Using the SDP Offer/Answer Mechanism for DTLS

defines SDP Offer/Answer procedures for SRTP-DTLS. This draft defines the SDP Offer/Answer procedures for negotiation DTLS in general, based on the procedures in . As defined in , a new DTLS association MUST be established when transport parameters are changed. Transport parameter change is not well defined when Interactive Connectivity Establishment (ICE) is used. One possible way to determine a transport change is based on ufrag change, but the ufrag value is changed both when ICE is negotiated and when ICE restart occurs. These events do not always require a new DTLS association to be established, but currently there is no way to explicitly indicate in an SDP offer or answer whether a new DTLS association is required. To solve that problem, this draft defines a new SDP attribute, 'dtls-connection'. The attribute is used in SDP offers and answers to explicitly indicate whether a new DTLS association is to be established/re-established. The attribute can be used both with and without ICE.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

A new DTLS association MUST be established in the following cases: The DTLS roles change; The fingerprint (certificate) value changes; or The establishment of a new DTLS association is explicitly signaled; NOTE: The first two items list above are based on the procedures in . This draft adds the support for explicit signaling. Whenever an entity determines, based on the criteria above, that a new DTLS association is required, the entity MUST initiate an associated SDP offer/answer transaction, following the procedures in . The sections below describe typical cases where a new DTLS association needs to be established.

If an endpoint modifies its local transport parameters (address and/or port), and if the modification requires a new DTLS association, the endpoint MUST change its DTLS role, change its fingerprint value, and/or use the SDP 'dtls-connection' attribute with a 'new' value . If the underlying transport explicitly prohibits a DTLS association to span multiple transports, the SDP 'dtls-connection' attribute MUST be set to 'new' if the transport is changed. An example of such case is when DTLS is carried over SCTP, as described in .

If an endpoint uses ICE, and modifies a local ufrag value, and if the modification requires a new DTLS association, the endpoint MUST either change its DTLS role, its fingerprint value and/or use the SDP 'dtls-connection' attribute with a 'new' value .

It is possible to associate multiple SDP fingerprint attribute values to an 'm-' line. If any of the attribute values associated with an 'm-' line are removed, or if any new attribute values are added, it is considered a fingerprint value change.

The SDP 'connection' attribute was originally defined for connection-oriented protocols, e.g. TCP and TLS. This section defines a similar attribute, 'dtls-connection', to be used with DTLS.

A 'dtls-connection' attribute value of 'new' indicates that a new DTLS association MUST be established. A 'dtls-connection' attribute value of 'existing' indicates that a new DTLS association MUST NOT be established. Unlike the SDP 'connection' attribute for TLS, there is no default value defined for the 'dtls-connection' attribute. Implementations that wish to use the attribute MUST explicitly include it in SDP offers and answers. If an offer or answer does not contain an attribute (this could happen if the offerer or answerer represents an existing implementation that has not been updated to support the attribute defined in this specification), other means needs to be used in order for endpoints to determine whether an offer or answer is associated with an event that requires the DTLS association to be re-established. The mux category for the 'dtls-connection' attribute is 'IDENTICAL', which means that the attribute value must be identical across all media descriptions being multiplexed . For RTP-based media, the 'dtls-connection' attribute apply to whole associated media description. The attribute MUST NOT be defined per source (using the SDP 'ssrc' attribute ). The SDP Offer/Answer procedures associated with the attribute are defined in

This section defines the generic SDP offer/answer procedures for negotiating a DTLS association. Additional procedures (e.g. regarding usage of specific SDP attributes etc) for individual DTLS usages (e.g. SRTP-DTLS) are outside the scope of this specification, and need to be specified in a usage specific specification. NOTE: The procedures in this section are generalizations of procedures first specified in SRTP-DTLS , with the addition of usage of the SDP 'dtls-connection' attribute. That document is herein revised to make use of these new procedures. The procedures in this section apply to an SDP media description ("m=" line) associated a DTLS-protected media/data stream. In order to negotiate a DTLS association, the following SDP attributes are used: The SDP 'setup' attribute, defined in , is used to negotiate the DTLS roles; The SDP 'fingerprint' attribute, defined in , is used to provide the fingerprint value; and The SDP 'dtls-connection' attribute, defined in this specification, is used to explicitly indicate whether a new DTLS association is to be established or a previous association is to be used. This specification does not define the usage of the SDP 'connection' attribute for negotiating a DTLS connection. However, the attribute MAY be used if the DTLS connection is used together with another protocol, e.g. SCTP or TCP, for which the usage of the attribute has been defined. Unlike for TCP and TLS connections, endpoints MUST NOT use the SDP 'setup' attribute 'holdconn' value when negotiating a DTLS association. Endpoints MUST support SHA-256 for generating and verifying the fingerprint value associated with the DTLS association. The use of SHA-256 is preferred. Endpoints MUST, at a minimum, support TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. UDPTL over DTLS MUST prefer TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and any other Perfect Forward Secrecy (PFS) cipher suites over non-PFS cipher suites. Implementations SHOULD disable TLS-level compression. The certificate received during the DTLS handshake MUST match the fingerprint received in the SDP "fingerprint" attribute. If the fingerprint does not match the hashed certificate, then the endpoint MUST tear down the media session immediately. Note that it is permissible to wait until the other side's fingerprint has been received before establishing the connection; however, this may have undesirable latency effects.

When the offerer sends the initial offer, and the offerer wants to establish a DTLS association, it MUST insert an SDP 'dtls-connection' attribute with a 'new' value in the offer. In addition, the offerer MUST insert an SDP 'setup' attribute according to the procedures in , and an SDP 'fingerprint' attribute according to the procedures in , in the offer. If the offerer inserts the SDP 'setup' attribute with an 'actpass' or 'passive' value, the offerer MUST be prepared to receive a DTLS ClientHello message (if a new DTLS association is established by the answerer) from the answerer before it receives the SDP answer.

If an answerer receives an offer that contains an SDP 'dtls-connection' attribute with a 'new' value, or if the answerer receives an offer that contains an 'dtls-connection' attribute with an 'existing' value and the answerer determines (based on the criteria for establishing a new DTLS association) that a new DTLS association is to be established, the answerer MUST insert a 'new' value in the associated answer. In addition, the answerer MUST insert an SDP 'setup' attribute according to the procedures in , and an SDP 'fingerprint' attribute according to the procedures in , in the answer. If an answerer receives an offer that contains an SDP 'dtls-connection' attribute with a 'new' value, and if the answerer does not accept the establishment of a new DTLS association, the answerer MUST reject the "m=" lines associated with the suggested DTLS association . If an answerer receives an offer that contains a 'dtls-connection' attribute with an 'existing' value, and if the answerer determines that a new DTLS association is not to be established, the answerer MUST insert a 'dtls-connection' attribute with an 'existing' value in the associated answer. In addition, the answerer MUST insert an SDP 'setup' attribute with a value that does not change the previously negotiated DTLS roles, and an SDP 'fingerprint' attribute with a value that does not change the previously sent fingerprint, in the answer. If the answerer receives an offer that does not contain an SDP 'dtls-connection' attribute, the answerer MUST NOT insert a 'dtls-connection' attribute in the answer. If a new DTLS association is to be established, and if the answerer inserts an SDP 'setup' attribute with an 'active' value in the answer, the answerer MUST initiate a DTLS handshake by sending a DTLS ClientHello message towards the offerer.

When an offerer receives an answer that contains an SDP 'dtls-connection' attribute with a 'new' value, and if the offerer becomes DTLS client (based on the value of the SDP 'setup' attribute value ), the offerer MUST establish a DTLS association. If the offerer becomes DTLS server, it MUST wait for the answerer to establish the DTLS association. If the answer contains an SDP 'dtls-connection' attribute with an 'existing' value, the offerer will continue using the previously established DTLS association. It is considered an error case if the answer contains a 'dtls-connection' attribute with an 'existing' value, and a DTLS association does not exist. An offerer needs to be able to handle error conditions that can occur during an offer/answer transaction, e.g. if an answer contains an SDP 'dtls-connection' attribute with an 'existing' value even if no DTLS connection exists, or if the answer contains a new fingerprint value for an existing DTLS connection. If such error case occurs, the offerer SHOULD terminate the associated DTLS connection (if it exists) and send a new offer in order to terminate each media stream using the DTLS association, by setting the associated port value to zero .

When the offerer sends a subsequent offer, and if the offerer wants to establish a new DTLS association, the offerer MUST insert an SDP 'dtls-connection' attribute with a 'new' value in the offer. In addition, the offerer MUST insert an SDP 'setup' attribute according to the procedures in , and an SDP 'fingerprint' attribute according to the procedures in , in the offer. when the offerer sends a subsequent offer, and the offerer does not want to establish a new DTLS association, and if a previously established DTLS association exists, the offerer MUST insert an SDP 'dtls-connection' attribute with an 'existing' value in the offer. In addition, the offerer MUST insert an SDP 'setup' attribute with a value that does not change the previously negotiated DTLS roles, and an SDP 'fingerprint' attribute with a value that does not change the previously sent fingerprint, in the offer. NOTE: When a new DTLS association is established, each endpoint needs to be prepared to receive data on both the new and old DTLS associations as long as both are alive.

When ICE is used, the ICE connectivity checks are performed before the DTLS handshake begins. Note that if aggressive nomination mode is used, multiple candidate pairs may be marked valid before ICE finally converges on a single candidate pair. An ICE restart does not by default require a new DTLS association to be established. As defined in , each ICE candidate associated with a component is treated as being part of the same DTLS association. Therefore, from a DTLS perspective it is not considered a change of local transport parameters when an endpoint switches between those ICE candidates.

If DTLS is transported on top of a connection-oriented transport protocol (e.g. TCP or SCTP), where all IP packets are acknowledged, all DTLS packets associated with a previous DTLS association MUST be acknowledged (or timed out) before a new DTLS association can be established on the same transport.

When the Session Initiation Protocol (SIP) is used as the signal protocol for establishing a multimedia session, dialogs might be established between the caller and multiple callees. This is referred to as forking. If forking occurs, separate DTLS associations MUST be established between the caller and each callee. It is possible to send an INVITE request which does not contain an SDP offer. Such INVITE request is often referred to as an 'empty INVITE', or an 'offerless INVITE'. The receiving endpoint will include the SDP offer in a response associated with the response. When the endpoint generates such SDP offer, it MUST assign an SDP 'dtls-connection' attribute, with a 'new' value, to each 'm-' line that describes DTLS protected media. If ICE is used, the endpoint MUST allocate a new set of ICE candidates, in order to ensure that two DTLS association would not be running over the same transport.

This section updates specifications that use DTLS-protected media, in order to reflect the procedures defined in this specification.

This specification does not modify the security considerations associated with DTLS, or the SDP offer/answer mechanism. In addition to the introduction of the SDP 'dtls-connection' attribute, the specification simply clarifies the procedures for negotiating and establishing a DTLS association.

This document updates the "Session Description Protocol Parameters" registry as specified in Section 8.2.2 of . Specifically, it adds the SDP dtls-connection attribute to the table for SDP media level attributes.

Thanks to Justin Uberti, Martin Thomson, Paul Kyzivat and Jens Guballa for providing comments and suggestions on the draft.

[RFC EDITOR NOTE: Please remove this section when publishing] Changes from draft-ietf-mmusic-sdp-dtls-06 Text on restrictions regarding spanning a DTLS connection over multiple transports added. Mux category added to IANA Considerations. Normative text regarding mux category and source-specific applicability added. Reference to RFC 7315 added. Clarified that offerer/answerer that has not been updated to support this specification will not include the dtls-connection attribute in offers and answers. Editorial corrections based on WGLC comments from Charles Eckel. Changes from draft-ietf-mmusic-sdp-dtls-05 Text on handling offer/answer error conditions added. Changes from draft-ietf-mmusic-sdp-dtls-04 Editorial nits fixed based on comments from Paul Kyzivat: Changes from draft-ietf-mmusic-sdp-dtls-03 Changes based on comments from Paul Kyzivat: - Modification of dtls-connection attribute section. - Removal of IANA considerations subsection. - Making note into normative text in o/a section. Changes based on comments from Martin Thompson: - Abbreviations section removed. - Clarify that a new DTLS association requires a new o/a transaction. Changes from draft-ietf-mmusic-sdp-dtls-02 - Updated RFCs added to boilerplate. Changes from draft-ietf-mmusic-sdp-dtls-01 - Annex regarding 'dtls-connection-id' attribute removed. - Additional SDP offer/answer procedures, related to certificates, added. - Updates to RFC 5763 and RFC 7345 added. - Transport protocol considerations added. Changes from draft-ietf-mmusic-sdp-dtls-00 - SDP 'connection' attribute replaced with new 'dtls-connection' attribute. - IANA Considerations added. - E-mail regarding 'dtls-connection-id' attribute added as Annex. Changes from draft-holmberg-mmusic-sdp-dtls-01 - draft-ietf-mmusic version of draft submitted. - Draft file name change (sdp-dtls -> dtls-sdp) due to collision with another expired draft. - Clarify that if ufrag in offer is unchanged, it must be unchanged in associated answer. - SIP Considerations section added. - Section about multiple SDP fingerprint attributes added. Changes from draft-holmberg-mmusic-sdp-dtls-00 - Editorial changes and clarifications.