MMUSIC Working Group F. Andreasen Internet-Draft Cisco Systems Intended Status: Proposed Standard February 19, 2007 Expires: August 2007 SDP Capability Negotiation draft-ietf-mmusic-sdp-capability-negotiation-03.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on August 19, 2007. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract The Session Description Protocol (SDP) was intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. SDP was not intended to provide capability indication or capability negotiation, however over the years, SDP has seen widespread adoption and as a result it has been gradually extended to provide limited support for these. SDP and its current extensions however do not have the ability to negotiate one or more alternative transport protocols Andreasen Expires August 19, 2007 [Page 1] Internet-Draft SDP Capability Negotiation February 2007 (e.g. RTP profiles) which makes it particularly difficult to deploy new RTP profiles such as secure RTP or RTP with RTCP-based feedback. The purpose of this document is to address that and other real-life limitations by extending SDP with capability negotiation parameters and associated offer/answer procedures to use those parameters in a backwards compatible manner. The solution provided in this document provides a general SDP capability negotiation framework. It also defines specifically how to provide attributes and transport protocols as capabilities and negotiate them using the framework. Extensions for other types of capabilities (e.g. media types and formats) may be provided in other documents. Table of Contents 1. Introduction...................................................3 2. Conventions used in this document..............................6 3. SDP Capability Negotiation Solution............................6 3.1. Solution Overview.........................................6 3.2. Version and Extension Indication Attributes...............9 3.2.1. Supported Capability Negotiation Extensions Attribute9 3.2.2. Required Capability Negotiation Extension Attribute.10 3.3. Capability Attributes....................................12 3.3.1. Attribute Capability Attribute......................12 3.3.2. Transport Protocol Capability Attribute.............14 3.3.3. Extension Capability Attributes.....................15 3.4. Configuration Attributes.................................15 3.4.1. Potential Configuration Attribute...................15 3.4.2. Actual Configuration Attribute......................19 3.5. Offer/Answer Model Extensions............................20 3.5.1. Generating the Initial Offer........................20 3.5.2. Generating the Answer...............................23 3.5.2.1. Example Views of Potential Configurations......26 3.5.3. Offerer Processing of the Answer....................28 3.5.4. Modifying the Session...............................29 3.6. Interactions with ICE....................................29 3.7. Processing Media before Answer...........................31 4. Examples......................................................31 4.1. Best-Effort Secure RTP...................................31 4.2. Multiple Transport Protocols.............................34 4.3. Session-Level MIKEY and Media Level Security Descriptions37 4.4. Capability Negotiation with Interactive Connectivity Establishment.................................................37 5. Security Considerations.......................................37 6. IANA Considerations...........................................39 Andreasen Expires August 19, 2007 [Page 2] Internet-Draft SDP Capability Negotiation February 2007 6.1. New SDP Attributes.......................................39 6.2. New SDP Capability Negotiation Option Tag Registry.......40 6.3. New SDP Capability Negotiation Potential Configuration Parameter Registry............................................40 7. To Do and Open Issues.........................................41 8. Acknowledgments...............................................41 Change Log......................................................41 9................................................................41 9.1. draft-ietf-mmusic-sdp-capability-negotiation-03..........41 9.2. draft-ietf-mmusic-sdp-capability-negotiation-02..........41 9.3. draft-ietf-mmusic-sdp-capability-negotiation-01..........42 9.4. draft-ietf-mmusic-sdp-capability-negotiation-00..........43 10. References...................................................44 10.1. Normative References....................................44 10.2. Informative References..................................44 Author's Addresses...............................................47 Intellectual Property Statement..................................47 Full Copyright Statement.........................................47 Acknowledgment...................................................48 1. Introduction The Session Description Protocol (SDP) was intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. The SDP contains one or more media stream descriptions with information such as IP-address and port, type of media stream (e.g. audio or video), transport protocol (possibly including profile information, e.g. RTP/AVP or RTP/SAVP), media formats (e.g. codecs), and various other session and media stream parameters that define the session. Simply providing media stream descriptions is sufficient for session announcements for a broadcast application, where the media stream parameters are fixed for all participants. When a participant wants to join the session, he obtains the session announcement and uses the media descriptions provided, e.g., joins a multicast group and receives media packets in the encoding format specified. If the media stream description is not supported by the participant, he is unable to receive the media. Such restrictions are not generally acceptable to multimedia session invitations, where two or more entities attempt to establish a media session that uses a set of media stream parameters acceptable to all participants. First of all, each entity must inform the other of its receive address, and secondly, the entities need to agree on the media stream parameters to use for the session, e.g. transport protocols and codecs. We here make a distinction between the Andreasen Expires August 19, 2007 [Page 3] Internet-Draft SDP Capability Negotiation February 2007 capabilities supported by each participant, the way in which those capabilities can be supported and the parameters that can actually be used for the session. More generally, we can say that we have the following: o A set of capabilities for the session and its associated media stream components, supported by each side. o A set of potential configurations indicating which of those capabilities can be used for the session and its associated media stream components. o A set of actual configurations for the session and its associated media stream components, which specifies which combinations of session parameters and media stream components to use and with what parameters. o A negotiation process that takes the set of potential configurations (combinations of capabilities) as input and provides the actual configurations as output. SDP by itself was designed to provide only one of these, namely the actual configurations, however over the years, use of SDP has been extended beyond its original scope. Session negotiation semantics were defined by the offer/answer model in RFC 3264. It defines how two entities, an offerer and an answerer, exchange session descriptions to negotiate a session. The offerer can include one or more media formats (codecs) per media stream, and the answerer then selects one or more of those offered and returns them in an answer. Both the offer and the answer contain actual configurations; capabilities and potential configurations are not supported. The answer however may reduce the set of actual configurations from the offer as well as extend the set of actual configurations that can be used to receive media by the answerer. Other relevant extensions have been defined. Simple capability declarations, which define how to provide a simple and limited set of capability descriptions in SDP was defined in RFC 3407. Grouping of media lines, which defines how media lines in SDP can have other semantics than the traditional "simultaneous media streams" semantics, was defined in RFC 3388, etc. Each of these extensions was designed to solve a specific limitation of SDP. Since SDP had already been stretched beyond its original intent, a more comprehensive capability declaration and negotiation process was intentionally not defined. Instead, work on a "next generation" of a protocol to provide session description and Andreasen Expires August 19, 2007 [Page 4] Internet-Draft SDP Capability Negotiation February 2007 capability negotiation was initiated [SDPng]. SDPng however has not gained traction and has remained as work in progress for an extended period of time. Existing real-time multimedia communication protocols such as SIP, RTSP, Megaco, and MGCP continue to use SDP. SDP and its current extensions however do not address an increasingly important problem: the ability to negotiate one or more alternative transport protocols (e.g., RTP profiles). This makes it difficult to deploy new RTP profiles such as secure RTP (SRTP) [SRTP], RTP with RTCP-Based Feedback [AVPF], etc. This particular problem is exacerbated by the fact that RTP profiles are defined independently. When a new profile is defined and N other profiles already exist, there is a potential need for defining N additional profiles, since profiles cannot be combined automatically. For example, in order to support the plain and secure RTP version of RTP with and without RTCP-based feedback, four separate profiles (and hence profile definitions) are needed: RTP/AVP [RFC3551], RTP/SAVP [SRTP], RTP/AVPF [AVPF], and RTP/SAVPF [SAVPF]. In addition to the pressing profile negotiation problem, other important real-life limitations have been found as well. The purpose of this document is to define a mechanism that enables SDP to provide limited support for indicating capabilities and their associated potential configurations, and negotiate the use of those potential configurations as actual configurations. It is not the intent to provide a full-fledged capability indication and negotiation mechanism along the lines of SDPng or ITU-T H.245. Instead, the focus is on addressing a set of well-known real-life limitations. More specifically, the solution provided in this document provides a general SDP capability negotiation framework. It also defines specifically how to provide attributes and transport protocols as capabilities and negotiate them using the framework. Extensions for other types of capabilities (e.g. media types and formats) may be provided in other documents. As mentioned above, SDP is used by several protocols, and hence the mechanism should be usable by all of these. One particularly important protocol for this problem is the Session Initiation Protocol (SIP) [RFC3261]. SIP uses the offer/answer model (which is not specific to SIP) to negotiate sessions and hence the mechanism defined here defines the offer/answer procedures to use for the capability negotiation framework. The rest of the document is structured as follows. In Section 3. we present our SDP capability negotiation solution, which consists of new SDP attributes and associated offer/answer procedures. In Section 4. we provide examples illustrating its use and in Section 5. we provide the security considerations. Andreasen Expires August 19, 2007 [Page 5] Internet-Draft SDP Capability Negotiation February 2007 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. SDP Capability Negotiation Solution In this section we first provide an overview of the SDP Capability negotiation solution. This is followed by definitions of new SDP attributes for the solution and its associated updated offer/answer procedures. 3.1. Solution Overview The solution consists of the following: o Two new attributes to support versioning and extensions to the framework itself as follows: o A new attribute ("a=csup") that lists the supported base and extension options to the framework. o A new attribute ("a=creq") that lists the base and or extensions to the framework that are required to be supported by the entity receiving the SDP in order to do capability negotiation. o Two new attributes used to express capabilities as follows (additional attributes can be defined as extensions): o A new attribute ("a=acap") that defines how to list attribute parameter values ("a=" values) as capabilities. o A new attribute ("a=tcap") that defines how to list transport protocols (e.g. "RTP/AVP") as capabilities. o Two new attributes to negotiate configurations as follows: o A new attribute ("a=pcfg") that lists the potential configurations supported. This is done by reference to the capabilities from the SDP in question. Multiple potential configurations have an explicitly indicated ordering associated with them. Extension capabilities can be defined and referenced in the potential configurations. Andreasen Expires August 19, 2007 [Page 6] Internet-Draft SDP Capability Negotiation February 2007 o A new attribute ("a=acfg") to be used in an answer SDP. The attribute identifies which of the potential configurations from an offer SDP were used as actual configurations to form the answer SDP. Extension capabilities can be included as well. o Extensions to the offer/answer model that allow for capabilities and potential configurations to be included in an offer. Capabilities can be provided at the session level or the media level. Potential configurations can be included at the media level only, where they constitute alternative offers that may be accepted by the answerer instead of the actual configuration(s) included in the "m=" line(s). The answerer indicates which (if any) of the potential configurations it used to form the answer by including the actual configuration attribute ("a=acfg") in the answer. Capabilities may be included in answers as well, where they can aid in guiding a subsequent new offer. The mechanism is illustrated by the offer/answer exchange below, where Alice sends an offer to Bob: Alice Bob | (1) Offer (SRTP and RTP) | |--------------------------------->| | | | (2) Answer (SRTP) | |<---------------------------------| | | Alice's offer includes RTP and SRTP as alternatives. RTP is the default (actual configuration), but SRTP is the preferred one (potential configuration): v=0 o=- 25678 753849 IN IP4 128.96.41.1 s= c=IN IP4 128.96.41.1 t=0 0 m=audio 3456 RTP/AVP 0 18 a=creq: cap-v0 a=tcap:1 RTP/SAVP a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 a=pcfg:1 t=1 a=1 Andreasen Expires August 19, 2007 [Page 7] Internet-Draft SDP Capability Negotiation February 2007 The "m=" line indicates that Alice is offering to use plain RTP with PCMU or G.729. The required base and extensions are provided by the "a=creq" attribute, which includes the option tag "cap-v0" to indicate that the base framework defined here must be supported. The capabilities are provided by the "a=tcap" and "a=acap" attributes. The transport capabilities ("a=tcap") indicate that secure RTP under the AVP profile ("RTP/SAVP") is supported with an associated transport capability handle of 1. The "acap" attribute provides an attribute capability with a handle of 1. The attribute capability is a "crypto" attribute, which provides the keying material for SRTP using SDP security descriptions [SDES]. The "a=pcfg" attribute provides the potential configuration included in the offer by reference to the capability parameters. One alternative is provided; it has a configuration number of 1 and it consists of transport protocol capability 1 (i.e. the RTP/SAVP profile - secure RTP), and the attribute capability 1, i.e. the crypto attribute provided. Potential configurations are always preferred over actual configurations, and hence Alice is expressing a preference for using secure RTP. Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP Capability Negotiation framework, and hence he accepts the (preferred) potential configuration for Secure RTP provided by Alice: v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/SAVP 0 18 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 a=acfg:1 t=1 a=1 Bob includes the "a=acfg" attribute in the answer to inform Alice that he based his answer on an offer containing the potential configuration with transport protocol capability 1 and attribute capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the keying material provided). Bob also includes his keying material in a crypto attribute. If Bob supported one or more extensions to the capability negotiation framework, he would have included those in the answer as well (in an "a=csup" attribute). Note that in this particular example, the answerer supported the capability negotiation extensions defined here, however had he not, the answerer would simply have ignored the new attributes and Andreasen Expires August 19, 2007 [Page 8] Internet-Draft SDP Capability Negotiation February 2007 accepted the (actual configuration) offer to use normal RTP. In that case, the following answer would have been generated instead: v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/AVP 0 18 3.2. Version and Extension Indication Attributes In this section, we present the new attributes associated with indicating the SDP capability negotiation extensions supported and required. 3.2.1. Supported Capability Negotiation Extensions Attribute The SDP Capability negotiation solution allows for capability negotiation extensions to be defined. Associated with each such extension is an option tag that identifies the extension in question. Option-tags MUST be registered with IANA per the procedures defined in Section 6. The Supported Capability Negotiation Extensions attribute ("a=csup") contains a comma-separated list of option tags identifying the SDP Capability negotiation extensions supported by the entity that generated the SDP. The attribute is defined as follows: a=csup: RFC 4566, Section 9, provides the ABNF for SDP attributes. The "csup" attribute adheres to the RFC 4566 "attribute" production, with an att-value defined as follows: att-value = *WSP option-tag-list option-tag-list = option-tag *(COMMA option-tag) option-tag = token ; defined in [SDP] COMMA = *WSP "," *WSP ; defined in [RFC4234] Note that white-space is permitted before the option-tag-list. Also, implementers familiar with SIP should note that the above definition of COMMA differs from the one in [RFC3261]. A special base option tag with a value of "cap-v0" is defined for the basic SDP capability negotiation framework. Entities use this option Andreasen Expires August 19, 2007 [Page 9] Internet-Draft SDP Capability Negotiation February 2007 tag with the "a=csup" attribute to indicate support for the SDP capability negotiation framework specified in this document. The following examples illustrates the use of the "a=csup" attribute with the "cap-v0" option tags and two hypothetical option tags, "foo" and "bar": a=csup: cap-v0 a=csup: foo a=csup: bar a=csup: cap-v0, foo, bar The "a=csup" attribute can be provided at the session and the media- level. When provided at the session-level, it applies to the entire SDP. When provided at the media-level, it applies to the media description in question only (option-tags provided at the session level apply as well). There can be one or more "a=csup" attributes at both the session and media-level (one or more per media description in the latter case). Whenever an entity that supports one or more extensions to the SDP Capability Negotiation framework generates an SDP, it SHOULD include the "a=csup" attribute with the option tags for the extensions it supports at the session and/or media-level, unless those option tags are already provided in one or more "a=creq" attribute (see Section 3.2.2. ) at the relevant levels. The base option tag MAY be included. 3.2.2. Required Capability Negotiation Extension Attribute The SDP Capability negotiation solution allows for capability negotiation extensions to be defined. Associated with each such extension is an option tag that identifies the extension in question. Option-tags MUST be registered with IANA per the procedures defined in Section 6. The Required Capability Negotiation Extensions attribute ("a=creq") contains a comma-separated list of option tags identifying the SDP Capability negotiation extensions that MUST be supported by the entity receiving the SDP in order for that entity to properly process the SDP Capability negotiation. The attribute is defined as follows: a=creq: The "creq" attribute adheres to the RFC 4566 "attribute" production, with an att-value defined as follows: Andreasen Expires August 19, 2007 [Page 10] Internet-Draft SDP Capability Negotiation February 2007 att-value = *WSP option-tag-list where "option-tag-list" is defined in Section 3.2.1. Note that white-space is permitted before the option-tag-list. The following examples illustrate the use of the "a=creq" attribute with the "cap-v0" base option tag and two hypothetical option tags, "foo" and "bar": a=creq: cap-v0 a=creq: foo a=creq: bar a=creq: cap-v0, foo, bar The "a=creq" attribute can be provided at the session and the media- level. When provided at the session-level, it applies to the entire SDP. When provided at the media-level, it applies to the media-stream in question only (required option tags provided at the session level apply as well). There can be one or more "a=creq" attributes at both the session and media-level (one or more per media stream in the latter case). When an entity generates an SDP and it requires the recipient of that SDP to support one or more SDP capability negotiation extensions in order to properly process the SDP Capability negotiation, the "a=creq" attribute MUST be included with option-tags that identify the required extensions at the session and/or media level, unless it is already known that the receiving entity supports those option-tags at the relevant levels (in which case their inclusion is OPTIONAL). An example of this is when generating an answer to an offer. If the answerer supports the required option-tags from the offer, and the answerer does not require any additional option-tags beyond what was listed in either the required ("a=creq") or supported ("a=csup") attributes from the offer, then the answerer is not required to include a required ("a=creq") attribute with any option-tags that may need to be supported (such as the base option tag - "cap-v0"). A recipient that receives an SDP and does not support one or more of the required extensions listed in a "creq" attribute, MUST NOT perform the SDP capability negotiation defined in this document. For non-supported extensions provided at the session-level, this implies that SDP capability negotiation MUST NOT be performed at all. For non-supported extensions at the media-level, this implies that SDP capability negotiation MUST NOT be performed for the media stream in question. Andreasen Expires August 19, 2007 [Page 11] Internet-Draft SDP Capability Negotiation February 2007 When an entity does not support one or more required SDP capability negotiation extensions, the entity SHOULD proceed as if the SDP capability negotiation attributes were not included in the first place, i.e. all the capability negotiation attributes should be ignored. In that case, the entity SHOULD include a "csup" attribute listing the SDP capability negotiation extensions it actually supports. This ensures that introduction of the SDP capability negotiation mechanism does not introduce any new failure scenarios. The above rules apply to the base option tag as well. Thus, entities compliant to this specification MUST include a "creq" attribute (at least in an offer) that includes the option tag "cap-v0" as illustrated below: a=creq: cap-v0 3.3. Capability Attributes In this section, we present the new attributes associated with indicating the capabilities for use by the SDP Capability negotiation. 3.3.1. Attribute Capability Attribute Attributes and their associated values can be expressed as capabilities by use of a new attribute capability attribute ("a=acap"), which is defined as follows: a=acap: where is an integer between 1 and 2^31-1 (both included) used to number the attribute capability and is an attribute ("a=") in its full '=' form (see [SDP]). The "acap" attribute adheres to the RFC 4566 "attribute" production, with an att-value defined as follows: att-value = *WSP att-cap-num 1*WSP att-par att-cap-num = 1*DIGIT ;defined in [RFC4234] att-par = attribute ;defined in RFC 4566 Note that white-space is permitted before the att-cap-num. The "acap" attribute can be provided at the session level for session-level attributes and the media level for media-level attributes. The "acap" Andreasen Expires August 19, 2007 [Page 12] Internet-Draft SDP Capability Negotiation February 2007 attribute MUST NOT be used to provide a media-level attribute at the session-level or vice versa. Each occurrence of the "acap" attribute in the entire session description MUST use a different value of . There is a need to be able to reference both session-level and media-level attributes in potential configurations at the media level, and this provides for a simple solution to avoiding overlap between the references (handles) to each attribute capability. The values provided are independent of similar values provided for other capability attributes, i.e., they form a separate name-space for attribute capabilities. The following examples illustrate use of the "acap" attribute: a=acap: 1 a=ptime:20 a=acap: 2 a=ptime:30 a=acap: 3 a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyONQ6gAA AAAGEEoo2pee4hp2UaDX8ZE22YwKAAAPZG9uYWxkQGR1Y2suY29tAQAAAAAAAQAk0 JKpgaVkDaawi9whVBtBt0KZ14ymNuu62+Nv3ozPLygwK/GbAV9iemnGUIZ19fWQUO SrzKTAv9zV a=acap: 4 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 The first two provide attribute values for the ptime attribute. The third provides SRTP parameters by using MIKEY with the key-mgmt attribute [KMGMT]. The fourth provides SRTP parameters by use of security descriptions with the crypto attribute [SDES]. Note that the line-wrapping and new-lines in example three and four are provided for formatting reasons only - they are not permitted in actual SDP. Readers familiar with RFC 3407 may notice the similarity between the RFC 3407 "cpar" attribute and the above. There are however a couple of important differences, most notably that the "acap" attribute contains a handle that enables referencing it and it furthermore supports attributes only (the "cpar" attribute defined in RFC 3407 supports bandwidth information as well). The "acap" attribute also is not automatically associated with any particular capabilities. Andreasen Expires August 19, 2007 [Page 13] Internet-Draft SDP Capability Negotiation February 2007 3.3.2. Transport Protocol Capability Attribute Transport Protocols can be expressed as capabilities by use of a new Transport Protocol Capability attribute ("a=tcap") defined as follows: a=tcap: where is an integer between 1 and 2^31-1 (both included) used to number the transport address capability for later reference, and is one or more , separated by white space, as defined in the SDP "m=" line. The "tcap" attribute adheres to the RFC 4566 "attribute" production, with an att-value defined as follows: att-value = *WSP trpr-cap-num 1*WSP proto-list trpr-cap-num = 1*DIGIT ;defined in [RFC4234] proto-list = proto *(1*WSP proto) ; defined in RFC 4566 Note that white-space is permitted before the trpr-cap-num. The "tcap" attribute can be provided at the session- and media-level. Each occurrence of the "tcap" attribute in the entire session description MUST use a different value of . When multiple values are provided, the first one is associated with the value , the second one with the value one higher, etc. The values provided are independent of similar values provided for other capability attributes, i.e., they form a separate name-space for transport protocol capabilities. Below, we provide examples of the "a=tcap" attribute: a=tcap: 1 RTP/AVP a=tcap: 2 RTP/AVPF a=tcap: 3 RTP/SAVP RTP/SAVPF The first one provides a capability for the "RTP/AVP" profile defined in [RFC3551] and the second one provides a capability for the RTP with RTCP-Based Feedback profile defined in [AVPF]. The third one provides capabilities for the "RTP/SAVP" and "RTP/SAVPF" profiles. Transport capabilities are inherently included in the "m=" line, however they still need to be specified explicitly in a "tcap" attribute, if they are to be used as a capability. This may seem redundant (and indeed it is from the offerer's point of view), however it is done to protect against middle-boxes that may modify Andreasen Expires August 19, 2007 [Page 14] Internet-Draft SDP Capability Negotiation February 2007 "m=" lines while passing unknown attributes through. If an implicit capability were used instead (e.g. a reserved transport capability number could be used to refer to the transport protocol in the "m=" line), and a middle-box were to modify the transport protocol in the "m=" line (e.g. to translate between plain RTP and secure RTP), then the potential configuration referencing that implicit transport capability may no longer be correct. With explicit capabilities, we avoid this pitfall, although the potential configuration preference (see Section 3.4.1. ) may not reflect that of the middle-box (which some may view as a feature). 3.3.3. Extension Capability Attributes The SDP Capability Negotiation framework allows for new capabilities to be defined as extensions and used with the general capability negotiation framework. The syntax and semantics of such new capability attributes are not defined here, however in order to be used with potential configurations, they MUST allow for a numeric handle to be associated with each capability. This handle will be used as a reference within the potential and actual configuration attributes (see Section 3.4.1. and 3.4.2. ). The definition of such extension capability attributes MUST also state whether they can be applied at the session-level, media-level, or both. 3.4. Configuration Attributes 3.4.1. Potential Configuration Attribute Potential Configurations can be expressed by use of a new Potential Configuration Attribute ("a=pcfg") defined as follows: a=pcfg: where is an integer between 1 and 2^31-1 (both included). The "pcfg" attribute adheres to the RFC 4566 "attribute" production, with an att-value defined as follows: att-value = *WSP config-number 1*WSP pot-cfg-list config-number = 1*DIGIT ;defined in [RFC4234] pot-cfg-list = pot-config *(1*WSP pot-config) pot-config = pot-attribute-parameter-config / pot-transport-protocol-config / pot-extension-config Andreasen Expires August 19, 2007 [Page 15] Internet-Draft SDP Capability Negotiation February 2007 The missing productions are defined below. Note that white-space is permitted before the config-number. The potential configuration attribute can be provided at the media- level only. The attribute includes a configuration number, which is an integer between 1 and 2^31-1 (both included). The configuration number MUST be unique within the media stream. The configuration number also indicates the relative preference of potential configurations; lower numbers are preferred over higher numbers. After the configuration number, one or more potential configuration parameters MUST be provided. This document defines potential attribute parameter configurations and potential transport protocol configurations. Each of these MUST NOT be present more than once in a particular potential configuration attribute. Potential extension configurations can be included as well; unknown potential extension configurations MUST be ignored (if support is required, then the "a=creq" with a suitable option tag should be used). There can be more than one potential extension configuration, however each particular potential extension configuration MUST NOT be present more than once in a given potential configuration attribute. Together, these values define a potential configuration. There can be multiple potential configurations provided within a media description. Each of these indicates not only a willingness, but in fact a desire to use the potential configuration. Attribute capabilities are included in a potential configuration by use of the pot-attribute-parameter-config parameter, which is defined by the following ABNF: pot-attribute-parameter-config = "a=" acap-cap-list *(BAR acap-cap-list) acap-cap-list = att-cap-num *(COMMA att-cap-num) att-cap-num = 1*DIGIT ;defined in [RFC4234] BAR = *WSP "|" *WSP ; defined in [RFC4234] Each potential attribute parameter configuration list is a comma- separated list of attribute capability numbers where att-cap-num refers to attribute capability numbers defined above and hence MUST be between 1 and 2^31-1 (both included). Alternative potential attribute parameter configurations are separated by a vertical bar ("|"), the scope of which extends to the next alternative (i.e. "," has higher precedence than "|"). The alternatives are ordered by preference with the most preferred listed first. Andreasen Expires August 19, 2007 [Page 16] Internet-Draft SDP Capability Negotiation February 2007 Transport protocol capabilities are included in a potential configuration by use of the pot-transport-protocol-config parameter, which is defined by the following ABNF: pot-transport-protocol-config = "t=" trpr-cap-num *(BAR trpr-cap-num) trpr-cap-num = 1*DIGIT ; defined in [RFC4234] The trpr-cap-num refers to transport protocol capability numbers defined above and hence MUST be between 1 and 2^31-1 (both included). Alternative potential transport protocol configurations are separated by a vertical bar ("|"). The alternatives are ordered by preference with the most preferred listed first. When transport protocol capabilities are not included in a potential configuration at the media level, the transport protocol information from the associated "m=" line will be used. In the presence of middle-boxes (the existence of which may not be known), care should be taken with assuming that the transport protocol in the "m=" line will not be modified by a middle-box. Use of an explicit capability will guard against the capability indications of that. Extension capabilities can be included in a potential configuration as well. Such extensions MUST adhere to the following ABNF: pot-extension-config = ext-cap-name "=" ext-cap-list *(BAR ext-cap-list) ext-cap-name = token ; defined in [SDP] ext-cap-list = ext-cap-num *(COMMA ext-cap-num) ext-cap-num = 1*DIGIT ; defined in [RFC4234] The ext-cap-name refers to the type of extension capability and the ext-cap-num refers to a capability number associated with that particular type of extension capability. The number MUST be between 1 and 2^31-1 (both included). Alternative potential extension configurations for a particular extension are separated by a vertical bar ("|"),the scope of which extends to the next alternative (i.e. "," has higher precedence than "|"). Unsupported or unknown potential extension configs MUST be ignored. The "creq" attribute and its associated rules can be used to ensure that required extensions are supported in the first place. Potential configurations can be provided at the media level only, however it is possible to reference capabilities provided at either Andreasen Expires August 19, 2007 [Page 17] Internet-Draft SDP Capability Negotiation February 2007 the session or media level. There are certain semantic rules and restrictions associated with this: A (media level) potential configuration in a given media description MUST NOT reference a media-level capability provided in a different media description; doing so invalidates that potential configuration. A potential configuration can however reference a session-level capability. The semantics of doing so (should that potential configuration be chosen), depends on the type of capability. In the case of transport capabilities, this has no particular implication. In the case of attribute capabilities however, it does. More specifically, the corresponding attribute value (provided within that attribute capability) will be considered part of the active configuration at the *session* level. In other words, it will be as- if that attribute was simply provided with that value at the session- level in the first place. Note that individual media streams perform capability negotiation individually, and hence it is possible that another media stream (where the attribute was part of a potential configuration) chose a configuration without that session level attribute. The session-level attribute however remains "active" and hence applies to the entire session. It is up to the entity that generates the SDP to ensure that in such cases, the resulting active configuration SDP is still meaningful. The session-level operation of extension capabilities is undefined: Consequently, if session-level extension capabilities are defined, they MUST specify the implication of making them part of an active configuration at the media level. Below, we provide an example of the "a=pcfg" attribute in a complete media description in order to properly indicate the supporting attributes: v=0 o=- 25678 753849 IN IP4 128.96.41.1 s= c=IN IP4 128.96.41.1 t=0 0 m=audio 3456 RTP/AVPF 0 18 a=creq: cap-v0 a=acap:1 crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 a=tcap: 1 RTP/AVPF RTP/AVP a=tcap: 3 RTP/SAVP RTP/SAVPF a=pcfg:1 t=4|3 a=1 a=pcfg:8 t=1|2 Andreasen Expires August 19, 2007 [Page 18] Internet-Draft SDP Capability Negotiation February 2007 We have two potential configurations listed here. The first one (and most preferred, since its configuration number is "1") indicates that either of the profiles RTP/SAVPF or RTP/SAVP (specified by the transport protocol capability numbers 4 and 3) can be supported with attribute capability 1 (the "crypto" attribute); RTP/SAVPF is preferred over RTP/SAVP since its capability number (4) is listed first in the preferred potential configuration. The second potential configuration indicates that the RTP/AVPF of RTP/AVP profile can be used, with RTP/AVPF being the preferred one. This non secure RTP alternative is the less preferred one since its configuration number is "8". 3.4.2. Actual Configuration Attribute The actual configuration attribute identifies which of the potential configurations from an offer SDP were used as actual configurations in an answer SDP. This is done by reference to the configuration number and the attribute capabilities and transport protocol capabilities from the offer that were actually used by the answerer in his offer/answer procedure. If extension capabilities were used, those will be included by reference as well. Note that the configuration number and all capability numbers used are those from the offer; not the answer. The Actual Configuration Attribute ("a=acfg") is defined as follows: a=acfg: The "acfg" attribute adheres to the RFC 4566 "attribute" production, with an att-value defined as follows: att-value = *WSP config-number 1*WSP act-cfg-list ;config-number defined in Section 3.4.1. act-cfg-list = capability *(1*WSP capability) capability = act-attribute-parameter-config / act-transport-protocol-config / act-extension-config act-attribute-parameter-config = "a=" acap-cap-list ; defined in Section 3.4.1. act-transport-protocol-config = "t=" trpr-cap-num ; defined in Section 3.4.1. act-extension-config = ext-cap-name "=" ext-cap-list ; defined in Section 3.4.1. Andreasen Expires August 19, 2007 [Page 19] Internet-Draft SDP Capability Negotiation February 2007 Note that white-space is permitted before the config-number. The actual configuration ("a=acfg") attribute can be provided at the media-level only. There MUST NOT be more than one occurrence of an actual configuration attribute within a given media description. Below, we provide an example of the "a=acfg" attribute (building on the previous example with the potential configuration attribute): v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/SAVPF 0 a=creq: 0 a=acfg:1 t=4 a=1 It indicates that the answerer used an offer consisting of potential configuration number 1 with transport protocol capability 4 from the offer (RTP/SAVPF) and attribute capability 1 (the "crypto" attribute). 3.5. Offer/Answer Model Extensions In this section, we define extensions to the offer/answer model defined in [RFC3264] to allow for potential configurations to be included in an offer, where they constitute offers that may be accepted by the answerer instead of the actual configuration(s) included in the "m=" line(s). The procedures defined in the following subsections apply to both unicast and multicast streams. 3.5.1. Generating the Initial Offer An offerer that wants to use the SDP capability negotiation extensions defined in this document MUST include the following in the offer: Andreasen Expires August 19, 2007 [Page 20] Internet-Draft SDP Capability Negotiation February 2007 o An SDP capability negotiation required extensions attribute ("a=creq") as defined in Section 3.2.2. that contains the option tag "cap-v0". This attribute SHOULD be provided at the session-level (if there is only a single media stream, then it may make sense to include it at the media-level). If one or more additional option tags are required to be supported for the entire session description, then option tags for those extensions MUST be included in the session- level "creq" attribute. For each media description that requires one or more capability negotiation extensions not listed at the session-level, a "creq" attribute containing the required extensions for that media description MUST be included within the media description as well (in accordance with Section 3.2.2. ). o An attribute capability attribute ("a=acap") as defined in Section 3.3.1. for each attribute name and associated value that needs to be indicated as a capability in the offer. Session-level attributes and associated values MUST be provided in attribute capabilities at the session-level only, whereas media- level attributes and associated values MUST be provided in attribute capabilities at the media-level only. Attributes that can be provided at either the session- or media-level can be represented as attribute capabilities at either the session- or media-level. If there is not a need to indicate any attributes as attribute capabilities, then there will not be any "a=acap" attributes either. o One or more a transport protocol capability attributes ("a=tcap") as defined in Section 3.3.2. with values for each transport protocol that needs to be indicated as a capability in the offer. Transport protocol capabilities that apply to multiple media descriptions SHOULD be provided at the session-level whereas transport protocol capabilities that apply to a specific media description ("m=" line) only, SHOULD be provided within that particular media description. If there is not a need to indicate any transport protocols as transport protocol capabilities, then there will not be any "a=tcap" attributes either. o One or more extension capability attributes (as outlined in Section 3.3.3. ) for each extension capability that is referenced by a potential configuration. Andreasen Expires August 19, 2007 [Page 21] Internet-Draft SDP Capability Negotiation February 2007 o One or more potential configuration attributes ("a=pcfg") as defined in Section 3.4.1. within each media description where alternative potential configurations are to be negotiated. Each potential configuration attribute MUST adhere to the rules provided in Section 3.4.1. and the additional rules provided below. The offerer SHOULD furthermore include the following: o One or more supported capability negotiation extension attributes ("a=csup") as defined in Section 3.2.2. if the offerer supports one or more capability negotiation extensions not included in a corresponding "a=creq" attribute (i.e. at the session-level or om the same media description). Option tags provided in "a=csup" attributes at the session-level indicate extensions supported for the entire session description whereas option tags provided in "a=csup" attributes in a media description indicate extensions supported for that particular media description only. Capabilities provided in an offer merely indicate what the offerer is capable of doing. They do not constitute a commitment or even an indication to actually use them. Each potential configuration however constitutes an alternative offer that the offerer would like to use. The potential configurations may be used by the answerer to negotiate and establish the session. The offerer MUST include one or more potential configuration attributes ("a=pcfg") within each media description where the offerer wants to provide alternative offers (in the form of potential configurations). Each potential configuration attribute in a given media description MUST contain a unique configuration number and one or more potential configuration parameters, as described in Section 3.4.1. Each potential configuration parameter MUST refer to a capability that is provided either at the session-level or within that particular media description; otherwise, the potential configuration is considered invalid. The current actual configuration is included in the "m=" line (as defined by [RFC3264]). Note that the actual configuration is by definition the least-preferred configuration, and hence the answerer will seek to negotiate use of one of the potential configurations instead. If the offerer wishes a different preference for the actual configuration, the offerer MUST include a corresponding potential configuration with the relevant configuration number (which indicates the relative preference between potential configurations); this corresponding potential configuration should simply duplicate the actual configuration. Andreasen Expires August 19, 2007 [Page 22] Internet-Draft SDP Capability Negotiation February 2007 Per [RFC3264], once the offerer generates the offer, he must be prepared to receive incoming media in accordance with that offer. That rule applies here as well, but for the actual configurations provided in the offer only: Media received by the offerer according to one of the potential configurations MAY be discarded, until the offerer receives an answer indicating what the actual configuration is. Once that answer is received, incoming media MUST be processed in accordance with the actual configuration indicated and the answer received (provided the offer/answer exchange completed succesfully). 3.5.2. Generating the Answer When receiving an offer, the answerer MUST check for the presence of a required capability negotiation extension attribute ("a=creq") provided at the session level and containing the option tag "cap-v0". If one is found, then capability negotiation MUST be performed for each media description that contains a potential configuration attribute ("a=pcfg"). If none is found, then the answerer MUST check each offered media description for a required capability negotiation extension attribute ("a=creq") containing the option tag "cap-v0" and one or more potential configuration attributes. Capability negotiation MUST be performed for each such media description in accordance with the procedures described below. The answerer MUST first ensure that it supports any additional required capability negotiation extensions: o If a session-level "creq" attribute is provided, and it contains an option-tag that the answerer does not support, then the answerer MUST NOT use any of the potential configuration attributes provided for any of the media descriptions. Instead, the normal offer/answer procedures MUST continue as per [RFC3264]. Furthermore, the answerer MUST include a session-level supported capability negotiation extensions attribute ("a=csup") with option tags for the capability negotiation extensions supported by the answerer. o If a media-level "creq" attribute is provided, and it contains an option tag that the answerer does not support, then the answerer MUST NOT use any of the potential configuration attributes provided for that particular media description. Instead, the offer/answer procedures MUST continue as per [RFC3264]. Furthermore, the answerer MUST include a supported capability negotiation extensions attribute ("a=csup") in that media description with option tags for the capability negotiation extensions supported by the answerer for that media description. Andreasen Expires August 19, 2007 [Page 23] Internet-Draft SDP Capability Negotiation February 2007 Assuming all required capability negotiation extensions are supported, the answerer now proceeds as follows. For each media description where capability negotiation is to be performed (i.e. all required capability negotiation extensions are supported and at least one valid potential configuration attribute is present), the answerer MUST attempt to perform capability negotiation by using the most preferred potential configuration that is valid. A potential configuration is valid if: 1. It is in accordance with the syntax and semantics provided in Section 3.4.1. 2. It contains a configuration number that is unique within that media description. 3. All attribute capabilities referenced by the potential configuration are valid themselves (as defined in Section 3.3.1. ) and each of them are furthermore provided either at the session- level or within this particular media description. 4. All transport protocol capabilities referenced by the potential configuration are valid themselves (as defined in Section 3.3.2. ) and each of them are furthermore provided either at the session- level or within this particular media description. 5. All extension capabilities referenced by the potential configuration and supported by the answerer are valid themselves (as defined by that particular extension) and each of them are furthermore provided either at the session-level or within this particular media description. Unknown or unsupported extension capabilities MUST be ignored. The most preferred valid potential configuration in a media description is the valid potential configuration with the lowest configuration number. The answerer MUST now process the offer for that media stream based on the most preferred valid potential configuration. Conceptually, this entails the answerer constructing an (internal) offer that consists of the offer SDP, with the following changes: o If a transport protocol capability is included in the potential configuration, then it replaces the transport protocol provided in the "m=" line for that media description. Andreasen Expires August 19, 2007 [Page 24] Internet-Draft SDP Capability Negotiation February 2007 o If a session-level attribute capability is included, then it is added to the list of session-level attributes for the session description. o If a media-level attribute capability is included, then it is added to the list of media-level attributes for that particular media description. o If a supported extension capability is included, then it is processed in accordance with the rules provided for that particular extension capability. Note that whereas a transport protocol from the potential configuration replaces the transport protocol in the actual configuration, an attribute capability from the potential configuration is instead added to the actual configuration. In some cases, this may result in having one or more meaningless attributes from the actual configuration; such meaningless attributes SHOULD simply be ignored. For example, if the actual configuration was using Secure RTP and included an "a=crypto" attribute for the SRTP keying material, then use of a potential configuration that uses plain RTP would make the "crypto" attribute meaningless. Rather than requiring the actual configuration attributes to be present as attribute capabilities as well (which would increase the message size) and then have the potential configuration completely replace the actual configuration, we instead make the use of attribute capabilities additive to the session description. Please refer to Section 3.5.2.1. for examples of how the answerer may conceptuall "see" the resulting offered alternative potential configurations. If the answerer is not able to support the most preferred valid potential configuration for the media description, the answerer MUST proceed to the second-most preferred valid potential configuration for the media description, etc. If the answerer is not able to support any of the valid potential configurations, the answerer MUST process the offer per normal offer/answer rules, i.e. the actual configuration provided will be used as the least preferred alternative. Once the answerer has selected an offered configuration for the media stream, the answerer MUST generate a valid answer SDP based on the selected configuration as "seen" by the answerer. Furthermore, if the answerer selected one of the potential configurations in a media Andreasen Expires August 19, 2007 [Page 25] Internet-Draft SDP Capability Negotiation February 2007 description, the answerer MUST include an actual configuration attribute within that media description that identifies the configuration number for that potential configuration as well as the actual parameters that were used from that potential configuration (if the potential configuration included alternatives, only the selected alternatives must be included). Only the known and supported parameters will be included. Unknown or unsupported parameters MUST NOT be included in the actual configuration attribute. If the answerer supports one or more capability negotiation extensions that were not included in a required capability negotiation extensions attribute in the offer, then the answerer SHOULD furthermore include a supported capability negotiation attribute ("a=csup") at the session-level with option tags for the extensions supported across media streams. Also, if the answerer supports one or more capability negotiation extensions for particular media descriptions only, then a supported capability negotiation attribute with those option-tags SHOULD be included within each relevant media description. The actual configuration is contained in the media description's "m=" line. The answerer can send media to the offerer in accordance with the actual configuration as soon as it receives the offer, however it MUST NOT do so if it chooses an alternative potential configuration. If the answerer chooses one of the potential configurations, then the answerer MAY start to send media to the offerer in accordance with the selected potential configuration, however the offerer MAY discard such media until the offerer receives the answer. 3.5.2.1. Example Views of Potential Configurations The following examples illustrate how the answerer may conceptually "see" a potential configuration. Consider the following offered SDP: v=0 o=alice 2891092738 2891092738 IN IP4 lost.example.com s=Secret discussion t=0 0 c=IN IP4 lost.example.com a=creq: cap-v0 a=acap:1 key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... a=tcap:1 RTP/SAVP RTP/AVP m=audio 39000 RTP/AVP 98 a=rtpmap:98 AMR/8000 a=acap:2 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 a=pcfg:1 t=1 a=1|2 Andreasen Expires August 19, 2007 [Page 26] Internet-Draft SDP Capability Negotiation February 2007 m=video 42000 RTP/AVP 31 a=rtpmap:31 H261/90000 a=acap:3 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 a=pcfg:1 t=1 a=1|3 This particular SDP offers an audio stream and a video stream, each of which can either use plain RTP (actual configuration) or secure RTP (potential configuration). Furthermore, two different keying mechanisms are offered, namely session-level Key Management Extensions using MIKEY (attribute capability 1) and media-level SDP Security Descriptions (attribute capabilities 2 and 3). There are several alternative configurations here, however, below we show the one the answerer "sees" when using potential configuration 1 for both audio and video, and furthermore using attribute capability 1 (MIKEY) for both (we have removed all the capability negotiation attributes for clarity): v=0 o=alice 2891092738 2891092738 IN IP4 lost.example.com s=Secret discussion t=0 0 c=IN IP4 lost.example.com a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... m=audio 39000 RTP/SAVP 98 a=rtpmap:98 AMR/8000 m=video 42000 RTP/SAVP 31 a=rtpmap:31 H261/90000 Note that the transport protocol in the media descriptions indicate use of secure RTP. Below, we show the offer the answerer "sees" when using potential configuration 1 for both audio and video and furthermore using attribute capability 2 and 3 respectively (SDP security descriptions) for the audio and media stream: v=0 o=alice 2891092738 2891092738 IN IP4 lost.example.com s=Secret discussion t=0 0 c=IN IP4 lost.example.com m=audio 39000 RTP/SAVP 98 a=rtpmap:98 AMR/8000 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 Andreasen Expires August 19, 2007 [Page 27] Internet-Draft SDP Capability Negotiation February 2007 m=video 42000 RTP/SAVP 31 a=rtpmap:31 H261/90000 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 Again, note that the transport protocol in the media descriptions indicate use of secure RTP. And finally, we show the offer the answerer "sees" when using potential configuration 1 with attribute capability 1 (MIKEY) for the audio stream, and potential configuration 1 with attribute capability 3 (SDP security descriptions) for the video stream: v=0 o=alice 2891092738 2891092738 IN IP4 lost.example.com s=Secret discussion t=0 0 c=IN IP4 lost.example.com a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO... m=audio 39000 RTP/SAVP 98 a=rtpmap:98 AMR/8000 m=video 42000 RTP/SAVP 31 a=rtpmap:31 H261/90000 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 3.5.3. Offerer Processing of the Answer When the offerer attempted to use SDP Capability Negotiation in the offer, the offerer MUST examine the answer for actual use of capability negotiation. For each media description where the offerer included a potential configuration attribute, the offerer MUST first examine the media description for the presence of an actual configuration attribute ("a=acfg"). If an actual configuration attribute is not present in a media description, then the offerer MUST process the answer SDP for that media stream per the normal offer/answer rules defined in [RFC3264]. However, if one is found, then the offerer MUST instead process the answer as follows: Andreasen Expires August 19, 2007 [Page 28] Internet-Draft SDP Capability Negotiation February 2007 o The actual configuration attribute specifies which of the potential configurations were used by the answerer to generate the answer. This includes all the capabilities from the potential configuration offered, i.e. the attribute capabilities ("a=acap"), transport protocol capabilities ("a=tcap"), and any extension capability parameters included. o The offerer MUST now process the answer in accordance with the rules in [RFC3264], except that it must be done as if the offer had contained the potential configuration as the actual configuration in the media description ("m=" line) and relevant attributes in the offer. If the offer/answer exchange was succesful, and if the answerer selected one of the potential configurations from the offer as the actual configuration, then the offerer SHOULD perform another offer/answer exchange: The new offer should contain the selected potential configuration as the actual configuration, i.e. with the actual configuration used in the "m=" line and any other relevant attributes. This second offer/answer exchange will not modify the session in any way, however it will help intermediaries that look at the SDP, but do not understand or support the capability negotiation extensions, to understand the details of the media stream(s) that were actually negotiated. 3.5.4. Modifying the Session Capabilities and potential configurations may be included in subsequent offers as defined in [RFC3264, Section 8]. The procedure for doing so is similar to that described above with the answer including an indication of the actual configuration used by the answerer. If the answer indicates use of a potential configuration from the offer, then a second offer/answer exchange using that potential configuration as the actual configuration SHOULD be performed. 3.6. Interactions with ICE Interactive Connectivity Establishment (ICE) [ICE] provides a mechanism for verifying connectivity between two endpoints by sending STUN messages directly between the media endpoints. The basic ICE specification [ICE] is defined to support UDP-based connectivity only, however it allows for extensions to support other transport protocols, such as TCP, which is being specified in [ICETCP]. ICE defines a new "a=candidate" attribute, which, among other things, indicates the possible transport protocol(s) to use and then Andreasen Expires August 19, 2007 [Page 29] Internet-Draft SDP Capability Negotiation February 2007 associates a priority with each of them. The most preferred transport protocol that *successfully* verifies connectivity will end up being used. When using ICE, it is thus possible that the transport protocol that will be used differs from what is specified in the "m=" line. Furthermore, since both ICE and SDP Capability Negotiation may now specify alternative transport protocols, there is a potentially unintended interaction when using these together. We provide the following guidelines for addressing that. [EDITOR'S NOTE: This requires more work] There are two basic scenarios to consider here: 1) A particular media stream can run over different transport protocols (e.g. UDP, TCP, or TCP/TLS), and the intent is simply to use the one that works (in the preference order specified). 2) A particular media stream can run over different transport protocols (e.g. UDP, TCP, or TCP/TLS) and the intent is to have the negotiation process decide which one to use (e.g. T.38 over TCP or UDP). In scenario 1, there should be ICE "a=candidate" attributes for UDP, TCP, etc. but otherwise nothing special in the potential configuration attributes to indicate the desire to use different transport protocols (e.g. UDP, or TCP). The ICE procedures essentially cover the capability negotiation required (by having the answerer select something it supports and then use of trial and error). Scenario 2 does not require a need to support or use ICE. Instead, we simply use transport protocol capabilities and potential configuration attributes to indicate the desired outcome. The scenarios may be combined, e.g. by offering potential configuration alternatives where some of them can support one transport protocol only (e.g. UDP), whereas others can support multiple transport protocols (e.g. UDP or TCP). In that case, the ICE candidate attributes should be defined as attribute capabilities and the relevant ones should then be included in the proper potential configurations (for example candidate attributes for UDP only for potential configurations that are restricted to UDP, whereas there could be candidate attributes for UDP, TCP, and TCP/TLS for potential configurations that can use all three). Andreasen Expires August 19, 2007 [Page 30] Internet-Draft SDP Capability Negotiation February 2007 3.7. Processing Media before Answer The offer/answer model requires an offerer to be able to receive media in accordance with the offer prior to receiving the answer. This property is retained with the SDP capability negotiation extensions defined here, but only when the actual configuration is selected by the answerer. If a potential configuration is chosen, it is permissible for the offerer to not process any media received before the answer is received. This however may lead to clipping. In the case of SIP, this issue could be solved easily by defining a precondition [RFC3312] for capability negotiation, however preconditions are viewed as complicated to implement and they add to overall session establishment delay by requiring an extra offer/answer exchange. An alternative is therefore desirable. The SDP capability negotiation framework does not define such an alternative, however extensions may do so. For example, one technique proposed for best-effort SRTP in [BESRTP] is to provide different RTP payload type mappings for different transport protocols used. The basic SDP capability negotiation framework defined here does not include the ability to do so, however extensions that enable that may be defined. 4. Examples In this section, we provide examples showing how to use the SDP Capability Negotiation. 4.1. Best-Effort Secure RTP The following example illustrates how to use the SDP Capability negotiation extensions to support so-called Best-Effort Secure RTP. In that scenario, the offerer supports both RTP and Secure RTP. If the answerer does not support secure RTP (or the SDP capability negotiation extensions), an RTP session will be established. However, if the answerer supports Secure RTP and the SDP Capability Negotiation extensions, a Secure RTP session will be established. The best-effort Secure RTP negotiation is illustrated by the offer/answer exchange below, where Alice sends an offer to Bob: Andreasen Expires August 19, 2007 [Page 31] Internet-Draft SDP Capability Negotiation February 2007 Alice Bob | (1) Offer (SRTP and RTP) | |--------------------------------->| | | | (2) Answer (SRTP) | |<---------------------------------| | | | (3) Offer (SRTP) | |--------------------------------->| | | | (4) Answer (SRTP) | |<---------------------------------| | | Alice's offer includes RTP and SRTP as alternatives. RTP is the default, but SRTP is the preferred one: v=0 o=- 25678 753849 IN IP4 128.96.41.1 s= c=IN IP4 128.96.41.1 t=0 0 m=audio 3456 RTP/AVP 0 18 a=creq: cap-v0 a=tcap:1 RTP/SAVP RTP/AVP a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 FEC_ORDER=FEC_SRTP a=pcfg:1 t=1 a=1 The "m=" line indicates that Alice is offering to use plain RTP with PCMU or G.729. Alice indicates that support for the base protocol defined here is required by including the "a=creq" attribute containing the value "cap-v0". The capabilities are provided by the "a=tcap" and "a=acap" attributes. The "tcap" capability indicates that both Secure RTP and normal RTP are supported. The "acap" attribute provides a capability parameter with a handle of 1. The capability parameter is a "crypto" attribute, which provides the keying material for SRTP using SDP security descriptions [SDES]. The "a=pcfg" attribute provides the potential configurations included in the offer by reference to the capabilities. A single potential configuration with a configuration number of "1" is provided. It includes is transport protocol capability 1 (RTP/SAVP, i.e. secure RTP) together with the attribute capability 1, i.e. the crypto attribute provided. Andreasen Expires August 19, 2007 [Page 32] Internet-Draft SDP Capability Negotiation February 2007 Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP Capability Negotiation extensions, and hence he accepts the potential configuration for Secure RTP provided by Alice: v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/SAVP 0 18 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 a=acfg:1 t=1 a=1 Bob includes the "a=acfg" attribute in the answer to inform Alice that he based his answer on an offer containing the potential configuration with transport protocol capability 1 and attribute capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the keying material provided). Bob also includes his keying material in a crypto attribute. When Alice receives Bob's answer, session negotiation has completed, however Alice nevertheless generates a new offer using the actual configuration. This is done purely to assist any middle-boxes that may reside between Alice and Bob but do not support the capability negotiation extensions (and hence may not understand the negotiation that just took place): Alice's updated offer includes only SRTP, and it is not using the SDP capability negotiation extensions (Alice could have included the capabilities as well is she wanted to): v=0 o=- 25678 753850 IN IP4 128.96.41.1 s= c=IN IP4 128.96.41.1 t=0 0 m=audio 3456 RTP/SAVP 0 18 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 FEC_ORDER=FEC_SRTP The "m=" line now indicates that Alice is offering to use secure RTP with PCMU or G.729. The "crypto" attribute, which provides the SRTP keying material, is included with the same value again. Andreasen Expires August 19, 2007 [Page 33] Internet-Draft SDP Capability Negotiation February 2007 Bob receives the SDP offer from Alice, which he accepts, and then generates an answer to Alice: v=0 o=- 24351 621815 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/SAVP 0 18 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 Bob includes the same crypto attribute as before, and the session proceeds without change. Although Bob did not include any capabilities in his answer, he could of course have done so if he wanted to. Note that in this particular example, the answerer supported the capability extensions defined here, however had he not, the answerer would simply have ignored the new attributes received in step 1 and accepted the offer to use normal RTP. In that case, the following answer would have been generated in step 2 instead: v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/AVP 0 18 4.2. Multiple Transport Protocols [EDITOR'S NOTE: Example to be updated - old copy below] The following example illustrates how to use the SDP Capability negotiation extensions to support so-called Best-Effort Secure RTP. In that scenario, the offerer supports both RTP and Secure RTP. If the answerer does not support secure RTP (or the SDP capability negotiation extensions), an RTP session will be established. However, if the answerer supports Secure RTP and the SDP Capability Negotiation extensions, a Secure RTP session will be established. The best-effort Secure RTP negotiation is illustrated by the offer/answer exchange below, where Alice sends an offer to Bob: Andreasen Expires August 19, 2007 [Page 34] Internet-Draft SDP Capability Negotiation February 2007 Alice Bob | (1) Offer (SRTP and RTP) | |--------------------------------->| | | | (2) Answer (SRTP) | |<---------------------------------| | | | (3) Offer (SRTP) | |--------------------------------->| | | | (4) Answer (SRTP) | |<---------------------------------| Alice's offer includes RTP and SRTP as alternatives. RTP is the default, but SRTP is the preferred one: v=0 o=- 25678 753849 IN IP4 128.96.41.1 s= c=IN IP4 128.96.41.1 t=0 0 m=audio 3456 RTP/AVP 0 18 a=creq: cap-v0 a=tcap:1 RTP/SAVP RTP/AVP a=acap:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^20|1:4 FEC_ORDER=FEC_SRTP a=pcfg:5 t=1 a=1 a=pcfg:10 t=2 The "m=" line indicates that Alice is offering to use plain RTP with PCMU or G.729. Alice indicates that support for the base protocol defined here is required by including the "a=creq" attribute containing the value "cap-v0". The capabilities are provided by the "a=tcap" and "a=acap" attributes. The capabilities indicate that both Secure RTP and normal RTP are supported. The "acap" attribute provides a capability parameter with a handle of 1. The capability parameter is a "crypto" attribute in the capability set, which provides the keying material for SRTP using SDP security descriptions [SDES]. The "a=pcfg" attribute provides the potential configurations included in the offer by reference to the capabilities. Two alternatives are provided; the first one with preference "5" (and hence the preferred one since the preference on the second one is "10") is transport protocol capability 1 (RTP/SAVP, i.e. secure RTP) together with the attribute capability 1, i.e. the crypto attribute provided. The second one is using transport protocol capability 2. Note that we could have omitted the second potential configuration Andreasen Expires August 19, 2007 [Page 35] Internet-Draft SDP Capability Negotiation February 2007 since it equals the actual configuration (which is always the least preferred configuration). Bob receives the SDP offer from Alice. Bob supports SRTP and the SDP Capability Negotiation extensions, and hence he accepts the potential configuration for Secure RTP provided by Alice: v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/SAVP 0 18 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4 a=csup: foo a=acfg:1 t=1 a=1 Bob includes the "a=acfg" attribute in the answer to inform Alice that he based his answer on an offer containing the potential configuration with transport protocol capability 1 and attribute capability 1 from the offer SDP (i.e. the RTP/SAVP profile using the keying material provided). Bob also includes his keying material in a crypto attribute. Finally, Bob supports an SDP capability negotiation extension with the option tag "foo" and hence he includes the "a=csup" parameter containing value "foo" in the answer. Note that in this particular example, the answerer supported the capability extensions defined here, however had he not, the answerer would simply have ignored the new attributes and accepted the offer to use normal RTP. In that case, the following answer would have been generated instead: v=0 o=- 24351 621814 IN IP4 128.96.41.2 s= c=IN IP4 128.96.41.2 t=0 0 m=audio 4567 RTP/AVP 0 18 Andreasen Expires August 19, 2007 [Page 36] Internet-Draft SDP Capability Negotiation February 2007 4.3. Session-Level MIKEY and Media Level Security Descriptions [EDITOR'S NOTE: Example to be added] 4.4. Capability Negotiation with Interactive Connectivity Establishment [EDITOR'S NOTE: Example to be added] 5. Security Considerations The SDP Capability Negotiation Framework is defined to be used within the context of the offer/answer model, and hence all the offer/answer security considerations apply here as well. Similarly, the Session Initiation Protocol (SIP) uses SDP and the offer/answer model, and hence, when used in that context, the SIP security considerations apply as well. However, SDP Capability Negotiations introduces additional security issues. Its use as a mechanism to enable alternative transport protocol negotiation (secure and non-secure) as well as its ability to negotiate use of more or less secure keying methods and material warrant further security considerations. Also, the (continued) support for receiving media before answer combined with negotiation of alternative transport protocols (secure and non-secure) warrant further security considerations. We discuss these issues below. The SDP capability negotiation framework allows for an offered media stream to both indicate and support various levels of security for that media stream. Different levels of security can for example be negotiated by use of alternative attribute capabilities each indicating more or less secure keying methods as well as more or less strong ciphers. Since the offerer indicates support for each of these alternatives, he will presumably accept the answerer seemingly selecting any of the offered alternatives. If an attacker can modify the SDP offer, he can thereby force the negotiation of the weakest security mechanism that the offerer is willing to accept. This may in turn enable the attacker to compromise the security of the negotiated media stream. Similarly, if the offerer wishes to negotiate use of a secure media stream (e.g. secure RTP), but includes a non-secure media stream (e.g. plain RTP) as a valid (but less preferred) alternative, then an attacker that can modify the offered SDP will be able to force the establishment of an insecure media stream. The solution to both of these problems involves the use of integrity Andreasen Expires August 19, 2007 [Page 37] Internet-Draft SDP Capability Negotiation February 2007 protection over the SDP. Ideally, this integrity protection provides end-to-end integrity protection in order to protect from any man-in- the-middle attack; secure multiparts such as S/MIME [SMIME] provide one such solution, however S/MIME requires use and availability of a Public Key Infrastructure (PKI). A slightly less secure alternative when using SIP, but generally much easier to deploy in practice (since it does not require a PKI), is to use SIP Identity [RFC4474]; this requires the existence of an authentication service (see [RFC4474]). Yet another, and considerably less secure, alternative is to use hop-by-hop security only, e.g. TLS or IPSec thereby ensuring the integrity of the offered SDP on a hop-by-hop basis. Note however that SIP proxies or other intermediaries processing the SIP request at each hop are able to perform a man-in-the-middle attack by modifying the offered SDP. Per the normal offer/answer procedures, as soon as the offerer has generated an offer, the offerer must be prepared to receive media in accordance with that offer. The SDP Capability Negotiation preserves that behavior for the actual configuration in the offer, however the offerer has no way of knowing which configuration (actual or potential) configuration was actually selected by the offerer, until an answer indication is received. This opens up a new security issue where an attacker may be able to interject media towards the offerer until the answer is received. For example, the offerer may use plain RTP as the actual configuration and secure RTP as an alternative potential configuration. Even though the answerer selects secure RTP, the offerer will not know that until he receives the answer, and hence an attacker will be able to send media to the offerer meanwhile. The easiest protection against such an attack is to not offer use of the non-secure media stream in the actual configuration, however that may in itself have undesirable side-effects: If the answerer does not support the non-secure media stream and also does not support the capability negotiation framework, then negotiation of the media stream will fail. Alternatively, SDP security preconditions [sprecon] can be used. This will ensure that media is not flowing until session negotiation has completed and hence the selected configuration is known. Use of preconditions however requires both side to support them. If they don't, and use of them is required, the session will fail. As a (limited) work around to this, it is RECOMMENDED that SIP entities generate an answer SDP and send it to the offerer as soon as possible, for example in a 183 Session Progress message. This will limit the time during which an attacker can send media to the offerer. Additional security considerations apply to the answer SDP as well. The actual configuration attribute tells the offerer which potential configuration the answer was actually based on, and hence an attacker Andreasen Expires August 19, 2007 [Page 38] Internet-Draft SDP Capability Negotiation February 2007 that can either modify or remove the actual configuration attribute in the answer can cause session failure as well as extend the time window during which the offerer will accept incoming media that does not conform to the actual answer. The solutions to this SDP answer integrity problem are the same as for the offer, i.e. use of end-to- end integrity protection, SIP identity, or hop-by-hop protection. The mechanism to use depends on the mechanisms supported by the offerer as well as the acceptable security trade-offs. 6. IANA Considerations 6.1. New SDP Attributes The IANA is hereby requested to register the following new SDP attributes as follows: Attribute name: csup Long form name: Supported capability negotiation extensions Type of attribute: Session-level and media-level Subject to charset: No Purpose: Option tags for supported SDP capability negotiation extensions Appropriate values: See Section 3.2.1. Attribute name: creq Long form name: Required capability negotiation extensions Type of attribute: Session-level and media-level Subject to charset: No Purpose: Option tags for required SDP capability negotiation extensions Appropriate values: See Section 3.2.2. Attribute name: acap Long form name: Attribute capability Type of attribute: Session-level and media-level Subject to charset: No Purpose: Attribute capability containing an attribute name and associated value Appropriate values: See Section 3.3.1. Attribute name: tcap Long form name: Transport Protocol Capability Type of attribute: Session-level and media-level Subject to charset: No Purpose: Transport protocol capability listing one or more transport protocols Appropriate values: See Section 3.3.2. Andreasen Expires August 19, 2007 [Page 39] Internet-Draft SDP Capability Negotiation February 2007 Attribute name: pcfg Long form name: Potential Configuration Type of attribute: Media-level Subject to charset: No Purpose: Potential configuration for SDP capability negotiation Appropriate values: See Section 3.4.1. Attribute name: acfg Long form name: Actual configuration Type of attribute: Media-level Subject to charset: No Purpose: Actual configuration for SDP capability negotiation Appropriate values: See Section 3.4.2. 6.2. New SDP Capability Negotiation Option Tag Registry The IANA is hereby requested to create a new SDP Capability Negotiation Option Tag registry. An IANA SDP capability negotiation option tag registration MUST be documented in an RFC in accordance with the [RFC2434] Specification Required policy. The RFC MUST provide the name of the option tag, a syntax and a semantic specification of any new SDP attributes and any extensions to the potential and actual configuration attributes provided in this document. New SDP attributes that are intended to be capabilities for use by the capability negotiation framework MUST adhere to the guidelines provided in Section 3.3.3. Extensions to the potential and actual configuration attributes MUST adhere to the syntax provided in Section 3.4.1. and 3.4.2. The option tag "cap-v0" is defined in this document and the IANA is hereby requested to register this option tag. 6.3. New SDP Capability Negotiation Potential Configuration Parameter Registry The IANA is hereby requested to create a new SDP Capability Negotiation Potential Configuration Parameter registry. An IANA SDP Capability Negotiation potential configuration registration MUST be document in an RFC in accordance with the [RFC2434] Specification Required policy. The RFC MUST define the syntax and semantics of each new potential configuration parameter. The syntax MUST adhere to the syntax provided for extensions in Section 3.4.1. and the semantics MUST adhere to the semantics provided for extensions in Section 3.4.1. and 3.4.2. Associated with each registration MUST be the Andreasen Expires August 19, 2007 [Page 40] Internet-Draft SDP Capability Negotiation February 2007 encoding name for the parameter as well as a short descriptive name for it. The potential configuration parameters "a" for "attribute" and "t" for "transport protocol" are defined in this document and the IANA is hereby requested to register these. 7. To Do and Open Issues o Look for "EDITOR'S NOTE" throughout the document. 8. Acknowledgments This document is heavily influenced by the discussions and work done by the SDP Capability Negotiation Design team. The following people in particular provided useful comments and suggestions to either the document itself or the overall direction of the solution defined in here: Roni Even, Robert Gilman, Cullen Jennings, Matt Lepinski, Joerg Ott, Colin Perkins, and Thomas Stach. Francois Audet and Dan Wing provided useful comments on earlier versions of this document. 9. Change Log 9.1. draft-ietf-mmusic-sdp-capability-negotiation-03 The following are the major changes compared to version -02: o Base option tag name changed from "v0" to "cap-v0". o Added new section on extension capability attributes o Firmed up offer/answer procedures. o Added security considerations o Added IANA considerations 9.2. draft-ietf-mmusic-sdp-capability-negotiation-02 The following are the major changes compared to version -01: o Potential configurations are no longer allowed at the session level Andreasen Expires August 19, 2007 [Page 41] Internet-Draft SDP Capability Negotiation February 2007 o Renamed capability attributes ("capar" to "acap" and "ctrpr" to "tcap") o Changed name and semantics of the initial number (now called configuration number) in potential configuration attributes; must now be unique and can be used as a handle o Actual configuration attribute now includes configuration number from the selected potential configuration attribute o Added ABNF throughout o Specified that answerer should include "a=csup" in case of unsupported required extensions in offer. o Specified use of second offer/answer exchange when answerer selected a potential configuration o Updated rules (and added restrictions) for referencing media- and session-level capabilities in potential configurations (at the media level) o Added initial section on ICE interactions o Added initial section on receiving media before answer 9.3. draft-ietf-mmusic-sdp-capability-negotiation-01 The following are the major changes compared to version -00: o Media capabilities are no longer considered a core capability and hence have been removed. This leaves transport protocols and attributes as the only capabilities defined by the core. o Version attribute has been removed and an option tag to indicate the actual version has been defined instead. o Clarified rules for session-level and media level attributes provided at either level as well how they can be used in potential configurations. o Potential configuration parameters no longer have implicit ordering; an explicit preference indicator is now included. o The parameter name for transport protocols in the potential and actual configuration attributes have been changed "p" to "t". Andreasen Expires August 19, 2007 [Page 42] Internet-Draft SDP Capability Negotiation February 2007 o Clarified operator precedence within potential and actual configuration attributes. o Potential configurations at the session level now limited to indicate latent capability configurations. Consequently, an actual configuration attribute can no longer be provided at the session level. o Cleaned up capability and potential configuration terminology - they are now two clearly different things. 9.4. draft-ietf-mmusic-sdp-capability-negotiation-00 Version 00 is the initial version. The solution provided in this initial version is based on an earlier (individual submission) version of [SDPCapNeg]. The following are the major changes compared to that document: o Solution no longer based on RFC 3407, but defines a set of similar attributes (with some differences). o Various minor changes to the previously defined attributes. o Multiple transport capabilities can be included in a single "tcap" attribute o A version attribute is now included. o Extensions to the framework are formally supported. o Option tags and the ability to list supported and required extensions are supported. o A best-effort SRTP example use case has been added. o Some terminology change throughout to more clearly indicate what constitutes capabilities and what constitutes configurations. Andreasen Expires August 19, 2007 [Page 43] Internet-Draft SDP Capability Negotiation February 2007 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2234] Crocker, D. and Overell, P.(Editors), "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, Internet Mail Consortium and Demon Internet Ltd., November 1997. [RFC3264] Rosenberg, J., and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, June 2002. [RFC3407] F. Andreasen, "Session Description Protocol (SDP) Simple Capability Declaration", RFC 3407, October 2002. [RFC3605] C. Huitema, "Real Time Control Protocol (RTCP) attribute in Session Description Protocol (SDP)", RFC 3605, October 2003. [RFC4234] Crocker, D., and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005. [SDP] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 10.2. Informative References [RFC2046] Freed, N., and N. Borensteain, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, November 1996. [RFC2327] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 2327, April 1998. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. Andreasen Expires August 19, 2007 [Page 44] Internet-Draft SDP Capability Negotiation February 2007 [RFC3388] Camarillo, G., Eriksson, G., Holler, J., and H. Schulzrinne, "Grouping of Media Lines in the Session Description Protocol (SDP)", RFC 3388, December 2002. [RFC3551] Schulzrinne, H., and S. Casner, "RTP Profile for Audio and Video Conferences with Minimal Control", RFC 3551, July 2003. [SRTP] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, March 2004. [RFC3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, July 2004. [RFC4091] Camarillo, G., and J. Rosenberg, The Alternative Network Address Types (ANAT) Semantics for the Session Description Protocol (SDP) Grouping Framework, RFC 4091, June 2005. [AVPF] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, "Extended RTP Profile for RTCP-Based Feedback (RTP/AVPF)", Work in Progress, August 2004. [I-D.jennings-sipping-multipart] Wing, D., and C. Jennings, "Session Initiation Protocol (SIP) Offer/Answer with Multipart Alternative", Work in Progress, March 2006. [SAVPF] Ott, J., and E Carrara, "Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)", Work in Progress, December 2005. [SDES] Andreasen, F., Baugher, M., and D. Wing, "Session Description Protocol Security Descriptions for Media Streams", RFC 4568, July 2006. [SDPng] Kutscher, D., Ott, J., and C. Bormann, "Session Description and Capability Negotiation", Work in Progress, February 2005. [BESRTP] Kaplan, H., and F. Audet, "Session Description Protocol (SDP) Offer/Answer Negotiation for Best-Effort Secure Real- Time Transport Protocol, Work in progress, August 2006. Andreasen Expires August 19, 2007 [Page 45] Internet-Draft SDP Capability Negotiation February 2007 [KMGMT] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E. Carrara, "Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP)", RFC 4567, July 2006. [SDPCapNegRqts] Andreasen, F. "SDP Capability Negotiation: Requirementes and Review of Existing Work", work in progress, December 2006. [SDPCapNeg] Andreasen, F. "SDP Capability Negotiation", work in progress, December 2006. [MIKEY] J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830, August 2004. [ICE] J. Rosenberg, "Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", work in progress, January 2007. [ICETCP] J. Rosenberg, "TCP Candidates with Interactive Connectivity Establishment (ICE)", work in progress, October 2006. [RFC3312] G. Camarillo, W. Marshall, and J. Rosenberg, "Integration of Resource Management and Session Initiatio Protocol (SIP)", RFC 3312, October 2002. [SMIME] B. Ramsdell, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, July 2004. [RFC4474] J. Peterson, and C. Jennings, "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)", RFC 4474, August 2006. [sprecon] Andreasen, F. and D. Wing, "Security Preconditions for Session Description Protocol Media Streams", Work in Progress, October 2006. Andreasen Expires August 19, 2007 [Page 46] Internet-Draft SDP Capability Negotiation February 2007 Author's Addresses Flemming Andreasen Cisco Systems Edison, NJ Email: fandreas@cisco.com Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF Andreasen Expires August 19, 2007 [Page 47] Internet-Draft SDP Capability Negotiation February 2007 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Andreasen Expires August 19, 2007 [Page 48]