draft-ietf-avtcore-rfc7983bis-02.txt   draft-ietf-avtcore-rfc7983bis-03.txt 
AVTCORE Working Group B. Aboba AVTCORE Working Group B. Aboba
INTERNET-DRAFT Microsoft Corporation INTERNET-DRAFT Microsoft Corporation
Updates: 7983, 5764 G. Salgueiro Updates: 7983, 5764 G. Salgueiro
Category: Standards Track Cisco Systems Category: Standards Track Cisco Systems
Expires: July 28, 2022 C. Perkins Expires: November 11, 2022 C. Perkins
University of Glasgow University of Glasgow
28 January 2022 11 May 2022
Multiplexing Scheme Updates for QUIC Multiplexing Scheme Updates for QUIC
draft-ietf-avtcore-rfc7983bis-02.txt draft-ietf-avtcore-rfc7983bis-03.txt
Abstract Abstract
This document defines how QUIC, Datagram Transport Layer Security This document defines how QUIC, Datagram Transport Layer Security
(DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol
(RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using
Relays around NAT (TURN), and ZRTP packets are multiplexed on a Relays around NAT (TURN), and ZRTP packets are multiplexed on a
single receiving socket. single receiving socket.
This document updates RFC 7983 and RFC 5764. This document updates RFC 7983 and RFC 5764.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 28, 2022. This Internet-Draft will expire on November 11, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 31 skipping to change at page 2, line 31
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 3 2. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 3
3. Updates to RFC 7983 . . . . . . . . . . . . . . . . . . . . . 4 3. Updates to RFC 7983 . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
6.1. Normative References . . . . . . . . . . . . . . . . . . 6 6.1. Normative References . . . . . . . . . . . . . . . . . . 6
6.2. Informative References . . . . . . . . . . . . . . . . . 7 6.2. Informative References . . . . . . . . . . . . . . . . . 7
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
"Multiplexing Scheme Updates for Secure Real-time Transport Protocol "Multiplexing Scheme Updates for Secure Real-time Transport Protocol
(SRTP) Extension for Datagram Transport Layer Security (DTLS)" (SRTP) Extension for Datagram Transport Layer Security (DTLS)"
[RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP)
[RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal [RFC3550] receiver to demultiplex DTLS [RFC9147], Session Traversal
Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport
Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP)
[RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a
single port. single port. This document updates [RFC7983] and [RFC5764] to also
allow QUIC [RFC9000] to also be multiplexed on the same port. The
This document updates [RFC7983] and [RFC5764] to also allow QUIC scheme described in this document is compatible with QUIC version 2
[RFC9000] to be multiplexed on the same port. Currently implemented [I-D.ietf-quic-v2].
QUIC congestion control mechanisms are unsuitable for transport of
media in realtime communications use cases. As a result, peer-to-
peer operation in WebRTC scenarios, described in [P2P-QUIC] [P2P-
QUIC-TRIAL], used RTP for transport of audio and video while QUIC was
used for data exchange.
In such a scenario, SRTP [RFC3711] is keyed using DTLS-SRTP [RFC5764]
and therefore SRTP/SRTCP [RFC3550], STUN, TURN, DTLS [RFC6347] and
QUIC need to be multiplexed on the same port. If QUIC congestion
control is modified to enable peer-to-peer transport of audio and
video with low latency [I-D.engelbart-rtp-over-quic] as well as data,
only STUN, TURN and QUIC would need to be multiplexed on the same
port.
Since new versions of QUIC are allowed to change aspects of the wire The multiplexing scheme described in this document enables multiple
image, there is no guarantee that future versions of QUIC beyond usage scenarios. Peer-to-peer QUIC in WebRTC scenarios, described in
version 1 will adhere to the multiplexing scheme described in this [P2P-QUIC] [P2P-QUIC-TRIAL], uses RTP for transport of audio and
document. video along with QUIC for data exchange. For this use case, SRTP
[RFC3711] is keyed using DTLS-SRTP [RFC5764] and therefore SRTP/SRTCP
[RFC3550], STUN, TURN, DTLS and QUIC need to be multiplexed on the
same port. Were SRTP to be keyed using QUIC-SRTP, SRTP/SRTCP, STUN,
TURN and QUIC would need to be multiplexed on the same port. Where
QUIC is used for peer-to-peer transport of data as well as RTP
[I-D.engelbart-rtp-over-quic] STUN, TURN and QUIC need to be
multiplexed on the same port.
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Multiplexing of TURN Channels 2. Multiplexing of TURN Channels
TURN channels are an optimization where data packets are exchanged TURN channels are an optimization where data packets are exchanged
skipping to change at page 4, line 48 skipping to change at page 4, line 42
| | | |
| [16..19] -+--> forward to ZRTP | [16..19] -+--> forward to ZRTP
| | | |
packet --> | [20..63] -+--> forward to DTLS packet --> | [20..63] -+--> forward to DTLS
| | | |
| [64..79] -+--> forward to TURN Channel | [64..79] -+--> forward to TURN Channel
| | | |
| [128..191] -+--> forward to RTP/RTCP | [128..191] -+--> forward to RTP/RTCP
+----------------+ +----------------+
Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm. Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm.
END OLD TEXT END OLD TEXT
NEW TEXT NEW TEXT
The process for demultiplexing a packet is as follows. The receiver The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is looks at the first byte of the packet. If the value of this byte is
in between 0 and 3 (inclusive), then the packet is STUN. If the in between 0 and 3 (inclusive), then the packet is STUN. If the
value is between 16 and 19 (inclusive), then the packet is ZRTP. If value is between 16 and 19 (inclusive), then the packet is ZRTP. If
the value is between 20 and 63 (inclusive), then the packet is DTLS. the value is between 20 and 63 (inclusive), then the packet is DTLS.
If the value is in between 128 and 191 (inclusive) then the packet is If the value is in between 128 and 191 (inclusive) then the packet is
skipping to change at page 5, line 46 skipping to change at page 5, line 46
+----------------+ (Long Header) +----------------+ (Long Header)
Figure 3: The receiver's packet demultiplexing algorithm. Figure 3: The receiver's packet demultiplexing algorithm.
END NEW TEXT END NEW TEXT
4. Security Considerations 4. Security Considerations
The solution discussed in this document could potentially introduce The solution discussed in this document could potentially introduce
some additional security considerations beyond those detailed in some additional security considerations beyond those detailed in
[RFC7983]. [RFC7983]. Due to the additional logic required, if mis-implemented,
heuristics have the potential to mis-classify packets.
Due to the additional logic required, if mis-implemented, heuristics
have the potential to mis-classify packets.
When QUIC is used for only for data exchange, the TLS-within-QUIC When QUIC is used only for data exchange, the TLS-within-QUIC
exchange [RFC9001] derives keys used solely to protect the QUIC data exchange [RFC9001] derives keys used solely to protect the QUIC data
packets. If properly implemented, this should not affect the packets. If properly implemented, this should not affect the
transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, but transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP.
if badly implemented, both transport and key derivation could be However, were the TLS-within-QUIC exchange to be used to derive SRTP
adversely impacted. keys, both transport and SRTP key derivation could be aversely
impacted by a vulnerability in the QUIC implementation.
5. IANA Considerations 5. IANA Considerations
This document does not require actions by IANA. This document does not require actions by IANA.
6. References 6. References
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
skipping to change at page 7, line 17 skipping to change at page 7, line 16
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, DOI Multiplexed and Secure Transport", RFC 9000, DOI
10.17487/RFC9000, May 2021, <https://www.rfc- 10.17487/RFC9000, May 2021, <https://www.rfc-
editor.org/info/rfc9000>. editor.org/info/rfc9000>.
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>. <https://www.rfc-editor.org/info/rfc9001>.
[RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The
Datagram Transport Layer Security (DTLS) Protocol Version
1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022,
<https://www.rfc-editor.org/info/rfc9147>.
6.2. Informative References 6.2. Informative References
[I-D.aboba-avtcore-quic-multiplexing] [I-D.aboba-avtcore-quic-multiplexing]
Aboba, B., Thatcher, P. and C. Perkins, "QUIC Aboba, B., Thatcher, P. and C. Perkins, "QUIC
Multiplexing", draft-aboba-avtcore-quic-multiplexing-04 Multiplexing", draft-aboba-avtcore-quic-multiplexing-04
(work in progress), January 28, 2020. (work in progress), January 28, 2020.
[I-D.engelbart-rtp-over-quic] [I-D.engelbart-rtp-over-quic]
Ott, J. and M. Engelbart, "RTP over QUIC", draft-engelbart- Ott, J. and M. Engelbart, "RTP over QUIC", draft-engelbart-
rtp-over-quic-01 (work in progress), October 25, 2021. rtp-over-quic-02 (work in progress), March 7, 2022.
[I-D.ietf-quic-v2]
Duke, M., "QUIC Version 2", draft-ietf-quic-v2 (work in
progress), April 28, 2022.
[RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP:
Media Path Key Agreement for Unicast Secure RTP", RFC 6189, Media Path Key Agreement for Unicast Secure RTP", RFC 6189,
DOI 10.17487/RFC6189, April 2011, <http://www.rfc- DOI 10.17487/RFC6189, April 2011, <http://www.rfc-
editor.org/info/rfc6189>. editor.org/info/rfc6189>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>.
[P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer-
to-Peer Connections", W3C ORTC Community Group Draft (work to-Peer Connections", W3C ORTC Community Group Draft (work
in progress), 23 May 2021, <https://github.com/w3c/p2p- in progress), 23 May 2021, <https://github.com/w3c/p2p-
webtransport> webtransport>
[P2P-QUIC-TRIAL] [P2P-QUIC-TRIAL]
Hampson, S., "RTCQuicTransport Coming to an Origin Trial Hampson, S., "RTCQuicTransport Coming to an Origin Trial
Near You (Chrome 73)", January 2019, Near You (Chrome 73)", January 2019,
<https://developers.google.com/web/updates/ <https://developers.google.com/web/updates/
2019/01/rtcquictransport-api> 2019/01/rtcquictransport-api>
 End of changes. 15 change blocks. 
41 lines changed or deleted 39 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/