MMUSIC Working Group                                       F. Andreasen
     Internet-Draft                                            Cisco Systems
     Intended Status: Proposed Standard                        March 4,                         July 8, 2007
     Obsolotes: 3407
     Expires: September 2007 January 2008

                             SDP Capability Negotiation
            draft-ietf-mmusic-sdp-capability-negotiation-05.txt
                 draft-ietf-mmusic-sdp-capability-negotiation-06.txt

     Status of this Memo

        By submitting this Internet-Draft, each author represents that
        any applicable patent or other IPR claims of which he or she is
        aware have been or will be disclosed, and any of which he or she
        becomes aware will be disclosed, in accordance with Section 6 of
        BCP 79.

        Internet-Drafts are working documents of the Internet Engineering
        Task Force (IETF), its areas, and its working groups.  Note that
        other groups may also distribute working documents as Internet-
        Drafts.

        Internet-Drafts are draft documents valid for a maximum of six months
        and may be updated, replaced, or obsoleted by other documents at any
        time.  It is inappropriate to use Internet-Drafts as reference
        material or to cite them other than as "work in progress."

        The list of current Internet-Drafts can be accessed at
             http://www.ietf.org/ietf/1id-abstracts.txt

        The list of Internet-Draft Shadow Directories can be accessed at
             http://www.ietf.org/shadow.html

        This Internet-Draft will expire on September 4, 2007. January 8, 2008.

     Copyright Notice

        Copyright (C) The IETF Trust (2007).

     Abstract

        The Session Description Protocol (SDP) was intended for describing
        multimedia sessions for the purposes of session announcement, session
        invitation, and other forms of multimedia session initiation. SDP was
        not intended to provide capability indication or capability
        negotiation, however over the years, SDP has seen widespread adoption
        and as a result it has been gradually extended to provide limited
        support for these. these, notably in the form of the offer/answer model
        defined in RFC 3264. SDP and its current extensions however do not have
   the ability
        define how to negotiate one or more alternative transport protocols
        (e.g. RTP profiles) which or attributes. This makes it particularly difficult to deploy
        new RTP profiles such as secure RTP or RTP with RTCP-based feedback. feedback,
        negotiate use of different keying mechanisms, etc. It also presents
        problems for some forms of media negotiation.

        The purpose of this document is to address that and other real-life
   limitations these shortcomings by
        extending SDP with capability negotiation parameters and associated
        offer/answer procedures to use those parameters in a backwards
        compatible manner.

        The solution provided in this document provides a general SDP
   capability negotiation
        Capability Negotiation framework. It also defines specifically how to
        provide attributes and transport protocols as capabilities and
        negotiate them using the framework. Extensions for other types of
        capabilities (e.g. media types and media formats) may be provided in
        other documents.

     Table of Contents

        1. Introduction...................................................3
        2. Conventions used in this document..............................6 document..............................7
        3. SDP Capability Negotiation Solution............................6 Solution............................7
           3.1. Solution Overview.........................................6 SDP Capability Negotiation Model..........................7
           3.2. Solution Overview........................................10
           3.3. Relationship to RFC 3407..................................9
      3.3. 3407.................................13
           3.4. Version and Extension Indication Attributes...............9
         3.3.1. Attributes..............13
              3.4.1. Supported Capability Negotiation Extensions Attribute9
         3.3.2. Attribute13
              3.4.2. Required Capability Negotiation Extension Attribute.11
      3.4. Attribute.15
           3.5. Capability Attributes....................................12
         3.4.1. Attributes....................................16
              3.5.1. Attribute Capability Attribute......................13
         3.4.2. Attribute......................16
              3.5.2. Transport Protocol Capability Attribute.............14
         3.4.3. Attribute.............18
              3.5.3. Extension Capability Attributes.....................16
      3.5. Attributes.....................19
           3.6. Configuration Attributes.................................16
         3.5.1. Attributes.................................20
              3.6.1. Potential Configuration Attribute...................16
         3.5.2. Attribute...................20
              3.6.2. Actual Configuration Attribute......................22
      3.6. Attribute......................27
           3.7. Offer/Answer Model Extensions............................24
         3.6.1. Extensions............................29
              3.7.1. Generating the Initial Offer........................24
         3.6.2. Offer........................29
              3.7.2. Generating the Answer...............................27
            3.6.2.1. Answer...............................32
                 3.7.2.1. Example Views of Potential Configurations......31
         3.6.3. Configurations......37
              3.7.3. Offerer Processing of the Answer....................34
         3.6.4. Answer....................39
              3.7.4. Modifying the Session...............................35
      3.7. Session...............................41
           3.8. Interactions with ICE....................................35
      3.8. ICE....................................41
           3.9. Interactions with SIP Option Tags........................42
           3.10. Processing Media before Answer...........................36
      3.9. Answer..........................43
           3.11. Dealing with Large Number of Potential Configurations...44
           3.12. SDP Capability Negotiation and Intermediaries...........45
           3.13. Considerations for Specific Attribute Capabilities.......37
         3.9.1. Capabilities......46
              3.13.1. The rtpmap and fmtp Attributes......................37
         3.9.2. Attributes.....................46
              3.13.2. Direction Attributes................................38 Attributes...............................47
        4. Examples......................................................38 Examples......................................................48
           4.1. Best-Effort Secure RTP...................................38 RTP...................................48
           4.2. Multiple Transport Protocols.............................41 Protocols.............................51
           4.3. Best-Effort SRTP with Session-Level MIKEY and Media Level
           Security Descriptions.........................................45 Descriptions.........................................54
           4.4. SRTP with Session-Level MIKEY and Media Level Security
           Descriptions as Alternatives..................................49 Alternatives..................................59
        5. Security Considerations.......................................51 Considerations.......................................62
        6. IANA Considerations...........................................53 Considerations...........................................64
           6.1. New SDP Attributes.......................................53 Attributes.......................................64
           6.2. New SDP Capability Negotiation Option Tag Registry.......54 Registry.......66
           6.3. New SDP Capability Negotiation Potential Configuration
           Parameter Registry............................................55 Registry............................................66
        7. To Do and Open Issues.........................................55 Acknowledgments...............................................66
        8. Acknowledgments...............................................55
   9. Change Log....................................................56 Log....................................................67
           8.1. draft-ietf-mmusic-sdp-capability-negotiation-06..........67
           8.2. draft-ietf-mmusic-sdp-capability-negotiation-05..........68
           8.3. draft-ietf-mmusic-sdp-capability-negotiation-04..........69
           8.4. draft-ietf-mmusic-sdp-capability-negotiation-03..........70
           8.5. draft-ietf-mmusic-sdp-capability-negotiation-02..........70
           8.6. draft-ietf-mmusic-sdp-capability-negotiation-01..........71
           8.7. draft-ietf-mmusic-sdp-capability-negotiation-00..........71
        9. References....................................................73
           9.1. draft-ietf-mmusic-sdp-capability-negotiation-05..........56
      9.2. draft-ietf-mmusic-sdp-capability-negotiation-04..........57
      9.3. draft-ietf-mmusic-sdp-capability-negotiation-03..........57
      9.4. draft-ietf-mmusic-sdp-capability-negotiation-02..........57
      9.5. draft-ietf-mmusic-sdp-capability-negotiation-01..........58
      9.6. draft-ietf-mmusic-sdp-capability-negotiation-00..........59
   10. References...................................................60
      10.1. Normative References....................................60
      10.2. References.....................................73
           9.2. Informative References..................................60 References...................................73
        Author's Addresses...............................................62 Addresses...............................................76
        Intellectual Property Statement..................................63 Statement..................................76
        Full Copyright Statement.........................................63
   Acknowledgment...................................................63 Statement.........................................76
        Acknowledgment...................................................77

     1. Introduction

        The Session Description Protocol (SDP) was intended for describing
        multimedia sessions for the purposes of session announcement, session
        invitation, and other forms of multimedia session initiation. The SDP
        contains one or more media stream descriptions with information such
        as IP-address and port, type of media stream (e.g. audio or video),
        transport protocol (possibly including profile information, e.g.
        RTP/AVP or RTP/SAVP), media formats (e.g. codecs), and various other
        session and media stream parameters that define the session.

        Simply providing media stream descriptions is sufficient for session
        announcements for a broadcast application, where the media stream
        parameters are fixed for all participants. When a participant wants
        to join the session, he obtains the session announcement and uses the
        media descriptions provided, e.g., joins a multicast group and
        receives media packets in the encoding format specified.  If the
        media stream description is not supported by the participant, he is
        unable to receive the media.

        Such restrictions are not generally acceptable to multimedia session
        invitations, where two or more entities attempt to establish a media
        session that uses a set of media stream parameters acceptable to all
        participants. First of all, each entity must inform the other of its
        receive address, and secondly, the entities need to agree on the
        media stream parameters to use for the session, e.g. transport
        protocols and codecs. We here To solve this, RFC 3264 [RFC3264] defined the
        offer/answer model, whereby an offerer constructs an offer SDP that
        lists the media streams, codecs, and other SDP parameters that the
        offerer is willing to use. This offer SDP is sent to the answerer,
        which chooses from among the media streams, codecs and other SDP
        parameters provided, and generates an answer SDP with his parameters,
        based on that choice. The answer SDP is sent back to the offerer
        thereby completing the session negotiation and enabling the
        establishment of the negotiated media streams.

        Taking a step back, we can make a distinction between the
        capabilities supported by each participant, the way in which those
        capabilities can be supported and the parameters that can actually be
        used for the session. More generally, we can say that we have the
        following:

        o  A set of capabilities for the session and its associated media
           stream components, supported by each side. The capability
           indication by itself does not imply a commitment to use the
           capability in the session.

           A capability can for example be that the "RTP/SAVP" profile is
           supported, that the "PCMU" codec is supported, or that the
           "crypto" attribute is supported with a particular value.

        o  A set of potential configurations indicating which combinations of
           those capabilities can be used for the session and its associated
           media stream components.

   o  An actual configuration Potential configurations are not ready
           for the session and its associated media
      stream components, which specifies which combinations of session
      parameters use. Instead, they provide an alternative that may be used,
           subject to further negotiation.

           A potential configuration can for example indicate that the "PCMU"
           codec and the "RTP/SAVP" transport protocol are not only supported
           (i.e. listed as capabilities), but they are offered for potential
           use in the session.

        o  An actual configuration for the session and its associated media
           stream components, which specifies which combinations of session
           parameters and media stream components to use can be used currently and
           with what parameters. Use of an actual configuration does not
           require any further negotiation.

           A actual configuration can for example be that the "PCMU" codec
           and the "RTP/SAVP" transport protocol are offered for use
           currently.

        o  A negotiation process that takes the set of actual and potential
           configurations (combinations of capabilities) as input and
           provides the negotiated actual configurations as output.

        SDP by itself was designed to provide only one of these, namely
        listing of the actual configurations, however over the years, use of
        SDP has been extended beyond its original scope.  Session  Of particular
        importance are the session negotiation semantics that were defined by
        the offer/answer model in RFC 3264.  It defines how
   two entities, an offerer and an answerer, exchange session
   descriptions to negotiate a session. The offerer can include one or
   more media formats (codecs) per media stream, and the answerer then
   selects one or more of those offered and returns them in an answer.
   Both In this model, both the offer and
        the answer contain actual configurations; separate capabilities and
        potential configurations are not supported. The
   answer however may reduce the set of actual configurations from the
   offer as well as extend the set of actual configurations that can be
   used to receive media by the answerer.

        Other relevant extensions have been defined. Simple defined as well. RFC 3407
        [RFC3407] defined simple capability declarations, which define how to provide extends SDP
        with a simple and limited set of capability descriptions in SDP was defined in RFC 3407. descriptions.  Grouping
        of media lines, which defines how media lines in SDP can have other
        semantics than the traditional "simultaneous media streams"
        semantics, was defined in RFC 3388, 3388 [RFC3388], etc.

        Each of these extensions was designed to solve a specific limitation
        of SDP.  Since SDP had already been stretched beyond its original
        intent, a more comprehensive capability declaration and negotiation
        process was intentionally not defined.  Instead, work on a "next
        generation" of a protocol to provide session description and
        capability negotiation was initiated [SDPng].  SDPng however has defined a
        comprehensive capability negotiation framework and protocol that was
        not
   gained traction bound by existing SDP constraints. SDPng was not designed to be
        backwards compatible with existing SDP and has remained as work in progress for hence required both sides
        to support it, with a graceful fallback to legacy operation when
        needed. This combined with lack of ubiquitous multipart MIME support
        in the protocols that would carry SDP or SDPng made it challenging to
        migrate towards SDPng. In practice, SDPng has not gained traction but
        rather remained as work in progress for an extended period of time.
        Existing real-time multimedia communication protocols such as SIP,
        RTSP, Megaco, and MGCP continue to use SDP.  SDP and its current
        extensions however do not address an increasingly important problem:
        the ability to negotiate one or more alternative transport protocols
        (e.g., RTP profiles). profiles) and associated parameters (e.g. SDP attributes).
        This makes it difficult to deploy new RTP profiles such as secure RTP
        (SRTP) [SRTP], RTP with RTCP-Based Feedback [AVPF], etc.  This
        particular problem is exacerbated by the fact that RTP profiles are
        defined independently.  When a new profile is defined and N other
        profiles already exist, there is a potential need for defining N
        additional profiles, since profiles cannot be combined automatically.
        For example, in order to support the plain and secure RTP version of
        RTP with and without RTCP-based feedback, four separate profiles (and
        hence profile definitions) are needed: RTP/AVP [RFC3551], RTP/SAVP
        [SRTP], RTP/AVPF [AVPF], and RTP/SAVPF [SAVPF].  In addition to the
        pressing profile negotiation problem, other important real-life
        limitations have been found as well. Keying material and other
        parameters for example need to be negotiated with some of the
        transport protocols, but not others. Similarly, some media formats
        and types of media streams need to negotiate a variety of different
        parameters.

        The purpose of this document is to define a mechanism that enables
        SDP to provide limited support for indicating capabilities and their
        associated potential configurations, and negotiate the use of those
        potential configurations as actual configurations.  It is not the
        intent to provide a full-fledged capability indication and
        negotiation mechanism along the lines of SDPng or ITU-T H.245.
        Instead, the focus is on addressing a set of well-known real-life
        limitations. More specifically, the solution provided in this
        document provides a general SDP capability negotiation framework. Capability Negotiation framework that
        is backwards compatible with existing SDP. It also defines
        specifically how to provide attributes and transport protocols as
        capabilities and negotiate them using the framework. Extensions for
        other types of capabilities (e.g. media types and formats) may be
        provided in other documents.

        As mentioned above, SDP is used by several protocols, and hence the
        mechanism should be usable by all of these.  One particularly
        important protocol for this problem is the Session Initiation
        Protocol (SIP) [RFC3261].  SIP uses the offer/answer model [RFC3264]
        (which is not specific to SIP) to negotiate sessions and hence the
        mechanism defined here defines the offer/answer procedures to use for
        the capability negotiation framework.

        The rest of the document is structured as follows. In Section 3. we
        present our the SDP capability negotiation Capability Negotiation solution, which consists of
        new SDP attributes and associated offer/answer procedures. In Section
        4. we provide examples illustrating its use and in Section 5. we
        provide the security considerations.

     2. Conventions used in this document

        The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
        "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
        document are to be interpreted as described in [RFC2119].

     3. SDP Capability Negotiation Solution

        In this section we first provide present the conceptual model behind the SDP
        capability negotiation framework, followed by an overview of the SDP
        Capability
   negotiation Negotiation solution. This is followed by definitions of
        new SDP attributes for the solution and its associated updated
        offer/answer procedures.

     3.1. Solution Overview

   The solution consists of SDP Capability Negotiation Model

        Our model uses the following: concepts of

        o  Two new attributes to support extensions to the framework itself
      as follows:  Capabilities

        o  A new attribute ("a=csup") that lists the supported base and
          extension options to the framework.  Potential Configurations

        o  A new attribute ("a=creq") that lists the extensions  Actual Configurations

        o  Negotiation Process

        as defined in Section 1. Conceptually, we want to offer not just the
          framework that are required to be supported by
        actual configuration SDP, as is done with the entity
          receiving current offer/answer
        model, but the actual configuration SDP in order to do capability negotiation.

   o  Two new attributes used to express capabilities as follows
      (additional attributes can be defined well as extensions):

       o  A new attribute ("a=acap") that defines how to list an
          attribute name, one or more
        alternative SDPs, i.e. potential configurations. The answerer must
        choose either with the actual configuration, or without an associated value, as
          a capability.

       o  A new attribute ("a=tcap") that defines how to list transport
          protocols (e.g. "RTP/AVP") as capabilities.

   o  Two new attributes to negotiate configurations as follows:

       o  A new attribute ("a=pcfg") that lists one of the potential
          configurations supported. This is done by reference
        configurations, and generate an answer SDP based on that. Since the
        offerer may need to perform processing on the
          capabilities from answer, which depends
        on the SDP in question. Multiple offer that was chosen (actual or potential
          configurations have an explicitly indicated ordering
          associated with them. Extension capabilities configuration), the
        answerer informs the offerer of which configuration he chose. The
        process can be defined viewed *conceptually* as follows:

             Offerer                           Answerer
             =======                           ========

        1) Generate offer with actual
           configuration and referenced in the alternative
           potential configurations.

       o  A new attribute ("a=acfg") to be used configurations
        2) Send offer with all configurations

        +------------+
        | SDP o1     |
        | (actual    |
        |  config    |
        |            |-+      Offer
        +------------+ |      ----->   3) Process offered configurations
          | SDP o2     |                  in an order of preference indicated
          | (potential |               4) Generate answer SDP. The
          attribute identifies a potential based on chosen
          |  config 1) |-+                configuration from an offer
          SDP (e.g. o2), and inform
          +------------+ |                offerer which were used as an actual configuration to form the one was chosen
            | SDP o3     |
            | (potential |
            |  config 2) |-+
            +------------+ |
              | SDP ...    |
              :            :

                                           +------------+
                                           | SDP a1     |
                             Answer        | (actual    |
                             <-----        |  config,o2)|
                                           |            |
        5) Process answer SDP. Extension capabilities can be included as well.

   o  Extensions to based on         +------------+
           the offer/answer model configuration that allow for capabilities
      and potential configurations to be included was
           chosen (o2), as indicated in an offer.
      Capabilities can be provided at
           the session level or answer

        The above illustrates the media
      level. Potential configurations can be included at the media level
      only, where they constitute alternative offers that may be
      accepted by conceptual model, however the answerer instead of actual
        solution uses only a single SDP, which contains the actual configuration(s)
      included in
        configuration (as with current SDP and the "m=" line(s). The answerer indicates which (if
      any) of current offer/answer
        model) enhanced with several new attributes and associated
        procedures, that encode the capabilities and potential configurations it used
        and negotiate which ones to form the answer by
      including use. A more accurate depiction of the
        actual configuration attribute ("a=acfg") in the
      answer.  Capabilities may be included in answers as well, where
      they can aid in guiding a subsequent new offer.

   The mechanism is illustrated by the offer/answer exchange below,
   where Alice sends an offer to Bob:

                Alice                               Bob SDP is therefore as follows:

               +--------------------+
               | SDP o1             |
               | (actual            |
               |  config            |
               |                    |
               | +-------------+    |
               | | capability 1|    |
               | | capability 2|    |
               | | ...         |    |
               | +-------------+    | (1)   Offer (SRTP and RTP)
               |
                  |--------------------------------->|                    |   ----->
               | +-------------+    | (2) Answer (SRTP)
               |
                  |<---------------------------------| | potential   |

   Alice's offer includes RTP and SRTP as alternatives. RTP    |
               | |   config 1  |    |
               | | potential   |    |
               | |   config 2  |    |
               | | ...         |    |
               | +-------------+    |
               |                    |
               +--------------------+

        The above structure is the
   default (actual configuration), but SRTP used for two reasons:

        o  Backwards compatibility:   As noted above, support for multipart
           MIME is not ubiquitous. By encoding both capabilities and
           potential configurations in SDP attributes, we can represent
           everything in a single SDP thereby avoiding any multipart MIME
           support issues. Furthermore, since unknown SDP attributes are
           ignored by the preferred one
   (potential configuration):

      v=0
      o=- 25678 753849 IN IP4 192.0.2.1
      s=
      c=IN IP4 192.0.2.1
      t=0 0
      m=audio 53456 RTP/AVP 0 18
      a=tcap:1 RTP/SAVP
      a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=pcfg:1 t=1 a=1

   The "m=" line indicates SDP recipient, we ensure that Alice is offering to use plain RTP with
   PCMU or G.729.  The capabilities are provided by the "a=tcap" and
   "a=acap" attributes. The transport capabilities ("a=tcap") indicate entities that secure RTP under do not
           support the AVP profile ("RTP/SAVP") is supported framework simply perform the regular RFC 3264
           offer/answer procedures. This provides us with
   an associated transport capability handle seamless backwards
           compatibility.

        o  Message size efficiency:   When we have multiple media streams,
           each of 1. The "acap" attribute
   provides an attribute capability which may potentially use two or more different transport
           protocols with a handle variety of 1. The attribute
   capability different associated parameters, the
           number of potential configurations can be large. If each possible
           alternative is represented as a "crypto" attribute, which provides the keying
   material for SRTP using complete SDP security descriptions [SDES]. The
   "a=pcfg" attribute provides the potential configuration included in an offer, we can
           easily end up with large messages. By providing a more compact
           encoding, we get more efficient message sizes.

        In the offer by reference to next section, we describe the capability parameters.  One alternative
   is provided; it has a configuration number of 1 exact structure and it specific SDP
        parameters used to represent this.

     3.2. Solution Overview

        The solution consists of
   transport protocol capability 1 (i.e. the RTP/SAVP profile - secure
   RTP), and following:

        o  Two new attributes to support extensions to the framework itself
           as follows:

            o  A new attribute capability 1, i.e. ("a=csup") that lists the crypto attribute
   provided. Potential configurations are always preferred over supported base
               (optionally) and any supported extension options to the
   actual configuration included in
               framework.

            o  A new attribute ("a=creq") that lists the offer SDP, and hence Alice is
   expressing a preference for using secure RTP.

   Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP
   Capability Negotiation framework, and hence he accepts extensions to the
   (preferred) potential configuration for Secure RTP provided
               framework that are required to be supported by Alice:

      v=0
      o=- 24351 621814 IN IP4 192.0.2.2
      s=
      c=IN IP4 192.0.2.2
      t=0 0
      m=audio 54568 RTP/SAVP 0 18
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
            inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
      a=acfg:1 t=1 a=1

   Bob includes the "a=acfg" attribute in entity
               receiving the answer SDP in order to inform Alice do capability negotiation.

        o  Two new attributes used to express capabilities as follows
           (additional attributes can be defined as extensions):

            o  A new attribute ("a=acap") that he based his answer on defines how to list an offer containing the potential
   configuration
               attribute name, either with or without an associated value, as
               a capability.

            o  A new attribute ("a=tcap") that defines how to list transport protocol capability 1 and
               protocols (e.g. "RTP/AVP") as capabilities.

        o  Two new attributes to negotiate configurations as follows:

            o  A new attribute
   capability 1 from ("a=pcfg") that lists the offer SDP (i.e. potential
               configurations supported. This is done by reference to the RTP/SAVP profile using
               capabilities from the
   keying material provided).  Bob also includes his keying material SDP in
   a crypto attribute. If Bob supported one or more extensions to the
   capability negotiation framework, he would question. Alternative potential
               configurations have included option tags
   for those in the answer as well (in an "a=csup" attribute).

   Note that explicit ordering associated with them.
               Extension capabilities can be defined and referenced in this particular example, the answerer supported the
   capability negotiation extensions defined here, however had he not,
               potential configurations.

            o  A new attribute ("a=acfg") to be used in an answer SDP. The
               attribute identifies a potential configuration from an offer
               SDP which was used as an actual configuration to form the answerer would simply have ignored
               answer SDP. Extension capabilities can be included as well.

        o  Extensions to the new attributes offer/answer model that allow for capabilities
           and potential configurations to be included in an offer.
           Capabilities can be provided at the session level and the media
           level. Potential configurations can be included at the media level
           only, where they constitute alternative offers that may be
           accepted by the (actual configuration) offer answerer instead of the actual configuration(s)
           included in the "m=" line(s). The answerer indicates which (if
           any) of the potential configurations it used to use normal RTP. In that
   case, form the following answer would have been generated instead: by
           including the actual configuration attribute ("a=acfg") in the
           answer.  Capabilities may be included in answers as well, where
           they can aid in guiding a subsequent new offer.

        The mechanism is illustrated by the offer/answer exchange below,
        where Alice sends an offer to Bob:

                     Alice                               Bob

                       | (1) Offer (SRTP and RTP)         |
                       |--------------------------------->|
                       |                                  |
                       | (2) Answer (SRTP)                |
                       |<---------------------------------|
                       |                                  |

        Alice's offer includes RTP and SRTP as alternatives. RTP is the
        default (actual configuration), but SRTP is the preferred one
        (potential configuration):

           v=0
           o=- 24351 621814 25678 753849 IN IP4 192.0.2.2 192.0.2.1
           s=
           c=IN IP4 192.0.2.2 192.0.2.1
           t=0 0
           m=audio 54568 53456 RTP/AVP 0 18

3.2. Relationship to RFC 3407

   RFC 3407 defines capability descriptions with limited abilities to
   describe attributes, bandwidth parameters, transport protocols and
   media formats. RFC 3407 does not define any negotiation procedures
   for actually using those capability descriptions.

   This document obsoletes RFC 3407 by defining new attributes for
   describing attribute capabilities and transport capabilities. It also
   defines procedures for actually using those capabilities as part of
   an offer/answer exchange. Extensions to this document may be defined
   in order

           a=tcap:1 RTP/SAVP
           a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=pcfg:1 t=1 a=1

        The "m=" line indicates that Alice is offering to fully cover all the use plain RTP with
        PCMU or G.729.  The capabilities are provided by RFC 3407
   (for example more general media capabilities).

   It is RECOMMENDED that implementations use the attributes "a=tcap" and
   procedures defined in this document instead
        "a=acap" attributes. The transport capabilities ("a=tcap") indicate
        that secure RTP under the AVP profile ("RTP/SAVP") is supported with
        an associated transport capability handle of those defined in
   [RFC3407].

   If 1. The "acap" attribute
        provides an attribute capability description interoperability with legacy RFC 3407
   implementations is desired, implementations MAY include both RFC 3407 a handle of 1. The attribute
        capability is a "crypto" attribute, which provides the keying
        material for SRTP using SDP security descriptions and capabilities defined by this document. [SDES]. The offer/answer negotiation procedures however will not be able
        "a=pcfg" attribute provides the potential configuration included in
        the offer by reference to
   use the RFC 3407 capability descriptions.

3.3. Version parameters.  One alternative
        is provided; it has a configuration number of 1 and Extension Indication Attributes

   In this section, we present it consists of
        transport protocol capability 1 (i.e. the new attributes associated with
   indicating RTP/SAVP profile - secure
        RTP), and the SDP attribute capability negotiation extensions supported and
   required.

3.3.1. Supported Capability Negotiation Extensions Attribute

   The SDP Capability negotiation solution allows for capability
   negotiation extensions to be defined. Associated with each such
   extension is an option tag that identifies 1, i.e. the extension in question.

   Option-tags MUST be registered with IANA per crypto attribute
        provided. Potential configurations are always preferred over the procedures defined
        actual configuration included in Section 6.

   The Supported Capability Negotiation Extensions attribute ("a=csup")
   contains the offer SDP, and hence Alice is
        expressing a comma-separated list of option tags identifying preference for using secure RTP.

        Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP
        Capability negotiation extensions supported Negotiation framework, and hence he accepts the
        (preferred) potential configuration for Secure RTP provided by Alice
        and generates the entity that
   generated following answer SDP:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/SAVP 0 18
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
                 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
           a=acfg:1 t=1 a=1

        Bob includes the SDP. The "a=acfg" attribute is defined as follows:

      a=csup: <option-tag-list>

   RFC 4566, Section 9, provides in the ABNF for SDP attributes. The "csup"
   attribute adheres answer to the RFC 4566 "attribute" production, with inform Alice
        that he based his answer on an
   att-value defined as follows:

      att-value         = option-tag-list
      option-tag-list   = option-tag *(COMMA option-tag)
      option-tag        = token    ; defined in [RFC4566]
      COMMA             = ","      ; defined in [RFC4234]

   Implementers familiar offer containing the potential
        configuration with transport protocol capability 1 and attribute
        capability 1 from the Session Initiation Protocol (SIP)
   should note that offer SDP (i.e. the above definition of COMMA differs from RTP/SAVP profile using the one
   in [RFC3261].

   A special base option tag with
        keying material provided).  Bob also includes his keying material in
        a value of "cap-v0" is defined for "crypto" attribute. If Bob supported one or more extensions to the
   basic SDP
        capability negotiation framework. Entities can use this framework, he would have included option tag with the "a=csup" attribute to indicate support tags
        for those in the
   SDP capability negotiation framework specified answer as well (in an "a=csup" attribute).

        Note that in this document.

   The following examples illustrates the use of particular example, the "a=csup" attribute
   with answerer supported the "cap-v0" option tags and two hypothetical option tags, "foo"
   and "bar" (note
        capability negotiation extensions defined here, however had he not,
        the lack of white space):

      a=csup:cap-v0

      a=csup:foo

      a=csup:bar

      a=csup:cap-v0,foo,bar

   The "a=csup" attribute can be provided at answerer would simply have ignored the session new attributes and
        accepted the media-
   level. When provided at the session-level, it applies (actual configuration) offer to use normal RTP. In that
        case, the entire
   SDP. When provided at the media-level, it applies following answer would have been generated instead:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/AVP 0 18
     3.3. Relationship to the RFC 3407

        RFC 3407 defines capability descriptions with limited abilities to
        describe attributes, bandwidth parameters, transport protocols and
        media
   description in question only (option-tags provided at the session
   level apply as well). There can be at most one "a=csup" formats. RFC 3407 does not define any negotiation procedures
        for actually using those capability descriptions.

        This document obsoletes RFC 3407 by defining new attributes at
   the session-level for
        describing attribute capabilities and at most one at the media-level (one per media
   description transport capabilities. It also
        defines procedures for actually using those capabilities as part of
        an offer/answer exchange. Extensions to this document may be defined
        in order to fully cover all the latter case).

   Whenever an entity that supports one or capabilities provided by RFC 3407
        (for example more extensions general media capabilities).

        It is RECOMMENDED that implementations use the attributes and
        procedures defined in this document instead of those defined in
        [RFC3407].

        If capability description interoperability with legacy RFC 3407
        implementations is desired, implementations MAY include both RFC 3407
        capability descriptions and capabilities defined by this document.
        The offer/answer negotiation procedures however will not be able to
        use the RFC 3407 capability descriptions.

     3.4. Version and Extension Indication Attributes

        In this section, we present the new attributes associated with
        indicating the SDP Capability Negotiation framework generates an SDP, it SHOULD include
   the "a=csup" attribute extensions supported and
        required.

     3.4.1. Supported Capability Negotiation Extensions Attribute

        The SDP Capability Negotiation solution allows for capability
        negotiation extensions to be defined. Associated with the each such
        extension is an option tags for tag that identifies the extensions it
   supports at extension in question.
        Option-tags MUST be registered with IANA per the session and/or media-level, unless those option tags
   are already provided procedures defined
        in one or more "a=creq" attribute (see Section
   3.3.2. ) at the relevant levels. The base option tag MAY be included.

3.3.2. Required Capability Negotiation Extension Attribute 6.

        The Required Supported Capability Negotiation Extensions attribute ("a=creq") ("a=csup")
        contains a comma-separated list of option tags (see Section 3.3.1. ) identifying the SDP
        Capability negotiation Negotiation extensions that MUST be supported by the entity receiving the SDP in order for that entity to
   properly process the SDP Capability Negotiation attributes and
   associated procedures. Support for
        generated the basic negotiation framework is
   implied by the presence of an "a=pcfg" attribute (see Section 3.5.1.
   ) and hence there is no need to include the "a=creq" attribute with
   the base option-tag ("cap-v0"). Still, it is allowed to do so. SDP. The attribute is defined as follows:

      a=creq:

           a=csup: <option-tag-list>
        RFC 4566, Section 9, provides the ABNF for SDP attributes. The "creq" "csup"
        attribute adheres to the RFC 4566 "attribute" production, with an
        att-value defined as follows:

           att-value         = option-tag-list
           option-tag-list   = option-tag *("," option-tag)
           option-tag        = token    ; defined in [RFC4566]

        A special base option tag with a value of "cap-v0" is defined for the
        basic SDP Capability Negotiation framework defined in this document.
        Entities can use this option tag with the "a=csup" attribute to
        indicate support for the SDP Capability Negotiation framework
        specified in this document.

        The following examples illustrate illustrates the use of the "a=creq" "a=csup" attribute
        with the "cap-v0" base option tag tags and two hypothetical option tags, "foo"
        and "bar" (note the lack of white space):

      a=creq:cap-v0

      a=creq:foo

      a=creq:bar

      a=creq:cap-v0,foo,bar

           a=csup:cap-v0

           a=csup:foo

           a=csup:bar

           a=csup:cap-v0,foo,bar

        The "a=creq" "a=csup" attribute can be provided at the session and the media-
        level. When provided at the session-level, it applies to the entire
        SDP. When provided at the media-level, it applies to the media-stream media
        description in question only (required option tags (option-tags provided at the session
        level apply as well). There can be at most one "a=creq" "a=csup" attribute at
        the session-level and at most one "a=creq" attribute at the media-level (one per media
        description in the latter case).

   When

        Whenever an entity generates an SDP and it requires the recipient of that
   SDP to support supports one or more SDP capability negotiation extensions in
   order to properly process the SDP
        Capability negotiation, Negotiation framework generates an SDP, it SHOULD include
        the
   "a=creq" "a=csup" attribute MUST be included with option-tags that identify the required option tags for the extensions it
        supports at the session and/or media level, media-level, unless it
   is already known that the receiving entity supports those option-tags option tags
        are already provided in one or more "a=creq" attribute (see Section
        3.4.2. ) at the relevant levels (in which case their inclusion is OPTIONAL).

     An example levels. Inclusion of this is when generating an answer to an offer. If the
     answerer supports base option tag is
        OPTIONAL; support for the required option-tags base framework can be inferred from
        presence of the offer, and "a=pcfg" attribute defined in Section 3.6.1.

          Use of the
     answerer does not require any additional option-tags beyond what
     was listed base option tag may still be useful in either some scenarios,
          e.g. when using SIP OPTIONS [RFC3261] or generating an answer to an
          offer that did not use the required SDP Capability Negotiation framework.

     3.4.2. Required Capability Negotiation Extension Attribute

        The Required Capability Negotiation Extensions attribute ("a=creq") or
        contains a comma-separated list of option tags (see Section 3.4.1. )
        specifying the SDP Capability Negotiation extensions that MUST be
        supported
     ("a=csup")  attributes from by the offer, then entity receiving the answerer is not
     required to include a required ("a=creq") attribute with any
     option-tags SDP, in order for that may need entity
        to be supported (such as properly process the base option
     tag - "cap-v0"). SDP Capability Negotiation attributes and
        associated procedures. Support for the basic negotiation framework is
        implied by the presence of an "a=pcfg" attribute (see Section 3.5.1. 3.6.1.
        ) and hence it there is not required no need to include the "a=creq" attribute with
        the base option-tag ("cap-v0").

   A recipient that receives Still, it is allowed to do so.

        The attribute is defined as follows:

           a=creq: <option-tag-list>

        The "creq" attribute adheres to the RFC 4566 "attribute" production,
        with an SDP att-value defined as follows:

           att-value   = option-tag-list

        The following examples illustrate the use of the "a=creq" attribute
        with the "cap-v0" base option tag and does not support one or more two hypothetical option tags,
        "foo" and "bar" (note the lack of white space):

           a=creq:cap-v0

           a=creq:foo

           a=creq:bar

           a=creq:cap-v0,foo,bar

        The "a=creq" attribute can be provided at the required extensions listed in a "creq" attribute, MUST NOT
   perform session and the SDP capability negotiation defined in this document. For
   non-supported extensions media-
        level. When provided at the session-level, this implies
   that SDP capability negotiation MUST NOT be performed at all. For
   non-supported extensions it applies to the entire
        SDP. When provided at the media-level, it applies to the media
        description in question only (required option tags provided at the
        session level apply as well). There can be at most one "a=creq"
        attribute at the session-level and at most one "a=creq" attribute at
        the media-level (one per media description in the latter case).

        When an entity generates an SDP and it requires the recipient of that
        SDP to support one or more SDP Capability Negotiation extensions
        (except for the base), in order to properly process the SDP
        Capability Negotiation, the "a=creq" attribute MUST be included with
        option-tags that identify the required extensions at the session
        and/or media level. Support for the basic negotiation framework is
        implied by the presence of an "a=pcfg" attribute (see Section 3.6.1.
        ) and hence it is not required to include the "a=creq" attribute with
        the base option-tag ("cap-v0").

        A recipient that receives an SDP and does not support one or more of
        the required extensions listed in a "creq" attribute, MUST NOT
        perform the SDP Capability Negotiation defined in this document. For
        non-supported extensions provided at the session-level, this implies
        that SDP
   capability negotiation Capability Negotiation MUST NOT be performed at all. For
        non-supported extensions at the media-level, this implies that SDP
        Capability Negotiation MUST NOT be performed for the media stream in
        question.

          An entity that does not support the SDP Capability Negotiation
          framework at all, will ignore these attributes (as well as the
          other SDP Capability Negotiation attributes) and not perform any
          SDP Capability Negotiation in the first place.

        When an entity does not support one or more required SDP capability
   negotiation Capability
        Negotiation extensions, the entity SHOULD proceed as if the SDP
   capability negotiation
        Capability Negotiation attributes were not included in the first
        place, i.e. all the capability negotiation attributes should be
        ignored.  In that case, the entity SHOULD include a "csup" attribute
        listing the SDP capability negotiation Capability Negotiation extensions it actually
        supports.

          This ensures that introduction of the SDP capability negotiation Capability Negotiation
          mechanism by itself does not introduce any new failure scenarios.

3.4. lead to session failures.

     3.5. Capability Attributes

        In this section, we present the new attributes associated with
        indicating the capabilities for use by the SDP Capability
   negotiation.

3.4.1.
        Negotiation.

     3.5.1. Attribute Capability Attribute

        Attributes and their associated values can be expressed as
        capabilities by use of a new attribute capability attribute
        ("a=acap"), which is defined as follows:

           a=acap: <att-cap-num> <att-par>

        where <att-cap-num> is an integer between 1 and 2^31-1 (both
        included) used to number the attribute capability and <att-par> is an
        attribute ("a=") in its full  '<type>=<value>' form (see [RFC4566]).
        Support for a specific attribute (name) (without any particular
        values) can be indicated by providing only the '<type>' (i.e. the
        attribute name).

        The "acap" attribute adheres to the RFC 4566 "attribute" production,
        with an att-value defined as follows:

           att-value   = att-cap-num 1*WSP att-par
           att-cap-num = 1*DIGIT ;defined in [RFC4234]
           att-par     = attribute  ;defined in RFC 4566

        Note that white-space is not permitted before the att-cap-num.

        The "acap" attribute can be provided at the session level only for
        session-level attributes and contained in the attribute capability,
        whereas media level for media-level
   attributes. The "acap" attribute MUST NOT attributes can be used to provide a media-
   level in attribute
        capabilities at either the session-level media level or vice versa. session-level. The base SDP
        Capability Negotiation framework however only defines procedures for
        use of media-level attribute capabilities at the media level
        (extensions may define use at the session level).

        Each occurrence of the "acap" attribute in the entire session
        description MUST use a different value of <att-cap-num>.

          There is a need to be able to reference both session-level and
          media-level attributes in potential configurations at the media
          level, and this provides for a simple solution to avoiding overlap
          between the references (handles) to each attribute capability.

        The <att-cap-num> values provided are independent of similar <cap-
        num> values provided for other types of capabilities, i.e., they form
        a separate name-space for attribute capabilities.

        The following examples illustrate use of the "acap" attribute:

           a=acap:1 a=ptime:20

           a=acap:2 a=ptime:30

           a=acap:3 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyONQ6gAA
           AAAGEEoo2pee4hp2UaDX8ZE22YwKAAAPZG9uYWxkQGR1Y2suY29tAQAAAAAAAQAk0
           JKpgaVkDaawi9whVBtBt0KZ14ymNuu62+Nv3ozPLygwK/GbAV9iemnGUIZ19fWQUO
           SrzKTAv9zV

           a=acap:4 a=crypto:1 AES_CM_128_HMAC_SHA1_32
                 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32

           a=acap:5 a=crypto
           a=acap:6 a=key-mgmt

        The first two attribute capabilities provide attribute values for the
        ptime attribute. The third provides SRTP parameters by using MIKEY
        with the key-mgmt attribute [KMGMT]. The fourth provides SRTP
        parameters by use of security descriptions with the crypto attribute
        [SDES]. Note that the line-wrapping and new-lines in example three
        and four are provided for formatting reasons only - they are not
        permitted in actual SDP. The 5th attribute capability merely
        indicates support for the "crypto" attribute (without any further
        information about particular values to use with it), and the 6th
        attribute capability merely indicates support for the "key-mgmt"
        attribute.

          Readers familiar with RFC 3407 may notice the similarity between
          the RFC 3407 "cpar" attribute and the above. There are however a
          couple of important differences, most notably that the "acap" attribute
          contains a handle that enables referencing it and it furthermore
          supports attributes only (the "cpar" attribute defined in RFC 3407
          supports bandwidth information as well). The "acap" attribute also
          is not automatically associated with any particular capabilities.

3.4.2.

     3.5.2. Transport Protocol Capability Attribute

        Transport Protocols can be expressed as capabilities by use of a new
        Transport Protocol Capability attribute ("a=tcap") defined as
        follows:

           a=tcap: <trpr-cap-num> <proto-list>

        where <trpr-cap-num> is an integer between 1 and 2^31-1 (both
        included) used to number the transport address capability for later
        reference, and <proto-list> is one or more <proto>, separated by
        white space, as defined in the SDP "m=" line.

        The "tcap" attribute adheres to the RFC 4566 "attribute" production,
        with an att-value defined as follows:

           att-value      = trpr-cap-num 1*WSP proto-list
           trpr-cap-num   = 1*DIGIT ;defined in [RFC4234]
           proto-list     = proto *(1*WSP proto) ; defined in RFC 4566

        Note that white-space is not permitted before the trpr-cap-num.

        The "tcap" attribute can be provided at the session- session-level and the
        media-level. There can be multiple "tcap" attributes at most one "a=tcap" attribute at the
        session-level as well
   as within each and at most one at the media-level (one per media description.
        description in the latter case). Each occurrence of the "tcap"
        attribute in the entire session description MUST use a different
        value of <trpr-cap-num>.  When multiple <proto> values are provided,
        the first one is associated with the value <trpr-cap-num>, the second
        one with the value one higher, etc. The <trpr-cap-num> values
        provided are independent of similar <cap-num> values provided for
        other capability attributes, i.e., they form a separate name-space
        for transport protocol capabilities.

        Below, we provide examples of the "a=tcap" attribute:

           a=tcap:1 RTP/AVP

           a=tcap:2 RTP/AVPF

           a=tcap:3 RTP/SAVP RTP/SAVPF

        The first one provides a capability for the "RTP/AVP" profile defined
        in [RFC3551] and the second one provides a capability for the RTP
        with RTCP-Based Feedback profile defined in [AVPF]. The third one
        provides capabilities for the "RTP/SAVP" (transport capability number
        3) and "RTP/SAVPF" profiles. profiles (transport protocol capability number 4).

        Transport capabilities are inherently included in the "m=" line,
        however they still need to be specified explicitly in a "tcap"
        attribute, if they are to be used as a capability.

          This may seem redundant (and indeed it is from the offerer's point
          of view), however it is done to protect against middle-boxes intermediaries
          (e.g. middle-boxes) that may modify "m=" lines while passing
          unknown attributes through. If an implicit transport capability
          were used instead (e.g. a reserved transport capability number
          could be used to refer to the transport protocol in the "m=" line),
          and a middle-box an intermediary were to modify the transport protocol in the
          "m=" line (e.g. to translate between plain RTP and secure RTP),
          then the potential configuration referencing that implicit
          transport capability may no longer be correct. With explicit
          capabilities, we avoid this pitfall, although the potential
          configuration preference (see Section 3.5.1. 3.6.1. ) may not reflect that
          of the middle-box intermediary (which some may view as a feature).

3.4.3.

     3.5.3. Extension Capability Attributes

        The SDP Capability Negotiation framework allows for new capabilities
        to be defined as extensions and used with the general capability
        negotiation framework. The syntax and semantics of such new
        capability attributes are not defined here, however in order to be
        used with potential configurations, they SHOULD allow for a numeric
        handle to be associated with each capability. This handle can be used
        as a reference within the potential and actual configuration
        attributes (see Section 3.5.1. 3.6.1. and 3.5.2. 3.6.2. ). The definition of such
        extension capability attributes MUST also state whether they can be
        applied at the session-level, media-level, or both.

3.5.

     3.6. Configuration Attributes

3.5.1.

     3.6.1. Potential Configuration Attribute

        Potential Configurations can be expressed by use of a new Potential
        Configuration Attribute ("a=pcfg") defined as follows:

           a=pcfg: <config-number> <pot-cfg-list> [<pot-cfg-list>]

        where <config-number> is an integer between 1 and 2^31-1 (both
        included).

        The "pcfg" attribute adheres to the RFC 4566 "attribute" production,
        with an att-value defined as follows:

           att-value      = config-number 1*WSP pot-cfg-list [1*WSP pot-cfg-list]
           config-number  = 1*DIGIT ;defined in [RFC4234]
           pot-cfg-list   = pot-config *(1*WSP pot-config)
           pot-config     = pot-attribute-config-list /
                            pot-transport-protocol-config-list /
                            pot-extension-config-list

        The missing productions are defined below. Note that white-space is
        not permitted before the config-number.

        The potential configuration attribute can be provided at the media-
        level only and there can be multiple instances of it within a given
        media description. The attribute includes a configuration number,
        which is an integer between 1 and 2^31-1 (both included). The
        configuration number MUST be unique within the media description
        (i.e. it has media level scope only). The configuration number also
        indicates the relative preference of potential configurations; lower
        numbers are preferred over higher numbers.

        After the configuration number, zero, one or more potential
        configuration lists MUST be is provided. When the potential configuration
        list is omitted, the potential configuration equals the actual
        configuration. The potential configuration lists generally reference
        one or more capabilities, and those capabilities are (conceptually)
        used to construct a new internal version of the SDP by use of purely
        syntactic add, delete add and replace (possibly) delete operations on the original SDP
        (actual configuration), thereby generating a new an alternative potential
        configuration SDP that can be used by conventional SDP and
        offer/answer procedures if actually selected.

        This document defines potential attribute configuration lists and
        potential transport protocol configuration lists.  Each of these MUST
        NOT be present more than once in a particular potential configuration
        attribute. Potential extension configuration lists can be included as
        well; unknown potential extension configuration lists MUST be ignored
        (if support is required, then the "a=creq" attribute with suitable
        option tags should MUST be used). There can be more than one potential
        extension configuration list, however each particular potential
        extension configuration list MUST NOT be present more than once in a
        given potential configuration attribute. Together, these potential
        configuration lists define a potential configuration.

        There can be multiple potential configurations provided within a
        media description. Each of these indicates not only a willingness,
        but in fact a desire to use the potential configuration.

        The example SDP below contains two potential configurations:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/AVP 0 18
           a=tcap:1 RTP/SAVP RTP/SAVPF
           a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=pcfg:1 t=1 a=1
           a=pcfg:2 t=2 a=1

        Potential configuration 1 contains a potential transport protocol
        configuration list that references transport capability 1
        ("RTP/SAVP") and a potential attribute configuration list that
        references attribute capability 1 ("a=crypto:..."). Potential
        configuration 2 contains a potential transport protocol configuration
        list that references transport capability 2 ("RTP/SAVPF") and a
        potential attribute configuration list that references attribute
        capability 1 ("a=crypto:...").

        Attribute capabilities are used in a potential configuration by use
        of the pot-attribute-config-list parameter, which is defined by the
        following ABNF:

           pot-attribute-config-list
                             = "a=" [delete-attributes ":"]
                              att-cap-inst-list
                                      mo-att-cap-list *(BAR att-cap-inst-list) mo-att-cap-list)

           delete-attributes = DELETE ( "m"    ; media attributes
                                   / "s"    ; session attributes
                                   / "ms" ) ; media and session attributes
      att-cap-inst-list

           mo-att-cap-list      = att-cap-inst *(COMMA att-cap-inst)
      att-cap-inst mandatory-optional-att-cap-list |
                                         mandatory-att-cap-list |
                                            optional-att-cap-list

           mandatory-optional-att-cap-list  = [att-cap-operator] att-cap-num
      att-cap-operator mandatory-att-cap-list
                                                  "," optional-att-cap-list
           mandatory-att-cap-list           = att-cap-list
           optional-att-cap-list            = "[" att-cap-list "]"

           att-cap-list      =  DELETE / REPLACE att-cap-num *("," att-cap-num)
           att-cap-num       = 1*DIGIT   ;defined in [RFC4234]
           BAR               = "|"
           DELETE            = "-"
      REPLACE           = "/"

        Note that white space is not permitted within this production.

        Each potential attribute configuration list can optionally begin with
        instructions for how to handle attributes that are part of the actual
        configuration (i.e. the "a=" lines present in the original SDP). By
        default, such attributes will remain as part of the configuration in
        question. However, if delete-attributes indicates "-m", then all
        attribute lines within the media description in question will be
        deleted (i.e. all "a=" lines under the "m=" line in question). If
        delete-attributes indicates "-s", then all attribute lines at the
        session-level will be deleted (i.e. all "a=" lines before the first
        "m=" line). If delete-attributes indicates "-ms", then all attribute
        lines within this media description ("m=" line) and all attribute
        lines at the session-level will be deleted.

        The attribute capability instruction list comes next. It contains one or more
        alternative lists of attribute capability instructions. capabilities. The
   lists are alternative
        attribute capability lists are separated by a vertical bar ("|"), and
        each list contains one or more attribute capability instructions capabilities separated by
        commas (","). An The attribute capability instruction is merely an capabilities are either mandatory or
        optional. Mandatory attribute
   capability number that may optionally capabilities MUST be prefixed by an supported in order
        to use the potential configuration, whereas optional attribute
        capabilities MAY be supported in order to use the potential
        configuration.

        Within each attribute capability operator. list, all the mandatory attribute
        capabilities (if any) are listed first, and all the optional
        attribute capabilities (if any) are listed last. The optional
        attribute capabilities are contained within a pair of angle brackets
        ("[" and "]"). Each attribute capability is merely an attribute
        capability number (att-cap-num) that identifies a particular
        attribute capability by referring to attribute capability numbers
        defined above and hence MUST be between 1 and 2^31-1 (both included).
        The following example illustrates the above:

      a=-m:1,2,-3,/4|1,2,5

           a=pcfg:1 a=-m:1,2,[3,4]|1,7,[5]

        where

        o  "a=-m:1,2,-3,/4|1,2,5"  "a=-m:1,2,[3,4]|1,7,[5]" is the potential attribute configuration
           list

        o  "-m" is the delete-attributes

        o  "1,2,-3,/4"  "1,2,[3,4]" and "1,2,5" "1,7,[5]" are both attribute capability instruction lists. The
           two lists are alternatives, since they are separated by a vertical
           bar above

        o  "1" is an attribute capability instruction without any attribute
      capability operator. It is also an attribute capability number

   o  "-3" is an attribute capability instruction, where "-" is an
      attribute capability operator,  "1", "2" and "3" is the "7" are mandatory attribute capability
      number. capabilities

        o  "/4" is an  "3", "4" and "5" are optional attribute capability instruction, where "/" capabilities

        Note that in the example above, we have a single handle ("1") for the
        potential configuration(s), but there are actually two different
        potential configurations (separated by a vertical bar). This is an
      attribute capability operator, and "4" done
        for message size efficiency reasons, which is especially important
        when we add other types of capabilities to the attribute capability
      number.

   By default, each potential
        configuration. If there is a need to provide a unique handle for
        each, separate "a=pcfg" attributes with different handles must be
        used instead.

        Each referenced attribute capability in the potential configuration
        will result in the corresponding attribute name and its associated
        value (contained inside the attribute capability) merely being added to the
        resulting potential configuration SDP. The

        Alternative attribute capability operators
   change this default behavior:

   o  For session-level attribute capabilities, the DELETE operator ("-
      ") will result in lists are separated by a vertical
        bar ("|"), the deletion of all session-level occurrences scope of
      attributes with which extends to the same attribute-name (attribute values next alternative (i.e.
        "," has higher precedence than "|"). The alternatives are
      ignored) as the attribute contained inside that attribute
      capability. The attribute contained inside the attribute
      capability will NOT be added to ordered by
        preference with the resulting potential
      configuration SDP.

         For example, if delete was indicated most preferred listed first. In order for a session-level "key-
         mgmt" attribute capability ("a=acap:1 a=key-mgmt..."), all
         occurrences
        recipient of "a=key-mgmt" at the session-level would be
         deleted.

   o  For media-level attribute capabilities, the DELETE operator ("-")
      will result SDP (e.g. an answerer receiving this in the deletion an offer) to
        use this potential configuration, exactly one of the alternative
        lists must be selected in its entirety. This requires that all occurrences of attributes
        mandatory attribute capabilities referenced by the potential
        configuration are supported with the same attribute-name (attribute attribute values provided.

        Potential transport protocol configuration lists are ignored) as included in a
        potential configuration by use of the
      attribute contained inside pot-transport-protocol-config-
        list parameter, which is defined by the following ABNF:

           pot-transport-protocol-config-list =
                                "t=" trpr-cap-num *(BAR trpr-cap-num)
           trpr-cap-num        = 1*DIGIT   ; defined in [RFC4234]

        Note that attribute capability, white-space is not permitted within this
      particular media description ("m=" line) only. production.

        The attribute
      contained inside the attribute trpr-cap-num refers to transport protocol capability will NOT numbers
        defined above and hence MUST be added to between 1 and 2^31-1 (both included).
        Alternative potential transport protocol capabilities are separated
        by a vertical bar ("|").  The alternatives are ordered by preference
        with the
      resulting most preferred listed first. When there are no transport
        protocol capabilities included in a potential configuration SDP.

         For example, if delete was indicated for a media-level "crypto"
         attribute capability ("a=acap:1 a=crypto..."), all occurrences
         of "a=crypto" inside at the
        media description ("m=" line) in
         question would be deleted.

   o  For session-level attribute capabilities, level, the REPLACE operator
      ("/") is similar to transport protocol information from the DELETE operator, except that the attribute
      contained inside the attribute capability WILL associated
        "m=" line MUST be added to the
      resulting potential configuration SDP (at the session-level).

         For example, if replace was indicated used. In order for a session-level "key-
         mgmt" attribute capability ("a=acap:1 a=key-mgmt..."), all
         occurrences recipient of "a=key-mgmt" at the session-level would be
         deleted, and the "key-mgmt" attribute name and its associated
         value from the attribute capability would be added SDP (e.g. an
        answerer receiving this in an offer) to use this potential
        configuration, exactly one of the
         resulting SDP for alternatives MUST be selected. This
        requires that configuration.

   o  For media-level attribute capabilities, the REPLACE operator ("/") transport protocol in question is similar to supported.

          In the DELETE operator, except presence of intermediaries (the existence of which may not
          be known), care should be taken with assuming that the attribute
      contained inside transport
          protocol in the attribute "m=" line will not be modified by an intermediary.
          Use of an explicit transport protocol capability WILL will guard against
          any capability negotiation implications of that.

        Extension capabilities can be added to the
      resulting potential configuration SDP (within the media
      description included in question).

         For example, if replace was indicated for a media-level
         "crypto" attribute capability ("a=acap:1 a=crypto..."), all
         occurrences potential configuration
        as well by use of "a=crypto" inside potential extension configuration lists. Such
        potential configuration extension lists MUST adhere to the media description ("m="
         line) following
        ABNF:

           pot-extension-config-list  = ext-cap-name "="
                                         ext-cap-list
           ext-cap-name               = token     ; defined in question would be deleted, and the "crypto" attribute
         name and its associated value from [RFC4566]
           ext-cap-list               = 1*VCHAR      ; defined in [RFC4234]

        Note that white-space is not permitted within this production.

        The ext-cap-name refers to the attribute type of extension capability
         would be added to and the resulting SDP for that configuration.

   Alternative attribute capability instruction lists are separated by
        ext-cap-list is here merely defined as a
   vertical bar ("|"), the scope sequence of which extends to the next
   alternative (i.e. "," has higher precedence than "|"). visible
        characters. The
   alternatives are ordered by preference with the most preferred listed
   first. Exactly one of the alternative lists actual extension supported MUST refine both of these
        further. For extension capabilities that merely need to be selected in its
   entirety in order referenced
        by a capability number, it is RECOMMENDED to use this follow a structure
        similar to what has been specified above. Unsupported or unknown
        potential configuration attribute.

   Potential transport protocol extension configuration lists are included in a potential configuration by use of the pot-transport-protocol-config-
   list parameter, which is defined by the following ABNF:

      pot-transport-protocol-config-list =
                           "t=" trpr-cap-num *(BAR trpr-cap-num)
      trpr-cap-num        = 1*DIGIT   ; defined in [RFC4234]

   Note that white-space is not permitted within this production.

   The trpr-cap-num refers to transport protocol capability numbers
   defined above and hence
        attribute MUST be between 1 and 2^31-1 (both included).
   Alternative potential transport protocol capabilities are separated
   by a vertical bar ("|"). ignored.

          The alternatives are ordered by preference
   with the most preferred listed first. When there "creq" attribute and its associated rules can be used to ensure
          that required extensions are no transport
   protocol capabilities included supported in a potential the first place.

        Potential configuration attributes can be provided at the media level, the transport protocol information from level
        only, however it is possible to reference capabilities provided at
        either the associated
   "m=" line will be used. When included, exactly one of the
   alternatives MUST be selected in order to use this potential
   configuration attribute.

     In the presence of middle-boxes (the existence of which may not be
     known), care should be taken with assuming that the transport
     protocol in the "m=" line will not be modified by a middle-box. Use
     of an explicit transport protocol capability will guard against any
     capability negotiation implications of that.

   Extension capabilities can be included in a potential configuration
   as well by use of potential extension configuration lists. Such
   potential configuration extension lists MUST adhere to the following
   ABNF:

      pot-extension-config-list  = ext-cap-name "="
                                    ext-cap-list
      ext-cap-name               = token     ; defined in [RFC4566]
      ext-cap-list               = 1*VCHAR      ; defined in [RFC4234]

   Note that white-space is not permitted within this production.

   The ext-cap-name refers to the type of extension capability and the
   ext-cap-list is here merely defined as a sequence of visible
   characters. The actual extension supported MUST refine both of these
   further. For extension capabilities that merely need to be referenced
   by a capability number, it is RECOMMENDED to follow a structure
   similar to what has been specified above. Unsupported or unknown
   potential extension configuration lists in a potential configuration
   attribute MUST be ignored.

     The "creq" attribute and its associated rules can be used to ensure
     that required extensions are supported in the first place.

   Potential configuration attributes can be provided at the media level
   only, however it is possible to reference capabilities provided at
   either the session or media level. There are certain semantic rules
   and restrictions session or media level. There are certain semantic rules
        and restrictions associated with this:

        A (media level) potential configuration attribute in a given media
        description MUST NOT reference a media-level capability provided in a
        different media description; doing so invalidates that potential
        configuration (note that a potential configuration attribute can
        contain more than one potential configuration by use of
        alternatives). A potential configuration attribute can however
        reference a session-level capability. The semantics of doing so
        depends on the type of capability. In the case of transport protocol
        capabilities it has no particular implication. In the case of
        attribute capabilities however, it does. More specifically, the
        attribute name and value (provided within that attribute capability)
        will be considered part of the resulting SDP for that particular
        configuration at the *session* level. In other words, it will be as-
        if that attribute was simply provided with that value at the session-
        level in the first place. Note that individual media streams perform
   capability negotiation individually, As a result of that, the base SDP
        Capability Negotiation framework REQUIRES that potential
        configurations do not reference any session-level attribute
        capabilities that contain media-level attributes (since that would
        place a media-level attribute at the session level). Extensions may
        modify this behavior, as long as it is fully backwards compatible
        with the base specification.

        Individual media streams perform capability negotiation individually,
        and hence it is possible that
   another one media stream (where the attribute
        was part of a potential configuration) chose a configuration without that
        a session level
   attribute. attribute that was chosen by another media stream.
        The session-level attribute however remains "active" and hence
        applies to the entire resulting potential configuration SDP. It In
        theory, this is up to the entity that generated the SDP with these capabilities
   and potential configuration problematic if one or more session-level attributes
        either conflicts with or potentially interacts with another session-
        level or media-level attribute in the first place, to ensure,
   that in an undefined manner. In practice
        however, such cases, examples seem to be rare (at least with the resulting potential configuration currently
        defined SDP is
   still meaningful.

   The session-level operation attributes).

          A related set of extension capabilities is undefined:
   Consequently, each new problems can occur if we need coordination between
          session-level extension capability defined
   MUST specify the implication of making it part of a configuration at
   the attributes from multiple media level.

   Below, we provide streams in order for a
          particular functionality to work. The grouping framework [RFC3388]
          is an example of this. If we use the "a=pcfg" SDP Capability Negotiation
          framework to select a session-level group attribute (provided as an
          attribute capability), and we require two media descriptions to do
          this consistently, we could have a problem. The FEC grouping
          semantics [RFC4756] is one example where this in theory could cause
          problems, however in practice, it is unclear that there is a complete
   media description
          significant problem here with the currently defined grouping
          semantics.

        Resolving the above issues in order general requires inter-media stream
        constraints and synchronized potential configuration processing; this
        would add considerable complexity to properly indicate the supporting
   attributes:

      v=0
      o=- 25678 753849 IN overall solution. In
        practice, with the currently defined SDP attributes, it does not seem
        to be a significant problem, and hence the core SDP Capability
        Negotiation solution does not provide a solution to this issue.
        Instead, it is RECOMMENDED that use of session-level attributes in a
        potential configuration is avoided when possible, and when not, that
        such use is examined closely for any potential interaction issues. If
        interaction is possible, the entity generating the SDP SHOULD NOT
        assume that well-defined operation will occur at the receiving
        entity.

        The session-level operation of extension capabilities is undefined:
        Consequently, each new session-level extension capability defined
        MUST specify the implication of making it part of a configuration at
        the media level.

        Below, we provide an example of the "a=pcfg" attribute in a complete
        media description in order to properly indicate the supporting
        attributes:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/AVPF 0 18
           a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=tcap:1 RTP/AVPF RTP/AVP
           a=tcap:3 RTP/SAVP RTP/SAVPF
           a=pcfg:1 t=4|3 a=1
           a=pcfg:8 t=1|2
        We have two potential configuration attributes listed here. The first
        one (and most preferred, since its configuration number is "1")
        indicates that either of the profiles RTP/SAVPF or RTP/SAVP
        (specified by the transport protocol capability numbers 4 and 3) can
        be supported with attribute capability 1 (the "crypto" attribute);
        RTP/SAVPF is preferred over RTP/SAVP since its capability number (4)
        is listed first in the preferred potential configuration. Note that
        while we have only a single potential attribute and associated
        handle, we have two potential configurations.

        The second potential configuration attribute indicates that the
        RTP/AVPF or RTP/AVP profile can be used, with RTP/AVPF being the
        preferred one. This non secure RTP alternative is the less preferred
        one since its configuration number is "8".

3.5.2. Again, note that we have
        two potential configurations here and hence a total of four potential
        configurations in the SDP above.

     3.6.2. Actual Configuration Attribute

        The actual configuration attribute identifies which of the potential
        configurations from an offer SDP was selected and used as an the actual
        configuration in to generate an answer SDP.  This is done by including
        the configuration number and the configuration lists (if any) from
        the offer that were actually selected and used by the answerer in his
        offer/answer procedure as follows:

        o  A selected potential attribute configuration MUST include the
           delete-attributes and the selected alternative att-cap-inst-list mo-att-cap-list
           (i.e. containing both operators all mandatory and optional capability numbers
           from the potential configuration). configuration, irrespective of whether the
           optional ones were supported or not). If delete-attributes were
           not included in the potential configuration, they will of course
           not be present here either.

        o  A selected potential transport protocol configuration MUST include
           the selected transport protocol capability number.

        o  A selected potential extension configuration MUST include the
           selected extension configuration parameters as specified for that
           particular extension.

        Note that the selected configuration number and all selected
        capability numbers used in the actual configuration attribute refer
        to those from the offer; not the answer.

          The answer may for example include capabilities as well. well to inform
          the offerer of the answerers capabilities above and beyond the
          negotiated configuration. The actual configuration attribute does
          not refer to any of those. those answer capabilities though.

        The Actual Configuration Attribute ("a=acfg") is defined as follows:

           a=acfg: <sel-cfg-list> <config-number> [<sel-cfg-list>]

        where <config-number> is an integer between 1 and 2^31-1 (both
        included).

        The "acfg" attribute adheres to the RFC 4566 "attribute" production,
        with an att-value defined as follows:

           att-value      = config-number 1*WSP sel-cfg-list [1*WSP sel-cfg-list]
                             ;config-number defined in Section 3.5.1. 3.6.1.
           sel-cfg-list   = sel-cfg *(1*WSP sel-cfg)
           sel-cfg        = sel-attribute-config /
                                sel-transport-protocol-config /
                                sel-extension-config

           sel-attribute-config =
                    "a=" [delete-attributes ":"] att-cap-inst-list mo-att-cap-list
                                         ; defined in Section 3.5.1. 3.6.1.

           sel-transport-protocol-config =
                    "t=" trpr-cap-num    ; defined in Section 3.5.1. 3.6.1.

           sel-extension-config =
                    ext-cap-name "=" 1*VCHAR   ; defined in Section 3.5.1. 3.6.1.

        Note that white-space is not permitted before the config-number.

        The actual configuration ("a=acfg") attribute can be provided at the
        media-level only. There MUST NOT be more than one occurrence of an
        actual configuration attribute within a given media description.

        Below, we provide an example of the "a=acfg" attribute (building on
        the previous example with the potential configuration attribute):

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/SAVPF 0
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
           a=acfg:1 t=4 a=1

        It indicates that the answerer used an offer consisting of potential
        configuration number 1 with transport protocol capability 4 from the
        offer (RTP/SAVPF) and attribute capability 1 (the "crypto"
        attribute). The answerer includes his own "crypto" attribute as well.

3.6.

     3.7. Offer/Answer Model Extensions

        In this section, we define extensions to the offer/answer model
        defined in [RFC3264] to allow for potential configurations to be
        included in an offer, where they constitute offers that may be
        accepted by the answerer instead of the actual configuration(s)
        included in the "m=" line(s).

        The procedures defined in the following subsections apply to both
        unicast and multicast streams.

3.6.1.

     3.7.1. Generating the Initial Offer

        An offerer that wants to use the SDP capability negotiation
   extensions Capability Negotiation defined
        in this document MUST include the following in the offer:

        o  An attribute capability attribute ("a=acap") as defined in Section
      3.4.1.
           3.5.1. for each attribute name and associated value (if any) that
           needs to be indicated as a capability in the offer.

           Session-level attributes and associated values MUST be provided in
           attribute capabilities at the session-level only, whereas media-
           level attributes and associated values MUST can be provided in
           attribute capabilities at either the media-level only. or session-level.
           Attributes that can be provided at either the session- or media-level media-
           level can be represented as attribute capabilities at either the
           session- or media-level. Attribute capabilities for
           '<type>=<value>' attributes can MAY include an attribute name only; only,
           thereby merely indicating support for the attribute type; such
           attribute capabilities MUST NOT be referenced by a potential configuration,
      unless the DELETE operator is used for it.
           configuration. If there is not a need to indicate any attributes
           as attribute capabilities, then there will not be any "a=acap"
           attributes either.

        o  One or more a transport protocol capability attributes ("a=tcap")
           as defined in Section 3.4.2. 3.5.2. with values for each transport
           protocol that needs to be indicated as a capability in the offer.
           Transport protocol capabilities that apply to multiple media
           descriptions SHOULD be provided at the session-level whereas
           transport protocol capabilities that apply to a specific media
           description ("m=" line) only, SHOULD be provided within that
           particular media description. In either case, there MUST NOT be
           more than a single "a=tcap" attribute at the session-level and a
           single "a=tcap" attribute in each media description. If there is
           not a need to indicate any transport protocols as transport
           protocol capabilities, then there will not be any "a=tcap"
           attributes either.

        o  One or more extension capability attributes (as outlined in
           Section 3.4.3. 3.5.3. ) for each extension capability that is referenced
           by a potential configuration.

        o  One or more potential configuration attributes ("a=pcfg") as
           defined in Section 3.5.1. 3.6.1. within each media description where
           alternative potential configurations are to be negotiated. Each
           potential configuration attribute MUST adhere to the rules
           provided in Section 3.5.1. 3.6.1. and the additional rules provided
           below.

        If the offerer requires support for more or extensions (besides the
        base protocol defined here), then the offerer MUST include one or
        more "a=creq" attribute as follows:

        o  If one or more capability negotiation extensions are required to
           be supported for the entire session description, then option tags
           for those extensions MUST be included in a single session-level
           "creq" attribute.

        o  For each media description that requires one or more capability
           negotiation extensions not listed at the session-level, a single
           "creq" attribute containing all the required extensions for that
           media description MUST be included within the media description
           (in accordance with Section 3.3.2. 3.4.2. ).

        The offerer SHOULD furthermore include the following:

        o  One or more  A supported capability negotiation extension attributes attribute ("a=csup")
           at the session-level and/or media-level as defined in Section 3.3.2. if the offerer supports
      one or more
           3.4.2. for each capability negotiation extensions extension supported by the
           offerer and not included in a corresponding "a=creq" attribute
           (i.e. at the session-level or in the same media description).
           Option tags provided in a "a=csup"
      attributes attribute at the session-level
           indicate extensions supported for the entire session description
           whereas option tags provided in a "a=csup" attributes attribute in a media
           description indicate extensions supported for that particular
           media description only.

        Capabilities provided in an offer merely indicate what the offerer is
        capable of doing. They do not constitute a commitment or even an
        indication to actually use them. Each In contrast, each potential configuration however
        constitutes an alternative offer that the offerer would like to use.
        The potential configurations may MUST be used by the answerer to
        negotiate and establish the session.

        The offerer MUST include one or more potential configuration
        attributes ("a=pcfg") within each media description where the offerer
        wants to provide alternative offers (in the form of potential
        configurations). Each potential configuration attribute in a given
        media description MUST contain a unique configuration number and one
        or more potential configuration lists, as described in Section 3.5.1. 3.6.1.
        Each potential configuration list MUST refer to capabilities that are
        provided either at the session-level or within that particular media
        description; otherwise, the potential configuration is considered
        invalid. The base SDP Capability Negotiation framework REQUIRES that
        potential configurations do not reference any session-level attribute
        capabilities that contain media-level attributes, however extensions
        may modify this behavior, as long as it is fully backwards compatible
        with the base specification. Furthermore, it is RECOMMENDED that
        potential configurations avoid use of session-level capabilities
        whenever possible; refer to Section 3.6.1.

        The current actual configuration is included in the "m=" line (as
        defined by [RFC3264]). [RFC3264]) and the various attribute ("a=") lines. Note
        that the actual configuration is by definition the least-preferred
        configuration, and hence the answerer will seek to negotiate use of
        one of the potential configurations instead. If the offerer wishes a
        different preference for the actual configuration, the offerer MUST
        include a corresponding potential configuration with the relevant
        configuration number (which indicates the relative preference between
        potential configurations); this corresponding potential configuration
        should simply duplicate the actual configuration.

          This can either be done implicitly (by not referencing any
          capabilities), or explicitly (by providing and using capabilities
          for the transport protocol and all the attributes that are part of
          the actual configuration). The latter may help detect
          intermediaries that modify the actual configuration but are not SDP
          Capability Negotiation aware.

        Per [RFC3264], once the offerer generates the offer, he must be
        prepared to receive incoming media in accordance with that offer.
        That rule applies here as well, but for the actual configurations
        provided in the offer only: Media received by the offerer according
        to one of the potential configurations MAY be discarded, until the
        offerer receives an answer indicating what the actual selected
        configuration is. Once that answer is received, incoming media MUST
        be processed in accordance with the actual selected configuration
        indicated and the answer received (provided the offer/answer exchange
        completed successfully).

3.6.2. Generating the Answer

   When receiving an offer,

        The above rule assumes that the answerer MUST check for offerer can determine whether
        incoming media adheres to the presence actual configuration offered or one of
   a required capability negotiation extension attribute ("a=creq")
   provided at
        the session level. If one is found, then capability
   negotiation MUST potential configurations instead; this may not always be performed. the
        case. If none is found, the offerer wants to ensure he does not play out any
        garbage, the offerer SHOULD discard all media received before the
        answer SDP is received. Conversely, if the offerer wants to avoid
        clipping, he should attempt to play any incoming media as soon as it
        is received (at the risk of playing out garbage). For further
        details, please refer to Section 3.10.

     3.7.2. Generating the Answer

        When receiving an offer, the answerer MUST check for the presence of
        a required capability negotiation extension attribute ("a=creq")
        provided at the session level. If one is found, then capability
        negotiation MUST be performed. If none is found, then the answerer
        MUST check each offered media description for the presence of a
        required capability negotiation extension attribute ("a=creq") and
        one or more potential configuration attributes ("a=pcfg"). Capability
        negotiation MUST be performed for each media description where either
        of those is present in accordance with the procedures described
        below.

        The answerer MUST first ensure that it supports any required
        capability negotiation extensions:

        o  If a session-level "creq" attribute is provided, and it contains
           an option-tag that the answerer does not support, then the
           answerer MUST NOT use any of the potential configuration
           attributes provided for any of the media descriptions. Instead,
           the normal offer/answer procedures MUST continue as per [RFC3264].
           Furthermore, the answerer MUST include a session-level supported
           capability negotiation extensions attribute ("a=csup") with option
           tags for the capability negotiation extensions supported by the
           answerer.

        o  If a media-level "creq" attribute is provided, and it contains an
           option tag that the answerer does not support, then the answerer
           MUST NOT use any of the potential configuration attributes
           provided for that particular media description. Instead, the
           offer/answer procedures for that media description MUST continue
           as per [RFC3264]. [RFC3264] (SDP Capability Negotiation is still performed
           for other media descriptions in the SDP).  Furthermore, the
           answerer MUST include a supported capability negotiation
           extensions attribute ("a=csup") in that media description with
           option tags for the capability negotiation extensions supported by
           the answerer for that media description.

        Assuming all required capability negotiation extensions are
        supported, the answerer now proceeds as follows.

        For each media description where capability negotiation is to be
        performed (i.e. all required capability negotiation extensions are
        supported and at least one valid potential configuration attribute is
        present), the answerer MUST attempt to perform capability negotiation
        by using the most preferred potential configuration that is valid. A
        potential configuration is valid if:

        1. It is in accordance with the syntax and semantics provided in
           Section 3.5.1. 3.6.1.

        2. It contains a configuration number that is unique within that
           media description.

        3. All attribute capabilities referenced by the potential
           configuration are valid themselves (as defined in Section 3.4.1. 3.5.1. )
           and each of them is furthermore provided either at the session-
      level session-level or within
           this particular media description. For session-level attribute
           capabilities referenced, the attributes contained inside them MUST
           NOT be media-level only attributes.

        4. All transport protocol capabilities referenced by the potential
           configuration are valid themselves (as defined in Section 3.4.2. 3.5.2. )
           and each of them is furthermore provided either at the session-
           level or within this particular media description.

        5. All extension capabilities referenced by the potential
           configuration and supported by the answerer are valid themselves
           (as defined by that particular extension) and each of them are
           furthermore provided either at the session-level or within this
           particular media description. Unknown or unsupported extension
           capabilities MUST be ignored.

        The most preferred valid potential configuration in a media
        description is the valid potential configuration with the lowest
        configuration number. The answerer MUST now process the offer for
        that media stream based on the most preferred valid potential
        configuration. Conceptually, this entails the answerer constructing
        an (internal) offer that consists of the actual configuration offer
        SDP, with the following changes: changes for each media stream offered:

        o  If a transport protocol capability is included in the potential
           configuration, then it replaces the transport protocol provided in
           the "m=" line for that media description.

        o  If attribute capabilities are present with a delete-attributes
      indication,
           session indication ("-s"), then all session-level attributes and/or media-level
      attributes for this media description from
           the actual configuration SDP MUST be deleted in accordance with
           the delete-attributes provided per the procedures in Section 3.5.1.

   o 3.6.1. If a session-level attribute capability is included, capabilities are
           present with a delete-attributes media indication ("-m"), then all
           attributes from the
      operation is as follows (see also Section 3.5.1. ):

       a. actual configuration SDP inside this media
           description MUST be deleted.

        o  If the a session-level attribute capability number is not prefixed with an
          attribute capability operator, then included, the attribute
           (and its associated value, if any) contained in it MUST be added
           to the resulting SDP. All such added session-level attributes MUST
           be listed before the session-level attributes that were initially
           present in the SDP. Furthermore, the added session-level
           attributes MUST be added in the order they were provided in the
           potential
          configuration.

       b. If configuration (see also Section 3.6.1. ).

              This allows for attributes with implicit preference ordering to
              be added in the desired order; the "crypto" attribute capability number [SDES] is prefixed with
              one such example.

        o  If a DELETE
          operator in the potential configuration, then all session-
          level occurrences of an attribute with the same attribute-name
          (attribute values are ignored) as the attribute contained
          inside that attribute capability MUST be deleted from the
          original SDP as detailed in Section 3.5.1. .

       c. If the attribute capability number is prefixed with a REPLACE
          operator in the potential configuration, then the above DELETE
          operation MUST first be performed, and the attribute MUST then
          be added to the resulting SDP in the same order as specified
          above in a).

   o  If a media-level attribute capability is included, then the
      operation is as follows (see also Section 3.5.1. ):

       a. If the attribute capability number is not prefixed with an
          attribute capability operator, then media-level attribute capability is included, then the
           attribute (and its associated value, if any) MUST be added to the
           resulting SDP within the media description in question. All such
           added media-level attributes MUST be listed before the media-level
           attributes that were initially present in the SDP in the media
           description in question. Furthermore, the added media-level
           attributes MUST be added in the order they were provided in the
           potential configuration.

       b. If the attribute capability number is prefixed with a DELETE
          operator in the potential configuration, then all media-level
          occurrences of an attribute with the same attribute-name
          (attribute values are ignored) as the attribute contained
          inside that attribute capability MUST be deleted from the
          original SDP in the media description in question as detailed
          in configuration (see also Section 3.5.1. .

       c. If the attribute capability number is prefixed with a REPLACE
          operator in the potential configuration, then the above DELETE
          operation MUST first be performed, and the attribute MUST then
          be added to the resulting SDP in the same order as specified
          above in a). 3.6.1. ).

        o  If a supported extension capability is included, then it is MUST be
           processed in accordance with the rules provided for that
           particular extension capability.

        Note that whereas a transport protocol from the potential
        configuration replaces the transport protocol in the actual
        configuration, an attribute capability from the potential
        configuration is instead simply added to the actual configuration by
   default. configuration. In some
        cases, this can result in having one or more meaningless attributes
        in the resulting potential configuration SDP, or worse, ambiguous or
        potentially even illegal attributes. The delete-attributes for the
        session and/or media level attributes as well as the DELETE and
   REPLACE attribute capability operators MUST be used to avoid such
        scenarios. Nevertheless, it is RECOMMENDED that implementations
        ignore meaningless attributes that may result from potential
        configurations.

          For example, if the actual configuration was using Secure RTP and
          included an "a=crypto" attribute for the SRTP keying material, then
          use of a potential configuration that uses plain RTP would make the
          "crypto" attribute meaningless. The answerer may or may not ignore
          such a meaningless attribute. The offerer can here ensure correct
          operation by using the above operators delete-attributes to actually delete the
          crypto attribute. attribute (but will then need to provide attribute
          capabilities to reconstruct the SDP with the necessary attributes
          deleted, e.g. rtpmaps).

        Please refer to Section 3.6.2.1. 3.7.2.1. for examples of how the answerer may
        conceptually "see" the resulting offered alternative potential
        configurations.

   If the

        The answerer is not able to support MUST check that he supports all mandatory attribute
        capabilities from the most preferred valid potential configuration for (if any) and the media description,
        transport protocol capability (if any) from the potential
        configuration. If he does not, the answerer MUST proceed to the
        second-most preferred valid potential configuration for the media
        description, etc.

        If the answerer is not able to
   support any of has exhausted all potential configurations for the
        media description, without finding a valid potential configurations, one that is also
        supported, then the answerer MUST process the offer per normal offer/answer rules, i.e. offered media stream
        based on the actual configuration provided will plus any session-level attributes
        added by a valid and supported potential configuration for another
        media description in the offered SDP.

        The above process describes potential configuration selection as a
        per media stream process. Inter-media stream coordination of selected
        potential configurations however is required in some cases. First of
        all, session-level attributes added by a potential configuration for
        one media description MUST NOT cause any problems for potential
        configurations selected by other media descriptions in the offer SDP.
        If the session-level attributes are mandatory, then those session-
        level attributes MUST furthermore be used supported by the session as a
        whole (i.e. all the least preferred
   alternative. media descriptions if relevant). As mentioned
        earlier, this adds additional complexity to the overall processing
        and hence it is RECOMMENDED not to use session-level attribute
        capabilities in potential configurations, unless absolutely
        necessary.

        Once the answerer has selected an a valid and supported offered
        configuration for all of the media
   stream, streams (or has fallen back to the
        actual configuration plus any added session attributes), the answerer
        MUST generate a valid answer SDP based on the selected potential
        configuration SDP, as "seen" by the answerer. answerer (see Section 3.7.2.1.
        for examples). Furthermore, if the answerer selected one of the
        potential configurations in a media description, the answerer MUST
        include an actual configuration attribute ("a=acfg") within that
        media description that identifies the configuration number for that the
        selected potential configuration as well as the actual parameters
        that were used from that potential configuration (if the potential
        configuration included alternatives, only the selected alternatives
        must be included). Only the known and supported parameters will be
        included. Unknown or unsupported parameters MUST NOT be included in
        the actual configuration attribute.

          This is not to be confused with mandatory and optional attribute
          capabilities, where some of the optional attribute capabilities may
          refer to unknown or unsupported attributes. The entire list of
          attribute capabilities still need to be included thereby enabling
          the offerer to determine which alternative potential configuration
          was chosen by the answerer.

        If the answerer supports one or more capability negotiation
        extensions that were not included in a required capability
        negotiation extensions attribute in the offer, then the answerer
        SHOULD furthermore include a supported capability negotiation
        attribute ("a=csup") at the session-level with option tags for the
        extensions supported across media streams. Also, if the answerer
        supports one or more capability negotiation extensions for particular
        media descriptions only, then a supported capability negotiation
        attribute with those option-tags SHOULD be included within each
        relevant media description.

        The offerer's originally provided actual configuration is contained
        in the media description's "m=" line (and associated parameters). The
        answerer can MAY send media to the offerer in accordance with that actual
        configuration as soon as it receives the offer, however it MUST NOT
        send media based on that actual configuration if it selects an
        alternative potential configuration. If the answerer selects one of
        the potential configurations, then the answerer MAY immediately start
        to send media to the offerer in accordance with the selected
        potential configuration, however the offerer MAY discard such media
        or play out garbage until the offerer receives the answer.

3.6.2.1. Example Please
        refer to section 3.10. for additional considerations and possible
        alternative solutions outside the base SDP Capability Negotiation
        framework.

        If the offerer selected a potential configuration instead of the
        actual configuration, then it is RECOMMENDED that the answerer sends
        back an answer SDP as soon as possible. This minimizes the risk of
        having media discarded or played out as garbage by the offerer. In
        the case of SIP [RFC3261] without any extensions, this implies that
        if the offer was received in an INVITE message, then the answer SDP
        should be provided in the first non-100 provisional response sent
        back (per RFC3261, the answer would need to be repeated in the 200
        response as well, unless a relevant extension such as [RFC3262] is
        being used).

     3.7.2.1. Example Views of Potential Configurations

        The following examples illustrate how the answerer may conceptually
        "see" a potential configuration. Consider the following offered SDP:

           v=0
           o=alice 2891092738 2891092738 IN IP4 lost.example.com
           s=
           t=0 0
           c=IN IP4 lost.example.com
           a=tool:foo
           a=acap:1 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
           a=tcap:1 RTP/SAVP RTP/AVP
           m=audio 59000 RTP/AVP 98
           a=rtpmap:98 AMR/8000
           a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=pcfg:1 t=1 a=1|2
           m=video 52000 RTP/AVP 31
           a=rtpmap:31 H261/90000
           a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
           a=pcfg:1 t=1 a=1|3

        This particular SDP offers an audio stream and a video stream, each
        of which can either use plain RTP (actual configuration) or secure
        RTP (potential configuration). Furthermore, two different keying
        mechanisms are offered, namely session-level Key Management
        Extensions using MIKEY (attribute capability 1) and media-level SDP
        Security Descriptions (attribute capabilities 2 and 3). There are
        several potential configurations here, however, below we show the one
        the answerer "sees" when using potential configuration 1 for both
        audio and video, and furthermore using attribute capability 1 (MIKEY)
        for both (we have removed all the capability negotiation attributes
        for clarity):

           v=0
           o=alice 2891092738 2891092738 IN IP4 lost.example.com
           s=
           t=0 0
           c=IN IP4 lost.example.com
           a=tool:foo
           a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
           m=audio 59000 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           m=video 52000 RTP/SAVP 31
           a=rtpmap:31 H261/90000

        Note that the transport protocol in the media descriptions indicate media descriptions indicate
        use of secure RTP.

        Below, we show the offer the answerer "sees" when using potential
        configuration 1 for both audio and video and furthermore using
        attribute capability 2 and 3 respectively (SDP security descriptions)
        for the audio and video stream - note the order in which the
        resulting attributes are provided:

           v=0
           o=alice 2891092738 2891092738 IN IP4 lost.example.com
           s=
           t=0 0
           c=IN IP4 lost.example.com
           a=tool:foo
           m=audio 59000 RTP/SAVP 98
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=rtpmap:98 AMR/8000
           m=video 52000 RTP/SAVP 31
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
              a=rtpmap:31 H261/90000

        Again, note that the transport protocol in the media descriptions
        indicate use of secure RTP.

        And finally, we show the offer the answerer "sees" when using
        potential configuration 1 with attribute capability 1 (MIKEY) for the
        audio stream, and potential configuration 1 with attribute capability
        3 (SDP security descriptions) for the video stream:

           v=0
           o=alice 2891092738 2891092738 IN IP4 lost.example.com
           s=
           t=0 0
           c=IN IP4 lost.example.com
           a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
           a=tool:foo
           m=audio 59000 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           m=video 52000 RTP/SAVP 31
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
           a=rtpmap:31 H261/90000

     3.7.3.  Offerer Processing of the Answer

        When the offerer attempted to use SDP Capability Negotiation in the
        offer, the offerer MUST examine the answer for actual use of SDP
        Capability Negotiation.

        For each media description where the offerer included a potential
        configuration attribute ("a=pcfg"), the offerer MUST first examine
        the media description for the presence of an actual configuration
        attribute ("a=acfg"). If an actual configuration attribute is not
        present in a media description, then the offerer MUST process the
        answer SDP for that media stream per the normal offer/answer rules
        defined in [RFC3264]. However, if one is found, the offerer MUST
        instead process the answer as follows:

        o  The actual configuration attribute specifies which of the
           potential configurations was used by the answerer to generate the
           answer for this media stream. This includes all the capabilities
           referenced by the potential configuration selected, i.e. the
           attribute capabilities and any associated delete-attributes,
           transport protocol capabilities, and any extension capability
           parameters included.

        o  The offerer MUST now process the answer in accordance with the
           rules in [RFC3264], except that it must be done as if the offer
           consisted of the selected potential configuration instead of the
           actual configuration, including any transport protocol changes in
           the media ("m=") line(s), attributes added and deleted by the
           potential configuration at the media and session level, and any
           extensions used.

        If the offer/answer exchange was successful, and if the answerer
        selected one of the potential configurations from the offer as the
        actual configuration, then the offerer MAY perform another
        offer/answer exchange: This new offer SHOULD contain the selected
        potential configuration as the actual configuration, i.e. with the
        actual configuration used in the "m=" line and any other relevant
        attributes and extensions. This second offer/answer exchange will not
        modify the session in any way, however it will help intermediaries
        (e.g. middleboxes) that look at the SDP, but do not understand or
        support the capability negotiation extensions, to understand the
        details of the media stream(s) that were actually negotiated. If it
        is known or suspected that one or more such intermediaries exist,
        then this second offer/answer SHOULD be performed (this is already
        done when using Interactive Connectivity Establishment [ICE], and in
        those cases, there will not be a need for a third offer/answer
        exchange). Note that, per normal offer/answer rules, the second
        offer/answer exchange still needs to update the version number in the
        "o=" line ((<sess-version> in [RFC4566]). Attribute lines carrying
        keying material SHOULD repeat the keys from the previous offer,
        unless re-keying is necessary, e.g. due to a previously forked SIP
        INVITE request. Please refer to Section 3.12. for additional
        considerations related to intermediaries.

     3.7.4. Modifying the Session

        Capabilities and potential configurations may be included in
        subsequent offers as defined in [RFC3264], Section 8.  The procedure
        for doing so is similar to that described above with the answer
        including an indication of the actual selected configuration used by
        the answerer.

        If the answer indicates use of a potential configuration from the
        offer, then the guidelines provided in Section 3.7.3. for doing a
        second offer/answer exchange using that potential configuration as
        the actual configuration apply.

     3.8. Interactions with ICE

        Interactive Connectivity Establishment (ICE) [ICE] provides a
        mechanism for verifying connectivity between two endpoints by sending
        STUN messages directly between the media endpoints. The basic ICE
        specification [ICE] is defined to support UDP-based connectivity
        only, however it allows for extensions to support other transport
        protocols, such as TCP, which is being specified in [ICETCP]. ICE
        defines a new "a=candidate" attribute, which, among other things,
        indicates the possible transport protocol(s) to use and then
        associates a priority with each of them. The most preferred transport
        protocol that *successfully* verifies connectivity will end up being
        used.

        When using ICE, it is thus possible that the transport protocol that
        will be used differs from what is specified in the "m=" line.
        Furthermore, since both ICE and SDP Capability Negotiation may now
        specify alternative transport protocols, there is a potentially
        unintended interaction when using these together.

        We provide the following guidelines for addressing that.

        There are two basic scenarios to consider here:

        1) A particular media stream can run over different transport
        protocols (e.g. UDP, TCP, or TCP/TLS), and the intent is simply to
        use the one that works (in the preference order specified).

        2) A particular media stream can run over different transport
        protocols (e.g. UDP, TCP, or TCP/TLS) and the intent is to have the
        negotiation process decide which one to use (e.g. T.38 over TCP or
        UDP).

        In scenario 1, there should be ICE "a=candidate" attributes for UDP,
        TCP, etc. but otherwise nothing special in the potential
        configuration attributes to indicate the desire to use different
        transport protocols (e.g. UDP, or TCP). The ICE procedures
        essentially cover the capability negotiation required (by having the
        answerer select something it supports and then use of trial and
        error).

        Scenario 2 does not require a need to support or use ICE. Instead, we
        simply use transport protocol capabilities and potential
        configuration attributes to indicate the desired outcome.

        The scenarios may be combined, e.g. by offering potential
        configuration alternatives where some of them can support one
        transport protocol only (e.g. UDP), whereas others can support
        multiple transport protocols (e.g. UDP or TCP). In that case, there
        is a need for tight control over the ICE candidates that will
        actually be used for a particular configuration, yet the actual
        configuration may want to use all of them. In that case, the ICE
        candidate attributes can be defined as attribute capabilities and the
        relevant ones should then be included in the proper potential
        configurations (for example candidate attributes for UDP only for
        potential configurations that are restricted to UDP, whereas there
        could be candidate attributes for UDP, TCP, and TCP/TLS for potential
        configurations that can use all three). Furthermore, use of the
        delete-attributes in a potential configuration can be used to ensure
        that ICE will not end up using a transport protocol that is not
        desired.

     3.9. Interactions with SIP Option Tags

        SIP [RFC3261] allows for SIP extensions to define a SIP option tag
        that identifies the SIP extension. Support for one or more such
        extensions can be indicated by use of the SIP Supported header, and
        required support for one or more such extensions can be indicated by
        use of the SIP Require header. The "a=csup" and "a=creq" attributes
        defined by the SDP Capability Negotiation framework are similar,
        except that support for these two attributes by themselves cannot be
        guaranteed (since they are specified as extensions to the SDP
        specification [RFC4566] itself).

        SIP extensions with associated option tags can introduce enhancements
        to not only SIP, but also SDP. This is for example the case for SIP
        preconditions defined in [RFC3312]. When using SDP Capability
        Negotiation, some potential configurations may include certain SDP
        extensions, whereas others may not. Since the purpose of the SDP
        Capability Negotiation is to negotiate a session based on the
        features supported by both sides, use of secure RTP.

   Below, we show the offer SIP Require header for
        such extensions may not produce the answerer "sees" when using desired result. For example, if
        one potential configuration 1 for both audio and video and furthermore using
   attribute capability 2 requires SIP precondition support,
        another does not, and 3 respectively (SDP security descriptions)
   for the audio and media stream - note answerer does not support preconditions,
        then use of the order SIP Require header for preconditions would result in which the
   resulting attributes are provided:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=
      t=0 0
      c=IN IP4 lost.example.com
      a=tool:foo
      m=audio 59000 RTP/SAVP 98
      a=crypto:1 AES_CM_128_HMAC_SHA1_32
         inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
      a=rtpmap:98 AMR/8000
      m=video 52000 RTP/SAVP 31
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
         a=rtpmap:31 H261/90000

   Again, note that the transport protocol
        a session failure, in the media descriptions
   indicate use spite of secure RTP.

   And finally, we show the offer the answerer "sees" when using fact that a valid and supported
        potential configuration 1 with attribute capability 1 (MIKEY) for was included in the
   audio stream, offer.

        In general, this can be alleviated by use of mandatory and potential configuration 1 with optional
        attribute capability
   3 (SDP security descriptions) for the video stream:

      v=0
      o=alice 2891092738 2891092738 IN IP4 lost.example.com
      s=
      t=0 0
      c=IN IP4 lost.example.com
      a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=tool:foo
      m=audio 59000 RTP/SAVP 98
      a=rtpmap:98 AMR/8000
      m=video 52000 RTP/SAVP 31
      a=crypto:1 AES_CM_128_HMAC_SHA1_80
         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
      a=rtpmap:31 H261/90000

3.6.3.  Offerer Processing capabilities in a potential configuration. There are
        however cases where permissible SDP values are tied to the use of the Answer

   When
        SIP Require header. SIP preconditions [RFC3312] is one such example,
        where preconditions with a "mandatory" strength-tag can only be used
        when a SIP Require header with the offerer attempted SIP option tag "precondition" is
        included. Future SIP extensions that may want to use the SDP
        Capability Negotiation in the
   offer, the framework should avoid such coupling.

     3.10. Processing Media before Answer

        The offer/answer model requires an offerer MUST examine the answer for actual use of
   capability negotiation.

   For each to be able to receive
        media description where in accordance with the offerer included a potential
   configuration attribute, offer prior to receiving the offerer MUST first examine answer.
        This property is retained with the media
   description for SDP Capability Negotiation
        extensions defined here, but only when the presence of an actual configuration attribute
   ("a=acfg"). is
        selected by the answerer. If an actual a potential configuration attribute is not present in a
   media description, then chosen, it
        is permissible for the offerer MUST to not process the answer SDP for
   that any media stream per received
        before the normal offer/answer rules defined in
   [RFC3264]. However, if one answer is found, then the offerer MUST instead
   process received. This however may lead to clipping.
        Consequently, the SDP Capability Negotiation framework recommends
        sending back an answer SDP as follows:

   o soon as possible.

        The actual configuration attribute specifies which of the
      potential configurations were used issue can be resolved by introducing a three-way handshake. In
        the answerer to generate the
      answer. This includes all the capabilities from the potential
      configuration offered, i.e. the attribute capabilities and
      associated delete-attributes and operators, transport protocol
      capabilities, and any extension capability parameters included.

   o  The offerer MUST now process the answer in accordance with the
      rules in [RFC3264], except that it must case of SIP, this can for example be done as if the offer
      had contained by defining a
        precondition [RFC3312] for capability negotiation (or use an existing
        precondition that is known to generate a second offer/answer exchange
        before proceeding with the selected potential configuration session), however preconditions are often
        viewed as the actual
      configuration in the media description ("m=" line) complicated to implement and relevant
      attributes in the offer.

   If the they may add to overall
        session establishment delay by requiring an extra offer/answer exchange was successful,
        exchange.

        An alternative three-way handshake can be performed by use of ICE
        [ICE]. When ICE is being used, and if the answerer
   selected receives a STUN
        Binding Request for any one of the potential configurations accepted media streams from the
        offerer, the answerer knows the offer as has received his answer. At
        that point, the
   actual configuration, then answerer knows that the offerer MAY perform another
   offer/answer exchange: The new offer should contain will be able to
        process incoming media according to the selected
   potential negotiated configuration as and
        hence he can start sending media without the actual configuration, i.e. with risk of the
   actual configuration used in offerer
        either discarding it or playing garbage.

        In some use cases (notably, when the "m=" line and any other relevant
   attributes. This second offer/answer exchange will offerer does not modify need
        information from the
   session answer, such as keying material in any way, however it will help intermediaries that look at the SDP, but do in
        order to process incoming media), a three-way handshake is not understand or support
        needed. The SDP Capability Negotiation framework does not define any
        such solutions, however extensions may do so. For example, one
        technique proposed for best-effort SRTP in [BESRTP] is to provide
        different RTP payload type mappings for different transport protocols
        used, outside of the capability negotiation
   extensions, actual configuration, while still allowing them
        to understand be used by the details answerer (exchange of keying material is still
        needed, e.g. inband). The basic SDP Capability Negotiation framework
        defined here does not include the media stream(s) ability to do so, however
        extensions that
   were actually negotiated. If it is known or suspected enable that one or
   more such intermediaries exist, then this second offer/answer SHOULD may be performed (this is already done when defined.

     3.11. Dealing with Large Number of Potential Configurations

        When using Interactive
   Connectivity Establishment [ICE]). Note that, per normal offer/answer
   rules, the second offer/answer exchange still needs SDP Capability Negotiation, it is easy to update the
   version generate
        offers that contain a large number of potential configurations. For
        example, in the "o=" line ((<sess-version> in [RFC4566]).
   Attribute lines carrying keying material SHOULD repeat offer:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/AVP 0 18
           a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF
           a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
              FEC_ORDER=FEC_SRTP
           a=acap:2 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
           a=acap:3 a=rtcp-fb:0 nack
           a=pcfg:1 t=1 a=1,3|2,3
           a=pcfg:2 t=2 a=1|2
           a=pcfg:3 t=3 a=3

        we have 5 potential configurations on top of the keys from actual configuration
        for a single media stream. Adding an extension capability with just
        two alternatives for each would double that number (to 10), and doing
        the previous offer, unless re-keying equivalent with two media streams would again double that number
        (to 20). While it is necessary, e.g. due easy (and inexpensive) for the offerer to a
   previously forked SIP INVITE request.

3.6.4. Modifying
        generate such offers, processing them at the Session

   Capabilities and potential configurations answering side may be included in
   subsequent not
        be. Consequently, it is RECOMMENDED that offerers do not create
        offers as defined with unnecessarily large number of potential configurations in [RFC3264], Section 8.  The procedure
   for doing so is similar
        them.

        On the answering side, implementers MUST take care to avoid excessive
        memory and CPU consumption. For example, a na´ve implementation that described above with the answer
   including an indication of
        first generates all the actual selected valid potential configuration used by
   the answerer.

   If the answer indicates use SDPs
        internally, could find itself being memory exhausted, especially if
        it supports a large number of endpoints. Similarly, a na´ve
        implementation that simply performs iterative trial-and-error
        processing on each possible potential configuration from SDP (in the
   offer, then
        preference order specified) could find itself being CPU constrained.
        An alternative strategy is to prune the guidelines provided in Section 3.6.3. for doing a
   second offer/answer exchange using that search space first by
        discarding the set of offered potential configuration as configurations where the actual configuration apply.

3.7. Interactions with ICE

   Interactive Connectivity Establishment (ICE) [ICE] provides a
   mechanism for verifying connectivity
        transport protocol indicated (if any) is not supported, and/or one or
        more mandatory attribute capabilities (if any) are either not
        supported or not valid.

     3.12. SDP Capability Negotiation and Intermediaries

        An intermediary is here defined as an entity between two endpoints by sending
   STUN messages directly a SIP user agent
        A and a SIP user agent B, that need to perform some kind of
        processing on the SDP exchanged between A and B in order for the
        session establishment to operate as intended. Examples of such
        intermediaries include Session Border Controllers (SBCs) that may
        perform media endpoints. relaying, Proxy Call Session Control Functions (P-CSCF)
        that may authorize use of a certain amount of network resources
        (bandwidth), etc. The basic ICE
   specification [ICE] is defined to support UDP-based connectivity
   only, however it allows presence and design of such intermediaries may
        not follow the "Internet" model or the SIP requirements for extensions proxies
        (which are not supposed to support other transport
   protocols, look in message bodies such as TCP, which is being specified in [ICETCP]. ICE
   defines SDP),
        however they are a new "a=candidate" attribute, which, among other things,
   indicates fact of life in some deployment scenarios
        currently and hence deserves consideration.

        If the possible transport protocol(s) intermediary needs to use and then
   associates a priority with each understand the characteristics of them. The most preferred transport
   protocol that *successfully* verifies connectivity will end up the
        media sessions being
   used.

   When using ICE, it is thus possible that negotiated, e.g. the amount of bandwidth used or
        the transport protocol that
   will be used differs from what is specified in negotiated, then use of the "m=" line.
   Furthermore, since both ICE and SDP Capability
        Negotiation framework may now
   specify alternative transport protocols, there is a potentially
   unintended interaction when using these together.

   We provide the following guidelines for addressing that.

   There impact them. For example, some
        intermediaries are two basic scenarios to consider here:

   1) A particular media stream can run over different transport
   protocols (e.g. UDP, TCP, or TCP/TLS), and the intent is simply known to
   use the one that works (in (currently) disallow answers where the preference order specified).

   2) A particular media stream can run over different
        transport
   protocols (e.g. UDP, TCP, or TCP/TLS) and the intent is to have protocol differs from the
   negotiation process decide which one to use (e.g. T.38 over TCP or
   UDP).

   In scenario 1, there should be ICE "a=candidate" attributes for UDP,
   TCP, etc. but otherwise nothing special in the potential
   configuration attributes to indicate the desire to use different
   transport protocols (e.g. UDP, or TCP). The ICE procedures
   essentially cover offer. Use of the capability negotiation required (by having SDP
        Capability Negotiation framework in the
   answerer select something it supports and then use presence of trial and
   error).

   Scenario 2 does not require a such
        intermediaries could lead to session failures. Intermediaries that
        need to support or use ICE. Instead, we
   simply authorize use of network resources based on the negotiated
        media stream parameters are affected as well. If they inspect only
        the offer, then they may authorize parameters assuming a different
        transport protocol capabilities protocol, codecs, etc. than what is actually being
        negotiated. For these, and potential
   configuration attributes to indicate other, reasons it is RECOMMENDED that
        implementers of intermediaries add support for the desired outcome. SDP Capability
        Negotiation framework.

        The scenarios may be combined, e.g. SDP Capability Negotiation framework itself attempts to help out
        these intermediaries as well, by offering optionally performing a second
        offer/answer exchange when use of a potential configuration alternatives where some of them can support one
   transport protocol only (e.g. UDP), whereas others can support
   multiple transport protocols (e.g. UDP or TCP). In that case, has been
        negotiated (see Section 3.7.3. ). However, there
   is a need for tight control over are several
        limitations with this approach. First of all, the ICE candidates that will
   actually second offer/answer
        exchange is not required and hence may not be used for a particular configuration, yet performed. Secondly,
        the actual
   configuration intermediary may want refuse the initial answer, e.g. due to use all of them. In that case, perceived
        transport protocol mismatch. Thirdly, the ICE
   candidate attributes can be defined as attribute capabilities and strategy is not foolproof,
        since the
   relevant ones should then be included in offer/answer procedures [RFC3264] leave the proper potential
   configurations (for example candidate attributes for UDP only for
   potential configurations that are restricted to UDP, whereas there
   could be candidate attributes for UDP, TCP, and TCP/TLS for potential
   configurations that can use all three). Furthermore, use of original
        offer/answer exchange in effect when a subsequent one fails; consider
        the
   delete-attributes, as well as following example:

        1. Offerer generates an SDP offer with the DELETE actual configuration
           specifying a low bandwidth configuration (e.g. plain RTP) and REPLACE operators on
   attribute capabilities in a
           potential configuration can be used to
   ensure that ICE will not end up using specifying a transport protocol high(er) bandwidth
           configuration (e.g. secure RTP with integrity).

        2. An intermediary (e.g. an SBC or P-CSCF), that is does not desired.

3.8. Processing Media before Answer support SDP
           Capability Negotiation, authorizes the session based on the actual
           configuration it sees in the SDP.

        3. The offer/answer model requires answerer chooses the high(er) bandwidth potential
           configuration and generates an answer SDP based on that.

        4. The intermediary passes through the answer SDP.

        5. The offerer to be able to receive
   media in accordance with sees the accepted answer, and generates an updated
           offer prior to receiving the answer.
   This property is retained with that contains the SDP capability negotiation
   extensions defined here, but only when selected potential configuration as the
           actual configuration is
   selected by configuration. In other words, the answerer. If a potential high(er) bandwidth
           configuration (which has already been negotiated successfully) is chosen, it
   is permissible for
           now the offerer to not process any media received
   before actual configuration in the answer is received. This however may lead to clipping.

   In offer SDP.

        6. The intermediary sees the case of SIP, this issue could be solved easily by defining a
   precondition [RFC3312] for capability negotiation, new offer, however
   preconditions are viewed as complicated to implement and they add to
   overall session establishment delay by requiring an extra
   offer/answer exchange. An alternative is therefore desirable.

   The SDP capability negotiation framework it does not define such an
   alternative, however extensions may do so. For example, one technique
   proposed for best-effort SRTP in [BESRTP] is to provide different RTP
   payload type mappings for different transport protocols used, outside authorize
           the use of the actual high(er) bandwidth configuration, while still allowing them and consequently
           generates a rejection message to be used by the answerer (exchange of keying material is still needed). offerer.

        7. The basic
   SDP capability negotiation framework defined here does not include offerer receives the ability to do so, however extensions that enable rejected offer.

        After step 7, per RFC 3264, the offer/answer exchange that completed
        in step 5 remains in effect, however the intermediary may be
   defined.

3.9. not have
        authorized the necessary network resources and hence the media stream
        may experience quality issues. The solution to this problem is to
        upgrade the intermediary to support the SDP Capability Negotiation
        framework.

     3.13. Considerations for Specific Attribute Capabilities

3.9.1.

     3.13.1. The rtpmap and fmtp Attributes

        The core SDP Capability Negotiation framework defines transport
        capabilities and attribute capabilities. Media capabilities, which
        can be used to describe media formats and their associated
        parameters, are not defined in this document, however the "rtpmap"
        and "fmtp" attributes can nevertheless be used as attribute
        capabilities. Using such attribute capabilities in a potential
        configuration requires a bit of care though.

        The rtpmap parameter binds an RTP payload type to a media format
   (codec).
        (e.g. codec). While it is possible to provide rtpmaps for payload
        types not found in the corresponding "m=" line, such rtpmaps provide
        no value in normal offer/answer exchanges, since only the payload
        types found in the "m=" line is are part of the offer (or answer). This
        applies to the core SDP capability negotiation Capability Negotiation framework as well:
        Only the media formats (e.g. RTP payload types) provided in the "m="
        line are actually offered; inclusion of rtpmap attributes with other
        RTP payload types in a potential configuration does not change this
        fact and hence they do not provide any useful information. information there. They
        may still be useful as pure capabilities though (outside a potential
   configuration).
        configuration) in order to inform a peer of additional codec
        supported.

        It is possible to provide an rtpmap attribute capability with a
        payload type mapping to a different codec than a corresponding actual
        configuration "rtpmap" attribute for the media description has. Such
        practice is permissible as a way of indicating a capability. If that
        capability is included in a potential configuration, then delete-
        attributes and/or DELETE/REPLACE attribute capability operators (see Section 3.6.1. ) MUST be used to ensure that there is
        not multiple rtpmap attributes for the same payload type in a given
        media description, which description (which would not be allowed by SDP [RFC4566]. [RFC4566]).

        Similar considerations and rules apply to the "fmtp" attribute. An
        fmtp attribute capability for a media format not included in the "m="
        line is useless in a potential configuration (but may be useful as a
        capability by itself) . itself). An fmtp attribute capability in a potential
        configuration for a media format that already has an fmtp attribute
        in the actual configuration may lead to multiple fmtp format
        parameters for that media format and that is not allowed by SDP
        [RFC4566]. The delete-attributes and/or DELETE/REPLACE attribute
   capability operators MUST be used to ensure that there is
        not multiple fmtp attributes for a given media format in a media
        description.

        Extensions to the core SDP capability negotiation Capability Negotiation framework of course may
        change the above behavior.

3.9.2.

     3.13.2. Direction Attributes

        SDP defines the "inactive", "sendonly", "recvonly", and "sendrecv"
        direction attributes. The direction attributes can be applied at
        either the session-level or the media-level. In either case, it is
        possible to define attribute capabilities for these direction
        capabilities. Note that if used by a potential configuration, then
        the normal offer/answer procedures still apply. For example, if an
        offered potential configuration includes the "sendonly" direction
        attribute, and it is selected as the actual configuration, then the
        answer must MUST include a corresponding "recvonly" (or "inactive")
        attribute.

     4. Examples

        In this section, we provide examples showing how to use the SDP
        Capability Negotiation.

     4.1. Best-Effort Secure RTP

        The following example illustrates how to use the SDP Capability
   negotiation
        Negotiation extensions to support so-called Best-Effort Secure RTP.
        In that scenario, the offerer supports both RTP and Secure RTP. If
        the answerer does not support secure RTP (or the SDP capability
   negotiation Capability
        Negotiation extensions), an RTP session will be established. However,
        if the answerer supports Secure RTP and the SDP Capability
        Negotiation extensions, a Secure RTP session will be established.

        The best-effort Secure RTP negotiation is illustrated by the
        offer/answer exchange below, where Alice sends an offer to Bob:

                     Alice                               Bob

                       | (1) Offer (SRTP and RTP)         |
                       |--------------------------------->|
                       |                                  |
                       | (2) Answer (SRTP)                |
                       |<---------------------------------|
                       |                                  |
                       | (3) Offer (SRTP)                 |
                       |--------------------------------->|
                       |                                  |
                       | (4) Answer (SRTP)                |
                       |<---------------------------------|
                       |                                  |

        Alice's offer includes RTP and SRTP as alternatives. RTP is the
        default, but SRTP is the preferred one:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/AVP 0 18
           a=tcap:1 RTP/SAVP RTP/AVP
           a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
              FEC_ORDER=FEC_SRTP
           a=pcfg:1 t=1 a=1

        The "m=" line indicates that Alice is offering to use plain RTP with
        PCMU or G.729.  The capabilities are provided by the "a=tcap" and
        "a=acap" attributes.  The "tcap" capability indicates that both
        Secure RTP and normal RTP are supported. The "acap" attribute
        provides an attribute capability with a handle of 1. The capability
        is a "crypto" attribute, which provides the keying material for SRTP
        using SDP security descriptions [SDES]. The "a=pcfg" attribute
        provides the potential configurations included in the offer by
        reference to the capabilities.  A single potential configuration with
        a configuration number of "1" is provided. It includes is the transport
        protocol capability 1 (RTP/SAVP, i.e. secure RTP) together with the
        attribute capability 1, i.e. the crypto attribute provided.  Note
        that attribute capability 1 is mandatory, and hence it must be
        supported in order for the potential configuration to be used.

        Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP
        Capability Negotiation extensions, framework, and hence he accepts the potential
        configuration for Secure RTP provided by Alice:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/SAVP 0 18
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
                 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4
           a=acfg:1 t=1 a=1

        Bob includes the "a=acfg" attribute in the answer to inform Alice
        that he based his answer on an offer containing the potential
        configuration with transport protocol capability 1 and attribute
        capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the
        keying material provided).  Bob also includes his keying material in
        a crypto attribute.

        When Alice receives Bob's answer, session negotiation has completed,
        however Alice nevertheless generates chooses to generate a new offer using the
        actual configuration. This is done purely to assist any middle-boxes
        intermediaries that may reside between Alice and Bob but do not
        support the capability
   negotiation extensions SDP Capability Negotiation framework (and hence may not
        understand the negotiation that just took place):

        Alice's updated offer includes only SRTP, and it is not using the SDP
   capability negotiation extensions
        Capability Negotiation framework (Alice could have included the
        capabilities as well is she wanted to):

           v=0
           o=- 25678 753850 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/SAVP 0 18
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
              FEC_ORDER=FEC_SRTP

        The "m=" line now indicates that Alice is offering to use secure RTP
        with PCMU or G.729.  The "crypto" attribute, which provides the SRTP
        keying material, is included with the same value again.

        Bob receives the SDP offer from Alice, which he accepts, and then
        generates an answer to Alice:

           v=0
           o=- 24351 621815 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/SAVP 0 18
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
                 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4

        Bob includes the same crypto attribute as before, and the session
        proceeds without change. Although Bob did not include any
        capabilities in his answer, he could of course have done so if he wanted to.

        Note that in this particular example, the answerer supported the
   capability extensions SDP
        Capability Negotiation framework, and hence the attributes and
        procedures defined here, however had he not, the answerer would
        simply have ignored the new attributes received in step 1 and
        accepted the offer to use normal RTP. In that case, the following
        answer would have been generated in step 2 instead:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/AVP 0 18

     4.2. Multiple Transport Protocols

        The following example illustrates how to use the SDP Capability
   negotiation
        Negotiation extensions to negotiate use of one out of several
        possible transport protocols. As in the previous example, the offerer
        uses the expected least-common-denominator (plain RTP) as the actual
        configuration, and the alternative transport protocols as the
        potential configurations.

        The example is illustrated by the offer/answer exchange below, where
        Alice sends an offer to Bob:

                     Alice                               Bob

                       | (1) Offer (RTP/[S]AVP[F])        |
                       |--------------------------------->|
                       |                                  |
                       | (2) Answer (RTP/AVPF)            |
                       |<---------------------------------|
                       |                                  |
                       | (3) Offer (RTP/AVPF)             |
                       |--------------------------------->|
                       |                                  |
                       | (4) Answer (RTP/AVPF)            |
                       |<---------------------------------|
                       |                                  |

        Alice's offer includes plain RTP (RTP/AVP), RTP with RTCP-based
        feedback (RTP/AVPF), Secure RTP (RTP/SAVP), and Secure RTP with RTCP-
        based feedback (RTP/SAVPF) and SRTP as alternatives. RTP is the
        default, with RTP/SAVPF, RTP/SAVP, and RTP/AVPF as the alternatives
        and preferred in the order listed:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/AVP 0 18
           a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF
           a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4
              FEC_ORDER=FEC_SRTP
           a=acap:2 a=rtcp-fb:0 nack
           a=pcfg:1 t=1 a=1,2 a=1,[2]
           a=pcfg:2 t=2 a=1
           a=pcfg:3 t=3 a=2 a=[2]

        The "m=" line indicates that Alice is offering to use plain RTP with
        PCMU or G.729. The capabilities are provided by the "a=tcap" and
        "a=acap" attributes.  The "tcap" capability indicates that Secure RTP
        with RTCP-Based feedback (RTP/SAVPF), Secure RTP (RTP/SAVP), and RTP
        with RTCP-Based feedback are supported. The first "acap" attribute
        provides an attribute capability with a handle of 1. The capability
        is a "crypto" attribute, which provides the keying material for SRTP
        using SDP security descriptions [SDES]. The second "acap" attribute
        provides an attribute capability with a handle of 2. The capability
        is an "rtcp-fb" attribute, which is used by the RTCP-based feedback
        profiles to indicate that payload type 0 (PCMU) supports feedback
        type "nack". The "a=pcfg" attributes provide the potential
        configurations included in the offer by reference to the
        capabilities. There are three potential configurations:

        o  Potential configuration 1, which is the most preferred potential
           configuration specifies use of transport protocol capability 1
           (RTP/SAVPF) and attribute capabilities 1 (the "crypto" attribute)
           and 2 (the "rtcp-fb" attribute). Support for the first one is
           mandatory whereas support for the second one is optional.

        o  Potential configuration 2, which is the second most preferred
           potential configuration specifies use of transport protocol
           capability 2 (RTP/SAVP) and mandatory attribute capability 1 (the
           "crypto" attribute).

        o  Potential configuration 3, which is the least preferred potential
           configuration (but the second least preferred configuration
           overall, since the actual configuration provided by the "m=" line
           is always the least preferred configuration), specifies use of
           transport protocol capability 3 (RTP/AVPF) and optional attribute
           capability 2 (the "rtcp-fb" attribute).

        Bob receives the SDP offer from Alice. Bob does not support any
        secure RTP profiles, however he supports plain RTP and RTP with RTCP-
        based feedback, as well as the SDP Capability Negotiation extensions,
        and hence he accepts the potential configuration for RTP with RTCP-
        based feedback provided by Alice:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/AVPF 0 18
           a=rtcp-fb:0 nack
           a=acfg:1 t=3 a=2 a=[2]

        Bob includes the "a=acfg" attribute in the answer to inform Alice
        that he based his answer on an offer containing the potential
        configuration with transport protocol capability 3 and optional
        attribute capability 2 from the offer SDP (i.e. the RTP/AVPF profile
        using the "rtcp-fb" value provided).  Bob also includes an "rtcp-fb"
        attribute with the value "nack" value for RTP payload type 0.

        When Alice receives Bob's answer, session negotiation has completed,
        however Alice nevertheless generates chooses to generate a new offer using the
        actual configuration. This is done purely to assist any middle-boxes
        intermediaries that may reside between Alice and Bob but do not
        support the capability
   negotiation extensions SDP Capability Negotiation framework (and hence may not
        understand the negotiation that just took place):

        Alice's updated offer includes only RTP/AVPF, and it is not using the
        SDP capability negotiation extensions Capability Negotiation framework (Alice could have included the
        capabilities as well is if she wanted to):

           v=0
           o=- 25678 753850 IN IP4 192.0.2.1
           s=
           c=IN IP4 192.0.2.1
           t=0 0
           m=audio 53456 RTP/AVPF 0 18
           a=rtcp-fb:0 nack

        The "m=" line now indicates that Alice is offering to use RTP with
        RTCP-based feedback and using PCMU or G.729.  The "rtcp-fb" attribute
        provides the feedback type "nack" for payload type 0 again (but as
        part of the actual configuration).

        Bob receives the SDP offer from Alice, which he accepts, and then
        generates an answer to Alice:

           v=0
           o=- 24351 621815 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/AVPF 0 18
           a=rtcp-fb:0 nack

        Bob includes the same "rtcp-fb" attribute as before, and the session
        proceeds without change. Although Bob did not include any
        capabilities in his answer, he could of course have done so if he wanted to.

        Note that in this particular example, the answerer supported the
   capability extensions SDP
        Capability Negotiation framework and hence the attributes and
        procedures defined here, however had he not, the answerer would
        simply have ignored the new attributes received in step 1 and
        accepted the offer to use normal RTP. In that case, the following
        answer would have been generated in step 2 instead:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           c=IN IP4 192.0.2.2
           t=0 0
           m=audio 54568 RTP/AVP 0 18

     4.3. Best-Effort SRTP with Session-Level MIKEY and Media Level Security
        Descriptions

        The following example illustrates how to use the SDP Capability
   negotiation
        Negotiation extensions to support so-called Best-Effort Secure RTP as
        well as alternative keying mechanisms, more specifically MIKEY and
        SDP Security Descriptions. The offerer (Alice) wants to establish an
        audio and video session. Alice prefers to use session-level MIKEY as
        the key management protocol, but supports SDP security descriptions
        as well.

        The example is illustrated by the offer/answer exchange below, where
        Alice sends an offer to Bob:

                  Alice                                     Bob

                    | (1) Offer (RTP/[S]AVP[F], SDES|MIKEY)  |
                    |--------------------------------------->|
                    |                                        |
                    | (2) Answer (RTP/SAVP, SDES)            |
                    |<---------------------------------------|
                    |                                        |
                    | (3) Offer (RTP/SAVP, SDES)             |
                    |--------------------------------------->|
                    |                                        |
                    | (4) Answer (RTP/SAVP, SDES)            |
                    |<---------------------------------------|
                    |                                        |

        Alice's offer includes an audio and a video stream. The audio stream
        offers use of plain RTP and secure RTP as alternatives, whereas the
        video stream offers use of plain RTP, RTP with RTCP-based feedback,
        Secure RTP, and Secure RTP with RTCP-based feedback as alternatives:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           t=0 0
           c=IN IP4 192.0.2.1
           a=acap:1 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
           a=tcap:1 RTP/SAVPF RTP/SAVP RTP/AVPF
           m=audio 59000 RTP/AVP 98
           a=rtpmap:98 AMR/8000
           a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=pcfg:1 t=2 a=1|2
           m=video 52000 RTP/AVP 31
           a=rtpmap:31 H261/90000
           a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
           a=acap:4 a=rtcp-fb:* nack
           a=pcfg:1 t=1 a=1,4|3,4
           a=pcfg:2 t=2 a=1|3
           a=pcfg:3 t=3 a=4

        The potential configuration for the audio stream specifies use of
        transport capability 2 (RTP/SAVP) and either attribute capability 1
        (session-level MIKEY as the keying mechanism) or 2 (SDP Security
        Descriptions as the keying mechanism). Support for either of these
        attribute capabilities is mandatory. There are three potential
        configurations for the video stream.

        o  The first configuration with configuration number 1 uses transport
           capability 1 (RTP/SAVPF) with either attribute capabilities 1 and
           4 (session-level MIKEY and the "rtcp-fb" attribute) or attribute
           capabilities 3 and 4 (SDP security descriptions and the "rtcp-fb"
           attribute). In this example, the offerer insists on not only the
           keying mechanism being supported, but also that the "rtcp-fb"
           attribute is supported with the value indicated. Consequently, all
           the attribute capabilities are marked as mandatory in this
           potential configuration.

        o  The second configuration with configuration number 2 uses
           transport capability 2 (RTP/SAVP) and either attribute capability
           1 (session-level MIKEY) or attribute capability 3 (SDP security
           descriptions). Both attribute capabilities are mandatory in this
           configuration.

        o  The third configuration with configuration number 3 uses transport
           capability 3 (RTP/AVPF) and mandatory attribute capability 4 (the
           "rtcp-fb" attribute).

        Bob receives the SDP offer from Alice. Bob supports Secure RTP,
        Secure RTP with RTCP-based feedback and the SDP Capability
        Negotiation extensions. Bob also supports SDP Security Descriptions,
        but not MIKEY, and hence he generates the following answer:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           t=0 0
           c=IN IP4 192.0.2.2
           m=audio 54568 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
           a=acfg:1 t=2 a=2
           m=video 55468 RTP/SAVPF 31
           a=rtpmap:31 H261/90000
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
           a=rtcp-fb:* nack
           a=acfg:1 t=1 a=3,4

        For the audio stream, Bob accepted the use of secure RTP, and hence
        the profile in the "m=" line is "RTP/SAVP". Bob also includes a
        "crypto" attribute with his own keying material, and an "acfg"
        attribute identifying actual configuration 1 for the audio media
        stream from the offer, using transport capability 2 (RTP/SAVP) and
        attribute capability 2 (the crypto attribute from the offer). For the
        video stream, Bob accepted the use of secure RTP with RTCP-based
        feedback, and hence the profile in the "m=" line is "RTP/SAVPF". Bob
        also includes a "crypto" attribute with his own keying material, and
        an "acfg" attribute identifying actual configuration 1 for the video
        stream from the offer, using transport capability 1 (RTP/SAVPF) and
        attribute capabilities 3 (the crypto attribute from the offer) and 4
        (the "rtcp-fb" attribute from the offer).

        When Alice receives Bob's answer, session negotiation has completed,
        however Alice nevertheless generates chooses to generate a new offer using the
        actual configuration. This is done purely to assist any middle-boxes
        intermediaries that may reside between Alice and Bob but do not
        support the capability negotiation extensions (and hence may not
        understand the negotiation that just took place):

        Alice's updated offer includes only SRTP for the audio stream SRTP
        with RTCP-based feedback for the video stream, and it is not using
        the SDP capability negotiation extensions Capability Negotiation framework (Alice could have included
        the capabilities as well is she wanted to):

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           t=0 0
           c=IN IP4 192.0.2.1
           m=audio 59000 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           m=video 52000 RTP/SAVPF 31
           a=rtpmap:31 H261/90000
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
           a=rtcp-fb:* nack

        The "m=" line for the audio stream now indicates that Alice is
        offering to use secure RTP with PCMU or G.729, whereas the "m=" line
        for the video stream now indicates that Alice is offering to use secure
        RTP with RTCP-based feedback with and H.261. Each media stream includes a
        "crypto" attribute, which provides the SRTP keying material, with the
        same value again.

        Bob receives the SDP offer from Alice, which he accepts, and then
        generates an answer to Alice:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           t=0 0
           c=IN IP4 192.0.2.2
           m=audio 54568 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
           m=video 55468 RTP/SAVPF 31
           a=rtpmap:31 H261/90000
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
           a=rtcp-fb:* nack

        Bob includes the same crypto attribute as before, and the session
        proceeds without change. Although Bob did not include any
        capabilities in his answer, he could of course have done so if he wanted to.

        Note that in this particular example, the answerer supported the
        capability extensions defined here, however had he not, the answerer
        would simply have ignored the new attributes received in step 1 and
        accepted the offer to use normal RTP. In that case, the following
        answer would have been generated in step 2 instead:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           t=0 0
           c=IN IP4 192.0.2.2
           m=audio 54568 RTP/AVP 98
           a=rtpmap:98 AMR/8000
           m=video 55468 RTP/AVP 31
           a=rtpmap:31 H261/90000
           a=rtcp-fb:* nack

        Finally, if Bob had chosen to use session-level MIKEY instead of SDP
        security descriptions instead, the following answer would have been
        generated:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           t=0 0
           c=IN IP4 192.0.2.1
           a=key-mgmt:mikey AQEFgM0XflABAAAAAAAAAAAAAAYAyO...
           m=audio 59000 RTP/AVP 98
           a=rtpmap:98 AMR/8000
           a=acfg:1 t=2 a=1
           m=video 52000 RTP/SAVPF 31
           a=rtpmap:31 H261/90000
           a=rtcp-fb:* nack
           a=acfg:1 t=1 a=1,4

        It should be noted, that although Bob could have chosen session-level
        MIKEY for one media stream, and SDP Security Descriptions for another
        media stream, there are no well-defined offerer processing rules of
        the resulting answer for this, and hence the offerer may incorrectly
        assume use of MIKEY for both streams. To avoid this, if the answerer
        chooses session-level MIKEY, then all secure RTP based media streams
        SHOULD use MIKEY (this applies irrespective of whether SDP capability
   negotiation Capability
        Negotiation is being used or not). Use of media-level MIKEY does not
        have a similar constraint.

     4.4. SRTP with Session-Level MIKEY and Media Level Security Descriptions
        as Alternatives

        The following example illustrates how to use the SDP Capability
   negotiation extensions
        Negotiation framework to negotiate use of either MIKEY or SDP
        Security Descriptions, when one of them is included as part of the
        actual configuration, and the other one is being selected. The
        offerer (Alice) wants to establish an audio and video session. Alice
        prefers to use session-level MIKEY as the key management protocol,
        but supports SDP security descriptions as well.

        The example is illustrated by the offer/answer exchange below, where
        Alice sends an offer to Bob:

                  Alice                                     Bob

                    | (1) Offer (RTP/[S]AVP[F], SDES|MIKEY)  |
                    |--------------------------------------->|
                    |                                        |
                    | (2) Answer (RTP/SAVP, SDES)            |
                    |<---------------------------------------|
                    |                                        |

        Alice's offer includes an audio and a video stream. Both the audio
        and the video stream offer use of secure RTP:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           t=0 0
           c=IN IP4 192.0.2.1
           a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
      a=acap:1 a=key-mgmt
           m=audio 59000 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
      a=acap:2
           a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=pcfg:1 a=-1,2 a=-s:1
           m=video 52000 RTP/SAVP 31
           a=rtpmap:31 H261/90000
      a=acap:3
           a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
           a=pcfg:1 a=-1,3 a=-s:2

        Alice does not know whether Bob supports MIKEY or SDP Security
        Descriptions. She could include attributes for both, however the
        resulting procedures and potential interactions are not well-defined.
        Instead, she places a session-level key-mgmt attribute for MIKEY in
        the actual configuration with SDP security descriptions as an
        alternative in the potential configuration. Note the presence of
   attribute capability 1; it merely lists the "a=key-mgmt" attribute
   without any associated value. The potential
        configuration for the audio stream specifies that attribute capability 1 is all session level
        attributes are to be deleted (i.e. any the session-level "a=key-mgmt" attributes)
        attribute) and that mandatory attribute capability 2 is to be used
        (i.e. the crypto attribute). The potential configuration for the
        video stream is similar, except it uses it's own mandatory crypto
        attribute capability (3). (2). Note how deletion of the session-level
        attributes does not affect the media-level attributes.

        Bob receives the SDP offer from Alice. Bob supports Secure RTP and
        the SDP Capability Negotiation extensions. framework. Bob also supports both SDP
        Security Descriptions and MIKEY. Since the potential configuration is
        more preferred than the actual configuration, he Bob (conceptually)
        generates an internal potential configuration SDP that contains the
        crypto attributes for the audio and video stream, but not the key-
        mgmt attribute for MIKEY, thereby avoiding any ambiguity between the
        two keying mechanisms. As a result, he generates the following
        answer:

           v=0
           o=- 24351 621814 IN IP4 192.0.2.2
           s=
           t=0 0
           c=IN IP4 192.0.2.2
           m=audio 54568 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:WSJ+PSdFcGdUJShpX1ZjNzB4d1BINUAvLEw6UzF3|2^20|1:32
           a=acfg:1 a=-1,2 a=-s:1
           m=video 55468 RTP/SAVP 31
           a=rtpmap:31 H261/90000
           a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:AwWpVLFJhQX1cfHJSojd0RmdmcmVCspeEc3QGZiN|2^20|1:32
           a=acfg:1 a=-1,3 a=-s:2

        For the audio stream, Bob accepted the use of secure RTP using SDP
        security descriptions. Bob therefore includes a "crypto" attribute
        with his own keying material, and an "acfg" attribute identifying
        actual configuration 1 for the audio media stream from the offer,
        with attribute capability 1 deleted, the delete-attributes ("-s") and attribute capability 2
   included 1 (the
        crypto attribute from the offer). For the video stream, Bob also
        accepted the use of secure RTP using SDP security
   descriptions. Bob therefore includes a "crypto" attribute with his
   own keying material, and an "acfg" attribute identifying use of secure RTP using SDP security descriptions. Bob
        therefore includes a "crypto" attribute with his own keying material,
        and an "acfg" attribute identifying actual configuration 1 for the
        video stream from the offer, with the delete-attributes ("-s") and
        attribute capability 2.

        Below, we illustrate the offer SDP, when Bob instead offers the
        "crypto" attribute as the actual configuration keying mechanism and
        "key-mgmt" as the potential configuration:

           v=0
           o=- 25678 753849 IN IP4 192.0.2.1
           s=
           t=0 0
           c=IN IP4 192.0.2.1
           a=acap:1 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...
           m=audio 59000 RTP/SAVP 98
           a=rtpmap:98 AMR/8000
           a=crypto:1 AES_CM_128_HMAC_SHA1_32
              inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
           a=acap:2 a=rtpmap:98 AMR/8000
           a=pcfg:1 a=-m:1,2
           m=video 52000 RTP/SAVP 31
           a=rtpmap:31 H261/90000
           a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80
              inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
           a=acap:4 a=rtpmap:31 H261/90000
           a=pcfg:1 a=-m:1,4

        Note how we this time need to perform delete-attributes at the media-
        level instead of the session-level. When doing that, all attributes
        from the actual configuration 1 for the video stream from SDP, including the offer, with attribute
   capability 1 deleted, rtpmaps provided,
        are removed. Consequently, we had to include these rtpmaps as
        capabilities as well, and attribute capability 3 included. then include them in the potential
        configuration, thereby effectively recreating the original rtpmap
        attributes in the resulting potential configuration SDP.

     5. Security Considerations

        The SDP Capability Negotiation Framework is defined to be used within
        the context of the offer/answer model, and hence all the offer/answer
        security considerations apply here as well. Similarly, the Session
        Initiation Protocol (SIP) uses SDP and the offer/answer model, and
        hence, when used in that context, the SIP security considerations
        apply as well.

        However, SDP Capability Negotiations Negotiation introduces additional security
        issues. Its use as a mechanism to enable alternative transport
        protocol negotiation (secure and non-secure) as well as its ability
        to negotiate use of more or less secure keying methods and material
        warrant further security considerations. Also, the (continued)
        support for receiving media before answer combined with negotiation
        of alternative transport protocols (secure and non-secure) warrant
        further security considerations. We discuss these issues below.

        The SDP capability negotiation Capability Negotiation framework allows for an offered media
        stream to both indicate and support various levels of security for
        that media stream. Different levels of security can for example be
        negotiated by use of alternative attribute capabilities each
        indicating more or less secure keying methods as well as more or less
        strong ciphers. Since the offerer indicates support for each of these
        alternatives, he will presumably accept the answerer seemingly
        selecting any of the offered alternatives. If an attacker can modify
        the SDP offer, he can thereby force the negotiation of the weakest
        security mechanism that the offerer is willing to accept. This may in
        turn enable the attacker to compromise the security of the negotiated
        media stream. Similarly, if the offerer wishes to negotiate use of a
        secure media stream (e.g. secure RTP), but includes a non-secure
        media stream (e.g. plain RTP) as a valid (but less preferred)
        alternative, then an attacker that can modify the offered SDP will be
        able to force the establishment of an insecure media stream. The
        solution to both of these problems involves the use of integrity
        protection over the SDP. Ideally, this integrity protection provides
        end-to-end integrity protection in order to protect from any man-in-
        the-middle attack; secure multiparts such as S/MIME [SMIME] provide
        one such solution, however S/MIME requires use and availability of a
        Public Key Infrastructure (PKI). A slightly less secure alternative
        when using SIP, but generally much easier to deploy in practice
        (since it does not require a PKI), is to use SIP Identity [RFC4474];
        this requires the existence of an authentication service (see
        [RFC4474]). Yet another, and considerably less secure, alternative is
        to use hop-by-hop security only, e.g. TLS or IPSec thereby ensuring
        the integrity of the offered SDP on a hop-by-hop basis. Note however
        that SIP proxies or other intermediaries processing the SIP request
        at each hop are able to perform a man-in-the-middle attack by
        modifying the offered SDP.

        Per the normal offer/answer procedures, as soon as the offerer has
        generated an offer, the offerer must be prepared to receive media in
        accordance with that offer. The SDP Capability Negotiation preserves
        that behavior for the actual configuration in the offer, however the
        offerer has no way of knowing which configuration (actual or
        potential) configuration was actually selected by the offerer, until
        an answer indication is received. This opens up a new security issue
        where an attacker may be able to interject media towards the offerer
        until the answer is received. For example, the offerer may use plain
        RTP as the actual configuration and secure RTP as an alternative
        potential configuration. Even though the answerer selects secure RTP,
        the offerer will not know that until he receives the answer, and
        hence an attacker will be able to send media to the offerer
        meanwhile. The easiest protection against such an attack is to not
        offer use of the non-secure media stream in the actual configuration,
        however that may in itself have undesirable side-effects: If the
        answerer does not support the non-secure secure media stream and also does not
        support the capability negotiation framework, then negotiation of the
        media stream will fail. Alternatively, SDP security preconditions
        [sprecon] can be used. This will ensure that media is not flowing
        until session negotiation has completed and hence the selected
        configuration is known. Use of preconditions however requires both
        side to support them. If they don't, and use of them is required, the
        session will fail. As a (limited) work around to this, it is
        RECOMMENDED that SIP entities generate an answer SDP and send it to
        the offerer as soon as possible, for example in a 183 Session
        Progress message. This will limit the time during which an attacker
        can send media to the offerer. Section 3.10. presents other
        alternatives as well.

        Additional security considerations apply to the answer SDP as well.
        The actual configuration attribute tells the offerer which potential
        configuration the answer was actually based on, and hence an attacker
        that can either modify or remove the actual configuration attribute
        in the answer can cause session failure as well as extend the time
        window during which the offerer will accept incoming media that does
        not conform to conform to the actual answer. The solutions to this SDP answer
        integrity problem are the same as for the offer, i.e. use of end-to-
        end integrity protection, SIP identity, or hop-by-hop protection. The
        mechanism to use depends on the mechanisms supported by the offerer
        as well as the acceptable security trade-offs.

        As described in Section 3.1. , SDP Capability Negotiation
        conceptually allows an offerer to include many different offers in a
        single SDP. This can in turn cause the answerer to process a large
        number of alternative potential offers, which can consume significant
        memory and CPU resources. An attacker can use this amplification
        feature to launch a denial of service attack against the answerer.
        The answerer MUST protect itself from such attacks. As explained in
        Section 3.11. , the answerer can help reduce the effects of such an
        attack by first discarding all potential configurations that contain
        unsupported transport protocols and/or unsupported or invalid
        mandatory attribute capabilities. The answerer SHOULD also look out
        for potential configurations that are designed to pass the above
        test, but nevertheless produce a large number of potential
        configuration SDPs that cannot be supported.

          A possible way of achieving that is for an attacker to find a
          valid session-level attribute that causes conflicts or otherwise
          interferes with individual media description configurations.
          Currently, we do not know of such an SDP attribute, however this
          does not mean it doesn't exist, or that it will not exist in the actual answer. The solutions to this SDP answer
   integrity problem
          future. If such attributes are the same as for the offer, i.e. use found to exist, implementers should
          explicitly protect against them.

        A significant number of end-to-
   end integrity protection, SIP identity, or hop-by-hop protection. The
   mechanism valid and supported potential configurations
        may remain. However, since all of those contain only valid and
        supported transport protocols and attributes, it is expected that
        only a few of them will need to use depends be processed on average. Still, the mechanisms supported by the offerer
        answerer MUST ensure that it does not needlessly consume large
        amounts of memory and CPU resources when processing those as well as
        be prepared to handle the acceptable security trade-offs. case where a large number of potential
        configurations still need to be processed.

     6. IANA Considerations

     6.1. New SDP Attributes

        The IANA is hereby requested to register the following new SDP
        attributes as follows:

        Attribute name:      csup
        Long form name:      Supported capability negotiation extensions
        Type of attribute:   Session-level and media-level
        Subject to charset:  No
        Purpose:             Option tags for supported SDP capability
                             negotiation extensions
        Appropriate values:  See Section 3.3.1. 3.4.1.

        Attribute name:      creq
        Long form name:      Required capability negotiation extensions
        Type of attribute:   Session-level and media-level
        Subject to charset:  No
        Purpose:             Option tags for required SDP capability
                             negotiation extensions
        Appropriate values:  See Section 3.3.2. 3.4.2.

        Attribute name:      acap
        Long form name:      Attribute capability
        Type of attribute:   Session-level and media-level
        Subject to charset:  No
        Purpose:             Attribute capability containing an attribute
                             name and associated value
        Appropriate values:  See Section 3.4.1. 3.5.1.

        Attribute name:      tcap
        Long form name:      Transport Protocol Capability
        Type of attribute:   Session-level and media-level
        Subject to charset:  No
        Purpose:             Transport protocol capability listing one or
                             more transport protocols
        Appropriate values:  See Section 3.4.2. 3.5.2.

        Attribute name:      pcfg
        Long form name:      Potential Configuration
        Type of attribute:   Media-level
        Subject to charset:  No
        Purpose:             Potential configuration for SDP capability
                             negotiation
        Appropriate values:  See Section 3.5.1. 3.6.1.

        Attribute name:      acfg
        Long form name:      Actual configuration
        Type of attribute:   Media-level
        Subject to charset:  No
        Purpose:             Actual configuration for SDP SDP capability
                             negotiation
        Appropriate values:  See Section 3.6.2.

     6.2. New SDP Capability Negotiation Option Tag Registry

        The IANA is hereby requested to create a new SDP Capability
        Negotiation Option Tag registry. An IANA SDP Capability Negotiation
        option tag registration MUST be documented in an RFC in accordance
        with the [RFC2434] Specification Required policy. The RFC MUST
        provide the name of the option tag, a syntax and a semantic
        specification of any new SDP attributes and any extensions to the
        potential and actual configuration attributes provided in this
        document. New SDP attributes that are intended to be capabilities for
        use by the capability negotiation
   Appropriate values:  See framework MUST adhere to the
        guidelines provided in Section 3.5.2.

6.2. 3.5.3. Extensions to the potential and
        actual configuration attributes MUST adhere to the syntax provided in
        Section 3.6.1. and 3.6.2.

        The option tag "cap-v0" is defined in this document and the IANA is
        hereby requested to register this option tag.

     6.3. New SDP Capability Negotiation Option Tag Potential Configuration Parameter
        Registry

        The IANA is hereby requested to create a new SDP Capability
        Negotiation Option Tag Potential Configuration Parameter registry. An IANA SDP capability negotiation
   option tag
        Capability Negotiation potential configuration registration MUST be
        documented in an RFC in accordance with the [RFC2434] Specification
        Required policy. The RFC MUST
   provide define the syntax and semantics of each
        new potential configuration parameter. The syntax MUST adhere to the
        syntax provided for extensions in Section 3.6.1. and the semantics
        MUST adhere to the semantics provided for extensions in Section
        3.6.1. and 3.6.2. Associated with each registration MUST be the
        encoding name for the parameter as well as a short descriptive name
        for it.

        The potential configuration parameters "a" for "attribute" and "t"
        for "transport protocol" are defined in this document and the IANA is
        hereby requested to register these.

     7. Acknowledgments

        This document is heavily influenced by the discussions and work done
        by the SDP Capability Negotiation Design team. The following people
        in particular provided useful comments and suggestions to either the
        document itself or the overall direction of the option tag, a syntax and solution defined in
        here: Francois Audet, John Elwell, Roni Even, Robert Gilman, Cullen
        Jennings, Jonathan Lennox, Matt Lepinski, Joerg Ott, Colin Perkins,
        Jonathan Rosenberg, Thomas Stach, and Dan Wing.

     8. Change Log

     8.1. draft-ietf-mmusic-sdp-capability-negotiation-06

        o  Added additional background text on terminology used, and a new
           section on the negotiation model.

        o  Allowed for session-level attribute capabilities to contain media-
           level only attributes, albeit the base framework does not define
           (or allow) them to be used in a semantic
   specification of any new SDP potential configuration
           (extensions may change that)

        o  Disallowing multiple "a=tcap" attributes at the session-level
           and/or on a per media description basis; at most one at the
           session-level and any extensions to per media description now.

        o  Changed the "a=pcfg" attribute to make a potential and actual configuration attributes provided
           list optional in this
   document. New SDP attributes that are intended order to be capabilities allow for
   use by the capability negotiation framework MUST adhere actual configuration to be
           referenced.

        o  Removed the
   guidelines provided in Section 3.4.3. Extensions ability to the potential delete and replace individual attributes
           from the actual configuration attributes MUST adhere to SDP.

        o  Introduced the syntax provided in
   Section 3.5.1. notion of mandatory and 3.5.2.

   The option tag "cap-v0" is defined optional attribute
           capabilities in this document and the IANA is
   hereby requested to register this option tag.

6.3. New SDP Capability Negotiation Potential Configuration Parameter
   Registry

   The IANA is hereby requested to create a new SDP Capability
   Negotiation Potential Configuration Parameter registry. An IANA SDP
   Capability Negotiation potential configuration registration MUST be
   document in an RFC in accordance with the [RFC2434] Specification
   Required policy. The RFC MUST define and updated the syntax "a=pcfg"
           attribute and semantics of each
   new associated procedures accordingly.

        o  Specified that mandatory attribute capabilities and the transport
           protocol (if any) from a potential configuration parameter. The syntax MUST adhere need to the
   syntax provided for extensions be
           supported in Section 3.5.1. and the semantics
   MUST adhere order to the semantics provided for extensions select that potential configuration.
           Offer/answer procedures updated accordingly as well.

        o  Noted potential interaction and synchronization issues with use of
           session-level attributes and attribute capabilities and added
           recommendation to avoid use of session-level attributes when
           possible.

        o  Fixed error in Section
   3.5.1. "a=acfg" grammar (missing config-number) and 3.5.2. Associated
           updated attribute definition in accordance with each registration MUST be the
   encoding name "a=pcfg"
           attribute changes.

        o  Updated text associated with processing media before answer to
           allow for the parameter playing out garbage or discard until answer received.
           Additional detail on alternative solutions provided as well well.

        o  Added recommendation to send back answer SDP as soon as possible,
           when a short descriptive name
   for it.

   The potential configuration parameters "a" for "attribute" and "t"
   for "transport protocol" are defined in this document and different from the IANA is
   hereby requested to register these.

7. To Do actual
           configuration has been chosen.

        o  Added new section on interactions with SIP option tags.

        o  Added new section on dealing with large number of potential
           configurations.

        o  Added new section on SDP capability negotiation and Open Issues
           intermediaries.

        o  Add additional  Updated examples showing in accordance with other changes and to
           illustrate use of delete-attributes mandatory and the
      DELETE/REPLACE optional attribute capability operators.

8. Acknowledgments

   This document is heavily influenced by the discussions and work done
   by the SDP Capability Negotiation Design team. The following people capabilities in particular provided useful comments and suggestions
           a potential configuration.

        o  Updated security considerations to either the
   document itself or the overall direction address potential denial of the solution defined in
   here: Francois Audet, John Elwell, Roni Even, Robert Gilman, Cullen
   Jennings, Matt Lepinski, Joerg Ott, Colin Perkins, Thomas Stach, and
   Dan Wing.

9. Change Log

9.1.
           service attack caused by large number of potential configurations.

        o  Various editorial updates throughout.

     8.2. draft-ietf-mmusic-sdp-capability-negotiation-05

        o  Allowed for '<type>=<value>' attributes to be listed as attribute
           capabilities the attribute name only.

        o  Changed IP-address to conform to RFC 3330 guidelines.

        o  Added section on relationship to RFC 3407 and "Obsoletes: 3407" in
           the front.

        o  Disallowed use of white space in a number of places for more
           consistency with existing SDP practice

        o  Changed "csup" and "creq" attributes to not allow multiple
           instances at the session-level and multiple instances per media
           description (only one for each now)

        o  Changed to not require use of "creq" with base option tag ("cap-
           v0").

        o  Relaxed restrictions on extension capabilities
        o  Updated potential configuration attribute syntax and semantics. In
           particular, potential configuration attributes can now replace and
           delete various existing attributes in original SDP to better
           control potential attribute interactions with the actual
           configuration while preserving message size efficiency.

        o  Updated actual configuration attribute to align with the updates
           to the potential configuration attributes.

        o  Updated offer/answer procedures to align with other changes.

        o  Changed recommendation for second offer/answer exchange to "MAY"
           strength, unless for the cases where it is known or suspected that
           it is needed.

        o  Updated ICE interactions to explain how the new attribute
           delete/replace features can solve certain potential interactions.

        o  Updated rtpmap and fmtp section to allow potential configurations
           to use remapped payload types in attribute capabilities for
           rtpmaps and fmtp parameters.

        o  Added section on direction attributes.

        o  Added another example showing SRTP with session-level MIKEY and
           SDP Security Descriptions using the attribute capability DELETE
           operator.

9.2.

     8.3. draft-ietf-mmusic-sdp-capability-negotiation-04

        The following are the major changes compared to version -03:

        o  Added explicit ordering rules for attributes added by potential
           configurations.

        o  Noted that ICE interaction issues (ice-tcp specifically) may not
           be as clear as originally thought.

        o  Added considerations on using rtpmap and fmtp attributes as
           attribute capabilities.

        o  Added multiple transport protocol example.

        o  Added session-level MIKEY and media level security descriptions
           example.

9.3.

     8.4. draft-ietf-mmusic-sdp-capability-negotiation-03

        The following are the major changes compared to version -02:

        o  Base option tag name changed from "v0" to "cap-v0".

        o  Added new section on extension capability attributes

        o  Firmed up offer/answer procedures.

        o  Added security considerations

        o  Added IANA considerations

9.4.

     8.5. draft-ietf-mmusic-sdp-capability-negotiation-02

        The following are the major changes compared to version -01:

        o  Potential configurations are no longer allowed at the session
           level

        o  Renamed capability attributes ("capar" to "acap" and "ctrpr" to
           "tcap")

        o  Changed name and semantics of the initial number (now called
           configuration number) in potential configuration attributes; must
           now be unique and can be used as a handle

        o  Actual configuration attribute now includes configuration number
           from the selected potential configuration attribute

        o  Added ABNF throughout

        o  Specified that answerer should include "a=csup" in case of
           unsupported required extensions in offer.

        o  Specified use of second offer/answer exchange when answerer
           selected a potential configuration

        o  Updated rules (and added restrictions) for referencing media- and
           session-level capabilities in potential configurations (at the
           media level)

        o  Added initial section on ICE interactions

        o  Added initial section on receiving media before answer

9.5.
     8.6. draft-ietf-mmusic-sdp-capability-negotiation-01

        The following are the major changes compared to version -00:

        o  Media capabilities are no longer considered a core capability and
           hence have been removed. This leaves transport protocols and
           attributes as the only capabilities defined by the core.

        o  Version attribute has been removed and an option tag to indicate
           the actual version has been defined instead.

        o  Clarified rules for session-level and media level attributes
           provided at either level as well how they can be used in potential
           configurations.

        o  Potential configuration parameters no longer have implicit
           ordering; an explicit preference indicator is now included.

        o  The parameter name for transport protocols in the potential and
           actual configuration attributes have been changed "p" to "t".

        o  Clarified operator precedence within potential and actual
           configuration attributes.

        o  Potential configurations at the session level now limited to
           indicate latent capability configurations. Consequently, an actual
           configuration attribute can no longer be provided at the session
           level.

        o  Cleaned up capability and potential configuration terminology -
           they are now two clearly different things.

9.6.

     8.7. draft-ietf-mmusic-sdp-capability-negotiation-00

        Version 00 is the initial version. The solution provided in this
        initial version is based on an earlier (individual submission)
        version of [SDPCapNeg]. The following are the major changes compared
        to that document:

        o  Solution no longer based on RFC 3407, but defines a set of similar
           attributes (with some differences).

        o  Various minor changes to the previously defined attributes.

        o  Multiple transport capabilities can be included in a single "tcap"
           attribute
        o  A version attribute is now included.

        o  Extensions to the framework are formally supported.

        o  Option tags and the ability to list supported and required
           extensions are supported.

        o  A best-effort SRTP example use case has been added.

        o  Some terminology change throughout to more clearly indicate what
           constitutes capabilities and what constitutes configurations.

10.

     9. References

10.1.

     9.1. Normative References

        [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
                  Requirement Levels", BCP 14, RFC 2119, March 1997.

        [RFC3264] Rosenberg, J., and H. Schulzrinne, "An Offer/Answer Model
                  with Session Description Protocol (SDP)", RFC 3264, June
                  2002.

        [RFC3407] F. Andreasen, "Session Description Protocol (SDP) Simple
                  Capability Declaration", RFC 3407, October 2002.

        [RFC3605] C. Huitema, "Real Time Control Protocol (RTCP) attribute in
                  Session Description Protocol (SDP)", RFC 3605, October
                  2003.

        [RFC4234] Crocker, D., and P. Overell, "Augmented BNF for Syntax
                  Specifications: ABNF", RFC 4234, October 2005.

        [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
                  Description Protocol", RFC 4566, July 2006.

        [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
                  IANA Considerations Section in RFCs", BCP 26, RFC 2434,
                  October 1998.

10.2.

     9.2. Informative References

        [RFC2046] Freed, N., and N. Borensteain, "Multipurpose Internet Mail
                  Extensions (MIME) Part Two: Media Types", RFC 2046,
                  November 1996.

        [RFC2327] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
                  Description Protocol", RFC 2327, April 1998.

        [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
                  A., Peterson, J., Sparks, R., Handley, M., and E. Schooler,
                  "SIP: Session Initiation Protocol", RFC 3261, June 2002.

        [RFC3388] Camarillo, G., Eriksson, G., Holler, J., and H.
                  Schulzrinne, "Grouping of Media Lines in the Session
                  Description Protocol (SDP)", RFC 3388, December 2002.

        [RFC3551] Schulzrinne, H., and S. Casner, "RTP Profile for Audio and
                  Video Conferences with Minimal Control", RFC 3551, July
                  2003.

        [SRTP]    Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
                  Norrman, "The Secure Real-time Transport Protocol (SRTP)",
                  RFC 3711, March 2004.

        [RFC3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions
                  (S/MIME) Version 3.1 Message Specification", RFC 3851, July
                  2004.

        [RFC4091] Camarillo, G., and J. Rosenberg, The Alternative Network
                  Address Types (ANAT) Semantics for the Session Description
                  Protocol (SDP) Grouping Framework, RFC 4091, June 2005.

        [AVPF]    Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey,
                  "Extended RTP Profile for RTCP-Based Feedback (RTP/AVPF)",
                  Work in Progress, August 2004.

        [I-D.jennings-sipping-multipart] Wing, D., and C. Jennings, "Session
                  Initiation Protocol (SIP) Offer/Answer with Multipart
                  Alternative", Work in Progress, March 2006.

        [SAVPF]   Ott, J., and E Carrara, "Extended Secure RTP Profile for
                  RTCP-based Feedback (RTP/SAVPF)", Work in Progress,
                  December 2005.

        [SDES]    Andreasen, F., Baugher, M., and D. Wing, "Session
                  Description Protocol Security Descriptions for Media
                  Streams", RFC 4568, July 2006.

        [SDPng]   Kutscher, D., Ott, J., and C. Bormann, "Session Description
                  and Capability Negotiation", Work in Progress, February
                  2005.

        [BESRTP]  Kaplan, H., and F. Audet, "Session Description Protocol
                  (SDP) Offer/Answer Negotiation for Best-Effort Secure Real-
                  Time Transport Protocol, Work in progress, August 2006.

        [KMGMT]   Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E.
                  Carrara, "Key Management Extensions for Session Description
                  Protocol (SDP) and Real Time Streaming Protocol (RTSP)",
                  RFC 4567, July 2006.

        [SDPCapNegRqts]   Andreasen, F. "SDP Capability Negotiation:
                  Requirementes and Review of Existing Work", work in
                  progress, December 2006.

        [SDPCapNeg] Andreasen, F. "SDP Capability Negotiation", work in
                  progress, December 2006.

        [MIKEY]   J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K.
                  Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830,
                  August 2004.

        [ICE]     J. Rosenberg, "Interactive Connectivity Establishment
                  (ICE): A Methodology for Network Address Translator (NAT)
                  Traversal for Offer/Answer Protocols", work in progress,
                  January 2007.

        [ICETCP]  J. Rosenberg, "TCP Candidates with Interactive Connectivity
                  Establishment (ICE)", work in progress, October 2006.

        [RFC3312] G. Camarillo, W. Marshall, and J. Rosenberg, "Integration
                  of Resource Management and Session Initiatio Protocol
                  (SIP)", RFC 3312, October 2002.

        [SMIME]   B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions
                  (S/MIME) Version 3.1 Message Specification", RFC 3851, July
                  2004.

        [RFC4474] J. Peterson, and C. Jennings, "Enhancements for
                  Authenticated Identity Management in the Session Initiation
                  Protocol (SIP)", RFC 4474, August 2006.

        [sprecon] Andreasen, F. and D. Wing, "Security Preconditions for
                  Session Description Protocol Media Streams", Work in
                  Progress, October 2006.

        [RFC4756] A. Li, "Forward Error Correction Grouping Semantics in
                  Session Description Protocol", RFC 4756, November 2006.

        [RFC3262] J. Rosenberg, and H. Schulzrinne, "Reliability of
                  Provisional Responses in Session Initiation Protocol
                  (SIP)", RFC 3262, June 2002.

     Author's Addresses

        Flemming Andreasen
        Cisco Systems
        Edison, NJ

        Email: fandreas@cisco.com

     Intellectual Property Statement

        The IETF takes no position regarding the validity or scope of any
        Intellectual Property Rights or other rights that might be claimed to
        pertain to the implementation or use of the technology described in
        this document or the extent to which any license under such rights
        might or might not be available; nor does it represent that it has
        made any independent effort to identify any such rights.  Information
        on the procedures with respect to rights in RFC documents can be
        found in BCP 78 and BCP 79.

        Copies of IPR disclosures made to the IETF Secretariat and any
        assurances of licenses to be made available, or the result of an
        attempt made to obtain a general license or permission for the use of
        such proprietary rights by implementers or users of this
        specification can be obtained from the IETF on-line IPR repository at
        http://www.ietf.org/ipr.

        The IETF invites any interested party to bring to its attention any
        copyrights, patents or patent applications, or other proprietary
        rights that may cover technology that may be required to implement
        this standard.  Please address the information to the IETF at
        ietf-ipr@ietf.org.

     Full Copyright Statement

        Copyright (C) The IETF Trust (2007).

        This document is subject to the rights, licenses and restrictions
        contained in BCP 78, and except as set forth therein, the authors
        retain all their rights.

        This document and the information contained herein are provided on an
        "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
        OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
        THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
        OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
        THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
        WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

     Acknowledgment

        Funding for the RFC Editor function is currently provided by the
        Internet Society.