draft-ietf-mmusic-sap-v2-01.txt   draft-ietf-mmusic-sap-v2-02.txt 
Mark Handley Mark Handley
ACIRI ACIRI
Colin Perkins Colin Perkins
UCL UCL
Edmund Whelan Edmund Whelan
UCL UCL
Session Announcement Protocol Session Announcement Protocol
draft-ietf-mmusic-sap-v2-01.txt draft-ietf-mmusic-sap-v2-02.txt
Status of this memo Status of this memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
skipping to change at line 85 skipping to change at line 85
allowing those sessions to be joined. allowing those sessions to be joined.
The key words `MUST', `MUST NOT', `REQUIRED', `SHALL', `SHALL NOT', The key words `MUST', `MUST NOT', `REQUIRED', `SHALL', `SHALL NOT',
`SHOULD', `SHOULD NOT', `RECOMMENDED', `MAY', and `OPTIONAL' in this `SHOULD', `SHOULD NOT', `RECOMMENDED', `MAY', and `OPTIONAL' in this
document are to be interpreted as described in [1]. document are to be interpreted as described in [1].
3 Session Announcement 3 Session Announcement
As noted previously, a SAP announcer periodically sends an announcement As noted previously, a SAP announcer periodically sends an announcement
packet to a well known multicast address and port. There is no rendezvous packet to a well known multicast address and port. There is no rendezvous
mechanism - the SAP announcer is not aware of the presence or absence of mechanism - the SAP announcer is not aware of the presence or absence
any SAP listeners - and no additional reliability is provided over the of any SAP listeners - and no additional reliability is provided
standard best-effort UDP/IP semantics. over the standard best-effort UDP/IP semantics.
That announcement contains a session description and SHOULD contain That announcement contains a session description and SHOULD contain
an authentication header. The session description MAY be encrypted an authentication header. The session description MAY be encrypted
although this is NOT RECOMMENDED (see section 8). although this is NOT RECOMMENDED (see section 8).
A SAP announcement is multicast with the same scope as the session A SAP announcement is multicast with the same scope as the session
it is announcing, ensuring that the recipients of the announcement it is announcing, ensuring that the recipients of the announcement
can also be potential recipients of the session being advertised. can also be potential recipients of the session being advertised.
There are four possiblities: There are four possiblities:
skipping to change at line 150 skipping to change at line 150
An IPv4 SAP listener SHOULD listen on the IPv4 global scope SAP address An IPv4 SAP listener SHOULD listen on the IPv4 global scope SAP address
and on the SAP addresses for each IPv4 administrative scope zone and on the SAP addresses for each IPv4 administrative scope zone
it is within. The discovery of administrative scope zones is outside it is within. The discovery of administrative scope zones is outside
the scope of this memo, but it is assumed that each SAP listener the scope of this memo, but it is assumed that each SAP listener
within a particular scope zone is aware of that scope zone. A SAP within a particular scope zone is aware of that scope zone. A SAP
listener which supports IPv6 SHOULD also listen to the IPv6 SAP addresses. listener which supports IPv6 SHOULD also listen to the IPv6 SAP addresses.
Support for directory sessions is OPTIONAL. Support for directory sessions is OPTIONAL.
The time period between repetitions of an announcement is chosen such that 3.1 Announcement Interval
the total bandwidth used by all announcements on a single SAP group remains
below a preconfigured limit. If not otherwise specified, the bandwidth
limit SHOULD be assumed to be 4000 bits per second.
Each announcer is expected to listen to other announcements in order to The time period between repetitions of an announcement is chosen
determine the total number of sessions being announced on a particular such that the total bandwidth used by all announcements on a single
group. Sessions are uniquely identified by the combination of the message SAP group remains below a preconfigured limit. If not otherwise
identifier hash and originating source fields of the SAP header. If these specified, the bandwidth limit SHOULD be assumed to be 4000 bits
fields are non-zero they form a unique identifier for the announcement, if per second.
they are zero then the entire message MUST be compared to determine
uniqueness.
Thus you should calculate the available bandwidth for your session's scope Each announcer is expected to listen to other announcements in order
by dividing the bandwidth limit by the number of other sessions being to determine the total number of sessions being announced on a particular
announced in your scope. This gives you your bandwidth allocation, which, group. Sessions are uniquely identified by the combination of the
given the size of your data packets, can be used to derive the base message identifier hash and originating source fields of the SAP
interval for announcements. That is, given a limit in bits/second (as header (note that SAP v0 clients always set the message identifier
above) and a ad_size in bytes, the base announcement interval in seconds is hash to zero, and if such an announcement is received the entire
message MUST be compared to determine uniqueness).
interval = MAX(300; (8* no_of_ads* ad_size)/limit) Announcements are made by periodic multicast to the group. The base
interval between announcements is derived from the number of announcements
being made in that group, the size of the announcement and the configured
bandwidth limit. The actual transmission time is derived from this
base interval as follows:
For every interval between announcement packets (i.e, every time you send a 1.The announcer initialises the variable tp to be the last time
packet), you must add a random value (+/- 1/3 of the base interval) to the a particular announcement was transmitted (or the current time
value used for the inter-announcement period to prevent announcement if this is the first time this announcement is to be made).
synchronisation. It is also important to keep monitoring other
announcements and adjust the base interval accordingly. 2.Given a configured bandwidth limit in bits/second and an announcement
of ad_size bytes, the base announcement interval in seconds is
interval = max(300; (8*no_of_ads*ad_size)/limit)
3.An offset is calculated based on the base announcement interval
offset = rand(interval* 2/3)-(interval/3)
4.The next transmission time for an announcement derived as
tn = tp + interval + offset
The announcer then sets a timer to expire at tn and waits. When
this timer expires, the announcement is transmitted.
If, at some time tc <tn, the no_of_ads changes (eg: if a new announcer
starts up, or an existing announcement is deleted), the announcer
SHOULD recalculate the next transmission time. If the new value
of tn is less than tc the announcement is sent immediately. Otherwise
the transmission is rescheduled for the new tn.
4 Session Deletion 4 Session Deletion
Sessions may be deleted in one of several ways: Sessions may be deleted in one of several ways:
Explicit Timeout The session description payload contains timestamp Explicit Timeout The session description payload contains timestamp
information which specifies a start and end time for the session. information which specifies a start and end time for the session.
If the current time is later than the end-time for the session, If the current time is later than the end-time for the session,
then the session is deleted from the receiver's session cache. then the session is deleted from the receiver's session cache.
If an announcement packet arrives with an end-time before the If an announcement packet arrives with an end-time before the
skipping to change at line 208 skipping to change at line 228
one hour minimum is to allow for transient network partitionings. one hour minimum is to allow for transient network partitionings.
Explicit Deletion A session deletion packet is received specifying Explicit Deletion A session deletion packet is received specifying
the version of the session to be deleted. The deletion packets the version of the session to be deleted. The deletion packets
should be ignored, unless they contain an authentication header should be ignored, unless they contain an authentication header
which authenticates correctly and matches that used to authenticate which authenticates correctly and matches that used to authenticate
the announcement which is being deleted. the announcement which is being deleted.
5 Session Modification 5 Session Modification
A pre-announced session can be modified by simply announcing the modified A pre-announced session can be modified by simply announcing the
session description. In this case, the version hash in the SAP header MUST modified session description. In this case, the version hash in
be changed to indicate to receivers that the packet contents should be the SAP header MUST be changed to indicate to receivers that the
parsed (or decrypted and parsed if it is encrypted). The session itself, packet contents should be parsed (or decrypted and parsed if it is
as distinct from the session announcement, is uniquely identified by the encrypted). The session itself, as distinct from the session announcement,
payload and not by the message identifier hash in the header. is uniquely identified by the payload and not by the message identifier
hash in the header.
The same rules apply for session modification as for session deletion: The same rules apply for session modification as for session deletion:
o Either the modified announcement must contain an authentication o Either the modified announcement must contain an authentication
header signed by the same key as the cached session announcement header signed by the same key as the cached session announcement
it is modifying, or: it is modifying, or:
o The cached session announcement must not contain an authentication o The cached session announcement must not contain an authentication
header, and the session modification announcement must originate header, and the session modification announcement must originate
from the same host as the session it is modifying. from the same host as the session it is modifying.
v=0
o=cperkins 2890844526 2890842807 IN IP4 126.16.64.4
s=Sample directory session
m=directory 9875 SAP application/sdp
c=IN IP4 224.2.127.12/255
t=2873397496 2873404696
Figure 1: Example SDP for a directory session
If an announcement is received containing an authentication header If an announcement is received containing an authentication header
and the cached announcement did not contain an authentication header, and the cached announcement did not contain an authentication header,
or it contained a different authentication header, then the modified or it contained a different authentication header, then the modified
announcement MUST be treated as a new and different announcement, announcement MUST be treated as a new and different announcement,
and displayed in addition to the un-authenticated announcement. The and displayed in addition to the un-authenticated announcement. The
same should happen if a modified packet without an authentication same should happen if a modified packet without an authentication
header is received from a different source than the original announcement. header is received from a different source than the original announcement.
These rules prevent an announcement having an authentication header These rules prevent an announcement having an authentication header
added by a malicious user and then being deleted using that header, added by a malicious user and then being deleted using that header,
and it also prevents a denial-of-service attack by someone putting and it also prevents a denial-of-service attack by someone putting
out a spoof announcement which, due to packet loss, reaches some out a spoof announcement which, due to packet loss, reaches some
participants before the original announcement. Note that under such participants before the original announcement. Note that under such
circumstances, being able to authenticate the message originator is circumstances, being able to authenticate the message originator is
the only way to discover which session is the correct session. the only way to discover which session is the correct session.
v=0
o=cperkins 2890844526 2890842807 IN IP4 126.16.64.4
s=Sample directory session
m=directory 9875 SAP application/sdp
c=IN IP4 224.2.127.12/255
t=2873397496 2873404696
Figure 1: Example SDP for a directory session
6 Directory Sessions 6 Directory Sessions
It is possible to announce sessions which describe other directories. It is possible to announce sessions which describe other directories.
Such directory sessions should each announce a single directory. Receivers Such directory sessions should each announce a single directory. Receivers
MUST ignore announcements which describe multiple directories. Receivers MUST ignore announcements which describe multiple directories. Receivers
SHOULD ignore non-authenticated directory sessions. SHOULD ignore non-authenticated directory sessions.
Directory sessions may be described in SDP using the media type `directory' Directory sessions may be described in SDP using the media type `directory'
with transport `SAP' (see figure 1 for example). Directory sessions with transport `SAP' (see figure 1 for example). Directory sessions
SHOULD be announced with TTL 255 and SHOULD use port 9875. Any SAP SHOULD be announced with TTL 255 and SHOULD use port 9875. Any SAP
skipping to change at line 273 skipping to change at line 294
within that directory MUST stop announcing those sessions provided within that directory MUST stop announcing those sessions provided
the deletion packet authenticates with the same key as the original the deletion packet authenticates with the same key as the original
announcement of the directory session. If the deletion packet is announcement of the directory session. If the deletion packet is
not authenticated, or is authenticated with a different key, then not authenticated, or is authenticated with a different key, then
it SHOULD be ignored. it SHOULD be ignored.
If the announcement of a directory times out, announcers of sessions If the announcement of a directory times out, announcers of sessions
within that directory SHOULD stop announcing those sessions. within that directory SHOULD stop announcing those sessions.
If the announcement of the directory is modified to use a different If the announcement of the directory is modified to use a different
address announcers of sessions within that directory MUST move their
announcement to the new directory, provided the modification packet
authenticates with the same key as the original announcement of the
directory session. If the modification packet is not authenticated,
or is authenticated with a different key, then it SHOULD be ignored.
7 Packet Format
SAP data packets have the format described in figure 2.
V: Version Number. The version number field MUST be set to 1 (SAPv2
announcements which use only SAPv1 features are backwards compatible,
those which use new features can be detected by other means,
so the SAP version number doesn't need to change).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V=1 |A|R|T|E|C| auth len | msg id hash | | V=1 |A|R|T|E|C| auth len | msg id hash |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
: originating source (32 or 128 bits) : : originating source (32 or 128 bits) :
: : : :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| optional authentication header | | optional authentication data |
: .... : : .... :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| optional timeout | | optional timeout |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
| optional payload type | | optional payload type |
+ +-+- - - - - - - - - -+ + +-+- - - - - - - - - -+
| |0| | | |0| |
+ - - - - - - - - - - - - - - - - - - - - +-+ | + - - - - - - - - - - - - - - - - - - - - +-+ |
| | | |
: payload : : payload :
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Packet format Figure 2: Packet format
address announcers of sessions within that directory MUST move their
announcement to the new directory, provided the modification packet
authenticates with the same key as the original announcement of the
directory session. If the modification packet is not authenticated,
or is authenticated with a different key, then it SHOULD be ignored.
7 Packet Format
SAP data packets have the format described in figure 2.
V: Version Number. The version number field MUST be set to 1 (SAPv2
announcements which use only SAPv1 features are backwards compatible,
those which use new features can be detected by other means,
so the SAP version number doesn't need to change).
A: Address type. If the A bit is 0, the originating source field A: Address type. If the A bit is 0, the originating source field
contains a 32-bit IPv4 address. If the A bit is 1, the originating contains a 32-bit IPv4 address. If the A bit is 1, the originating
source contains a 128-bit IPv6 address. source contains a 128-bit IPv6 address.
R: Reserved. SAP announcers MUST set this to 0, SAP listeners MUST R: Reserved. SAP announcers MUST set this to 0, SAP listeners MUST
ignore the contents of this field. ignore the contents of this field.
T: Message Type. If the T field is set to 0 this is a session T: Message Type. If the T field is set to 0 this is a session announcement
announcement packet, if 1 this is a session deletion packet. packet, if 1 this is a session deletion packet.
E: Encryption Bit. If the encryption bit is set to 1, the payload E: Encryption Bit. If the encryption bit is set to 1, the payload
of the SAP packet is encrypted and the timeout field MUST be of the SAP packet is encrypted and the timeout field MUST be
added to the packet header. If this bit is 0 the packet is added to the packet header. If this bit is 0 the packet is
not encrypted and the timeout MUST NOT be present. See section not encrypted and the timeout MUST NOT be present. See section
8 for details of the encryption process. 8 for details of the encryption process.
C: Compressed bit. If the compressed bit is set to 1, the payload C: Compressed bit. If the compressed bit is set to 1, the payload
is compressed using the zlib compression algorithm [3]. If the is compressed using the zlib compression algorithm [3]. If the
payload is to be compressed and encrypted, the compression MUST payload is to be compressed and encrypted, the compression MUST
be performed first. be performed first.
Authentication Length. An 8 bit unsigned quantity giving the number Authentication Length. An 8 bit unsigned quantity giving the number
of 32 bit words following the main SAP header that contain of 32 bit words following the main SAP header that contain authentication
authentication data. If it is zero, no authentication header data. If it is zero, no authentication header is present.
is present.
Authentication Header containing a digital signature of the packet, Authentication data containing a digital signature of the packet,
with length as specified by the authentication length header with length as specified by the authentication length header
field. See section 9 for details of the authentication process. field. See section 9 for details of the authentication process.
Message Identifier Hash. A 16 bit quantity that, used in combination Message Identifier Hash. A 16 bit quantity that, used in combination
with the originating source, provides a globally unique identifier with the originating source, provides a globally unique identifier
indicating the precise version of this announcement. The choice indicating the precise version of this announcement. The choice
of value for this field is not specified here, except that it of value for this field is not specified here, except that it
MUST be unique for each session announced by a particular SAP MUST be unique for each session announced by a particular SAP
announcer and it MUST be changed if the session description is announcer and it MUST be changed if the session description is
modified. modified.
Earlier versions of SAP used a value of zero to mean that the Earlier versions of SAP used a value of zero to mean that the
hash should be ignored and the payload should always be parsed. hash should be ignored and the payload should always be parsed.
This had the unfortunate side-effect that SAP announcers had This had the unfortunate side-effect that SAP announcers had
to study the payload data to determine how many unique sessions to study the payload data to determine how many unique sessions
were being advertised, making the calculation of the announcement were being advertised, making the calculation of the announcement
interval more complex that necessary. In order to decouple the interval more complex that necessary. In order to decouple the
session announcement process from the contents of those announcements, session announcement process from the contents of those announcements,
SAP announcers SHOULD NOT set the message identifier hash to zero. SAP announcers SHOULD NOT set the message identifier hash to
zero.
SAP listeners MAY silently discard messages if the message identifier SAP listeners MAY silently discard messages if the message identifier
hash is set to zero. hash is set to zero.
Originating Source. This gives the IP address of the original source Originating Source. This gives the IP address of the original source
of the message. This is an IPv4 address if the A field is set of the message. This is an IPv4 address if the A field is set
to zero, else it is an IPv6 address. The address is stored to zero, else it is an IPv6 address. The address is stored
in network byte order. in network byte order.
SAPv0 permitted the originating source to be zero if the message SAPv0 permitted the originating source to be zero if the message
skipping to change at line 392 skipping to change at line 413
decrypt the announcement. A SAP listener which is capable of decrypt the announcement. A SAP listener which is capable of
decrypting the announcement MUST determine when to timeout the decrypting the announcement MUST determine when to timeout the
session based on the payload information. session based on the payload information.
The value is an unsigned quantity giving the NTP time [8] in The value is an unsigned quantity giving the NTP time [8] in
seconds at which time the session is timed out. It is in network seconds at which time the session is timed out. It is in network
byte order. byte order.
The header is followed by an optional payload type field and the The header is followed by an optional payload type field and the
payload data itself. If the E or C bits are set in the header both payload data itself. If the E or C bits are set in the header both
the payload type and payload are optionally encrypted and/or compressed. the payload type and payload are encrypted and/or compressed.
The payload type field is a MIME content type specifier, describing The payload type field is a MIME content type specifier, describing
the format of the payload. This is a variable length ASCII text the format of the payload. This is a variable length ASCII text
string, followed by a single zero byte (ASCII NUL). The payload type string, followed by a single zero byte (ASCII NUL). The payload type
SHOULD be included in all packets. If the payload type is `application/sdp' SHOULD be included in all packets. If the payload type is `application/sdp'
both the payload type and its terminating zero byte MAY be omitted, both the payload type and its terminating zero byte MAY be omitted,
although this is intended for backwards compatibility with SAP v1 although this is intended for backwards compatibility with SAP v1
listeners only. listeners only.
The absence of a payload type field may be noted since the payload The absence of a payload type field may be noted since the payload
section of such a packet will start with an SDP `v=0' field, which section of such a packet will start with an SDP `v=0' field, which
skipping to change at line 422 skipping to change at line 442
for this reason, the use of non-SDP payloads is NOT RECOMMENDED. for this reason, the use of non-SDP payloads is NOT RECOMMENDED.
If the packet is an announcement packet, the payload contains a session If the packet is an announcement packet, the payload contains a session
description. description.
If the packet is a session deletion packet, the payload contains If the packet is a session deletion packet, the payload contains
a session deletion message. If the payload format is `application/sdp' a session deletion message. If the payload format is `application/sdp'
the deletion message is a single SDP line consisting of the origin the deletion message is a single SDP line consisting of the origin
field of the announcement to be deleted. field of the announcement to be deleted.
It is desirable for the payload to be sufficiently small that SAP packets It is desirable for the payload to be sufficiently small that SAP
do not get fragmented by the underlying network. Fragmentation has a loss packets do not get fragmented by the underlying network. Fragmentation
multiplier effect, which is known to significantly affect the reliability has a loss multiplier effect, which is known to significantly affect
of announcements. It is RECOMMENDED that SAP packets are smaller than the reliability of announcements. It is RECOMMENDED that SAP packets
1kByte in length, although if it is known that announcements will use a are smaller than 1kByte in length, although if it is known that
network with a smaller MTU than this, then that SHOULD be used as the announcements
maximum recommended packet size.
will use a network with a smaller MTU than this, then that SHOULD
be used as the maximum recommended packet size.
8 Encrypted Announcements 8 Encrypted Announcements
An announcement is received by all listeners in the scope to which An announcement is received by all listeners in the scope to which
it is sent. If an announcement is encrypted, and many of the receivers it is sent. If an announcement is encrypted, and many of the receivers
do not have the encryption key, there is a considerable waste of do not have the encryption key, there is a considerable waste of
bandwidth since those receivers cannot use the announcement they have bandwidth since those receivers cannot use the announcement they have
received. For this reason, the use of encrypted SAP announcements received. For this reason, the use of encrypted SAP announcements
is NOT RECOMMENDED on the global scope SAP group or on administrative is NOT RECOMMENDED on the global scope SAP group or on administrative
scope groups which may have many receivers which cannot decrypt those scope groups which may have many receivers which cannot decrypt those
skipping to change at line 492 skipping to change at line 514
of the session to pass on encryption keys to un-authorised users. of the session to pass on encryption keys to un-authorised users.
However it is likely that keys used for the session tools will be However it is likely that keys used for the session tools will be
more short lived than those used for session directories. more short lived than those used for session directories.
Similar considerations should apply when session announcements are Similar considerations should apply when session announcements are
encrypted with an assymetric algorithm, but then it is possible to encrypted with an assymetric algorithm, but then it is possible to
restrict the possessor(s) of the private key, so that announcements restrict the possessor(s) of the private key, so that announcements
to a key-holder group can not be made, even if one of the untrusted to a key-holder group can not be made, even if one of the untrusted
members of the group proves to be un-trustworthy. members of the group proves to be un-trustworthy.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V=1 |P| Auth | |
+-+-+-+-+-+-+-+-+ |
| Format specific authentication subheader |
: .................. :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Format of the authentication header
9 Authenticated Announcements 9 Authenticated Announcements
The authentication header can be used for two purposes: The authentication header can be used for two purposes:
o Verification that changes to a session description or deletion o Verification that changes to a session description or deletion
of a session are permitted. of a session are permitted.
o Authentication of the identity of the session creator. o Authentication of the identity of the session creator.
In some circumstances only verification is possible because a certificate In some circumstances only verification is possible because a certificate
signed by a mutually trusted person or authority is not available. signed by a mutually trusted person or authority is not available.
However, under such circumstances, the session originator may still However, under such circumstances, the session originator may still
be authenticated to be the same as the session originator of previous be authenticated to be the same as the session originator of previous
sessions claiming to be from the same person. This may or may not sessions claiming to be from the same person. This may or may not
be sufficient depending on the purpose of the session and the people be sufficient depending on the purpose of the session and the people
involved. involved.
Clearly the key used in the authentication header should not be trusted Clearly the key used for the authentication should not be trusted
to belong to the session originator unless it has been separately to belong to the session originator unless it has been separately
authenticated by some other means, such as being certified by a trusted authenticated by some other means, such as being certified by a trusted
third party. Such certificates are not normally included in an SAP third party. Such certificates are not normally included in an SAP
header because they take more space than can normally be afforded header because they take more space than can normally be afforded
in an SAP packet, and such verification must therefore take place in an SAP packet, and such verification must therefore take place
by some other mechanism. However, as certified public keys are normally by some other mechanism. However, as certified public keys are normally
locally cached, authentication of a particular key only has to take locally cached, authentication of a particular key only has to take
place once, rather than every time the session directory retransmits place once, rather than every time the session directory retransmits
the announcement. the announcement.
SAP is not tied to any single authentication mechanism. Authentication SAP is not tied to any single authentication mechanism. Authentication
headers are self-describing, but their precise format depends on the data in the header is self-describing, but the precise format depends
authentication mechanism in use. The generic format of the Authentication on the authentication mechanism in use. The generic format of the
Header is given in figure 3. The structure of the Format Specific authentication data is given in figure 3. The structure of the format
Authentication Subheader, using both the PGP and the CMS formats, specific authentication subheader, using both the PGP and the CMS
is discussed in sections 9.1 and 9.2 respectively. formats, is discussed in sections 9.1 and 9.2 respectively.
Version Number, V: The version number of the authentication header 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V=1 |P| Auth | |
+-+-+-+-+-+-+-+-+ |
| Format specific authentication subheader |
: .................. :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Format of the authentication data in the SAP header
Version Number, V: The version number of the authentication format
specified by this memo is 1. specified by this memo is 1.
Padding Bit, P: If necessary the data in the authentication header Padding Bit, P: If necessary the authentication data is padded
is padded to be a multiple of 32 bits and the padding bit is to be a multiple of 32 bits and the padding bit is set. In
set. In this case the last byte of the authentication header this case the last byte of the authentication data contains the
contains the number of padding bytes (including the last byte) number of padding bytes (including the last byte) that must be
that must be discarded. discarded.
Authentication Type, Auth: The authentication type is a 4 bit encoded Authentication Type, Auth: The authentication type is a 4 bit encoded
field that denotes the authentication infrastructure the sender field that denotes the authentication infrastructure the sender
expects the recipients to use to check the authenticity and integrity expects the recipients to use to check the authenticity and integrity
of the information. This defines the format of the authentication of the information. This defines the format of the authentication
subheader and can take the values: 0 = PGP format, 1 = CMS subheader and can take the values: 0 = PGP format, 1 = CMS
format. All other values are undefined and SHOULD be ignored. format. All other values are undefined and SHOULD be ignored.
If a SAP packet is to be compressed or encrypted, this MUST be done If a SAP packet is to be compressed or encrypted, this MUST be done
before the authentication is added. before the authentication is added.
The digital signature in the authentication header MUST be calculated The digital signature in the authentication data MUST be calculated
over the entire packet, including the header. The authentication over the entire packet, including the header. The authentication
length MUST be set to zero and the authentication header field excluded length MUST be set to zero and the authentication data excluded when
when calculating the digitial signature. calculating the digitial signature.
9.1 PGP Authentication 9.1 PGP Authentication
Implementations which support authentication MUST support this format. Implementations which support authentication MUST support this format.
A full description of the PGP protocol can be found in [2]. When A full description of the PGP protocol can be found in [2]. When
using PGP for SAP authentication the basic format specific authentication using PGP for SAP authentication the basic format specific authentication
subheader comprises a digital signature packet as described in [2]. subheader comprises a digital signature packet as described in [2].
The signature type MUST be 0x01 which means the signature is that The signature type MUST be 0x01 which means the signature is that
of a canonical text document. of a canonical text document.
9.2 CMS Authentication 9.2 CMS Authentication
Support for this format is OPTIONAL. Support for this format is OPTIONAL.
skipping to change at line 767 skipping to change at line 792
[3] P. Deutsch and J.-L. Gailly. Zlib compressed data format specification [3] P. Deutsch and J.-L. Gailly. Zlib compressed data format specification
version 3.3, May 1996. RFC1950. version 3.3, May 1996. RFC1950.
[4] M. Handley and V. Jacobson. SDP: Session Description Protocol, April [4] M. Handley and V. Jacobson. SDP: Session Description Protocol, April
1998. RFC2327. 1998. RFC2327.
[5] M. Handley, D. Thaler, and R. Kermode. Multicast-scope zone [5] M. Handley, D. Thaler, and R. Kermode. Multicast-scope zone
announcement protocol (MZAP)(, February 1999. Work in progress. announcement protocol (MZAP)(, February 1999. Work in progress.
[6] R. Housley. Cryptographic message syntax. Work in progress, April [6] R. Housley. Cryptographic message syntax. Work in progress,
1999. draft-ietf-smime-cms-13.txt. April 1999. draft-ietf-smime-cms-13.txt.
[7] D. Mayer. Administratively scoped IP multicast, July 1998. RFC2365. [7] D. Mayer. Administratively scoped IP multicast, July 1998. RFC2365.
[8] D. Mills. Network time protocol version 3, March 1992. RFC1305. [8] D. Mills. Network time protocol version 3, March 1992. RFC1305.
===============================================================================
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/