draft-ietf-avtcore-rfc7983bis-06.txt   draft-ietf-avtcore-rfc7983bis-07.txt 
AVTCORE Working Group B. Aboba AVTCORE Working Group B. Aboba
INTERNET-DRAFT Microsoft Corporation INTERNET-DRAFT Microsoft Corporation
Updates: 7983, 5764 G. Salgueiro Updates: 7983, 5764 G. Salgueiro
Category: Standards Track Cisco Systems Category: Standards Track Cisco Systems
Expires: February 5, 2023 C. Perkins Expires: June 28, 2023 C. Perkins
University of Glasgow University of Glasgow
5 August 2022 29 December 2022
Multiplexing Scheme Updates for QUIC Multiplexing Scheme Updates for QUIC
draft-ietf-avtcore-rfc7983bis-06.txt draft-ietf-avtcore-rfc7983bis-07.txt
Abstract Abstract
This document defines how QUIC, Datagram Transport Layer Security This document defines how QUIC, Datagram Transport Layer Security
(DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol
(RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using
Relays around NAT (TURN), and ZRTP packets are multiplexed on a Relays around NAT (TURN), and ZRTP packets are multiplexed on a
single receiving socket. single receiving socket.
This document updates RFC 7983 and RFC 5764. This document updates RFC 7983 and RFC 5764.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 5, 2023. This Internet-Draft will expire on June 28, 2023.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 3 2. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 4
3. Updates to RFC 7983 . . . . . . . . . . . . . . . . . . . . . 4 3. Updates to RFC 7983 . . . . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1. Normative References . . . . . . . . . . . . . . . . . . 6 6.1. Normative References . . . . . . . . . . . . . . . . . . 7
6.2. Informative References . . . . . . . . . . . . . . . . . 7 6.2. Informative References . . . . . . . . . . . . . . . . . 8
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 8 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
"Multiplexing Scheme Updates for Secure Real-time Transport Protocol "Multiplexing Scheme Updates for Secure Real-time Transport Protocol
(SRTP) Extension for Datagram Transport Layer Security (DTLS)" (SRTP) Extension for Datagram Transport Layer Security (DTLS)"
[RFC7983] defines a scheme for a Real-time Transport Protocol (RTP) [RFC7983] defines a scheme for a Real-time Transport Protocol (RTP)
[RFC3550] receiver to demultiplex DTLS [RFC9147], Session Traversal [RFC3550] receiver to demultiplex DTLS [RFC9147], Session Traversal
Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport Utilities for NAT (STUN) [RFC8489], Secure Real-time Transport
Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP)
[RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a [RFC3711], ZRTP [RFC6189] and TURN Channel packets arriving on a
single port. This document updates [RFC7983] and [RFC5764] to also single port. This document updates [RFC7983] and [RFC5764] to also
allow QUIC [RFC9000] to be multiplexed on the same port. allow QUIC [RFC9000] to be multiplexed on the same port.
The multiplexing scheme described in this document supports multiple The multiplexing scheme described in this document supports multiple
use cases. Peer-to-peer QUIC in WebRTC scenarios, described in use cases. Peer-to-peer QUIC in WebRTC scenarios, described in
[P2P-QUIC] [P2P-QUIC-TRIAL], transports audio and video over SRTP, [P2P-QUIC] [P2P-QUIC-TRIAL], transports audio and video over SRTP,
alongside QUIC, used for data exchange. For this use case, SRTP alongside QUIC, used for data exchange. For this use case, SRTP
[RFC3711] is keyed using DTLS-SRTP [RFC5764] and therefore SRTP/SRTCP [RFC3711] is keyed using DTLS-SRTP [RFC5764] and therefore SRTP/SRTCP
[RFC3550], STUN, TURN, DTLS and QUIC need to be multiplexed on the [RFC3550], STUN, TURN, DTLS and QUIC need to be multiplexed on the
same port. Were SRTP to be keyed using QUIC-SRTP, SRTP/SRTCP, STUN, same port. Were SRTP to be keyed using QUIC-SRTP, SRTP/SRTCP, STUN,
TURN and QUIC would need to be multiplexed on the same port. Where TURN and QUIC would need to be multiplexed on the same port. Where
QUIC is used for peer-to-peer transport of data as well as RTP/RTCP QUIC is used for peer-to-peer transport of data as well as RTP/RTCP
[I-D.ietf-avtcore-rtp-over-quic] STUN, TURN and QUIC need to be [I-D.ietf-avtcore-rtp-over-quic] STUN, TURN and QUIC need to be
multiplexed on the same port. multiplexed on the same port.
While the scheme described in this document is compatible with QUIC While the scheme described in this document is compatible with QUIC
version 2 [I-D.ietf-quic-v2], it is not compatible with QUIC bit version 2 [I-D.ietf-quic-v2], it is not compatible with QUIC bit
greasing [I-D.ietf-quic-bit-grease]. As a result, endpoints that greasing [RFC9287]. As a result, endpoints that wish to use
wish to use multiplexing on their socket MUST NOT send the multiplexing on their socket MUST NOT send the grease_quic_bit
grease_quic_bit transport parameter. transport parameter.
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Multiplexing of TURN Channels 2. Multiplexing of TURN Channels
TURN channels are an optimization where data packets are exchanged TURN channels are an optimization where data packets are exchanged
with a 4-byte prefix instead of the standard 36-byte STUN overhead with a 4-byte prefix instead of the standard 36-byte STUN overhead
(see Section 3.5 of [RFC8656]). [RFC7983] allocates the values from (see Section 3.5 of [RFC8656]). [RFC7983] allocates the values from
64 to 79 in order to allow TURN channels to be demultiplexed when the 64 to 79 in order to allow TURN channels to be demultiplexed when the
TURN Client does the channel binding request in combination with the TURN Client does the channel binding request in combination with the
demultiplexing scheme described in [RFC7983]. demultiplexing scheme described in [RFC7983].
In the absence of QUIC bit greasing, the first octet of a QUIC packet In the absence of QUIC bit greasing, the first octet of a QUIC packet
(e.g. a short header packet in QUIC v1 or v2) may fall in the range (e.g. a short header packet in QUIC v1 or v2) may fall in the range
64 to 127, thereby overlapping with the allocated range for TURN 64 to 127, thereby overlapping with the allocated range for TURN
channels of 64 to 79. However, in practice this overlap does not channels of 64 to 79. However, in practice this overlap does not
represent a problem. TURN channel packets will only be received from represent a problem. TURN channel packets will only be received from
a TURN server to which TURN allocation and channel-binding requests a TURN server to which TURN allocation and channel-binding requests
have been sent. Therefore a TURN client receiving packets from the have been sent. Therefore a TURN client receiving packets from the
source IP address and port of a TURN server only needs to source IP address and port of a TURN server only needs to
disambiguate STUN (i.e. regular TURN) packets from TURN channel disambiguate STUN (i.e. regular TURN) packets from TURN channel
packets; (S)RTP, (S)RTCP, ZRTP, DTLS or QUIC packets will not be sent packets; (S)RTP, (S)RTCP, ZRTP, DTLS or QUIC packets will not be sent
from a source IP address and port that had previously responded to from a source IP address and port that had previously responded to
TURN allocation or channel-binding requests. TURN allocation or channel-binding requests.
As a result, if the source IP address and port of a packet does not As a result, if the source IP address and port of a packet does not
match that of a responding TURN server, a packet with a first octet match that of a responding TURN server, a packet with a first octet
of 64 to 127 can be unambiguously demultiplexed as QUIC. of 64 to 127 can be unambiguously demultiplexed as QUIC.
skipping to change at page 5, line 8 skipping to change at page 6, line 8
| [128..191] -+--> forward to RTP/RTCP | [128..191] -+--> forward to RTP/RTCP
+----------------+ +----------------+
Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm. Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm.
END OLD TEXT END OLD TEXT
NEW TEXT NEW TEXT
The process for demultiplexing a packet is as follows. The receiver The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is looks at the first byte of the packet. If the value of this byte is
in between 0 and 3 (inclusive), then the packet is STUN. If the between 0 and 3 (inclusive), then the packet is STUN. If the value
value is between 16 and 19 (inclusive), then the packet is ZRTP. If is between 16 and 19 (inclusive), then the packet is ZRTP. If the
the value is between 20 and 63 (inclusive), then the packet is DTLS. value is between 20 and 63 (inclusive), then the packet is DTLS. If
If the value is in between 128 and 191 (inclusive) then the packet is the value is between 128 and 191 (inclusive) then the packet is RTP
RTP (or RTCP, if both RTCP and RTP are being multiplexed over the (or RTCP, if both RTCP and RTP are being multiplexed over the same
same destination port). If the value is between 80 and 127 (inclusive) destination port). If the value is between 80 and 127 (inclusive)
or between 192 and 255 (inclusive) then it is QUIC. If the value is or between 192 and 255 (inclusive) then the packet is QUIC. If the
between 64 and 79 inclusive and the packet has a source IP address and value is between 64 and 79 (inclusive) and the packet has a source
port of a responding TURN server, then it is TURN channel; if the IP address and port of a responding TURN server, then the packet
source IP address and port is not that of a responding TURN server, is TURN channel; if the source IP address and port is not that of
then it is QUIC. a responding TURN server, then the packet is QUIC.
If the value does not match any known range, then the packet MUST be If the value does not match any known range, then the packet MUST
dropped and an alert MAY be logged. This process is summarized in be dropped and an alert MAY be logged. This process is summarized
Figure 3. in Figure 3.
+----------------+ +----------------+
| [0..3] -+--> forward to STUN | [0..3] -+--> forward to STUN
| | | |
| [16..19] -+--> forward to ZRTP | [16..19] -+--> forward to ZRTP
| | | |
packet --> | [20..63] -+--> forward to DTLS packet --> | [20..63] -+--> forward to DTLS
| | | |
| [64..79] -+--> forward to TURN Channel | [64..79] -+--> forward to TURN Channel
| | (if from TURN server), else QUIC | | (if from TURN server), else QUIC
skipping to change at page 5, line 44 skipping to change at page 6, line 44
| | | |
| [128..191] -+--> forward to RTP/RTCP | [128..191] -+--> forward to RTP/RTCP
| | | |
| [192..255] -+--> forward to QUIC | [192..255] -+--> forward to QUIC
+----------------+ +----------------+
Figure 3: The receiver's packet demultiplexing algorithm. Figure 3: The receiver's packet demultiplexing algorithm.
Note: Endpoints that wish to demultiplex QUIC MUST NOT send the Note: Endpoints that wish to demultiplex QUIC MUST NOT send the
grease_quic_bit transport parameter, described in grease_quic_bit transport parameter, described in
[I-D.ietf-quic-bit-grease]. [RFC9287].
END NEW TEXT END NEW TEXT
4. Security Considerations 4. Security Considerations
The solution discussed in this document could potentially introduce The solution discussed in this document could potentially introduce
some additional security considerations beyond those detailed in some additional security considerations beyond those detailed in
[RFC7983]. Due to the additional logic required, if mis-implemented, [RFC7983]. Due to the additional logic required, if mis-implemented,
heuristics have the potential to mis-classify packets. heuristics have the potential to mis-classify packets.
When QUIC is used only for data exchange, the TLS-within-QUIC When QUIC is used only for data exchange, the TLS-within-QUIC
exchange [RFC9001] derives keys used solely to protect the QUIC data exchange [RFC9001] derives keys used solely to protect the QUIC data
packets. If properly implemented, this should not affect the packets. If properly implemented, this should not affect the
transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP. transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP.
However, were the TLS-within-QUIC exchange to be used to derive SRTP However, were the TLS-within-QUIC exchange to be used to derive SRTP
keys, both transport and SRTP key derivation could be aversely keys, both transport and SRTP key derivation could be aversely
impacted by a vulnerability in the QUIC implementation. impacted by a vulnerability in the QUIC implementation.
skipping to change at page 6, line 24 skipping to change at page 7, line 28
impacted by a vulnerability in the QUIC implementation. impacted by a vulnerability in the QUIC implementation.
5. IANA Considerations 5. IANA Considerations
This document does not require actions by IANA. This document does not require actions by IANA.
6. References 6. References
6.1. Normative References 6.1. Normative References
[I-D.ietf-quic-bit-grease]
Thomson, M., "Greasing the QUIC Bit", draft-ietf-quic-bit-
grease (work in progress), June 9, 2022.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI Requirement Levels", BCP 14, RFC 2119, DOI
10.17487/RFC2119, March 1997, <http://www.rfc- 10.17487/RFC2119, March 1997, <http://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July
2003, <http://www.rfc-editor.org/info/rfc3550>. 2003, <http://www.rfc-editor.org/info/rfc3550>.
skipping to change at page 7, line 6 skipping to change at page 8, line 6
Real-time Transport Protocol (SRTP)", RFC 5764, DOI Real-time Transport Protocol (SRTP)", RFC 5764, DOI
10.17487/RFC5764, May 2010, <http://www.rfc- 10.17487/RFC5764, May 2010, <http://www.rfc-
editor.org/info/rfc5764>. editor.org/info/rfc5764>.
[RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme [RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme
Updates for Secure Real-time Transport Protocol (SRTP) Updates for Secure Real-time Transport Protocol (SRTP)
Extension for Datagram Transport Layer Security (DTLS)", Extension for Datagram Transport Layer Security (DTLS)",
RFC 7983, DOI 10.17487/RFC7983, September 2016, RFC 7983, DOI 10.17487/RFC7983, September 2016,
<https://www.rfc-editor.org/info/rfc7983>. <https://www.rfc-editor.org/info/rfc7983>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119
Key Words", RFC 8174, DOI 10.17487/RFC8174, May 2017,
<https://www.rfc-editor.org/info/rfc8174>.
[RFC8489] Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D., [RFC8489] Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D.,
Mahy, R. and P. Matthews, "Session Traversal Utilities for Mahy, R. and P. Matthews, "Session Traversal Utilities for
NAT (STUN), RFC 8489, DOI 10.17487/RFC8489, February 2020, NAT (STUN)", RFC 8489, DOI 10.17487/RFC8489, February 2020,
<https://www.rfc-editor.org/info/rfc8489>. <https://www.rfc-editor.org/info/rfc8489>.
[RFC8656] Reddy, T., Johnston, A., Matthews, P. and J. Rosenberg, [RFC8656] Reddy, T., Johnston, A., Matthews, P. and J. Rosenberg,
"Traversal Using Relays around NAT (TURN): Relay Extensions "Traversal Using Relays around NAT (TURN): Relay Extensions
to Session Traversal Utilities for NAT (STUN)", RFC 8656, to Session Traversal Utilities for NAT (STUN)", RFC 8656,
DOI 10.17487/RFC8656, February 2020, <https://www.rfc- DOI 10.17487/RFC8656, February 2020, <https://www.rfc-
editor.org/info/rfc8656>. editor.org/info/rfc8656>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, DOI Multiplexed and Secure Transport", RFC 9000, DOI
skipping to change at page 7, line 31 skipping to change at page 8, line 35
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>. <https://www.rfc-editor.org/info/rfc9001>.
[RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The
Datagram Transport Layer Security (DTLS) Protocol Version Datagram Transport Layer Security (DTLS) Protocol Version
1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022,
<https://www.rfc-editor.org/info/rfc9147>. <https://www.rfc-editor.org/info/rfc9147>.
[RFC9287] Thomson, M., "Greasing the QUIC Bit", RFC 9287, DOI
10.17487/RFC9287, August 2022, <https://www.rfc-
editor.org/info/rfc9287>.
6.2. Informative References 6.2. Informative References
[I-D.ietf-avtcore-rtp-over-quic] [I-D.ietf-avtcore-rtp-over-quic]
Ott, J. and M. Engelbart, "RTP over QUIC", draft-ietf- Ott, J. and M. Engelbart, "RTP over QUIC", draft-ietf-
avtcore-rtp-over-quic (work in progress), July 26, 2022. avtcore-rtp-over-quic (work in progress), October 24, 2022.
[I-D.ietf-quic-v2] [I-D.ietf-quic-v2]
Duke, M., "QUIC Version 2", draft-ietf-quic-v2 (work in Duke, M., "QUIC Version 2", draft-ietf-quic-v2 (work in
progress), April 28, 2022. progress), December 15, 2022.
[RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP:
Media Path Key Agreement for Unicast Secure RTP", RFC 6189, Media Path Key Agreement for Unicast Secure RTP", RFC 6189,
DOI 10.17487/RFC6189, April 2011, <http://www.rfc- DOI 10.17487/RFC6189, April 2011, <http://www.rfc-
editor.org/info/rfc6189>. editor.org/info/rfc6189>.
[P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer- [P2P-QUIC] Thatcher, P., Aboba, B. and R. Raymond, "QUIC API For Peer-
to-Peer Connections", W3C ORTC Community Group Draft (work to-Peer Connections", W3C ORTC Community Group Draft (work
in progress), 23 May 2021, <https://github.com/w3c/p2p- in progress), 23 May 2021, <https://github.com/w3c/p2p-
webtransport> webtransport>
 End of changes. 19 change blocks. 
43 lines changed or deleted 48 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/