datatracker.ietf.org
Sign in
Version 5.6.3.p2, 2014-09-29
Report a bug

Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)
RFC 4572

Document type: RFC - Proposed Standard (July 2006; No errata)
Updates RFC 4145
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: WG Document
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4572 (Proposed Standard)
Responsible AD: Allison Mankin
Send notices to: jo@acm.org, csp@csperkins.org, jon.peterson@neustar.biz

Network Working Group                                          J. Lennox
Request for Comments: 4572                                   Columbia U.
Updates: 4145                                                  July 2006
Category: Standards Track

 Connection-Oriented Media Transport over the Transport Layer Security
        (TLS) Protocol in the Session Description Protocol (SDP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document specifies how to establish secure connection-oriented
   media transport sessions over the Transport Layer Security (TLS)
   protocol using the Session Description Protocol (SDP).  It defines a
   new SDP protocol identifier, 'TCP/TLS'.  It also defines the syntax
   and semantics for an SDP 'fingerprint' attribute that identifies the
   certificate that will be presented for the TLS session.  This
   mechanism allows media transport over TLS connections to be
   established securely, so long as the integrity of session
   descriptions is assured.

   This document extends and updates RFC 4145.

Lennox                      Standards Track                     [Page 1]
RFC 4572                Comedia over TLS in SDP                July 2006

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................4
   3. Overview ........................................................4
      3.1. SDP Operational Modes ......................................4
      3.2. Threat Model ...............................................5
      3.3. The Need for Self-Signed Certificates ......................5
      3.4. Example SDP Description for TLS Connection .................6
   4. Protocol Identifiers ............................................6
   5. Fingerprint Attribute ...........................................7
   6. Endpoint Identification .........................................9
      6.1. Certificate Choice .........................................9
      6.2. Certificate Presentation ..................................10
   7. Security Considerations ........................................10
   8. IANA Considerations ............................................12
   9. References .....................................................14
      9.1. Normative References ......................................14
      9.2. Informative References ....................................15

Lennox                      Standards Track                     [Page 2]
RFC 4572                Comedia over TLS in SDP                July 2006

1.  Introduction

   The Session Description Protocol (SDP) [1] provides a general-purpose
   format for describing multimedia sessions in announcements or
   invitations.  For many applications, it is desirable to establish, as
   part of a multimedia session, a media stream that uses a connection-
   oriented transport.  RFC 4145, Connection-Oriented Media Transport in
   the Session Description Protocol (SDP) [2], specifies a general
   mechanism for describing and establishing such connection-oriented
   streams; however, the only transport protocol it directly supports is
   TCP.  In many cases, session participants wish to provide
   confidentiality, data integrity, and authentication for their media
   sessions.  This document therefore extends the Connection-Oriented
   Media specification to allow session descriptions to describe media
   sessions that use the Transport Layer Security (TLS) protocol [3].

   The TLS protocol allows applications to communicate over a channel
   that provides confidentiality and data integrity.  The TLS
   specification, however, does not specify how specific protocols
   establish and use this secure channel; particularly, TLS leaves the
   question of how to interpret and validate authentication certificates
   as an issue for the protocols that run over TLS.  This document
   specifies such usage for the case of connection-oriented media
   transport.

   Complicating this issue, endpoints exchanging media will often be
   unable to obtain authentication certificates signed by a well-known
   root certification authority (CA).  Most certificate authorities
   charge for signed certificates, particularly host-based certificates;
   additionally, there is a substantial administrative overhead to

[include full document text]