Connection Establishment in BFCP draft-ietf-xcon-bfcp-connection-00 Connection Establishment in BFCP draft-ietf-xcon-bfcp-connection-00.txt Gonzalo.Camarillo@ericsson.com

BFCP Connection Establishment Using an offer/answer exchange RFC 4583 Authentication based on TLS media Exchange of certificate fingerprints Without an offer/answer exchange draft-ietf-xcon-bfcp-connection-00.txt Digest-based client authentication is included Server authentication relies on TLS certificates

Offer/answer-based Mechanism Floor Participant Floor Control Server INVITE sips:alice@atlanta.com SIP/2.0 From: Conference <sips:conference@atlanta.com>; tag=1245 To: Alice <sips:alice@atlanta.com> Call-ID:a84b4c76e66710 CSeq: 1 INVITE Content-Type: application/sdp Content-Length: 142 v=0 o=conference 2890844527 2890844527 IN IP4 192.0.2.2 s=Session SDP t=2873397496 0 c=IN IP4 192.0.2.2 m=application 50000 TCP/TLS/BFCP * a=setup:passive a=connection:new a=fingerprint:SHA-1 \ 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:AB a=floorctrl:s-only a=confid:4321 a=userid:1234 a=floorid:1 m-stream:10 m=audio 3456 RTP/AVP 0 a=label:10 SIP INVITE ACK sips:alice@192.0.2.1 SIP/2.0 To: Conference <sips:conference@atlanta.com>;tag=2234 From: Alice <sips:alice@atlanta.com>; tag=1245 Call-ID: a84b4c76e66710 CSeq: 1 ACK Content-Length: 0 SIP/2.0 200 OK From: Conference <sips:conference@atlanta.com>; tag=1245 To: alice <sips:alice@atlanta.com>;tag=2234 Call-ID: a84b4c76e66710 CSeq: 1 INVITE Content-Type: application/sdp Content-Length: 131 v=0 o=conference 2890844527 2890844527 IN IP4 192.0.2.1 s=Session SDP t=2873397496 0 c=IN IP4 192.0.2.1 m=application 9 TCP/TLS/BFCP * a=setup:active a=connection:new a=fingerprint:SHA-1 \ 4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:AB a=floorctrl:c-only m=audio 55000 RTP/AVP 0 SIP 200 OK SIP ACK TCP SYN

No Offer/answer FloorQuery TransactionID: 254 UserID: 557 FloorID:543 Floor Participant Floor Control Server TCP connection establishment FloorQuery TransactionID: 254 UserID: 557 FloorID:543 FloorQuery Error TransactionID: 254 UserID: 557 FloorID:543 Error-Code: 10 (DIGEST Attribute Needed) Digest Algortihm:HMAC-SHA1 Nonce: 456789 Error FloorQuery TransactionID: 896 UserID: 557 FloorID:543 Nonce: 456789 Digest:556767788 FloorQuery

New Attributes DIGEST NONCE 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 0 1 0 0 1 0 0 0 0 1 1 0 0 0 ALGORITHM M PADDING DIGEST …….. NONCE 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 NONCE VALUE M Definition of Error Specific Details for Error Code 10 (DIGEST Attribute Needed) 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ALGORITHM ID ALGORITHM ID ALGORITHM ID ALGORITHM ID …….. ALGORITHM ID ALGORITHM ID

Open Issue: Provisioning The data model needs to include: Server’s transport address Conference ID User ID draft-novo-xcon-common-data-model will be updated accordingly

Open Issue: DNS Procedures Client gets the transport address of the server to perform an active TCP open Do we allow FQDNs? If so, which DNS procedures do we define? SRV, A, AAAA...?

Open Issue: Connection Reestablishment The server notices that the TCP connection is down (it cannot deliver a BFCP message) Proposal: only clients reestablish TCP connections

Open Issue: Digest Usage Do we want to recommend that only the first BFCP message over a TLS connection is authenticated using digest? BFCP is designed to be bandwidth efficient We got a set of comments about digest in the original IESG review of the BFCP spec Next revision of the draft will incorporate them all