| draft-ietf-avtcore-rfc7983bis-01.txt | draft-ietf-avtcore-rfc7983bis-02.txt | |||
|---|---|---|---|---|
| AVTCORE Working Group B. Aboba | AVTCORE Working Group B. Aboba | |||
| INTERNET-DRAFT Microsoft Corporation | INTERNET-DRAFT Microsoft Corporation | |||
| Updates: 7983, 5764 G. Salgueiro | Updates: 7983, 5764 G. Salgueiro | |||
| Category: Standards Track Cisco Systems | Category: Standards Track Cisco Systems | |||
| Expires: November 25, 2021 C. Perkins | Expires: July 28, 2022 C. Perkins | |||
| University of Glasgow | University of Glasgow | |||
| 23 May 2021 | 28 January 2022 | |||
| Multiplexing Scheme Updates for QUIC | Multiplexing Scheme Updates for QUIC | |||
| draft-ietf-avtcore-rfc7983bis-01.txt | draft-ietf-avtcore-rfc7983bis-02.txt | |||
| Abstract | Abstract | |||
| This document defines how QUIC, Datagram Transport Layer Security | This document defines how QUIC, Datagram Transport Layer Security | |||
| (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol | (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol | |||
| (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using | (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using | |||
| Relays around NAT (TURN), and ZRTP packets are multiplexed on a | Relays around NAT (TURN), and ZRTP packets are multiplexed on a | |||
| single receiving socket. | single receiving socket. | |||
| This document updates RFC 7983 and RFC 5764. | This document updates RFC 7983 and RFC 5764. | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 25, 2021. | This Internet-Draft will expire on July 28, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 11 ¶ | skipping to change at page 3, line 11 ¶ | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . 7 | 6.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| "Multiplexing Scheme Updates for Secure Real-time Transport Protocol | "Multiplexing Scheme Updates for Secure Real-time Transport Protocol | |||
| (SRTP) Extension for Datagram Transport Layer Security (DTLS)" | (SRTP) Extension for Datagram Transport Layer Security (DTLS)" | |||
| [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) | [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) | |||
| [RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal | [RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal | |||
| Utilities for NAT (STUN) [RFC5389], Secure Real-time Transport | Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport | |||
| Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) | Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) | |||
| [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a | [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a | |||
| single port. | single port. | |||
| This document updates [RFC7983] and [RFC5764] to also allow QUIC [I- | This document updates [RFC7983] and [RFC5764] to also allow QUIC | |||
| D.ietf-quic-transport] to be multiplexed on the same port. For peer- | [RFC9000] to be multiplexed on the same port. Currently implemented | |||
| to-peer operation in WebRTC scenarios as described in [P2P-QUIC][P2P- | QUIC congestion control mechanisms are unsuitable for transport of | |||
| QUIC-TRIAL], RTP is used to transport audio and video and QUIC is | media in realtime communications use cases. As a result, peer-to- | |||
| used for data exchange, SRTP [RFC3711] is keyed using DTLS-SRTP | peer operation in WebRTC scenarios, described in [P2P-QUIC] [P2P- | |||
| [RFC5764] and therefore SRTP/SRTCP [RFC3550], STUN, TURN, DTLS | QUIC-TRIAL], used RTP for transport of audio and video while QUIC was | |||
| [RFC6347] and QUIC need to be multiplexed on the same port. | used for data exchange. | |||
| In such a scenario, SRTP [RFC3711] is keyed using DTLS-SRTP [RFC5764] | ||||
| and therefore SRTP/SRTCP [RFC3550], STUN, TURN, DTLS [RFC6347] and | ||||
| QUIC need to be multiplexed on the same port. If QUIC congestion | ||||
| control is modified to enable peer-to-peer transport of audio and | ||||
| video with low latency [I-D.engelbart-rtp-over-quic] as well as data, | ||||
| only STUN, TURN and QUIC would need to be multiplexed on the same | ||||
| port. | ||||
| Since new versions of QUIC are allowed to change aspects of the wire | Since new versions of QUIC are allowed to change aspects of the wire | |||
| image, there is no guarantee that future versions of QUIC beyond | image, there is no guarantee that future versions of QUIC beyond | |||
| version 1 will adhere to the multiplexing scheme described in this | version 1 will adhere to the multiplexing scheme described in this | |||
| document. | document. | |||
| 1.1. Terminology | 1.1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Multiplexing of TURN Channels | 2. Multiplexing of TURN Channels | |||
| TURN channels are an optimization where data packets are exchanged | TURN channels are an optimization where data packets are exchanged | |||
| with a 4-byte prefix instead of the standard 36-byte STUN overhead | with a 4-byte prefix instead of the standard 36-byte STUN overhead | |||
| (see Section 2.5 of [RFC5766]). [RFC7983] allocated the values from | (see Section 3.5 of [RFC8656]). [RFC7983] allocated the values from | |||
| 64 to 79 in order to allow TURN channels to be demultiplexed when the | 64 to 79 in order to allow TURN channels to be demultiplexed when the | |||
| TURN Client does the channel binding request in combination with the | TURN Client does the channel binding request in combination with the | |||
| demultiplexing scheme described in [RFC7983]. | demultiplexing scheme described in [RFC7983]. | |||
| As noted in [I-D.aboba-avtcore-quic-multiplexing], the first octet of | As noted in [I-D.aboba-avtcore-quic-multiplexing], the first octet of | |||
| a QUIC short header packet falls in the range 64 to 127, thereby | a QUIC short header packet falls in the range 64 to 127, thereby | |||
| overlapping with the allocated range for TURN channels of 64 to 79. | overlapping with the allocated range for TURN channels of 64 to 79. | |||
| The first octet of QUIC long header packets fall in the range 192 to | The first octet of QUIC long header packets fall in the range 192 to | |||
| 255. Since QUIC long header packets preceed QUIC short header | 255. Since QUIC long header packets preceed QUIC short header | |||
| skipping to change at page 5, line 44 ¶ | skipping to change at page 6, line 4 ¶ | |||
| 4. Security Considerations | 4. Security Considerations | |||
| The solution discussed in this document could potentially introduce | The solution discussed in this document could potentially introduce | |||
| some additional security considerations beyond those detailed in | some additional security considerations beyond those detailed in | |||
| [RFC7983]. | [RFC7983]. | |||
| Due to the additional logic required, if mis-implemented, heuristics | Due to the additional logic required, if mis-implemented, heuristics | |||
| have the potential to mis-classify packets. | have the potential to mis-classify packets. | |||
| When QUIC is used for only for data exchange, the TLS-within-QUIC | When QUIC is used for only for data exchange, the TLS-within-QUIC | |||
| exchange [I-D.ietf-quic-tls] derives keys used solely to protect the | exchange [RFC9001] derives keys used solely to protect the QUIC data | |||
| QUIC data packets. If properly implemented, this should not affect | packets. If properly implemented, this should not affect the | |||
| the transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, | transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, but | |||
| but if badly implemented, both transport and key derivation could be | if badly implemented, both transport and key derivation could be | |||
| adversely impacted. | adversely impacted. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document does not require actions by IANA. | This document does not require actions by IANA. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [I-D.ietf-quic-tls] | ||||
| Thomson, M. and S. Turner, "Using Transport Layer Security | ||||
| (TLS) to Secure QUIC", draft-ietf-quic-tls-34 (work in | ||||
| progress), January 15, 2021. | ||||
| [I-D.ietf-quic-transport] | ||||
| Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed | ||||
| and Secure Transport", draft-ietf-quic-transport-34 (work | ||||
| in progress), January 15, 2021. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, DOI | Requirement Levels", BCP 14, RFC 2119, DOI | |||
| 10.17487/RFC2119, March 1997, <http://www.rfc- | 10.17487/RFC2119, March 1997, <http://www.rfc- | |||
| editor.org/info/rfc2119>. | editor.org/info/rfc2119>. | |||
| [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. | [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. | |||
| Jacobson, "RTP: A Transport Protocol for Real-Time | Jacobson, "RTP: A Transport Protocol for Real-Time | |||
| Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July | Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July | |||
| 2003, <http://www.rfc-editor.org/info/rfc3550>. | 2003, <http://www.rfc-editor.org/info/rfc3550>. | |||
| [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. | [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. | |||
| Norrman, "The Secure Real-time Transport Protocol (SRTP)", | Norrman, "The Secure Real-time Transport Protocol (SRTP)", | |||
| RFC 3711, DOI 10.17487/RFC3711, March 2004, | RFC 3711, DOI 10.17487/RFC3711, March 2004, | |||
| <http://www.rfc-editor.org/info/rfc3711>. | <http://www.rfc-editor.org/info/rfc3711>. | |||
| [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, | ||||
| "Session Traversal Utilities for NAT (STUN)", RFC 5389, DOI | ||||
| 10.17487/RFC5389, October 2008, <http://www.rfc- | ||||
| editor.org/info/rfc5389>. | ||||
| [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer | [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer | |||
| Security (DTLS) Extension to Establish Keys for the Secure | Security (DTLS) Extension to Establish Keys for the Secure | |||
| Real-time Transport Protocol (SRTP)", RFC 5764, DOI | Real-time Transport Protocol (SRTP)", RFC 5764, DOI | |||
| 10.17487/RFC5764, May 2010, <http://www.rfc- | 10.17487/RFC5764, May 2010, <http://www.rfc- | |||
| editor.org/info/rfc5764>. | editor.org/info/rfc5764>. | |||
| [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using | ||||
| Relays around NAT (TURN): Relay Extensions to Session | ||||
| Traversal Utilities for NAT (STUN)", RFC 5766, DOI | ||||
| 10.17487/RFC5766, April 2010, <http://www.rfc- | ||||
| editor.org/info/rfc5766>. | ||||
| [RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme | [RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme | |||
| Updates for Secure Real-time Transport Protocol (SRTP) | Updates for Secure Real-time Transport Protocol (SRTP) | |||
| Extension for Datagram Transport Layer Security (DTLS)", | Extension for Datagram Transport Layer Security (DTLS)", | |||
| RFC 7983, DOI 10.17487/RFC7983, September 2016, | RFC 7983, DOI 10.17487/RFC7983, September 2016, | |||
| <https://www.rfc-editor.org/info/rfc7983>. | <https://www.rfc-editor.org/info/rfc7983>. | |||
| [RFC8489] Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D., | ||||
| Mahy, R. and P. Matthews, "Session Traversal Utilities for | ||||
| NAT (STUN), RFC 8489, DOI 10.17487/RFC8489, February 2020, | ||||
| <https://www.rfc-editor.org/info/rfc8489>. | ||||
| [RFC8656] Reddy, T., Johnston, A., Matthews, P. and J. Rosenberg, | ||||
| "Traversal Using Relays around NAT (TURN): Relay Extensions | ||||
| to Session Traversal Utilities for NAT (STUN)", RFC 8656, | ||||
| DOI 10.17487/RFC8656, February 2020, <https://www.rfc- | ||||
| editor.org/info/rfc8656>. | ||||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | ||||
| Multiplexed and Secure Transport", RFC 9000, DOI | ||||
| 10.17487/RFC9000, May 2021, <https://www.rfc- | ||||
| editor.org/info/rfc9000>. | ||||
| [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure | ||||
| QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, | ||||
| <https://www.rfc-editor.org/info/rfc9001>. | ||||
| 6.2. Informative References | 6.2. Informative References | |||
| [I-D.aboba-avtcore-quic-multiplexing] | [I-D.aboba-avtcore-quic-multiplexing] | |||
| Aboba, B., Thatcher, P. and C. Perkins, "QUIC | Aboba, B., Thatcher, P. and C. Perkins, "QUIC | |||
| Multiplexing", draft-aboba-avtcore-quic-multiplexing-04 | Multiplexing", draft-aboba-avtcore-quic-multiplexing-04 | |||
| (work in progress), January 28, 2020. | (work in progress), January 28, 2020. | |||
| [I-D.engelbart-rtp-over-quic] | ||||
| Ott, J. and M. Engelbart, "RTP over QUIC", draft-engelbart- | ||||
| rtp-over-quic-01 (work in progress), October 25, 2021. | ||||
| [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: | [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: | |||
| Media Path Key Agreement for Unicast Secure RTP", RFC 6189, | Media Path Key Agreement for Unicast Secure RTP", RFC 6189, | |||
| DOI 10.17487/RFC6189, April 2011, <http://www.rfc- | DOI 10.17487/RFC6189, April 2011, <http://www.rfc- | |||
| editor.org/info/rfc6189>. | editor.org/info/rfc6189>. | |||
| [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | |||
| Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | |||
| January 2012, <http://www.rfc-editor.org/info/rfc6347>. | January 2012, <http://www.rfc-editor.org/info/rfc6347>. | |||
| [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- | [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- | |||
| End of changes. 14 change blocks. | ||||
| 39 lines changed or deleted | 50 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||