idnits 2.17.1 draft-ietf-rtcweb-data-channel-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: Req. 8 The data stream transport protocol MUST not encode local IP addresses inside its protocol fields; doing so reveals potentially private information, and leads to failure if the address is depended upon. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: Since SCTP does not support the negotiation of a congestion control algorithm, the algorithm either MUST be negotiated before establishment of the SCTP association or MUST not require any negotiation because it only requires sender side behavior using existing information carried in the association. -- The document date (October 23, 2012) is 4204 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-tsvwg-sctp-udp-encaps' is defined on line 491, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) -- Obsolete informational reference (is this intentional?): RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-12) exists of draft-ietf-rtcweb-security-03 == Outdated reference: A later version (-20) exists of draft-ietf-rtcweb-security-arch-05 == Outdated reference: A later version (-26) exists of draft-ietf-rtcweb-jsep-01 == Outdated reference: A later version (-14) exists of draft-ietf-tsvwg-sctp-udp-encaps-06 == Outdated reference: A later version (-04) exists of draft-jesup-rtcweb-data-protocol-03 Summary: 0 errors (**), 0 flaws (~~), 9 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Jesup 3 Internet-Draft Mozilla 4 Intended status: Standards Track S. Loreto 5 Expires: April 26, 2013 Ericsson 6 M. Tuexen 7 Muenster Univ. of Appl. Sciences 8 October 23, 2012 10 RTCWeb Datagram Connection 11 draft-ietf-rtcweb-data-channel-02.txt 13 Abstract 15 The Web Real-Time Communication (WebRTC) working group is charged to 16 provide protocol support for direct interactive rich communication 17 using audio, video, and data between two peers' web-browsers. This 18 document describes the non-media data transport aspects of the WebRTC 19 framework. It provides an architectural overview of how the Stream 20 Control Transmission Protocol (SCTP) is used in the WebRTC context as 21 a generic transport service allowing Web Browser to exchange generic 22 data from peer to peer. 24 Status of this Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on April 26, 2013. 41 Copyright Notice 43 Copyright (c) 2012 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 4. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 4.1. Use Cases for Unreliable Datagram Based Channels . . . . . 5 63 4.2. Use Cases for Reliable Channels (Datagram or Stream 64 Based) . . . . . . . . . . . . . . . . . . . . . . . . . . 5 65 5. SCTP over DTLS over UDP Considerations . . . . . . . . . . . . 6 66 6. The Usage of SCTP in the RTCWeb Context . . . . . . . . . . . 8 67 6.1. Association Setup . . . . . . . . . . . . . . . . . . . . 9 68 6.2. SCTP Streams . . . . . . . . . . . . . . . . . . . . . . . 9 69 6.3. Channel Definition . . . . . . . . . . . . . . . . . . . . 9 70 6.4. Usage of Payload Protocol Identifier . . . . . . . . . . . 10 71 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 72 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 73 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 74 10. Informative References . . . . . . . . . . . . . . . . . . . . 11 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 77 1. Introduction 79 Non-media data types in the context of RTCWEB are handled by using 80 SCTP [RFC4960] encapsulated in DTLS [RFC6347]. 82 +----------+ 83 | SCTP | 84 +----------+ 85 | DTLS | 86 +----------+ 87 | ICE/UDP | 88 +----------+ 90 Figure 1: Basic stack diagram 92 The encapsulation of SCTP over DTLS over ICE/UDP provides a NAT 93 traversal solution together with confidentiality, source 94 authenticated, integrity protected transfers. This data transport 95 service operates in parallel to the media transports, and all of them 96 can eventually share a single transport-layer port number. 98 SCTP as specified in [RFC4960] with the extension defined in 99 [RFC3758] provides multiple streams natively with reliable, and 100 partially-reliable delivery modes. 102 The remainder of this document is organized as follows: Section 3 and 103 Section 4 provide requirements and use cases for both unreliable and 104 reliable peer to peer datagram base channel; Section 5 arguments SCTP 105 over DTLS over UDP; Section 6 provides an overview of how SCTP should 106 be used by the RTCWeb protocol framework for transporting non-media 107 data between browsers. 109 2. Conventions 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 113 document are to be interpreted as described in [RFC2119]. 115 3. Requirements 117 This section lists the requirements for P2P data connections between 118 two browsers. 120 Req. 1 Multiple simultaneous datagram streams MUST be supported. 121 Note that there may 0 or more media streams in parallel with 122 the data streams, and the number and state (active/inactive) 123 of the media streams may change at any time. 125 Req. 2 Both reliable and unreliable datagram streams MUST be 126 supported. 128 Req. 3 Data streams MUST be congestion controlled; either 129 individually, as a class, or in conjunction with the media 130 streams, to ensure that datagram exchanges don't cause 131 congestion problems for the media streams, and that the 132 rtcweb PeerConnection as a whole is fair with competing 133 streams such as TCP. 135 Req. 4 The application SHOULD be able to provide guidance as to the 136 relative priority of each datagram stream relative to each 137 other, and relative to the media streams. [ TBD: how this is 138 encoded and what the impact of this is. ] This will interact 139 with the congestion control algorithms. 141 Req. 5 Datagram streams MUST be encrypted; allowing for 142 confidentiality, integrity and source authentication. See 143 [I-D.ietf-rtcweb-security] and 144 [I-D.ietf-rtcweb-security-arch] for detailed info. 146 Req. 6 Consent and NAT traversal mechanism: These are handled by 147 the PeerConnection's ICE [RFC5245] connectivity checks and 148 optional TURN servers. 150 Req. 7 Data streams MUST provide message fragmentation support such 151 that IP-layer fragmentation does not occur no matter how 152 large a message the Javascript application passes to be 153 sent. 155 Req. 8 The data stream transport protocol MUST not encode local IP 156 addresses inside its protocol fields; doing so reveals 157 potentially private information, and leads to failure if the 158 address is depended upon. 160 Req. 9 The data stream protocol SHOULD support unbounded-length 161 "messages" (i.e., a virtual socket stream) at the 162 application layer, for such things as image-file-transfer; 163 or it MUST support a maximum application-layer message size 164 of at least 2GB. 166 Req. 10 The data stream packet format/encoding MUST be such that it 167 is impossible for a malicious Javascript to generate an 168 application message crafted such that it could be 169 interpreted as a native protocol over UDP - such as UPnP, 170 RTP, SNMP, STUN, etc. 172 Req. 11 The data stream transport protocol MUST start with the 173 assumption of a PMTU of 1280 [ *** need justification ***] 174 bytes until measured otherwise. 176 Req. 12 The data stream transport protocol MUST NOT rely on ICMP or 177 ICMPv6 being generated or being passed back, such as for 178 PMTU discovery. 180 Req. 13 It MUST be possible to implement the protocol stack in the 181 user application space. 183 4. Use Cases 185 4.1. Use Cases for Unreliable Datagram Based Channels 187 U-C 1 A real-time game where position and object state information 188 is sent via one or more unreliable data channels. Note that 189 at any time there may be no media channels, or all media 190 channels may be inactive, and that there may also be reliable 191 data channels in use. 193 U-C 2 Non-critical state updates about a user in a video chat or 194 conference, such as Mute state. 196 4.2. Use Cases for Reliable Channels (Datagram or Stream Based) 198 Note that either reliable datagrams or streams are possible; reliable 199 streams would be fairly simple to layer on top of SCTP reliable 200 datagrams with in-order delivery. 202 U-C 3 A real-time game where critical state information needs to be 203 transferred, such as control information. Typically this 204 would be datagrams. Such a game may have no media channels, 205 or they may be inactive at any given time, or may only be 206 added due to in-game actions. 208 U-C 4 Non-realtime file transfers between people chatting. This 209 could be datagrams or streaming. Note that this may involve a 210 large number of files to transfer sequentially or in parallel, 211 such as when sharing a folder of images or a directory of 212 files. 214 U-C 5 Realtime text chat while talking with an individual or with 215 multiple people in a conference. Typically this would be 216 datagrams. 218 U-C 6 Renegotiation of the set of media streams in the 219 PeerConnection. Typically this would be datagrams. 221 U-C 7 Proxy browsing, where a browser uses data channels of a 222 PeerConnection to send and receive HTTP/HTTPS requests and 223 data, for example to avoid local internet filtering or 224 monitoring. Typically this would be streams. 226 5. SCTP over DTLS over UDP Considerations 228 The encapsulation of SCTP over DTLS as defined in 229 [I-D.tuexen-tsvwg-sctp-dtls-encaps] provides a NAT traversal solution 230 together with confidentiality, source authenticated, integrity 231 protected transfers. SCTP as specified in [RFC4960] MUST be used in 232 combination with the extension defined in [RFC3758] and provides the 233 following interesting features for transporting non-media data 234 between browsers: 236 o Support of multiple streams. 238 o Ordered and unordered delivery of user messages. 240 o Reliable and partial-reliable transport of user messages. 242 Each SCTP user message contains a so called Payload Protocol 243 Identifier (PPID) that is passed to SCTP by its upper layer and sent 244 to its peer. This value represents an application (or upper layer) 245 specified protocol identifier and be used to transport multiple 246 protocols over a single SCTP association. The sender provides for 247 each protocol a specific PPID and the receiver MAY demultiplex the 248 messages based on the received PPID. 250 The encapsulation of SCTP over DTLS, together with the SCTP features 251 listed above satisfies all the requirements listed in Section 3. 253 The layering of protocols for WebRTC is shown in the following 254 Figure 2. 256 +------+ 257 |RTCWEB| 258 | DATA | 259 +------+ 260 | SCTP | 261 +--------------------+ 262 | STUN | SRTP | DTLS | 263 +--------------------+ 264 | ICE | 265 +--------------------+ 266 | UDP1 | UDP2 | ... | 267 +--------------------+ 269 Figure 2: WebRTC protocol layers 271 This stack (especially in contrast to DTLS over SCTP [RFC6083]) has 272 been chosen because it 274 o supports the transmission of arbitrary large user messages. 276 o shares the DTLS connection with the media channels. 278 o provides privacy for the SCTP control information. 280 Considering the protocol stack of Figure 2 the usage of DTLS over UDP 281 is specified in [RFC6347], while the usage of SCTP on top of DTLS is 282 specified in [I-D.tuexen-tsvwg-sctp-dtls-encaps]. 284 Since DTLS is typically implemented in user-land, the SCTP stack also 285 needs to be a user-land stack. 287 When using DTLS as the lower layer, only single homed SCTP 288 associations SHOULD be used, since DTLS does not expose any address 289 management to its upper layer. The ICE/UDP layer can handle IP 290 address changes during a session without needing to notify the DTLS 291 and SCTP layers, though it would be advantageous to retest path MTU 292 on an IP address change. 294 DTLS implementations used for this stack SHOULD support controlling 295 fields of the IP layer like the Don't fragment (DF)-bit in case of 296 IPv4 and the Differentiated Services Code Point (DSCP) field required 297 for supporting [I-D.ietf-rtcweb-qos]. Being able to set the (DF)-bit 298 in case of IPv4 is required for performing path MTU discovery. The 299 DTLS implementation SHOULD also support sending user messages 300 exceeding the path MTU. 302 Incoming ICMP or ICMPv6 messages can't be processed by the SCTP 303 layer, since there is no way to identify the corresponding 304 association. Therefore SCTP MUST support performing Path MTU 305 discovery without relying on ICMP or ICMPv6. In general, the lower 306 layer interface of an SCTP implementation SHOULD be adapted to 307 address the differences between IPv4 or IPv6 (being connection-less) 308 or DTLS (being connection-oriented). 310 When protocol stack of Figure 2 is used, DTLS protects the complete 311 SCTP packet, so it provides confidentiality, integrity and source 312 authentication of the complete SCTP packet. 314 This protocol stack MUST support the usage of multiple SCTP streams. 315 A user message can be sent ordered or unordered and with partial or 316 full reliability. The partial reliability extension MUST support 317 policies to limit 319 o the transmission and retransmission by time. 321 o the number of retransmissions. 323 Limiting the number of retransmissions to zero combined with 324 unordered delivery provides a UDP-like service where each user 325 message is sent exactly once and delivered in the order received. 327 SCTP provides congestion control on a per-association base. This 328 means that all SCTP streams within a single SCTP association share 329 the same congestion window. Traffic not being sent over SCTP is not 330 covered by the SCTP congestion control. Due to the typical parallel 331 SRTP media streams, a delay-sensitive congestion control algorithm 332 MUST be supported and the congestion control MAY be coordinated 333 between the data channels and the media streams to avoid a data 334 channel transfer ending up with most or all the channel bandwidth. 336 Since SCTP does not support the negotiation of a congestion control 337 algorithm, the algorithm either MUST be negotiated before 338 establishment of the SCTP association or MUST not require any 339 negotiation because it only requires sender side behavior using 340 existing information carried in the association. 342 6. The Usage of SCTP in the RTCWeb Context 344 The important features of SCTP in the RTCWeb context are: 346 o TCP-friendly congestion control. 348 o The congestion control is modifiable for integration with media 349 stream congestion control. 351 o Support for multiple channels with different characteristics. 353 o Support for out-of-order delivery. 355 o Support for large datagrams and PMTU-discovery and fragmentation. 357 o Reliable or partial reliability support. 359 o Support of multiple streams. 361 SCTP multihoming will not be used in RTCWeb. The SCTP layer will 362 simply act as if it were running on a single-homed host, since that 363 is the abstraction that the lower layer (a connection oriented, 364 unreliable datagram service) exposes. 366 6.1. Association Setup 368 The SCTP association will be set up when the two endpoints of the 369 WebRTC PeerConnection agree on opening it, as negotiated by JSEP 370 (typically an exchange of SDP) [I-D.ietf-rtcweb-jsep]. Additionally, 371 the negotiation SHOULD include some type of congestion control 372 selection. It will use the DTLS connection selected via SDP; 373 typically this will be shared via BUNDLE with DTLS connections used 374 to key the DTLS-SRTP media streams. 376 The application SHOULD indicate the initial number of streams 377 required when opening the association, and if no value is supplied, 378 the implementation SHOULD provide a default, with a suggested value 379 of 16. If more simultaneous streams are needed, [RFC6525] allows 380 adding additional (but not removing) streams to an existing 381 association. Note there can be up to 65536 SCTP streams per SCTP 382 association in each direction. 384 6.2. SCTP Streams 386 SCTP defines a stream as an unidirectional logical channel existing 387 within an SCTP association one to another SCTP endpoint. The streams 388 are used to provide the notion of in-sequence delivery and for 389 multiplexing. Each user message is sent on a particular stream, 390 either order or unordered. Ordering is preserved only for all 391 ordered messages sent on the same stream. 393 6.3. Channel Definition 395 The W3C has consensus on defining the application API for WebRTC 396 dataChannels to be bidirectional. They also consider the notions of 397 in-sequence, out-of-sequence, reliable and un-reliable as properties 398 of Channels. One strong wish is for the application-level API to be 399 close to the API for WebSockets, which implies bidirectional streams 400 of data and waiting for onopen to fire before sending, a textual 401 label used to identify the meaning of the stream, among other things. 403 The realization of a bidirectional Data Channel is a pair of one 404 incoming stream and one outgoing SCTP stream. 406 The simple protocol specified in [I-D.jesup-rtcweb-data-protocol] 407 MUST be used to set up and manage the bidirectional data channels. 409 Note that there's no requirement for the SCTP streams used to create 410 a bidirectional channel have the same number in each direction. How 411 stream values are selected is protocol and implementation dependent. 413 Closing of a Data Channel MUST be signalled by resetting the 414 corresponding streams [RFC6525]. Resetting a stream set the Stream 415 Sequence Numbers (SSNs) of the stream back to 'zero' with a 416 corresponding notification to the application layer that the reset 417 has been performed. Closed streams are available to reuse. 419 [RFC6525] also guarantees that all the messages are delivered (or 420 expired) before resetting the stream. 422 6.4. Usage of Payload Protocol Identifier 424 The SCTP Payload Protocol Identifiers (PPIDs) MUST used to signal the 425 interpretation of the "Payload data", like the protocol specified in 426 [I-D.jesup-rtcweb-data-protocol] uses them to identify a Javascript 427 string, a Javascript array or a a Javascript blob. 429 7. Security Considerations 431 To be done. 433 8. IANA Considerations 435 This document does not require any actions by the IANA. 437 9. Acknowledgments 439 Many thanks for comments, ideas, and text from Harald Alvestrand, 440 Adam Bergkvist, Cullen Jennings, Eric Rescorla, Randall Stewart, and 441 Justin Uberti. 443 10. Informative References 445 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 446 Requirement Levels", BCP 14, RFC 2119, March 1997. 448 [RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. 449 Conrad, "Stream Control Transmission Protocol (SCTP) 450 Partial Reliability Extension", RFC 3758, May 2004. 452 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", 453 RFC 4960, September 2007. 455 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 456 (ICE): A Protocol for Network Address Translator (NAT) 457 Traversal for Offer/Answer Protocols", RFC 5245, 458 April 2010. 460 [RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram 461 Transport Layer Security (DTLS) for Stream Control 462 Transmission Protocol (SCTP)", RFC 6083, January 2011. 464 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 465 Security Version 1.2", RFC 6347, January 2012. 467 [RFC6525] Stewart, R., Tuexen, M., and P. Lei, "Stream Control 468 Transmission Protocol (SCTP) Stream Reconfiguration", 469 RFC 6525, February 2012. 471 [I-D.ietf-rtcweb-security] 472 Rescorla, E., "Security Considerations for RTC-Web", 473 draft-ietf-rtcweb-security-03 (work in progress), 474 June 2012. 476 [I-D.ietf-rtcweb-security-arch] 477 Rescorla, E., "RTCWEB Security Architecture", 478 draft-ietf-rtcweb-security-arch-05 (work in progress), 479 October 2012. 481 [I-D.ietf-rtcweb-jsep] 482 Uberti, J. and C. Jennings, "Javascript Session 483 Establishment Protocol", draft-ietf-rtcweb-jsep-01 (work 484 in progress), June 2012. 486 [I-D.ietf-rtcweb-qos] 487 Dhesikan, S., Druta, D., Jones, P., and J. Polk, "DSCP and 488 other packet markings for RTCWeb QoS", 489 draft-ietf-rtcweb-qos-00 (work in progress), October 2012. 491 [I-D.ietf-tsvwg-sctp-udp-encaps] 492 Tuexen, M. and R. Stewart, "UDP Encapsulation of SCTP 493 Packets", draft-ietf-tsvwg-sctp-udp-encaps-06 (work in 494 progress), October 2012. 496 [I-D.jesup-rtcweb-data-protocol] 497 Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Channel 498 Protocol", draft-jesup-rtcweb-data-protocol-03 (work in 499 progress), September 2012. 501 [I-D.tuexen-tsvwg-sctp-dtls-encaps] 502 Jesup, R., Loreto, S., Stewart, R., and M. Tuexen, "DTLS 503 Encapsulation of SCTP Packets for RTCWEB", 504 draft-tuexen-tsvwg-sctp-dtls-encaps-01 (work in progress), 505 July 2012. 507 Authors' Addresses 509 Randell Jesup 510 Mozilla 511 USA 513 Email: randell-ietf@jesup.org 515 Salvatore Loreto 516 Ericsson 517 Hirsalantie 11 518 Jorvas 02420 519 Finland 521 Email: salvatore.loreto@ericsson.com 523 Michael Tuexen 524 Muenster University of Applied Sciences 525 Stegerwaldstrasse 39 526 Steinfurt 48565 527 Germany 529 Email: tuexen@fh-muenster.de