Network Working Group G. Camarillo Request for Comments: 4583 Ericsson Category: Standards Track November 2006 Session Description Protocol (SDP) Format for Binary Floor Control Protocol (BFCP) Streams Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2006).
AbstractThis document specifies how to describe Binary Floor Control Protocol (BFCP) streams in Session Description Protocol (SDP) descriptions. User agents using the offer/answer model to establish BFCP streams use this format in their offers and answers. 1. Introduction ....................................................2 2. Terminology .....................................................2 3. Fields in the 'm' Line ..........................................2 4. Floor Control Server Determination ..............................3 5. The 'confid' and 'userid' SDP Attributes ........................5 6. Association between Streams and Floors ..........................5 7. TCP Connection Management .......................................5 8. Authentication ..................................................6 9. Examples ........................................................7 10. Security Considerations ........................................8 11. IANA Considerations ............................................8 11.1. Registration of the 'TCP/BFCP' and 'TCP/TLS/BFCP' SDP 'proto' Values ........................................8 11.2. Registration of the SDP 'floorctrl' Attribute .............8 11.3. Registration of the SDP 'confid' Attribute ................9 11.4. Registration of the SDP 'userid' Attribute ................9 11.5. Registration of the SDP 'floorid' Attribute ..............10 12. Acknowledgements ..............................................10 13. Normative References ..........................................10
8], a given BFCP client needs a set of data in order to establish a BFCP connection to a floor control server. These data include the transport address of the server, the conference identifier, and the user identifier. One way for clients to obtain this information is to use an offer/answer  exchange. This document specifies how to encode this information in the SDP session descriptions that are part of such an offer/answer exchange. User agents typically use the offer/answer model to establish a number of media streams of different types. Following this model, a BFCP connection is described as any other media stream by using an SDP 'm' line, possibly followed by a number of attributes encoded in 'a' lines. RFC 2119  and indicate requirement levels for compliant implementations. 11], the 'm' line format is the following: m=<media> <port> <transport> <fmt> ... The media field MUST have a value of "application". The port field is set following the rules in . Depending on the value of the 'setup' attribute (discussed in Section 7), the port field contains the port to which the remote endpoint will initiate its TCP connection or is irrelevant (i.e., the endpoint will initiate the connection towards the remote endpoint) and should be set to a value of 9, which is the discard port. Since BFCP only runs on top of TCP, the port is always a TCP port. A port field value of zero has the standard SDP meaning (i.e., rejection of the media stream).
We define two new values for the transport field: TCP/BFCP and TCP/TLS/BFCP. The former is used when BFCP runs directly on top of TCP, and the latter is used when BFCP runs on top of TLS, which in turn runs on top of TCP. The fmt (format) list is ignored for BFCP. The fmt list of BFCP 'm' lines SHOULD contain a single "*" character. The following is an example of an 'm' line for a BFCP connection: m=application 50000 TCP/TLS/BFCP * 2] is: floor-control-attribute = "a=floorctrl:" role *(SP role) role = "c-only" / "s-only" / "c-s" The offerer includes this attribute to state all the roles it would be willing to perform: c-only: The offerer would be willing to act as a floor control client only. s-only: The offerer would be willing to act as a floor control server only.
c-s: The offerer would be willing to act both as a floor control client and as a floor control server. If an 'm' line in an offer contains a 'floorctrl' attribute, the answerer MUST include one in the corresponding 'm' line in the answer. The answerer includes this attribute to state which role the answerer will perform. That is, the answerer chooses one of the roles the offerer is willing to perform and generates an answer with the corresponding role for the answerer. Table 1 shows the corresponding roles for an answerer, depending on the offerer's role. +---------+----------+ | Offerer | Answerer | +---------+----------+ | c-only | s-only | | s-only | c-only | | c-s | c-s | +---------+----------+ Table 1: Roles The following are the descriptions of the roles when they are chosen by an answerer: c-only: The answerer will act as a floor control client. Consequently, the offerer will act as a floor control server. s-only: The answerer will act as a floor control server. Consequently, the offerer will act as a floor control client. c-s: The answerer will act both as a floor control client and as a floor control server. Consequently, the offerer will also act both as a floor control client and as a floor control server. Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'floorctrl' attribute. A floor control server acting as an offerer or as an answerer SHOULD include this attribute in its session descriptions. If the 'floorctrl' attribute is not used in an offer/answer exchange, by default the offerer and the answerer will act as a floor control client and as a floor control server, respectively. The following is an example of a 'floorctrl' attribute in an offer. When this attribute appears in an answer, it only carries one role: a=floorctrl:c-only s-only c-s
2] is: confid-attribute = "a=confid:" conference-id conference-id = token userid-attribute = "a=userid:" user-id user-id = token The 'confid' and the 'userid' attributes carry the integer representation of a conference ID and a user ID, respectively. Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'confid' and the 'userid' attributes. A floor control server acting as an offerer or as an answerer SHOULD include these attributes in its session descriptions. 2] is: floor-id-attribute = "a=floorid:" token [" mstrm:" token *(SP token)] The 'floorid' attribute is used in BFCP 'm' lines. It defines a floor identifier and, possibly, associates it with one or more media streams. The token representing the floor ID is the integer representation of the Floor ID to be used in BFCP. The token representing the media stream is a pointer to the media stream, which is identified by an SDP label attribute . Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'floorid' and the 'label' attributes. A floor control server acting as an offerer or as an answerer SHOULD include these attributes in its session descriptions. 7].
The 'setup' attribute indicates which of the endpoints (client or floor control server) initiates the TCP connection. The 'connection' attribute handles TCP connection reestablishment. The BFCP specification  describes a number of situations when the TCP connection between a client and the floor control server needs to be reestablished. However, that specification does not describe the reestablishment process because this process depends on how the connection was established in the first place. BFCP entities using the offer/answer model follow the following rules. When the existing TCP connection is reset following the rules in , the client SHOULD generate an offer towards the floor control server in order to reestablish the connection. If a TCP connection cannot deliver a BFCP message and times out, the entity that attempted to send the message (i.e., the one that detected the TCP timeout) SHOULD generate an offer in order to reestablish the TCP connection. Endpoints that use the offer/answer model to establish BFCP connections MUST support the 'setup' and 'connection' attributes. 6] to provide an integrity-protected channel with optional confidentiality for the offer/answer exchange. BFCP takes advantage of this integrity-protected offer/answer exchange to perform authentication. Within the offer/answer exchange, the offerer and answerer exchange the fingerprints of their self-signed certificates. These self-signed certificates are then used to establish the TLS connection that will carry BFCP traffic between the offerer and the answerer. BFCP clients and floor control servers follow the rules in  regarding certificate choice and presentation. This implies that unless a 'fingerprint' attribute is included in the session description, the certificate provided at the TLS-level MUST either be directly signed by one of the other party's trust anchors or be validated using a certification path that terminates at one of the other party's trust anchors . Endpoints that use the offer/answer
model to establish BFCP connections MUST support the 'fingerprint' attribute and SHOULD include it in their session descriptions. When TLS is used, once the underlaying TCP connection is established, the answerer acts as the TLS server regardless of its role (passive or active) in the TCP establishment procedure.
8], SDP , and offer/answer  specifications discuss security issues related to BFCP, SDP, and offer/answer, respectively. In addition,  and  discuss security issues related to the establishment of TCP and TLS connections using an offer/answer model. BFCP assumes that an initial integrity-protected channel is used to exchange self-signed certificates between a client and the floor control server. For session descriptions carried in SIP , S/MIME  is the natural choice to provide such a channel.
Allowed attribute values: 1*("c-only" / "s-only" / "c-s")
 Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005.  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, June 2002.  Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.  Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Certificate Handling", RFC 3850, July 2004.
 Yon, D. and G. Camarillo, "TCP-Based Media Transport in the Session Description Protocol (SDP)", RFC 4145, September 2005.  Camarillo, G., Ott, J., and K. Drage, "The Binary Floor Control Protocol (BFCP)", RFC 4582, November 2006.  Levin, O. and G. Camarillo, "The Session Description Protocol (SDP) Label Attribute", RFC 4574, July 2006.  Lennox, J., "Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)", RFC 4572, July 2006.  Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006.
Full Copyright Statement Copyright (C) The IETF Trust (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST, AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at firstname.lastname@example.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.