[Docs] [txt|pdf] [Tracker] [WG] [Email] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 RFC 5124

INTERNET-DRAFT                               Joerg Ott/Uni Bremen TZI
draft-ietf-avt-profile-savpf-00.txt       Elisabetta Carrara/Ericsson

                                                      19 October 2003
                                                   Expires March 2004


     Extended Secure RTP Profile for RTCP-based Feedback (RTP/SAVPF)


   Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC 2026.  Internet-Drafts are
   working documents of the Internet Engineering Task Force (IETF),
   its areas, and its working groups.  Note that other groups may also
   distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet- Drafts
   as reference material or to cite them other than as "work in
   progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   Copyright (C) The Internet Society (2003). All Rights Reserved.


   Abstract

   An RTP profile (SAVP) is defined for secure real-time
   communications, and another profile (AVPF) is specified to provide
   timely feedback from the receivers to a sender.  This memo defines
   the combination of both profiles to enable secure RTP
   communications with feedback.











Ott, Carrara              Expires March 2004                  [Page 1]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003



   Table of Contents

   1  Introduction.................................................2
      1.1  Definitions.............................................3
      1.2  Terminology.............................................4
   2  SAVPF Rules..................................................4
      2.1  Packet Formats..........................................5
      2.2  Extensions..............................................5
      2.3  Implications from combining AVPF and SAVP...............5
   3  SDP Definitions..............................................6
      3.1  Profile Definition......................................6
      3.2  Attribute Definitions...................................6
      3.3  Profile Negotiation.....................................6
      3.3.1 Offer/Answer-based Negotiation of Session Descriptions.7
      3.3.2 RTSP-based Negotiation of Session Descriptions.........7
      3.3.3 Announcing Session Descriptions........................7
      3.3.4 Describing Alternative Session Profiles................8
      3.4  Examples................................................9
   4  Interworking of AVP, SAVP, AVPF, and SAVPF Entities.........11
   5  Security Considerations.....................................11
   6  IANA Considerations.........................................12
   7  Acknowledgements............................................13
   8  Authors' Addresses..........................................13
   9  Bibliography................................................13
      9.1  Normative references...................................14
      9.2  Informative References.................................14
   10 IPR Notice..................................................15
   11 Full Copyright Statement....................................15







1  Introduction

   The Real-time Transport Protocol (RTP/RTCP) [1] and the associated
   profile for audiovisual communications with minimal control [2]
   define mechanisms for transmitting time-based media across an IP
   network.  RTP provides means to preserve timing and detect packet
   losses, among other things, and RTP payload formats provide for
   proper framing of (continuous) media in a packet-based environment.
   RTCP enables receivers to provide feedback on reception quality and
   allows all members of an RTP session to learn about each other.

   The RTP specification provides only rudimentary support for
   encrypting RTP and RTCP packets.  SRTP [4] defines an RTP profile

Ott, Carrara              Expires March 2004                  [Page 2]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   ("SAVP") for secure RTP media sessions, defining methods for proper
   RTP and RTCP packet encryption, integrity and replay protection.
   The initial negotiation of SRTP and its security parameters needs
   to be done out of band, using e.g. the Session Description Protocol
   (SDP) [6] together with extensions for conveying keying material
   [7][8].

   The RTP specification also provides limited support for timely
   feedback from receivers to senders, typically by means of reception
   statistics reporting in somewhat regular intervals depending on the
   group size, the average RTCP packet size, and the available RTCP
   bandwidth.  The extended RTP profile for RTCP-based feedback
   ("AVPF") [3] allows receivers statistically to provide immediate
   feedback while maintaining the average RTCP data rate for all
   senders.  As for SAVP, the use of AVPF and its parameters need to
   be negotiated out-of-band by means of SDP [6] and the extensions
   defined in [3].

   Both SRTP and AVPF are RTP profiles and need to be negotiated.
   This implies that either one or the other may be used, but both
   profiles cannot be negotiated for the same RTP session (using one
   SDP session level description).  However, using secure
   communications and timely feedback together is desirable.
   Therefore, this document specifies a new RTP profile ("SAVPF") that
   combines the features of SAVP and AVPF.

   As SAVP and AVPF are largely orthogonal, the combination of both is
   mostly straightforward.  No sophisticated algorithms need to be
   specified in this document.  Instead, reference is made to both
   existing profiles and only the implications of their combination
   and possible deviations from rules of the existing profiles are
   described as is the negotiation process.


   1.1  Definitions

   The definitions of [1], [2], [3], and [4] apply.

   The following definitions are specifically used in this document:

   RTP session:
        An association among a set of participants communicating with
        RTP as defined in [1].

   (SDP) media description:
        This term refers to the specification given in a single m=
        line in an SDP message.  An SDP media description may define
        only one RTP session.  Grouping of m= lines in SDP may cause
        several SDP session level descriptions to define (alternatives
        of) the same RTP session for the same media type.

Ott, Carrara              Expires March 2004                  [Page 3]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003


   Media session:
        A media session refers to a collection of SDP media
        descriptions that are semantically grouped to represent
        alternatives of the same communications means.  Out of such a
        group, one will be negotiated or chosen for a communication
        relationship and the corresponding RTP session will be
        instantiated.  Or the media session will be rejected.
        In the simplest case, a media session is equivalent to an SDP
        media description and equivalent to an RTP session.


   1.2  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
   NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
   in this document are to be interpreted as described in RFC 2119
   [5].


2  SAVPF Rules

   SAVP is defined as an intermediate layer between RTP (following the
   regular RTP profile AVP) and UDP.  This yields a two layer
   hierarchy within the Real-time Transport Protocol.  In SAVPF, the
   upper (AVP) layer is replaced by the extended RTP profile for
   feedback (AVPF).

   AVPF modifies timing rules for transmitting RTCP packets and adds
   extra RTCP packet formats specific to feedback.  These functions
   are independent of whether or not RTCP packets are subsequently
   encrypted and/or integrity protected.  The functioning of the AVPF
   layer remains unchanged in SAVPF.

   The AVPF profile derives from [1] the (optional) use of the
   encryption prefix for RTCP. The encryption prefix MUST NOT be used
   within the SAVPF profile (it is not used in SAVP, as it is only
   applicable to the encryption method specified in [1]).

   The SAVP part uses extra fields added to the end of RTP and RTCP
   packets and executes cryptographic transforms on (some of) the
   RTP/RTCP packet contents.  This behavior remains unchanged in
   SAVPF.  The average RTCP packet size calculation done by the AVPF
   layer for timing purposes MUST take into account the fields added
   by the SAVP layer.

   The SRTP part becomes only active whenever the RTP or RTCP was
   scheduled by the "higher" AVPF layer or received from the transport
   protocol, irrespective of its timing and contents.


Ott, Carrara              Expires March 2004                  [Page 4]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003


   2.1  Packet Formats

   AVPF defines extra packet formats to provide feedback information.
   Those extra packet formats defined in [3] (and further ones defined
   elsewhere for use with AVPF) MAY be used with SAVPF.


   SAVP defines a modified packet format for SRTP and SRTCP packets
   that essentially consists of the RTP/RTCP packet formats plus some
   trailing protocol fields for security purposes.  For SAVPF, all
   RTCP packets MUST be encapsulated as defined in section 3.4 of [4].



   2.2  Extensions

   Extensions to AVPF RTCP feedback packets defined elsewhere MAY be
   used with the SAVPF profile provided that those extensions are in
   conformance with the extension rules of [3].


   Additional transforms defined for SAVP following the rules of
   section 6 of [4] MAY also be used with the SAVPF profile.  The
   overhead per RTCP packet depends on the transforms chosen.  New
   transforms added in the future MAY introduce yet unknown further
   per-packet overhead.


   2.3  Implications from combining AVPF and SAVP

   The AVPF profile aims at -- statistically -- allowing receivers to
   provide timely feedback to senders.  The frequency at which
   receivers are, on average, allowed to send feedback information
   depends on the RTCP bandwidth, the group size, and the average size
   of an RTCP packet.  SRTCP adds extra fields (some of which are of
   variable size) at the end of each RTCP packet that are probably at
   least some 10 to 20 bytes in size (14 bytes as default).  Note that
   transforms defined in the future MAY add greater overhead.  With
   this, the average size of an RTCP packet will increase -- roughly
   estimated by some e.g. 10% to 30% -- and thus reduce the frequency
   at which (timely) feedback can be provided.  Application designers
   need to be aware of this, and take precautions so that the RTCP
   bandwidth shares are maintained.  This MUST be done by adjusting
   the RTCP variable "avg_rtcp_size" to include the size of the fields
   that will be added by SRTCP (index, E-bit, authentication tag, and
   when present, the MKI). This means, for example, that the
   definition of the avg_rtcp_size in Section 3.4 of [3] shall be



Ott, Carrara              Expires March 2004                  [Page 5]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   calculated on the resulting SRTCP packet as described in Section
   3.4 of [4].



3  SDP Definitions

   3.1  Profile Definition

   The AV profiles defined in [2], [3], and [4] are referred to as
   "AVP", "AVPF", and "SAVP", respectively, in the context of e.g. the
   Session Description Protocol (SDP) [3].  The combined profile
   specified in this document is referred to as "SAVPF".


   3.2  Attribute Definitions

   SDP attributes for negotiating SAVP sessions are defined in [7] and
   [8].  Those attributes MAY also be used with SAVPF.  The rules
   defined in [7] and [8] apply.

   SDP attributes for negotiating AVPF sessions are defined in [3].
   Those attributes MAY also be used with SAVPF.  The rules defined in
   [3] apply.


   3.3  Profile Negotiation

   Session descriptions for RTP sessions may be conveyed using
   protocols dedicated for multimedia communications such as the SDP
   offer/answer model [10] used with SIP, RTSP [11], or SAP [12] but
   may also be distributed using email, NetNews, web pages, etc.

   The offer/answer model allows the resulting session parameters to
   be negotiated using the SDP attributes defined in [7] and [8].  In
   the following subsection, the negotiation process is described in
   terms of the offer/answer model.  RTSP does not use the
   offer/answer model; however specific negotiation support is
   provided by [7] as discussed in subsection 3.3.2.



   3.3.1 Offer/Answer-based Negotiation of Session Descriptions

   Negotiations are carried out on a per-media session basis.  If
   negotiating one media session fails, others MAY still succeed.

   Different RTP profiles MAY be used in different media sessions.



Ott, Carrara              Expires March 2004                  [Page 6]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   For negotiation an media description, the four profiles AVP, AVPF,
   SAVP, and SAVPF are mutually exclusive.  Note, however, that SAVP
   and SAVPF entities MAY be mixed in a single RTP session (see
   section 4).  Therefore, both MAY be offered as alternatives for the
   same media session (e.g. using the same transport parameters).

   An offerer that is capable of supporting multiple of these profiles
   for a certain media session SHOULD always offer all alternatives
   acceptable in a certain situation.  At least, SAVP and SAVPF SHOULD
   be offered as this does not impact security. However, the offers
   SHOULD NOT include both a secure alternative (SAVP and SAVPF) and
   an insecure alternative (e.g. AVP and AVPF) in the same offer as
   this will most likely open up for bidding down attacks.

   If a media description in an offer uses SAVPF and the answerer does
   not support SAVPF, the media session MUST be rejected.

   If a media description in an offer does not use SAVPF but the
   answerer wants to use SAVPF, the answerer SHOULD reject the media
   session.  Alternatively, depending on whether or not offer is
   otherwise acceptable, the answerer MAY accept the media description
   and provide a counter-offer with a media description indicating
   SAVPF in a subsequently initiated offer/answer exchange.


   3.3.2 RTSP-based Negotiation of Session Descriptions

   RTSP [11] does not support the offer/answer model.  However, RTSP
   supports negotiating media session parameters (including profile
   and address information) by means of the "Transport:" header.  SDP-
   based key management as defined in [7] adds a parameter to support
   conveying keying material.

   Hence, the RTSP "Transport:" header MAY be used to pass keying
   information and negotiate the profile for the media session.  The
   interoperability rules defined in section 3.3.1 SHALL apply.


   3.3.3 Announcing Session Descriptions

   Protocols that do not allow to negotiate session descriptions
   interactively (e.g. SAP, descriptions posted on a web page or sent
   by mail) pose the responsibility for adequate access to the media
   sessions on the initiator of a session.

   The initiator SHOULD provide alternative session descriptions for
   multiple RTP profiles as far as acceptable to the application and
   the purpose of the session.  If security is desired, SAVP may be
   offered as alternative to SAVPF -- but AVP or AVPF sessions SHOULD


Ott, Carrara              Expires March 2004                  [Page 7]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   not be announced unless other security means not relying on SRTP
   are employed.

   The SDP attributes defined in [7] and [8] may also be used for the
   security parameter distribution of announced session descriptions.


   The security scheme description defined in [8] requires a secure
   communications channel to prevent third parties from eavesdropping
   on the keying parameters.  Therefore, SAP encryption (as defined in
   [12]), S/MIME [13], HTTPS [14], or other suitable mechanisms SHOULD
   be used for distributing or accessing these session descriptions.


   3.3.4 Describing Alternative Session Profiles

   SAVP and SAVPF entities MAY be mixed in the same RTP session (see
   also section 4) and so may AVP and AVPF entities.  Other
   combinations -- i.e. between secure and insecure profiles -- in the
   same RTP session are not possible and SHALL NOT be used.

   If both insecure and secure profiles shall be offered, different
   RTP sessions MUST be used, expressed through different addresses
   and/or port numbers.  A grouping mechanisms as defined in [9]
   SHOULD be used to indicate semantic equivalence between the
   individual sessions and ensure that any receiver only joins one of
   them.

   [JO: Note that there is an open issue currently discussed in MMUSIC
   regarding whether or not the same transport address may be used in
   two or more m= lines and, if so, whether or not an explicit
   grouping mechanism is required. The respective semantics also need
   to be documented.]

   For SAVP and SAVPF, the same RTP session MAY be used but it may be
   advisable to also use different ones in order to allow optimal
   support for feedback-enabled receivers.

   In case the same RTP session shall be used for both SAVP and SAVPF,
   two media sessions need to be defined in SDP.  For the same RTP
   session both will use the same address and port numbers.  Those two
   media sessions SHOULD be grouped by using the mechanism defined in
   [9] to indicate semantic equivalence between the individual
   sessions and ensure that any receiver only joins one of them.


   3.4  Examples




Ott, Carrara              Expires March 2004                  [Page 8]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   Example 1: The following session description indicates a secure
   session made up from audio and DTMF [18] for point-to-point
   communication in which the DTMF stream uses Generic ACKs.  The key
   management protocol is indicated in MIKEY.  This session
   description (the offer) could be contained in a SIP INVITE or 200
   OK  message to indicate that its sender is capable of and willing
   to receive feedback for the DTMF stream it transmits.  The
   corresponding answer may be carried in a 200 OK or an ACK.  The
   parameters for the security protocol are negotiated as described by
   the SDP extensions defined in [7].

      v=0
      o=alice 3203093520 3203093520 IN IP4 host.example.com
      s=Media with feedback
      t=0 0
      c=IN IP4 host.example.com
      m=audio 49170 RTP/SAVPF 0 96
      a=rtpmap:0 PCMU/8000
      a=rtpmap:96 telephone-event/8000
      a=fmtp:96 0-16
      a=rtcp-fb:96 ack
      a=key-mgmt:mikey uiSDF9sdhs727ghsd/dhsoKkdOokdo7eWsnDSJD...


   Example 2: This example shows the same feedback parameters as
   example 1 but uses the secure descriptions syntax [8].  Note that
   the key part of the a=crypto attribute is not protected against
   eavesdropping and thus the session description MUST be exchanged
   over a secure communication channel.
      v=0
      o=alice 3203093520 3203093520 IN IP4 host.example.com
      s=Media with feedback
      t=0 0
      c=IN IP4 host.example.com
      m=audio 49170 RTP/SAVPF 0 96
      a=rtpmap:0 PCMU/8000
      a=rtpmap:96 telephone-event/8000
      a=fmtp:96 0-16
      a=rtcp-fb:96 ack
      a=crypto:AES_CM_128_HMAC_SHA1_32
        inline:d/16/14/NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj/2^20/1
        :32

   Example 3: The following session description indicates a multicast
   audio/video session (using PCMU for audio and either H.261 or
   H.263+) with the video source accepting Generic NACKs for both
   codecs and Reference Picture Selection for H.263.  The parameters
   for the security protocol are negotiated as described by the SDP
   extensions defined in [7], used at the session level. Such a


Ott, Carrara              Expires March 2004                  [Page 9]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   description may have been conveyed using the Session Announcement
   Protocol (SAP).

      v=0
      o=alice 3203093520 3203093520 IN IP4 host.example.com
      s=Multicast video with feedback
      t=3203130148 3203137348
      a=key-mgmt:mikey uiSDF9sdhs7494ghsd/dhsoKkdOokdo7eWsnDSJD...
      m=audio 49170 RTP/SAVP 0
      c=IN IP4 224.2.1.183
      a=rtpmap:0 PCMU/8000
      m=video 51372 RTP/SAVPF 98 99
      c=IN IP4 224.2.1.184
      a=rtpmap:98 H263-1998/90000
      a=rtpmap:99 H261/90000
      a=rtcp-fb:* nack
      a=rtcp-fb:98 nack rpsi


   Example 4: The following session description defines the same media
   session as example 3 but allows for mixed mode operation of SAVP
   and SAVPF RTP entities (see also next section).  Note that both
   media descriptions use the same addresses; however, two m= lines
   are needed to convey information about both applicable RTP
   profiles.  The parameters for the security protocol are negotiated
   as described by SDP extensions defined in [7], used at the session
   level.


      v=0
      o=alice 3203093520 3203093520 IN IP4 host.example.com
      s=Multicast video with feedback
      t=3203130148 3203137348
      a=key-mgmt:mikey uiSDF9sdhs7854ghsd/dhsoKkdOokdo7eWsnDSJD...
      m=audio 49170 RTP/SAVP 0
      c=IN IP4 224.2.1.183
      a=rtpmap:0 PCMU/8000
      m=video 51372 RTP/SAVP 98 99
      c=IN IP4 224.2.1.184
      a=rtpmap:98 H263-1998/90000
      a=rtpmap:99 H261/90000
      m=video 51372 RTP/SAVPF 98 99
      c=IN IP4 224.2.1.184
      a=rtpmap:98 H263-1998/90000
      a=rtpmap:99 H261/90000
      a=rtcp-fb:* nack
      a=rtcp-fb:98 nack rpsi

   Note that these two m= lines SHOULD be grouped by some appropriate
   mechanism to indicate that both are alternatives actually conveying

Ott, Carrara              Expires March 2004                 [Page 10]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   the same contents.  A sample mechanism by which this can be
   achieved is defined in [9].


4  Interworking of AVP, SAVP, AVPF, and SAVPF Entities

   The SAVPF profile defined in this document is a combination of the
   SAVP profile [4] and the AVPF profile [3](which in turn is an
   extension of the RTP profile as defined in [2]).

   SAVP and SAVPF use SRTP [4] to achieve security.  AVP and AVPF use
   plain RTP [1] and hence do not provide security (unless external
   security mechanisms are applied as discussed in section 9.1 of
   [1]).  SRTP and RTP and not meant to interoperate, the respective
   protocol entities are not supposed to be part of the same RTP
   session.  Hence, AVP and AVPF on one side and SAVP and SAVPF on the
   other MUST NOT be mixed.


   RTP entities using the SAVP and the SAVPF profiles MAY be mixed in
   a single RTP session.  The interworking considerations defined in
   section 5 of [3] apply.


5  Security Considerations

   The SAVPF profile inherits its security properties from the SAVP
   profile; therefore it is subject to the security considerations
   discussed in [4].  The SAVP profile does not add, nor take away,
   any security services compared to SAVP.

   There is a desire to support security for media streams and, at the
   same time, for backward compatibility with non-SAVP(F) nodes.
   Application designers should be aware that security SHOULD NOT be
   traded for interoperability.  If information is to be distributed
   to closed groups (i.e. confidentially protected), it is RECOMMENDED
   not to offer alternatives for a media session other than SAVP and
   SAVPF as described in sections 3.3 and 3.4, unless other security
   mechanisms will be used, e.g. the ones described in Section 9.1 of
   [1]. Similarly, if integrity protection is considered important, it
   is RECOMMENDED not to offer the alternatives other than SAVP and
   SAVPF (unless other mechanisms are known to be in place that can
   guarantee it, e.g. lower-layer mechanisms as described in Section 9
   of [1]).

   Offering secure and insecure profiles simultaneously may open to
   bidding down attacks. Therefore, such a mix of profile offer SHOULD
   NOT be made.



Ott, Carrara              Expires March 2004                 [Page 11]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003


   AVPF makes packets larger than AVP. This has to be taken into
   consideration with respect to the number of keystream bits that can
   be generated for a given encryption transform in SRTP, to avoid
   keystream re-use. For the pre-defined SRTP transforms, see [SRTP]
   for maximum values.

   Note that the rules for sharing master keys apply as described in
   [7] (e.g., Section 9.1).

   [Editors' note: The last paragraph needs expansion; parts of SRTP
   should explicitly be spelled out here.]

   Different media sessions may use a mix of different profiles,
   particularly including a secure profile and an insecure profile.
   However, mixing secure and insecure media sessions may reveal
   information to third parties and thus the decision to do so MUST be
   in line with a local security policy.  For example, the local
   policy MUST specify whether it is acceptable to have e.g. the audio
   stream not secured and the related video secured.

   The security considerations in [3] are valid too. Note in
   particular, applying the SAVPF profile implies mandatory integrity
   protection on RTCP.  While this solves the problem of false packets
   from members not belonging to the group, it does not solve the
   issues related to a malicious member acting improperly.


6  IANA Considerations

   The following contact information shall be used for all
   registrations included here:

     Contact:      Joerg Ott
                   mailto:jo@acm.org
                   tel:+49-421-201-7028

   The secure RTP feedback profile as a combination of Secure RTP and
   the feedback profile needs to be registered for the Session
   Description Protocol (specifically the type "proto"): "RTP/SAVPF".

   SDP Protocol ("proto"):

     Name:               RTP/SAVPF
     Long form:          Secure RTP Profile with RTCP-based Feedback
     Type of name:       proto
     Type of attribute:  Media level only
     Purpose:            RFC XXXX
     Reference:          RFC XXXX


Ott, Carrara              Expires March 2004                 [Page 12]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   All the SDP attribute defined for RTP/SAVP and RTP/AVPF are valid
   for RTP/SAVPF, too.


NOTE TO THE RFC EDITOR: Please replace all occurrences of RFC XXXX by
the RFC number assigned to this document.


7  Acknowledgements

   This document is a product of the Audio-Visual Transport (AVT)
   Working Group of the IETF.


8  Authors' Addresses

   Joerg Ott            {sip,mailto}:jo@tzi.org
   Uni Bremen TZI       tel:+49-421-201-7028
   MZH 5180
   Bibliothekstr. 1
   D-28359 Bremen
   Germany

   Elisabetta Carrara    mailto:elisabetta.carrara@ericsson.com
   Ericsson Research     tel:+46-8-50877040
   SE-16480 Stockholm
   Sweden


9  Bibliography

   9.1  Normative references

   [1]  H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP
        - A Transport Protocol for Real-time Applications," RFC 3550,
        July 2003.

   [2]  H. Schulzrinne and S. Casner, "RTP Profile for Audio and Video
        Conferences with Minimal Control," RFC 3551, March 2003.

   [3]  J. Ott, S. Wenger, N. Sato, C. Burmeister, J. Rey, "Extended
        RTP Profile for RTCP-based Feedback (RTP/AVPF)," Internet
        Draft draft-ietf-avt-rtcp-feedback-07.txt, Work in Progress,
        June 2003.

   [4]  M. Baugher, D. McGrew, E. Carrara, M. Natslund, K. Norrman,
        "The Secure Real-time Transport Protocol", Internet Draft
        draft-ietf-avt-srtp-09.txt, Work in Progress, July 2003.



Ott, Carrara              Expires March 2004                 [Page 13]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   [5]  S. Bradner, "Key words for use in RFCs to Indicate Requirement
        Levels," RFC 2119, March 1997.

   [6]  M. Handley, V. Jacobson, and Colin Perkins, "SDP: Session
        Description Protocol", Internet Draft draft-ietf-mmusic-sdp-
        new-14.txt, September 2004.

   [7]  J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman,
        "Key Management Extensions for Session Description Protocol
        (SDP) and Real Time Streaming Protocol (RTSP)," Internet Draft
        draft-ietf-mmusic-kmgmt-ext-09.txt, Work in Progress, October
        2003.

   [8]  F. Andreassen, M. Baugher, and D. Wing, "SDP Security
        Descriptions for Media Streams," Internet Draft draft-ietf-
        mmusic-sdescriptions-01.txt, Work in Progress, June 2003.

   [9]  G. Camarillo, J. Holler, G. Eriksson, H. Schulzrinne,
        "Grouping of media lines in SDP," RFC 3388, December 2002.

   [10] J. Rosenberg and H. Schulzrinne, "An offer/answer model with
        SDP," RFC 3264, June 2002.

   [11] H. Schulzrinne, A. Rao, and R. Lanphier, "Real Time Streaming
        Protocol (RTSP)," RFC 2326, April 1998.




   9.2  Informative References

   [12] M. Handley, C. Perkins, and E. Whelan, "Session Announcement
        Protocol," RFC 2974, October 2000.

   [13] B. Ramsdell (ed.), " S/MIME Version 3 Message Specification,"
        RFC 2633, June 1999.

   [14] E.Rescorla, "HTTP Over TLS," RFC 2818, May 2000.



10 IPR Notice

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on
   the IETF's procedures with respect to rights in standards-track and

Ott, Carrara              Expires March 2004                 [Page 14]


Internet Draft   draft-ietf-avt-profile-savpf-00.txt  19 October 2003

   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances
   of licenses to be made available, or the result of an attempt made
   to obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification
   can be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF
   Executive Director.


11 Full Copyright Statement

   Copyright (C) The Internet Society (2003). All Rights Reserved.
   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain
   it or assist in its implementation may be prepared, copied,
   published and distributed, in whole or in part, without restriction
   of any kind, provided that the above copyright notice and this
   paragraph are included on all such copies and derivative works.

   However, this document itself may not be modified in any way, such
   as by removing the copyright notice or references to the Internet
   Society or other Internet organizations, except as needed for the
   purpose of developing Internet standards in which case the
   procedures for copyrights defined in the Internet Standards process
   must be followed, or as required to translate it into languages
   other than English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on
   an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."










Ott, Carrara              Expires March 2004                 [Page 15]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/