| draft-ietf-mmusic-kmgmt-ext-10.txt | draft-ietf-mmusic-kmgmt-ext-11.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force J. Arkko | Internet Engineering Task Force J. Arkko | |||
| MMUSIC Working Group E. Carrara | MMUSIC Working Group E. Carrara | |||
| INTERNET-DRAFT F. Lindholm | INTERNET-DRAFT F. Lindholm | |||
| Expires: August 2004 M. Naslund | Expires: October 2004 M. Naslund | |||
| K. Norrman | K. Norrman | |||
| Ericsson | Ericsson | |||
| February 2004 | April 2004 | |||
| Key Management Extensions for Session Description | Key Management Extensions for Session Description | |||
| Protocol (SDP) and Real Time Streaming Protocol (RTSP) | Protocol (SDP) and Real Time Streaming Protocol (RTSP) | |||
| <draft-ietf-mmusic-kmgmt-ext-10.txt> | <draft-ietf-mmusic-kmgmt-ext-11.txt> | |||
| Status of this memo | Status of this memo | |||
| This document is an Internet-Draft and is in full conformance with | By submitting this Internet-Draft, I certify that any applicable | |||
| all provisions of Section 10 of RFC2026. | patent or other IPR claims of which I am (we are) aware have been | |||
| disclosed, and any of which I (we) become aware will be disclosed, in | ||||
| accordance with RFC 3668 (BCP 79). | ||||
| By submitting this Internet-Draft, I accept the provisions of Section | ||||
| 3 of RFC 3667 (BCP 78). | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| groups may also distribute working documents as Internet-Drafts. | groups may also distribute working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or cite them other than as "work in progress". | material or cite them other than as "work in progress". | |||
| skipping to change at page 2, line 21 | skipping to change at page 2, line 28 | |||
| TABLE OF CONTENTS | TABLE OF CONTENTS | |||
| 1. Introduction.....................................................2 | 1. Introduction.....................................................2 | |||
| 1.1. Notational Conventions.........................................4 | 1.1. Notational Conventions.........................................4 | |||
| 2. Extensions to SDP and RTSP.......................................4 | 2. Extensions to SDP and RTSP.......................................4 | |||
| 2.1. SDP Extensions.................................................4 | 2.1. SDP Extensions.................................................4 | |||
| 2.2. RTSP Extensions................................................5 | 2.2. RTSP Extensions................................................5 | |||
| 3. Usage with SDP, SIP, RTSP, and SAP...............................6 | 3. Usage with SDP, SIP, RTSP, and SAP...............................6 | |||
| 3.1. Use of SDP.....................................................7 | 3.1. Use of SDP.....................................................7 | |||
| 3.1.1 General processing............................................7 | 3.1.1 General processing............................................7 | |||
| 3.1.2 Use of SDP with offer/answer and SIP..........................8 | 3.1.2 Use of SDP with offer/answer and SIP..........................9 | |||
| 3.1.3 Use of SDP with SAP..........................................10 | 3.1.3 Use of SDP with SAP..........................................10 | |||
| 3.1.4 Bidding-down attack prevention...............................10 | 3.1.4 Bidding-down attack prevention...............................11 | |||
| 3.2. RTSP usage....................................................12 | 3.2. RTSP usage....................................................12 | |||
| 4. Example scenarios...............................................14 | 4. Example scenarios...............................................14 | |||
| 5. Adding further Key management protocols.........................18 | 5. Adding further Key management protocols.........................18 | |||
| 6. Integration of MIKEY............................................18 | 6. Integration of MIKEY............................................19 | |||
| 6.1 MIKEY Interface................................................19 | 6.1 MIKEY Interface................................................19 | |||
| 7. Security Considerations.........................................20 | 7. Security Considerations.........................................20 | |||
| 8. IANA Considerations.............................................21 | 8. IANA Considerations.............................................21 | |||
| 8.1. SDP Attribute Registration....................................21 | 8.1. SDP Attribute Registration....................................21 | |||
| 8.2. RTSP Registration.............................................21 | 8.2. RTSP Registration.............................................22 | |||
| 8.3. Protocol Identifier Registration..............................22 | 8.3. Protocol Identifier Registration..............................22 | |||
| 9. Acknowledgments.................................................23 | 9. Acknowledgments.................................................23 | |||
| 10. Author's Addresses.............................................23 | 10. Author's Addresses.............................................23 | |||
| 11. References.....................................................24 | 11. References.....................................................24 | |||
| 11.1. Normative References.........................................24 | 11.1. Normative References.........................................24 | |||
| 11.2. Informative References.......................................24 | 11.2. Informative References.......................................24 | |||
| 1. Introduction | 1. Introduction | |||
| [RFC Editor remark] All instances of RFC xxxx should be replaced | [RFC Editor remark] All instances of RFC xxxx should be replaced | |||
| skipping to change at page 4, line 38 | skipping to change at page 4, line 44 | |||
| parameters and keys are protected by the key management protocol. | parameters and keys are protected by the key management protocol. | |||
| The key management data SHALL be base64 [RFC3548] encoded and comply | The key management data SHALL be base64 [RFC3548] encoded and comply | |||
| with the base64 grammar as defined in [SDPnew]. The key management | with the base64 grammar as defined in [SDPnew]. The key management | |||
| protocol identifier, KMID, is defined as below in Augmented Backus- | protocol identifier, KMID, is defined as below in Augmented Backus- | |||
| Naur Form grammar (ABNF) [RFC2234]. | Naur Form grammar (ABNF) [RFC2234]. | |||
| KMID = 1*(ALPHA / DIGIT) | KMID = 1*(ALPHA / DIGIT) | |||
| Values for the identifier, KMID, are registered and defined in | Values for the identifier, KMID, are registered and defined in | |||
| accordance to Section 8. Note that the KMID will be case sensitive | accordance to Section 8. Note that the KMID is case sensitive and it | |||
| and it is RECOMMENDED that values registered are lower case letters. | is RECOMMENDED that values registered are lower case letters. | |||
| 2.1. SDP Extensions | 2.1. SDP Extensions | |||
| This section provides an ABNF grammar (as used in [SDPnew]) for the | This section provides an ABNF grammar (as used in [SDPnew]) for the | |||
| key management extensions to SDP. | key management extensions to SDP. | |||
| Note that the new definitions are compliant with the definition of an | Note that the new definitions are compliant with the definition of an | |||
| attribute field, i.e. | attribute field, i.e. | |||
| attribute = (att-field ":" att-value) | att-field | attribute = (att-field ":" att-value) | att-field | |||
| skipping to change at page 5, line 14 | skipping to change at page 5, line 21 | |||
| key-mgmt-att-value = 0*1SP prtcl-id SP keymgmt-data | key-mgmt-att-value = 0*1SP prtcl-id SP keymgmt-data | |||
| prtcl-id = KMID | prtcl-id = KMID | |||
| ; e.g. "mikey" | ; e.g. "mikey" | |||
| keymgmt-data = base64 | keymgmt-data = base64 | |||
| SP = 0x20 | SP = 0x20 | |||
| where KMID is as defined in Section 2 of this memo, base64 is as | where KMID is as defined in Section 2 of this memo, base64 is as | |||
| defined in SDP [SDPnew]. Prtcl-id refers to the set of values defined | defined in SDP [SDPnew]. Prtcl-id refers to the set of values defined | |||
| for KMID in Section 7. | for KMID in Section 8. | |||
| The attribute MAY be used at session level, media level, or at both | The attribute MAY be used at session level, media level, or at both | |||
| levels. An attribute defined at media level overrides an attribute | levels. An attribute defined at media level overrides an attribute | |||
| defined at session level. In other words, if the media level | defined at session level. In other words, if the media level | |||
| attribute is present, the session level attribute MUST be ignored for | attribute is present, the session level attribute MUST be ignored for | |||
| this media. Section 3.1 describes in detail how the attributes are | this media. Section 3.1 describes in detail how the attributes are | |||
| used and how the SDP is handled in different usage scenarios. | used and how the SDP is handled in different usage scenarios. | |||
| 2.2. RTSP Extensions | 2.2. RTSP Extensions | |||
| skipping to change at page 6, line 33 | skipping to change at page 6, line 40 | |||
| * It MUST be possible to execute the key management protocol in at | * It MUST be possible to execute the key management protocol in at | |||
| most one request-response message exchange. | most one request-response message exchange. | |||
| * It MUST be possible from the SIP/SDP and RTSP application, using | * It MUST be possible from the SIP/SDP and RTSP application, using | |||
| the key management API, to receive key management data, and | the key management API, to receive key management data, and | |||
| information of whether a message is accepted or not. | information of whether a message is accepted or not. | |||
| The content of the key management messages depends on the key | The content of the key management messages depends on the key | |||
| management protocol that is used. However, the content of such key | management protocol that is used. However, the content of such key | |||
| management messages might be expected to be roughly as follow. The | management messages might be expected to be roughly as follow: the | |||
| key management Initiator (e.g. the offerer) includes the key | key management Initiator (e.g. the offerer) includes the key | |||
| management data in a first message, containing the media description | management data in a first message, containing the media description | |||
| it should apply to. This data in general consists of the security | it should apply to. This data in general consists of the security | |||
| parameters (including key material) needed to secure the | parameters (including key material) needed to secure the | |||
| communication, together with the necessary authentication information | communication, together with the necessary authentication information | |||
| (to assure that the message is authentic). | (to assure that the message is authentic). | |||
| At the Responder's side, the key management protocol checks the | At the Responder's side, the key management protocol checks the | |||
| validity of the key management message, together with the | validity of the key management message, together with the | |||
| availability of the parameters offered, and then provides the key | availability of the parameters offered, and then provides the key | |||
| skipping to change at page 7, line 37 | skipping to change at page 7, line 42 | |||
| applicable, as there are cases where an answer can not or will not be | applicable, as there are cases where an answer can not or will not be | |||
| sent back. | sent back. | |||
| The general processing for creating an initial offer SHALL follow the | The general processing for creating an initial offer SHALL follow the | |||
| following actions: | following actions: | |||
| * The identifier of the key management protocol used MUST be placed | * The identifier of the key management protocol used MUST be placed | |||
| in the prtcl-id field of SDP. A table of legal protocols | in the prtcl-id field of SDP. A table of legal protocols | |||
| identifiers is maintained by IANA (see Section 8). | identifiers is maintained by IANA (see Section 8). | |||
| * The keymgmt-data field MUST be created as follows. The key | * The keymgmt-data field MUST be created as follows: the key | |||
| management protocol MUST be used to create the key management | management protocol MUST be used to create the key management | |||
| message. This message SHALL be base64 encoded [RFC3548] by the SDP | message. This message SHALL be base64 encoded [RFC3548] by the SDP | |||
| application and then encapsulated in the keymgmt-data attribute. | application and then encapsulated in the keymgmt-data attribute. | |||
| Note though that the semantics of the encapsulated message is | Note though that the semantics of the encapsulated message is | |||
| dependent on the key management protocol that is used. | dependent on the key management protocol that is used. | |||
| The general processing for handling a received offer SHALL follow the | The general processing for handling a received offer SHALL follow the | |||
| following actions: | following actions: | |||
| * The key management protocol is identified according to the prtcl-id | * The key management protocol is identified according to the prtcl-id | |||
| skipping to change at page 8, line 7 | skipping to change at page 8, line 13 | |||
| IANA (Section 8). | IANA (Section 8). | |||
| * The key management data from the keymgmt-data field MUST be | * The key management data from the keymgmt-data field MUST be | |||
| extracted, base64 decoded to reconstruct the original message, and | extracted, base64 decoded to reconstruct the original message, and | |||
| then passed to the key management protocol for processing. Note | then passed to the key management protocol for processing. Note | |||
| that depending on key management protocol, some extra parameters | that depending on key management protocol, some extra parameters | |||
| might also be requested by the specific API, such as the | might also be requested by the specific API, such as the | |||
| source/destination network address/port(s) for the specified media | source/destination network address/port(s) for the specified media | |||
| (however, this will be implementation specific depending on the | (however, this will be implementation specific depending on the | |||
| actual API). The extra parameters that a key management protocol | actual API). The extra parameters that a key management protocol | |||
| might need (other than the ones defined here) SHOULD be | might need (other than the ones defined here) MUST be documented, | |||
| documented, describing their use, as well as the interaction of | describing their use, as well as the interaction of that key | |||
| that key management protocol with SDP and RTSP. | management protocol with SDP and RTSP. | |||
| * If errors occur, or the key management offer is rejected, the | * If errors occur, or the key management offer is rejected, the | |||
| session SHALL be aborted. Possible error messages are dependent | session SHALL be aborted. Possible error messages are dependent | |||
| on the specific session establishment protocol. | on the specific session establishment protocol. | |||
| At this stage, the key management will have either accepted or | At this stage, the key management will have either accepted or | |||
| rejected the offered parameters. This MAY cause a response message to | rejected the offered parameters. This MAY cause a response message to | |||
| be generated, depending on the key management protocol and the | be generated, depending on the key management protocol and the | |||
| application scenario. | application scenario. | |||
| skipping to change at page 8, line 45 | skipping to change at page 8, line 51 | |||
| * The key management protocol is identified according to the prtcl-id | * The key management protocol is identified according to the prtcl-id | |||
| field. | field. | |||
| * The key management data from the keymgmt-data field MUST be | * The key management data from the keymgmt-data field MUST be | |||
| extracted, base64 decoded to reconstruct the original message, and | extracted, base64 decoded to reconstruct the original message, and | |||
| then passed to the key management protocol for processing. | then passed to the key management protocol for processing. | |||
| * If errors occur, or the key management offer is rejected, the | * If errors occur, or the key management offer is rejected, the | |||
| session SHALL be aborted. If possible an error message indicating | session SHALL be aborted. If possible an error message indicating | |||
| the failure SHOULD be sent back. Otherwise, if all the steps are | the failure SHOULD be sent back. | |||
| successful, the normal setup proceeds. | ||||
| Otherwise, if all the steps are successful, the normal setup | ||||
| proceeds. | ||||
| 3.1.2 Use of SDP with offer/answer and SIP | 3.1.2 Use of SDP with offer/answer and SIP | |||
| This section defines additional processing rules, to the general one | This section defines additional processing rules, to the general | |||
| defined in Section 3.1.1, applicable only to applications using SDP | rules defined in Section 3.1.1, applicable only to applications using | |||
| with the offer-answer model [OAM] (and in particular SIP). | SDP with the offer-answer model [OAM] (and in particular SIP). | |||
| When an initial offer is created, the following offer-answer specific | When an initial offer is created, the following offer-answer specific | |||
| procedure SHALL be applied: | procedure SHALL be applied: | |||
| * Before creating the key management data field, the list of protocol | * Before creating the key management data field, the list of protocol | |||
| identifiers MUST be provided by the SDP application to (each) key | identifiers MUST be provided by the SDP application to (each) key | |||
| management protocol, as defined in Section 3.1.4 (to defeat | management protocol, as defined in Section 3.1.4 (to defeat | |||
| bidding-down attacks). | bidding-down attacks). | |||
| For a received SDP offer that contains the key management attributes, | For a received SDP offer that contains the key management attributes, | |||
| skipping to change at page 9, line 26 | skipping to change at page 9, line 32 | |||
| * Before, or in conjunction with, passing the key management data to | * Before, or in conjunction with, passing the key management data to | |||
| the key management protocol, the complete list of protocol | the key management protocol, the complete list of protocol | |||
| identifier from the offer message is provided by the SDP | identifier from the offer message is provided by the SDP | |||
| application to the key management protocol (as defined in Section | application to the key management protocol (as defined in Section | |||
| 3.1.4). | 3.1.4). | |||
| When an answer is created, the following offer-answer specific | When an answer is created, the following offer-answer specific | |||
| procedure SHALL be applied: | procedure SHALL be applied: | |||
| * If the key management rejects the offer, the answerer SHOULD return | * If the key management rejects the offer, the answerer SHOULD return | |||
| a "606 Not Acceptable" message and optionally also including one | a "606 Not Acceptable" message, optionally also including one or | |||
| or more Warning headers (a 306 "Attribute not understood" when one | more Warning headers (a 306 "Attribute not understood" when one of | |||
| of the parameters is not supported, and a 399 "Miscellaneous | the parameters is not supported, and a 399 "Miscellaneous warning" | |||
| warning" with arbitrary information to be presented to a human | with arbitrary information to be presented to a human user or | |||
| user or logged, see Section 20.43 in [SIP]). Further details about | logged, see Section 20.43 in [SIP]). Further details about the | |||
| the cause of failure MAY be described in an included message from | cause of failure MAY be described in an included message from the | |||
| the key management protocol. The session is then aborted (and it | key management protocol. The session is then aborted (and it is up | |||
| is up to local policy or end user to decide how to continue). | to local policy or end user to decide how to continue). | |||
| Note that the key management attribute (related to the same key | Note that the key management attribute (related to the same key | |||
| management protocol) MAY be present both at session level and at | management protocol) MAY be present both at session level and at | |||
| media level. Consequently, the process SHALL be repeated for each | media level. Consequently, the process SHALL be repeated for each | |||
| such key management attribute detected. In case the key management | such key management attribute detected. In case the key management | |||
| processing of any such attribute does not succeed (e.g. | processing of any such attribute does not succeed (e.g. | |||
| authentication failure, parameters not supported etc.), on either | authentication failure, parameters not supported etc.), on either | |||
| session or media level, the entire session setup SHALL be aborted, | session or media level, the entire session setup SHALL be aborted, | |||
| including those parts of the session which successfully completed | including those parts of the session which successfully completed | |||
| their part of the key management. | their part of the key management. | |||
| skipping to change at page 11, line 34 | skipping to change at page 11, line 43 | |||
| where KMID is as defined in Section 2. | where KMID is as defined in Section 2. | |||
| For example, if the offered protocols are MIKEY and two yet-to-be- | For example, if the offered protocols are MIKEY and two yet-to-be- | |||
| invented protocols KEYP1, KEYP2, the SDP is: | invented protocols KEYP1, KEYP2, the SDP is: | |||
| v=0 | v=0 | |||
| o=alice 2891092738 2891092738 IN IP4 lost.example.com | o=alice 2891092738 2891092738 IN IP4 lost.example.com | |||
| s=Secret discussion | s=Secret discussion | |||
| t=0 0 | t=0 0 | |||
| c=IN IP4 lost.example.com | c=IN IP4 lost.example.com | |||
| a=key-mgmt:mikey <data1> | a=key-mgmt:mikey ddOoF9sdhskd727ghuiSDsdhsoKko7eWsnDSJD... | |||
| a=key-mgmt:keyp1 <data2> | a=key-mgmt:keyp1 727gkdOshsuiSDF9sdhsdKnD/dhsoSJokdo7eWD... | |||
| a=key-mgmt:keyp2 <data3> | a=key-mgmt:keyp2 DFsnuiSDSh9sdh Kksd/dhsoddo7eOok727gWsJD... | |||
| m=audio 39000 RTP/SAVP 98 | m=audio 39000 RTP/SAVP 98 | |||
| a=rtpmap:98 AMR/8000 | a=rtpmap:98 AMR/8000 | |||
| m=video 42000 RTP/SAVP 31 | m=video 42000 RTP/SAVP 31 | |||
| a=rtpmap:31 H261/90000 | a=rtpmap:31 H261/90000 | |||
| The protocol list, "mikey;keyp1;keyp2", would be generated from | The protocol list, "mikey;keyp1;keyp2", would be generated from | |||
| the SDP description and used as input to each specified key | the SDP description and used as input to each specified key | |||
| management protocol (together with the data for that protocol). | management protocol (together with the data for that protocol). | |||
| Each of the three protocols includes this protocol identifier | Each of the three protocols includes this protocol identifier | |||
| list in its authentication coverage (according to its protocol | list in its authentication coverage (according to its protocol | |||
| skipping to change at page 12, line 20 | skipping to change at page 12, line 27 | |||
| (Section 2.2). This also assumes that the key management also has | (Section 2.2). This also assumes that the key management also has | |||
| some kind of binding to the media, so that the response to the server | some kind of binding to the media, so that the response to the server | |||
| will be processed as required. | will be processed as required. | |||
| The server SHALL be the Initiator of the key management exchange for | The server SHALL be the Initiator of the key management exchange for | |||
| sessions in PLAY mode, i.e. transporting media from server to client. | sessions in PLAY mode, i.e. transporting media from server to client. | |||
| The below text describes the behavior for PLAY mode. For any other | The below text describes the behavior for PLAY mode. For any other | |||
| mode the behavior is not defined in this specification. | mode the behavior is not defined in this specification. | |||
| To obtain a session description, the client initially contacts the | To obtain a session description, the client initially contacts the | |||
| server via a DESCRIBE message (according to RTSP, a media description | server via a DESCRIBE message. The initial key management message | |||
| could also be obtained by other means e.g. using http). The initial | from the RTSP server is sent to the client in the SDP of the 200 OK | |||
| key management message from the RTSP server is sent to the client in | in response to the DESCRIBE. Note that only one key management | |||
| the SDP of the 200 OK in response to the DESCRIBE. Note that only one | protocol SHALL be used per session / media level. A server MAY allow | |||
| key management protocol SHALL be used per session / media level. A | the SDP with key-management attribute(s) to be distributed to the | |||
| server MAY allow the SDP with key-management attribute(s) to be | client though other means than RTSP, although this is not specified | |||
| distributed to the client though other means than RTSP. | here. | |||
| The "uri" parameter of the KeyMgmt header is used to indicate for the | The "uri" parameter of the KeyMgmt header is used to indicate for the | |||
| key management protocol on what context the carried message applies. | key management protocol on what context the carried message applies. | |||
| For key management messages on the SDP session level, the answer MUST | For key management messages on the SDP session level, the answer MUST | |||
| contain the RTSP aggregated control URL to indicate this. For Key | contain the RTSP aggregated control URL to indicate this. For Key | |||
| management messages initially on SDP media level, the key management | management messages initially on SDP media level, the key management | |||
| response message in the KeyMgmt header MAY use the RTSP media level | response message in the KeyMgmt header MAY use the RTSP media level | |||
| URL. For RTSP sessions not using aggregated control, i.e. no session | URL. For RTSP sessions not using aggregated control, i.e. no session | |||
| level control URI is defined, the key management protocol SHALL only | level control URI is defined, the key management protocol SHALL only | |||
| be invoked on individual media streams. In this case also, the key | be invoked on individual media streams. In this case also, the key | |||
| management response SHALL be on individual media streams (i.e. one | management response SHALL be on individual media streams (i.e. one | |||
| RTSP key management header per media). | RTSP key management header per media). | |||
| When responding to the initial key management message, the client | When responding to the initial key management message, the client | |||
| uses the new RTSP header (KeyMgmt) to send back an answer. How this | uses the new RTSP header (KeyMgmt) to send back an answer. How this | |||
| is done depends on the usage context. | is done depends on the usage context: | |||
| * Key management protocol responses for the initial establishment of | * Key management protocol responses for the initial establishment of | |||
| security parameters for an aggregated RTSP session SHALL be sent | security parameters for an aggregated RTSP session SHALL be sent | |||
| in the first SETUP of the session. This means that if the key | in the first SETUP of the session. This means that if the key | |||
| management is declared for the whole session but is setup in non- | management is declared for the whole session but is setup in non- | |||
| aggregated fashion, i.e. one media per RTSP session, each SETUP | aggregated fashion, i.e. one media per RTSP session, each SETUP | |||
| MUST carry the same response for the session level context. When | MUST carry the same response for the session level context. When | |||
| performing a setup of the second or any subsequent media in a RTSP | performing a setup of the second or any subsequent media in a RTSP | |||
| session the same key management parameters as established for the | session the same key management parameters as established for the | |||
| first media also applies to these setups. | first media also applies to these setups. | |||
| skipping to change at page 13, line 28 | skipping to change at page 13, line 34 | |||
| except that, if there is an error, the session is aborted (no error | except that, if there is an error, the session is aborted (no error | |||
| is sent back). | is sent back). | |||
| The client SHALL create the response, using the key management header | The client SHALL create the response, using the key management header | |||
| in RTSP, as follows: | in RTSP, as follows: | |||
| * The identifier of the key management protocol used (e.g. MIKEY) | * The identifier of the key management protocol used (e.g. MIKEY) | |||
| MUST be placed in the "prot" field of the header. The prot values | MUST be placed in the "prot" field of the header. The prot values | |||
| are maintained by IANA (Section 8). | are maintained by IANA (Section 8). | |||
| * The keymgmt-data field MUST be created as follows. The key | * The keymgmt-data field MUST be created as follows: the key | |||
| management protocol MUST be used to create the key management | management protocol MUST be used to create the key management | |||
| message. This message SHALL be base64 encoded by the RTSP | message. This message SHALL be base64 encoded by the RTSP | |||
| application and then encapsulated in the "data" field of the | application and then encapsulated in the "data" field of the | |||
| header. The semantic of the encapsulated message is dependent on | header. The semantic of the encapsulated message is dependent on | |||
| the key management protocol that is used. | the key management protocol that is used. | |||
| * Include if necessary the URL to indicate the context in the "uri" | * Include, if necessary, the URL to indicate the context in the "uri" | |||
| parameter. | parameter. | |||
| The server SHALL process a received key management header in RTSP as | The server SHALL process a received key management header in RTSP as | |||
| follow: | follow: | |||
| * The key management protocol is identified according to the "prot" | * The key management protocol is identified according to the "prot" | |||
| field. | field. | |||
| * The key management data from the "data" field MUST be extracted, | * The key management data from the "data" field MUST be extracted, | |||
| base64 decoded to reconstruct the original message, and then | base64 decoded to reconstruct the original message, and then | |||
| skipping to change at page 14, line 13 | skipping to change at page 14, line 22 | |||
| specify (within the RTSP status code message or through key | specify (within the RTSP status code message or through key | |||
| management messages) details about the type of error that | management messages) details about the type of error that | |||
| occurred. | occurred. | |||
| Re-keying within RTSP is for further study, given that media updating | Re-keying within RTSP is for further study, given that media updating | |||
| mechanisms within RTSP are unspecified at the time this document is | mechanisms within RTSP are unspecified at the time this document is | |||
| written. | written. | |||
| 4. Example scenarios | 4. Example scenarios | |||
| The following examples utilizes MIKEY [MIKEY] as key management | The following examples utilize MIKEY [MIKEY] as the key management | |||
| protocol to be integrated into SDP and RTSP (see Section 5.1.). | protocol to be integrated into SDP and RTSP (see Section 5.1.). | |||
| Example 1 (SIP/SDP) | Example 1 (SIP/SDP) | |||
| A SIP call is taking place between Alice and Bob. Alice sends an | A SIP call is taking place between Alice and Bob. Alice sends an | |||
| Invite message consisting of the following offer: | Invite message consisting of the following offer: | |||
| v=0 | v=0 | |||
| o=alice 2891092738 2891092738 IN IP4 w-land.example.com | o=alice 2891092738 2891092738 IN IP4 w-land.example.com | |||
| s=Cool stuff | s=Cool stuff | |||
| skipping to change at page 18, line 24 | skipping to change at page 18, line 36 | |||
| This framework cannot be used with all key management protocols. The | This framework cannot be used with all key management protocols. The | |||
| key management protocol needs to comply with the requirements | key management protocol needs to comply with the requirements | |||
| described in Section 3. In addition to this, the following needs to | described in Section 3. In addition to this, the following needs to | |||
| be defined: | be defined: | |||
| * The key management protocol identifier to be used as the protocol | * The key management protocol identifier to be used as the protocol | |||
| identifier should be registered at IANA according to Section 8. | identifier should be registered at IANA according to Section 8. | |||
| * The information that the key management needs from SDP and RTSP, | * The information that the key management needs from SDP and RTSP, | |||
| and vice versa, as described in Section 3. The exact API is | and vice versa, as described in Section 3. The exact API is | |||
| implementation specific, but it SHOULD at least support the | implementation specific, but it MUST at least support the exchange | |||
| exchange of the specified information. | of the specified information. | |||
| * The key management protocol to be added MUST be such, that the | * The key management protocol to be added MUST be such, that the | |||
| processing in Section 3 (describing its interactions with SDP and | processing in Section 3 (describing its interactions with SDP and | |||
| RTSP) can be applied. Note in particular, Section 3.1.4 requires | RTSP) can be applied. Note in particular, Section 3.1.4 requires | |||
| each key management protocol to specify how the list of protocol | each key management protocol to specify how the list of protocol | |||
| identifiers is authenticated inside that key management protocol. | identifiers is authenticated inside that key management protocol. | |||
| The key management MUST always be given the protocol identifier(s) | The key management MUST always be given the protocol identifier(s) | |||
| of the key management protocol(s) included in the offer in the | of the key management protocol(s) included in the offer in the | |||
| correct order as they appear. | correct order as they appear. | |||
| skipping to change at page 19, line 18 | skipping to change at page 19, line 27 | |||
| the keymgmt-data attribute. The examples in Section 4 use MIKEY, | the keymgmt-data attribute. The examples in Section 4 use MIKEY, | |||
| where the semantic of the exchange is also briefly explained. | where the semantic of the exchange is also briefly explained. | |||
| The key management protocol identifier (KMID) to be used as the | The key management protocol identifier (KMID) to be used as the | |||
| protocol identifier SHALL be "mikey" and is registered at IANA, see | protocol identifier SHALL be "mikey" and is registered at IANA, see | |||
| in detail Section 8. | in detail Section 8. | |||
| The information that the key management needs from SDP and RTSP, and | The information that the key management needs from SDP and RTSP, and | |||
| vice versa, follows Section 3. To avoid bidding-down attacks, the | vice versa, follows Section 3. To avoid bidding-down attacks, the | |||
| directives in Section 3.1.4 are followed. The list of protocol | directives in Section 3.1.4 are followed. The list of protocol | |||
| identifiers is authenticated within MIKEY by placing such list in a | identifiers is authenticated within MIKEY by placing the list in a | |||
| General Extension Payload (of type "SDP IDs", [MIKEY]), which then | General Extension Payload (of type "SDP IDs", [MIKEY]), which then | |||
| automatically will be integrity protected/signed. The receiver SHALL | automatically will be integrity protected/signed. The receiver SHALL | |||
| then match the list in the General Extension Payload with the list | then match the list in the General Extension Payload with the list | |||
| included in SDP and SHOULD (according to policy) if they differ, or | included in SDP and SHOULD (according to policy) if they differ, or | |||
| if integrity/signature verification fails, reject the offer. | if integrity/signature verification fails, reject the offer. | |||
| To signal the MIKEY identity of the client to the server in the | The server will need to be able to know the identity of the Client | |||
| DESCRIBE, it is RECOMMENDED to include the From header field in RTSP. | before creating and sending a MIKEY message. To signal the (MIKEY) | |||
| identity of the client to the server in the DESCRIBE, it is | ||||
| RECOMMENDED to include the From header field in RTSP. Other methods | ||||
| to establish the identity could be using the IP address or retrieving | ||||
| the identity from the RTSP authentication if used. | ||||
| 6.1 MIKEY Interface | 6.1 MIKEY Interface | |||
| This subsection describes some aspects, which implementers SHOULD | This subsection describes some aspects, which implementers SHOULD | |||
| consider. If the MIKEY implementation is separate from the | consider. If the MIKEY implementation is separate from the | |||
| SDP/SIP/RTSP, an application programming interface (API) between | SDP/SIP/RTSP, an application programming interface (API) between | |||
| MIKEY and those protocols is needed with certain functionality | MIKEY and those protocols is needed with certain functionality | |||
| (however, exactly what it looks like is implementation dependent). | (however, exactly what it looks like is implementation dependent). | |||
| Implementers of MIKEY are RECOMMENDED to consider providing at least | Implementers of MIKEY are RECOMMENDED to consider providing at least | |||
| skipping to change at page 19, line 49 | skipping to change at page 20, line 12 | |||
| * the possibility for MIKEY to receive information about the sessions | * the possibility for MIKEY to receive information about the sessions | |||
| negotiated. This is to some extent implementation dependent. But | negotiated. This is to some extent implementation dependent. But | |||
| it is RECOMMENDED that, in the case of SRTP streams, the number of | it is RECOMMENDED that, in the case of SRTP streams, the number of | |||
| SRTP streams is included (and the direction of these). It is also | SRTP streams is included (and the direction of these). It is also | |||
| RECOMMENDED to provide the destination addresses and ports to | RECOMMENDED to provide the destination addresses and ports to | |||
| MIKEY. When referring to streams described in SDP, MIKEY allocated | MIKEY. When referring to streams described in SDP, MIKEY allocated | |||
| two consecutive numbers for the related Crypto Session indexes (as | two consecutive numbers for the related Crypto Session indexes (as | |||
| each stream can be bi-directional). An example: if the SDP | each stream can be bi-directional). An example: if the SDP | |||
| contains two m lines (specifying whatever direction of the | contains two m lines (specifying whatever direction of the | |||
| streams), and MIKEY is at the session level, then MIKEY allocates | streams), and MIKEY is at the session level, then MIKEY allocates | |||
| e.g. the CS IDs '1' and '2' for the first m line, and '3' and '4' | e.g. the Crypto Sessions Identifiers (CS IDs, see [MIKEY)] '1' and | |||
| for the second m line. | '2' for the first m line, and '3' and '4' for the second m line. | |||
| * the possibility for MIKEY to receive incoming MIKEY messages and | * the possibility for MIKEY to receive incoming MIKEY messages and | |||
| return a status code from/to the SIP/RTSP application. | return a status code from/to the SIP/RTSP application. | |||
| * the possibility for the SIP or RTSP applications to receive | * the possibility for the SIP or RTSP applications to receive | |||
| information from MIKEY. This would typically include the receiving | information from MIKEY. This would typically include the receiving | |||
| of the CSB ID (to later be able to identify the active MIKEY | of the Crypto Session Bundle Identifier (CSB ID, see [MIKEY], to | |||
| session), and the SSRCs and the ROC for SRTP usage. It is also | later be able to identify the active MIKEY session), and the SSRCs | |||
| RECOMMENDED that extra information about errors can be received. | and the rollover counter (ROC, see [SRTP]) for SRTP usage. It is | |||
| also RECOMMENDED that extra information about errors can be | ||||
| received. | ||||
| * the possibility for the SIP or RTSP application to receive outgoing | * the possibility for the SIP or RTSP application to receive outgoing | |||
| MIKEY messages. | MIKEY messages. | |||
| * the possibility to tear down a MIKEY CSB (e.g. if the SIP session | * the possibility to tear down a MIKEY CSB (e.g. if the SIP session | |||
| is closed, the CSB SHOULD also be closed). | is closed, the CSB SHOULD also be closed). | |||
| 7. Security Considerations | 7. Security Considerations | |||
| The framework for transfer of key management data as described here | The framework for transfer of key management data as described here | |||
| skipping to change at page 22, line 39 | skipping to change at page 22, line 53 | |||
| Contact: Fredrik Lindholm | Contact: Fredrik Lindholm | |||
| mailto: fredrik.lindholm@ericsson.com | mailto: fredrik.lindholm@ericsson.com | |||
| tel: +46 8 58531705 | tel: +46 8 58531705 | |||
| Value name: mikey | Value name: mikey | |||
| Long name: Multimedia Internet KEYing | Long name: Multimedia Internet KEYing | |||
| Purpose: Usage of MIKEY with the key-mgmt-att-field | Purpose: Usage of MIKEY with the key-mgmt-att-field | |||
| attribute and the keymgmt RTSP header | attribute and the keymgmt RTSP header | |||
| Reference: Section 7 in RFC yyyy | Reference: Section 7 in RFC yyyy | |||
| Note that this registration will imply that the protocol identifier, | Note that this registration implies that the protocol identifier, | |||
| KMID, name space will be shared between SDP and RTSP. | KMID, name space will be shared between SDP and RTSP. | |||
| Further values may be registered according to the "Specification | Further values may be registered according to the "Specification | |||
| Required" policy as defined in [RFC2434]. Each new registration needs | Required" policy as defined in [RFC2434]. Each new registration needs | |||
| to indicate the parameter name, and register it within IANA. Note | to indicate the parameter name, and register it within IANA. Note | |||
| that the parameter name is case sensitive and it is RECOMMENDED that | that the parameter name is case sensitive and it is RECOMMENDED that | |||
| the name to be in lower case letters. For each new registration, it | the name to be in lower case letters. For each new registration, it | |||
| is mandatory that a permanent, stable, and publicly accessible | is mandatory that a permanent, stable, and publicly accessible | |||
| document exists that specifies the semantics of the registered | document exists that specifies the semantics of the registered | |||
| parameter and the requested details of interaction between the key | parameter and the requested details of interaction between the key | |||
| management protocol and SDP, as specified in RFC xxxx. | management protocol and SDP, as specified in RFC xxxx. | |||
| The registration itself of new values should be sent to IANA. | New values MUST be register with IANA. Registrations SHALL include | |||
| Registrations SHALL include the following information: | the following information: | |||
| * Contact: the contact name and email address | * Contact: the contact name and email address | |||
| * Value name: the name of the value being registered (which MUST | * Value name: the name of the value being registered (which MUST | |||
| comply with the KMID as defined in Section 2) | comply with the KMID as defined in Section 2) | |||
| * Long Name: long-form name in English | * Long Name: long-form name in English | |||
| * Purpose: short explanation of the purpose of the registered name. | * Purpose: short explanation of the purpose of the registered name. | |||
| * Reference: a reference to the specification (e.g. RFC number) | * Reference: a reference to the specification (e.g. RFC number) | |||
| providing the usage guidelines in accordance to Section 5 (and | providing the usage guidelines in accordance to Section 5 (and | |||
| also complying to the specified requirements). | also complying to the specified requirements). | |||
| skipping to change at page 24, line 26 | skipping to change at page 24, line 35 | |||
| [RTSP] Schulzrinne, H., Rao, A., and Lanphier, R., "Real Time | [RTSP] Schulzrinne, H., Rao, A., and Lanphier, R., "Real Time | |||
| Streaming Protocol (RTSP)", IETF, RFC 2326. | Streaming Protocol (RTSP)", IETF, RFC 2326. | |||
| [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S. "Key words for use in RFCs to Indicate | |||
| Requirement Levels", IETF, RFC 2119. | Requirement Levels", IETF, RFC 2119. | |||
| [SDPnew] Handley, M., Jacobson, V., and Perkins, C., "SDP: Session | [SDPnew] Handley, M., Jacobson, V., and Perkins, C., "SDP: Session | |||
| Description Protocol", Internet Draft, IETF, draft-ietf-mmusic-sdp- | Description Protocol", Internet Draft, IETF, draft-ietf-mmusic-sdp- | |||
| new-15.txt. | new-15.txt. | |||
| [SIP] Handley, M., Schulzrinne, H., Schooler, E., and Rosenberg, J., | [SIP] Rosenberg et al., "SIP: Session Initiation Protocol", IETF, RFC | |||
| "SIP: Session Initiation Protocol", IETF, RFC 3261. | 3261. | |||
| [RFC2234] Crocker, D. and Overell, P., "Augmented BNF for Syntax | [RFC2234] Crocker, D. and Overell, P., "Augmented BNF for Syntax | |||
| Specifications: ABNF", RFC 2234, November 1997. | Specifications: ABNF", RFC 2234, November 1997. | |||
| [RFC2434] Narten, T. and Alvestrand, H., "Guidelines for Writing an | [RFC2434] Narten, T. and Alvestrand, H., "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", IETF, RFC 2434. | IANA Considerations Section in RFCs", IETF, RFC 2434. | |||
| [RFC3548] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC3548] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", IETF, RFC 3548. | Encodings", IETF, RFC 3548. | |||
| 11.2. Informative References | 11.2. Informative References | |||
| [E2M] Ono, K. and Tachimoto, S., "End-to-middle security in the | [E2M] Ono, K. and Tachimoto, S., "End-to-middle security in the | |||
| Session Initiation Protocol (SIP)", Internet Draft, IETF, draft-ono- | Session Initiation Protocol (SIP)", Internet Draft, IETF, draft-ono- | |||
| sipping-end2middle-security-00. | sipping-end2middle-security-01. | |||
| [KERB] Kohl, J., Neuman, C., "The Kerberos Network Authentication | [KERB] Kohl, J., Neuman, C., "The Kerberos Network Authentication | |||
| Service (V5)", IETF, RFC 1510. | Service (V5)", IETF, RFC 1510. | |||
| [SRTP] Baugher, M., Blom, R., Carrara, E., McGrew, D., Naslund, M, | [SRTP] Baugher, M., McGrew, D., Naslund, M., Carrara, E., Norrman, | |||
| Norrman, K., and Oran, D., "The Secure Real Time Transport Protocol", | K., "The Secure Real-time Transport Protocol", IETF, RFC 3711. | |||
| Internet Draft, IETF, <draft-ietf-avt-srtp-09.txt>. | ||||
| IPR Notices | ||||
| The IETF takes no position regarding the validity or scope of any | ||||
| intellectual property or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology described in | ||||
| this document or the extent to which any license under such rights | ||||
| might or might not be available; neither does it represent that it | ||||
| has made any effort to identify any such rights. Information on the | ||||
| IETF's procedures with respect to rights in standards-track and | ||||
| standards-related documentation can be found in BCP-11. Copies of | ||||
| claims of rights made available for publication and any assurances of | ||||
| licenses to be made available, or the result of an attempt made to | ||||
| obtain a general license or permission for the use of such | ||||
| proprietary rights by implementors or users of this specification can | ||||
| be obtained from the IETF Secretariat. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights which may cover technology that may be required to practice | ||||
| this standard. Please address the information to the IETF Executive | ||||
| Director. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2004). All Rights Reserved. | Copyright (C) The Internet Society (2004). This document is subject | |||
| to the rights, licenses and restrictions contained in BCP 78, and | ||||
| This document and translations of it may be copied and furnished to | except as set forth therein, the authors retain all their rights. | |||
| others, and derivative works that comment on or otherwise explain it | ||||
| or assist in its implementation may be prepared, copied, published | ||||
| and distributed, in whole or in part, without restriction of any | ||||
| kind, provided that the above copyright notice and this paragraph are | ||||
| included on all such copies and derivative works. However, this | ||||
| document itself may not be modified in any way, such as by removing | ||||
| the copyright notice or references to the Internet Society or other | ||||
| Internet organizations, except as needed for the purpose of | ||||
| developing Internet standards in which case the procedures for | ||||
| copyrights defined in the Internet Standards process must be | ||||
| followed, or as required to translate it into languages other than | ||||
| English. | ||||
| The limited permissions granted above are perpetual and will not be | Disclaimer of Validity | |||
| revoked by the Internet Society or its successors or assigns. | ||||
| This document and the information contained herein is provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| This Internet-Draft expires in August 2004. | This Internet-Draft expires in October 2004. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||