RFC3261] to set up
multimedia sessions. multimedia sessions.
When an endpoint wishes to set up a secure media session with another When an endpoint wishes to set up a secure media session with another
endpoint, it sends an offer in a SIP message to the other endpoint. endpoint, it sends an offer in a SIP message to the other endpoint.
This offer includes, as part of the SDP payload, a fingerprint of This offer includes, as part of the SDP payload, a fingerprint of
a certificate that the endpoint wants to use. The endpoint SHOULD a certificate that the endpoint wants to use. The endpoint SHOULD
send the SIP message containing the offer to the offerer's SIP proxy send the SIP message containing the offer to the offerer's SIP proxy
over an integrity protected channel. The proxy SHOULD add an over an integrity protected channel. The proxy SHOULD add an
Identity header field according to the procedures outlined in Identity header field according to the procedures outlined in
[RFC4474]. The SIP message containing the offer SHOULD be sent to [RFC4474]. When the far endpoint receives the SIP message, it can
the offerer's SIP proxy over an integrity protected channel. When verify the identity of the sender using the Identity header field.
the far endpoint receives the SIP message, it can verify the identity Since the Identity header field is a digital signature across several
of the sender using the Identity header field. Since the Identity SIP header fields, in addition to the body of the SIP message, the
header field is a digital signature across several SIP header fields, receiver can also be certain that the message has not been tampered
in addition to the body of the SIP message, the receiver can also be with after the digital signature was applied and added to the SIP
certain that the message has not been tampered with after the digital message.
signature was applied and added to the SIP message.
The far endpoint (answerer) may now establish a DTLS association with The far endpoint (answerer) may now establish a DTLS association with
the offerer. Alternately, it can indicate in its answer that the the offerer. Alternately, it can indicate in its answer that the
offerer is to initiate the DTLS association. In either case, mutual offerer is to initiate the DTLS association. In either case, mutual
DTLS certificate-based authentication will be used. After completing DTLS certificate-based authentication will be used. After completing
the DTLS handshake, information about the authenticated identities, the DTLS handshake, information about the authenticated identities,
including the certificates, are made available to the endpoint including the certificates, are made available to the endpoint
application. The answerer is then able to verify that the offerer's application. The answerer is then able to verify that the offerer's
certificate used for authentication in the DTLS handshake can be certificate used for authentication in the DTLS handshake can be
associated to the certificate fingerprint contained in the offer in associated to a certificate fingerprint contained in the offer in
the SDP. At this point, the answerer may indicate to the end user the SDP. At this point, the answerer may indicate to the end user
that the media is secured. The offerer may only tentatively accept that the media is secured. The offerer may only tentatively accept
the answerer's certificate since it may not yet have the answerer's the answerer's certificate since it may not yet have the answerer's
certificate fingerprint. certificate fingerprint.
When the answerer accepts the offer, it provides an answer back to When the answerer accepts the offer, it provides an answer back to
the offerer containing the answerer's certificate fingerprint. At the offerer containing the answerer's certificate fingerprint. At
this point, the offerer can accept or reject the peer's certificate this point, the offerer can accept or reject the peer's certificate
and the offerer can indicate to the end user that the media is and the offerer can indicate to the end user that the media is
secured. secured.
Note that the entire authentication and key exchange for securing Note that the entire authentication and key exchange for securing
the media traffic is handled in the media path through DTLS. The the media traffic is handled in the media path through DTLS. The
signaling path is only used to verify the peers' certificate signaling path is only used to verify the peers' certificate
fingerprints. fingerprints.
The offerer and answerer MUST follow the SDP offer/answer procedures The offerer and answerer MUST follow the SDP offer/answer procedures
defined in [RFCXXXX]. defined in [RFCXXXX].
[RFC EDITOR NOTE: Please replace RFCXXXX with the RFC number
of this document.]
Update to section 6.6: Update to section 6.6:
---------------------- ----------------------
OLD TEXT: OLD TEXT:
6.6. Session Modification 6.6. Session Modification
Once an answer is provided to the offerer, either endpoint MAY Once an answer is provided to the offerer, either endpoint MAY
request a session modification that MAY include an updated offer. request a session modification that MAY include an updated offer.
This session modification can be carried in either an INVITE or This session modification can be carried in either an INVITE or
skipping to change at page 16, line 4 skipping to change at page 16, line 5
association as soon as the offer/answer exchange is completed. Note association as soon as the offer/answer exchange is completed. Note
that if the active/passive status of the endpoints changes, a new that if the active/passive status of the endpoints changes, a new
connection MUST be established. connection MUST be established.
NEW TEXT: NEW TEXT:
6.6. Session Modification 6.6. Session Modification
Once an answer is provided to the offerer, either endpoint MAY Once an answer is provided to the offerer, either endpoint MAY
request a session modification that MAY include an updated offer. request a session modification that MAY include an updated offer.
This session modification can be carried in either an INVITE or This session modification can be carried in either an INVITE or
UPDATE request. The peers can reuse an existing DTLS association, UPDATE request. The peers can reuse an existing DTLS association,
or establish a new one, following the procedures in [RFCXXXX]. or establish a new one, following the procedures in [RFCXXXX].
[RFC EDITOR NOTE: Please replace RFCXXXX with the RFC number
of this document.]
Update to section 6.7.1: Update to section 6.7.1:
------------------------ ------------------------
OLD TEXT: OLD TEXT:
6.7.1. ICE Interaction 6.7.1. ICE Interaction
Interactive Connectivity Establishment (ICE), as specified in Interactive Connectivity Establishment (ICE), as specified in
[RFC5245], provides a methodology of allowing participants in [RFC5245], provides a methodology of allowing participants in
multimedia sessions to verify mutual connectivity. When ICE is being multimedia sessions to verify mutual connectivity. When ICE is being
skipping to change at page 16, line 45 skipping to change at page 16, line 48
NEW TEXT: NEW TEXT:
6.7.1. ICE Interaction 6.7.1. ICE Interaction
The Interactive Connectivity Establishment (ICE) The Interactive Connectivity Establishment (ICE)
[I-D.ietf-ice-rfc5245bis] considerations for DTLS-protected media [I-D.ietf-ice-rfc5245bis] considerations for DTLS-protected media
are described in [RFCXXXX]. are described in [RFCXXXX].
9.3. Update to RFC 7345 9.3. Update to RFC 7345
[RFC EDITOR NOTE: Please replace RFCXXXX with the RFC number
of this document.]
Update to section 4: Update to section 4:
-------------------- --------------------
OLD TEXT: OLD TEXT:
4. SDP Offerer/Answerer Procedures 4. SDP Offerer/Answerer Procedures
4.1. General 4.1. General
An endpoint (i.e., both the offerer and the answerer) MUST create an An endpoint (i.e., both the offerer and the answerer) MUST create an
SDP media description ("m=" line) for each UDPTL-over-DTLS media SDP media description ("m=" line) for each UDPTL-over-DTLS media
stream and MUST assign a UDP/TLS/UDPTL value (see Table 1) to the stream and MUST assign a UDP/TLS/UDPTL value (see Table 1) to the
"proto" field of the "m=" line. "proto" field of the "m=" line.
The procedures in this section apply to an "m=" line associated with The procedures in this section apply to an "m=" line associated with
a UDPTL-over-DTLS media stream. a UDPTL-over-DTLS media stream.
skipping to change at page 19, line 15 skipping to change at page 19, line 22
SDP media description ("m=" line) for each UDPTL-over-DTLS media SDP media description ("m=" line) for each UDPTL-over-DTLS media
stream and MUST assign a UDP/TLS/UDPTL value (see Table 1) to the stream and MUST assign a UDP/TLS/UDPTL value (see Table 1) to the
"proto" field of the "m=" line. "proto" field of the "m=" line.
The offerer and answerer MUST follow the SDP offer/answer procedures The offerer and answerer MUST follow the SDP offer/answer procedures
defined in [RFCXXXX] in order to negotiate the DTLS association defined in [RFCXXXX] in order to negotiate the DTLS association
associated with the UDPTL-over-DTLS media stream. In addition, associated with the UDPTL-over-DTLS media stream. In addition,
the offerer and answerer MUST use the SDP attributes defined for the offerer and answerer MUST use the SDP attributes defined for
UDPTL over UDP, as defined in [ITU.T38.2010]. UDPTL over UDP, as defined in [ITU.T38.2010].
[RFC EDITOR NOTE: Please replace RFCXXXX with the RFC number
of this document.]
Update to section 5.2.1: Update to section 5.2.1:
------------------------ ------------------------
OLD TEXT: OLD TEXT:
5.2.1. ICE Usage 5.2.1. ICE Usage
When Interactive Connectivity Establishment (ICE) [RFC5245] is being When Interactive Connectivity Establishment (ICE) [RFC5245] is being
used, the ICE connectivity checks are performed before the DTLS used, the ICE connectivity checks are performed before the DTLS
handshake begins. Note that if aggressive nomination mode is used, handshake begins. Note that if aggressive nomination mode is used,
skipping to change at page 20, line 5 skipping to change at page 20, line 11
deleted. deleted.
NEW TEXT: NEW TEXT:
5.2.1. ICE Usage 5.2.1. ICE Usage
The Interactive Connectivity Establishment (ICE) The Interactive Connectivity Establishment (ICE)
[I-D.ietf-ice-rfc5245bis] considerations for DTLS-protected media [I-D.ietf-ice-rfc5245bis] considerations for DTLS-protected media
are described in [RFCXXXX]. are described in [RFCXXXX].
[RFC EDITOR NOTE: Please replace RFCXXXX with the RFC number
of this document.]
10. Security Considerations 10. Security Considerations
This specification does not modify the security considerations This specification does not modify the security considerations
associated with DTLS, or the SDP offer/answer mechanism. In addition associated with DTLS, or the SDP offer/answer mechanism. In addition
to the introduction of the SDP 'dtls-id' attribute, the specification to the introduction of the SDP 'dtls-id' attribute, the specification
simply clarifies the procedures for negotiating and establishing a simply clarifies the procedures for negotiating and establishing a
DTLS association. DTLS association.
11. IANA Considerations 11. IANA Considerations
skipping to change at page 20, line 33 skipping to change at page 20, line 42
Purpose: Indicates whether a new DTLS association is to be Purpose: Indicates whether a new DTLS association is to be
established/re-established. established/re-established.
Appropriate Values: see Section 4 Appropriate Values: see Section 4
Contact name: Christer Holmberg Contact name: Christer Holmberg
Mux Category: IDENTICAL Mux Category: IDENTICAL
12. Acknowledgements 12. Acknowledgements
Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat, Jens Guballa, Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat, Jens Guballa,
Charles Eckel, Gonzalo Salgueiro and Paul Jones for providing Charles Eckel, Gonzalo Salgueiro and Paul Jones for providing
comments and suggestions on the document. comments and suggestions on the document. Ben Campbell performed an
AD review.
13. Change Log 13. Change Log
[RFC EDITOR NOTE: Please remove this section when publishing] [RFC EDITOR NOTE: Please remove this section when publishing]
Changes from draft-ietf-mmusic-sdp-dtls-21
o Changes based on AD review by Ben Campbell.
o (https://www.ietf.org/mail-archive/web/mmusic/current/
msg17707.html)
Changes from draft-ietf-mmusic-sdp-dtls-20 Changes from draft-ietf-mmusic-sdp-dtls-20
o Change to length and randomness of dtls-id attribute value. o Change to length and randomness of dtls-id attribute value.
Changes from draft-ietf-mmusic-sdp-dtls-19 Changes from draft-ietf-mmusic-sdp-dtls-19
o Change based on comment from Roman. o Change based on comment from Roman.
Changes from draft-ietf-mmusic-sdp-dtls-18 Changes from draft-ietf-mmusic-sdp-dtls-18
skipping to change at page 24, line 38 skipping to change at page 25, line 5
[RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in
the Session Description Protocol (SDP)", RFC 4145, the Session Description Protocol (SDP)", RFC 4145,
DOI 10.17487/RFC4145, September 2005, DOI 10.17487/RFC4145, September 2005,
<http://www.rfc-editor.org/info/rfc4145>. <http://www.rfc-editor.org/info/rfc4145>.
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
Description Protocol", RFC 4566, DOI 10.17487/RFC4566, Description Protocol", RFC 4566, DOI 10.17487/RFC4566,
July 2006, <http://www.rfc-editor.org/info/rfc4566>. July 2006, <http://www.rfc-editor.org/info/rfc4566>.
[RFC4572] Lennox, J., "Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP)", RFC 4572,
DOI 10.17487/RFC4572, July 2006,
<http://www.rfc-editor.org/info/rfc4572>.
[RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework
for Establishing a Secure Real-time Transport Protocol for Establishing a Secure Real-time Transport Protocol
(SRTP) Security Context Using Datagram Transport Layer (SRTP) Security Context Using Datagram Transport Layer
Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May
2010, <http://www.rfc-editor.org/info/rfc5763>. 2010, <http://www.rfc-editor.org/info/rfc5763>.
[RFC7345] Holmberg, C., Sedlacek, I., and G. Salgueiro, "UDP [RFC7345] Holmberg, C., Sedlacek, I., and G. Salgueiro, "UDP
Transport Layer (UDPTL) over Datagram Transport Layer Transport Layer (UDPTL) over Datagram Transport Layer
Security (DTLS)", RFC 7345, DOI 10.17487/RFC7345, August Security (DTLS)", RFC 7345, DOI 10.17487/RFC7345, August
2014, <http://www.rfc-editor.org/info/rfc7345>. 2014, <http://www.rfc-editor.org/info/rfc7345>.
[I-D.ietf-ice-rfc5245bis]
Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive
Connectivity Establishment (ICE): A Protocol for Network
Address Translator (NAT) Traversal", draft-ietf-ice-
rfc5245bis-08 (work in progress), December 2016.
[I-D.ietf-mmusic-4572-update] [I-D.ietf-mmusic-4572-update]
Lennox, J. and C. Holmberg, "Connection-Oriented Media Lennox, J. and C. Holmberg, "Connection-Oriented Media
Transport over TLS in SDP", draft-ietf-mmusic- Transport over TLS in SDP", draft-ietf-mmusic-
4572-update-12 (work in progress), January 2017. 4572-update-13 (work in progress), February 2017.
[I-D.ietf-mmusic-sdp-mux-attributes]
Nandakumar, S., "A Framework for SDP Attributes when
Multiplexing", draft-ietf-mmusic-sdp-mux-attributes-16
(work in progress), December 2016.
[I-D.ietf-mmusic-sdp-bundle-negotiation]
Holmberg, C., Alvestrand, H., and C. Jennings,
"Negotiating Media Multiplexing Using the Session
Description Protocol (SDP)", draft-ietf-mmusic-sdp-bundle-
negotiation-36 (work in progress), October 2016.
14.2. Informative References 14.2. Informative References
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for [RFC4474] Peterson, J. and C. Jennings, "Enhancements for
Authenticated Identity Management in the Session Authenticated Identity Management in the Session
Initiation Protocol (SIP)", RFC 4474, Initiation Protocol (SIP)", RFC 4474,
DOI 10.17487/RFC4474, August 2006, DOI 10.17487/RFC4474, August 2006,
<http://www.rfc-editor.org/info/rfc4474>. <http://www.rfc-editor.org/info/rfc4474>.
[RFC4572] Lennox, J., "Connection-Oriented Media Transport over the
Transport Layer Security (TLS) Protocol in the Session
Description Protocol (SDP)", RFC 4572,
DOI 10.17487/RFC4572, July 2006,
<http://www.rfc-editor.org/info/rfc4572>.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010, DOI 10.17487/RFC5245, April 2010,
<http://www.rfc-editor.org/info/rfc5245>. <http://www.rfc-editor.org/info/rfc5245>.
[RFC5576] Lennox, J., Ott, J., and T. Schierl, "Source-Specific [RFC5576] Lennox, J., Ott, J., and T. Schierl, "Source-Specific
Media Attributes in the Session Description Protocol Media Attributes in the Session Description Protocol
(SDP)", RFC 5576, DOI 10.17487/RFC5576, June 2009, (SDP)", RFC 5576, DOI 10.17487/RFC5576, June 2009,
<http://www.rfc-editor.org/info/rfc5576>. <http://www.rfc-editor.org/info/rfc5576>.
skipping to change at page 25, line 42 skipping to change at page 26, line 28
Real-time Transport Protocol (SRTP)", RFC 5764, Real-time Transport Protocol (SRTP)", RFC 5764,
DOI 10.17487/RFC5764, May 2010, DOI 10.17487/RFC5764, May 2010,
<http://www.rfc-editor.org/info/rfc5764>. <http://www.rfc-editor.org/info/rfc5764>.
[RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram [RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram
Transport Layer Security (DTLS) for Stream Control Transport Layer Security (DTLS) for Stream Control
Transmission Protocol (SCTP)", RFC 6083, Transmission Protocol (SCTP)", RFC 6083,
DOI 10.17487/RFC6083, January 2011, DOI 10.17487/RFC6083, January 2011,
<http://www.rfc-editor.org/info/rfc6083>. <http://www.rfc-editor.org/info/rfc6083>.
[I-D.ietf-ice-rfc5245bis] [I-D.ietf-stir-rfc4474bis]
Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive Peterson, J., Jennings, C., Rescorla, E., and C. Wendt,
Connectivity Establishment (ICE): A Protocol for Network "Authenticated Identity Management in the Session
Address Translator (NAT) Traversal", draft-ietf-ice- Initiation Protocol (SIP)", draft-ietf-stir-rfc4474bis-16
rfc5245bis-08 (work in progress), December 2016. (work in progress), February 2017.
[I-D.ietf-mmusic-sdp-mux-attributes]
Nandakumar, S., "A Framework for SDP Attributes when
Multiplexing", draft-ietf-mmusic-sdp-mux-attributes-16
(work in progress), December 2016.
[I-D.ietf-mmusic-sdp-bundle-negotiation]
Holmberg, C., Alvestrand, H., and C. Jennings,
"Negotiating Media Multiplexing Using the Session
Description Protocol (SDP)", draft-ietf-mmusic-sdp-bundle-
negotiation-36 (work in progress), October 2016.
[ITU.T38.2010] [ITU.T38.2010]
International Telecommunications Union, "Procedures for International Telecommunications Union, "Procedures for
real-time Group 3 facsimile communication over IP real-time Group 3 facsimile communication over IP
networks", ITU-T Recommendation T.38, September 2010. networks", ITU-T Recommendation T.38, September 2010.
Authors' Addresses Authors' Addresses
Christer Holmberg Christer Holmberg
Ericsson Ericsson
 End of changes. 33 change blocks. 
60 lines changed or deleted 99 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/