Connection Establishment in BFCP draft-ietf-xcon-bfcp-connection-00.txt

1. Connection Establishment in BFCPdraft-ietf-xcon-bfcp-connection-00.txt Gonzalo.Camarillo@ericsson.com

2. BFCP Connection Establishment • Using an offer/answer exchange • RFC 4583 • Authentication based on TLS media • Exchange of certificate fingerprints • Without an offer/answer exchange • draft-ietf-xcon-bfcp-connection-00.txt • Digest-based client authentication is included • Server authentication relies on TLS certificates

3. SIP INVITE SIP 200 OK SIP ACK TCP SYN Floor Participant Floor Control Server Offer/answer-based Mechanism INVITE sips:alice@atlanta.com SIP/2.0 From: Conference <sips:conference@atlanta.com>; tag=1245 To: Alice <sips:alice@atlanta.com> Call-ID:a84b4c76e66710 CSeq: 1 INVITE Content-Type: application/sdp Content-Length: 142 v=0 o=conference 2890844527 2890844527 IN IP4 192.0.2.2 s=Session SDP t=2873397496 0 c=IN IP4 192.0.2.2 m=application 50000 TCP/TLS/BFCP * a=setup:passive a=connection:new a=fingerprint:SHA-1 \ 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:AB a=floorctrl:s-only a=confid:4321 a=userid:1234 a=floorid:1 m-stream:10 m=audio 3456 RTP/AVP 0 a=label:10 ACK sips:alice@192.0.2.1 SIP/2.0 To: Conference <sips:conference@atlanta.com>;tag=2234 From: Alice <sips:alice@atlanta.com>; tag=1245 Call-ID: a84b4c76e66710 CSeq: 1 ACK Content-Length: 0 SIP/2.0 200 OK From: Conference <sips:conference@atlanta.com>; tag=1245 To: alice <sips:alice@atlanta.com>;tag=2234 Call-ID: a84b4c76e66710 CSeq: 1 INVITE Content-Type: application/sdp Content-Length: 131 v=0 o=conference 2890844527 2890844527 IN IP4 192.0.2.1 s=Session SDP t=2873397496 0 c=IN IP4 192.0.2.1 m=application 9 TCP/TLS/BFCP * a=setup:active a=connection:new a=fingerprint:SHA-1 \ 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:AB a=floorctrl:c-only m=audio 55000 RTP/AVP 0

4. TCP connection establishment FloorQuery Error FloorQuery Floor Participant Floor Control Server No Offer/answer FloorQuery TransactionID: 254 UserID: 557 FloorID:543 • Error • TransactionID: 254 • UserID: 557 • FloorID:543 • Error-Code: 10 (DIGEST Attribute Needed) • Digest Algortihm:HMAC-SHA1 • Nonce: 456789 FloorQuery TransactionID: 896 UserID: 557 FloorID:543 Nonce: 456789 Digest:556767788

5. 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 0 1 0 0 1 0 M 0 0 0 1 1 0 0 0 ALGORITHM DIGEST …….. PADDING 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 0 0 0 0 1 0 0 NONCE VALUE 0 0 1 0 0 0 1 M New Attributes • DIGEST • NONCE • Definition of Error Specific Details for Error Code 10 (DIGEST Attribute Needed) 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ALGORITHM ID ALGORITHM ID ALGORITHM ID ALGORITHM ID …….. ALGORITHM ID ALGORITHM ID

6. Open Issue: Provisioning • The data model needs to include: • Server’s transport address • Conference ID • User ID • draft-novo-xcon-common-data-model will be updated accordingly

7. Open Issue: DNS Procedures • Client gets the transport address of the server to perform an active TCP open • Do we allow FQDNs? • If so, which DNS procedures do we define? • SRV, A, AAAA...?

8. Open Issue: Connection Reestablishment • The server notices that the TCP connection is down (it cannot deliver a BFCP message) • Proposal: only clients reestablish TCP connections

9. Open Issue: Digest Usage • Do we want to recommend that only the first BFCP message over a TLS connection is authenticated using digest? • BFCP is designed to be bandwidth efficient • We got a set of comments about digest in the original IESG review of the BFCP spec • Next revision of the draft will incorporate them all