draft-ietf-xcon-bfcp-connection-05.txt   rfc5018.txt 
XCON Working Group G. Camarillo Network Working Group G. Camarillo
Internet-Draft Ericsson Request for Comments: 5018 Ericsson
Expires: January 6, 2008 July 5, 2007 Category: Standards Track September 2007
Connection Establishment in the Binary Floor Control Protocol (BFCP) Connection Establishment in the Binary Floor Control Protocol (BFCP)
draft-ietf-xcon-bfcp-connection-05.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Status of This Memo
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 6, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007). This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract Abstract
This document specifies how a Binary Floor Control Protocol (BFCP) This document specifies how a Binary Floor Control Protocol (BFCP)
client establishes a connection to a BFCP floor control server client establishes a connection to a BFCP floor control server
outside the context of an offer/answer exchange. Client and server outside the context of an offer/answer exchange. Client and server
authentication are based on Transport Layer Security (TLS). authentication are based on Transport Layer Security (TLS).
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. TCP Connection Establishment . . . . . . . . . . . . . . . . . 3 3. TCP Connection Establishment . . . . . . . . . . . . . . . . . 2
4. TLS Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. TLS Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Authentication . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. Certificate-based Server Authentication . . . . . . . . . 5 5.1. Certificate-Based Server Authentication . . . . . . . . . . 4
5.2. Client Authentication based on a Pre-shared Secret . . . . 6 5.2. Client Authentication Based on a Pre-Shared Secret . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . . . 10
1. Introduction 1. Introduction
As discussed in the BFCP (Binary Floor Control Protocol) As discussed in the BFCP (Binary Floor Control Protocol)
specification [RFC4582], a given BFCP client needs a set of data in specification [RFC4582], a given BFCP client needs a set of data in
order to establish a BFCP connection to a floor control server. order to establish a BFCP connection to a floor control server.
These data include the transport address of the server, the These data include the transport address of the server, the
conference identifier, and the user identifier. conference identifier, and the user identifier.
Once a client obtains this information, it needs to establish a BFCP Once a client obtains this information, it needs to establish a BFCP
skipping to change at page 4, line 16 skipping to change at page 3, line 14
If the client is provided with the floor control server's host name If the client is provided with the floor control server's host name
instead of with its IP address, the client MUST perform a DNS lookup instead of with its IP address, the client MUST perform a DNS lookup
in order to resolve the host name into an IP address. Clients in order to resolve the host name into an IP address. Clients
eventually perform an A or AAAA DNS lookup (or both) on the host eventually perform an A or AAAA DNS lookup (or both) on the host
name. name.
In order to translate the target to the corresponding set of IP In order to translate the target to the corresponding set of IP
addresses, IPv6-only or dual-stack clients MUST use name resolution addresses, IPv6-only or dual-stack clients MUST use name resolution
functions that implement the Source and Destination Address Selection functions that implement the Source and Destination Address Selection
algorithms specified in [RFC3484] (on many hosts that support IPv6, algorithms specified in [RFC3484]. (On many hosts that support IPv6,
APIs like getaddrinfo() provide this functionality and subsume APIs like getaddrinfo() provide this functionality and subsume
existing APIs like gethostbyname().) existing APIs like gethostbyname().)
The advantage of the additional complexity is that this technique The advantage of the additional complexity is that this technique
will output an ordered list of IPv6/IPv4 destination addresses based will output an ordered list of IPv6/IPv4 destination addresses based
on the relative merits of the corresponding source/destination pairs. on the relative merits of the corresponding source/destination pairs.
This will result in the selection of a preferred destination address. This will result in the selection of a preferred destination address.
However, the Source and Destination Selection algorithms of [RFC3484] However, the Source and Destination Selection algorithms of [RFC3484]
are dependent on broad operating system support and uniform are dependent on broad operating system support and uniform
implementation of the application programming interfaces that implementation of the application programming interfaces that
implement this behavior. implement this behavior.
Developers should carefully consider the issues described by Roy Developers should carefully consider the issues described by Roy
et al. [I-D.ietf-v6ops-onlinkassumption] with respect to address et al. [RFC4943] with respect to address resolution delays and
resolution delays and address selection rules. For example, address selection rules. For example, implementations of
implementations of getaddrinfo() may return address lists getaddrinfo() may return address lists containing IPv6 global
containing IPv6 global addresses at the top of the list and IPv4 addresses at the top of the list and IPv4 addresses at the bottom,
addresses at the bottom, even when the host is only configured even when the host is only configured with an IPv6 local scope
with an IPv6 local scope (e.g., link- local) and an IPv4 address. (e.g., link-local) and an IPv4 address. This will, of course,
This will, of course, introduce a delay in completing the introduce a delay in completing the connection.
connection.
The BFCP specification [RFC4582] describes a number of situations The BFCP specification [RFC4582] describes a number of situations
when the TCP connection between a client and the floor control server when the TCP connection between a client and the floor control server
needs to be reestablished. However, that specification does not needs to be reestablished. However, that specification does not
describe the reestablishment process because this process depends on describe the reestablishment process because this process depends on
how the connection was established in the first place. how the connection was established in the first place.
When the existing TCP connection is closed following the rules in When the existing TCP connection is closed following the rules in
[RFC4582], the client SHOULD reestablish the connection towards the [RFC4582], the client SHOULD reestablish the connection towards the
floor control server. If a TCP connection cannot deliver a BFCP floor control server. If a TCP connection cannot deliver a BFCP
skipping to change at page 5, line 21 skipping to change at page 4, line 21
A floor control server that receives a BFCP message over TCP (no TLS) A floor control server that receives a BFCP message over TCP (no TLS)
SHOULD request the use of TLS by generating an Error message with an SHOULD request the use of TLS by generating an Error message with an
Error code with a value of 9 (Use TLS). Error code with a value of 9 (Use TLS).
5. Authentication 5. Authentication
BFCP supports client authentication based on pre-shared secrets and BFCP supports client authentication based on pre-shared secrets and
server authentication based on server certificates. server authentication based on server certificates.
5.1. Certificate-based Server Authentication 5.1. Certificate-Based Server Authentication
At TLS connection establishment, the floor control server MUST At TLS connection establishment, the floor control server MUST
present its certificate to the client. The certificate provided at present its certificate to the client. The certificate provided at
the TLS-level MUST either be directly signed by one of the other the TLS level MUST either be directly signed by one of the other
party's trust anchors or be validated using a certification path that party's trust anchors or be validated using a certification path that
terminates at one of the other party's trust anchors [RFC3280]. terminates at one of the other party's trust anchors [RFC3280].
A client establishing a connection to a server knows the server's A client establishing a connection to a server knows the server's
hostname or IP address. If the client knows the server's hostname, hostname or IP address. If the client knows the server's hostname,
the client MUST check it against the server's identity as presented the client MUST check it against the server's identity as presented
in the server's Certificate message, in order to prevent man-in-the- in the server's Certificate message, in order to prevent man-in-the-
middle attacks. middle attacks.
If a subjectAltName extension of type dNSName is present, that MUST If a subjectAltName extension of type dNSName is present, that MUST
skipping to change at page 6, line 9 skipping to change at page 5, line 11
any single domain name component or component fragment (e.g., *.a.com any single domain name component or component fragment (e.g., *.a.com
matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but
not bar.com). not bar.com).
If the client does not know the server's hostname and contacts the If the client does not know the server's hostname and contacts the
server directly using the server's IP address, the iPAddress server directly using the server's IP address, the iPAddress
subjectAltName must be present in the certificate and must exactly subjectAltName must be present in the certificate and must exactly
match the IP address known to the client. match the IP address known to the client.
If the hostname or IP address known to the client does not match the If the hostname or IP address known to the client does not match the
identity in the certificate, user oriented clients MUST either notify identity in the certificate, user-oriented clients MUST either notify
the user (clients MAY give the user the opportunity to continue with the user (clients MAY give the user the opportunity to continue with
the connection in any case) or terminate the connection with a bad the connection in any case) or terminate the connection with a bad
certificate error. Automated clients MUST log the error to an certificate error. Automated clients MUST log the error to an
appropriate audit log (if available) and SHOULD terminate the appropriate audit log (if available) and SHOULD terminate the
connection (with a bad certificate error). Automated clients MAY connection (with a bad certificate error). Automated clients MAY
provide a configuration setting that disables this check, but MUST provide a configuration setting that disables this check, but MUST
provide a setting which enables it. provide a setting that enables it.
5.2. Client Authentication based on a Pre-shared Secret 5.2. Client Authentication Based on a Pre-Shared Secret
Client authentication is based on a pre-shared secret between client Client authentication is based on a pre-shared secret between client
and server. Authentication is performed using PSK-TLS [RFC4279]. and server. Authentication is performed using PSK-TLS [RFC4279].
The BFCP specification mandates support for the The BFCP specification mandates support for the
TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite. Additionally, clients and TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite. Additionally, clients and
servers supporting this specification MUST support the servers supporting this specification MUST support the
TLS_RSA_PSK_WITH_AES_128_CBC_SHA ciphersuite as well. TLS_RSA_PSK_WITH_AES_128_CBC_SHA ciphersuite as well.
6. Security Considerations 6. Security Considerations
skipping to change at page 6, line 41 skipping to change at page 5, line 43
based on the use of TLS. Therefore, it is strongly RECOMMENDED that based on the use of TLS. Therefore, it is strongly RECOMMENDED that
TLS with non-null encryption is always used. Clients and floor TLS with non-null encryption is always used. Clients and floor
control servers MAY use other security mechanisms as long as they control servers MAY use other security mechanisms as long as they
provide similar security properties (i.e., replay and integrity provide similar security properties (i.e., replay and integrity
protection, confidentiality, and client and server authentication). protection, confidentiality, and client and server authentication).
TLS PSK simply relies on a pre-shared key without specifying the TLS PSK simply relies on a pre-shared key without specifying the
nature of the key. In practice, such keys have two sources: text nature of the key. In practice, such keys have two sources: text
passwords and randomly generated binary keys. When keys are derived passwords and randomly generated binary keys. When keys are derived
from passwords, TLS PSK mode is subject to offline dictionary from passwords, TLS PSK mode is subject to offline dictionary
attacks. In DHE and RSA modes, an attacker who can mount a single attacks. In DHE (Diffie-Hellman Exchange) and RSA modes, an attacker
man-in-the-middle attack on a client/server pair can then mount a who can mount a single man-in-the-middle attack on a client/server
dictionary attack on the password. In modes without DHE or RSA, an pair can then mount a dictionary attack on the password. In modes
attacker who can record communications between a client/server pair without DHE or RSA, an attacker who can record communications between
can mount a dictionary attack on the password. Accordingly, it is a client/server pair can mount a dictionary attack on the password.
RECOMMENDED that where possible clients use certificate-based server Accordingly, it is RECOMMENDED that, where possible, clients use
authentication ciphersuites with password-derived PSKs, in order to certificate-based server authentication ciphersuites with password-
defend against dictionary attacks. derived PSKs in order to defend against dictionary attacks.
In addition, passwords SHOULD be chosen with enough entropy to In addition, passwords SHOULD be chosen with enough entropy to
provide some protection against dictionary attacks. Because the provide some protection against dictionary attacks. Because the
entropy of text varies dramatically and is generally far less than entropy of text varies dramatically and is generally far less than
that of an equivalent random bitstring, no hard and fast rules about that of an equivalent random bitstring, no hard and fast rules about
password length are possible. However, in general passwords SHOULD password length are possible. However, in general passwords SHOULD
be chosen to be at least 8 characters and selected from a pool be chosen to be at least 8 characters and selected from a pool
containing both upper and lower case, numbers, and special keyboard containing both upper and lower case, numbers, and special keyboard
characters (note that an 8-character ASCII password has a maximum characters (note that an 8-character ASCII password has a maximum
entropy of 56 bits and in general far lower). FIPS PUB 112 [PUB112] entropy of 56 bits and in general far lower). FIPS PUB 112 [PUB112]
provides some guidance on the relevant issues. If possible, provides some guidance on the relevant issues. If possible,
passphrases are preferable to passwords. In addition, a cooperating passphrases are preferable to passwords. It is RECOMMENDED that
client and server pair MAY choose to derive the TLS PSK shared key implementations support, at minimum, 16-character passwords or
from the passphrase via a password-based key derivation function such passphrases. In addition, a cooperating client and server pair MAY
as PBKDF2 [RFC2898]. Because such key derivation functions may choose to derive the TLS PSK shared key from the passphrase via a
incorporate iteration functions for key strengthening they provide password-based key derivation function such as PBKDF2 [RFC2898].
some additional protection against dictionary attacks by increasing Because such key derivation functions may incorporate iteration
the amount of work that the attacker must perform. functions for key strengthening, they provide some additional
protection against dictionary attacks by increasing the amount of
work that the attacker must perform.
When the keys are randomly generated and of sufficient length, When the keys are randomly generated and of sufficient length,
dictionary attacks are not effective because such keys are highly dictionary attacks are not effective because such keys are highly
unlikely to be in the attacker's dictionary. Where possible, keys unlikely to be in the attacker's dictionary. Where possible, keys
SHOULD be generated using a strong random number generator as SHOULD be generated using a strong random number generator as
specified in [RFC4086]. A minimum key length of 80 bits SHOULD be specified in [RFC4086]. A minimum key length of 80 bits SHOULD be
used. used.
The remainder of this Section analyzes some of the threats against The remainder of this section analyzes some of the threats against
BFCP and how they are addressed. BFCP and how they are addressed.
An attacker may attempt to impersonate a client (a floor participant An attacker may attempt to impersonate a client (a floor participant
or a floor chair) in order to generate forged floor requests or to or a floor chair) in order to generate forged floor requests or to
grant or deny existing floor requests. Client impersonation is grant or deny existing floor requests. Client impersonation is
avoided by using TLS. The floor control server assumes that avoided by using TLS. The floor control server assumes that
attackers cannot hickjack TLS connections from authenticated clients. attackers cannot hijack TLS connections from authenticated clients.
An attacker may attempt to impersonate a floor control server. A An attacker may attempt to impersonate a floor control server. A
successful attacker would be able to make clients think that they successful attacker would be able to make clients think that they
hold a particular floor so that they would try to access a resource hold a particular floor so that they would try to access a resource
(e.g., sending media) without having legitimate rights to access it. (e.g., sending media) without having legitimate rights to access it.
Floor control server impersonation is avoided by having floor control Floor control server impersonation is avoided by having floor control
servers present their server certificates at TLS connection servers present their server certificates at TLS connection
establishment time. establishment time.
Attackers may attempt to modify messages exchanged by a client and a Attackers may attempt to modify messages exchanged by a client and a
floor control server. The integrity protection provided by TLS floor control server. The integrity protection provided by TLS
connections prevents this attack. connections prevents this attack.
Attackers may attempt to pick messages from the network to get access Attackers may attempt to pick messages from the network to get access
to confidential information between the floor control server and a to confidential information between the floor control server and a
client (e.g., why a floor request was denied). TLS confidentiality client (e.g., why a floor request was denied). TLS confidentiality
prevents this attack. Therefore, it is RECOMMENDED that TLS is used prevents this attack. Therefore, it is RECOMMENDED that TLS is used
with a non-null encryption algorithm. with a non-null encryption algorithm.
7. IANA Considerations 7. Acknowledgments
This specification does not contain any actions for the IANA.
8. Acknowledgments
Sam Hartman, David Black, Karim El Malki, and Vijay Gurbani provided Sam Hartman, David Black, Karim El Malki, and Vijay Gurbani provided
useful comments on this document. Eric Rescorla performed a detailed useful comments on this document. Eric Rescorla performed a detailed
security analysis of this document. security analysis of this document.
9. References 8. References
9.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264, with Session Description Protocol (SDP)", RFC 3264,
June 2002. June 2002.
[RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and X.509 Public Key Infrastructure Certificate and
skipping to change at page 9, line 15 skipping to change at page 8, line 12
[RFC4582] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor [RFC4582] Camarillo, G., Ott, J., and K. Drage, "The Binary Floor
Control Protocol (BFCP)", RFC 4582, November 2006. Control Protocol (BFCP)", RFC 4582, November 2006.
[RFC4583] Camarillo, G., "Session Description Protocol (SDP) Format [RFC4583] Camarillo, G., "Session Description Protocol (SDP) Format
for Binary Floor Control Protocol (BFCP) Streams", for Binary Floor Control Protocol (BFCP) Streams",
RFC 4583, November 2006. RFC 4583, November 2006.
[PUB112] National Institute of Standards and Technology (NIST), [PUB112] National Institute of Standards and Technology (NIST),
"Password Usage", FIPS PUB 112, May 1985. "Password Usage", FIPS PUB 112, May 1985.
9.2. Informative References 8.2. Informative References
[RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography [RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography
Specification Version 2.0", RFC 2898, September 2000. Specification Version 2.0", RFC 2898, September 2000.
[I-D.ietf-v6ops-onlinkassumption] [RFC4943] Roy, S., Durand, A., and J. Paugh, "IPv6 Neighbor
Roy, S., "IPv6 Neighbor Discovery On-Link Assumption Discovery On-Link Assumption Considered Harmful",
Considered Harmful", draft-ietf-v6ops-onlinkassumption-04 RFC 4943, September 2007.
(work in progress), January 2006.
Author's Address Author's Address
Gonzalo Camarillo Gonzalo Camarillo
Ericsson Ericsson
Hirsalantie 11 Hirsalantie 11
Jorvas 02420 Jorvas 02420
Finland Finland
Email: Gonzalo.Camarillo@ericsson.com EMail: Gonzalo.Camarillo@ericsson.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
skipping to change at page 10, line 44 skipping to change at line 383
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
 End of changes. 23 change blocks. 
90 lines changed or deleted 61 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/