Jingle (XEP-0166)  defines a framework for negotiating and managing out-of-band data sessions over XMPP. In order to provide a flexible framework, the base Jingle specification defines neither data transport methods nor application formats, leaving that up to separate specifications.
The current document defines a transport method for establishing and managing data exchanges between XMPP entities over the User Datagram Protocol (see RFC 768 ), using the ICE methodology developed within the IETF and specified in RFC 5245  (hereafter referred to as ICE-CORE). Use of this "ice-udp" method results in a datagram transport suitable for media applications where some packet loss is tolerable (e.g., audio and video).
Note: ICE-CORE has been approved for publication as an RFC but has not yet been published as an RFC. While every effort has been made to keep this document synchronized with ICE-CORE, the interested reader is referred to ICE-CORE for a detailed description of the ICE methodology.
The process for ICE negotiation is largely the same in Jingle as it is in ICE. There are several differences:
The reader is referred to ICE-CORE for a description of various terms used in the context of ICE. Those terms are not reproduced here.
The Jingle transport method defined herein is designed to meet the following requirements:
In accordance with Section 10 of XEP-0166, this document specifies the following information related to the Jingle ice-udp transport method:
The transport negotiation process is defined in the Protocol Description section of this document.
The semantics of the <transport/> element are defined in the ICE Negotiation section of this document.
Successful negotiation of the ice-udp method results in use of a datagram transport that is suitable for applications where some packet loss is tolerable, such as audio and video.
If multiple components are to be communicated by the application type that uses the transport, the transport shall support those components and assign identifiers for them as described in the specification that defines the application type.
The overall protocol flow for negotiation of the Jingle ICE-UDP Transport Method is as follows (note: many of these events happen simultaneously, not in sequence).
Note: The examples in this document follow the scenario described in Section 17 of ICE-CORE, except that we substitute the Shakespearean characters "Romeo" and "Juliet" for the generic entities "L" and "R".
In order for the initiator in a Jingle exchange to start the negotiation, it sends a Jingle "session-initiate" stanza that includes at least one content type, as described in XEP-0166. If the initiator wishes to negotiate the ice-udp transport method for an application format, it MUST include a <transport/> child element qualified by the 'urn:xmpp:jingle:transports:ice-udp:1' namespace (see Namespace Versioning regarding the possibility of incrementing the version number). This element SHOULD in turn contain one <candidate/> element for each of the initiator's higher-priority transport candidates as determined in accordance with the ICE methodology, but MAY instead be empty (with each candidate to be sent as the payload of a transport-info message).
The <transport/> element's 'pwd' and 'ufrag' attributes MUST be included whenever sending one or more candidates to the other party, e.g. in a session-initiate, session-accept, transport-info, content-add, or transport-replace message. The values for these attributes are separately generated for both the initiator and the responder, in accordance with ICE-CORE and as shown in the examples. The attributes of the <transport/> element are as follows.
|pwd||A Password as defined in ICE-CORE.||a=ice-pwd line||asd88fgpdd777uzjYhagZg|
|ufrag||A User Fragment as defined in ICE-CORE.||a=ice-ufrag line||8hhy|
The attributes of the <candidate/> element are as follows.
|component||A Component ID as defined in ICE-CORE.||Component ID value in a=candidate line||1|
|foundation||A Foundation as defined in ICE-CORE.||Foundation value in a=candidate line||1|
|generation||An index, starting at 0, that enables the parties to keep track of updates to the candidate throughout the life of the session. For details, see the ICE Restarts section of this document.||extended name/value pair in a=candidate line||0|
|id||A unique identifier for the candidate.||N/A||el0747fg11|
|ip||The Internet Protocol (IP) address for the candidate transport mechanism; this can be either an IPv4 address or an IPv6 address.||IP Address value in a=candidate line||192.0.2.3|
|network||An index, starting at 0, referencing which network this candidate is on for a given peer (used for diagnostic purposes if the calling hardware has more than one Network Interface Card).||N/A||0|
|port||The port at the candidate IP address.||Port value in a=candidate line||45664|
|priority||A Priority as defined in ICE-CORE. ||Priority value in a=candidate line||2130706431|
|protocol||The protocol to be used. The only value defined by this specification is "udp". ||Transport protocol field in a=candidate line||udp|
|rel-addr||A related address as defined in ICE-CORE.||raddr value in a=candidate line||10.0.1.1|
|rel-port||A related port as defined in ICE-CORE.||rport value in a=candidate line||8998|
|type||A Candidate Type as defined in ICE-CORE. The allowable values are "host" for host candidates, "prflx" for peer reflexive candidates, "relay" for relayed candidates, and "srflx" for server reflexive candidates.||Typ field in a=candidate line||srflx|
As described in XEP-0166, to acknowledge receipt of the session initiation request, the responder immediately returns an IQ-result.
Depending on the application type, a user agent controlled by a human user might need to wait for the user to affirm a desire to proceed with the session before continuing. When the user agent has received such affirmation (or if the user agent can automatically proceed for any reason, e.g. because no human intervention is expected or because a human user has configured the user agent to automatically accept sessions with a given entity), it returns a Jingle session-accept message. This message MUST contain a <transport/> element qualified by the 'urn:xmpp:jingle:transports:ice-udp:1' namespace, which SHOULD in turn contain one <candidate/> element for each ICE-UDP candidate generated by or known to the responder, but MAY instead be empty (with each candidate to be sent as the payload of a transport-info message).
Note: See the Security Considerations section of this document regarding the exposure of IP addresses by the responder's client.
The initiator and responder negotiate connectivity over ICE by exchanging XML-formatted transport candidates for the channel. This negotiation proceeds immediately in order to maximize the possibility that connectivity can be established (and therefore media can be exchanged) as quickly as possible. In order to expedite session establishment, the initiator SHOULD include transport candidates in its session-initiate message but MAY also send additional transport candidates as soon as it learns of them, even before receiving acknowledgement of the session-initiate message (i.e., the initiator MUST consider the session to be live as soon as it sends the session-initiate message). 
The first step in negotiating connectivity is for each party to send transport candidates to the other party.  These candidates SHOULD be gathered by following the procedure specified in Section 4.1.1 of ICE-CORE (typically by communicating with a standalone STUN server in order to discover the client's public IP address and port) and prioritized by following the procedure specified in Section 4.1.2 of ICE-CORE.
Each candidate shall be sent as a <candidate/> child of a <transport/> element qualified by the 'urn:xmpp:jingle:transports:ice-udp:1' namespace. The <transport/> element is sent via a Jingle message of type session-initiate, session-accept, or transport-info.
Either party MAY include multiple <candidate/> elements in one <transport/> element, especially in the session-initiate and session-accept messages sent at the beginning of the session negotiation. Including multiple candidates in the session-initiate and session-accept messages can help to ensure interoperability with entities that implement the SDP offer/answer model described in RFC 3264; in particular, an entity SHOULD include multiple candidates in its session-initiate or session-accept message if the other party advertises support for the "urn:ietf:rfc:3264" service discovery feature as described in the SDP Offer / Answer Support section of this document. However, including one candidate per subsequent transport-info message typically results in a faster negotiation because the candidates most likely to succeed are sent first (in the session-info and session-accept messages) and it is not necessary to gather all candidates before beginning to send any candidates; furthermore, because certain candidates can be more "expensive" in terms of bandwidth or processing power, either party might not want to advertise the existence of such candidates unless it is necessary to do so after other candidates have failed.
If the party that receives a candidate in a Jingle message can successfully process a given candidate or set of candidates, it returns an IQ-result (if not, for example because the candidate data is improperly formatted, it returns an IQ-error). At this point, the receiving entity is only indicating receipt of the candidate or set of candidates, not telling the other party that the candidate will be used.
The initiator can keep sending candidates (without stopping to receive an acknowledgement of receipt from the responder for each candidate) until it has exhausted its supply of possible or desirable transport candidates. The responder can also keep sending potential candidates, which the initiator will acknowledge.
As the initiator and responder receive candidates, they probe the candidates for connectivity. In performing these connectivity checks, each party SHOULD follow the procedure specified in Section 7 of ICE-CORE. The following business rules apply:
When it receives a STUN Binding Request, each party MUST return a STUN Binding Response, which indicates either an error case or the success case. As described in Section 220.127.116.11 of ICE-CORE, a connectivity check succeeds if all of the following are true:
For the candidates exchanged in the previous section, the connectivity checks would be as follows (this diagram mirrors the example in ICE-CORE).
Note: Here the initiator (controlling agent) is using "aggressive nomination" as described in Section 18.104.22.168 of ICE-CORE and therefore includes the USE-CANDIDATE attribute in the STUN Binding Requests it sends.
If, based on STUN connectivity checks, the parties determine that they will be able to exchange media between a given pair of local candidates and remote candidates (i.e., the pair is "nominated" and ICE processing is "completed"), they can then begin using that candidate pair to exchange media.
Once the parties have connectivity and therefore the initiator has completed ICE as explained in ICE-CORE, the initiator MAY communicate the in-use candidate pair in the signalling channel by sending a transport-info message that contains a <remote-candidate/> element (this maps to the SDP "remote-candidates" attribute as described in Section B.6 of ICE-CORE, i.e., remote candidates are "the actual candidates at R that were selected by the offerer", of which there will be only one at this stage of the ICE-UDP negotiation).
(In accordance with Jingle core, the responder will also acknowledge the transport-info message.)
In the unlikely event that one of the parties determines that it cannot establish connectivity even after sending and checking lower-priority candidates, it SHOULD terminate the session as described in XEP-0166.
Even after media has begun to flow, either party MAY continue to send additional candidates to the other party (e.g., because the user agent has become aware of a new media proxy or network interface card). Such candidates are shared by sending a transport-info message.
The receiving party MUST acknowledge receipt of the candidate.
The parties would check the newly-offered candidate for connectivity, as described previously. If the parties determine that media can flow over the candidate, they MAY then use the new candidate in subsequent communications.
At any time, either party MAY restart the process of ICE negotiation by sending a candidate with a 'generation' value that is greater than the previous generation of candidates; when it does so, it MUST generate new values for the 'pwd' and 'ufrag' attributes, consistent with the definition of an ICE restart in Section 22.214.171.124 of ICE-CORE. As explained in ICE-CORE, typically the ICE negotiation would be restarted to change the media target (e.g., an IP address change for one of the parties) and certain third-party-call-control scenarios.
The recipient then acknowledges receipt.
The parties would then exchange new candidates to renegotiate connectivity and would check the new candidates for connectivity, as described previously. If the parties determine that media can flow over one of the new candidates, they can then use the successful candidate in subsequent communications. However, while ICE is being renegotiated the parties can continue to send media with the existing candidate-in-use.
It can happen that the responder does not support ICE, in which case it can be necessary to fall back to use of the Jingle Raw UDP Transport Method (XEP-0177) . One typical scenario is communication between an ICE-aware Jingle endpoint and a non-ICE-aware SIP endpoint through a Jingle-to-SIP gateway, as follows:
The session flow is as follows.
The protocol flow is as follows, showing only the stanzas sent between Romeo and the gateway (acting on Juliet's behalf).
Immediately the gateway sends a transport-replace message to Romeo, specifying a transport of Raw UDP with a candidate whose IP address and port identify a media relay at the gateway.
Romeo then acknowledges the transport-replace message and immediately also sends a transport-accept.
The gateway then acknowledges the acceptance on behalf of Juliet.
The responder then sends a session-accept through the gateway.
The endpoints now begin to exchange session media, and can continue the session as long as desired.
To advertise its support for the Jingle ICE-UDP Transport Method, when replying to Service Discovery (XEP-0030)  information requests an entity MUST return URNs for any version of this protocol that the entity supports -- e.g., "urn:xmpp:jingle:transports:ice-udp:1" for this version and "urn:xmpp:jingle:transports:ice-udp:0" for the previous version (see Namespace Versioning regarding the possibility of incrementing the version number).
In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in Entity Capabilities (XEP-0115) . However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.
If an entity supports the SDP offer / answer model described in RFC 3264 and therefore prefers to receive multiple candidates in a single transport-info message, it MUST advertise support for the "urn:ietf:rfc:3264" service discovery feature. Typically this feature will be advertised only by gateways between Jingle and SIP.
In order to speed the negotiation process so that media can flow as quickly as possible, the initiator SHOULD gather and prioritize candidates in advance, or as soon as the principal begins the process of initiating a session.
This specification applies exclusively to Jingle clients and places no additional requirements on XMPP servers. However, service administrators might wish to deploy a STUN server in order to ease the client-to-client negotiation process and a TURN server for media relaying (see TURN ). Deployment of support for External Service Discovery (XEP-0215)  might also be helpful.
By definition, the exchange of transport candidates results in exposure of the sender's IP addresses, which comprise a form of personally identifying information. A Jingle client MUST enable a user to control which entities will be allowed to receive such information. If a human user explicitly accepts a session request, then the client SHOULD consider that action to imply approval of IP address sharing. However, waiting for a human user to explicitly accept the session request can result in delays during session setup, since it is more efficient to immediately begin sharing transport candidates. Therefore, it is RECOMMENDED for the client to immediately send transport candidates to a contact (without waiting for explicit user approval of the session request) in the following cases:
Application types that use the Jingle ICE-UDP transport method MAY also define their own application-specific encryption methods, such as the Secure Real-time Transport Protocol (SRTP) for RTP exchanges as described in Jingle RTP Sessions (XEP-0167) .
This document requires no interaction with the Internet Assigned Numbers Authority (IANA) .
This specification defines the following XML namespace:
If the protocol defined in this specification undergoes a revision that is not fully backwards-compatible with an older version, the XMPP Registrar shall increment the protocol version number found at the end of the XML namespaces defined herein, as described in Section 4 of XEP-0053.
If an entity supports the SDP offer / answer model described in RFC 3264 and therefore prefers to receive one transport-info message with multiple candidates, it MUST advertise support for the "urn:ietf:rfc:3264" feature.
The registry submission is as follows.
The XMPP Registrar includes "ice-udp" in its registry of Jingle transport methods at <https://xmpp.org/registrar/jingle-transports.html>. The registry submission is as follows:
Thanks to Diana Cionoiu, Olivier Crête, Tim Julien, Steffen Larsen, Robert McQueen, Mike Ruprecht, Justin Uberti, Unnikrishnan Vikrama Panicker, and Paul Witty for their feedback.
This document in other formats: XML PDF
This XMPP Extension Protocol is copyright © 1999 – 2019 by the XMPP Standards Foundation (XSF).
Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <https://xmpp.org/about/xsf/ipr-policy> or obtained by writing to XMPP Standards Foundation, P.O. Box 787, Parker, CO 80134 USA).
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
There exists a special venue for discussion related to the technology described in this document: the <firstname.lastname@example.org> mailing list.
The primary venue for discussion of XMPP Extension Protocols is the <email@example.com> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <http://xmpp.org/about/discuss.shtml> for a complete list.
Errata can be sent to <firstname.lastname@example.org>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
6. In accordance with the rules specified in Section 4.1.1 of ICE-CORE, the priority values shown in the examples within this document have been calculated as follows. The "type preference" for host candidates is stipulated to be "126" and for server reflexive candidates "100". The "local preference" for network 0 is stipulated to be "4096", for network 1 "2048", and for network 2 "1024".
7. Future specifications might define other values such as "tcp".
8. Given in-order delivery as mandated by XMPP Core , the responder will receive such transport-info messages after receiving the session-initiate message; if not, it is appropriate for the responder to return <unknown-session/> errors since according to its state machine the session does not exist.
10. The fact that both parties send candidates means that Jingle requires each party to be a full implementation of ICE, not a lite implementation as specified in ICE-CORE.
12. Thus when Romeo sends a STUN Binding Request to Juliet the credentials will be STUN username "9uB6:8hhy" (ufrag provided by Juliet concatenated with ufrag provided by Romeo) and password "YH75Fviy6338Vbrhrlp8Yh" (pwd provided by Juliet) whereas when Juliet sends a STUN Binding Request to Romeo the credentials will be STUN username "8hhy:9uB6" (ufrag provided by Romeo concatenated with ufrag provided by Juliet) and password "asd88fgpdd777uzjYhagZg" (pwd provided by Romeo).
19. Extensible Messaging and Presence Protocol (XMPP) End-to-End Encryption Using Transport Layer Security ("XTLS") <http://tools.ietf.org/html/draft-meyer-xmpp-e2e-encryption>.
21. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.
22. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the XMPP Standards Foundation. For further information, see <https://xmpp.org/registrar/>.
Note: Older versions of this specification might be available at http://xmpp.org/extensions/attic/
Per a vote of the XMPP Council, advanced specification from Experimental to Draft.
Clarified ICE restarts and use of the generation attribute, in accordance with the ICE specification.
Minor changes to track modifications to XEP-0166.
Specified that pwd and ufrag attributes must be included when sending the first candidate; removed rem-addr and rem-port attributes and instead defined transport-info payload for communication of the remote candidate.
Simplified flow by including candidates in session-initiate and session-accept.
Specified id attribute and added it to the examples; updated namespaces to reflect changes to other Jingle specifications; completed editorial review.
Corrected fallback scenario to use transport-replace and transport-accept.
For consistency with XEP-0166, removed profile attribute, changed content-replace to transport-replace, and changed content-accept to transport-accept.
Allowed batching of multiple candidates in a single transport-info message for optional interworking with the SDP offer-answer model, and added urn:ietf:rfc:3264 service discovery feature to advertise such support; updated security considerations regarding sharing of IP addresses.
Removed content-replace message from acceptance flow, since in ICE that information is sent via STUN, not in the signalling channel.
Moved pwd and ufrag attributes from candidate element to transport element since they describe session-level or media-level information.
Changed content-modify to content-replace per XEP-0166.
Clarified several small points regarding candidate gathering procedures and STUN connectivity checks.
Modified flow for ICE completion to require content-modify from initiator to responder, thus mapping to sending of revised offer in SIP; added rem-addr and rem-port attributes to map to a=remote-candidates information in SDP; changed raddr and rport attributes to rel-addr and rel-port to prevent confusion with rem-addr and rem-port attributes.
Added further details about connectivity checks; defined raddr and rport attributes for complete mapping to SDP.
Moved ice-tcp definition to a separate specification.
Further editorial review; also added sections on modification of existing candidates and exchange of subsequent candidates.
Editorial review and consistency check.
Updated to track ICE-16.
Separately defined ice-tcp and ice-udp transport methods to enable clearer definition of transport methods and reuse by application types; specified Jingle conformance, including definition of ice-udp as datagram and ice-tcp as streaming.
Updated to track ICE-14 and ICE-TCP-03; moved text on discovery of STUN servers to separate specification.
Modified spec to use provisional namespace before advancement to Draft (per XEP-0053).
Updated to track ICE-12; corrected service discovery process; completed editorial review; removed mention of DTMF, which is for audio only.
Updated to track ICE-10; added section on service discovery.
Specified that DTMF must use in-band signalling (XEP-0181).
Recommended use of RTP-native methods for DTMF.
Initial version (split from XEP-0166).