draft-ietf-avtcore-rfc7983bis-01.txt   draft-ietf-avtcore-rfc7983bis-02.txt 
AVTCORE Working Group B. Aboba AVTCORE Working Group B. Aboba
INTERNET-DRAFT Microsoft Corporation INTERNET-DRAFT Microsoft Corporation
Updates: 7983, 5764 G. Salgueiro Updates: 7983, 5764 G. Salgueiro
Category: Standards Track Cisco Systems Category: Standards Track Cisco Systems
Expires: November 25, 2021 C. Perkins Expires: July 28, 2022 C. Perkins
University of Glasgow University of Glasgow
23 May 2021 28 January 2022
Multiplexing Scheme Updates for QUIC Multiplexing Scheme Updates for QUIC
draft-ietf-avtcore-rfc7983bis-01.txt draft-ietf-avtcore-rfc7983bis-02.txt
Abstract Abstract
This document defines how QUIC, Datagram Transport Layer Security This document defines how QUIC, Datagram Transport Layer Security
(DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol
(RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using
Relays around NAT (TURN), and ZRTP packets are multiplexed on a Relays around NAT (TURN), and ZRTP packets are multiplexed on a
single receiving socket. single receiving socket.
This document updates RFC 7983 and RFC 5764. This document updates RFC 7983 and RFC 5764.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 25, 2021. This Internet-Draft will expire on July 28, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 11 skipping to change at page 3, line 11
6.2. Informative References . . . . . . . . . . . . . . . . . 7 6.2. Informative References . . . . . . . . . . . . . . . . . 7
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
"Multiplexing Scheme Updates for Secure Real-time Transport Protocol "Multiplexing Scheme Updates for Secure Real-time Transport Protocol
(SRTP) Extension for Datagram Transport Layer Security (DTLS)" (SRTP) Extension for Datagram Transport Layer Security (DTLS)"
[RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP)
[RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal [RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal
Utilities for NAT (STUN) [RFC5389], Secure Real-time Transport Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport
Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP)
[RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a
single port. single port.
This document updates [RFC7983] and [RFC5764] to also allow QUIC [I- This document updates [RFC7983] and [RFC5764] to also allow QUIC
D.ietf-quic-transport] to be multiplexed on the same port. For peer- [RFC9000] to be multiplexed on the same port. Currently implemented
to-peer operation in WebRTC scenarios as described in [P2P-QUIC][P2P- QUIC congestion control mechanisms are unsuitable for transport of
QUIC-TRIAL], RTP is used to transport audio and video and QUIC is media in realtime communications use cases. As a result, peer-to-
used for data exchange, SRTP [RFC3711] is keyed using DTLS-SRTP peer operation in WebRTC scenarios, described in [P2P-QUIC] [P2P-
[RFC5764] and therefore SRTP/SRTCP [RFC3550], STUN, TURN, DTLS QUIC-TRIAL], used RTP for transport of audio and video while QUIC was
[RFC6347] and QUIC need to be multiplexed on the same port. used for data exchange.
In such a scenario, SRTP [RFC3711] is keyed using DTLS-SRTP [RFC5764]
and therefore SRTP/SRTCP [RFC3550], STUN, TURN, DTLS [RFC6347] and
QUIC need to be multiplexed on the same port. If QUIC congestion
control is modified to enable peer-to-peer transport of audio and
video with low latency [I-D.engelbart-rtp-over-quic] as well as data,
only STUN, TURN and QUIC would need to be multiplexed on the same
port.
Since new versions of QUIC are allowed to change aspects of the wire Since new versions of QUIC are allowed to change aspects of the wire
image, there is no guarantee that future versions of QUIC beyond image, there is no guarantee that future versions of QUIC beyond
version 1 will adhere to the multiplexing scheme described in this version 1 will adhere to the multiplexing scheme described in this
document. document.
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Multiplexing of TURN Channels 2. Multiplexing of TURN Channels
TURN channels are an optimization where data packets are exchanged TURN channels are an optimization where data packets are exchanged
with a 4-byte prefix instead of the standard 36-byte STUN overhead with a 4-byte prefix instead of the standard 36-byte STUN overhead
(see Section 2.5 of [RFC5766]). [RFC7983] allocated the values from (see Section 3.5 of [RFC8656]). [RFC7983] allocated the values from
64 to 79 in order to allow TURN channels to be demultiplexed when the 64 to 79 in order to allow TURN channels to be demultiplexed when the
TURN Client does the channel binding request in combination with the TURN Client does the channel binding request in combination with the
demultiplexing scheme described in [RFC7983]. demultiplexing scheme described in [RFC7983].
As noted in [I-D.aboba-avtcore-quic-multiplexing], the first octet of As noted in [I-D.aboba-avtcore-quic-multiplexing], the first octet of
a QUIC short header packet falls in the range 64 to 127, thereby a QUIC short header packet falls in the range 64 to 127, thereby
overlapping with the allocated range for TURN channels of 64 to 79. overlapping with the allocated range for TURN channels of 64 to 79.
The first octet of QUIC long header packets fall in the range 192 to The first octet of QUIC long header packets fall in the range 192 to
255. Since QUIC long header packets preceed QUIC short header 255. Since QUIC long header packets preceed QUIC short header
skipping to change at page 5, line 44 skipping to change at page 6, line 4
4. Security Considerations 4. Security Considerations
The solution discussed in this document could potentially introduce The solution discussed in this document could potentially introduce
some additional security considerations beyond those detailed in some additional security considerations beyond those detailed in
[RFC7983]. [RFC7983].
Due to the additional logic required, if mis-implemented, heuristics Due to the additional logic required, if mis-implemented, heuristics
have the potential to mis-classify packets. have the potential to mis-classify packets.
When QUIC is used for only for data exchange, the TLS-within-QUIC When QUIC is used for only for data exchange, the TLS-within-QUIC
exchange [I-D.ietf-quic-tls] derives keys used solely to protect the exchange [RFC9001] derives keys used solely to protect the QUIC data
QUIC data packets. If properly implemented, this should not affect packets. If properly implemented, this should not affect the
the transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, but
but if badly implemented, both transport and key derivation could be if badly implemented, both transport and key derivation could be
adversely impacted. adversely impacted.
5. IANA Considerations 5. IANA Considerations
This document does not require actions by IANA. This document does not require actions by IANA.
6. References 6. References
6.1. Normative References 6.1. Normative References
[I-D.ietf-quic-tls]
Thomson, M. and S. Turner, "Using Transport Layer Security
(TLS) to Secure QUIC", draft-ietf-quic-tls-34 (work in
progress), January 15, 2021.
[I-D.ietf-quic-transport]
Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
and Secure Transport", draft-ietf-quic-transport-34 (work
in progress), January 15, 2021.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI Requirement Levels", BCP 14, RFC 2119, DOI
10.17487/RFC2119, March 1997, <http://www.rfc- 10.17487/RFC2119, March 1997, <http://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July
2003, <http://www.rfc-editor.org/info/rfc3550>. 2003, <http://www.rfc-editor.org/info/rfc3550>.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)", Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, DOI 10.17487/RFC3711, March 2004, RFC 3711, DOI 10.17487/RFC3711, March 2004,
<http://www.rfc-editor.org/info/rfc3711>. <http://www.rfc-editor.org/info/rfc3711>.
[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
"Session Traversal Utilities for NAT (STUN)", RFC 5389, DOI
10.17487/RFC5389, October 2008, <http://www.rfc-
editor.org/info/rfc5389>.
[RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer
Security (DTLS) Extension to Establish Keys for the Secure Security (DTLS) Extension to Establish Keys for the Secure
Real-time Transport Protocol (SRTP)", RFC 5764, DOI Real-time Transport Protocol (SRTP)", RFC 5764, DOI
10.17487/RFC5764, May 2010, <http://www.rfc- 10.17487/RFC5764, May 2010, <http://www.rfc-
editor.org/info/rfc5764>. editor.org/info/rfc5764>.
[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN)", RFC 5766, DOI
10.17487/RFC5766, April 2010, <http://www.rfc-
editor.org/info/rfc5766>.
[RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme [RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme
Updates for Secure Real-time Transport Protocol (SRTP) Updates for Secure Real-time Transport Protocol (SRTP)
Extension for Datagram Transport Layer Security (DTLS)", Extension for Datagram Transport Layer Security (DTLS)",
RFC 7983, DOI 10.17487/RFC7983, September 2016, RFC 7983, DOI 10.17487/RFC7983, September 2016,
<https://www.rfc-editor.org/info/rfc7983>. <https://www.rfc-editor.org/info/rfc7983>.
[RFC8489] Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D.,
Mahy, R. and P. Matthews, "Session Traversal Utilities for
NAT (STUN), RFC 8489, DOI 10.17487/RFC8489, February 2020,
<https://www.rfc-editor.org/info/rfc8489>.
[RFC8656] Reddy, T., Johnston, A., Matthews, P. and J. Rosenberg,
"Traversal Using Relays around NAT (TURN): Relay Extensions
to Session Traversal Utilities for NAT (STUN)", RFC 8656,
DOI 10.17487/RFC8656, February 2020, <https://www.rfc-
editor.org/info/rfc8656>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, DOI
10.17487/RFC9000, May 2021, <https://www.rfc-
editor.org/info/rfc9000>.
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>.
6.2. Informative References 6.2. Informative References
[I-D.aboba-avtcore-quic-multiplexing] [I-D.aboba-avtcore-quic-multiplexing]
Aboba, B., Thatcher, P. and C. Perkins, "QUIC Aboba, B., Thatcher, P. and C. Perkins, "QUIC
Multiplexing", draft-aboba-avtcore-quic-multiplexing-04 Multiplexing", draft-aboba-avtcore-quic-multiplexing-04
(work in progress), January 28, 2020. (work in progress), January 28, 2020.
[I-D.engelbart-rtp-over-quic]
Ott, J. and M. Engelbart, "RTP over QUIC", draft-engelbart-
rtp-over-quic-01 (work in progress), October 25, 2021.
[RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP:
Media Path Key Agreement for Unicast Secure RTP", RFC 6189, Media Path Key Agreement for Unicast Secure RTP", RFC 6189,
DOI 10.17487/RFC6189, April 2011, <http://www.rfc- DOI 10.17487/RFC6189, April 2011, <http://www.rfc-
editor.org/info/rfc6189>. editor.org/info/rfc6189>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>. January 2012, <http://www.rfc-editor.org/info/rfc6347>.
[P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer-
 End of changes. 14 change blocks. 
39 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/