| draft-ietf-avtcore-rfc7983bis-02.txt | draft-ietf-avtcore-rfc7983bis-03.txt | |||
|---|---|---|---|---|
| AVTCORE Working Group B. Aboba | AVTCORE Working Group B. Aboba | |||
| INTERNET-DRAFT Microsoft Corporation | INTERNET-DRAFT Microsoft Corporation | |||
| Updates: 7983, 5764 G. Salgueiro | Updates: 7983, 5764 G. Salgueiro | |||
| Category: Standards Track Cisco Systems | Category: Standards Track Cisco Systems | |||
| Expires: July 28, 2022 C. Perkins | Expires: November 11, 2022 C. Perkins | |||
| University of Glasgow | University of Glasgow | |||
| 28 January 2022 | 11 May 2022 | |||
| Multiplexing Scheme Updates for QUIC | Multiplexing Scheme Updates for QUIC | |||
| draft-ietf-avtcore-rfc7983bis-02.txt | draft-ietf-avtcore-rfc7983bis-03.txt | |||
| Abstract | Abstract | |||
| This document defines how QUIC, Datagram Transport Layer Security | This document defines how QUIC, Datagram Transport Layer Security | |||
| (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol | (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol | |||
| (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using | (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using | |||
| Relays around NAT (TURN), and ZRTP packets are multiplexed on a | Relays around NAT (TURN), and ZRTP packets are multiplexed on a | |||
| single receiving socket. | single receiving socket. | |||
| This document updates RFC 7983 and RFC 5764. | This document updates RFC 7983 and RFC 5764. | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 28, 2022. | This Internet-Draft will expire on November 11, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 31 ¶ | skipping to change at page 2, line 31 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 3 | 2. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 3 | |||
| 3. Updates to RFC 7983 . . . . . . . . . . . . . . . . . . . . . 4 | 3. Updates to RFC 7983 . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 6.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . 7 | 6.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| "Multiplexing Scheme Updates for Secure Real-time Transport Protocol | "Multiplexing Scheme Updates for Secure Real-time Transport Protocol | |||
| (SRTP) Extension for Datagram Transport Layer Security (DTLS)" | (SRTP) Extension for Datagram Transport Layer Security (DTLS)" | |||
| [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) | [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) | |||
| [RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal | [RFC3550] receiver to demultiplex DTLS [RFC9147], Session Traversal | |||
| Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport | Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport | |||
| Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) | Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) | |||
| [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a | [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a | |||
| single port. | single port. This document updates [RFC7983] and [RFC5764] to also | |||
| allow QUIC [RFC9000] to also be multiplexed on the same port. The | ||||
| This document updates [RFC7983] and [RFC5764] to also allow QUIC | scheme described in this document is compatible with QUIC version 2 | |||
| [RFC9000] to be multiplexed on the same port. Currently implemented | [I-D.ietf-quic-v2]. | |||
| QUIC congestion control mechanisms are unsuitable for transport of | ||||
| media in realtime communications use cases. As a result, peer-to- | ||||
| peer operation in WebRTC scenarios, described in [P2P-QUIC] [P2P- | ||||
| QUIC-TRIAL], used RTP for transport of audio and video while QUIC was | ||||
| used for data exchange. | ||||
| In such a scenario, SRTP [RFC3711] is keyed using DTLS-SRTP [RFC5764] | ||||
| and therefore SRTP/SRTCP [RFC3550], STUN, TURN, DTLS [RFC6347] and | ||||
| QUIC need to be multiplexed on the same port. If QUIC congestion | ||||
| control is modified to enable peer-to-peer transport of audio and | ||||
| video with low latency [I-D.engelbart-rtp-over-quic] as well as data, | ||||
| only STUN, TURN and QUIC would need to be multiplexed on the same | ||||
| port. | ||||
| Since new versions of QUIC are allowed to change aspects of the wire | The multiplexing scheme described in this document enables multiple | |||
| image, there is no guarantee that future versions of QUIC beyond | usage scenarios. Peer-to-peer QUIC in WebRTC scenarios, described in | |||
| version 1 will adhere to the multiplexing scheme described in this | [P2P-QUIC] [P2P-QUIC-TRIAL], uses RTP for transport of audio and | |||
| document. | video along with QUIC for data exchange. For this use case, SRTP | |||
| [RFC3711] is keyed using DTLS-SRTP [RFC5764] and therefore SRTP/SRTCP | ||||
| [RFC3550], STUN, TURN, DTLS and QUIC need to be multiplexed on the | ||||
| same port. Were SRTP to be keyed using QUIC-SRTP, SRTP/SRTCP, STUN, | ||||
| TURN and QUIC would need to be multiplexed on the same port. Where | ||||
| QUIC is used for peer-to-peer transport of data as well as RTP | ||||
| [I-D.engelbart-rtp-over-quic] STUN, TURN and QUIC need to be | ||||
| multiplexed on the same port. | ||||
| 1.1. Terminology | 1.1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Multiplexing of TURN Channels | 2. Multiplexing of TURN Channels | |||
| TURN channels are an optimization where data packets are exchanged | TURN channels are an optimization where data packets are exchanged | |||
| skipping to change at page 4, line 48 ¶ | skipping to change at page 4, line 42 ¶ | |||
| | | | | | | |||
| | [16..19] -+--> forward to ZRTP | | [16..19] -+--> forward to ZRTP | |||
| | | | | | | |||
| packet --> | [20..63] -+--> forward to DTLS | packet --> | [20..63] -+--> forward to DTLS | |||
| | | | | | | |||
| | [64..79] -+--> forward to TURN Channel | | [64..79] -+--> forward to TURN Channel | |||
| | | | | | | |||
| | [128..191] -+--> forward to RTP/RTCP | | [128..191] -+--> forward to RTP/RTCP | |||
| +----------------+ | +----------------+ | |||
| Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm. | Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm. | |||
| END OLD TEXT | END OLD TEXT | |||
| NEW TEXT | NEW TEXT | |||
| The process for demultiplexing a packet is as follows. The receiver | The process for demultiplexing a packet is as follows. The receiver | |||
| looks at the first byte of the packet. If the value of this byte is | looks at the first byte of the packet. If the value of this byte is | |||
| in between 0 and 3 (inclusive), then the packet is STUN. If the | in between 0 and 3 (inclusive), then the packet is STUN. If the | |||
| value is between 16 and 19 (inclusive), then the packet is ZRTP. If | value is between 16 and 19 (inclusive), then the packet is ZRTP. If | |||
| the value is between 20 and 63 (inclusive), then the packet is DTLS. | the value is between 20 and 63 (inclusive), then the packet is DTLS. | |||
| If the value is in between 128 and 191 (inclusive) then the packet is | If the value is in between 128 and 191 (inclusive) then the packet is | |||
| skipping to change at page 5, line 46 ¶ | skipping to change at page 5, line 46 ¶ | |||
| +----------------+ (Long Header) | +----------------+ (Long Header) | |||
| Figure 3: The receiver's packet demultiplexing algorithm. | Figure 3: The receiver's packet demultiplexing algorithm. | |||
| END NEW TEXT | END NEW TEXT | |||
| 4. Security Considerations | 4. Security Considerations | |||
| The solution discussed in this document could potentially introduce | The solution discussed in this document could potentially introduce | |||
| some additional security considerations beyond those detailed in | some additional security considerations beyond those detailed in | |||
| [RFC7983]. | [RFC7983]. Due to the additional logic required, if mis-implemented, | |||
| heuristics have the potential to mis-classify packets. | ||||
| Due to the additional logic required, if mis-implemented, heuristics | ||||
| have the potential to mis-classify packets. | ||||
| When QUIC is used for only for data exchange, the TLS-within-QUIC | When QUIC is used only for data exchange, the TLS-within-QUIC | |||
| exchange [RFC9001] derives keys used solely to protect the QUIC data | exchange [RFC9001] derives keys used solely to protect the QUIC data | |||
| packets. If properly implemented, this should not affect the | packets. If properly implemented, this should not affect the | |||
| transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, but | transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP. | |||
| if badly implemented, both transport and key derivation could be | However, were the TLS-within-QUIC exchange to be used to derive SRTP | |||
| adversely impacted. | keys, both transport and SRTP key derivation could be aversely | |||
| impacted by a vulnerability in the QUIC implementation. | ||||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document does not require actions by IANA. | This document does not require actions by IANA. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| skipping to change at page 7, line 17 ¶ | skipping to change at page 7, line 16 ¶ | |||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | |||
| Multiplexed and Secure Transport", RFC 9000, DOI | Multiplexed and Secure Transport", RFC 9000, DOI | |||
| 10.17487/RFC9000, May 2021, <https://www.rfc- | 10.17487/RFC9000, May 2021, <https://www.rfc- | |||
| editor.org/info/rfc9000>. | editor.org/info/rfc9000>. | |||
| [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure | [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure | |||
| QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, | QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc9001>. | <https://www.rfc-editor.org/info/rfc9001>. | |||
| [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The | ||||
| Datagram Transport Layer Security (DTLS) Protocol Version | ||||
| 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, | ||||
| <https://www.rfc-editor.org/info/rfc9147>. | ||||
| 6.2. Informative References | 6.2. Informative References | |||
| [I-D.aboba-avtcore-quic-multiplexing] | [I-D.aboba-avtcore-quic-multiplexing] | |||
| Aboba, B., Thatcher, P. and C. Perkins, "QUIC | Aboba, B., Thatcher, P. and C. Perkins, "QUIC | |||
| Multiplexing", draft-aboba-avtcore-quic-multiplexing-04 | Multiplexing", draft-aboba-avtcore-quic-multiplexing-04 | |||
| (work in progress), January 28, 2020. | (work in progress), January 28, 2020. | |||
| [I-D.engelbart-rtp-over-quic] | [I-D.engelbart-rtp-over-quic] | |||
| Ott, J. and M. Engelbart, "RTP over QUIC", draft-engelbart- | Ott, J. and M. Engelbart, "RTP over QUIC", draft-engelbart- | |||
| rtp-over-quic-01 (work in progress), October 25, 2021. | rtp-over-quic-02 (work in progress), March 7, 2022. | |||
| [I-D.ietf-quic-v2] | ||||
| Duke, M., "QUIC Version 2", draft-ietf-quic-v2 (work in | ||||
| progress), April 28, 2022. | ||||
| [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: | [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: | |||
| Media Path Key Agreement for Unicast Secure RTP", RFC 6189, | Media Path Key Agreement for Unicast Secure RTP", RFC 6189, | |||
| DOI 10.17487/RFC6189, April 2011, <http://www.rfc- | DOI 10.17487/RFC6189, April 2011, <http://www.rfc- | |||
| editor.org/info/rfc6189>. | editor.org/info/rfc6189>. | |||
| [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | ||||
| Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | ||||
| January 2012, <http://www.rfc-editor.org/info/rfc6347>. | ||||
| [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- | [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- | |||
| to-Peer Connections", W3C ORTC Community Group Draft (work | to-Peer Connections", W3C ORTC Community Group Draft (work | |||
| in progress), 23 May 2021, <https://github.com/w3c/p2p- | in progress), 23 May 2021, <https://github.com/w3c/p2p- | |||
| webtransport> | webtransport> | |||
| [P2P-QUIC-TRIAL] | [P2P-QUIC-TRIAL] | |||
| Hampson, S., "RTCQuicTransport Coming to an Origin Trial | Hampson, S., "RTCQuicTransport Coming to an Origin Trial | |||
| Near You (Chrome 73)", January 2019, | Near You (Chrome 73)", January 2019, | |||
| <https://developers.google.com/web/updates/ | <https://developers.google.com/web/updates/ | |||
| 2019/01/rtcquictransport-api> | 2019/01/rtcquictransport-api> | |||
| End of changes. 15 change blocks. | ||||
| 41 lines changed or deleted | 39 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||