idnits 2.17.1 draft-aboba-avtcore-quic-multiplexing-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (23 January 2019) is 1920 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-34) exists of draft-ietf-quic-tls-18 == Outdated reference: A later version (-34) exists of draft-ietf-quic-transport-18 -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) -- Obsolete informational reference (is this intentional?): RFC 5389 (Obsoleted by RFC 8489) -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) -- Obsolete informational reference (is this intentional?): RFC 6347 (Obsoleted by RFC 9147) -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 AVTCORE Working Group B. Aboba 3 INTERNET-DRAFT Microsoft Corporation 4 Category: Informational P. Thatcher 5 Expires: July 23, 2019 Google 6 C. Perkins 7 University of Glasgow 8 23 January 2019 10 QUIC Multiplexing 11 draft-aboba-avtcore-quic-multiplexing-03.txt 13 Abstract 15 If QUIC is to be used in a peer-to-peer manner, with NAT traversal, 16 then it is necessary to be able to demultiplex QUIC and other 17 protocols used in WebRTC on a single UDP port. This memo discusses 18 options for demultiplexing. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on July 23, 2019. 37 Copyright Notice 39 Copyright (c) 2019 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 55 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2.1. Subsequent changes . . . . . . . . . . . . . . . . . . . . 4 58 3. Security Considerations . . . . . . . . . . . . . . . . . . . 4 59 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 60 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 5.1. Informative references . . . . . . . . . . . . . . . . . . 5 62 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 65 1. Introduction 67 QUIC [I-D.ietf-quic-transport] is a new network transport protocol. 68 While it is initially intended as a replacement for TCP in order to 69 better support HTTP/2 [RFC7540] it should eventually be useful as a 70 general purpose transport. HTTP is an asymmetric client-server 71 protocol, but other uses of QUIC might operate in a peer-to-peer 72 manner and so will need effective NAT traversal using ICE [RFC5245], 73 which which makes use of STUN [RFC5389] and TURN [RFC5766] to 74 discover NAT bindings. Therefore for QUIC to be utilized for peer- 75 to-peer data transport, QUIC and STUN must be able to multiplex on 76 the same port. 78 In a WebRTC scenario where RTP is used to transport audio and video 79 and QUIC is used for data exchange, SRTP [RFC3711] is keyed using 80 DTLS-SRTP [RFC5764] and therefore SRTP/SRTCP [RFC3550], STUN, TURN, 81 DTLS [RFC6347] and QUIC will need to be multiplexed on the same port. 83 Within the W3C, a Javascript API for the use of QUIC for peer-to-peer 84 data exchange [WEBRTC-QUIC] is under development within the ORTC 85 Community Group. 87 As noted in [RFC7983] Figure 3, protocol demultiplexing currently 88 relies upon differentiation based on the first octet, as follows: 90 +----------------+ 91 | [0..3] -+--> forward to STUN 92 | | 93 | [16..19] -+--> forward to ZRTP 94 | | 95 packet --> | [20..63] -+--> forward to DTLS 96 | | 97 | [64..79] -+--> forward to TURN Channel 98 | | 99 | [128..191] -+--> forward to RTP/RTCP 100 +----------------+ 102 Figure 1: RFC 7983 packet demultiplexing algorithm. 104 As noted by Colin Perkins and Lars Eggert in [QUIC-Issue] this 105 created a potential conflict with the design of the QUIC headers 106 described in versions of [I-D.ietf-quic-transport] prior to -08. 108 1.1. Terminology 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 112 document are to be interpreted as described in [RFC2119]. 114 2. Solution 116 At IETF 100, Colin Perkins presented a demultiplexing proposal [QUIC- 117 MULTI]. The proposal which was subsequently proposed as a Pull 118 Request to the QUIC Transport specification and merged in draft-ietf- 119 quic-transport-08, involved renumbering of the QUIC long header 120 packet type field as well as inverting the sense of the "C" bit in 121 the short header packet. 123 The demultiplexing algorithm resulting from the changes appears as 124 follows: 126 +----------------+ 127 | [0..3] -+--> forward to STUN 128 | | 129 | [16..19] -+--> forward to ZRTP 130 | | 131 packet --> | [20..63] -+--> forward to DTLS 132 | | 133 | [64..79] -+--> forward to TURN Channel 134 | [64..127] -+--> forward to QUIC (Short Header) 135 | | 136 | [128..191] -+--> forward to RTP/RTCP 137 | [250..255] +--> forward to QUIC (Long Header) 138 +----------------+ 140 Figure 2: Revised packet demultiplexing algorithm. 142 Note that while the above diagram has a potential conflict between 143 packets sent in TURN Channels and the QUIC short header, this 144 conflict is not considered serious for WebRTC where TURN Channels are 145 rarely used. 147 2.1. Subsequent changes 149 Since then, additional changes have been made to the QUIC transport 150 headers. As of draft 18, the QUIC Long Header packet type field 151 defined in [I-D.ietf-quic-transport] Section 17.2 appears as follows: 153 +-+-+-+-+-+-+-+-+ 154 |1|1|T T|X|X|X|X| 155 +-+-+-+-+-+-+-+-+ 157 Where: 159 T = Long Packet Type (0x0 - 0x3) 160 X = Type-Specific Bits. 162 This potentially produces values of the first octet in the ranges 163 192-255. 165 The QUIC Short Header packet type field defined in [I-D.ietf-quic- 166 transport] Section 17.3 appears as follows: 168 +-+-+-+-+-+-+-+-+ 169 |0|1|S|R|R|K|P P| 170 +-+-+-+-+-+-+-+-+ 172 Where: 174 S = Spin Bit 175 R = Reserved bits 176 K = Key Phase bit 177 P = Packet Number Length. 179 This potentially produces values of the first octet in the ranges 180 64-127 (assuming that the reserved bits may not always be set to 181 zero). 183 As a result, the multiplexing scheme supported in -18 operates as 184 follows: 186 +----------------+ 187 | [0..3] -+--> forward to STUN 188 | | 189 | [16..19] -+--> forward to ZRTP 190 | | 191 packet --> | [20..63] -+--> forward to DTLS 192 | | 193 | [64..79] -+--> forward to TURN Channel 194 | [64..127] -+--> forward to QUIC (Short Header) 195 | | 196 | [128..191] -+--> forward to RTP/RTCP 197 | [192..255] +--> forward to QUIC (Long Header) 198 +----------------+ 200 Figure 3: Packet demultiplexing algorithm in Draft 18. 202 3. Security Considerations 204 The solutions discussed in this document could potentially introduce 205 some additional security considerations beyond those detailed in 206 [RFC7983]. 208 Due to the additional logic required, if mis-implemented, heuristics 209 have the potential to mis-classify packets. 211 When QUIC is used for only for data exchange, the TLS-within-QUIC 212 exchange [I-D.ietf-quic-tls] derives keys used solely to protect the 213 QUIC data packets. If properly implemented, this should not affect 214 the transport of SRTP nor the derivation of SRTP keys via DTLS-SRTP, 215 but if badly implemented, both transport and key derivation could be 216 adversely impacted. 218 4. IANA Considerations 220 This document does not require actions by IANA. 222 5. References 224 5.1. Informative References 226 [I-D.ietf-quic-tls] 227 Thomson, M. and S. Turner, "Using Transport Layer Security 228 (TLS) to Secure QUIC", draft-ietf-quic-tls-18 (work in 229 progress), January 23, 2019. 231 [I-D.ietf-quic-transport] 232 Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed 233 and Secure Transport", draft-ietf-quic-transport-18 (work 234 in progress), January 23, 2019. 236 [QUIC-Issue] Perkins, C., "QUIC header format/demultiplexing", 237 https://github.com/quicwg/base-drafts/issues/426, March, 238 2017. 240 [QUIC-MULTI] Perkins, C., "QUIC Multiplexing and Peer-to-Peer", 241 presentation to IETF AVTCORE WG at IETF 100, 242 , November 244 2017. 246 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 247 Requirement Levels", BCP 14, RFC 2119, DOI 248 10.17487/RFC2119, March 1997, . 251 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 252 Jacobson, "RTP: A Transport Protocol for Real-Time 253 Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 254 2003, . 256 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 257 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 258 RFC 3711, DOI 10.17487/RFC3711, March 2004, 259 . 261 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 262 (ICE): A Protocol for Network Address Translator (NAT) 263 Traversal for Offer/Answer Protocols", RFC 5245, DOI 264 10.17487/RFC5245, April 2010, . 267 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 268 "Session Traversal Utilities for NAT (STUN)", RFC 5389, DOI 269 10.17487/RFC5389, October 2008, . 272 [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer 273 Security (DTLS) Extension to Establish Keys for the Secure 274 Real-time Transport Protocol (SRTP)", RFC 5764, DOI 275 10.17487/RFC5764, May 2010, . 278 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 279 Relays around NAT (TURN): Relay Extensions to Session 280 Traversal Utilities for NAT (STUN)", RFC 5766, DOI 281 10.17487/RFC5766, April 2010, . 284 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 285 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 286 January 2012, . 288 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 289 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 290 10.17487/RFC7540, May 2015, . 293 [RFC7983] Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme 294 Updates for Secure Real-time Transport Protocol (SRTP) 295 Extension for Datagram Transport Layer Security (DTLS)", 296 RFC 7983, DOI 10.17487/RFC7983, September 2016, 297 . 299 [WEBRTC-QUIC] 300 Thatcher, P. and B. Aboba, "QUIC API For WebRTC", W3C 301 Editor's Draft (work in progress), October 2018, 302 304 Acknowledgments 306 We would like to thank Martin Thomson, Roni Even and other 307 participants in the IETF QUIC and AVTCORE working groups for their 308 discussion of the QUIC multiplexing issue, and their input relating 309 to potential solutions. 311 Authors' Addresses 313 Bernard Aboba 314 Microsoft Corporation 315 One Microsoft Way 316 Redmond, WA 98052 317 USA 319 Email: bernard.aboba@gmail.com 321 Peter Thatcher 322 Google 323 747 6th St S 324 Kirkland, WA 98033 325 USA 327 Email: pthatcher@google.com 329 Colin Perkins 330 School of Computing Science 331 University of Glasgow 332 Glasgow G12 8QQ 333 United Kingdom 335 Email: csp@csperkins.org