INTERNET-DRAFT D. Yon Document: draft-ietf-mmusic-sdp-comedia-04.txt Dialout.Net Expires January 2003 July 2002 Connection-Oriented Media Transport in SDP <draft-ietf-mmusic-sdp-comedia-04.txt> Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at: http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at: http://www.ietf.org/shadow.html. Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document describes how to express media transport over connection-oriented protocols using the Session Description Protocol (SDP). It defines two new protocol identifiers: TCP and TLS. It also defines the syntax and semantics for an SDP "direction" attribute that describes the connection setup procedure. Yon 1 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 1 Introduction The Session Description Protocol [SDP] provides a general-purpose format for describing multimedia sessions in announcements or invitations. SDP uses an entirely textual data format (the US-ASCII subset of [UTF-8]) to maximize portability among transports. SDP does not define a protocol, but only the syntax to describe a multimedia session with sufficient information to discover and participate in that session. Session descriptions may be sent using arbitrary existing application protocols for transport (e.g., SAP, SIP, RTSP, email, HTTP, etc.). [SDP] describes two protocol identifiers: RTP/AVP and UDP, both of which are unreliable, connectionless protocols, an appropriate choice for multimedia streams. There are, however, applications for which the connection-oriented transports such as TCP are more appropriate, but [SDP] provides no way to describe a session that uses protocols other than RTP or UDP. Connection-oriented protocols introduce a new factor when describing a session: not only must it be possible to express that a protocol will be based on this protocol, but it must also describe the connection setup procedure. This memo defines two new protocol identifiers, TCP and TLS, along with the syntax and semantics of the a=direction and a=reconnect attributes. 2 Terminology In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 [7] and indicate requirement levels for compliant implementations. 3 Protocol Identifiers The m= line in [SDP] is where an endpoint specifies the protocol used for the media in the session. See the "Media Announcements" section of [SDP] for a discussion on protocol identifiers. 3.1 TCP The TCP protocol identifier is similar to the UDP protocol identifier in that it only describes the transport protocol without any connotation as to the upper-layer protocol. An m= line that specifies "TCP" MUST further qualify the protocol using a fmt identifier (see [SDP] Appendix B). 3.2 TLS The TLS protocol identifier specifies that the session will use the Transport Layer Security protocol [TLS] with an implied transport protocol of TCP. To describe a media session that uses TLS over TCP, the protocol identifier "TLS" must be specified in the m= line. Yon INTERNET-DRAFT - Expires January 2003 2 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 An m= line that specifies TLS MUST further qualify the protocol using a fmt identifier. 4 Direction Attribute An important attribute of connection-oriented protocols is the setup procedure. One endpoint needs to initiate the connection and the other endpoint needs to accept the connection. The direction attribute is used to describe these roles, and the syntax is as follows: a=direction:<role> [<source-address>] The <role> is one of the following: passive: The endpoint will accept an incoming connection. active: The endpoint will initiate an outgoing connection. both: The endpoint will both accept an incoming connection and will initiate an outgoing connection. The <source-address> is a sequence of values that describe the address and port number from where the connection will originate, and consists of the following values: nettype addrtype unicast-address [port] The <source-address> is an optional value that SHOULD be specified with direction:active or direction:both, and MUST NOT be specified with direction:passive. Within the <source-address>, the source port number is RECOMMENDED but may be omitted. 4.1 Semantics of direction:passive By specifying direction:passive, the endpoint indicates that the port number specified in the m= line is available to accept a connection from the other endpoint. The endpoint MUST NOT specify a <source-address> after direction:passive. 4.2 Semantics of direction:active By specifying direction:active, the endpoint indicates that it will initiate a connection to the port number on the m= line of the other endpoint. The port number on its own m= line is irrelevant, and the opposite endpoint MUST NOT attempt to initiate a connection to the port number specified there. Nevertheless, since the m= line must contain a valid port number, the endpoint specifying direction:active SHOULD specify a port number of 9 (the discard port) on its m= line. The endpoint MUST NOT specify a port number of zero, as that carries other semantics in [SDP]. Yon INTERNET-DRAFT - Expires January 2003 3 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 The endpoint SHOULD specify the address and port number from which it will initiate the connection in the <source-address> position on the a=direction line. The following SDP fragment shows an example of direction:active: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active IN IP4 10.1.1.1 1892 4.3 Semantics of direction:both By specifying direction:both, the endpoint indicates that it will both accept a TCP connection on the port number of its own m= line, and that it will also initiate a connection to the port number on the m= line of the other endpoint. As with direction:active, the endpoint SHOULD specify the address and port number from which it will initiate the connection in the <source-address> position on the a=direction line. Since this attribute describes behavior that is similar to connectionless media descriptions in [SDP], it is the default value for the direction attribute and is therefore optional. Endpoints may choose to specify direction:both for one or more of the following reasons: 1) The endpoint has no preference as to whether it accepts or initiates the connection, and therefore is offering the remote endpoint a choice of connection setup procedures. 2) The endpoints intend to use a single connection to transport the media, but it is not known whether firewall issues will prevent either endpoint from initiating or accepting the connection. Therefore both endpoints will attempt to initiate a connection in hopes that at least one will succeed. If one endpoint specifies either direction:active or direction:passive and the other specifies direction:both, both endpoints MUST behave as if the latter had specified the inverse direction of the former. For example, specifying direction:both when the other endpoint specifies direction:active SHALL cause both endpoints to behave as if the former had specified direction:passive. Conversely, specifying direction:both when the other endpoint specifies direction:passive SHALL cause both endpoints to behave as if the former had specified direction:active. If both endpoints specify direction:both then each endpoint MUST initiate a connection to the port number specified on the m= line of the opposite endpoint. There is one exception to this requirement: if an endpoint receives the incoming connection from the opposite endpoint prior to initiating its own outbound connection, then that Yon INTERNET-DRAFT - Expires January 2003 4 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 endpoint MAY use that connection rather than attempt to make an outbound connection to the opposite endpoint. If only one connection succeeds, then that connection will be used to carry the media. Once it has transmitted data on this connection, the initiating endpoint MUST NOT perform another connection attempt to the accepting endpoint. This allows the accepting endpoint to release or recycle the listening port for another session once it has received data from the initiating endpoint. If both connections succeed, the following rules SHALL apply: a) Each endpoint MUST accept data from either connection. b) Once an endpoint has transmitted data to one of the connections, it MUST use that connection exclusively for transmission. c) Once an endpoint has transmitted AND received data, if one of the connections is determined to be idle, the endpoint SHOULD close the idle connection. 4.4 Optimizing direction:both As discussed in the previous section, there is the possibility that two connections will be created when only one is needed. While rules in the previous section accommodate the closing of an idle connection, they do not prevent a race condition where the endpoints simultaneously start sending data on opposite connections thereby causing two connections to be used where one would have sufficed. While it is not possible to entirely eliminate this race condition, it is in the endpoints' interest to minimize its occurrence. Therefore, when a session is negotiated through interactive exchange of SDP between endpoints (as in the case of SIP) AND the result of the negotiation is that each endpoint specifies direction:both, it is RECOMMENDED that the endpoints use the following guidelines: a) There comes a point during the exchange of SDP where one endpoint is prepared to send the final message that will complete the negotiation and allow the session to begin. For the purposes of this discussion, the endpoint that will send this final message will be called the Initiator, and the endpoint that will receive this message will be called the Acceptor. b) The Initiator, upon receiving sufficient information to initiate a connection, MUST attempt to connect to the Acceptor as soon as possible. c) In order to lower the likelihood that the Acceptor will also attempt to initiate a connection, the Initiator SHOULD incorporate a short delay between initiating the connection and sending the final SDP to the Acceptor. Yon INTERNET-DRAFT - Expires January 2003 5 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 d) The delay time chosen by the Initiator MUST NOT introduce an unacceptable session setup delay should the connection to the Acceptor not succeed. 4.5 Bidirectional versus Unidirectional Media In traditional SDP transport types the flow is unidirectional. If the intent is for media to flow in both directions, both endpoints must specify SDP that describes where to deliver the media and what media type(s) to use. For example, if only Endpoint A presents SDP then media can only flow towards Endpoint A, as Endpoint B has not specified where and how to send media to it. Because most connection-oriented media is inherently bi-directional, endpoints may encounter a situation where only one side presented SDP yet there is now a network path that can carry media in either direction. In keeping with traditional SDP semantics, an endpoint MUST NOT send data to the other endpoint unless it has specified SDP information describing the type of media it can accept. It is, however, perfectly acceptable for an endpoint to transmit data on the same connection it is using to receive data, so long as the other endpoint has advertised its willingness to accept data. Likewise, it is perfectly acceptable for an endpoint to receive data on the same connection it is using to transmit data to the corresponding remote endpoint. In other words, for a bi-directional application-level session, a connection may be used to send data in both directions (contingent to rules outlined in Section 2.3) as long as one side of the connection is attached to either of the advertised SDP transport addresses. 4.6 Treating UDP and RTP/AVP like Connection Oriented Media Endpoints MAY specify a direction attribute for UDP or RTP/AVP media. This indicates that the endpoint would like to treat this media as a type of connection-oriented media. (The endpoint may do this to facilitate NAT traversal for example.) Note that for backwards compatibility, an endpoint which can specify direction:active MUST include valid addresses and ports in the SDP as always. If the peer's SDP does not include a direction attribute, it knows that the peer does not support connection- oriented media, and media exchange will proceed normally, as if connection-oriented media were not offered. Endpoints that specify direction:passive MUST NOT send any media, any packets whatsoever (including control packets such as RTCP), from their passive ports until they receive a packet on these ports and record the source address and port of the sender. The passive endpoint then assumes that the first packet received corresponds to its active peer. From this point onward, passive endpoints MUST send UDP or RTP media from the same port as the port indicated in the m= line. Passive endpoints MUST send RTCP media (if any) from Yon INTERNET-DRAFT - Expires January 2003 6 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 the port on which they expect to receive it (typically the RTP port number plus 1). Endpoints that specify direction:active MUST be prepared to receive on the ports from which they send. Once they learn the IP address and port of their peer from the peer's SDP, they SHOULD immediately send some kind of media (even if just comfort noise) to each of these ports. This is so the peer can learn their IP address and port, in order to send media back without additional delay. Effectively, the exchange of the first media packet completes a bi- directional handshake between the active and passive peer. 5 Reconnect Attribute The preceding description of the a=direction attribute has been in the context of using SDP to initiate a session. However, SDP may be exchanged between endpoints at various stages of a session to accomplish tasks such as terminating a session, redirecting media to a new endpoint, renegotiating the media parameters for a session, etc. After the initial session has been established, it may be ambiguous as to whether subsequent SDP exchange represents a confirmation that the endpoint is to continue using the current media connection unchanged, or is a request to make a new media connection. The reconnect attribute is used to disambiguate these two scenarios, and the syntax is as follows: a=reconnect SDP containing a=reconnect signals that the specified session does NOT refer to an existing connection between the two endpoints. If the endpoints agree to continue the session, the endpoints MUST close the existing connection for the currently negotiated session, and MUST create a new connection according to the a=direction attribute in the SDP. If an endpoint receives SDP that contains a=reconnect, the endpoint's response MUST also contain a=reconnect. Endpoints MUST NOT include a=reconnect in SDP that negotiates the start of a session. See section 6, "Connection and Listener Lifetime Considerations" for more information on scenarios that are relevant to the a=reconnect attribute. 6 Source-Address Considerations In the cases where the endpoint is initiating the connection, the endpoint SHOULD specify a source address on the a=direction line. In addition, the endpoint SHOULD include the source port in the source address. In most environments, the source port number can be determined by binding the socket before initiating the connect, as shown in the sample C code below: { SOCKET s_id SOCKADDR_IN cli_sin; Yon INTERNET-DRAFT - Expires January 2003 7 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 int namelen; // Create the socket s_id = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); // Bind the socket to any IP address and port bzero((char *)&cli_sin,sizeof(cli_sin)); cli_sin.sin_family = AF_INET; cli_sin.sin_addr.s_addr = htonl(INADDR_ANY); cli_sin.sin_port = 0; bind(s_id,(SOCKADDR *)&cli_sin,sizeof(cli_sin)); // Find the port number that was bound namelen = sizeof(cli_sin); getsockname(s_id,(SOCKADDR *)&cli_sin,&namelen); // Print the port number printf("Source Port = %d\n",ntohs(cli_sin.sin_port)); } If the source address is omitted, the receiver of the SDP packet MUST NOT make any assumptions in regards to the address or port from where the connection will originate. In particular, the receiver MUST NOT assume that the address information listed on the c= line has any implication as to where the media connection originates. NOTE: The motivation for specifying the source address is twofold. First, it aids Application-Level Proxies (ALP) by explicitly announcing the source of the outbound connection. This allows, for example, a dynamic firewall pinhole to be created that will allow the connection to pass. Or as another example, an ALP integrated with a Network Address Translation (NAT) gateway could create a dynamic address/port binding and rewrite the SDP accordingly. Second, it allows the passive endpoint to correlate the incoming connection with the session being negotiated. Note that great care must be taken when using the source address as a means to identify incoming connections, as NAT can render the source address unreliable. In addition if the originating endpoint omits the source port, the source address can be ambiguous if multiple, logical endpoints share the same network address. Therefore it is NOT RECOMMENDED that the source address be used for this purpose unless the SDP occurs in the context of a controlled network topology that guarantees that the source address is both correct (i.e., no NAT, or a NAT with an Application-Level Proxy that rewrites the SDP) and unambiguous (i.e., the source port is specified). Yon INTERNET-DRAFT - Expires January 2003 8 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 6.1 Source Address Timing Considerations When used in conjunction with a session signaling protocol such as SIP, there may be cases where an endpoint initiates a connection prior to the opposite endpoint receiving the SDP that describe the source address of the initiating endpoint. Therefore, an endpoint that has advertised an address and port number with direction:both or direction:passive MUST be ready to accept a connection on that address and port immediately. If the accepting endpoint requires the source address to identify the initiating endpoint, it MUST keep the connection active and allow sufficient time for the source address to arrive before discarding the connection. 7 Connection and Listener Lifetime Considerations 7.1 Listener Lifetime An endpoint that has specified direction:both or direction:passive MUST be ready to accept a connection on the appropriate address and port during the time slot(s) advertised for that session. The endpoint MUST keep the address and port available for incoming connections until either: a) The time window for the session has expired, or b) The endpoint has received the expected number of incoming connections on that address and port, or c) Subsequent exchanges have superceded the SDP that originally advertised the availability of the address and port. Once the endpoint has determined that a listener is no longer needed on a specific address and port, it SHOULD terminate the listener. The endpoint is then free to re-use the address and port for subsequent session advertisements. 7.2 Connection Lifetime An endpoint that intends to initiate the connection MUST initiate the connection immediately after it has sufficient information to do so, even if it does not intend to immediately begin sending media to the remote endpoint. This allows media to flow from the remote endpoint. An endpoint MUST NOT close the connection until the session has expired, been explicitly terminated, or the media stream is redirected to a different address or port. If the endpoint determines that the connection has been closed, it MAY attempt to re-establish the connection. The decision to do so is application and/or context dependant. If the endpoint opts to re-establish the connection, it MUST NOT assume that the original address and port advertised by the remote endpoint is still valid. Yon INTERNET-DRAFT - Expires January 2003 9 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 Instead, the endpoint MUST renegotiate the session parameters by exchanging new SDP. 7.3 Session Renegotiation and Connection Lifetime There are scenarios where SDP is sent by an endpoint in order to renegotiate an existing session. These include muting/unmuting a session, renegotiating the attributes of the media used by the session, or extending the length of a session about to expire. Connection-oriented media introduces some ambiguities into session renegotiation as to when the direction attribute must be obeyed and when it is ignored. The scenario of extending the duration of an existing session is a good example: in order to extend an existing session, endpoints will typically resend the original SDP with updated time information. In connectionless media the result is no change to the existing media streams. The problem with connection oriented media is that the original SDP will contain a direction attribute which can be construed as a request to create a new connection, as opposed to a request to maintain steady state. To avoid this ambiguity, the following rule SHALL apply to subsequent exchanges of SDP: If the transport section (the c= and m= lines) combined with the direction attribute of an SDP message describes an existing connection between two endpoints, AND the SDP does not contain a=reconnect, then the endpoints MUST use that connection to carry the media described in the remainder of the message. The endpoints MUST NOT attempt to set up a new connection, regardless of what is specified in the direction attribute. This disambiguates most session renegotiation scenarios, with the exception of muting. Muting a media stream is accomplished by sending the original session SDP but with an "a=inactive" or "a=sendonly/recvonly" attribute. This is still valid for connection oriented media, with the additional caveat that the endpoints MUST NOT close the connection described by that SDP. 8 Examples What follows are a number of examples that show the most common usage of the direction attribute combined with TCP-based media descriptions. For the purpose of brevity, the main portion of the session description is omitted in the examples and is assumed to be the following: v=0 o=me 2890844526 2890842807 IN IP4 10.1.1.2 s=Call me using TCP t=3034423619 3042462419 Yon INTERNET-DRAFT - Expires January 2003 10 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 8.1 Example: simple passive/active An endpoint at 10.1.1.2 signals the availability of a T.38 fax session at port 54111: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:passive An endpoint at 10.1.1.1 receiving this description responds with the following: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active The endpoint at 10.1.1.1 then initiates the TCP connection to port 54111 at 10.1.1.2. Note that the TCP connection may originate from any address or port. The endpoint at 10.1.1.1 could have optionally committed to a source address with a simple modification: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active IN IP4 10.1.1.1 1892 By adding the source address to the a=direction line, the endpoint at 10.1.1.1 must now use a source port of 1892 when initiating the TCP connection to port 54111 at 10.1.1.2. 8.2 Example: simple passive/active with reconnect Continuing the preceding example, consider the scenario where the TCP connection fails and the endpoints wish to reestablish the connection for the session. The endpoint at 10.1.1.2 signals this intent with the following SDP: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:passive a=reconnect The a=reconnect attribute informs the endpoint at 10.1.1.1 that this SDP represents the intent to establish a new connection for media transport, rather than continuing with the original connection. Because the endpoint at 10.1.1.1 may not yet be aware that the TCP connection has failed, this eliminates any ambiguity. If 10.1.1.1 agrees to continue the session using a new connection, it responds with: c=IN IP4 10.1.1.1 m=image 9 TCP t38 a=direction:active IN IP4 10.1.1.1 1893 a=reconnect Yon INTERNET-DRAFT - Expires January 2003 11 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 Note that the source port is different in this message, since the OS will have likely chosen a new ephemeral port number for the new connection. 8.3 Example: agnostic both An endpoint at 10.1.1.2 signals the availability of a T.38 fax session at TCP port 54111, but is also willing to set up the media stream by initiating the TCP connection: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:both The endpoint at 10.1.1.1 has three choices: 1) It can respond with either of the two direction:active descriptions listed in the previous example. In this case the endpoint at 10.1.1.1 must initiate a connection to port 54111 at 10.1.1.2. 2) It can respond with a description similar to the following: c=IN IP4 10.1.1.1 m=image 54321 TCP t38 a=direction:passive In this case the endpoint at 10.1.1.2 must initiate a connection to port 54321 at 10.1.1.1. 3) It can respond with a description that specifies direction:both, which is covered in the next example. 8.4 Example: redundant both An endpoint at 10.1.1.2 uses the same description as the previous example: c=IN IP4 10.1.1.2 m=image 54111 TCP t38 a=direction:both Unlike the previous example, the endpoint at 10.1.1.1 responds with the following description: c=IN IP4 10.1.1.1 m=image 54321 TCP t38 a=direction:both This will cause the endpoint at 10.1.1.2 to initiate a connection to port 54321 at 10.1.1.1, and the endpoint at 10.1.1.1 to initiate a connection to port 54111 at 10.1.1.2. Whichever TCP connection succeeds will be used. If both succeed, one of the connections may be closed as an optimization, using the rules in section 3.3. Yon INTERNET-DRAFT - Expires January 2003 12 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 In order to minimize the chance that two connections are created, the endpoint at 10.1.1.1 may opt to use the recommendation in section 3.4, which would result in events occurring in the following sequence: 1) The endpoint at 10.1.1.2 sends SDP as listed above. The endpoint MUST enable a listener on port 54111 at this time, but is not able to initiate a TCP connection due to the fact that it does not have sufficient information from the endpoint at 10.1.1.1. 2) The endpoint at 10.1.1.1, upon receiving the SDP, immediately initiates a TCP connection to 10.1.1.2:54111. 3) In order to minimize the chance of a duplicate connection, the endpoint at 10.1.1.1 pauses for a short time to allow the endpoint at 10.1.1.2 to receive the TCP connection initiation. 4) After the short pause, the endpoint at 10.1.1.1 sends the SDP response as listed above. The pause in #3 gives the first TCP connection attempt a chance to succeed, since withholding the SDP response deprives the endpoint at 10.1.1.2 of the information it needs to attempt its own TCP connection. 8.5 Example: "Bidirectional" RTP and RTCP An endpoint at 10.1.1.2 is behind a NAT and does not know its own public address. c=IN IP4 10.1.1.2 m=audio 9 RTP/AVP 0 a=direction:active A peer with a public IP address responds as follows and waits to receive RTP and RTCP packets from its active peer. c=IN IP4 1.2.3.4 m=audio 18240 RTP/AVP 0 a=direction:passive The endpoint at 10.1.1.2 immediately sends RTP from port 9012 to 1.2.3.4 port 18240. A NAT translates the source address to 5.6.7.8 port 1542. The passive endpoint receives this RTP packet and stores this source address. When the passive endpoint wants to send RTP media it sends it back to 5.6.7.8 port 1542. The NAT translates this destination address back to 10.1.1.2 port 9012 and delivers it to the active endpoint. Likewise the endpoint at 10.1.1.2 immediately sends RTCP from port 9013 to 1.2.3.4:18241. The NAT translates this to 5.6.7.8:1984. The passive endpoint receives the RTCP packet and stores the source Yon INTERNET-DRAFT - Expires January 2003 13 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 address. The passive endpoint sends its RTCP to 5.6.7.8:1984 which is translated back to 10.1.1.2:9013 and delivered to the active endpoint. 9 Security Considerations See [SDP] for security and other considerations specific to the Session Description Protocol in general. A possible security concern arises if a firewall were to monitor and act on the source address as described in the note in Section 4. Firewall implementers must take care to ensure that the SDP came from a trusted source before deciding whether to change the network traffic restrictions currently imposed by the firewall. 10 IANA Considerations As recommended by [SDP] Appendix B, the direction and reconnect attributes described in this document should be registered with IANA, as should the "TCP" and "TLS" protocol identifiers. Acknowledgements The author would like to thank Jonathan Rosenberg, Rohan Mahy, Anders Kristensen, Jeorg Ott, Paul Kyzivat, and Robert Fairlie- Cuninghame for their valuable insights and contributions. Yon INTERNET-DRAFT - Expires January 2003 14 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 Appendix A: Direction Attribute Syntax This appendix provides an Augmented BNF [ABNF] grammar for expressing the direction attribute for connection setup. It is intended as an extension to the grammar for the Session Description Protocol, as defined in [SDP]. Specifically, it describes the syntax for the new "connection-setup" attribute field, which MAY be either a session-level or media-level attribute. connection-setup = "direction" ":" direction-spec direction-spec = "passive" / qualified-direction qualified-direction = direction-ident / direction-ident source direction-ident = "both" / "active" / "passive" source = nettype addrtype unicast-address / nettype addrtype unicast-address port reconnect-attribute = "reconnect" References [ABNF] D. Crocker, P. Overell, "Augmented BNF for Syntax Specifications: ABNF," RFC 2234, November 1997 [SDP] M. Handley, V. Jacobson, "SDP: Session Description Protocol," RFC 2327, April 1998 [T38] International Telecommunication Union, "Procedures for Real-Time Group 3 Facsimile Communications over IP Networks," Recommendation T.38, June 1998 [TLS] T. Dierks, C. Allen, "The TLS Protocol," RFC 2246, January 1999 [UTF-8] F. Yergeau, "UTF-8, a transformation format of Unicode and ISO 10646," RFC 2044, October 1996 Author's Address David Yon Dialout.Net, Inc. One Indian Head Plaza Nashua, NH 03060 Phone: (603) 324-4100 EMail: yon@dialout.net Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. Yon INTERNET-DRAFT - Expires January 2003 15 INTERNET-DRAFT Connection-Oriented Media in SDP July 2002 This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Yon INTERNET-DRAFT - Expires January 2003 16