idnits 2.17.1 draft-ietf-rtcweb-transports-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 4, 2016) is 2820 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-avtcore-rfc5764-mux-fixes-10 ** Downref: Normative reference to an Informational draft: draft-ietf-mmusic-ice-dualstack-fairness (ref. 'I-D.ietf-mmusic-ice-dualstack-fairness') == Outdated reference: A later version (-26) exists of draft-ietf-mmusic-sctp-sdp-16 == Outdated reference: A later version (-12) exists of draft-ietf-rtcweb-security-08 == Outdated reference: A later version (-20) exists of draft-ietf-rtcweb-security-arch-11 == Outdated reference: A later version (-18) exists of draft-ietf-tsvwg-rtcweb-qos-17 == Outdated reference: A later version (-13) exists of draft-ietf-tsvwg-sctp-ndata-05 ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981) ** Obsolete normative reference: RFC 5245 (Obsoleted by RFC 8445, RFC 8839) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) ** Obsolete normative reference: RFC 5766 (Obsoleted by RFC 8656) ** Obsolete normative reference: RFC 6156 (Obsoleted by RFC 8656) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7235 (Obsoleted by RFC 9110) == Outdated reference: A later version (-19) exists of draft-ietf-rtcweb-overview-15 -- Obsolete informational reference (is this intentional?): RFC 3484 (Obsoleted by RFC 6724) Summary: 11 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group H. Alvestrand 3 Internet-Draft Google 4 Intended status: Standards Track August 4, 2016 5 Expires: February 5, 2017 7 Transports for WebRTC 8 draft-ietf-rtcweb-transports-15 10 Abstract 12 This document describes the data transport protocols used by WebRTC, 13 including the protocols used for interaction with intermediate boxes 14 such as firewalls, relays and NAT boxes. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on February 5, 2017. 33 Copyright Notice 35 Copyright (c) 2016 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Requirements language . . . . . . . . . . . . . . . . . . . . 3 52 3. Transport and Middlebox specification . . . . . . . . . . . . 3 53 3.1. System-provided interfaces . . . . . . . . . . . . . . . 3 54 3.2. Ability to use IPv4 and IPv6 . . . . . . . . . . . . . . 4 55 3.3. Usage of temporary IPv6 addresses . . . . . . . . . . . . 4 56 3.4. Middle box related functions . . . . . . . . . . . . . . 5 57 3.5. Transport protocols implemented . . . . . . . . . . . . . 6 58 4. Media Prioritization . . . . . . . . . . . . . . . . . . . . 7 59 4.1. Local prioritization . . . . . . . . . . . . . . . . . . 7 60 4.2. Usage of Quality of Service - DSCP and Multiplexing . . . 8 61 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 62 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 63 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 64 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 65 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 66 8.2. Informative References . . . . . . . . . . . . . . . . . 14 67 Appendix A. Change log . . . . . . . . . . . . . . . . . . . . . 15 68 A.1. Changes from -00 to -01 . . . . . . . . . . . . . . . . . 15 69 A.2. Changes from -01 to -02 . . . . . . . . . . . . . . . . . 16 70 A.3. Changes from -02 to -03 . . . . . . . . . . . . . . . . . 16 71 A.4. Changes from -03 to -04 . . . . . . . . . . . . . . . . . 16 72 A.5. Changes from -04 to -05 . . . . . . . . . . . . . . . . . 17 73 A.6. Changes from -05 to -06 . . . . . . . . . . . . . . . . . 17 74 A.7. Changes from -06 to -07 . . . . . . . . . . . . . . . . . 17 75 A.8. Changes from -07 to -08 . . . . . . . . . . . . . . . . . 17 76 A.9. Changes from -08 to -09 . . . . . . . . . . . . . . . . . 18 77 A.10. Changes from -09 to -10 . . . . . . . . . . . . . . . . . 18 78 A.11. Changes from -10 to -11 . . . . . . . . . . . . . . . . . 18 79 A.12. Changes from -11 to -12 . . . . . . . . . . . . . . . . . 18 80 A.13. Changes from -12 to -13 . . . . . . . . . . . . . . . . . 18 81 A.14. Changes from -13 to -14 . . . . . . . . . . . . . . . . . 18 82 A.15. Changes from -14 to -15 . . . . . . . . . . . . . . . . . 18 83 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19 85 1. Introduction 87 WebRTC is a protocol suite aimed at real time multimedia exchange 88 between browsers, and between browsers and other entities. 90 WebRTC is described in the WebRTC overview document, 91 [I-D.ietf-rtcweb-overview], which also defines terminology used in 92 this document, including the terms "WebRTC device" and "WebRTC 93 browser". 95 Terminology for RTP sources is taken from[RFC7656] . 97 This document focuses on the data transport protocols that are used 98 by conforming implementations, including the protocols used for 99 interaction with intermediate boxes such as firewalls, relays and NAT 100 boxes. 102 This protocol suite intends to satisfy the security considerations 103 described in the WebRTC security documents, 104 [I-D.ietf-rtcweb-security] and [I-D.ietf-rtcweb-security-arch]. 106 This document describes requirements that apply to all WebRTC 107 devices. When there are requirements that apply only to WebRTC 108 browsers, this is called out explicitly. 110 2. Requirements language 112 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 113 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 114 document are to be interpreted as described in RFC 2119 [RFC2119]. 116 3. Transport and Middlebox specification 118 3.1. System-provided interfaces 120 The protocol specifications used here assume that the following 121 protocols are available to the implementations of the WebRTC 122 protocols: 124 o UDP [RFC0768]. This is the protocol assumed by most protocol 125 elements described. 127 o TCP [RFC0793]. This is used for HTTP/WebSockets, as well as for 128 TURN/TLS and ICE-TCP. 130 For both protocols, IPv4 and IPv6 support is assumed. 132 For UDP, this specification assumes the ability to set the DSCP code 133 point of the sockets opened on a per-packet basis, in order to 134 achieve the prioritizations described in [I-D.ietf-tsvwg-rtcweb-qos] 135 (see Section 4.2) when multiple media types are multiplexed. It does 136 not assume that the DSCP codepoints will be honored, and does assume 137 that they may be zeroed or changed, since this is a local 138 configuration issue. 140 Platforms that do not give access to these interfaces will not be 141 able to support a conforming WebRTC implementation. 143 This specification does not assume that the implementation will have 144 access to ICMP or raw IP. 146 The following protocols may be used, but can be implemented by a 147 WebRTC endpoint, and are therefore not defined as "system-provided 148 interfaces": 150 o TURN - Traversal Using Relays Around NAT, [RFC5766] 152 o STUN - Session Traversal Utilities for NAT, [RFC5389] 154 o ICE - Interactive Connectivity Establishment, [RFC5245] 156 o TLS - Transport Layer Security, [RFC5246] 158 o DTLS - Datagram Transport Layer Security, [RFC6347]. 160 3.2. Ability to use IPv4 and IPv6 162 Web applications running in a WebRTC browser MUST be able to utilize 163 both IPv4 and IPv6 where available - that is, when two peers have 164 only IPv4 connectivity to each other, or they have only IPv6 165 connectivity to each other, applications running in the WebRTC 166 browser MUST be able to communicate. 168 When TURN is used, and the TURN server has IPv4 or IPv6 connectivity 169 to the peer or the peer's TURN server, candidates of the appropriate 170 types MUST be supported. The "Happy Eyeballs" specification for ICE 171 [I-D.ietf-mmusic-ice-dualstack-fairness] SHOULD be supported. 173 3.3. Usage of temporary IPv6 addresses 175 The IPv6 default address selection specification [RFC6724] specifies 176 that temporary addresses [RFC4941] are to be preferred over permanent 177 addresses. This is a change from the rules specified by [RFC3484]. 178 For applications that select a single address, this is usually done 179 by the IPV6_PREFER_SRC_TMP preference flag specified in [RFC5014]. 180 However, this rule, which is intended to ensure that privacy-enhanced 181 addresses are used in preference to static addresses, doesn't have 182 the right effect in ICE, where all addresses are gathered and 183 therefore revealed to the application. Therefore, the following rule 184 is applied instead: 186 When a client gathers all IPv6 addresses on a host, and both non- 187 deprecated temporary addresses and permanent addresses of the same 188 scope are present, the client SHOULD discard the permanent addresses 189 before exposing addresses to the application or using them in ICE. 190 This is consistent with the default policy described in [RFC6724]. 192 If some of the temporary IPv6 addresses, but not all, are marked 193 deprecated, the client SHOULD discard the deprecated addresses. In 194 an ICE restart, deprecated addresses that are currently in use MAY be 195 retained. 197 3.4. Middle box related functions 199 The primary mechanism to deal with middle boxes is ICE, which is an 200 appropriate way to deal with NAT boxes and firewalls that accept 201 traffic from the inside, but only from the outside if it is in 202 response to inside traffic (simple stateful firewalls). 204 ICE [RFC5245] MUST be supported. The implementation MUST be a full 205 ICE implementation, not ICE-Lite. A full ICE implementation allows 206 interworking with both ICE and ICE-Lite implementations when they are 207 deployed appropriately. 209 In order to deal with situations where both parties are behind NATs 210 of the type that perform endpoint-dependent mapping (as defined in 211 [RFC5128] section 2.4), TURN [RFC5766] MUST be supported. 213 WebRTC browsers MUST support configuration of STUN and TURN servers, 214 both from browser configuration and from an application. 216 In order to deal with firewalls that block all UDP traffic, the mode 217 of TURN that uses TCP between the client and the server MUST be 218 supported, and the mode of TURN that uses TLS over TCP between the 219 client and the server MUST be supported. See [RFC5766] section 2.1 220 for details. 222 In order to deal with situations where one party is on an IPv4 223 network and the other party is on an IPv6 network, TURN extensions 224 for IPv6 [RFC6156] MUST be supported. 226 TURN TCP candidates, where the connection from the client's TURN 227 server to the peer is a TCP connection, [RFC6062] MAY be supported. 229 However, such candidates are not seen as providing any significant 230 benefit, for the following reasons. 232 First, use of TURN TCP candidates would only be relevant in cases 233 which both peers are required to use TCP to establish a 234 PeerConnection. 236 Second, that use case is supported in a different way by both sides 237 establishing UDP relay candidates using TURN over TCP to connect to 238 their respective relay servers. 240 Third, using TCP between the client's TURN server and the peer may 241 result in more performance problems than using UDP, e.g. due to head 242 of line blocking. 244 ICE-TCP candidates [RFC6544] MUST be supported; this may allow 245 applications to communicate to peers with public IP addresses across 246 UDP-blocking firewalls without using a TURN server. 248 If TCP connections are used, RTP framing according to [RFC4571] MUST 249 be used for all packets. This includes the RTP packets, DTLS packets 250 used to carry data channels, and STUN connectivity check packets. 252 The ALTERNATE-SERVER mechanism specified in [RFC5389] (STUN) section 253 11 (300 Try Alternate) MUST be supported. 255 The WebRTC implementation MAY support accessing the Internet through 256 an HTTP proxy. If it does so, it MUST include the "ALPN" header as 257 specified in [RFC7639], and proxy authentication as described in 258 Section 4.3.6 of [RFC7231] and [RFC7235] MUST also be supported. 260 3.5. Transport protocols implemented 262 For transport of media, secure RTP is used. The details of the 263 profile of RTP used are described in "RTP Usage" 264 [I-D.ietf-rtcweb-rtp-usage]. Key exchange MUST be done using DTLS- 265 SRTP, as described in [I-D.ietf-rtcweb-security-arch]. 267 For data transport over the WebRTC data channel 268 [I-D.ietf-rtcweb-data-channel], WebRTC implementations MUST support 269 SCTP over DTLS over ICE. This encapsulation is specified in 270 [I-D.ietf-tsvwg-sctp-dtls-encaps]. Negotiation of this transport in 271 SDP is defined in [I-D.ietf-mmusic-sctp-sdp]. The SCTP extension for 272 NDATA, [I-D.ietf-tsvwg-sctp-ndata], MUST be supported. 274 The setup protocol for WebRTC data channels described in 275 [I-D.ietf-rtcweb-data-protocol] MUST be supported. 277 Note: DTLS-SRTP as defined in [RFC5764] section 6.7.1 defines the 278 interaction between DTLS and ICE ( [RFC5245]). The effect of this 279 specification is that all ICE candidate pairs associated with a 280 single component are part of the same DTLS association. Thus, there 281 will only be one DTLS handshake even if there are multiple valid 282 candidate pairs. 284 WebRTC implementations MUST support multiplexing of DTLS and RTP over 285 the same port pair, as described in the DTLS-SRTP specification 286 [RFC5764], section 5.1.2, with clarifications in 288 [I-D.ietf-avtcore-rfc5764-mux-fixes]. All application layer protocol 289 payloads over this DTLS connection are SCTP packets. 291 Protocol identification MUST be supplied as part of the DTLS 292 handshake, as specified in [I-D.ietf-rtcweb-alpn]. 294 4. Media Prioritization 296 The WebRTC prioritization model is that the application tells the 297 WebRTC implementation about the priority of media and data that is 298 controlled from the API. 300 In this context, a "flow" is used for the units that are given a 301 specific priority through the WebRTC API. 303 For media, a "media flow", which can be an "audio flow" or a "video 304 flow", is what [RFC7656] calls a "media source", which results in a 305 "source RTP stream" and one or more "redundancy RTP streams". This 306 specification does not describe prioritization between the RTP 307 streams that come from a single "media source". 309 All media flows in WebRTC are assumed to be interactive, as defined 310 in [RFC4594]; there is no browser API support for indicating whether 311 media is interactive or non-interactive. 313 A "data flow" is the outgoing data on a single WebRTC data channel. 315 The priority associated with a media flow or data flow is classified 316 as "very-low", "low", "medium or "high". There are only four 317 priority levels at the API. 319 The priority settings affect two pieces of behavior: Packet send 320 sequence decisions and packet markings. Each is described in its own 321 section below. 323 4.1. Local prioritization 325 Local prioritization is applied at the local node, before the packet 326 is sent. This means that the prioritization has full access to the 327 data about the individual packets, and can choose differing treatment 328 based on the stream a packet belongs to. 330 When an WebRTC implementation has packets to send on multiple streams 331 that are congestion-controlled under the same congestion control 332 regime, the WebRTC implementation SHOULD cause data to be emitted in 333 such a way that each stream at each level of priority is being given 334 approximately twice the transmission capacity (measured in payload 335 bytes) of the level below. 337 Thus, when congestion occurs, a "high" priority flow will have the 338 ability to send 8 times as much data as a "very-low" priority flow if 339 both have data to send. This prioritization is independent of the 340 media type. The details of which packet to send first are 341 implementation defined. 343 For example: If there is a high priority audio flow sending 100 byte 344 packets, and a low priority video flow sending 1000 byte packets, and 345 outgoing capacity exists for sending >5000 payload bytes, it would be 346 appropriate to send 4000 bytes (40 packets) of audio and 1000 bytes 347 (one packet) of video as the result of a single pass of sending 348 decisions. 350 Conversely, if the audio flow is marked low priority and the video 351 flow is marked high priority, the scheduler may decide to send 2 352 video packets (2000 bytes) and 5 audio packets (500 bytes) when 353 outgoing capacity exists for sending > 2500 payload bytes. 355 If there are two high priority audio flows, each will be able to send 356 4000 bytes in the same period where a low priority video flow is able 357 to send 1000 bytes. 359 Two example implementation strategies are: 361 o When the available bandwidth is known from the congestion control 362 algorithm, configure each codec and each data channel with a 363 target send rate that is appropriate to its share of the available 364 bandwidth. 366 o When congestion control indicates that a specified number of 367 packets can be sent, send packets that are available to send using 368 a weighted round robin scheme across the connections. 370 Any combination of these, or other schemes that have the same effect, 371 is valid, as long as the distribution of transmission capacity is 372 approximately correct. 374 For media, it is usually inappropriate to use deep queues for 375 sending; it is more useful to, for instance, skip intermediate frames 376 that have no dependencies on them in order to achieve a lower 377 bitrate. For reliable data, queues are useful. 379 4.2. Usage of Quality of Service - DSCP and Multiplexing 381 When the packet is sent, the network will make decisions about 382 queueing and/or discarding the packet that can affect the quality of 383 the communication. The sender can attempt to set the DSCP field of 384 the packet to influence these decisions. 386 Implementations SHOULD attempt to set QoS on the packets sent, 387 according to the guidelines in [I-D.ietf-tsvwg-rtcweb-qos]. It is 388 appropriate to depart from this recommendation when running on 389 platforms where QoS marking is not implemented. 391 The implementation MAY turn off use of DSCP markings if it detects 392 symptoms of unexpected behaviour like priority inversion or blocking 393 of packets with certain DSCP markings. The detection of these 394 conditions is implementation dependent. 396 A particularly hard problem is when one media transport uses multiple 397 DSCP code points, where one may be blocked and another may be 398 allowed. This is allowed even within a single media flow for video 399 in [I-D.ietf-tsvwg-rtcweb-qos]. Implementations need to diagnose 400 this scenario; one possible implementation is to send initial ICE 401 probes with DSCP 0, and send ICE probes on all the DSCP code points 402 that are intended to be used once a candidate pair has been selected. 403 If one or more of the DSCP-marked probes fail, the sender will switch 404 the media type to using DSCP 0. This can be carried out 405 simultaneously with the initial media traffic; on failure, the 406 initial data may need to be resent. This switch will of course 407 invalidate any congestion information gathered up to that point. 409 Failures can also start happening during the lifetime of the call; 410 this case is expected to be rarer, and can be handled by the normal 411 mechanisms for transport failure, which may involve an ICE restart. 413 Note that when a DSCP code point causes non-delivery, one has to 414 switch the whole media flow to DSCP 0, since all traffic for a single 415 media flow needs to be on the same queue for congestion control 416 purposes. Other flows on the same transport, using different DSCP 417 code points, don't need to change. 419 All packets carrying data from the SCTP association supporting the 420 data channels MUST use a single DSCP code point. The code point used 421 SHOULD be that recommended by [I-D.ietf-tsvwg-rtcweb-qos] for the 422 highest priority data channel carried. Note that this means that all 423 data packets, no matter what their relative priority is, will be 424 treated the same by the network. 426 All packets on one TCP connection, no matter what it carries, MUST 427 use a single DSCP code point. 429 More advice on the use of DSCP code points with RTP and on the 430 relationship between DSCP and congestion control is given in 431 [RFC7657]. 433 There exist a number of schemes for achieving quality of service that 434 do not depend solely on DSCP code points. Some of these schemes 435 depend on classifying the traffic into flows based on 5-tuple (source 436 address, source port, protocol, destination address, destination 437 port) or 6-tuple (5-tuple + DSCP code point). Under differing 438 conditions, it may therefore make sense for a sending application to 439 choose any of the configurations: 441 o Each media stream carried on its own 5-tuple 443 o Media streams grouped by media type into 5-tuples (such as 444 carrying all audio on one 5-tuple) 446 o All media sent over a single 5-tuple, with or without 447 differentiation into 6-tuples based on DSCP code points 449 In each of the configurations mentioned, data channels may be carried 450 in its own 5-tuple, or multiplexed together with one of the media 451 flows. 453 More complex configurations, such as sending a high priority video 454 stream on one 5-tuple and sending all other video streams multiplexed 455 together over another 5-tuple, can also be envisioned. More 456 information on mapping media flows to 5-tuples can be found in 457 [I-D.ietf-rtcweb-rtp-usage]. 459 A sending implementation MUST be able to support the following 460 configurations: 462 o Multiplex all media and data on a single 5-tuple (fully bundled) 464 o Send each media stream on its own 5-tuple and data on its own 465 5-tuple (fully unbundled) 467 It MAY choose to support other configurations, such as bundling each 468 media type (audio, video or data) into its own 5-tuple (bundling by 469 media type). 471 Sending data channel data over multiple 5-tuples is not supported. 473 A receiving implementation MUST be able to receive media and data in 474 all these configurations. 476 5. IANA Considerations 478 This document makes no request of IANA. 480 Note to RFC Editor: this section may be removed on publication as an 481 RFC. 483 6. Security Considerations 485 RTCWEB security considerations are enumerated in 486 [I-D.ietf-rtcweb-security]. 488 Security considerations pertaining to the use of DSCP are enumerated 489 in [I-D.ietf-tsvwg-rtcweb-qos]. 491 7. Acknowledgements 493 This document is based on earlier versions embedded in 494 [I-D.ietf-rtcweb-overview], which were the results of contributions 495 from many RTCWEB WG members. 497 Special thanks for reviews of earlier versions of this draft go to 498 Eduardo Gueiros, Magnus Westerlund, Markus Isomaki and Dan Wing; the 499 contributions from Andrew Hutton also deserve special mention. 501 8. References 503 8.1. Normative References 505 [I-D.ietf-avtcore-rfc5764-mux-fixes] 506 Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme 507 Updates for Secure Real-time Transport Protocol (SRTP) 508 Extension for Datagram Transport Layer Security (DTLS)", 509 draft-ietf-avtcore-rfc5764-mux-fixes-10 (work in 510 progress), July 2016. 512 [I-D.ietf-mmusic-ice-dualstack-fairness] 513 Martinsen, P., Reddy, T., and P. Patil, "ICE Multihomed 514 and IPv4/IPv6 Dual Stack Fairness", draft-ietf-mmusic-ice- 515 dualstack-fairness-02 (work in progress), September 2015. 517 [I-D.ietf-mmusic-sctp-sdp] 518 Holmberg, C., Loreto, S., and G. Camarillo, "Stream 519 Control Transmission Protocol (SCTP)-Based Media Transport 520 in the Session Description Protocol (SDP)", draft-ietf- 521 mmusic-sctp-sdp-16 (work in progress), February 2016. 523 [I-D.ietf-rtcweb-alpn] 524 Thomson, M., "Application Layer Protocol Negotiation for 525 Web Real-Time Communications (WebRTC)", draft-ietf-rtcweb- 526 alpn-04 (work in progress), May 2016. 528 [I-D.ietf-rtcweb-data-channel] 529 Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data 530 Channels", draft-ietf-rtcweb-data-channel-13 (work in 531 progress), January 2015. 533 [I-D.ietf-rtcweb-data-protocol] 534 Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Channel 535 Establishment Protocol", draft-ietf-rtcweb-data- 536 protocol-09 (work in progress), January 2015. 538 [I-D.ietf-rtcweb-rtp-usage] 539 Perkins, C., Westerlund, M., and J. Ott, "Web Real-Time 540 Communication (WebRTC): Media Transport and Use of RTP", 541 draft-ietf-rtcweb-rtp-usage-26 (work in progress), March 542 2016. 544 [I-D.ietf-rtcweb-security] 545 Rescorla, E., "Security Considerations for WebRTC", draft- 546 ietf-rtcweb-security-08 (work in progress), February 2015. 548 [I-D.ietf-rtcweb-security-arch] 549 Rescorla, E., "WebRTC Security Architecture", draft-ietf- 550 rtcweb-security-arch-11 (work in progress), March 2015. 552 [I-D.ietf-tsvwg-rtcweb-qos] 553 Jones, P., Dhesikan, S., Jennings, C., and D. Druta, "DSCP 554 Packet Markings for WebRTC QoS", draft-ietf-tsvwg-rtcweb- 555 qos-17 (work in progress), May 2016. 557 [I-D.ietf-tsvwg-sctp-dtls-encaps] 558 Tuexen, M., Stewart, R., Jesup, R., and S. Loreto, "DTLS 559 Encapsulation of SCTP Packets", draft-ietf-tsvwg-sctp- 560 dtls-encaps-09 (work in progress), January 2015. 562 [I-D.ietf-tsvwg-sctp-ndata] 563 Stewart, R., Tuexen, M., Loreto, S., and R. Seggelmann, 564 "Stream Schedulers and User Message Interleaving for the 565 Stream Control Transmission Protocol", draft-ietf-tsvwg- 566 sctp-ndata-05 (work in progress), March 2016. 568 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 569 10.17487/RFC0768, August 1980, 570 . 572 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 573 793, DOI 10.17487/RFC0793, September 1981, 574 . 576 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 577 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 578 RFC2119, March 1997, 579 . 581 [RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP) 582 and RTP Control Protocol (RTCP) Packets over Connection- 583 Oriented Transport", RFC 4571, DOI 10.17487/RFC4571, July 584 2006, . 586 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 587 Extensions for Stateless Address Autoconfiguration in 588 IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, 589 . 591 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 592 (ICE): A Protocol for Network Address Translator (NAT) 593 Traversal for Offer/Answer Protocols", RFC 5245, DOI 594 10.17487/RFC5245, April 2010, 595 . 597 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 598 (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ 599 RFC5246, August 2008, 600 . 602 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 603 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 604 DOI 10.17487/RFC5389, October 2008, 605 . 607 [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer 608 Security (DTLS) Extension to Establish Keys for the Secure 609 Real-time Transport Protocol (SRTP)", RFC 5764, DOI 610 10.17487/RFC5764, May 2010, 611 . 613 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 614 Relays around NAT (TURN): Relay Extensions to Session 615 Traversal Utilities for NAT (STUN)", RFC 5766, DOI 616 10.17487/RFC5766, April 2010, 617 . 619 [RFC6062] Perreault, S., Ed. and J. Rosenberg, "Traversal Using 620 Relays around NAT (TURN) Extensions for TCP Allocations", 621 RFC 6062, DOI 10.17487/RFC6062, November 2010, 622 . 624 [RFC6156] Camarillo, G., Novo, O., and S. Perreault, Ed., "Traversal 625 Using Relays around NAT (TURN) Extension for IPv6", RFC 626 6156, DOI 10.17487/RFC6156, April 2011, 627 . 629 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 630 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 631 January 2012, . 633 [RFC6544] Rosenberg, J., Keranen, A., Lowekamp, B., and A. Roach, 634 "TCP Candidates with Interactive Connectivity 635 Establishment (ICE)", RFC 6544, DOI 10.17487/RFC6544, 636 March 2012, . 638 [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, 639 "Default Address Selection for Internet Protocol Version 6 640 (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, 641 . 643 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 644 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 645 10.17487/RFC7231, June 2014, 646 . 648 [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 649 Protocol (HTTP/1.1): Authentication", RFC 7235, DOI 650 10.17487/RFC7235, June 2014, 651 . 653 [RFC7639] Hutton, A., Uberti, J., and M. Thomson, "The ALPN HTTP 654 Header Field", RFC 7639, DOI 10.17487/RFC7639, August 655 2015, . 657 8.2. Informative References 659 [I-D.ietf-rtcweb-overview] 660 Alvestrand, H., "Overview: Real Time Protocols for 661 Browser-based Applications", draft-ietf-rtcweb-overview-15 662 (work in progress), January 2016. 664 [RFC3484] Draves, R., "Default Address Selection for Internet 665 Protocol version 6 (IPv6)", RFC 3484, DOI 10.17487/ 666 RFC3484, February 2003, 667 . 669 [RFC4594] Babiarz, J., Chan, K., and F. Baker, "Configuration 670 Guidelines for DiffServ Service Classes", RFC 4594, DOI 671 10.17487/RFC4594, August 2006, 672 . 674 [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 675 Socket API for Source Address Selection", RFC 5014, DOI 676 10.17487/RFC5014, September 2007, 677 . 679 [RFC5128] Srisuresh, P., Ford, B., and D. Kegel, "State of Peer-to- 680 Peer (P2P) Communication across Network Address 681 Translators (NATs)", RFC 5128, DOI 10.17487/RFC5128, March 682 2008, . 684 [RFC7656] Lennox, J., Gross, K., Nandakumar, S., Salgueiro, G., and 685 B. Burman, Ed., "A Taxonomy of Semantics and Mechanisms 686 for Real-Time Transport Protocol (RTP) Sources", RFC 7656, 687 DOI 10.17487/RFC7656, November 2015, 688 . 690 [RFC7657] Black, D., Ed. and P. Jones, "Differentiated Services 691 (Diffserv) and Real-Time Communication", RFC 7657, DOI 692 10.17487/RFC7657, November 2015, 693 . 695 Appendix A. Change log 697 This section should be removed before publication as an RFC. 699 A.1. Changes from -00 to -01 701 o Clarified DSCP requirements, with reference to -qos- 703 o Clarified "symmetric NAT" -> "NATs which perform endpoint- 704 dependent mapping" 706 o Made support of TURN over TCP mandatory 708 o Made support of TURN over TLS a MAY, and added open question 710 o Added an informative reference to -firewalls- 712 o Called out that we don't make requirements on HTTP proxy 713 interaction (yet 715 A.2. Changes from -01 to -02 717 o Required support for 300 Alternate Server from STUN. 719 o Separated the ICE-TCP candidate requirement from the TURN-TCP 720 requirement. 722 o Added new sections on using QoS functions, and on multiplexing 723 considerations. 725 o Removed all mention of RTP profiles. Those are the business of 726 the RTP usage draft, not this one. 728 o Required support for TURN IPv6 extensions. 730 o Removed reference to the TURN URI scheme, as it was unnecessary. 732 o Made an explicit statement that multiplexing (or not) is an 733 application matter. 735 . 737 A.3. Changes from -02 to -03 739 o Added required support for draft-ietf-tsvwg-sctp-ndata 741 o Removed discussion of multiplexing, since this is present in rtp- 742 usage. 744 o Added RFC 4571 reference for framing RTP packets over TCP. 746 o Downgraded TURN TCP candidates from SHOULD to MAY, and added more 747 language discussing TCP usage. 749 o Added language on IPv6 temporary addresses. 751 o Added language describing multiplexing choices. 753 o Added a separate section detailing what it means when we say that 754 an WebRTC implementation MUST support both IPv4 and IPv6. 756 A.4. Changes from -03 to -04 758 o Added a section on prioritization, moved the DSCP section into it, 759 and added a section on local prioritization, giving a specific 760 algorithm for interpreting "priority" in local prioritization. 762 o ICE-TCP candidates was changed from MAY to MUST, in recognition of 763 the sense of the room at the London IETF. 765 A.5. Changes from -04 to -05 767 o Reworded introduction 769 o Removed all references to "WebRTC". It now uses only the term 770 RTCWEB. 772 o Addressed a number of clarity / language comments 774 o Rewrote the prioritization to cover data channels and to describe 775 multiple ways of prioritizing flows 777 o Made explicit reference to "MUST do DTLS-SRTP", and referred to 778 security-arch for details 780 A.6. Changes from -05 to -06 782 o Changed all references to "RTCWEB" to "WebRTC", except one 783 reference to the working group 785 o Added reference to the httpbis "connect" protocol (being adopted 786 by HTTPBIS) 788 o Added reference to the ALPN header (being adopted by RTCWEB) 790 o Added reference to the DART RTP document 792 o Said explicitly that SCTP for data channels has a single DSCP 793 codepoint 795 A.7. Changes from -06 to -07 797 o Updated references 799 o Removed reference to draft-hutton-rtcweb-nat-firewall- 800 considerations 802 A.8. Changes from -07 to -08 804 o Updated references 806 o Deleted "bundle each media type (audio, video or data) into its 807 own 5-tuple (bundling by media type)" from MUST support 808 configuration, since JSEP does not have a means to negotiate this 809 configuration 811 A.9. Changes from -08 to -09 813 o Added a clarifying note about DTLS-SRTP and ICE interaction. 815 A.10. Changes from -09 to -10 817 o Re-added references to proxy authentication lost in 07-08 818 transition (Bug #5) 820 o Rearranged and rephrased text in section 4 about prioritization to 821 reflect discussions in TSVWG. 823 o Changed the "Connect" header to "ALPN", and updated reference. 824 (Bug #6) 826 A.11. Changes from -10 to -11 828 o Added a definition of the term "flow" used in the prioritization 829 chapter 831 o Changed the names of the four priority levels to conform to other 832 specs. 834 A.12. Changes from -11 to -12 836 o Added a SHOULD NOT about using deprecated temporary IPv6 837 addresses. 839 o Updated draft-ietf-dart-dscp-rtp reference to RFC 7657 841 A.13. Changes from -12 to -13 843 o Clarify that the ALPN header needs to be sent. 845 o Mentioned that RFC 7657 also talks about congestion control 847 A.14. Changes from -13 to -14 849 o Add note about non-support for marking flows as interactive or 850 non-interactive. 852 A.15. Changes from -14 to -15 854 o Various text clarifications based on comments in Last Call and 855 IESG review 857 o Clarified that only non-deprecated IPv6 addresses are used 858 o Described handling of downgrading of DSCP markings when blackholes 859 are detected 861 o Expanded acronyms in a new protocol list 863 Author's Address 865 Harald Alvestrand 866 Google 868 Email: harald@alvestrand.no