MMUSIC Working Group                                       F. Andreasen
Internet-Draft                                            Cisco Systems
Intended Status: Proposed Standard                    February 25,                        March 4, 2007
Obsolotes: 3407
Expires: August September 2007

                        SDP Capability Negotiation
            draft-ietf-mmusic-sdp-capability-negotiation-04.txt
            draft-ietf-mmusic-sdp-capability-negotiation-05.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that
   any applicable patent or other IPR claims of which he or she is
   aware have been or will be disclosed, and any of which he or she
   becomes aware will be disclosed, in accordance with Section 6 of
   BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
        http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
        http://www.ietf.org/shadow.html

   This Internet-Draft will expire on August 25, September 4, 2007.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   The Session Description Protocol (SDP) was intended for describing
   multimedia sessions for the purposes of session announcement, session
   invitation, and other forms of multimedia session initiation. SDP was
   not intended to provide capability indication or capability
   negotiation, however over the years, SDP has seen widespread adoption
   and as a result it has been gradually extended to provide limited
   support for these. SDP and its current extensions however do not have
   the ability to negotiate one or more alternative transport protocols
   (e.g. RTP profiles) which makes it particularly difficult to deploy
   new RTP profiles such as secure RTP or RTP with RTCP-based feedback.
   The purpose of this document is to address that and other real-life
   limitations by extending SDP with capability negotiation parameters
   and associated offer/answer procedures to use those parameters in a
   backwards compatible manner.

   The solution provided in this document provides a general SDP
   capability negotiation framework. It also defines specifically how to
   provide attributes and transport protocols as capabilities and
   negotiate them using the framework. Extensions for other types of
   capabilities (e.g. media types and formats) may be provided in other
   documents.

Table of Contents

   1. Introduction...................................................3
   2. Conventions used in this document..............................6
   3. SDP Capability Negotiation Solution............................6
      3.1. Solution Overview.........................................6
      3.2. Relationship to RFC 3407..................................9
      3.3. Version and Extension Indication Attributes...............9
         3.2.1.
         3.3.1. Supported Capability Negotiation Extensions Attribute9
         3.2.2.
         3.3.2. Required Capability Negotiation Extension Attribute.10
      3.3. Attribute.11
      3.4. Capability Attributes....................................12
         3.3.1.
         3.4.1. Attribute Capability Attribute......................12
         3.3.2. Attribute......................13
         3.4.2. Transport Protocol Capability Attribute.............13
         3.3.3. Attribute.............14
         3.4.3. Extension Capability Attributes.....................15
      3.4. Attributes.....................16
      3.5. Configuration Attributes.................................15
         3.4.1. Attributes.................................16
         3.5.1. Potential Configuration Attribute...................15
         3.4.2. Attribute...................16
         3.5.2. Actual Configuration Attribute......................19
      3.5. Attribute......................22
      3.6. Offer/Answer Model Extensions............................20
         3.5.1. Extensions............................24
         3.6.1. Generating the Initial Offer........................20
         3.5.2. Offer........................24
         3.6.2. Generating the Answer...............................22
            3.5.2.1. Answer...............................27
            3.6.2.1. Example Views of Potential Configurations......26
         3.5.3. Configurations......31
         3.6.3. Offerer Processing of the Answer....................28
         3.5.4. Answer....................34
         3.6.4. Modifying the Session...............................29
      3.6. Session...............................35
      3.7. Interactions with ICE....................................29
      3.7. ICE....................................35
      3.8. Processing Media before Answer...........................31
      3.8. Answer...........................36
      3.9. Considerations for Specific Attribute Capabilities Using Capabilities.......37
         3.9.1. The rtpmap or fmtp..............31 and fmtp Attributes......................37
         3.9.2. Direction Attributes................................38
   4. Examples......................................................32 Examples......................................................38
      4.1. Best-Effort Secure RTP...................................32 RTP...................................38
      4.2. Multiple Transport Protocols.............................35 Protocols.............................41
      4.3. Best-Effort SRTP with Session-Level MIKEY and Media Level
      Security Descriptions39 Descriptions.........................................45
      4.4. Capability Negotiation SRTP with Interactive Connectivity
      Establishment.................................................43 Session-Level MIKEY and Media Level Security
      Descriptions as Alternatives..................................49
   5. Security Considerations.......................................43 Considerations.......................................51
   6. IANA Considerations...........................................45 Considerations...........................................53
      6.1. New SDP Attributes.......................................45 Attributes.......................................53
      6.2. New SDP Capability Negotiation Option Tag Registry.......47 Registry.......54
      6.3. New SDP Capability Negotiation Potential Configuration
      Parameter Registry............................................47 Registry............................................55
   7. To Do and Open Issues.........................................47 Issues.........................................55
   8. Acknowledgments...............................................47 Acknowledgments...............................................55
   9. Change Log....................................................48 Log....................................................56
      9.1. draft-ietf-mmusic-sdp-capability-negotiation-04..........48 draft-ietf-mmusic-sdp-capability-negotiation-05..........56
      9.2. draft-ietf-mmusic-sdp-capability-negotiation-03..........48 draft-ietf-mmusic-sdp-capability-negotiation-04..........57
      9.3. draft-ietf-mmusic-sdp-capability-negotiation-02..........48 draft-ietf-mmusic-sdp-capability-negotiation-03..........57
      9.4. draft-ietf-mmusic-sdp-capability-negotiation-01..........49 draft-ietf-mmusic-sdp-capability-negotiation-02..........57
      9.5. draft-ietf-mmusic-sdp-capability-negotiation-00..........50 draft-ietf-mmusic-sdp-capability-negotiation-01..........58
      9.6. draft-ietf-mmusic-sdp-capability-negotiation-00..........59
   10. References...................................................51 References...................................................60
      10.1. Normative References....................................51 References....................................60
      10.2. Informative References..................................51 References..................................60
   Author's Addresses...............................................54 Addresses...............................................62
   Intellectual Property Statement..................................54 Statement..................................63
   Full Copyright Statement.........................................54
   Acknowledgment...................................................55 Statement.........................................63
   Acknowledgment...................................................63

1. Introduction

   The Session Description Protocol (SDP) was intended for describing
   multimedia sessions for the purposes of session announcement, session
   invitation, and other forms of multimedia session initiation. The SDP
   contains one or more media stream descriptions with information such
   as IP-address and port, type of media stream (e.g. audio or video),
   transport protocol (possibly including profile information, e.g.
   RTP/AVP or RTP/SAVP), media formats (e.g. codecs), and various other
   session and media stream parameters that define the session.

   Simply providing media stream descriptions is sufficient for session
   announcements for a broadcast application, where the media stream
   parameters are fixed for all participants. When a participant wants
   to join the session, he obtains the session announcement and uses the
   media descriptions provided, e.g., joins a multicast group and
   receives media packets in the encoding format specified.  If the
   media stream description is not supported by the participant, he is
   unable to receive the media.

   Such restrictions are not generally acceptable to multimedia session
   invitations, where two or more entities attempt to establish a media
   session that uses a set of media stream parameters acceptable to all
   participants. First of all, each entity must inform the other of its
   receive address, and secondly, the entities need to agree on the
   media stream parameters to use for the session, e.g. transport
   protocols and codecs. We here make a distinction between the
   capabilities supported by each participant, the way in which those
   capabilities can be supported and the parameters that can actually be
   used for the session. More generally, we can say that we have the
   following:

   o  A set of capabilities for the session and its associated media
      stream components, supported by each side.

   o  A set of potential configurations indicating which combinations of
      those capabilities can be used for the session and its associated
      media stream components.

   o  An actual configuration for the session and its associated media
      stream components, which specifies which combinations of session
      parameters and media stream components to use and with what
      parameters.

   o  A negotiation process that takes the set of potential
      configurations (combinations of capabilities) as input and
      provides the actual configurations as output.

   SDP by itself was designed to provide only one of these, namely the
   actual configurations, however over the years, use of SDP has been
   extended beyond its original scope.  Session negotiation semantics
   were defined by the offer/answer model in RFC 3264.  It defines how
   two entities, an offerer and an answerer, exchange session
   descriptions to negotiate a session. The offerer can include one or
   more media formats (codecs) per media stream, and the answerer then
   selects one or more of those offered and returns them in an answer.
   Both the offer and the answer contain actual configurations;
   capabilities and potential configurations are not supported. The
   answer however may reduce the set of actual configurations from the
   offer as well as extend the set of actual configurations that can be
   used to receive media by the answerer.

   Other relevant extensions have been defined. Simple capability
   declarations, which define how to provide a simple and limited set of
   capability descriptions in SDP was defined in RFC 3407.  Grouping of
   media lines, which defines how media lines in SDP can have other
   semantics than the traditional "simultaneous media streams"
   semantics, was defined in RFC 3388, etc.

   Each of these extensions was designed to solve a specific limitation
   of SDP.  Since SDP had already been stretched beyond its original
   intent, a more comprehensive capability declaration and negotiation
   process was intentionally not defined.  Instead, work on a "next
   generation" of a protocol to provide session description and
   capability negotiation was initiated [SDPng].  SDPng however has not
   gained traction and has remained as work in progress for an extended
   period of time.  Existing real-time multimedia communication
   protocols such as SIP, RTSP, Megaco, and MGCP continue to use SDP.
   SDP and its current extensions however do not address an increasingly
   important problem: the ability to negotiate one or more alternative
   transport protocols (e.g., RTP profiles).  This makes it difficult to
   deploy new RTP profiles such as secure RTP (SRTP) [SRTP], RTP with
   RTCP-Based Feedback [AVPF], etc.  This particular problem is
   exacerbated by the fact that RTP profiles are defined independently.
   When a new profile is defined and N other profiles already exist,
   there is a potential need for defining N additional profiles, since
   profiles cannot be combined automatically.  For example, in order to
   support the plain and secure RTP version of RTP with and without
   RTCP-based feedback, four separate profiles (and hence profile
   definitions) are needed: RTP/AVP [RFC3551], RTP/SAVP [SRTP], RTP/AVPF
   [AVPF], and RTP/SAVPF [SAVPF].  In addition to the pressing profile
   negotiation problem, other important real-life limitations have been
   found as well.

   The purpose of this document is to define a mechanism that enables
   SDP to provide limited support for indicating capabilities and their
   associated potential configurations, and negotiate the use of those
   potential configurations as actual configurations.  It is not the
   intent to provide a full-fledged capability indication and
   negotiation mechanism along the lines of SDPng or ITU-T H.245.
   Instead, the focus is on addressing a set of well-known real-life
   limitations. More specifically, the solution provided in this
   document provides a general SDP capability negotiation framework. It
   also defines specifically how to provide attributes and transport
   protocols as capabilities and negotiate them using the framework.
   Extensions for other types of capabilities (e.g. media types and
   formats) may be provided in other documents.

   As mentioned above, SDP is used by several protocols, and hence the
   mechanism should be usable by all of these.  One particularly
   important protocol for this problem is the Session Initiation
   Protocol (SIP) [RFC3261].  SIP uses the offer/answer model (which is
   not specific to SIP) to negotiate sessions and hence the mechanism
   defined here defines the offer/answer procedures to use for the
   capability negotiation framework.

   The rest of the document is structured as follows. In Section 3. we
   present our SDP capability negotiation solution, which consists of
   new SDP attributes and associated offer/answer procedures. In Section
   4. we provide examples illustrating its use and in Section 5. we
   provide the security considerations.

2. Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3. SDP Capability Negotiation Solution

   In this section we first provide an overview of the SDP Capability
   negotiation solution. This is followed by definitions of new SDP
   attributes for the solution and its associated updated offer/answer
   procedures.

3.1. Solution Overview

   The solution consists of the following:

   o  Two new attributes to support extensions to the framework itself
      as follows:

       o  A new attribute ("a=csup") that lists the supported base and
          extension options to the framework.

       o  A new attribute ("a=creq") that lists the base and or extensions to the
          framework that are required to be supported by the entity
          receiving the SDP in order to do capability negotiation.

   o  Two new attributes used to express capabilities as follows
      (additional attributes can be defined as extensions):

       o  A new attribute ("a=acap") that defines how to list an
          attribute name and its name, either with or without an associated value value, as
          a capability.

       o  A new attribute ("a=tcap") that defines how to list transport
          protocols (e.g. "RTP/AVP") as capabilities.

   o  Two new attributes to negotiate configurations as follows:

       o  A new attribute ("a=pcfg") that lists the potential
          configurations supported. This is done by reference to the
          capabilities from the SDP in question. Multiple potential
          configurations have an explicitly indicated ordering
          associated with them. Extension capabilities can be defined
          and referenced in the potential configurations.

       o  A new attribute ("a=acfg") to be used in an answer SDP. The
          attribute identifies a potential configuration from an offer
          SDP which were used as an actual configuration to form the
          answer SDP. Extension capabilities can be included as well.

   o  Extensions to the offer/answer model that allow for capabilities
      and potential configurations to be included in an offer.
      Capabilities can be provided at the session level or the media
      level. Potential configurations can be included at the media level
      only, where they constitute alternative offers that may be
      accepted by the answerer instead of the actual configuration(s)
      included in the "m=" line(s). The answerer indicates which (if
      any) of the potential configurations it used to form the answer by
      including the actual configuration attribute ("a=acfg") in the
      answer.  Capabilities may be included in answers as well, where
      they can aid in guiding a subsequent new offer.

   The mechanism is illustrated by the offer/answer exchange below,
   where Alice sends an offer to Bob:

                Alice                               Bob

                  | (1) Offer (SRTP and RTP)         |
                  |--------------------------------->|
                  |                                  |
                  | (2) Answer (SRTP)                |
                  |<---------------------------------|
                  |                                  |

   Alice's offer includes RTP and SRTP as alternatives. RTP is the
   default (actual configuration), but SRTP is the preferred one
   (potential configuration):

      v=0
      o=- 25678 753849 IN IP4 128.96.41.1 192.0.2.1
      s=
      c=IN IP4 128.96.41.1 192.0.2.1
      t=0 0
      m=audio 3456 53456 RTP/AVP 0 18
      a=creq: cap-v0
      a=tcap:1 RTP/SAVP
      a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 t=1 a=1

   The "m=" line indicates that Alice is offering to use plain RTP with
   PCMU or G.729.  The required base and extensions are provided by the
   "a=creq" attribute, which includes the option tag "cap-v0" to
   indicate that the base framework defined here must be supported. The capabilities are provided by the "a=tcap" and
   "a=acap" attributes. The transport capabilities ("a=tcap") indicate
   that secure RTP under the AVP profile ("RTP/SAVP") is supported with
   an associated transport capability handle of 1. The "acap" attribute
   provides an attribute capability with a handle of 1. The attribute
   capability is a "crypto" attribute, which provides the keying
   material for SRTP using SDP security descriptions [SDES]. The
   "a=pcfg" attribute provides the potential configuration included in
   the offer by reference to the capability parameters.  One alternative
   is provided; it has a configuration number of 1 and it consists of
   transport protocol capability 1 (i.e. the RTP/SAVP profile - secure
   RTP), and the attribute capability 1, i.e. the crypto attribute
   provided. Potential configurations are always preferred over the
   actual configuration included in the offer SDP, and hence Alice is
   expressing a preference for using secure RTP.

   Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP
   Capability Negotiation framework, and hence he accepts the
   (preferred) potential configuration for Secure RTP provided by Alice:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2 192.0.2.2
      t=0 0
      m=audio 4568 54568 RTP/SAVP 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
            inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
      a=acfg:1 t=1 a=1

   Bob includes the "a=acfg" attribute in the answer to inform Alice
   that he based his answer on an offer containing the potential
   configuration with transport protocol capability 1 and attribute
   capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the
   keying material provided).  Bob also includes his keying material in
   a crypto attribute. If Bob supported one or more extensions to the
   capability negotiation framework, he would have included option tags
   for those in the answer as well (in an "a=csup" attribute).

   Note that in this particular example, the answerer supported the
   capability negotiation extensions defined here, however had he not,
   the answerer would simply have ignored the new attributes and
   accepted the (actual configuration) offer to use normal RTP. In that
   case, the following answer would have been generated instead:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2 192.0.2.2
      t=0 0
      m=audio 4568 54568 RTP/AVP 0 18

3.2. Relationship to RFC 3407

   RFC 3407 defines capability descriptions with limited abilities to
   describe attributes, bandwidth parameters, transport protocols and
   media formats. RFC 3407 does not define any negotiation procedures
   for actually using those capability descriptions.

   This document obsoletes RFC 3407 by defining new attributes for
   describing attribute capabilities and transport capabilities. It also
   defines procedures for actually using those capabilities as part of
   an offer/answer exchange. Extensions to this document may be defined
   in order to fully cover all the capabilities provided by RFC 3407
   (for example more general media capabilities).

   It is RECOMMENDED that implementations use the attributes and
   procedures defined in this document instead of those defined in
   [RFC3407].

   If capability description interoperability with legacy RFC 3407
   implementations is desired, implementations MAY include both RFC 3407
   capability descriptions and capabilities defined by this document.
   The offer/answer negotiation procedures however will not be able to
   use the RFC 3407 capability descriptions.

3.3. Version and Extension Indication Attributes

   In this section, we present the new attributes associated with
   indicating the SDP capability negotiation extensions supported and
   required.

3.2.1.

3.3.1. Supported Capability Negotiation Extensions Attribute

   The SDP Capability negotiation solution allows for capability
   negotiation extensions to be defined. Associated with each such
   extension is an option tag that identifies the extension in question.

   Option-tags MUST be registered with IANA per the procedures defined
   in Section 6.

   The Supported Capability Negotiation Extensions attribute ("a=csup")
   contains a comma-separated list of option tags identifying the SDP
   Capability negotiation extensions supported by the entity that
   generated the SDP. The attribute is defined as follows:

      a=csup: <option-tag-list>

   RFC 4566, Section 9, provides the ABNF for SDP attributes. The "csup"
   attribute adheres to the RFC 4566 "attribute" production, with an
   att-value defined as follows:

      att-value         = *WSP option-tag-list
      option-tag-list   = option-tag *(COMMA option-tag)
      option-tag        = token    ; defined in [SDP] [RFC4566]
      COMMA             = *WSP "," *WSP      ; defined in [RFC4234]

   Note that white-space is permitted before the option-tag-list. Also,
   implementers

   Implementers familiar with SIP the Session Initiation Protocol (SIP)
   should note that the above definition of COMMA differs from the one
   in [RFC3261].

   A special base option tag with a value of "cap-v0" is defined for the
   basic SDP capability negotiation framework. Entities can use this
   option tag with the "a=csup" attribute to indicate support for the
   SDP capability negotiation framework specified in this document.

   The following examples illustrates the use of the "a=csup" attribute
   with the "cap-v0" option tags and two hypothetical option tags, "foo"
   and "bar":

      a=csup: cap-v0
      a=csup: foo
      a=csup: bar
      a=csup: cap-v0, foo, bar "bar" (note the lack of white space):

      a=csup:cap-v0

      a=csup:foo

      a=csup:bar

      a=csup:cap-v0,foo,bar

   The "a=csup" attribute can be provided at the session and the media-
   level. When provided at the session-level, it applies to the entire
   SDP. When provided at the media-level, it applies to the media
   description in question only (option-tags provided at the session
   level apply as well). There can be at most one or more "a=csup" attributes at
   both
   the session session-level and at most one at the media-level (one or more per media
   description in the latter case).

   Whenever an entity that supports one or more extensions to the SDP
   Capability Negotiation framework generates an SDP, it SHOULD include
   the "a=csup" attribute with the option tags for the extensions it
   supports at the session and/or media-level, unless those option tags
   are already provided in one or more "a=creq" attribute (see Section
   3.2.2.
   3.3.2. ) at the relevant levels. The base option tag MAY be included.

3.2.2.

3.3.2. Required Capability Negotiation Extension Attribute

   The Required Capability Negotiation Extensions attribute ("a=creq")
   contains a comma-separated list of option tags (see Section 3.2.1. 3.3.1. )
   identifying the SDP Capability negotiation extensions that MUST be
   supported by the entity receiving the SDP in order for that entity to
   properly process the SDP Capability negotiation. Negotiation attributes and
   associated procedures. Support for the basic negotiation framework is
   implied by the presence of an "a=pcfg" attribute (see Section 3.5.1.
   ) and hence there is no need to include the "a=creq" attribute with
   the base option-tag ("cap-v0"). Still, it is allowed to do so.

   The attribute is defined as follows:

      a=creq: <option-tag-list>

   The "creq" attribute adheres to the RFC 4566 "attribute" production,
   with an att-value defined as follows:

      att-value   = *WSP option-tag-list

   where "option-tag-list" is defined in Section 3.2.1.  Note that
   white-space is permitted before the option-tag-list.

   The following examples illustrate the use of the "a=creq" attribute
   with the "cap-v0" base option tag and two hypothetical option tags,
   "foo" and "bar":

      a=creq: cap-v0
      a=creq: foo
      a=creq: bar
      a=creq: cap-v0, foo, bar "bar" (note the lack of white space):

      a=creq:cap-v0

      a=creq:foo

      a=creq:bar

      a=creq:cap-v0,foo,bar

   The "a=creq" attribute can be provided at the session and the media-
   level. When provided at the session-level, it applies to the entire
   SDP. When provided at the media-level, it applies to the media-stream
   in question only (required option tags provided at the session level
   apply as well). There can be at most one or more "a=creq" attributes attribute at both the session
   session-level and at most one "a=creq" attribute at the media-level
   (one or more per media stream description in the latter case).

   When an entity generates an SDP and it requires the recipient of that
   SDP to support one or more SDP capability negotiation extensions in
   order to properly process the SDP Capability negotiation, the
   "a=creq" attribute MUST be included with option-tags that identify
   the required extensions at the session and/or media level, unless it
   is already known that the receiving entity supports those option-tags
   at the relevant levels (in which case their inclusion is OPTIONAL).

     An example of this is when generating an answer to an offer. If the
     answerer supports the required option-tags from the offer, and the
     answerer does not require any additional option-tags beyond what
     was listed in either the required ("a=creq") or supported
     ("a=csup")  attributes from the offer, then the answerer is not
     required to include a required ("a=creq") attribute with any
     option-tags that may need to be supported (such as the base option
     tag - "cap-v0").

   Support for the basic negotiation framework is implied by the
   presence of an "a=pcfg" attribute (see Section 3.5.1. ) and hence it
   is not required to include the "a=creq" attribute with the base
   option-tag ("cap-v0").

   A recipient that receives an SDP and does not support one or more of
   the required extensions listed in a "creq" attribute, MUST NOT
   perform the SDP capability negotiation defined in this document. For
   non-supported extensions provided at the session-level, this implies
   that SDP capability negotiation MUST NOT be performed at all. For
   non-supported extensions at the media-level, this implies that SDP
   capability negotiation MUST NOT be performed for the media stream in
   question.

   When an entity does not support one or more required SDP capability
   negotiation extensions, the entity SHOULD proceed as if the SDP
   capability negotiation attributes were not included in the first
   place, i.e. all the capability negotiation attributes should be
   ignored.  In that case, the entity SHOULD include a "csup" attribute
   listing the SDP capability negotiation extensions it actually
   supports.

     This ensures that introduction of the SDP capability negotiation
     mechanism does not introduce any new failure scenarios.

   The above rules apply to the base option tag as well. Thus, entities
   compliant to this specification MUST include a "creq" attribute (at
   least in an offer) that includes the option tag "cap-v0" as
   illustrated below:

      a=creq: cap-v0

3.3.

3.4. Capability Attributes

   In this section, we present the new attributes associated with
   indicating the capabilities for use by the SDP Capability
   negotiation.

3.3.1.

3.4.1. Attribute Capability Attribute

   Attributes and their associated values can be expressed as
   capabilities by use of a new attribute capability attribute
   ("a=acap"), which is defined as follows:

      a=acap: <att-cap-num> <att-par>

   where <att-cap-num> is an integer between 1 and 2^31-1 (both
   included) used to number the attribute capability and <att-par> is an
   attribute ("a=") in its full  '<type>=<value>' form (see [SDP]). [RFC4566]).
   Support for a specific attribute (name) (without any particular
   values) can be indicated by providing only the '<type>' (i.e. the
   attribute name).

   The "acap" attribute adheres to the RFC 4566 "attribute" production,
   with an att-value defined as follows:

      att-value   = *WSP att-cap-num 1*WSP att-par
      att-cap-num = 1*DIGIT ;defined in [RFC4234]
      att-par     = attribute  ;defined in RFC 4566

   Note that white-space is not permitted before the att-cap-num.

   The "acap" attribute can be provided at the session level for
   session-level attributes and the media level for media-level
   attributes. The "acap" attribute MUST NOT be used to provide a media-level media-
   level attribute at the session-level or vice versa.

   Each occurrence of the "acap" attribute in the entire session
   description MUST use a different value of <att-cap-num>.

     There is a need to be able to reference both session-level and
     media-level attributes in potential configurations at the media
     level, and this provides for a simple solution to avoiding overlap
     between the references (handles) to each attribute capability.

   The <att-cap-num> values provided are independent of similar <cap-
   num> values provided for other capability attributes, types of capabilities, i.e., they form
   a separate name-space for attribute capabilities.

   The following examples illustrate use of the "acap" attribute:

      a=acap: 1

      a=acap:1 a=ptime:20

      a=acap: 2

      a=acap:2 a=ptime:30

      a=acap: 3
      a=acap:3 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyONQ6gAA
      AAAGEEoo2pee4hp2UaDX8ZE22YwKAAAPZG9uYWxkQGR1Y2suY29tAQAAAAAAAQAk0
      JKpgaVkDaawi9whVBtBt0KZ14ymNuu62+Nv3ozPLygwK/GbAV9iemnGUIZ19fWQUO
      SrzKTAv9zV

      a=acap: 4

      a=acap:4 a=crypto:1 AES_CM_128_HMAC_SHA1_32
            inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32

      a=acap:5 a=crypto

      a=acap:6 a=key-mgmt

   The first two provide attribute values for the ptime attribute. The
   third provides SRTP parameters by using MIKEY with the key-mgmt
   attribute [KMGMT]. The fourth provides SRTP parameters by use of
   security descriptions with the crypto attribute [SDES]. Note that the
   line-wrapping and new-lines in example three and four are provided
   for formatting reasons only - they are not permitted in actual SDP.
   The 5th attribute capability merely indicates support for the
   "crypto" attribute (without any further information about particular
   values to use with it), and the 6th attribute capability merely
   indicates support for the "key-mgmt" attribute.

     Readers familiar with RFC 3407 may notice the similarity between
     the RFC 3407 "cpar" attribute and the above. There are however a
     couple of important differences, most notably that the "acap"
     attribute contains a handle that enables referencing it and it
     furthermore supports attributes only (the "cpar" attribute defined
     in RFC 3407 supports bandwidth information as well). The "acap"
     attribute also is not automatically associated with any particular
     capabilities.

3.3.2.

3.4.2. Transport Protocol Capability Attribute

   Transport Protocols can be expressed as capabilities by use of a new
   Transport Protocol Capability attribute ("a=tcap") defined as
   follows:

      a=tcap: <trpr-cap-num> <proto-list>

   where <trpr-cap-num> is an integer between 1 and 2^31-1 (both
   included) used to number the transport address capability for later
   reference, and <proto-list> is one or more <proto>, separated by
   white space, as defined in the SDP "m=" line.

   The "tcap" attribute adheres to the RFC 4566 "attribute" production,
   with an att-value defined as follows:

      att-value      = *WSP trpr-cap-num 1*WSP proto-list
      trpr-cap-num   = 1*DIGIT ;defined in [RFC4234]
      proto-list     = proto *(1*WSP proto) ; defined in RFC 4566

   Note that white-space is not permitted before the trpr-cap-num.

   The "tcap" attribute can be provided at the session- and media-level.
   Each occurrence of the "tcap"
   There can be multiple "tcap" attributes at the session-level as well
   as within each media description. Each occurrence of the "tcap"
   attribute in the entire session description MUST use a different
   value of <trpr-cap-num>.  When multiple <proto> values are provided,
   the first one is associated with the value <trpr-cap-num>, the second
   one with the value one higher, etc. The <trpr-cap-num> values
   provided are independent of similar <cap-num> values provided for
   other capability attributes, i.e., they form a separate name-space
   for transport protocol capabilities.

   Below, we provide examples of the "a=tcap" attribute:

      a=tcap: 1

      a=tcap:1 RTP/AVP
      a=tcap: 2
      a=tcap:2 RTP/AVPF
      a=tcap: 3
      a=tcap:3 RTP/SAVP RTP/SAVPF

   The first one provides a capability for the "RTP/AVP" profile defined
   in [RFC3551] and the second one provides a capability for the RTP
   with RTCP-Based Feedback profile defined in [AVPF]. The third one
   provides capabilities for the "RTP/SAVP" and "RTP/SAVPF" profiles.

   Transport capabilities are inherently included in the "m=" line,
   however they still need to be specified explicitly in a "tcap"
   attribute, if they are to be used as a capability.

     This may seem redundant (and indeed it is from the offerer's point
     of view), however it is done to protect against middle-boxes that
     may modify "m=" lines while passing unknown attributes through. If
     an implicit transport capability were used instead (e.g. a reserved
     transport capability number could be used to refer to the transport
     protocol in the "m=" line), and a middle-box were to modify the
     transport protocol in the "m=" line (e.g. to translate between
     plain RTP and secure RTP), then the potential configuration
     referencing that implicit transport capability may no longer be
     correct. With explicit capabilities, we avoid this pitfall,
     although the potential configuration preference (see Section 3.4.1. 3.5.1.
     ) may not reflect that of the middle-box (which some may view as a
     feature).

3.3.3.

3.4.3. Extension Capability Attributes

   The SDP Capability Negotiation framework allows for new capabilities
   to be defined as extensions and used with the general capability
   negotiation framework. The syntax and semantics of such new
   capability attributes are not defined here, however in order to be
   used with potential configurations, they MUST SHOULD allow for a numeric
   handle to be associated with each capability. This handle will can be used
   as a reference within the potential and actual configuration
   attributes (see Section 3.4.1. 3.5.1. and 3.4.2. 3.5.2. ). The definition of such
   extension capability attributes MUST also state whether they can be
   applied at the session-level, media-level, or both.

3.4.

3.5. Configuration Attributes

3.4.1.

3.5.1. Potential Configuration Attribute

   Potential Configurations can be expressed by use of a new Potential
   Configuration Attribute ("a=pcfg") defined as follows:

      a=pcfg: <config-number> <pot-cfg-list>

   where <config-number> is an integer between 1 and 2^31-1 (both
   included).

   The "pcfg" attribute adheres to the RFC 4566 "attribute" production,
   with an att-value defined as follows:

      att-value      = *WSP config-number 1*WSP pot-cfg-list
      config-number  = 1*DIGIT ;defined in [RFC4234]
      pot-cfg-list   = pot-config *(1*WSP pot-config)
      pot-config     = pot-attribute-parameter-config pot-attribute-config-list /
                       pot-transport-protocol-config
                       pot-transport-protocol-config-list /
                       pot-extension-config
                       pot-extension-config-list

   The missing productions are defined below. Note that white-space is
   not permitted before the config-number.

   The potential configuration attribute can be provided at the media-
   level only. only and there can be multiple instances of it within a given
   media description. The attribute includes a configuration number,
   which is an integer between 1 and 2^31-1 (both included). The
   configuration number MUST be unique within the media stream. description
   (i.e. it has media level scope only). The configuration number also
   indicates the relative preference of potential configurations; lower
   numbers are preferred over higher numbers.

   After the configuration number, one or more potential configuration
   parameters
   lists MUST be provided. The potential configuration lists generally
   reference one or more capabilities, and those capabilities are
   (conceptually) used to construct a new internal version of the SDP by
   use of purely syntactic add, delete and replace operations on the
   original SDP (actual configuration), thereby generating a new
   potential configuration SDP that can be used by conventional SDP
   procedures if actually selected.

   This document defines potential attribute parameter configurations configuration lists and
   potential transport protocol
   configurations. configuration lists.  Each of these MUST
   NOT be present more than once in a particular potential configuration
   attribute. Potential extension
   configurations configuration lists can be included as
   well; unknown potential extension
   configurations configuration lists MUST be ignored
   (if support is required, then the "a=creq" attribute with a suitable
   option tag tags should be used). There can be more than one potential
   extension configuration, configuration list, however each particular potential
   extension configuration list MUST NOT be present more than once in a
   given potential configuration attribute. Together, these values potential
   configuration lists define a potential configuration.

   There can be multiple potential configurations provided within a
   media description. Each of these indicates not only a willingness,
   but in fact a desire to use the potential configuration.

   Attribute capabilities are included used in a potential configuration by use
   of the pot-attribute-parameter-config pot-attribute-config-list parameter, which is defined by the
   following ABNF:

      pot-attribute-parameter-config

      pot-attribute-config-list
                        = "a=" acap-cap-list [delete-attributes ":"]
                              att-cap-inst-list *(BAR acap-cap-list)
      acap-cap-list att-cap-inst-list)
      delete-attributes = att-cap-num DELETE ( "m"    ; media attributes
                              / "s"    ; session attributes
                              / "ms" ) ; media and session attributes
      att-cap-inst-list = att-cap-inst *(COMMA att-cap-num) att-cap-inst)
      att-cap-inst      = [att-cap-operator] att-cap-num
      att-cap-operator  =  DELETE / REPLACE
      att-cap-num       = 1*DIGIT   ;defined in [RFC4234]
      BAR               = *WSP "|" *WSP  ; defined in [RFC4234]
      DELETE            = "-"
      REPLACE           = "/"

   Note that white space is not permitted within this production.

   Each potential attribute parameter configuration list is a comma-
   separated list of attribute capability numbers where att-cap-num
   refers can optionally begin with
   instructions for how to attribute capability numbers defined above and hence MUST
   be between 1 and 2^31-1 (both included). Alternative potential
   attribute parameter configurations handle attributes that are separated by a vertical bar
   ("|"), the scope part of which extends to the next alternative actual
   configuration (i.e. ","
   has higher precedence than "|"). The alternatives are ordered by
   preference with the most preferred listed first.

   Transport protocol capabilities are included in a potential
   configuration by use "a=" lines present in the original SDP). By
   default, such attributes will remain as part of the pot-transport-protocol-config parameter,
   which is defined by configuration in
   question. However, if delete-attributes indicates "-m", then all
   attribute lines within the following ABNF:

      pot-transport-protocol-config =
                           "t=" trpr-cap-num *(BAR trpr-cap-num)
      trpr-cap-num        = 1*DIGIT   ; defined media description in [RFC4234] question will be
   deleted (i.e. all "a=" lines under the "m=" line in question). If
   delete-attributes indicates "-s", then all attribute lines at the
   session-level will be deleted (i.e. all "a=" lines before the first
   "m=" line). If delete-attributes indicates "-ms", then all attribute
   lines within this media description ("m=" line) and all attribute
   lines at the session-level will be deleted.

   The trpr-cap-num refers attribute capability instruction list comes next. It contains one
   or more alternative lists of attribute capability instructions. The
   lists are separated by a vertical bar ("|"), and each list contains
   one or more attribute capability instructions separated by commas
   (","). An attribute capability instruction is merely an attribute
   capability number that may optionally be prefixed by an attribute
   capability operator. Each attribute capability number (att-cap-num)
   identifies a particular attribute capability by referring to transport protocol
   attribute capability numbers defined above and hence MUST be between
   1 and 2^31-1 (both included).
   Alternative The following example illustrates the
   above:

      a=-m:1,2,-3,/4|1,2,5

   where

   o  "a=-m:1,2,-3,/4|1,2,5" is the potential transport protocol configurations attribute configuration
      list

   o  "-m" is the delete-attributes

   o  "1,2,-3,/4" and "1,2,5" are both attribute capability instruction
      lists. The two lists are alternatives, since they are separated by
      a vertical bar ("|").  The alternatives are ordered by preference
   with the most preferred listed first. When transport protocol
   capabilities are not included in a potential configuration at the
   media level, above

   o  "1" is an attribute capability instruction without any attribute
      capability operator. It is also an attribute capability number

   o  "-3" is an attribute capability instruction, where "-" is an
      attribute capability operator, and "3" is the transport protocol information from attribute capability
      number.

   o  "/4" is an attribute capability instruction, where "/" is an
      attribute capability operator, and "4" is the attribute capability
      number.

   By default, each referenced attribute capability will result in the
   corresponding attribute name and its associated
   "m=" line value (contained
   inside the attribute capability) merely being added to the resulting
   potential configuration SDP. The attribute capability operators
   change this default behavior:

   o  For session-level attribute capabilities, the DELETE operator ("-
      ") will be used.

     In result in the presence deletion of middle-boxes (the existence all session-level occurrences of which may not be
     known), care should be taken
      attributes with assuming that the transport
     protocol in same attribute-name (attribute values are
      ignored) as the "m=" line will not be modified by a middle-box. Use
     of an explicit attribute contained inside that attribute
      capability. The attribute contained inside the attribute
      capability will guard against NOT be added to the resulting potential
      configuration SDP.

         For example, if delete was indicated for a session-level "key-
         mgmt" attribute capability
     indications ("a=acap:1 a=key-mgmt..."), all
         occurrences of that.

   Extension capabilities can "a=key-mgmt" at the session-level would be included in a potential configuration
   as well. Such extensions MUST adhere to
         deleted.

   o  For media-level attribute capabilities, the following ABNF:

      pot-extension-config = ext-cap-name "="
                                 ext-cap-list *(BAR ext-cap-list)
      ext-cap-name   = token     ; defined in [SDP]
      ext-cap-list   = ext-cap-num *(COMMA ext-cap-num)
      ext-cap-num    = 1*DIGIT   ; defined DELETE operator ("-")
      will result in [RFC4234]

   The ext-cap-name refers to the type deletion of extension capability and the
   ext-cap-num refers to a capability number associated all occurrences of attributes with
      the same attribute-name (attribute values are ignored) as the
      attribute contained inside that attribute capability, within this
      particular type of extension capability. media description ("m=" line) only. The number MUST attribute
      contained inside the attribute capability will NOT be between
   1 and 2^31-1 (both included).  Alternative added to the
      resulting potential extension
   configurations configuration SDP.

         For example, if delete was indicated for a particular extension media-level "crypto"
         attribute capability ("a=acap:1 a=crypto..."), all occurrences
         of "a=crypto" inside the media description ("m=" line) in
         question would be deleted.

   o  For session-level attribute capabilities, the REPLACE operator
      ("/") is similar to the DELETE operator, except that the attribute
      contained inside the attribute capability WILL be added to the
      resulting potential configuration SDP (at the session-level).

         For example, if replace was indicated for a session-level "key-
         mgmt" attribute capability ("a=acap:1 a=key-mgmt..."), all
         occurrences of "a=key-mgmt" at the session-level would be
         deleted, and the "key-mgmt" attribute name and its associated
         value from the attribute capability would be added to the
         resulting SDP for that configuration.

   o  For media-level attribute capabilities, the REPLACE operator ("/")
      is similar to the DELETE operator, except that the attribute
      contained inside the attribute capability WILL be added to the
      resulting potential configuration SDP (within the media
      description in question).

         For example, if replace was indicated for a media-level
         "crypto" attribute capability ("a=acap:1 a=crypto..."), all
         occurrences of "a=crypto" inside the media description ("m="
         line) in question would be deleted, and the "crypto" attribute
         name and its associated value from the attribute capability
         would be added to the resulting SDP for that configuration.

   Alternative attribute capability instruction lists are separated by a
   vertical bar ("|"),the ("|"), the scope of which extends to the next
   alternative (i.e. "," has higher precedence than "|").  Unsupported or unknown
   potential extension configs The
   alternatives are ordered by preference with the most preferred listed
   first. Exactly one of the alternative lists MUST be ignored.

     The "creq" attribute and selected in its associated rules can be used
   entirety in order to ensure
     that required extensions use this potential configuration attribute.

   Potential transport protocol configuration lists are supported included in a
   potential configuration by use of the first place.

   Potential configurations can be provided at the media level only,
   however it pot-transport-protocol-config-
   list parameter, which is possible to reference capabilities provided at either
   the session or media level. There are certain semantic rules and
   restrictions associated with this:

   A (media level) potential configuration in a given media description
   MUST NOT reference a media-level capability provided defined by the following ABNF:

      pot-transport-protocol-config-list =
                           "t=" trpr-cap-num *(BAR trpr-cap-num)
      trpr-cap-num        = 1*DIGIT   ; defined in a different
   media description; doing so invalidates [RFC4234]

   Note that white-space is not permitted within this production.

   The trpr-cap-num refers to transport protocol capability numbers
   defined above and hence MUST be between 1 and 2^31-1 (both included).
   Alternative potential configuration.
   A potential configuration can however reference transport protocol capabilities are separated
   by a session-level
   capability. vertical bar ("|").  The semantics of doing so (should that alternatives are ordered by preference
   with the most preferred listed first. When there are no transport
   protocol capabilities included in a potential configuration be chosen), depends on at the type of capability. In
   media level, the
   case of transport capabilities, this has no particular implication.
   In the case of attribute capabilities however, it does. More
   specifically, protocol information from the corresponding attribute value (provided within that
   attribute capability) associated
   "m=" line will be considered part used. When included, exactly one of the active
   alternatives MUST be selected in order to use this potential
   configuration at the *session* level. attribute.

     In other words, it will the presence of middle-boxes (the existence of which may not be as-
   if that attribute was simply provided
     known), care should be taken with assuming that value at the session-
   level transport
     protocol in the first place. Note that individual media streams perform "m=" line will not be modified by a middle-box. Use
     of an explicit transport protocol capability will guard against any
     capability negotiation individually, and hence it is possible that
   another media stream (where the attribute was part implications of that.

   Extension capabilities can be included in a potential
   configuration) chose a configuration without that session level
   attribute. The session-level attribute however remains "active" and
   hence applies
   as well by use of potential extension configuration lists. Such
   potential configuration extension lists MUST adhere to the entire session. It following
   ABNF:

      pot-extension-config-list  = ext-cap-name "="
                                    ext-cap-list
      ext-cap-name               = token     ; defined in [RFC4566]
      ext-cap-list               = 1*VCHAR      ; defined in [RFC4234]

   Note that white-space is up not permitted within this production.

   The ext-cap-name refers to the entity that
   generates the SDP to ensure that in such cases, type of extension capability and the resulting active
   configuration SDP
   ext-cap-list is still meaningful. here merely defined as a sequence of visible
   characters. The session-level operation actual extension supported MUST refine both of these
   further. For extension capabilities that merely need to be referenced
   by a capability number, it is undefined:
   Consequently, if session-level RECOMMENDED to follow a structure
   similar to what has been specified above. Unsupported or unknown
   potential extension capabilities are defined,
   they configuration lists in a potential configuration
   attribute MUST specify be ignored.

     The "creq" attribute and its associated rules can be used to ensure
     that required extensions are supported in the implication of making them part of an active first place.

   Potential configuration attributes can be provided at the media level.

   Below, we provide an example of level
   only, however it is possible to reference capabilities provided at
   either the "a=pcfg" session or media level. There are certain semantic rules
   and restrictions associated with this:

   A (media level) potential configuration attribute in a complete given media
   description MUST NOT reference a media-level capability provided in order to properly indicate the supporting
   attributes:

      v=0
      o=- 25678 753849 IN IP4 128.96.41.1
      s=
      c=IN IP4 128.96.41.1
      t=0 0
      m=audio 3456 RTP/AVPF 0 18
      a=creq: cap-v0
      a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=tcap: 1 RTP/AVPF RTP/AVP
      a=tcap: 3 RTP/SAVP RTP/SAVPF
      a=pcfg:1 t=4|3 a=1
      a=pcfg:8 t=1|2

   We have two a
   different media description; doing so invalidates that potential configurations listed here. The first one (and
   most preferred, since its
   configuration number is "1") indicates (note that
   either of the profiles RTP/SAVPF or RTP/SAVP (specified by the
   transport protocol capability numbers 4 and 3) can be supported with
   attribute capability 1 (the "crypto" attribute); RTP/SAVPF is
   preferred over RTP/SAVP since its capability number (4) is listed
   first in the preferred potential configuration. The second a potential configuration indicates that the RTP/AVPF of RTP/AVP profile attribute can be
   used, with RTP/AVPF being the preferred one. This non secure RTP
   alternative is the less preferred
   contain more than one since its configuration number
   is "8".

3.4.2. Actual Configuration Attribute

   The actual potential configuration attribute identifies which by use of the
   alternatives). A potential
   configurations from an offer SDP were used as an actual configuration
   in an answer SDP.  This is done by attribute can however
   reference to a session-level capability. The semantics of doing so
   depends on the configuration
   number and type of capability. In the attribute capabilities and case of transport protocol
   capabilities from the offer that were actually used by it has no particular implication. In the answerer
   in his offer/answer procedure. If extension case of
   attribute capabilities were used,
   those however, it does. More specifically, the
   attribute name and value (provided within that attribute capability)
   will be included by reference as well. Note that considered part of the resulting SDP for that particular
   configuration number and all capability numbers used are those from at the offer; not *session* level. In other words, it will be as-
   if that attribute was simply provided with that value at the answer.

   The Actual Configuration Attribute ("a=acfg") session-
   level in the first place. Note that individual media streams perform
   capability negotiation individually, and hence it is defined as follows:

      a=acfg: <act-cfg-list> possible that
   another media stream (where the attribute was part of a potential
   configuration) chose a configuration without that session level
   attribute. The "acfg" session-level attribute adheres however remains "active" and
   hence applies to the RFC 4566 "attribute" production, entire resulting potential configuration SDP. It
   is up to the entity that generated the SDP with an att-value defined as follows:

      att-value      = *WSP config-number 1*WSP act-cfg-list
                        ;config-number defined in Section 3.4.1.
      act-cfg-list   =  capability *(1*WSP capability)
      capability     =  act-attribute-parameter-config /
                           act-transport-protocol-config /
                           act-extension-config

      act-attribute-parameter-config =
               "a=" acap-cap-list   ; defined in Section 3.4.1.

      act-transport-protocol-config =
               "t=" trpr-cap-num    ; defined in Section 3.4.1.

      act-extension-config =
               ext-cap-name "=" ext-cap-list ; defined these capabilities
   and potential configuration attributes in Section 3.4.1.

   Note the first place, to ensure,
   that white-space is permitted before in such cases, the config-number. The
   actual resulting potential configuration ("a=acfg") attribute can be provided at the
   media-level only. There SDP is
   still meaningful.

   The session-level operation of extension capabilities is undefined:
   Consequently, each new session-level extension capability defined
   MUST NOT be more than one occurrence specify the implication of making it part of an
   actual configuration attribute within a given configuration at
   the media description. level.

   Below, we provide an example of the "a=acfg" "a=pcfg" attribute (building on
   the previous example with in a complete
   media description in order to properly indicate the potential configuration attribute): supporting
   attributes:

      v=0
      o=- 24351 621814 25678 753849 IN IP4 128.96.41.2 192.0.2.1
      s=
      c=IN IP4 128.96.41.2 192.0.2.1
      t=0 0
      m=audio 4568 RTP/SAVPF 0
      a=creq: 53456 RTP/AVPF 0
      a=acfg:1 t=4 a=1

   It indicates that the answerer used an offer consisting of 18
      a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=tcap:1 RTP/AVPF RTP/AVP
      a=tcap:3 RTP/SAVP RTP/SAVPF
      a=pcfg:1 t=4|3 a=1
      a=pcfg:8 t=1|2

   We have two potential configuration attributes listed here. The first
   one (and most preferred, since its configuration number 1 with is "1")
   indicates that either of the profiles RTP/SAVPF or RTP/SAVP
   (specified by the transport protocol capability numbers 4 from the
   offer (RTP/SAVPF) and 3) can
   be supported with attribute capability 1 (the "crypto"
   attribute).

3.5. Offer/Answer Model Extensions

   In this section, we define extensions to the offer/answer model
   defined attribute);
   RTP/SAVPF is preferred over RTP/SAVP since its capability number (4)
   is listed first in [RFC3264] to allow for the preferred potential configurations to be
   included in an offer, where they constitute offers configuration. The second
   potential configuration attribute indicates that may the RTP/AVPF or
   RTP/AVP profile can be
   accepted by used, with RTP/AVPF being the answerer instead of preferred one.
   This non secure RTP alternative is the less preferred one since its
   configuration number is "8".

3.5.2. Actual Configuration Attribute

   The actual configuration(s)
   included in configuration attribute identifies which of the "m=" line(s).

   The procedures defined potential
   configurations from an offer SDP was selected and used as an actual
   configuration in an answer SDP.  This is done by including the following subsections apply to both
   unicast
   configuration number and multicast streams.

3.5.1. Generating the Initial Offer

   An offerer configuration lists from the offer that wants to use
   were actually selected and used by the SDP capability negotiation
   extensions defined answerer in this document his offer/answer
   procedure as follows:

   o  A selected potential attribute configuration MUST include the following in
      delete-attributes and the
   offer:

   o  An SDP selected alternative att-cap-inst-list
      (i.e. containing both operators and capability negotiation required extensions attribute
      ("a=creq") as defined in Section 3.2.2. that contains the option
      tag "cap-v0".

      This attribute SHOULD be provided at the session-level (if there
      is only a single media stream, then it may make sense to include
      it at numbers from the media-level).
      potential configuration). If one or more additional option tags are
      required to be supported for the entire session description, then
      option tags for those extensions MUST be delete-attributes were not included
      in the session-
      level "creq" attribute. For each media description that requires
      one or more capability negotiation extensions potential configuration, they will of course not listed at the
      session-level, a "creq" attribute containing the required
      extensions for that media description MUST be included within the
      media description as well (in accordance with Section 3.2.2. ). present
      here either.

   o  An attribute  A selected potential transport protocol configuration MUST include
      the selected transport protocol capability attribute ("a=acap") number.

   o  A selected potential extension configuration MUST include the
      selected extension configuration parameters as defined in Section
      3.3.1. specified for each attribute name and associated value that needs to
      be indicated as a capability in
      particular extension.

   Note that the offer.

      Session-level attributes selected configuration number and associated values MUST be provided all selected
   capability numbers used in
      attribute capabilities at the session-level only, whereas media-
      level attributes and associated values MUST be provided in actual configuration attribute capabilities at refer
   to those from the media-level only. Attributes that
      can be provided at either offer; not the session- or media-level can be
      represented answer.

     The answer may for example include capabilities as well. The actual
     configuration attribute capabilities at either the session- or
      media-level. If there is does not a need refer to indicate any attributes of those.

   The Actual Configuration Attribute ("a=acfg") is defined as follows:

      a=acfg: <sel-cfg-list>

   The "acfg" attribute capabilities, then there will not be any "a=acap"
      attributes either.

   o  One or more a transport protocol capability attributes ("a=tcap") adheres to the RFC 4566 "attribute" production,
   with an att-value defined as follows:

      att-value      = config-number 1*WSP sel-cfg-list
                        ;config-number defined in Section 3.3.2. with values for each transport
      protocol that needs to be indicated as a capability 3.5.1.
      sel-cfg-list   = sel-cfg *(1*WSP sel-cfg)
      sel-cfg        = sel-attribute-config /
                           sel-transport-protocol-config /
                           sel-extension-config

      sel-attribute-config =
               "a=" [delete-attributes ":"] att-cap-inst-list
                                    ; defined in the offer.
      Transport protocol capabilities Section 3.5.1.

      sel-transport-protocol-config =
               "t=" trpr-cap-num    ; defined in Section 3.5.1.

      sel-extension-config =
               ext-cap-name "=" 1*VCHAR   ; defined in Section 3.5.1.

   Note that apply to multiple media
      descriptions SHOULD white-space is not permitted before the config-number.

   The actual configuration ("a=acfg") attribute can be provided at the session-level whereas
      transport protocol capabilities that apply to a specific media
      description ("m=" line) only, SHOULD be provided within that
      particular media description. If there is not a need to indicate
      any transport protocols as transport protocol capabilities, then
      there will not
   media-level only. There MUST NOT be any "a=tcap" attributes either.

   o  One or more extension capability attributes (as outlined in
      Section 3.3.3. ) for each extension capability that is referenced
      by a potential configuration.

   o  One or more potential than one occurrence of an
   actual configuration attributes ("a=pcfg") as
      defined in Section 3.4.1. attribute within each a given media description where
      alternative potential configurations are to be negotiated. Each
      potential configuration description.

   Below, we provide an example of the "a=acfg" attribute MUST adhere to (building on
   the rules
      provided in Section 3.4.1. and previous example with the additional rules provided
      below.

   The offerer SHOULD furthermore include potential configuration attribute):

      v=0
      o=- 24351 621814 IN IP4 192.0.2.2
      s=
      c=IN IP4 192.0.2.2
      t=0 0
      m=audio 54568 RTP/SAVPF 0
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
      a=acfg:1 t=4 a=1

   It indicates that the following:

   o  One or more supported answerer used an offer consisting of potential
   configuration number 1 with transport protocol capability negotiation extension attributes
      ("a=csup") as defined in Section 3.2.2. if 4 from the offerer supports
      one or more
   offer (RTP/SAVPF) and attribute capability negotiation extensions not included in a
      corresponding "a=creq" 1 (the "crypto"
   attribute). The answerer includes his own "crypto" attribute (i.e. at the session-level or in
      the same media description). Option tags provided in "a=csup"
      attributes at the session-level indicate as well.

3.6. Offer/Answer Model Extensions

   In this section, we define extensions supported for to the entire session description whereas option tags provided in
      "a=csup" attributes offer/answer model
   defined in a media description indicate extensions
      supported [RFC3264] to allow for that particular media description only.

   Capabilities provided potential configurations to be
   included in an offer merely indicate what the offerer is
   capable of doing. They do not offer, where they constitute a commitment or even an
   indication to actually use them. Each potential configuration however
   constitutes an alternative offer offers that the offerer would like to use.
   The potential configurations may be used
   accepted by the answerer to negotiate
   and establish instead of the session. actual configuration(s)
   included in the "m=" line(s).

   The offerer MUST include one or more potential configuration
   attributes ("a=pcfg") within each media description where procedures defined in the following subsections apply to both
   unicast and multicast streams.

3.6.1. Generating the Initial Offer

   An offerer that wants to provide alternative offers (in use the form of potential
   configurations). Each potential configuration attribute SDP capability negotiation
   extensions defined in a given
   media description this document MUST contain a unique configuration number and one
   or more potential configuration parameters, include the following in the
   offer:

   o  An attribute capability attribute ("a=acap") as described defined in Section
      3.4.1. Each potential configuration parameter MUST refer for each attribute name and associated value (if any) that
      needs to be indicated as a capability that is in the offer.

      Session-level attributes and associated values MUST be provided either in
      attribute capabilities at the session-level or within
   that particular media description; otherwise, the potential
   configuration is considered invalid.

   The current actual configuration is included only, whereas media-
      level attributes and associated values MUST be provided in
      attribute capabilities at the "m=" line (as
   defined by [RFC3264]). Note media-level only. Attributes that
      can be provided at either the actual configuration is by
   definition the least-preferred configuration, and hence the answerer
   will seek to negotiate use of one of the potential configurations
   instead. If session- or media-level can be
      represented as attribute capabilities at either the offerer wishes a different preference session- or
      media-level. Attribute capabilities for the actual
   configuration, the offerer MUST '<type>=<value>'
      attributes can include an attribute name only; such attribute
      capabilities MUST NOT be referenced by a corresponding potential
   configuration with the relevant configuration number (which indicates
   the relative preference between potential configurations); this
   corresponding potential configuration should simply duplicate the
   actual configuration.

   Per [RFC3264], once the offerer generates configuration,
      unless the offer, he must be
   prepared DELETE operator is used for it. If there is not a need
      to receive incoming media in accordance with that offer.
   That rule applies here indicate any attributes as well, but for the actual configurations
   provided attribute capabilities, then there
      will not be any "a=acap" attributes either.

   o  One or more a transport protocol capability attributes ("a=tcap")
      as defined in the offer only: Media received by the offerer according Section 3.4.2. with values for each transport
      protocol that needs to one of the potential configurations MAY be discarded, until the
   offerer receives an answer indicating what indicated as a capability in the actual configuration
   is. Once offer.
      Transport protocol capabilities that answer is received, incoming apply to multiple media MUST
      descriptions SHOULD be processed in
   accordance with the actual configuration indicated and the answer
   received (provided the offer/answer exchange completed successfully).

3.5.2. Generating the Answer

   When receiving an offer, the answerer MUST check for the presence of
   a required capability negotiation extension attribute ("a=creq") provided at the session level and containing the option tag "cap-v0". session-level whereas
      transport protocol capabilities that apply to a specific media
      description ("m=" line) only, SHOULD be provided within that
      particular media description. If one there is found, not a need to indicate
      any transport protocols as transport protocol capabilities, then capability negotiation MUST
      there will not be performed any "a=tcap" attributes either.

   o  One or more extension capability attributes (as outlined in
      Section 3.4.3. ) for each media description extension capability that contains a potential configuration
   attribute ("a=pcfg"). If none is found, then the answerer MUST check
   each offered media description for referenced
      by a required capability negotiation
   extension attribute ("a=creq") containing the option tag "cap-v0" and
   one potential configuration.

   o  One or more potential configuration attributes. Capability
   negotiation MUST be performed for attributes ("a=pcfg") as
      defined in Section 3.5.1. within each such media description in
   accordance with the procedures described below.

   The answerer MUST first ensure that it supports any additional
   required capability negotiation extensions:

   o  If a session-level "creq" where
      alternative potential configurations are to be negotiated. Each
      potential configuration attribute is provided, and it contains
      an option-tag that the answerer does not support, then the
      answerer MUST NOT use any of adhere to the potential configuration
      attributes rules
      provided for any of in Section 3.5.1. and the media descriptions. Instead, additional rules provided
      below.

   If the normal offer/answer procedures MUST continue as per [RFC3264].
      Furthermore, offerer requires support for more or extensions (besides the answerer
   base protocol defined here), then the offerer MUST include a session-level supported one or
   more "a=creq" attribute as follows:

   o  If one or more capability negotiation extensions attribute ("a=csup") with are required to
      be supported for the entire session description, then option tags
      for the those extensions MUST be included in a single session-level
      "creq" attribute.

   o  For each media description that requires one or more capability
      negotiation extensions supported by not listed at the
      answerer.

   o  If session-level, a media-level single
      "creq" attribute is provided, and it contains an
      option tag that the answerer does not support, then the answerer
      MUST NOT use any of containing all the potential configuration attributes
      provided required extensions for that particular
      media description. Instead, the
      offer/answer procedures description MUST continue as per [RFC3264].
      Furthermore, be included within the answerer MUST media description
      (in accordance with Section 3.3.2. ).

   The offerer SHOULD furthermore include a the following:

   o  One or more supported capability negotiation extensions attribute extension attributes
      ("a=csup") as defined in that media
      description with option tags for Section 3.3.2. if the offerer supports
      one or more capability negotiation extensions supported by not included in a
      corresponding "a=creq" attribute (i.e. at the answerer for that session-level or in
      the same media description.

   Assuming all required capability negotiation description). Option tags provided in "a=csup"
      attributes at the session-level indicate extensions are
   supported, supported for
      the answerer now proceeds as follows.

   For each entire session description whereas option tags provided in
      "a=csup" attributes in a media description where capability negotiation indicate extensions
      supported for that particular media description only.

   Capabilities provided in an offer merely indicate what the offerer is
   capable of doing. They do not constitute a commitment or even an
   indication to actually use them. Each potential configuration however
   constitutes an alternative offer that the offerer would like to use.
   The potential configurations may be
   performed (i.e. all required capability negotiation extensions are
   supported used by the answerer to negotiate
   and at least establish the session.

   The offerer MUST include one valid or more potential configuration attribute is
   present),
   attributes ("a=pcfg") within each media description where the answerer MUST attempt offerer
   wants to perform capability negotiation
   by using provide alternative offers (in the most preferred form of potential configuration that is valid. A
   configurations). Each potential configuration is valid if:

   1. It is in accordance with the syntax and semantics provided attribute in
      Section 3.4.1.

   2. It contains a given
   media description MUST contain a unique configuration number that is unique within that
      media description.

   3. All attribute capabilities referenced by the and one
   or more potential configuration are valid themselves (as defined lists, as described in Section 3.3.1. )
      and each of them 3.5.1.
   Each potential configuration list MUST refer to capabilities that are furthermore
   provided either at the session-
      level session-level or within this that particular media description.

   4. All transport protocol capabilities referenced by
   description; otherwise, the potential configuration are valid themselves (as defined is considered
   invalid.

   The current actual configuration is included in Section 3.3.2. )
      and each of them are furthermore provided either at the session-
      level or within this particular media description.

   5. All extension capabilities referenced "m=" line (as
   defined by [RFC3264]). Note that the potential actual configuration and supported is by
   definition the answerer are valid themselves
      (as defined by that particular extension) least-preferred configuration, and each hence the answerer
   will seek to negotiate use of one of them are
      furthermore provided either at the session-level or within this
      particular media description. Unknown or unsupported extension
      capabilities MUST be ignored.

   The most preferred valid potential configuration in configurations
   instead. If the offerer wishes a media
   description is different preference for the valid actual
   configuration, the offerer MUST include a corresponding potential
   configuration with the lowest relevant configuration number. The answerer MUST now process the offer for
   that media stream based on number (which indicates
   the most preferred valid relative preference between potential
   configuration. Conceptually, configurations); this entails
   corresponding potential configuration should simply duplicate the answerer constructing
   an (internal) offer that consists of
   actual configuration.

   Per [RFC3264], once the offer SDP, with offerer generates the
   following changes:

   o  If a transport protocol capability is included offer, he must be
   prepared to receive incoming media in accordance with that offer.
   That rule applies here as well, but for the potential
      configuration, then it replaces the transport protocol actual configurations
   provided in the "m=" line for that media description.

   o  If a session-level attribute capability is included, then it is
      added to offer only: Media received by the list offerer according
   to one of session-level attributes for the session
      description. The resulting SDP MUST have all such added session-
      level attributes listed before potential configurations MAY be discarded, until the session-level attributes
   offerer receives an answer indicating what the actual selected
   configuration is. Once that
      were initially present answer is received, incoming media MUST
   be processed in accordance with the SDP. Furthermore, actual selected configuration
   indicated and the added session-
      level attributes answer received (provided the offer/answer exchange
   completed successfully).

3.6.2. Generating the Answer

   When receiving an offer, the answerer MUST be added in check for the order they were presence of
   a required capability negotiation extension attribute ("a=creq")
   provided in at the potential configuration.

   o session level. If a media-level attribute capability one is included, found, then it capability
   negotiation MUST be performed. If none is
      added to found, then the list of media-level attributes for that particular
      media description. The resulting SDP answerer
   MUST have all such added
      media-level attributes listed before the media-level attributes
      that were initially present in the SDP for that check each offered media description.
      Furthermore, description for the added media-level presence of a
   required capability negotiation extension attribute ("a=creq") and
   one or more potential configuration attributes ("a=pcfg"). Capability
   negotiation MUST be added in the
      order they were provided performed for each media description where either
   of those is present in accordance with the potential configuration procedures described
   below.

   The answerer MUST first ensure that it supports any required
   capability negotiation extensions:

   o  If a supported extension capability session-level "creq" attribute is included, then provided, and it is
      processed in accordance with the rules provided for that
      particular extension capability.

   Note contains
      an option-tag that whereas a transport protocol from the answerer does not support, then the
      answerer MUST NOT use any of the potential configuration replaces
      attributes provided for any of the transport protocol in media descriptions. Instead,
      the actual
   configuration, an normal offer/answer procedures MUST continue as per [RFC3264].
      Furthermore, the answerer MUST include a session-level supported
      capability negotiation extensions attribute ("a=csup") with option
      tags for the capability from negotiation extensions supported by the potential
   configuration
      answerer.

   o  If a media-level "creq" attribute is instead added to the actual configuration. In some
   cases, this may result in having one or more meaningless attributes
   from the actual configuration; such meaningless attributes SHOULD
   simply be ignored.

      For example, if the actual configuration was using Secure RTP provided, and
      included it contains an "a=crypto" attribute for
      option tag that the SRTP keying material, answerer does not support, then the answerer
      MUST NOT use any of a the potential configuration attributes
      provided for that uses plain RTP would
      make particular media description. Instead, the "crypto"
      offer/answer procedures MUST continue as per [RFC3264].
      Furthermore, the answerer MUST include a supported capability
      negotiation extensions attribute meaningless. Rather than requiring ("a=csup") in that media
      description with option tags for the actual configuration attributes capability negotiation
      extensions supported by the answerer for that media description.

   Assuming all required capability negotiation extensions are
   supported, the answerer now proceeds as follows.

   For each media description where capability negotiation is to be present as attribute
      capabilities as well (which would increase the message size)
   performed (i.e. all required capability negotiation extensions are
   supported and
      then have the at least one valid potential configuration completely replace the
      actual configuration, we instead make the use of attribute
      capabilities additive to is
   present), the session description. The answerer
      may want MUST attempt to note (internally) which attributes came from perform capability negotiation
   by using the most preferred potential configuration and which came from the actual
      configuration in order to better resolve such issues.

   Please refer to Section 3.5.2.1. for examples of how the answerer may
   conceptually "see" the resulting offered alternative that is valid. A
   potential
   configurations.

   If configuration is valid if:

   1. It is in accordance with the answerer syntax and semantics provided in
      Section 3.5.1.

   2. It contains a configuration number that is not able to support unique within that
      media description.

   3. All attribute capabilities referenced by the most preferred potential
      configuration are valid themselves (as defined in Section 3.4.1. )
      and each of them is furthermore provided either at the session-
      level or within this particular media description.

   4. All transport protocol capabilities referenced by the potential
      configuration for are valid themselves (as defined in Section 3.4.2. )
      and each of them is furthermore provided either at the session-
      level or within this particular media description, description.

   5. All extension capabilities referenced by the potential
      configuration and supported by the answerer MUST
   proceed to are valid themselves
      (as defined by that particular extension) and each of them are
      furthermore provided either at the second-most session-level or within this
      particular media description. Unknown or unsupported extension
      capabilities MUST be ignored.

   The most preferred valid potential configuration
   for the in a media description, etc. If the answerer
   description is not able to
   support any of the valid potential configurations, configuration with the lowest
   configuration number. The answerer MUST now process the offer per normal offer/answer rules, i.e. the actual
   configuration provided will be used as for
   that media stream based on the least most preferred
   alternative.

   Once valid potential
   configuration. Conceptually, this entails the answerer has selected constructing
   an offered configuration for (internal) offer that consists of the media
   stream, offer SDP, with the answerer MUST generate a valid answer SDP based on
   following changes:

   o  If a transport protocol capability is included in the
   selected configuration as "seen" by potential
      configuration, then it replaces the answerer. Furthermore, if transport protocol provided in
      the
   answerer selected one of "m=" line for that media description.

   o  If attribute capabilities are present with a delete-attributes
      indication, then session-level attributes and/or media-level
      attributes for this media description MUST be deleted in
      accordance with the potential configurations delete-attributes provided per the procedures
      in Section 3.5.1.

   o  If a media
   description, session-level attribute capability is included, then the answerer MUST include
      operation is as follows (see also Section 3.5.1. ):

       a. If the attribute capability number is not prefixed with an actual configuration
          attribute within that media description that identifies capability operator, then the
   configuration number for that potential configuration as well as attribute (and its
          associated value, if any) MUST be added to the
   actual parameters resulting SDP.
          All such added session-level attributes MUST be listed before
          the session-level attributes that were used from that potential configuration
   (if the potential configuration included alternatives, only initially present in
          the
   selected alternatives must be included). Only SDP. Furthermore, the known and supported
   parameters will be included. Unknown or unsupported parameters added session-level attributes MUST
   NOT
          be included added in the actual configuration attribute. order they were provided in the potential
          configuration.

       b. If the answerer supports one or more attribute capability negotiation
   extensions that were not included in number is prefixed with a required capability
   negotiation extensions attribute DELETE
          operator in the offer, potential configuration, then the answerer
   SHOULD furthermore include a supported capability negotiation all session-
          level occurrences of an attribute ("a=csup") at the session-level with option tags for the
   extensions supported across media streams. Also, if same attribute-name
          (attribute values are ignored) as the answerer
   supports one or more capability negotiation extensions for particular
   media descriptions only, then a supported capability negotiation attribute with those option-tags SHOULD contained
          inside that attribute capability MUST be included within each
   relevant media description.

   The offerer's originally provided actual configuration deleted from the
          original SDP as detailed in Section 3.5.1. .

       c. If the attribute capability number is contained prefixed with a REPLACE
          operator in the media description's "m=" line (and associated parameters). The
   answerer can send media potential configuration, then the above DELETE
          operation MUST first be performed, and the attribute MUST then
          be added to the offerer resulting SDP in accordance with that actual
   configuration as soon as it receives the offer, however it MUST NOT
   send media based on that actual configuration if it chooses an
   alternative potential configuration. same order as specified
          above in a).

   o  If a media-level attribute capability is included, then the answerer chooses one of
      operation is as follows (see also Section 3.5.1. ):

       a. If the potential configurations, attribute capability number is not prefixed with an
          attribute capability operator, then the answerer MAY start attribute (and its
          associated value, if any) MUST be added to send the resulting SDP
          within the media to description in question. All such added
          media-level attributes MUST be listed before the offerer media-level
          attributes that were initially present in accordance with the selected potential
   configuration, however SDP in the offerer MAY discard such media until
          description in question. Furthermore, the
   offerer receives added media-level
          attributes MUST be added in the answer.

3.5.2.1. Example Views of Potential Configurations

   The following examples illustrate how order they were provided in
          the answerer may conceptually
   "see" a potential configuration. Consider

       b. If the following offered SDP:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=Secret discussion
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      a=creq: cap-v0
      a=acap:1 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tcap:1 RTP/SAVP RTP/AVP
      m=audio 39000 RTP/AVP 98
      a=rtpmap:98 AMR/8000
      a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 t=1 a=1|2
      m=video 42000 RTP/AVP 31
      a=rtpmap:31 H261/90000
      a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=pcfg:1 t=1 a=1|3

   This particular SDP offers an audio stream and a video stream, each
   of which can either use plain RTP (actual configuration) or secure
   RTP (potential configuration). Furthermore, two different keying
   mechanisms are offered, namely session-level Key Management
   Extensions using MIKEY (attribute attribute capability 1) and number is prefixed with a DELETE
          operator in the potential configuration, then all media-level SDP
   Security Descriptions
          occurrences of an attribute with the same attribute-name
          (attribute capabilities 2 and 3). There values are
   several alternative configurations here, however, below we show the
   one ignored) as the answerer "sees" when using potential configuration 1 for both
   audio and video, and furthermore using attribute capability 1 (MIKEY)
   for both (we have removed all the capability negotiation attributes
   for clarity):

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=Secret discussion
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      m=audio 39000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      m=video 42000 RTP/SAVP 31
      a=rtpmap:31 H261/90000

   Note contained
          inside that attribute capability MUST be deleted from the transport protocol
          original SDP in the media descriptions indicate
   use of secure RTP.

   Below, we show description in question as detailed
          in Section 3.5.1. .

       c. If the offer attribute capability number is prefixed with a REPLACE
          operator in the answerer "sees" when using potential
   configuration 1 for both audio and video configuration, then the above DELETE
          operation MUST first be performed, and furthermore using the attribute capability 2 and 3 respectively (SDP security descriptions)
   for MUST then
          be added to the audio and media stream - note resulting SDP in the same order as specified
          above in which the
   resulting attributes are provided:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=Secret discussion
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      m=audio 39000 RTP/SAVP 98
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=rtpmap:98 AMR/8000
      m=video 42000 RTP/SAVP 31  a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
         a=rtpmap:31 H261/90000

   Again, note that a).

   o  If a supported extension capability is included, then it is
      processed in accordance with the rules provided for that
      particular extension capability.

   Note that whereas a transport protocol in the media descriptions
   indicate use of secure RTP.

   And finally, we show the offer from the answerer "sees" when using potential
   configuration 1 with replaces the transport protocol in the actual
   configuration, an attribute capability 1 (MIKEY) for from the
   audio stream, and potential
   configuration 1 with attribute capability
   3 (SDP security descriptions) for the video stream:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=Secret discussion
      t=0 0
      c=IN IP4 lost.example.com
      a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tool:foo
      m=audio 39000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      m=video 42000 RTP/SAVP 31  a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=rtpmap:31 H261/90000

3.5.3.  Offerer Processing of the Answer

   When the offerer attempted is instead added to use SDP Capability Negotiation the actual configuration by
   default. In some cases, this can result in having one or more
   meaningless attributes in the
   offer, resulting SDP, or worse, ambiguous or
   potentially even illegal attributes. The delete-attributes for the offerer MUST examine
   session and/or media level attributes as well as the answer for actual use of DELETE and
   REPLACE attribute capability negotiation. operators MUST be used to avoid such
   scenarios. Nevertheless, it is RECOMMENDED that implementations
   ignore meaningless attributes that may result from potential
   configurations.

     For each media description where example, if the offerer actual configuration was using Secure RTP and
     included an "a=crypto" attribute for the SRTP keying material, then
     use of a potential configuration attribute, that uses plain RTP would make the offerer MUST first examine
     "crypto" attribute meaningless. The answerer may or may not ignore
     such a meaningless attribute. The offerer can here ensure correct
     operation by using the media
   description for above operators to actually delete the presence
     crypto attribute.

   Please refer to Section 3.6.2.1. for examples of an actual configuration attribute
   ("a=acfg"). how the answerer may
   conceptually "see" the resulting offered alternative potential
   configurations.

   If an actual configuration attribute the answerer is not present in a
   media description, then the offerer MUST process able to support the answer SDP most preferred valid
   potential configuration for
   that media stream per the normal offer/answer rules defined in
   [RFC3264]. However, if one is found, then media description, the offerer answerer MUST instead
   process
   proceed to the answer as follows:

   o  The actual second-most preferred valid potential configuration attribute specifies which of
   for the
      potential configurations were used by media description, etc. If the answerer is not able to generate the
      answer. This includes all the capabilities from
   support any of the valid potential
      configuration offered, i.e. configurations, the attribute capabilities ("a=acap"),
      transport protocol capabilities ("a=tcap"), and any extension
      capability parameters included.

   o  The offerer answerer MUST now
   process the answer in accordance with the
      rules in [RFC3264], except that it must be done as if the offer
      had contained per normal offer/answer rules, i.e. the potential actual
   configuration provided will be used as the actual least preferred
   alternative.

   Once the answerer has selected an offered configuration in for the media description ("m=" line) and relevant
      attributes in
   stream, the offer.

   If answerer MUST generate a valid answer SDP based on the offer/answer exchange was successful, and
   selected configuration as "seen" by the answerer. Furthermore, if the
   answerer selected one of the potential configurations from the offer as in a media
   description, the answerer MUST include an actual configuration, then the offerer SHOULD perform another
   offer/answer exchange: The new offer should contain configuration
   attribute within that media description that identifies the selected
   configuration number for that potential configuration as well as the
   actual configuration, i.e. with parameters that were used from that potential configuration
   (if the
   actual potential configuration used in included alternatives, only the "m=" line
   selected alternatives must be included). Only the known and any other relevant
   attributes. This second offer/answer exchange supported
   parameters will not modify the
   session be included. Unknown or unsupported parameters MUST
   NOT be included in any way, however it will help intermediaries that look at the SDP, but do not understand or support actual configuration attribute.

   If the answerer supports one or more capability negotiation
   extensions, to understand the details of the media stream(s)
   extensions that were actually negotiated.

3.5.4. Modifying the Session

   Capabilities and potential configurations may be not included in
   subsequent offers as defined a required capability
   negotiation extensions attribute in [RFC3264, Section 8].  The procedure
   for doing so is similar to that described above with the answer
   including an indication of offer, then the actual configuration used by answerer
   SHOULD furthermore include a supported capability negotiation
   attribute ("a=csup") at the
   answerer.

   If session-level with option tags for the answer indicates use of a potential configuration from
   extensions supported across media streams. Also, if the
   offer, answerer
   supports one or more capability negotiation extensions for particular
   media descriptions only, then a second offer/answer exchange using that potential
   configuration as the actual configuration supported capability negotiation
   attribute with those option-tags SHOULD be performed.

3.6. Interactions with ICE

   Interactive Connectivity Establishment (ICE) [ICE] provides a
   mechanism for verifying connectivity between two endpoints by sending
   STUN messages directly between the included within each
   relevant media endpoints. description.

   The basic ICE
   specification [ICE] is defined to support UDP-based connectivity
   only, however it allows for extensions to support other transport
   protocols, such as TCP, which offerer's originally provided actual configuration is being specified contained
   in [ICETCP]. ICE
   defines a new "a=candidate" attribute, which, among other things,
   indicates the possible transport protocol(s) media description's "m=" line (and associated parameters). The
   answerer can send media to use and then
   associates a priority the offerer in accordance with each of them. The most preferred transport
   protocol that *successfully* verifies connectivity will end up being
   used.

   When using ICE, actual
   configuration as soon as it is thus possible that receives the transport protocol offer, however it MUST NOT
   send media based on that
   will be used differs from what is specified in the "m=" line.
   Furthermore, since both ICE and SDP Capability Negotiation may now
   specify actual configuration if it selects an
   alternative transport protocols, there is a potentially
   unintended interaction when using these together.

   We provide potential configuration. If the following guidelines for addressing that.

   There are two basic scenarios answerer selects one of
   the potential configurations, then the answerer MAY start to consider here:

   1) A particular send
   media stream can run over different transport
   protocols (e.g. UDP, TCP, or TCP/TLS), and the intent is simply to
   use the one that works (in offerer in accordance with the preference order specified).

   2) A particular selected potential
   configuration, however the offerer MAY discard such media stream can run over different transport
   protocols (e.g. UDP, TCP, or TCP/TLS) and until the intent is to have
   offerer receives the
   negotiation process decide which one to use (e.g. T.38 over TCP answer.

3.6.2.1. Example Views of Potential Configurations

   The following examples illustrate how the answerer may conceptually
   "see" a potential configuration. Consider the following offered SDP:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      a=acap:1 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tcap:1 RTP/SAVP RTP/AVP
      m=audio 59000 RTP/AVP 98
      a=rtpmap:98 AMR/8000
      a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 t=1 a=1|2
      m=video 52000 RTP/AVP 31
      a=rtpmap:31 H261/90000
      a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=pcfg:1 t=1 a=1|3

   This particular SDP offers an audio stream and a video stream, each
   of which can either use plain RTP (actual configuration) or secure
   RTP (potential configuration). Furthermore, two different keying
   mechanisms are offered, namely session-level Key Management
   Extensions using MIKEY (attribute capability 1) and media-level SDP
   Security Descriptions (attribute capabilities 2 and 3). There are
   several potential configurations here, however, below we show the one
   the answerer "sees" when using potential configuration 1 for both
   audio and video, and furthermore using attribute capability 1 (MIKEY)
   for both (we have removed all the capability negotiation attributes
   for clarity):

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      m=audio 59000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      m=video 52000 RTP/SAVP 31
      a=rtpmap:31 H261/90000

   Note that the transport protocol in the media descriptions indicate
   use of secure RTP.

   Below, we show the offer the answerer "sees" when using potential
   configuration 1 for both audio and video and furthermore using
   attribute capability 2 and 3 respectively (SDP security descriptions)
   for the audio and media stream - note the order in which the
   resulting attributes are provided:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      m=audio 59000 RTP/SAVP 98
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=rtpmap:98 AMR/8000
      m=video 52000 RTP/SAVP 31
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
         a=rtpmap:31 H261/90000

   Again, note that the transport protocol in the media descriptions
   indicate use of secure RTP.

   And finally, we show the offer the answerer "sees" when using
   potential configuration 1 with attribute capability 1 (MIKEY) for the
   audio stream, and potential configuration 1 with attribute capability
   3 (SDP security descriptions) for the video stream:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=
      t=0 0
      c=IN IP4 lost.example.com
      a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tool:foo
      m=audio 59000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      m=video 52000 RTP/SAVP 31
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=rtpmap:31 H261/90000

3.6.3.  Offerer Processing of the Answer

   When the offerer attempted to use SDP Capability Negotiation in the
   offer, the offerer MUST examine the answer for actual use of
   capability negotiation.

   For each media description where the offerer included a potential
   configuration attribute, the offerer MUST first examine the media
   description for the presence of an actual configuration attribute
   ("a=acfg"). If an actual configuration attribute is not present in a
   media description, then the offerer MUST process the answer SDP for
   that media stream per the normal offer/answer rules defined in
   [RFC3264]. However, if one is found, then the offerer MUST instead
   process the answer as follows:

   o  The actual configuration attribute specifies which of the
      potential configurations were used by the answerer to generate the
      answer. This includes all the capabilities from the potential
      configuration offered, i.e. the attribute capabilities and
      associated delete-attributes and operators, transport protocol
      capabilities, and any extension capability parameters included.

   o  The offerer MUST now process the answer in accordance with the
      rules in [RFC3264], except that it must be done as if the offer
      had contained the selected potential configuration as the actual
      configuration in the media description ("m=" line) and relevant
      attributes in the offer.

   If the offer/answer exchange was successful, and if the answerer
   selected one of the potential configurations from the offer as the
   actual configuration, then the offerer MAY perform another
   offer/answer exchange: The new offer should contain the selected
   potential configuration as the actual configuration, i.e. with the
   actual configuration used in the "m=" line and any other relevant
   attributes. This second offer/answer exchange will not modify the
   session in any way, however it will help intermediaries that look at
   the SDP, but do not understand or support the capability negotiation
   extensions, to understand the details of the media stream(s) that
   were actually negotiated. If it is known or suspected that one or
   more such intermediaries exist, then this second offer/answer SHOULD
   be performed (this is already done when using Interactive
   Connectivity Establishment [ICE]). Note that, per normal offer/answer
   rules, the second offer/answer exchange still needs to update the
   version number in the "o=" line ((<sess-version> in [RFC4566]).
   Attribute lines carrying keying material SHOULD repeat the keys from
   the previous offer, unless re-keying is necessary, e.g. due to a
   previously forked SIP INVITE request.

3.6.4. Modifying the Session

   Capabilities and potential configurations may be included in
   subsequent offers as defined in [RFC3264], Section 8.  The procedure
   for doing so is similar to that described above with the answer
   including an indication of the actual selected configuration used by
   the answerer.

   If the answer indicates use of a potential configuration from the
   offer, then the guidelines provided in Section 3.6.3. for doing a
   second offer/answer exchange using that potential configuration as
   the actual configuration apply.

3.7. Interactions with ICE

   Interactive Connectivity Establishment (ICE) [ICE] provides a
   mechanism for verifying connectivity between two endpoints by sending
   STUN messages directly between the media endpoints. The basic ICE
   specification [ICE] is defined to support UDP-based connectivity
   only, however it allows for extensions to support other transport
   protocols, such as TCP, which is being specified in [ICETCP]. ICE
   defines a new "a=candidate" attribute, which, among other things,
   indicates the possible transport protocol(s) to use and then
   associates a priority with each of them. The most preferred transport
   protocol that *successfully* verifies connectivity will end up being
   used.

   When using ICE, it is thus possible that the transport protocol that
   will be used differs from what is specified in the "m=" line.
   Furthermore, since both ICE and SDP Capability Negotiation may now
   specify alternative transport protocols, there is a potentially
   unintended interaction when using these together.

   We provide the following guidelines for addressing that.

   There are two basic scenarios to consider here:

   1) A particular media stream can run over different transport
   protocols (e.g. UDP, TCP, or TCP/TLS), and the intent is simply to
   use the one that works (in the preference order specified).

   2) A particular media stream can run over different transport
   protocols (e.g. UDP, TCP, or TCP/TLS) and the intent is to have the
   negotiation process decide which one to use (e.g. T.38 over TCP or
   UDP).

   In scenario 1, there scenario 1, there should be ICE "a=candidate" attributes for UDP,
   TCP, etc. but otherwise nothing special in the potential
   configuration attributes to indicate the desire to use different
   transport protocols (e.g. UDP, or TCP). The ICE procedures
   essentially cover the capability negotiation required (by having the
   answerer select something it supports and then use of trial and
   error).

   Scenario 2 does not require a need to support or use ICE. Instead, we
   simply use transport protocol capabilities and potential
   configuration attributes to indicate the desired outcome.

   The scenarios may be combined, e.g. by offering potential
   configuration alternatives where some of them can support one
   transport protocol only (e.g. UDP), whereas others can support
   multiple transport protocols (e.g. UDP or TCP). In that case, there
   is a need for tight control over the ICE candidates that will
   actually be used for a particular configuration, yet the actual
   configuration may want to use all of them. In that case, the ICE
   candidate attributes can be defined as attribute capabilities and the
   relevant ones should then be ICE "a=candidate" included in the proper potential
   configurations (for example candidate attributes for UDP only for
   potential configurations that are restricted to UDP, whereas there
   could be candidate attributes for UDP,
   TCP, etc. but otherwise nothing special UDP, TCP, and TCP/TLS for potential
   configurations that can use all three). Furthermore, use of the
   delete-attributes, as well as the DELETE and REPLACE operators on
   attribute capabilities in a potential configuration can be used to
   ensure that ICE will not end up using a transport protocol that is
   not desired.

3.8. Processing Media before Answer

   The offer/answer model requires an offerer to be able to receive
   media in accordance with the offer prior to receiving the answer.
   This property is retained with the SDP capability negotiation
   extensions defined here, but only when the actual configuration is
   selected by the answerer. If a potential configuration is chosen, it
   is permissible for the offerer to not process any media received
   before the answer is received. This however may lead to clipping.

   In the case of SIP, this issue could be solved easily by defining a
   precondition [RFC3312] for capability negotiation, however
   preconditions are viewed as complicated to implement and they add to
   overall session establishment delay by requiring an extra
   offer/answer exchange. An alternative is therefore desirable.

   The SDP capability negotiation framework does not define such an
   alternative, however extensions may do so. For example, one technique
   proposed for best-effort SRTP in the potential
   configuration attributes to indicate the desire [BESRTP] is to use provide different RTP
   payload type mappings for different transport protocols (e.g. UDP, or TCP). The ICE procedures
   essentially cover used, outside
   of the capability negotiation required (by having actual configuration, while still allowing them to be used by
   the answerer select something it supports and then use (exchange of trial and
   error).

   Scenario 2 keying material is still needed). The basic
   SDP capability negotiation framework defined here does not require a need include
   the ability to support or use ICE. Instead, we
   simply use do so, however extensions that enable that may be
   defined.

3.9. Considerations for Specific Attribute Capabilities

3.9.1. The rtpmap and fmtp Attributes

   The core SDP Capability Negotiation framework defines transport protocol
   capabilities and potential
   configuration attributes attribute capabilities. Media capabilities, which
   can be used to indicate describe media formats and their associated
   parameters, are not defined in this document, however the desired outcome.

   The scenarios may "rtpmap"
   and "fmtp" attributes can nevertheless be combined, e.g. by offering used as attribute
   capabilities. Using such attribute capabilities in a potential
   configuration alternatives where some requires a bit of them can support one
   transport protocol care though.

   The rtpmap parameter binds an RTP payload type to a media format
   (codec). While it is possible to provide rtpmaps for payload types
   not found in the corresponding "m=" line, such rtpmaps provide no
   value in normal offer/answer exchanges, since only (e.g. UDP), whereas others can support
   multiple transport protocols (e.g. UDP or TCP). In that case, the ICE
   candidate attributes should be defined payload types
   found in the "m=" line is part of the offer (or answer). This applies
   to the core SDP capability negotiation framework as attribute capabilities and well: Only the relevant ones should then be included
   media formats (e.g. RTP payload types) provided in the proper potential
   configurations (for example candidate attributes for UDP only for
   potential configurations that "m=" line are restricted to UDP, whereas there
   could be candidate
   actually offered; inclusion of rtpmap attributes for UDP, TCP, and TCP/TLS for with other RTP
   payload types in a potential
   configurations that can use all three).

   [EDITOR'S NOTE: Not clear configuration does not change this is sufficient. fact
   and hence they do not provide any useful information. They may still
   be useful as pure capabilities though (outside a potential
   configuration).

   It seems ICE is
   essentially providing potential transport configurations when it
   comes possible to use of UDP, TCP, or TLS provide an rtpmap attribute capability with a
   payload type mapping to a different codec than a corresponding actual
   configuration "rtpmap" attribute for the media description has. Such
   practice is permissible as transport protocols. a way of indicating a capability. If that
   capability is
   the case, then we will have a hard time expressing constraints on
   some transport protocols included in a potential configuration, but not the
   actual configuration, at least with the current additive then delete-
   attributes and/or DELETE/REPLACE attribute capability rules.]

3.7. Processing Media before Answer

   The offer/answer model requires an offerer to operators MUST
   be able to receive
   media in accordance with the offer prior used to receiving the answer.
   This property ensure that there is retained with not multiple rtpmap attributes for
   the same payload type in a given media description, which would not
   be allowed by SDP [RFC4566].

   Similar considerations and rules apply to the SDP "fmtp" attribute. An
   fmtp attribute capability negotiation
   extensions defined here, but only when for a media format not included in the actual configuration "m="
   line is
   selected useless in a potential configuration (but may be useful as a
   capability by the answerer. If itself) . An fmtp attribute capability in a potential
   configuration is chosen, it
   is permissible for the offerer to not process any a media received
   before format that already has an fmtp attribute
   in the answer is received. This however actual configuration may lead to clipping.

   In the case of SIP, this issue could be solved easily by defining a
   precondition [RFC3312] multiple fmtp format
   parameters for capability negotiation, however
   preconditions are viewed as complicated to implement that media format and they add to
   overall session establishment delay by requiring an extra
   offer/answer exchange. An alternative that is therefore desirable. not allowed by SDP
   [RFC4566]. The delete-attributes and/or DELETE/REPLACE attribute
   capability operators MUST be used to ensure that there is not
   multiple fmtp attributes for a given media format in a media
   description.

   Extensions to the core SDP capability negotiation framework does not define such an
   alternative, however extensions of course
   may do so. change the above behavior.

3.9.2. Direction Attributes

   SDP defines the "inactive", "sendonly", "recvonly", and "sendrecv"
   direction attributes. The direction attributes can be applied at
   either the session-level or the media-level. In either case, it is
   possible to define attribute capabilities for these direction
   capabilities. Note that if used by a potential configuration, then
   the normal offer/answer procedures still apply. For example, one technique
   proposed for best-effort SRTP in [BESRTP] if an
   offered potential configuration includes the "sendonly" direction
   attribute, it is to selected as the actual configuration, then the
   answer must include a corresponding "recvonly" (or "inactive")
   attribute.

4. Examples

   In this section, we provide different examples showing how to use the SDP
   Capability Negotiation.

4.1. Best-Effort Secure RTP
   payload type mappings for different transport protocols used.

   The
   basic following example illustrates how to use the SDP capability Capability
   negotiation framework defined here extensions to support so-called Best-Effort Secure RTP.
   In that scenario, the offerer supports both RTP and Secure RTP. If
   the answerer does not
   include support secure RTP (or the ability to do so, however extensions that enable that may SDP capability
   negotiation extensions), an RTP session will be defined.

3.8. Attribute Capabilities Using rtpmap or fmtp

   The core established. However,
   if the answerer supports Secure RTP and the SDP Capability
   Negotiation framework defines transport
   capabilities and attribute capabilities. Media capabilities, which
   can extensions, a Secure RTP session will be used established.

   The best-effort Secure RTP negotiation is illustrated by the
   offer/answer exchange below, where Alice sends an offer to describe media formats Bob:

                Alice                               Bob

                  | (1) Offer (SRTP and their associated
   parameters, RTP)         |
                  |--------------------------------->|
                  |                                  |
                  | (2) Answer (SRTP)                |
                  |<---------------------------------|
                  |                                  |
                  | (3) Offer (SRTP)                 |
                  |--------------------------------->|
                  |                                  |
                  | (4) Answer (SRTP)                |
                  |<---------------------------------|
                  |                                  |

   Alice's offer includes RTP and SRTP as alternatives. RTP is the
   default, but SRTP is the preferred one:

      v=0
      o=- 25678 753849 IN IP4 192.0.2.1
      s=
      c=IN IP4 192.0.2.1
      t=0 0
      m=audio 53456 RTP/AVP 0 18
      a=tcap:1 RTP/SAVP RTP/AVP
      a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
         FEC_ORDER=FEC_SRTP
      a=pcfg:1 t=1 a=1

   The "m=" line indicates that Alice is offering to use plain RTP with
   PCMU or G.729.  The capabilities are not defined in this document, however provided by the "rtpmap" "a=tcap" and
   "a=acap" attributes.  The "tcap" capability indicates that both
   Secure RTP and "fmtp" attributes can nevertheless be used as normal RTP are supported. The "acap" attribute
   capabilities. Using such
   provides an attribute capabilities in a potential
   configuration requires capability with a bit handle of care though. 1. The rtpmap parameter binds an RTP payload type to a media format
   (codec). While it capability
   is possible to provide rtpmaps a "crypto" attribute, which provides the keying material for payload types
   not found in SRTP
   using SDP security descriptions [SDES]. The "a=pcfg" attribute
   provides the corresponding "m=" line, such rtpmaps provide no
   value potential configurations included in normal offer/answer exchanges, since only the payload types
   found in offer by
   reference to the "m=" line is part capabilities.  A single potential configuration with
   a configuration number of "1" is provided. It includes is transport
   protocol capability 1 (RTP/SAVP, i.e. secure RTP) together with the
   attribute capability 1, i.e. the crypto attribute provided.

   Bob receives the SDP offer (or answer). This applies
   to from Alice. Bob supports SRTP and the core SDP capability negotiation framework as well: Only
   Capability Negotiation extensions, and hence he accepts the
   media formats (e.g. potential
   configuration for Secure RTP payload types) provided in by Alice:

      v=0
      o=- 24351 621814 IN IP4 192.0.2.2
      s=
      c=IN IP4 192.0.2.2
      t=0 0
      m=audio 54568 RTP/SAVP 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
            inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
      a=acfg:1 t=1 a=1

   Bob includes the "m=" line are
   actually offered; inclusion of rtpmap attributes with other RTP
   payload types in a potential configuration does not change this fact
   and hence they do not provide any useful information. They may still
   be useful as pure capabilities though (outside a potential
   configuration).

   It is possible "a=acfg" attribute in the answer to provide inform Alice
   that he based his answer on an rtpmap offer containing the potential
   configuration with transport protocol capability 1 and attribute
   capability with a
   payload type mapping to 1 from the offer SDP (i.e. the RTP/SAVP profile using the
   keying material provided).  Bob also includes his keying material in
   a different codec than crypto attribute.

   When Alice receives Bob's answer, session negotiation has completed,
   however Alice nevertheless generates a corresponding actual
   configuration "rtpmap" attribute for new offer using the media description has. Such
   practice actual
   configuration. This is permissible as a way of indicating a capability, however,
   if done purely to assist any middle-boxes that
   may reside between Alice and Bob but do not support the capability
   negotiation extensions (and hence may not understand the negotiation
   that just took place):

   Alice's updated offer includes only SRTP, and it is included in a potential configuration, not using the core SDP
   capability negotiation framework does not provide a well-defined
   outcome. Recall that attribute extensions (Alice could have included the
   capabilities are additive as well is she wanted to):

      v=0
      o=- 25678 753850 IN IP4 192.0.2.1
      s=
      c=IN IP4 192.0.2.1
      t=0 0
      m=audio 53456 RTP/SAVP 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
         FEC_ORDER=FEC_SRTP

   The "m=" line now indicates that Alice is offering to the media
   description, and hence the result will be two different payload type
   mappings for a single use secure RTP payload type. This
   with PCMU or G.729.  The "crypto" attribute, which provides the SRTP
   keying material, is not allowed by included with the same value again.

   Bob receives the SDP
   [RFC4566].

   Similar considerations offer from Alice, which he accepts, and rules apply then
   generates an answer to Alice:

      v=0
      o=- 24351 621815 IN IP4 192.0.2.2
      s=
      c=IN IP4 192.0.2.2
      t=0 0
      m=audio 54568 RTP/SAVP 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
            inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4

   Bob includes the "fmtp" attribute. An
   fmtp same crypto attribute capability for a media format not included in as before, and the "m="
   line is useless in a potential configuration. An fmtp attribute
   capability session
   proceeds without change. Although Bob did not include any
   capabilities in a potential configuration for a media format his answer, he could of course have done so if he
   wanted to.

   Note that
   already has an fmtp attribute in this particular example, the actual configuration may lead to
   multiple fmtp format parameters for that media format. This is not
   allowed by SDP [RFC4566]. Still, use of it as a capability only may
   be useful.

   Extensions to answerer supported the core SDP
   capability negotiation framework of course
   may change extensions defined here, however had he not, the above behavior.

4. Examples

   In this section, we provide examples showing how answerer
   would simply have ignored the new attributes received in step 1 and
   accepted the offer to use normal RTP. In that case, the SDP
   Capability Negotiation.

4.1. Best-Effort Secure RTP following
   answer would have been generated in step 2 instead:

      v=0
      o=- 24351 621814 IN IP4 192.0.2.2
      s=
      c=IN IP4 192.0.2.2
      t=0 0
      m=audio 54568 RTP/AVP 0 18

4.2. Multiple Transport Protocols

   The following example illustrates how to use the SDP Capability
   negotiation extensions to support so-called Best-Effort Secure RTP.
   In that scenario, the offerer supports both RTP and Secure RTP. If
   the answerer does not support secure RTP (or the SDP capability
   negotiation extensions), an RTP session will be established. However,
   if negotiate use of one out of several
   possible transport protocols. As in the answerer supports Secure RTP previous example, the offerer
   uses the expected least-common-denominator (plain RTP) as the actual
   configuration, and the SDP Capability
   Negotiation extensions, a Secure RTP session will be established. alternative transport protocols as the
   potential configurations.

   The best-effort Secure RTP negotiation example is illustrated by the offer/answer exchange below, where
   Alice sends an offer to Bob:

                Alice                               Bob

                  | (1) Offer (SRTP and RTP) (RTP/[S]AVP[F])        |
                  |--------------------------------->|
                  |                                  |
                  | (2) Answer (SRTP) (RTP/AVPF)            |
                  |<---------------------------------|
                  |                                  |
                  | (3) Offer (SRTP) (RTP/AVPF)             |
                  |--------------------------------->|
                  |                                  |
                  | (4) Answer (SRTP) (RTP/AVPF)            |
                  |<---------------------------------|
                  |                                  |

   Alice's offer includes plain RTP (RTP/AVP), RTP with RTCP-based
   feedback (RTP/AVPF), Secure RTP (RTP/SAVP), and Secure RTP with RTCP-
   based feedback (RTP/SAVPF) and SRTP as alternatives. RTP is the
   default, but SRTP is with RTP/SAVPF, RTP/SAVP, and RTP/AVPF as the alternatives
   and preferred one: in the order listed:

      v=0
      o=- 25678 753849 IN IP4 128.96.41.1 192.0.2.1
      s=
      c=IN IP4 128.96.41.1 192.0.2.1
      t=0 0
      m=audio 3456 53456 RTP/AVP 0 18
      a=creq: cap-v0
      a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVP RTP/AVPF
      a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
         FEC_ORDER=FEC_SRTP
      a=acap:2 a=rtcp-fb:0 nack
      a=pcfg:1 t=1 a=1,2
      a=pcfg:2 t=2 a=1
      a=pcfg:3 t=3 a=2

   The "m=" line indicates that Alice is offering to use plain RTP with
   PCMU or G.729.  Alice indicates that support for the base protocol
   defined here is required by including the "a=creq" attribute
   containing the value "cap-v0". The capabilities are provided by the "a=tcap" and
   "a=acap" attributes.  The "tcap" capability indicates that both Secure RTP
   with RTCP-Based feedback (RTP/SAVPF), Secure RTP (RTP/SAVP), and normal RTP
   with RTCP-Based feedback are supported. The first "acap" attribute
   provides an attribute capability with a handle of 1. The capability
   is a "crypto" attribute, which provides the keying material for SRTP
   using SDP security descriptions [SDES]. The second "acap" attribute
   provides an attribute capability with a handle of 1. The 2. The capability
   is an "rtcp-fb" attribute, which is used by the RTCP-based feedback
   profiles to indicate that payload type 0 (PCMU) supports feedback
   type "nack". The "a=pcfg" attributes provide the potential
   configurations included in the offer by reference to the
   capabilities. There are three potential configurations:

   o  Potential configuration 1, which is the most preferred potential
      configuration specifies use of transport protocol capability 1
      (RTP/SAVPF) and attribute capabilities 1 (the "crypto" attribute)
      and 2 (the "rtcp-fb" attribute).

   o  Potential configuration 2, which is the second most preferred
      potential configuration specifies use of transport protocol
      capability is a 2 (RTP/SAVP) and attribute capability 1 (the "crypto" attribute,
      attribute).

   o  Potential configuration 3, which provides the keying
   material for SRTP using SDP security descriptions [SDES]. The
   "a=pcfg" attribute provides is the least preferred potential configurations included in
   the offer by reference to
      configuration (but the capabilities.  A single potential second least preferred configuration with a
      overall, since the actual configuration number of "1" is provided. It
   includes provided by the "m=" line
      is always the least preferred configuration), specifies use of
      transport protocol capability 1 (RTP/SAVP, i.e. secure
   RTP) together with the 3 (RTP/AVPF) and attribute
      capability 1, i.e. the crypto
   attribute provided. 2 (the "rtcp-fb" attribute).

   Bob receives the SDP offer from Alice. Bob does not support any
   secure RTP profiles, however he supports SRTP plain RTP and RTP with RTCP-
   based feedback, as well as the SDP Capability Negotiation extensions,
   and hence he accepts the potential configuration for Secure RTP with RTCP-
   based feedback provided by Alice:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2 192.0.2.2
      t=0 0
      m=audio 4568 RTP/SAVP 54568 RTP/AVPF 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
            inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
      a=rtcp-fb:0 nack
      a=acfg:1 t=1 a=1 t=3 a=2

   Bob includes the "a=acfg" attribute in the answer to inform Alice
   that he based his answer on an offer containing the potential
   configuration with transport protocol capability 1 3 and attribute
   capability 1 2 from the offer SDP (i.e. the RTP/SAVP RTP/AVPF profile using the
   keying material
   "rtcp-fb" value provided).  Bob also includes his keying material in
   a crypto attribute. an "rtcp-fb" attribute
   with the value "nack" value for RTP payload type 0.

   When Alice receives Bob's answer, session negotiation has completed,
   however Alice nevertheless generates a new offer using the actual
   configuration. This is done purely to assist any middle-boxes that
   may reside between Alice and Bob but do not support the capability
   negotiation extensions (and hence may not understand the negotiation
   that just took place):

   Alice's updated offer includes only SRTP, RTP/AVPF, and it is not using the
   SDP capability negotiation extensions (Alice could have included the
   capabilities as well is she wanted to):

      v=0
      o=- 25678 753850 IN IP4 128.96.41.1 192.0.2.1
      s=
      c=IN IP4 128.96.41.1 192.0.2.1
      t=0 0
      m=audio 3456 RTP/SAVP 53456 RTP/AVPF 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
         FEC_ORDER=FEC_SRTP
      a=rtcp-fb:0 nack

   The "m=" line now indicates that Alice is offering to use secure RTP with
   RTCP-based feedback and using PCMU or G.729.  The "crypto" attribute, which "rtcp-fb" attribute
   provides the SRTP
   keying material, is included with feedback type "nack" for payload type 0 again (but as
   part of the same value again. actual configuration).

   Bob receives the SDP offer from Alice, which he accepts, and then
   generates an answer to Alice:

      v=0
      o=- 24351 621815 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2 192.0.2.2
      t=0 0
      m=audio 4568 RTP/SAVP 54568 RTP/AVPF 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
            inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
      a=rtcp-fb:0 nack

   Bob includes the same crypto "rtcp-fb" attribute as before, and the session
   proceeds without change. Although Bob did not include any
   capabilities in his answer, he could of course have done so if he
   wanted to.

   Note that in this particular example, the answerer supported the
   capability extensions defined here, however had he not, the answerer
   would simply have ignored the new attributes received in step 1 and
   accepted the offer to use normal RTP. In that case, the following
   answer would have been generated in step 2 instead:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2 192.0.2.2
      t=0 0
      m=audio 4568 54568 RTP/AVP 0 18

4.2. Multiple Transport Protocols

4.3. Best-Effort SRTP with Session-Level MIKEY and Media Level Security
   Descriptions

   The following example illustrates how to use the SDP Capability
   negotiation extensions to negotiate support so-called Best-Effort Secure RTP as
   well as alternative keying mechanisms, more specifically MIKEY and
   SDP Security Descriptions. The offerer (Alice) wants to establish an
   audio and video session. Alice prefers to use of one out of several
   possible transport protocols. As in the previous example, the offerer
   uses the expected least-common-denominator (plain RTP) session-level MIKEY as
   the actual
   configuration, and the alternative transport protocols key management protocol, but supports SDP security descriptions
   as the
   potential configurations. well.

   The example is illustrated by the offer/answer exchange below, where
   Alice sends an offer to Bob:

             Alice                                     Bob

               | (1) Offer (RTP/[S]AVP[F]) (RTP/[S]AVP[F], SDES|MIKEY)  |
                  |--------------------------------->|
               |--------------------------------------->|
               |                                        |
               | (2) Answer (RTP/AVPF) (RTP/SAVP, SDES)            |
                  |<---------------------------------|
               |<---------------------------------------|
               |                                        |
               | (3) Offer (RTP/AVPF) (RTP/SAVP, SDES)             |
                  |--------------------------------->|
               |--------------------------------------->|
               |                                        |
               | (4) Answer (RTP/AVPF) (RTP/SAVP, SDES)            |
                  |<---------------------------------|
               |<---------------------------------------|
               |                                        |

   Alice's offer includes an audio and a video stream. The audio stream
   offers use of plain RTP (RTP/AVP), and secure RTP as alternatives, whereas the
   video stream offers use plain RTP, RTP with RTCP-based
   feedback (RTP/AVPF), feedback,
   Secure RTP (RTP/SAVP), RTP, and Secure RTP with RTCP-
   based RTCP-based feedback (RTP/SAVPF) and SRTP as alternatives. RTP is the
   default, with RTP/SAVPF, RTP/SAVP, and RTP/AVPF as the alternatives
   and preferred in the order listed: alternatives:

      v=0
      o=- 25678 753849 IN IP4 128.96.41.1 192.0.2.1
      s=
      c=IN IP4 128.96.41.1
      t=0 0
      m=audio 3456 RTP/AVP 0 18
      a=creq: cap-v0
      c=IN IP4 192.0.2.1
      a=acap:1 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF
      a=acap:1
      m=audio 59000 RTP/AVP 98
      a=rtpmap:98 AMR/8000
      a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 t=2 a=1|2
      m=video 52000 RTP/AVP 31
      a=rtpmap:31 H261/90000
      a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
         FEC_ORDER=FEC_SRTP
      a=acap:2 a=rtcp-fb:0
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=acap:4 a=rtcp-fb:* nack
      a=pcfg:1 t=1 a=1,2 a=1,4|3,4
      a=pcfg:2 t=2 a=1 a=1|3
      a=pcfg:3 t=3 a=2

   The "m=" line indicates that Alice is offering to use plain RTP with
   PCMU or G.729.  Alice indicates that support for the base protocol
   defined here is required by including the "a=creq" attribute
   containing the value "cap-v0". The capabilities are provided by the
   "a=tcap" and "a=acap" attributes.  The "tcap" capability indicates
   that Secure RTP with RTCP-Based feedback (RTP/SAVPF), Secure RTP
   (RTP/SAVP), and RTP with RTCP-Based feedback are supported. The first
   "acap" attribute provides an attribute capability with a handle of 1. t=3 a=4

   The capability is a "crypto" attribute, which provides the keying
   material potential configuration for SRTP using SDP security descriptions [SDES]. The second
   "acap" attribute provides an attribute capability with a handle the audio stream specifies use of 2.
   The
   transport capability is an "rtcp-fb" attribute, which is used by the RTCP-
   based feedback profiles to indicate that payload type 0 (PCMU)
   supports feedback type "nack". The "a=pcfg" attributes provide the
   potential configurations included in 2 (RTP/SAVP) and either attribute capability 1
   (session-level MIKEY as the offer by reference to keying mechanism) or 2 (SDP Security
   Descriptions as the
   capabilities. keying mechanism). There are three potential configurations:
   configurations for the video stream.

   o  Potential  The first configuration 1, which is the most preferred potential with configuration specifies use of number 1 uses transport protocol
      capability 1 (RTP/SAVPF) and with either attribute capabilities 1 (the "crypto" and
      4 (session-level MIKEY and the "rtcp-fb" attribute) or attribute
      capabilities 3 and 2 (the 4 (SDP security descriptions and the "rtcp-fb"
      attribute).

   o  Potential configuration 2, which is the  The second most preferred
      potential configuration specifies use of with configuration number 2 uses
      transport protocol capability 2 (RTP/SAVP) and either attribute capability
      1 (the "crypto"
      attribute). (session-level MIKEY) or attribute capability 3 (SDP security
      descriptions).

   o  Potential configuration 3, which is the least preferred potential
      configuration (but the second least preferred  The third configuration
      overall, since the actual with configuration provided by the "m=" line
      is always the least preferred configuration), specifies use of number 3 uses transport protocol
      capability 3 (RTP/AVPF) and attribute capability 2 4 (the "rtcp-fb"
      attribute).

   Bob receives the SDP offer from Alice. Bob does not support any
   secure RTP profiles, however he supports plain RTP and Secure RTP,
   Secure RTP with RTCP-
   based feedback, as well as RTCP-based feedback and the SDP Capability
   Negotiation extensions, extensions. Bob also supports SDP Security Descriptions,
   but not MIKEY, and hence he accepts generates the potential configuration for RTP with RTCP-
   based feedback provided by Alice: following answer:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2
      t=0 0
      c=IN IP4 192.0.2.2
      m=audio 4568 RTP/AVPF 0 18
      a=rtcp-fb:0 nack 54568 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
      a=acfg:1 t=3 t=2 a=2
      m=video 55468 RTP/SAVPF 31
      a=rtpmap:31 H261/90000
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
      a=rtcp-fb:* nack
      a=acfg:1 t=1 a=3,4

   For the audio stream, Bob includes accepted the "a=acfg" attribute use of secure RTP, and hence
   the profile in the answer to inform Alice
   that he based "m=" line is "RTP/SAVP". Bob also includes a
   "crypto" attribute with his answer on own keying material, and an offer containing the potential "acfg"
   attribute identifying actual configuration with 1 for the audio media
   stream from the offer, using transport protocol capability 3 2 (RTP/SAVP) and
   attribute capability 2 (the crypto attribute from the offer SDP (i.e. offer). For the
   video stream, Bob accepted the use of secure RTP with RTCP-based
   feedback, and hence the RTP/AVPF profile using in the
   "rtcp-fb" value provided). "m=" line is "RTP/SAVPF". Bob
   also includes a "crypto" attribute with his own keying material, and
   an "acfg" attribute identifying actual configuration 1 for the video
   stream from the offer, using transport capability 1 (RTP/SAVPF) and
   attribute capabilities 3 (the crypto attribute from the offer) and 4
   (the "rtcp-fb" attribute
   with from the value "nack" value for RTP payload type 0. offer).

   When Alice receives Bob's answer, session negotiation has completed,
   however Alice nevertheless generates a new offer using the actual
   configuration. This is done purely to assist any middle-boxes that
   may reside between Alice and Bob but do not support the capability
   negotiation extensions (and hence may not understand the negotiation
   that just took place):

   Alice's updated offer includes only RTP/AVPF, SRTP for the audio stream SRTP
   with RTCP-based feedback for the video stream, and it is not using
   the SDP capability negotiation extensions (Alice could have included
   the capabilities as well is she wanted to):

      v=0
      o=- 25678 753850 753849 IN IP4 128.96.41.1 192.0.2.1
      s=
      c=IN IP4 128.96.41.1
      t=0 0
      c=IN IP4 192.0.2.1
      m=audio 3456 RTP/AVPF 0 18
      a=rtcp-fb:0 59000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      m=video 52000 RTP/SAVPF 31
      a=rtpmap:31 H261/90000
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=rtcp-fb:* nack

   The "m=" line for the audio stream now indicates that Alice is
   offering to use secure RTP with PCMU or G.729, whereas the "m=" line
   for the video stream now indicates that Alice is offering to use
   secure RTP with RTCP-based feedback and using PCMU or G.729.  The "rtcp-fb" attribute with H.261. Each media stream
   includes a "crypto" attribute, which provides the feedback type "nack" for payload type 0 again (but as
   part of SRTP keying
   material, with the actual configuration). same value again.

   Bob receives the SDP offer from Alice, which he accepts, and then
   generates an answer to Alice:

      v=0
      o=- 24351 621815 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      c=IN IP4 128.96.41.2
      t=0 0
      c=IN IP4 192.0.2.2
      m=audio 4568 RTP/AVPF 0 18
      a=rtcp-fb:0 54568 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
      m=video 55468 RTP/SAVPF 31
      a=rtpmap:31 H261/90000
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
      a=rtcp-fb:* nack

   Bob includes the same "rtcp-fb" crypto attribute as before, and the session
   proceeds without change. Although Bob did not include any
   capabilities in his answer, he could of course have done so if he
   wanted to.

   Note that in this particular example, the answerer supported the
   capability extensions defined here, however had he not, the answerer
   would simply have ignored the new attributes received in step 1 and
   accepted the offer to use normal RTP. In that case, the following
   answer would have been generated in step 2 instead:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2
      s=
      c=IN IP4 128.96.41.2
      t=0 0
      m=audio 4568 RTP/AVP 0 18

4.3. Session-Level MIKEY and Media Level Security Descriptions

   The following example illustrates how to use the SDP Capability
   negotiation extensions to support so-called Best-Effort Secure RTP as
   well as alternative keying mechanisms, more specifically MIKEY and
   SDP Security Descriptions. The offerer (Alice) wants to establish an
   audio and video session. Alice prefers to use session-level MIKEY as
   the key management protocol, but supports SDP security descriptions
   as well.

   The example is illustrated by the offer/answer exchange below, where
   Alice sends an offer to Bob:

             Alice                                     Bob

               | (1) Offer (RTP/[S]AVP[F], SDES|MIKEY)  |
               |--------------------------------------->|
               |                                        |
               | (2) Answer (RTP/SAVP, SDES)            |
               |<---------------------------------------|
               |                                        |
               | (3) Offer (RTP/SAVP, SDES)             |
               |--------------------------------------->|
               |                                        |
               | (4) Answer (RTP/SAVP, SDES)            |
               |<---------------------------------------|
               |                                        |

   Alice's offer includes an audio and a video stream. The audio stream
   offers use of plain RTP
   would simply have ignored the new attributes received in step 1 and secure RTP as alternatives, whereas
   accepted the
   video stream offers offer to use plain RTP, RTP with RTCP-based feedback,
   Secure RTP, and Secure RTP with RTCP-based feedback as alternatives: normal RTP. In that case, the following
   answer would have been generated in step 2 instead:

      v=0
      o=- 25678 753849 24351 621814 IN IP4 128.96.41.1 192.0.2.2
      s=
      t=0 0
      c=IN IP4 128.96.41.1
      a=creq: cap-v0
      a=acap:1 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF 192.0.2.2
      m=audio 39000 54568 RTP/AVP 98
      a=rtpmap:98 AMR/8000
      a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 t=2 a=1|2
      m=video 42000 55468 RTP/AVP 31
      a=rtpmap:31 H261/90000
      a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=acap:4
      a=rtcp-fb:* nack
      a=pcfg:1 t=1 a=1,4|3,4
      a=pcfg:2 t=2 a=1|3
      a=pcfg:3 t=3 a=4

   The potential configuration for the audio stream specifies use of
   transport capability 2 (RTP/SAVP) and either attribute capability 1
   (session-level MIKEY as the keying mechanism) or 2 (SDP Security
   Descriptions as the keying mechanism). There are three potential
   configurations for the video stream.

   o  The first configuration with configuration number 1 uses transport
      capability 1 (RTP/SAVPF) with either attribute capabilities 1 and
      4 (session-level MIKEY and the "rtcp-fb" attribute) or attribute
      capabilities 3 and 4 (SDP security descriptions and the "rtcp-fb"
      attribute).

   o  The second configuration with configuration number 2 uses
      transport capability 2 (RTP/SAVP) and either attribute capability
      1 (session-level MIKEY) or attribute capability 3 (SDP security
      descriptions).

   o  The third configuration with configuration number 3 uses transport
      capability 3 (RTP/AVPF) and attribute capability 4 (the "rtcp-fb"
      attribute).

   Bob receives the SDP offer from Alice. Bob supports Secure RTP,
   Secure RTP with RTCP-based feedback and the SDP Capability
   Negotiation extensions.

   Finally, if Bob also supports SDP Security Descriptions,
   but not MIKEY, and hence he generates had chosen to use session-level MIKEY instead of SDP
   security descriptions instead, the following answer: answer would have been
   generated:

      v=0
      o=- 24351 621814 25678 753849 IN IP4 128.96.41.2 192.0.2.1
      s=
      t=0 0
      c=IN IP4 128.96.41.2 192.0.2.1
      a=key-mgmt:mikey AQEFgM0XflABAAAAAAAAAAAAAAYAyO...
      m=audio 4568 RTP/SAVP 59000 RTP/AVP 98
      a=rtpmap:98 AMR/8000
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
      a=acfg:1 t=2 a=2 a=1
      m=video 5468 52000 RTP/SAVPF 31
      a=rtpmap:31 H261/90000
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
      a=rtcp-fb:* nack
      a=acfg:1 t=1 a=3,4

   For the audio stream, Bob accepted the use of secure RTP, and hence
   the profile in the "m=" line is "RTP/SAVP". a=1,4

   It should be noted, that although Bob also includes a
   "crypto" attribute with his own keying material, and an "acfg"
   attribute identifying actual configuration 1 could have chosen session-level
   MIKEY for the audio one media
   stream from the offer, using transport capability 2 (RTP/SAVP) stream, and
   attribute capability 2 (the crypto attribute from the offer). For the
   video SDP Security Descriptions for another
   media stream, Bob accepted the use there are no well-defined offerer processing rules of secure RTP with RTCP-based
   feedback, and hence the profile in
   the "m=" line is "RTP/SAVPF". Bob
   also includes a "crypto" attribute with his own keying material, and
   an "acfg" attribute identifying actual configuration 1 resulting answer for the video
   stream from the offer, using transport capability 1 (RTP/SAVPF) and
   attribute capabilities 3 (the crypto attribute from the offer) this, and 4
   (the "rtcp-fb" attribute from the offer).

   When Alice receives Bob's answer, session negotiation has completed,
   however Alice nevertheless generates a new offer using hence the actual
   configuration. This is done purely to assist any middle-boxes that offerer may reside between Alice and Bob but do not support incorrectly
   assume use of MIKEY for both streams. To avoid this, if the answerer
   chooses session-level MIKEY, then all secure RTP based media streams
   SHOULD use MIKEY (this applies irrespective of whether SDP capability
   negotiation extensions (and hence may is being used or not). Use of media-level MIKEY does not understand the negotiation
   that just took place):

   Alice's updated offer includes only SRTP for the audio stream
   have a similar constraint.

4.4. SRTP with RTCP-based feedback for the video stream, Session-Level MIKEY and it is not using Media Level Security Descriptions
   as Alternatives

   The following example illustrates how to use the SDP capability Capability
   negotiation extensions (Alice could have to negotiate use of either MIKEY or SDP
   Security Descriptions, when one of them is included
   the capabilities as well part of the
   actual configuration, and the other one is she wanted to):

      v=0
      o=- 25678 753849 IN IP4 128.96.41.1
      s=
      t=0 0
      c=IN IP4 128.96.41.1
      m=audio 39000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      m=video 42000 RTP/SAVPF 31
      a=rtpmap:31 H261/90000
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=rtcp-fb:* nack being selected. The "m=" line for the
   offerer (Alice) wants to establish an audio stream now indicates that and video session. Alice is
   offering
   prefers to use secure RTP with PCMU or G.729, whereas session-level MIKEY as the "m=" line
   for key management protocol,
   but supports SDP security descriptions as well.

   The example is illustrated by the video stream now indicates that offer/answer exchange below, where
   Alice is offering sends an offer to use
   secure RTP with RTCP-based feedback with H.261. Each media stream
   includes a "crypto" attribute, which provides the SRTP keying
   material, with the same value again. Bob:

             Alice                                     Bob receives the SDP

               | (1) Offer (RTP/[S]AVP[F], SDES|MIKEY)  |
               |--------------------------------------->|
               |                                        |
               | (2) Answer (RTP/SAVP, SDES)            |
               |<---------------------------------------|
               |                                        |

   Alice's offer from Alice, which he accepts, and then
   generates includes an answer to Alice: audio and a video stream. Both the audio
   and the video stream offer use of secure RTP:

      v=0
      o=- 24351 621814 25678 753849 IN IP4 128.96.41.2 192.0.2.1
      s=
      t=0 0
      c=IN IP4 128.96.41.2 192.0.2.1
      a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=acap:1 a=key-mgmt
      m=audio 4568 59000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 a=-1,2
      m=video 5468 RTP/SAVPF 52000 RTP/SAVP 31
      a=rtpmap:31 H261/90000
      a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
      a=rtcp-fb:* nack
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=pcfg:1 a=-1,3

   Alice does not know whether Bob includes supports MIKEY or SDP Security
   Descriptions. She could include attributes for both, however the same crypto attribute as before,
   resulting procedures and the session
   proceeds without change. Although Bob did potential interactions are not include any
   capabilities well-defined.
   Instead, she places a session-level key-mgmt attribute for MIKEY in his answer, he could of course have done so if he
   wanted to.

   Note that
   the actual configuration with SDP security descriptions as an
   alternative in this particular example, the answerer supported potential configuration. Note the presence of
   attribute capability extensions defined here, however had he not, 1; it merely lists the answerer
   would simply have ignored "a=key-mgmt" attribute
   without any associated value. The potential configuration for the new attributes received in step
   audio stream specifies that attribute capability 1 is to be deleted
   (i.e. any session-level "a=key-mgmt" attributes) and
   accepted that attribute
   capability 2 is to be used (i.e. the crypto attribute). The potential
   configuration for the video stream is similar, except it uses it's
   own crypto attribute capability (3).

   Bob receives the SDP offer to use normal RTP. In from Alice. Bob supports Secure RTP and
   the SDP Capability Negotiation extensions. Bob supports both SDP
   Security Descriptions and MIKEY. Since the potential configuration is
   more preferred than the actual configuration, he (conceptually)
   generates an internal potential configuration SDP that case, contains the following
   answer would have been generated in step 2 instead:
   crypto attributes for the audio and video stream, but not the key-
   mgmt attribute for MIKEY, thereby avoiding any ambiguity between the
   two keying mechanisms. As a result, he generates the following
   answer:

      v=0
      o=- 24351 621814 IN IP4 128.96.41.2 192.0.2.2
      s=
      t=0 0
      c=IN IP4 128.96.41.2 192.0.2.2
      m=audio 4568 RTP/AVP 54568 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
      a=acfg:1 a=-1,2
      m=video 5468 RTP/AVP 55468 RTP/SAVP 31
      a=rtpmap:31 H261/90000
      a=rtcp-fb:* nack

   Finally, if
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
      a=acfg:1 a=-1,3

   For the audio stream, Bob had chosen to accepted the use session-level MIKEY instead of secure RTP using SDP
   security descriptions instead, the following answer would have been
   generated:

      v=0
      o=- 25678 753849 IN IP4 128.96.41.1
      s=
      t=0 0
      c=IN IP4 128.96.41.1
      a=key-mgmt:mikey AQEFgM0XflABAAAAAAAAAAAAAAYAyO...
      m=audio 39000 RTP/AVP 98
      a=rtpmap:98 AMR/8000
      a=acfg:1 t=2 a=1
      m=video 42000 RTP/SAVPF 31
      a=rtpmap:31 H261/90000
      a=rtcp-fb:* nack
      a=acfg:1 t=1 a=1,4

   It should be noted, that although descriptions. Bob could have chosen session-level
   MIKEY for one media stream, therefore includes a "crypto" attribute
   with his own keying material, and SDP Security Descriptions an "acfg" attribute identifying
   actual configuration 1 for another the audio media stream, there are no well-defined offerer processing rules of stream from the resulting answer for this, offer,
   with attribute capability 1 deleted, and hence attribute capability 2
   included (the crypto attribute from the offer). For the video stream,
   Bob also accepted the offerer may incorrectly
   assume use of MIKEY for both streams. To avoid this, if the answerer
   chooses session-level MIKEY, then all secure RTP based media streams
   SHOULD use MIKEY (this applies irrespective of whether using SDP capability
   negotiation is being used or not). Use of media-level MIKEY does not
   have security
   descriptions. Bob therefore includes a similar constraint.

4.4. Capability Negotiation "crypto" attribute with Interactive Connectivity Establishment

   [EDITOR'S NOTE: Example to be added] his
   own keying material, and an "acfg" attribute identifying actual
   configuration 1 for the video stream from the offer, with attribute
   capability 1 deleted, and attribute capability 3 included.

5. Security Considerations

   The SDP Capability Negotiation Framework is defined to be used within
   the context of the offer/answer model, and hence all the offer/answer
   security considerations apply here as well. Similarly, the Session
   Initiation Protocol (SIP) uses SDP and the offer/answer model, and
   hence, when used in that context, the SIP security considerations
   apply as well.

   However, SDP Capability Negotiations introduces additional security
   issues. Its use as a mechanism to enable alternative transport
   protocol negotiation (secure and non-secure) as well as its ability
   to negotiate use of more or less secure keying methods and material
   warrant further security considerations. Also, the (continued)
   support for receiving media before answer combined with negotiation
   of alternative transport protocols (secure and non-secure) warrant
   further security considerations. We discuss these issues below.

   The SDP capability negotiation framework allows for an offered media
   stream to both indicate and support various levels of security for
   that media stream. Different levels of security can for example be
   negotiated by use of alternative attribute capabilities each
   indicating more or less secure keying methods as well as more or less
   strong ciphers. Since the offerer indicates support for each of these
   alternatives, he will presumably accept the answerer seemingly
   selecting any of the offered alternatives. If an attacker can modify
   the SDP offer, he can thereby force the negotiation of the weakest
   security mechanism that the offerer is willing to accept. This may in
   turn enable the attacker to compromise the security of the negotiated
   media stream. Similarly, if the offerer wishes to negotiate use of a
   secure media stream (e.g. secure RTP), but includes a non-secure
   media stream (e.g. plain RTP) as a valid (but less preferred)
   alternative, then an attacker that can modify the offered SDP will be
   able to force the establishment of an insecure media stream. The
   solution to both of these problems involves the use of integrity
   protection over the SDP. Ideally, this integrity protection provides
   end-to-end integrity protection in order to protect from any man-in-
   the-middle attack; secure multiparts such as S/MIME [SMIME] provide
   one such solution, however S/MIME requires use and availability of a
   Public Key Infrastructure (PKI). A slightly less secure alternative
   when using SIP, but generally much easier to deploy in practice
   (since it does not require a PKI), is to use SIP Identity [RFC4474];
   this requires the existence of an authentication service (see
   [RFC4474]). Yet another, and considerably less secure, alternative is
   to use hop-by-hop security only, e.g. TLS or IPSec thereby ensuring
   the integrity of the offered SDP on a hop-by-hop basis. Note however
   that SIP proxies or other intermediaries processing the SIP request
   at each hop are able to perform a man-in-the-middle attack by
   modifying the offered SDP.

   Per the normal offer/answer procedures, as soon as the offerer has
   generated an offer, the offerer must be prepared to receive media in
   accordance with that offer. The SDP Capability Negotiation preserves
   that behavior for the actual configuration in the offer, however the
   offerer has no way of knowing which configuration (actual or
   potential) configuration was actually selected by the offerer, until
   an answer indication is received. This opens up a new security issue
   where an attacker may be able to interject media towards the offerer
   until the answer is received. For example, the offerer may use plain
   RTP as the actual configuration and secure RTP as an alternative
   potential configuration. Even though the answerer selects secure RTP,
   the offerer will not know that until he receives the answer, and
   hence an attacker will be able to send media to the offerer
   meanwhile. The easiest protection against such an attack is to not
   offer use of the non-secure media stream in the actual configuration,
   however that may in itself have undesirable side-effects: If the
   answerer does not support the non-secure media stream and also does
   not support the capability negotiation framework, then negotiation of
   the media stream will fail. Alternatively, SDP security preconditions
   [sprecon] can be used. This will ensure that media is not flowing
   until session negotiation has completed and hence the selected
   configuration is known. Use of preconditions however requires both
   side to support them. If they don't, and use of them is required, the
   session will fail. As a (limited) work around to this, it is
   RECOMMENDED that SIP entities generate an answer SDP and send it to
   the offerer as soon as possible, for example in a 183 Session
   Progress message. This will limit the time during which an attacker
   can send media to the offerer.

   Additional security considerations apply to the answer SDP as well.
   The actual configuration attribute tells the offerer which potential
   configuration the answer was actually based on, and hence an attacker
   that can either modify or remove the actual configuration attribute
   in the answer can cause session failure as well as extend the time
   window during which the offerer will accept incoming media that does
   not conform to the actual answer. The solutions to this SDP answer
   integrity problem are the same as for the offer, i.e. use of end-to-
   end integrity protection, SIP identity, or hop-by-hop protection. The
   mechanism to use depends on the mechanisms supported by the offerer
   as well as the acceptable security trade-offs.

6. IANA Considerations

6.1. New SDP Attributes

   The IANA is hereby requested to register the following new SDP
   attributes as follows:

   Attribute name:      csup
   Long form name:      Supported capability negotiation extensions
   Type of attribute:   Session-level and media-level
   Subject to charset:  No
   Purpose:             Option tags for supported SDP capability
                        negotiation extensions
   Appropriate values:  See Section 3.2.1. 3.3.1.

   Attribute name:      creq
   Long form name:      Required capability negotiation extensions
   Type of attribute:   Session-level and media-level
   Subject to charset:  No
   Purpose:             Option tags for required SDP capability
                        negotiation extensions
   Appropriate values:  See Section 3.2.2. 3.3.2.

   Attribute name:      acap
   Long form name:      Attribute capability
   Type of attribute:   Session-level and media-level
   Subject to charset:  No
   Purpose:             Attribute capability containing an attribute
                        name and associated value
   Appropriate values:  See Section 3.3.1. 3.4.1.

   Attribute name:      tcap
   Long form name:      Transport Protocol Capability
   Type of attribute:   Session-level and media-level
   Subject to charset:  No
   Purpose:             Transport protocol capability listing one or
                        more transport protocols
   Appropriate values:  See Section 3.3.2. 3.4.2.

   Attribute name:      pcfg
   Long form name:      Potential Configuration
   Type of attribute:   Media-level
   Subject to charset:  No
   Purpose:             Potential configuration for SDP capability
                        negotiation
   Appropriate values:  See Section 3.4.1. 3.5.1.

   Attribute name:      acfg
   Long form name:      Actual configuration
   Type of attribute:   Media-level
   Subject to charset:  No
   Purpose:             Actual configuration for SDP capability
                        negotiation
   Appropriate values:  See Section 3.4.2. 3.5.2.

6.2. New SDP Capability Negotiation Option Tag Registry

   The IANA is hereby requested to create a new SDP Capability
   Negotiation Option Tag registry. An IANA SDP capability negotiation
   option tag registration MUST be documented in an RFC in accordance
   with the [RFC2434] Specification Required policy. The RFC MUST
   provide the name of the option tag, a syntax and a semantic
   specification of any new SDP attributes and any extensions to the
   potential and actual configuration attributes provided in this
   document. New SDP attributes that are intended to be capabilities for
   use by the capability negotiation framework MUST adhere to the
   guidelines provided in Section 3.3.3. 3.4.3. Extensions to the potential and
   actual configuration attributes MUST adhere to the syntax provided in
   Section 3.4.1. 3.5.1. and 3.4.2. 3.5.2.

   The option tag "cap-v0" is defined in this document and the IANA is
   hereby requested to register this option tag.

6.3. New SDP Capability Negotiation Potential Configuration Parameter
   Registry

   The IANA is hereby requested to create a new SDP Capability
   Negotiation Potential Configuration Parameter registry. An IANA SDP
   Capability Negotiation potential configuration registration MUST be
   document in an RFC in accordance with the [RFC2434] Specification
   Required policy. The RFC MUST define the syntax and semantics of each
   new potential configuration parameter. The syntax MUST adhere to the
   syntax provided for extensions in Section 3.4.1. 3.5.1. and the semantics
   MUST adhere to the semantics provided for extensions in Section
   3.4.1.
   3.5.1. and 3.4.2. 3.5.2. Associated with each registration MUST be the
   encoding name for the parameter as well as a short descriptive name
   for it.

   The potential configuration parameters "a" for "attribute" and "t"
   for "transport protocol" are defined in this document and the IANA is
   hereby requested to register these.

7. To Do and Open Issues

   o  Look for "EDITOR'S NOTE" throughout  Add additional examples showing use of delete-attributes and the document.
      DELETE/REPLACE attribute capability operators.

8. Acknowledgments

   This document is heavily influenced by the discussions and work done
   by the SDP Capability Negotiation Design team. The following people
   in particular provided useful comments and suggestions to either the
   document itself or the overall direction of the solution defined in
   here: Francois Audet, John Elwell, Roni Even, Robert Gilman, Cullen
   Jennings, Matt Lepinski, Joerg Ott, Colin Perkins, Thomas Stach, and
   Dan Wing.

9. Change Log

9.1. draft-ietf-mmusic-sdp-capability-negotiation-05

   o  Allowed for '<type>=<value>' attributes to be listed as attribute
      capabilities the attribute name only.

   o  Changed IP-address to conform to RFC 3330 guidelines.

   o  Added section on relationship to RFC 3407 and "Obsoletes: 3407" in
      the front.

   o  Disallowed use of white space in a number of places for more
      consistency with existing SDP practice

   o  Changed "csup" and "creq" attributes to not allow multiple
      instances at the session-level and multiple instances per media
      description (only one for each now)

   o  Changed to not require use of "creq" with base option tag ("cap-
      v0").

   o  Relaxed restrictions on extension capabilities

   o  Updated potential configuration attribute syntax and semantics. In
      particular, potential configuration attributes can now replace and
      delete various existing attributes in original SDP to better
      control potential attribute interactions with the actual
      configuration while preserving message size efficiency.

   o  Updated actual configuration attribute to align with the updates
      to the potential configuration attributes.

   o  Updated offer/answer procedures to align with other changes.

   o  Changed recommendation for second offer/answer exchange to "MAY"
      strength, unless for the cases where it is known or suspected that
      it is needed.

   o  Updated ICE interactions to explain how the new attribute
      delete/replace features can solve certain potential interactions.

   o  Updated rtpmap and fmtp section to allow potential configurations
      to use remapped payload types in attribute capabilities for
      rtpmaps and fmtp parameters.

   o  Added section on direction attributes.

   o  Added another example showing SRTP with session-level MIKEY and
      SDP Security Descriptions using the attribute capability DELETE
      operator.

9.2. draft-ietf-mmusic-sdp-capability-negotiation-04

   The following are the major changes compared to version -03:

   o  Added explicit ordering rules for attributes added by potential
      configurations.

   o  Noted that ICE interaction issues (ice-tcp specifically) may not
      be as clear as originally thought.

   o  Added considerations on using rtpmap and fmtp attributes as
      attribute capabilities.

   o  Added multiple transport protocol example.

   o  Added session-level MIKEY and media level security descriptions
      example.

9.2.

9.3. draft-ietf-mmusic-sdp-capability-negotiation-03

   The following are the major changes compared to version -02:

   o  Base option tag name changed from "v0" to "cap-v0".

   o  Added new section on extension capability attributes

   o  Firmed up offer/answer procedures.

   o  Added security considerations

   o  Added IANA considerations

9.3.

9.4. draft-ietf-mmusic-sdp-capability-negotiation-02

   The following are the major changes compared to version -01:

   o  Potential configurations are no longer allowed at the session
      level

   o  Renamed capability attributes ("capar" to "acap" and "ctrpr" to
      "tcap")
   o  Changed name and semantics of the initial number (now called
      configuration number) in potential configuration attributes; must
      now be unique and can be used as a handle

   o  Actual configuration attribute now includes configuration number
      from the selected potential configuration attribute

   o  Added ABNF throughout

   o  Specified that answerer should include "a=csup" in case of
      unsupported required extensions in offer.

   o  Specified use of second offer/answer exchange when answerer
      selected a potential configuration

   o  Updated rules (and added restrictions) for referencing media- and
      session-level capabilities in potential configurations (at the
      media level)

   o  Added initial section on ICE interactions

   o  Added initial section on receiving media before answer

9.4.

9.5. draft-ietf-mmusic-sdp-capability-negotiation-01

   The following are the major changes compared to version -00:

   o  Media capabilities are no longer considered a core capability and
      hence have been removed. This leaves transport protocols and
      attributes as the only capabilities defined by the core.

   o  Version attribute has been removed and an option tag to indicate
      the actual version has been defined instead.

   o  Clarified rules for session-level and media level attributes
      provided at either level as well how they can be used in potential
      configurations.

   o  Potential configuration parameters no longer have implicit
      ordering; an explicit preference indicator is now included.

   o  The parameter name for transport protocols in the potential and
      actual configuration attributes have been changed "p" to "t".

   o  Clarified operator precedence within potential and actual
      configuration attributes.

   o  Potential configurations at the session level now limited to
      indicate latent capability configurations. Consequently, an actual
      configuration attribute can no longer be provided at the session
      level.

   o  Cleaned up capability and potential configuration terminology -
      they are now two clearly different things.

9.5.

9.6. draft-ietf-mmusic-sdp-capability-negotiation-00

   Version 00 is the initial version. The solution provided in this
   initial version is based on an earlier (individual submission)
   version of [SDPCapNeg]. The following are the major changes compared
   to that document:

   o  Solution no longer based on RFC 3407, but defines a set of similar
      attributes (with some differences).

   o  Various minor changes to the previously defined attributes.

   o  Multiple transport capabilities can be included in a single "tcap"
      attribute

   o  A version attribute is now included.

   o  Extensions to the framework are formally supported.

   o  Option tags and the ability to list supported and required
      extensions are supported.

   o  A best-effort SRTP example use case has been added.

   o  Some terminology change throughout to more clearly indicate what
      constitutes capabilities and what constitutes configurations.

10. References

10.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2234] Crocker, D. and Overell, P.(Editors), "Augmented BNF for
             Syntax Specifications: ABNF", RFC 2234, Internet Mail
             Consortium and Demon Internet Ltd., November 1997.

   [RFC3264] Rosenberg, J., and H. Schulzrinne, "An Offer/Answer Model
             with Session Description Protocol (SDP)", RFC 3264, June
             2002.

   [RFC3407] F. Andreasen, "Session Description Protocol (SDP) Simple
             Capability Declaration", RFC 3407, October 2002.

   [RFC3605] C. Huitema, "Real Time Control Protocol (RTCP) attribute in
             Session Description Protocol (SDP)", RFC 3605, October
             2003.

   [RFC4234] Crocker, D., and P. Overell, "Augmented BNF for Syntax
             Specifications: ABNF", RFC 4234, October 2005.

   [SDP]

   [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
             Description Protocol", RFC 4566, July 2006.

   [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
             IANA Considerations Section in RFCs", BCP 26, RFC 2434,
             October 1998.

10.2. Informative References

   [RFC2046] Freed, N., and N. Borensteain, "Multipurpose Internet Mail
             Extensions (MIME) Part Two: Media Types", RFC 2046,
             November 1996.

   [RFC2327] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
             Description Protocol", RFC 2327, April 1998.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
             A., Peterson, J., Sparks, R., Handley, M., and E. Schooler,
             "SIP: Session Initiation Protocol", RFC 3261, June 2002.

   [RFC3388] Camarillo, G., Eriksson, G., Holler, J., and H.
             Schulzrinne, "Grouping of Media Lines in the Session
             Description Protocol (SDP)", RFC 3388, December 2002.

   [RFC3551] Schulzrinne, H., and S. Casner, "RTP Profile for Audio and
             Video Conferences with Minimal Control", RFC 3551, July
             2003.

   [SRTP]    Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
             Norrman, "The Secure Real-time Transport Protocol (SRTP)",
             RFC 3711, March 2004.

   [RFC3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions
             (S/MIME) Version 3.1 Message Specification", RFC 3851, July
             2004.

   [RFC4091] Camarillo, G., and J. Rosenberg, The Alternative Network
             Address Types (ANAT) Semantics for the Session Description
             Protocol (SDP) Grouping Framework, RFC 4091, June 2005.

   [AVPF]    Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey,
             "Extended RTP Profile for RTCP-Based Feedback (RTP/AVPF)",
             Work in Progress, August 2004.

   [I-D.jennings-sipping-multipart] Wing, D., and C. Jennings, "Session
             Initiation Protocol (SIP) Offer/Answer with Multipart
             Alternative", Work in Progress, March 2006.

   [SAVPF]   Ott, J., and E Carrara, "Extended Secure RTP Profile for
             RTCP-based Feedback (RTP/SAVPF)", Work in Progress,
             December 2005.

   [SDES]    Andreasen, F., Baugher, M., and D. Wing, "Session
             Description Protocol Security Descriptions for Media
             Streams", RFC 4568, July 2006.

   [SDPng]   Kutscher, D., Ott, J., and C. Bormann, "Session Description
             and Capability Negotiation", Work in Progress, February
             2005.

   [BESRTP]  Kaplan, H., and F. Audet, "Session Description Protocol
             (SDP) Offer/Answer Negotiation for Best-Effort Secure Real-
             Time Transport Protocol, Work in progress, August 2006.

   [KMGMT]   Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E.
             Carrara, "Key Management Extensions for Session Description
             Protocol (SDP) and Real Time Streaming Protocol (RTSP)",
             RFC 4567, July 2006.

   [SDPCapNegRqts]   Andreasen, F. "SDP Capability Negotiation:
             Requirementes and Review of Existing Work", work in
             progress, December 2006.

   [SDPCapNeg] Andreasen, F. "SDP Capability Negotiation", work in
             progress, December 2006.

   [MIKEY]   J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K.
             Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830,
             August 2004.

   [ICE]     J. Rosenberg, "Interactive Connectivity Establishment
             (ICE): A Methodology for Network Address Translator (NAT)
             Traversal for Offer/Answer Protocols", work in progress,
             January 2007.

   [ICETCP]  J. Rosenberg, "TCP Candidates with Interactive Connectivity
             Establishment (ICE)", work in progress, October 2006.

   [RFC3312] G. Camarillo, W. Marshall, and J. Rosenberg, "Integration
             of Resource Management and Session Initiatio Protocol
             (SIP)", RFC 3312, October 2002.

   [SMIME]   B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions
             (S/MIME) Version 3.1 Message Specification", RFC 3851, July
             2004.

   [RFC4474] J. Peterson, and C. Jennings, "Enhancements for
             Authenticated Identity Management in the Session Initiation
             Protocol (SIP)", RFC 4474, August 2006.

   [sprecon] Andreasen, F. and D. Wing, "Security Preconditions for
             Session Description Protocol Media Streams", Work in
             Progress, October 2006.

Author's Addresses

   Flemming Andreasen
   Cisco Systems
   Edison, NJ

   Email: fandreas@cisco.com

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.