From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc5027.txt | 899 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 899 insertions(+) create mode 100644 doc/rfc/rfc5027.txt (limited to 'doc/rfc/rfc5027.txt') diff --git a/doc/rfc/rfc5027.txt b/doc/rfc/rfc5027.txt new file mode 100644 index 0000000..0158991 --- /dev/null +++ b/doc/rfc/rfc5027.txt @@ -0,0 +1,899 @@ + + + + + + +Network Working Group F. Andreasen +Request for Comments: 5027 D. Wing +Updates: 3312 Cisco Systems +Category: Standards Track October 2007 + + + Security Preconditions for + Session Description Protocol (SDP) Media Streams + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Abstract + + This document defines a new security precondition for the Session + Description Protocol (SDP) precondition framework described in RFCs + 3312 and 4032. A security precondition can be used to delay session + establishment or modification until media stream security for a + secure media stream has been negotiated successfully. + +Table of Contents + + 1. Introduction ....................................................2 + 2. Notational Conventions ..........................................2 + 3. Security Precondition Definition ................................2 + 4. Examples ........................................................6 + 4.1. SDP Security Descriptions Example ..........................6 + 4.2. Key Management Extension for SDP Example ...................9 + 5. Security Considerations ........................................11 + 6. IANA Considerations ............................................13 + 7. Acknowledgements ...............................................13 + 8. Normative References ...........................................13 + 9. Informative References .........................................14 + + + + + + + + + + + + + +Andreasen & Wing Standards Track [Page 1] + +RFC 5027 Security Preconditions October 2007 + + +1. Introduction + + The concept of a Session Description Protocol (SDP) [RFC4566] + precondition is defined in [RFC3312] as updated by [RFC4032]. A + precondition is a condition that has to be satisfied for a given + media stream in order for session establishment or modification to + proceed. When a (mandatory) precondition is not met, session + progress is delayed until the precondition is satisfied or the + session establishment fails. For example, RFC 3312 defines the + Quality-of-Service precondition, which is used to ensure availability + of network resources prior to establishing (i.e., alerting) a call. + + Media streams can either be provided in cleartext and with no + integrity protection, or some kind of media security can be applied, + e.g., confidentiality and/or message integrity. For example, the + Audio/Video profile of the Real-Time Transfer Protocol (RTP) + [RFC3551] is normally used without any security services whereas the + Secure Real-time Transport Protocol (SRTP) [SRTP] is always used with + security services. When media stream security is being negotiated, + e.g., using the mechanism defined in SDP Security Descriptions + [SDESC], both the offerer and the answerer [RFC3264] need to know the + cryptographic parameters being used for the media stream; the offerer + may provide multiple choices for the cryptographic parameters, or the + cryptographic parameters selected by the answerer may differ from + those of the offerer (e.g., the key used in one direction versus the + other). In such cases, to avoid media clipping, the offerer needs to + receive the answer prior to receiving any media packets from the + answerer. This can be achieved by using a security precondition, + which ensures the successful negotiation of media stream security + parameters for a secure media stream prior to session establishment + or modification. + +2. Notational Conventions + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +3. Security Precondition Definition + + The semantics for a security precondition are that the relevant + cryptographic parameters (cipher, key, etc.) for a secure media + stream are known to have been negotiated in the direction(s) + required. If the security precondition is used with a non-secure + media stream, the security precondition is by definition satisfied. + A secure media stream is here defined as a media stream that uses + some kind of security service (e.g., message integrity, + + + + +Andreasen & Wing Standards Track [Page 2] + +RFC 5027 Security Preconditions October 2007 + + + confidentiality, or both), regardless of the cryptographic strength + of the mechanisms being used. + + As an extreme example of this, Secure RTP (SRTP) using the NULL + encryption algorithm and no message integrity would be considered + a secure media stream whereas use of plain RTP would not. Note + though, that Section 9.5 of [SRTP] discourages the use of SRTP + without message integrity. + + Security preconditions do not guarantee that an established media + stream will be secure. They merely guarantee that the recipient of + the media stream packets will be able to perform any relevant + decryption and integrity checking on those media stream packets. + Please refer to Section 5 for further security considerations. + + The security precondition type is defined by the string "sec" and + hence we modify the grammar found in RFC 3312 as follows: + + precondition-type = "sec" / "qos" / token + + RFC 3312 defines support for two kinds of status types, namely + segmented and end-to-end. The security precondition-type defined + here MUST be used with the end-to-end status type; use of the + segmented status type is undefined. + + A security precondition can use the strength-tag "mandatory", + "optional", or "none". + + When a security precondition with a strength-tag of "mandatory" is + received in an offer, session establishment or modification MUST be + delayed until the security precondition has been met, i.e., the + relevant cryptographic parameters (cipher, key, etc.) for a secure + media stream are known to have been negotiated in the direction(s) + required. When a mandatory security precondition is offered, and the + answerer cannot satisfy the security precondition (e.g., because the + offer was for a secure media stream, but it did not include the + necessary parameters to establish the secure media stream keying + material for example), the offered media stream MUST be rejected as + described in RFC 3312. + + The delay of session establishment defined here implies that alerting + of the called party MUST NOT occur and media for which security is + being negotiated MUST NOT be exchanged until the precondition has + been satisfied. In cases where secure media and other non-media data + is multiplexed on a media stream (e.g., when Interactive Connectivity + Establishment [ICE] is being used), the non-media data is allowed to + be exchanged prior to the security precondition being satisfied. + + + + +Andreasen & Wing Standards Track [Page 3] + +RFC 5027 Security Preconditions October 2007 + + + When a security precondition with a strength-tag of "optional" is + received in an offer, the answerer MUST generate its answer SDP as + soon as possible. Since session progress is not delayed in this + case, the answerer does not know when the offerer is able to process + secure media stream packets and hence clipping may occur. If the + answerer wants to avoid clipping and delay session progress until he + knows the offerer has received the answer, the answerer MUST increase + the strength of the security precondition by using a strength-tag of + "mandatory" in the answer. Note that use of a mandatory precondition + in an offer requires the presence of a SIP "Require" header field + containing the option tag "precondition": Any SIP UA that does not + support a mandatory precondition will consequently reject such + requests (which also has unintended ramifications for SIP forking + that are known as the Heterogeneous Error Response Forking Problem + (see e.g., [HERFP]). To get around this, an optional security + precondition and the SIP "Supported" header field containing the + option tag "precondition" can be used instead. + + When a security precondition with a strength-tag of "none" is + received, processing continues as usual. The "none" strength-tag + merely indicates that the offerer supports the following security + precondition - the answerer MAY upgrade the strength-tag in the + answer as described in [RFC3312]. + + The direction tags defined in RFC 3312 are interpreted as follows: + + * send: Media stream security negotiation is at a stage where it is + possible to send media packets to the other party and the other + party will be able to process them correctly from a security point + of view, i.e., decrypt and/or integrity check them as necessary. + The definition of "media packets" includes all packets that make + up the media stream. In the case of Secure RTP for example, it + includes SRTP as well as SRTCP. When media and non-media packets + are multiplexed on a given media stream (e.g., when ICE is being + used), the requirement applies to the media packets only. + + * recv: Media stream security negotiation is at a stage where it is + possible to receive and correctly process media stream packets + sent by the other party from a security point of view. + + The precise criteria for determining when the other party is able to + correctly process media stream packets from a security point of view + depend on the secure media stream protocol being used as well as the + mechanism by which the required cryptographic parameters are + negotiated. + + + + + + +Andreasen & Wing Standards Track [Page 4] + +RFC 5027 Security Preconditions October 2007 + + + We here provide details for SRTP negotiated through SDP security + descriptions as defined in [SDESC]: + + * When the offerer requests the "send" security precondition, it + needs to receive the answer before the security precondition is + satisfied. The reason for this is twofold. First, the offerer + needs to know where to send the media. Secondly, in the case + where alternative cryptographic parameters are offered, the + offerer needs to know which set was selected. The answerer does + not know when the answer is actually received by the offerer + (which in turn will satisfy the precondition), and hence the + answerer needs to use the confirm-status attribute [RFC3312]. + This will make the offerer generate a new offer showing the + updated status of the precondition. + + * When the offerer requests the "recv" security precondition, it + also needs to receive the answer before the security precondition + is satisfied. The reason for this is straightforward: The answer + contains the cryptographic parameters that will be used by the + answerer for sending media to the offerer; prior to receipt of + these cryptographic parameters, the offerer is unable to + authenticate or decrypt such media. + + When security preconditions are used with the Key Management + Extensions for the Session Description Protocol (SDP) [KMGMT], the + details depend on the actual key management protocol being used. + + After an initial offer/answer exchange in which the security + precondition is requested, any subsequent offer/answer sequence for + the purpose of updating the status of the precondition for a secure + media stream SHOULD use the same key material as the initial + offer/answer exchange. This means that the key-mgmt attribute lines + [KMGMT], or crypto attribute lines [SDESC] in SDP offers, that are + sent in response to SDP answers containing a confirm-status field + [RFC3312] SHOULD repeat the same data as that sent in the previous + SDP offer. If applicable to the key management protocol or SDP + security description, the SDP answers to these SDP offers SHOULD + repeat the same data in the key-mgmt attribute lines [KMGMT] or + crypto attribute lines [SDESC] as that sent in the previous SDP + answer. + + Of course, this duplication of key exchange during precondition + establishment is not to be interpreted as a replay attack. This + issue may be solved if, e.g., the SDP implementation recognizes that + the key management protocol data is identical in the second + offer/answer exchange and avoids forwarding the information to the + security layer for further processing. + + + + +Andreasen & Wing Standards Track [Page 5] + +RFC 5027 Security Preconditions October 2007 + + + Offers with security preconditions in re-INVITEs or UPDATEs follow + the rules given in Section 6 of RFC 3312, i.e.: + + "Both user agents SHOULD continue using the old session parameters + until all the mandatory preconditions are met. At that moment, + the user agents can begin using the new session parameters." + + At that moment, we furthermore require that user agents MUST start + using the new session parameters for media packets being sent. The + user agents SHOULD be prepared to process media packets received with + either the old or the new session parameters for a short period of + time to accommodate media packets in transit. Note that this may + involve iterative security processing of the received media packets + during that period of time. Section 8 in [RFC3264] lists several + techniques to help alleviate the problem of determining when a + received media packet was generated according to the old or new + offer/answer exchange. + +4. Examples + +4.1. SDP Security Descriptions Example + + The call flow of Figure 1 shows a basic session establishment using + the Session Initiation Protocol [SIP] and SDP security descriptions + [SDESC] with security descriptions for the secure media stream (SRTP + in this case). + + A B + + | | + |-------------(1) INVITE SDP1--------------->| + | | + |<------(2) 183 Session Progress SDP2--------| + | | + |----------------(3) PRACK SDP3------------->| + | | + |<-----------(4) 200 OK (PRACK) SDP4---------| + | | + |<-------------(5) 180 Ringing---------------| + | | + | | + | | + + Figure 1: Security Preconditions with SDP Security + Descriptions Example + + + + + + +Andreasen & Wing Standards Track [Page 6] + +RFC 5027 Security Preconditions October 2007 + + + The SDP descriptions of this example are shown below - we have + omitted the details of the SDP security descriptions as well as any + SIP details for clarity of the security precondition described here: + + SDP1: A includes a mandatory end-to-end security precondition for + both the send and receive direction in the initial offer as well as a + "crypto" attribute (see [SDESC]), which includes keying material that + can be used by A to generate media packets. Since B does not know + any of the security parameters yet, the current status (see RFC 3312) + is set to "none". A's local status table (see RFC 3312) for the + security precondition is as follows: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | no | mandatory | no + recv | no | mandatory | no + + and the resulting offer SDP is: + + m=audio 20000 RTP/SAVP 0 + c=IN IP4 192.0.2.1 + a=curr:sec e2e none + a=des:sec mandatory e2e sendrecv + a=crypto:foo... + + SDP2: When B receives the offer and generates an answer, B knows the + (send and recv) security parameters of both A and B. From a security + perspective, B is now able to receive media from A, so B's "recv" + security precondition is "yes". However, A does not know any of B's + SDP information, so B's "send" security precondition is "no". B's + local status table therefore looks as follows: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | no | mandatory | no + recv | yes | mandatory | no + + B requests A to confirm when A knows the security parameters used in + the send and receive direction (it would suffice for B to ask for + confirmation of A's send direction only) and hence the resulting + answer SDP becomes: + + m=audio 30000 RTP/SAVP 0 + c=IN IP4 192.0.2.4 + a=curr:sec e2e recv + a=des:sec mandatory e2e sendrecv + a=conf:sec e2e sendrecv + a=crypto:bar... + + + +Andreasen & Wing Standards Track [Page 7] + +RFC 5027 Security Preconditions October 2007 + + + + SDP3: When A receives the answer, A updates its local status table + based on the rules in RFC 3312. A knows the security parameters of + both the send and receive direction and hence A's local status table + is updated as follows: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | yes | mandatory | yes + recv | yes | mandatory | yes + + Since B requested confirmation of the send and recv security + preconditions, and both are now satisfied, A immediately sends an + updated offer (3) to B showing that the security preconditions are + satisfied: + + m=audio 20000 RTP/SAVP 0 + c=IN IP4 192.0.2.1 + a=curr:sec e2e sendrecv + a=des:sec mandatory e2e sendrecv + a=crypto:foo... + + Note that we here use PRACK [RFC3262] instead of UPDATE [RFC3311] + since the precondition is satisfied immediately, and the original + offer/answer exchange is complete. + + SDP4: Upon receiving the updated offer, B updates its local status + table based on the rules in RFC 3312, which yields the following: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | yes | mandatory | no + recv | yes | mandatory | no + + B responds with an answer (4) that contains the current status of the + security precondition (i.e., sendrecv) from B's point of view: + + m=audio 30000 RTP/SAVP 0 + c=IN IP4 192.0.2.4 + a=curr:sec e2e sendrecv + a=des:sec mandatory e2e sendrecv + a=crypto:bar... + + B's local status table indicates that all mandatory preconditions + have been satisfied, and hence session establishment resumes; B + returns a 180 (Ringing) response (5) to indicate alerting. + + + + + +Andreasen & Wing Standards Track [Page 8] + +RFC 5027 Security Preconditions October 2007 + + +4.2. Key Management Extension for SDP Example + + The call flow of Figure 2 shows a basic session establishment using + the Session Initiation Protocol [SIP] and Key Management Extensions + for SDP [KMGMT] with security descriptions for the secure media + stream (SRTP in this case): + + A B + + | | + |-------------(1) INVITE SDP1--------------->| + | | + |<------(2) 183 Session Progress SDP2--------| + | | + |----------------(3) PRACK SDP3------------->| + | | + |<-----------(4) 200 OK (PRACK) SDP4---------| + | | + |<-------------(5) 180 Ringing---------------| + | | + | | + | | + + Figure 2: Security Preconditions with Key Management + Extensions for SDP Example + + The SDP descriptions of this example are shown below - we show an + example use of MIKEY [MIKEY] with the Key Management Extensions, + however we have omitted the details of the MIKEY parameters as well + as any SIP details for clarity of the security precondition described + here: + + SDP1: A includes a mandatory end-to-end security precondition for + both the send and receive direction in the initial offer as well as a + "key-mgmt" attribute (see [KMGMT]), which includes keying material + that can be used by A to generate media packets. Since B does not + know any of the security parameters yet, the current status (see RFC + 3312) is set to "none". A's local status table (see RFC 3312) for + the security precondition is as follows: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | no | mandatory | no + recv | no | mandatory | no + + + + + + + +Andreasen & Wing Standards Track [Page 9] + +RFC 5027 Security Preconditions October 2007 + + + and the resulting offer SDP is: + + m=audio 20000 RTP/SAVP 0 + c=IN IP4 192.0.2.1 + a=curr:sec e2e none + a=des:sec mandatory e2e sendrecv + a=key-mgmt:mikey AQAFgM0X... + + SDP2: When B receives the offer and generates an answer, B knows the + (send and recv) security parameters of both A and B. B generates + keying material for sending media to A, however, A does not know B's + keying material, so the current status of B's "send" security + precondition is "no". B does know A's SDP information, so B's "recv" + security precondition is "yes". B's local status table therefore + looks as follows: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | no | mandatory | no + recv | yes | mandatory | no + + B requests A to confirm when A knows the security parameters used in + the send and receive direction and hence the resulting answer SDP + becomes: + + m=audio 30000 RTP/SAVP 0 + c=IN IP4 192.0.2.4 + a=curr:sec e2e recv + a=des:sec mandatory e2e sendrecv + a=conf:sec e2e sendrecv + a=key-mgmt:mikey AQAFgM0X... + + Note that the actual MIKEY data in the answer differs from that in + the offer; however, we have only shown the initial and common part of + the MIKEY value in the above. + + SDP3: When A receives the answer, A updates its local status table + based on the rules in RFC 3312. A now knows all the security + parameters of both the send and receive direction and hence A's local + status table is updated as follows: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | yes | mandatory | yes + recv | yes | mandatory | yes + + + + + + +Andreasen & Wing Standards Track [Page 10] + +RFC 5027 Security Preconditions October 2007 + + + Since B requested confirmation of the send and recv security + preconditions, and both are now satisfied, A immediately sends an + updated offer (3) to B showing that the security preconditions are + satisfied: + + m=audio 20000 RTP/SAVP 0 + c=IN IP4 192.0.2.1 + a=curr:sec e2e sendrecv + a=des:sec mandatory e2e sendrecv + a=key-mgmt:mikey AQAFgM0X... + + SDP4: Upon receiving the updated offer, B updates its local status + table based on the rules in RFC 3312, which yields the following: + + Direction | Current | Desired Strength | Confirm + -----------+----------+------------------+---------- + send | yes | mandatory | no + recv | yes | mandatory | no + + B responds with an answer (4) that contains the current status of the + security precondition (i.e., sendrecv) from B's point of view: + + m=audio 30000 RTP/SAVP 0 + c=IN IP4 192.0.2.4 + a=curr:sec e2e sendrecv + a=des:sec mandatory e2e sendrecv + a=key-mgmt:mikey AQAFgM0X... + + B's local status table indicates that all mandatory preconditions + have been satisfied, and hence session establishment resumes; B + returns a 180 (Ringing) response (5) to indicate alerting. + +5. Security Considerations + + In addition to the general security considerations for preconditions + provided in RFC 3312, the following security issues should be + considered. + + Security preconditions delay session establishment until + cryptographic parameters required to send and/or receive media for a + media stream have been negotiated. Negotiation of such parameters + can fail for a variety of reasons, including policy preventing use of + certain cryptographic algorithms, keys, and other security + parameters. If an attacker can remove security preconditions or + downgrade the strength-tag from an offer/answer exchange, the + attacker can thereby cause user alerting for a session that may have + no functioning media. This is likely to cause inconvenience to both + the offerer and the answerer. Similarly, security preconditions can + + + +Andreasen & Wing Standards Track [Page 11] + +RFC 5027 Security Preconditions October 2007 + + + be used to prevent clipping due to race conditions between an + offer/answer exchange and secure media stream packets based on that + offer/answer exchange. If an attacker can remove or downgrade the + strength-tag of security preconditions from an offer/answer exchange, + the attacker can cause clipping to occur in the associated secure + media stream. + + Conversely, an attacker might add security preconditions to offers + that do not contain them or increase their strength-tag. This in + turn may lead to session failure (e.g., if the answerer does not + support it), heterogeneous error response forking problems, or a + delay in session establishment that was not desired. + + Use of signaling integrity mechanisms can prevent all of the above + problems. Where intermediaries on the signaling path (e.g., SIP + proxies) are trusted, it is sufficient to use only hop-by-hop + integrity protection of signaling, e.g., IPSec or TLS. In all other + cases, end-to-end integrity protection of signaling (e.g., S/MIME) + MUST be used. Note that the end-to-end integrity protection MUST + cover not only the message body, which contains the security + preconditions, but also the SIP "Supported" and "Require" headers, + which may contain the "precondition" option tag. If only the message + body were integrity protected, removal of the "precondition" option + tag could lead to clipping (when a security precondition was + otherwise to be used), whereas addition of the option tag could lead + to session failure (if the other side does not support + preconditions). + + As specified in Section 3, security preconditions do not guarantee + that an established media stream will be secure. They merely + guarantee that the recipient of the media stream packets will be able + to perform any relevant decryption and integrity checking on those + media stream packets. + + Current SDP [RFC4566] and associated offer/answer procedures + [RFC3264] allows only a single type of transport protocol to be + negotiated for a given media stream in an offer/answer exchange. + Negotiation of alternative transport protocols (e.g., plain and + secure RTP) is currently not defined. Thus, if the transport + protocol offered (e.g., secure RTP) is not supported, the offered + media stream will simply be rejected. There is however work in + progress to address that. For example, the SDP Capability + Negotiation framework [SDPCN] defines a method for negotiating the + use of a secure or a non-secure transport protocol by use of SDP and + the offer/answer model with various extensions. + + Such a mechanism introduces a number of security considerations in + general, however use of SDP Security Preconditions with such a + + + +Andreasen & Wing Standards Track [Page 12] + +RFC 5027 Security Preconditions October 2007 + + + mechanism introduces the following security precondition specific + security considerations: + + A basic premise of negotiating secure and non-secure media streams as + alternatives is that the offerer's security policy allows for non- + secure media. If the offer were to include secure and non-secure + media streams as alternative offers, and media for either alternative + may be received prior to the answer, then the offerer may not know if + the answerer accepted the secure alternative. An active attacker + thus may be able to inject malicious media stream packets until the + answer (indicating the chosen secure alternative) is received. From + a security point of view, it is important to note that use of + security preconditions (even with a mandatory strength-tag) would not + address this vulnerability since security preconditions would + effectively apply only to the secure media stream alternatives. If + the non-secure media stream alternative was selected by the answerer, + the security precondition would be satisfied by definition, the + session could progress and (non-secure) media could be received prior + to the answer being received. + +6. IANA Considerations + + IANA has registered an RFC 3312 precondition type called "sec" with + the name "Security precondition". The reference for this + precondition type is the current document. + +7. Acknowledgements + + The security precondition was defined in earlier versions of RFC + 3312. RFC 3312 contains an extensive list of people who worked on + those earlier versions, which are acknowledged here as well. The + authors would additionally like to thank David Black, Mark Baugher, + Gonzalo Camarillo, Paul Kyzivat, and Thomas Stach for their comments + on this document. + +8. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC3312] Camarillo, G., Ed., Marshall, W., Ed., and J. Rosenberg, + "Integration of Resource Management and Session Initiation + Protocol (SIP)", RFC 3312, October 2002. + + [RFC4032] Camarillo, G. and P. Kyzivat, "Update to the Session + Initiation Protocol (SIP) Preconditions Framework", RFC + 4032, March 2005. + + + + +Andreasen & Wing Standards Track [Page 13] + +RFC 5027 Security Preconditions October 2007 + + + [SIP] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, + A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, + "SIP: Session Initiation Protocol", RFC 3261, June 2002. + + [RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session + Description Protocol", RFC 4566, July 2006. + + [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model + with Session Description Protocol (SDP)", RFC 3264, June + 2002. + +9. Informative References + + [SDESC] Andreasen, F., Baugher, M., and D. Wing, "Session + Description Protocol (SDP) Security Descriptions for Media + Streams", RFC 4568, July 2006. + + [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and + Video Conferences with Minimal Control", STD 65, RFC 3551, + July 2003. + + [SRTP] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. + Norrman, "The Secure Real-time Transport Protocol (SRTP)", + RFC 3711, March 2004. + + [ICE] Rosenberg, J., "Interactive Connectivity Establishment + (ICE): A Methodology for Network Address Translator (NAT) + Traversal for Multimedia Session Establishment Protocols", + Work in Progress, September 2007. + + [KMGMT] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E. + Carrara, "Key Management Extensions for Session Description + Protocol (SDP) and Real Time Streaming Protocol (RTSP)", + RFC 4567, July 2006. + + [MIKEY] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and K. + Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830, + August 2004. + + [RFC3262] Rosenberg, J. and H. Schulzrinne, "Reliability of + Provisional Responses in Session Initiation Protocol + (SIP)", RFC 3262, June 2002. + + [RFC3311] Rosenberg, J., "The Session Initiation Protocol (SIP) + UPDATE Method", RFC 3311, October 2002. + + + + + + +Andreasen & Wing Standards Track [Page 14] + +RFC 5027 Security Preconditions October 2007 + + + [HERFP] Mahy, R., "A Solution to the Heterogeneous Error Response + Forking Problem (HERFP) in the Session Initiation Protocol + (SIP)", Work in Progress, March 2006. + + [SDPCN] Andreasen, F., "SDP Capability Negotiation", Work in + Progress, July 2007. + +Authors' Addresses + + Flemming Andreasen + Cisco Systems, Inc. + 499 Thornall Street, 8th Floor + Edison, New Jersey 08837 USA + + EMail: fandreas@cisco.com + + + Dan Wing + Cisco Systems, Inc. + 170 West Tasman Drive + San Jose, CA 95134 USA + + EMail: dwing@cisco.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Andreasen & Wing Standards Track [Page 15] + +RFC 5027 Security Preconditions October 2007 + + +Full Copyright Statement + + Copyright (C) The IETF Trust (2007). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND + THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF + THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + + + + + + + + + + + + +Andreasen & Wing Standards Track [Page 16] + -- cgit v1.2.3