idnits 2.17.1 

draft-ietf-rtcweb-transports-16.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (October 4, 2016) is 2754 days in the past.  Is this
     intentional?

  -- Found something which looks like a code comment -- if you have code
     sections in the document, please surround them with '<CODE BEGINS>' and
     '<CODE ENDS>' lines.


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Outdated reference: A later version (-11) exists of
     draft-ietf-avtcore-rfc5764-mux-fixes-10

  ** Downref: Normative reference to an Informational draft:
     draft-ietf-mmusic-ice-dualstack-fairness (ref.
     'I-D.ietf-mmusic-ice-dualstack-fairness')

  == Outdated reference: A later version (-26) exists of
     draft-ietf-mmusic-sctp-sdp-16

  ** Downref: Normative reference to an Informational draft:
     draft-ietf-rmcat-cc-requirements (ref. 'I-D.ietf-rmcat-cc-requirements')

  == Outdated reference: A later version (-19) exists of
     draft-ietf-rtcweb-overview-15

  == Outdated reference: A later version (-12) exists of
     draft-ietf-rtcweb-security-08

  == Outdated reference: A later version (-20) exists of
     draft-ietf-rtcweb-security-arch-11

  == Outdated reference: A later version (-18) exists of
     draft-ietf-tsvwg-rtcweb-qos-17

  == Outdated reference: A later version (-13) exists of
     draft-ietf-tsvwg-sctp-ndata-05

  ** Obsolete normative reference: RFC  793 (Obsoleted by RFC 9293)

  ** Downref: Normative reference to an Informational RFC: RFC 4594

  ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981)

  ** Obsolete normative reference: RFC 5245 (Obsoleted by RFC 8445, RFC 8839)

  ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446)

  ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489)

  ** Obsolete normative reference: RFC 5766 (Obsoleted by RFC 8656)

  ** Obsolete normative reference: RFC 6156 (Obsoleted by RFC 8656)

  ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147)

  ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110)

  ** Obsolete normative reference: RFC 7235 (Obsoleted by RFC 9110)

  ** Downref: Normative reference to an Informational RFC: RFC 7656

  == Outdated reference: A later version (-09) exists of
     draft-ietf-rmcat-coupled-cc-03

  == Outdated reference: A later version (-02) exists of
     draft-ietf-rtcweb-return-01

  == Outdated reference: A later version (-12) exists of
     draft-ietf-tram-turn-server-discovery-09

  -- Obsolete informational reference (is this intentional?): RFC 3484
     (Obsoleted by RFC 6724)


     Summary: 14 errors (**), 0 flaws (~~), 11 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                      H. Alvestrand
3	Internet-Draft                                                    Google
4	Intended status: Standards Track                         October 4, 2016
5	Expires: April 7, 2017

7	                         Transports for WebRTC
8	                    draft-ietf-rtcweb-transports-16

10	Abstract

12	   This document describes the data transport protocols used by WebRTC,
13	   including the protocols used for interaction with intermediate boxes
14	   such as firewalls, relays and NAT boxes.

16	Status of This Memo

18	   This Internet-Draft is submitted in full conformance with the
19	   provisions of BCP 78 and BCP 79.

21	   Internet-Drafts are working documents of the Internet Engineering
22	   Task Force (IETF).  Note that other groups may also distribute
23	   working documents as Internet-Drafts.  The list of current Internet-
24	   Drafts is at http://datatracker.ietf.org/drafts/current/.

26	   Internet-Drafts are draft documents valid for a maximum of six months
27	   and may be updated, replaced, or obsoleted by other documents at any
28	   time.  It is inappropriate to use Internet-Drafts as reference
29	   material or to cite them other than as "work in progress."

31	   This Internet-Draft will expire on April 7, 2017.

33	Copyright Notice

35	   Copyright (c) 2016 IETF Trust and the persons identified as the
36	   document authors.  All rights reserved.

38	   This document is subject to BCP 78 and the IETF Trust's Legal
39	   Provisions Relating to IETF Documents
40	   (http://trustee.ietf.org/license-info) in effect on the date of
41	   publication of this document.  Please review these documents
42	   carefully, as they describe your rights and restrictions with respect
43	   to this document.  Code Components extracted from this document must
44	   include Simplified BSD License text as described in Section 4.e of
45	   the Trust Legal Provisions and are provided without warranty as
46	   described in the Simplified BSD License.

48	Table of Contents

50	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
51	   2.  Requirements language . . . . . . . . . . . . . . . . . . . .   3
52	   3.  Transport and Middlebox specification . . . . . . . . . . . .   3
53	     3.1.  System-provided interfaces  . . . . . . . . . . . . . . .   3
54	     3.2.  Ability to use IPv4 and IPv6  . . . . . . . . . . . . . .   4
55	     3.3.  Usage of temporary IPv6 addresses . . . . . . . . . . . .   4
56	     3.4.  Middle box related functions  . . . . . . . . . . . . . .   5
57	     3.5.  Transport protocols implemented . . . . . . . . . . . . .   6
58	   4.  Media Prioritization  . . . . . . . . . . . . . . . . . . . .   7
59	     4.1.  Local prioritization  . . . . . . . . . . . . . . . . . .   8
60	     4.2.  Usage of Quality of Service - DSCP and Multiplexing . . .   9
61	   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
62	   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
63	   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  11
64	   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
65	     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
66	     8.2.  Informative References  . . . . . . . . . . . . . . . . .  15
67	   Appendix A.  Change log . . . . . . . . . . . . . . . . . . . . .  16
68	     A.1.  Changes from -00 to -01 . . . . . . . . . . . . . . . . .  16
69	     A.2.  Changes from -01 to -02 . . . . . . . . . . . . . . . . .  17
70	     A.3.  Changes from -02 to -03 . . . . . . . . . . . . . . . . .  17
71	     A.4.  Changes from -03 to -04 . . . . . . . . . . . . . . . . .  17
72	     A.5.  Changes from -04 to -05 . . . . . . . . . . . . . . . . .  18
73	     A.6.  Changes from -05 to -06 . . . . . . . . . . . . . . . . .  18
74	     A.7.  Changes from -06 to -07 . . . . . . . . . . . . . . . . .  18
75	     A.8.  Changes from -07 to -08 . . . . . . . . . . . . . . . . .  18
76	     A.9.  Changes from -08 to -09 . . . . . . . . . . . . . . . . .  19
77	     A.10. Changes from -09 to -10 . . . . . . . . . . . . . . . . .  19
78	     A.11. Changes from -10 to -11 . . . . . . . . . . . . . . . . .  19
79	     A.12. Changes from -11 to -12 . . . . . . . . . . . . . . . . .  19
80	     A.13. Changes from -12 to -13 . . . . . . . . . . . . . . . . .  19
81	     A.14. Changes from -13 to -14 . . . . . . . . . . . . . . . . .  19
82	     A.15. Changes from -14 to -15 . . . . . . . . . . . . . . . . .  19
83	     A.16. Changes from -15 to -16 . . . . . . . . . . . . . . . . .  20
84	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  20

86	1.  Introduction

88	   WebRTC is a protocol suite aimed at real time multimedia exchange
89	   between browsers, and between browsers and other entities.

91	   WebRTC is described in the WebRTC overview document,
92	   [I-D.ietf-rtcweb-overview], which also defines terminology used in
93	   this document, including the terms "WebRTC endpoint" and "WebRTC
94	   browser".

96	   Terminology for RTP sources is taken from[RFC7656] .

98	   This document focuses on the data transport protocols that are used
99	   by conforming implementations, including the protocols used for
100	   interaction with intermediate boxes such as firewalls, relays and NAT
101	   boxes.

103	   This protocol suite intends to satisfy the security considerations
104	   described in the WebRTC security documents,
105	   [I-D.ietf-rtcweb-security] and [I-D.ietf-rtcweb-security-arch].

107	   This document describes requirements that apply to all WebRTC
108	   endpoints.  When there are requirements that apply only to WebRTC
109	   browsers, this is called out explicitly.

111	2.  Requirements language

113	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
114	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
115	   document are to be interpreted as described in RFC 2119 [RFC2119].

117	3.  Transport and Middlebox specification

119	3.1.  System-provided interfaces

121	   The protocol specifications used here assume that the following
122	   protocols are available to the implementations of the WebRTC
123	   protocols:

125	   o  UDP [RFC0768].  This is the protocol assumed by most protocol
126	      elements described.

128	   o  TCP [RFC0793].  This is used for HTTP/WebSockets, as well as for
129	      TURN/TLS and ICE-TCP.

131	   For both protocols, IPv4 and IPv6 support is assumed.

133	   For UDP, this specification assumes the ability to set the DSCP code
134	   point of the sockets opened on a per-packet basis, in order to
135	   achieve the prioritizations described in [I-D.ietf-tsvwg-rtcweb-qos]
136	   (see Section 4.2) when multiple media types are multiplexed.  It does
137	   not assume that the DSCP codepoints will be honored, and does assume
138	   that they may be zeroed or changed, since this is a local
139	   configuration issue.

141	   Platforms that do not give access to these interfaces will not be
142	   able to support a conforming WebRTC endpoint.

144	   This specification does not assume that the implementation will have
145	   access to ICMP or raw IP.

147	   The following protocols may be used, but can be implemented by a
148	   WebRTC endpoint, and are therefore not defined as "system-provided
149	   interfaces":

151	   o  TURN - Traversal Using Relays Around NAT, [RFC5766]

153	   o  STUN - Session Traversal Utilities for NAT, [RFC5389]

155	   o  ICE - Interactive Connectivity Establishment, [RFC5245]

157	   o  TLS - Transport Layer Security, [RFC5246]

159	   o  DTLS - Datagram Transport Layer Security, [RFC6347].

161	3.2.  Ability to use IPv4 and IPv6

163	   Web applications running in a WebRTC browser MUST be able to utilize
164	   both IPv4 and IPv6 where available - that is, when two peers have
165	   only IPv4 connectivity to each other, or they have only IPv6
166	   connectivity to each other, applications running in the WebRTC
167	   browser MUST be able to communicate.

169	   When TURN is used, and the TURN server has IPv4 or IPv6 connectivity
170	   to the peer or the peer's TURN server, candidates of the appropriate
171	   types MUST be supported.  The "Happy Eyeballs" specification for ICE
172	   [I-D.ietf-mmusic-ice-dualstack-fairness] SHOULD be supported.

174	3.3.  Usage of temporary IPv6 addresses

176	   The IPv6 default address selection specification [RFC6724] specifies
177	   that temporary addresses [RFC4941] are to be preferred over permanent
178	   addresses.  This is a change from the rules specified by [RFC3484].
179	   For applications that select a single address, this is usually done
180	   by the IPV6_PREFER_SRC_TMP preference flag specified in [RFC5014].
181	   However, this rule, which is intended to ensure that privacy-enhanced
182	   addresses are used in preference to static addresses, doesn't have
183	   the right effect in ICE, where all addresses are gathered and
184	   therefore revealed to the application.  Therefore, the following rule
185	   is applied instead:

187	   When a WebRTC endpoint gathers all IPv6 addresses on its host, and
188	   both non-deprecated temporary addresses and permanent addresses of
189	   the same scope are present, the WebRTC endpoint SHOULD discard the
190	   permanent addresses before exposing addresses to the application or
191	   using them in ICE.  This is consistent with the default policy
192	   described in [RFC6724].

194	   If some of the temporary IPv6 addresses, but not all, are marked
195	   deprecated, the WebRTC endpoint SHOULD discard the deprecated
196	   addresses, unless they are used by an ongoing connection.  In an ICE
197	   restart, deprecated addresses that are currently in use MAY be
198	   retained.

200	3.4.  Middle box related functions

202	   The primary mechanism to deal with middle boxes is ICE, which is an
203	   appropriate way to deal with NAT boxes and firewalls that accept
204	   traffic from the inside, but only from the outside if it is in
205	   response to inside traffic (simple stateful firewalls).

207	   ICE [RFC5245] MUST be supported.  The implementation MUST be a full
208	   ICE implementation, not ICE-Lite.  A full ICE implementation allows
209	   interworking with both ICE and ICE-Lite implementations when they are
210	   deployed appropriately.

212	   In order to deal with situations where both parties are behind NATs
213	   of the type that perform endpoint-dependent mapping (as defined in
214	   [RFC5128] section 2.4), TURN [RFC5766] MUST be supported.

216	   WebRTC browsers MUST support configuration of STUN and TURN servers,
217	   both from browser configuration and from an application.

219	   Note that there is other work around STUN and TURN sever discovery
220	   and management, including [I-D.ietf-tram-turn-server-discovery] for
221	   server discovery, as well as [I-D.ietf-rtcweb-return].

223	   In order to deal with firewalls that block all UDP traffic, the mode
224	   of TURN that uses TCP between the WebRTC endpoint and the TURN server
225	   MUST be supported, and the mode of TURN that uses TLS over TCP
226	   between the WebRTC endpoint and the TURN server MUST be supported.
227	   See [RFC5766] section 2.1 for details.

229	   In order to deal with situations where one party is on an IPv4
230	   network and the other party is on an IPv6 network, TURN extensions
231	   for IPv6 [RFC6156] MUST be supported.

233	   TURN TCP candidates, where the connection from the WebRTC endpoint's
234	   TURN server to the peer is a TCP connection, [RFC6062] MAY be
235	   supported.

237	   However, such candidates are not seen as providing any significant
238	   benefit, for the following reasons.

240	   First, use of TURN TCP candidates would only be relevant in cases
241	   which both peers are required to use TCP to establish a
242	   PeerConnection.

244	   Second, that use case is supported in a different way by both sides
245	   establishing UDP relay candidates using TURN over TCP to connect to
246	   their respective relay servers.

248	   Third, using TCP between the WebRTC endpoint's TURN server and the
249	   peer may result in more performance problems than using UDP, e.g. due
250	   to head of line blocking.

252	   ICE-TCP candidates [RFC6544] MUST be supported; this may allow
253	   applications to communicate to peers with public IP addresses across
254	   UDP-blocking firewalls without using a TURN server.

256	   If TCP connections are used, RTP framing according to [RFC4571] MUST
257	   be used for all packets.  This includes the RTP packets, DTLS packets
258	   used to carry data channels, and STUN connectivity check packets.

260	   The ALTERNATE-SERVER mechanism specified in [RFC5389] (STUN) section
261	   11 (300 Try Alternate) MUST be supported.

263	   The WebRTC endpoint MAY support accessing the Internet through an
264	   HTTP proxy.  If it does so, it MUST include the "ALPN" header as
265	   specified in [RFC7639], and proxy authentication as described in
266	   Section 4.3.6 of [RFC7231] and [RFC7235] MUST also be supported.

268	3.5.  Transport protocols implemented

270	   For transport of media, secure RTP is used.  The details of the
271	   profile of RTP used are described in "RTP Usage"
272	   [I-D.ietf-rtcweb-rtp-usage], which mandates the use of a circuit
273	   breaker [I-D.ietf-avtcore-rtp-circuit-breakers] and congstion control
274	   (see [I-D.ietf-rmcat-cc-requirements] for further guidance).

276	   Key exchange MUST be done using DTLS-SRTP, as described in
277	   [I-D.ietf-rtcweb-security-arch].

279	   For data transport over the WebRTC data channel
280	   [I-D.ietf-rtcweb-data-channel], WebRTC endpoints MUST support SCTP
281	   over DTLS over ICE.  This encapsulation is specified in
282	   [I-D.ietf-tsvwg-sctp-dtls-encaps].  Negotiation of this transport in
283	   SDP is defined in [I-D.ietf-mmusic-sctp-sdp].  The SCTP extension for
284	   NDATA, [I-D.ietf-tsvwg-sctp-ndata], MUST be supported.

286	   The setup protocol for WebRTC data channels described in
287	   [I-D.ietf-rtcweb-data-protocol] MUST be supported.

289	   Note: DTLS-SRTP as defined in [RFC5764] section 6.7.1 defines the
290	   interaction between DTLS and ICE ( [RFC5245]).  The effect of this
291	   specification is that all ICE candidate pairs associated with a
292	   single component are part of the same DTLS association.  Thus, there
293	   will only be one DTLS handshake even if there are multiple valid
294	   candidate pairs.

296	   WebRTC endpoints MUST support multiplexing of DTLS and RTP over the
297	   same port pair, as described in the DTLS-SRTP specification
298	   [RFC5764], section 5.1.2, with clarifications in
299	   [I-D.ietf-avtcore-rfc5764-mux-fixes].  All application layer protocol
300	   payloads over this DTLS connection are SCTP packets.

302	   Protocol identification MUST be supplied as part of the DTLS
303	   handshake, as specified in [I-D.ietf-rtcweb-alpn].

305	4.  Media Prioritization

307	   The WebRTC prioritization model is that the application tells the
308	   WebRTC endpoint about the priority of media and data that is
309	   controlled from the API.

311	   In this context, a "flow" is used for the units that are given a
312	   specific priority through the WebRTC API.

314	   For media, a "media flow", which can be an "audio flow" or a "video
315	   flow", is what [RFC7656] calls a "media source", which results in a
316	   "source RTP stream" and one or more "redundancy RTP streams".  This
317	   specification does not describe prioritization between the RTP
318	   streams that come from a single "media source".

320	   All media flows in WebRTC are assumed to be interactive, as defined
321	   in [RFC4594]; there is no browser API support for indicating whether
322	   media is interactive or non-interactive.

324	   A "data flow" is the outgoing data on a single WebRTC data channel.

326	   The priority associated with a media flow or data flow is classified
327	   as "very-low", "low", "medium or "high".  There are only four
328	   priority levels at the API.

330	   The priority settings affect two pieces of behavior: Packet send
331	   sequence decisions and packet markings.  Each is described in its own
332	   section below.

334	4.1.  Local prioritization

336	   Local prioritization is applied at the local node, before the packet
337	   is sent.  This means that the prioritization has full access to the
338	   data about the individual packets, and can choose differing treatment
339	   based on the stream a packet belongs to.

341	   When an WebRTC endpoint has packets to send on multiple streams that
342	   are congestion-controlled under the same congestion control regime,
343	   the WebRTC endpoint SHOULD cause data to be emitted in such a way
344	   that each stream at each level of priority is being given
345	   approximately twice the transmission capacity (measured in payload
346	   bytes) of the level below.

348	   Thus, when congestion occurs, a "high" priority flow will have the
349	   ability to send 8 times as much data as a "very-low" priority flow if
350	   both have data to send.  This prioritization is independent of the
351	   media type.  The details of which packet to send first are
352	   implementation defined.

354	   For example: If there is a high priority audio flow sending 100 byte
355	   packets, and a low priority video flow sending 1000 byte packets, and
356	   outgoing capacity exists for sending >5000 payload bytes, it would be
357	   appropriate to send 4000 bytes (40 packets) of audio and 1000 bytes
358	   (one packet) of video as the result of a single pass of sending
359	   decisions.

361	   Conversely, if the audio flow is marked low priority and the video
362	   flow is marked high priority, the scheduler may decide to send 2
363	   video packets (2000 bytes) and 5 audio packets (500 bytes) when
364	   outgoing capacity exists for sending > 2500 payload bytes.

366	   If there are two high priority audio flows, each will be able to send
367	   4000 bytes in the same period where a low priority video flow is able
368	   to send 1000 bytes.

370	   Two example implementation strategies are:

372	   o  When the available bandwidth is known from the congestion control
373	      algorithm, configure each codec and each data channel with a
374	      target send rate that is appropriate to its share of the available
375	      bandwidth.

377	   o  When congestion control indicates that a specified number of
378	      packets can be sent, send packets that are available to send using
379	      a weighted round robin scheme across the connections.

381	   Any combination of these, or other schemes that have the same effect,
382	   is valid, as long as the distribution of transmission capacity is
383	   approximately correct.

385	   For media, it is usually inappropriate to use deep queues for
386	   sending; it is more useful to, for instance, skip intermediate frames
387	   that have no dependencies on them in order to achieve a lower
388	   bitrate.  For reliable data, queues are useful.

390	   Note that this specification doesn't dictate when disparate streams
391	   are to be "congestion controlled under the same congestion control
392	   regime".  The issue of coupling congestion controllers is explored
393	   further in [I-D.ietf-rmcat-coupled-cc].

395	4.2.  Usage of Quality of Service - DSCP and Multiplexing

397	   When the packet is sent, the network will make decisions about
398	   queueing and/or discarding the packet that can affect the quality of
399	   the communication.  The sender can attempt to set the DSCP field of
400	   the packet to influence these decisions.

402	   Implementations SHOULD attempt to set QoS on the packets sent,
403	   according to the guidelines in [I-D.ietf-tsvwg-rtcweb-qos].  It is
404	   appropriate to depart from this recommendation when running on
405	   platforms where QoS marking is not implemented.

407	   The implementation MAY turn off use of DSCP markings if it detects
408	   symptoms of unexpected behaviour like priority inversion or blocking
409	   of packets with certain DSCP markings.  The detection of these
410	   conditions is implementation dependent.

412	   A particularly hard problem is when one media transport uses multiple
413	   DSCP code points, where one may be blocked and another may be
414	   allowed.  This is allowed even within a single media flow for video
415	   in [I-D.ietf-tsvwg-rtcweb-qos].  Implementations need to diagnose
416	   this scenario; one possible implementation is to send initial ICE
417	   probes with DSCP 0, and send ICE probes on all the DSCP code points
418	   that are intended to be used once a candidate pair has been selected.
419	   If one or more of the DSCP-marked probes fail, the sender will switch
420	   the media type to using DSCP 0.  This can be carried out
421	   simultaneously with the initial media traffic; on failure, the
422	   initial data may need to be resent.  This switch will of course
423	   invalidate any congestion information gathered up to that point.

425	   Failures can also start happening during the lifetime of the call;
426	   this case is expected to be rarer, and can be handled by the normal
427	   mechanisms for transport failure, which may involve an ICE restart.

429	   Note that when a DSCP code point causes non-delivery, one has to
430	   switch the whole media flow to DSCP 0, since all traffic for a single
431	   media flow needs to be on the same queue for congestion control
432	   purposes.  Other flows on the same transport, using different DSCP
433	   code points, don't need to change.

435	   All packets carrying data from the SCTP association supporting the
436	   data channels MUST use a single DSCP code point.  The code point used
437	   SHOULD be that recommended by [I-D.ietf-tsvwg-rtcweb-qos] for the
438	   highest priority data channel carried.  Note that this means that all
439	   data packets, no matter what their relative priority is, will be
440	   treated the same by the network.

442	   All packets on one TCP connection, no matter what it carries, MUST
443	   use a single DSCP code point.

445	   More advice on the use of DSCP code points with RTP and on the
446	   relationship between DSCP and congestion control is given in
447	   [RFC7657].

449	   There exist a number of schemes for achieving quality of service that
450	   do not depend solely on DSCP code points.  Some of these schemes
451	   depend on classifying the traffic into flows based on 5-tuple (source
452	   address, source port, protocol, destination address, destination
453	   port) or 6-tuple (5-tuple + DSCP code point).  Under differing
454	   conditions, it may therefore make sense for a sending application to
455	   choose any of the configurations:

457	   o  Each media stream carried on its own 5-tuple

459	   o  Media streams grouped by media type into 5-tuples (such as
460	      carrying all audio on one 5-tuple)

462	   o  All media sent over a single 5-tuple, with or without
463	      differentiation into 6-tuples based on DSCP code points

465	   In each of the configurations mentioned, data channels may be carried
466	   in its own 5-tuple, or multiplexed together with one of the media
467	   flows.

469	   More complex configurations, such as sending a high priority video
470	   stream on one 5-tuple and sending all other video streams multiplexed
471	   together over another 5-tuple, can also be envisioned.  More
472	   information on mapping media flows to 5-tuples can be found in
473	   [I-D.ietf-rtcweb-rtp-usage].

475	   A sending implementation MUST be able to support the following
476	   configurations:

478	   o  Multiplex all media and data on a single 5-tuple (fully bundled)

480	   o  Send each media stream on its own 5-tuple and data on its own
481	      5-tuple (fully unbundled)

483	   It MAY choose to support other configurations, such as bundling each
484	   media type (audio, video or data) into its own 5-tuple (bundling by
485	   media type).

487	   Sending data channel data over multiple 5-tuples is not supported.

489	   A receiving implementation MUST be able to receive media and data in
490	   all these configurations.

492	5.  IANA Considerations

494	   This document makes no request of IANA.

496	   Note to RFC Editor: this section may be removed on publication as an
497	   RFC.

499	6.  Security Considerations

501	   RTCWEB security considerations are enumerated in
502	   [I-D.ietf-rtcweb-security].

504	   Security considerations pertaining to the use of DSCP are enumerated
505	   in [I-D.ietf-tsvwg-rtcweb-qos].

507	7.  Acknowledgements

509	   This document is based on earlier versions embedded in
510	   [I-D.ietf-rtcweb-overview], which were the results of contributions
511	   from many RTCWEB WG members.

513	   Special thanks for reviews of earlier versions of this draft go to
514	   Eduardo Gueiros, Magnus Westerlund, Markus Isomaki and Dan Wing; the
515	   contributions from Andrew Hutton also deserve special mention.

517	8.  References

519	8.1.  Normative References

521	   [I-D.ietf-avtcore-rfc5764-mux-fixes]
522	              Petit-Huguenin, M. and G. Salgueiro, "Multiplexing Scheme
523	              Updates for Secure Real-time Transport Protocol (SRTP)
524	              Extension for Datagram Transport Layer Security (DTLS)",
525	              draft-ietf-avtcore-rfc5764-mux-fixes-10 (work in
526	              progress), July 2016.

528	   [I-D.ietf-avtcore-rtp-circuit-breakers]
529	              Perkins, C. and V. Singh, "Multimedia Congestion Control:
530	              Circuit Breakers for Unicast RTP Sessions", draft-ietf-
531	              avtcore-rtp-circuit-breakers-18 (work in progress), August
532	              2016.

534	   [I-D.ietf-mmusic-ice-dualstack-fairness]
535	              Martinsen, P., Reddy, T., and P. Patil, "ICE Multihomed
536	              and IPv4/IPv6 Dual Stack Fairness", draft-ietf-mmusic-ice-
537	              dualstack-fairness-02 (work in progress), September 2015.

539	   [I-D.ietf-mmusic-sctp-sdp]
540	              Holmberg, C., Loreto, S., and G. Camarillo, "Stream
541	              Control Transmission Protocol (SCTP)-Based Media Transport
542	              in the Session Description Protocol (SDP)", draft-ietf-
543	              mmusic-sctp-sdp-16 (work in progress), February 2016.

545	   [I-D.ietf-rmcat-cc-requirements]
546	              Jesup, R. and Z. Sarker, "Congestion Control Requirements
547	              for Interactive Real-Time Media", draft-ietf-rmcat-cc-
548	              requirements-09 (work in progress), December 2014.

550	   [I-D.ietf-rtcweb-alpn]
551	              Thomson, M., "Application Layer Protocol Negotiation for
552	              Web Real-Time Communications (WebRTC)", draft-ietf-rtcweb-
553	              alpn-04 (work in progress), May 2016.

555	   [I-D.ietf-rtcweb-data-channel]
556	              Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data
557	              Channels", draft-ietf-rtcweb-data-channel-13 (work in
558	              progress), January 2015.

560	   [I-D.ietf-rtcweb-data-protocol]
561	              Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Channel
562	              Establishment Protocol", draft-ietf-rtcweb-data-
563	              protocol-09 (work in progress), January 2015.

565	   [I-D.ietf-rtcweb-overview]
566	              Alvestrand, H., "Overview: Real Time Protocols for
567	              Browser-based Applications", draft-ietf-rtcweb-overview-15
568	              (work in progress), January 2016.

570	   [I-D.ietf-rtcweb-rtp-usage]
571	              Perkins, C., Westerlund, M., and J. Ott, "Web Real-Time
572	              Communication (WebRTC): Media Transport and Use of RTP",
573	              draft-ietf-rtcweb-rtp-usage-26 (work in progress), March
574	              2016.

576	   [I-D.ietf-rtcweb-security]
577	              Rescorla, E., "Security Considerations for WebRTC", draft-
578	              ietf-rtcweb-security-08 (work in progress), February 2015.

580	   [I-D.ietf-rtcweb-security-arch]
581	              Rescorla, E., "WebRTC Security Architecture", draft-ietf-
582	              rtcweb-security-arch-11 (work in progress), March 2015.

584	   [I-D.ietf-tsvwg-rtcweb-qos]
585	              Jones, P., Dhesikan, S., Jennings, C., and D. Druta, "DSCP
586	              Packet Markings for WebRTC QoS", draft-ietf-tsvwg-rtcweb-
587	              qos-17 (work in progress), May 2016.

589	   [I-D.ietf-tsvwg-sctp-dtls-encaps]
590	              Tuexen, M., Stewart, R., Jesup, R., and S. Loreto, "DTLS
591	              Encapsulation of SCTP Packets", draft-ietf-tsvwg-sctp-
592	              dtls-encaps-09 (work in progress), January 2015.

594	   [I-D.ietf-tsvwg-sctp-ndata]
595	              Stewart, R., Tuexen, M., Loreto, S., and R. Seggelmann,
596	              "Stream Schedulers and User Message Interleaving for the
597	              Stream Control Transmission Protocol", draft-ietf-tsvwg-
598	              sctp-ndata-05 (work in progress), March 2016.

600	   [RFC0768]  Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI
601	              10.17487/RFC0768, August 1980,
602	              <http://www.rfc-editor.org/info/rfc768>.

604	   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7, RFC
605	              793, DOI 10.17487/RFC0793, September 1981,
606	              <http://www.rfc-editor.org/info/rfc793>.

608	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
609	              Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
610	              RFC2119, March 1997,
611	              <http://www.rfc-editor.org/info/rfc2119>.

613	   [RFC4571]  Lazzaro, J., "Framing Real-time Transport Protocol (RTP)
614	              and RTP Control Protocol (RTCP) Packets over Connection-
615	              Oriented Transport", RFC 4571, DOI 10.17487/RFC4571, July
616	              2006, <http://www.rfc-editor.org/info/rfc4571>.

618	   [RFC4594]  Babiarz, J., Chan, K., and F. Baker, "Configuration
619	              Guidelines for DiffServ Service Classes", RFC 4594, DOI
620	              10.17487/RFC4594, August 2006,
621	              <http://www.rfc-editor.org/info/rfc4594>.

623	   [RFC4941]  Narten, T., Draves, R., and S. Krishnan, "Privacy
624	              Extensions for Stateless Address Autoconfiguration in
625	              IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007,
626	              <http://www.rfc-editor.org/info/rfc4941>.

628	   [RFC5245]  Rosenberg, J., "Interactive Connectivity Establishment
629	              (ICE): A Protocol for Network Address Translator (NAT)
630	              Traversal for Offer/Answer Protocols", RFC 5245, DOI
631	              10.17487/RFC5245, April 2010,
632	              <http://www.rfc-editor.org/info/rfc5245>.

634	   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
635	              (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/
636	              RFC5246, August 2008,
637	              <http://www.rfc-editor.org/info/rfc5246>.

639	   [RFC5389]  Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
640	              "Session Traversal Utilities for NAT (STUN)", RFC 5389,
641	              DOI 10.17487/RFC5389, October 2008,
642	              <http://www.rfc-editor.org/info/rfc5389>.

644	   [RFC5764]  McGrew, D. and E. Rescorla, "Datagram Transport Layer
645	              Security (DTLS) Extension to Establish Keys for the Secure
646	              Real-time Transport Protocol (SRTP)", RFC 5764, DOI
647	              10.17487/RFC5764, May 2010,
648	              <http://www.rfc-editor.org/info/rfc5764>.

650	   [RFC5766]  Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
651	              Relays around NAT (TURN): Relay Extensions to Session
652	              Traversal Utilities for NAT (STUN)", RFC 5766, DOI
653	              10.17487/RFC5766, April 2010,
654	              <http://www.rfc-editor.org/info/rfc5766>.

656	   [RFC6062]  Perreault, S., Ed. and J. Rosenberg, "Traversal Using
657	              Relays around NAT (TURN) Extensions for TCP Allocations",
658	              RFC 6062, DOI 10.17487/RFC6062, November 2010,
659	              <http://www.rfc-editor.org/info/rfc6062>.

661	   [RFC6156]  Camarillo, G., Novo, O., and S. Perreault, Ed., "Traversal
662	              Using Relays around NAT (TURN) Extension for IPv6", RFC
663	              6156, DOI 10.17487/RFC6156, April 2011,
664	              <http://www.rfc-editor.org/info/rfc6156>.

666	   [RFC6347]  Rescorla, E. and N. Modadugu, "Datagram Transport Layer
667	              Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
668	              January 2012, <http://www.rfc-editor.org/info/rfc6347>.

670	   [RFC6544]  Rosenberg, J., Keranen, A., Lowekamp, B., and A. Roach,
671	              "TCP Candidates with Interactive Connectivity
672	              Establishment (ICE)", RFC 6544, DOI 10.17487/RFC6544,
673	              March 2012, <http://www.rfc-editor.org/info/rfc6544>.

675	   [RFC6724]  Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
676	              "Default Address Selection for Internet Protocol Version 6
677	              (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012,
678	              <http://www.rfc-editor.org/info/rfc6724>.

680	   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
681	              Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI
682	              10.17487/RFC7231, June 2014,
683	              <http://www.rfc-editor.org/info/rfc7231>.

685	   [RFC7235]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
686	              Protocol (HTTP/1.1): Authentication", RFC 7235, DOI
687	              10.17487/RFC7235, June 2014,
688	              <http://www.rfc-editor.org/info/rfc7235>.

690	   [RFC7639]  Hutton, A., Uberti, J., and M. Thomson, "The ALPN HTTP
691	              Header Field", RFC 7639, DOI 10.17487/RFC7639, August
692	              2015, <http://www.rfc-editor.org/info/rfc7639>.

694	   [RFC7656]  Lennox, J., Gross, K., Nandakumar, S., Salgueiro, G., and
695	              B. Burman, Ed., "A Taxonomy of Semantics and Mechanisms
696	              for Real-Time Transport Protocol (RTP) Sources", RFC 7656,
697	              DOI 10.17487/RFC7656, November 2015,
698	              <http://www.rfc-editor.org/info/rfc7656>.

700	8.2.  Informative References

702	   [I-D.ietf-rmcat-coupled-cc]
703	              Islam, S., Welzl, M., and S. Gjessing, "Coupled congestion
704	              control for RTP media", draft-ietf-rmcat-coupled-cc-03
705	              (work in progress), July 2016.

707	   [I-D.ietf-rtcweb-return]
708	              Schwartz, B. and J. Uberti, "Recursively Encapsulated TURN
709	              (RETURN) for Connectivity and Privacy in WebRTC", draft-
710	              ietf-rtcweb-return-01 (work in progress), January 2016.

712	   [I-D.ietf-tram-turn-server-discovery]
713	              Patil, P., Reddy, T., and D. Wing, "TURN Server Auto
714	              Discovery", draft-ietf-tram-turn-server-discovery-09 (work
715	              in progress), August 2016.

717	   [RFC3484]  Draves, R., "Default Address Selection for Internet
718	              Protocol version 6 (IPv6)", RFC 3484, DOI 10.17487/
719	              RFC3484, February 2003,
720	              <http://www.rfc-editor.org/info/rfc3484>.

722	   [RFC5014]  Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6
723	              Socket API for Source Address Selection", RFC 5014, DOI
724	              10.17487/RFC5014, September 2007,
725	              <http://www.rfc-editor.org/info/rfc5014>.

727	   [RFC5128]  Srisuresh, P., Ford, B., and D. Kegel, "State of Peer-to-
728	              Peer (P2P) Communication across Network Address
729	              Translators (NATs)", RFC 5128, DOI 10.17487/RFC5128, March
730	              2008, <http://www.rfc-editor.org/info/rfc5128>.

732	   [RFC7657]  Black, D., Ed. and P. Jones, "Differentiated Services
733	              (Diffserv) and Real-Time Communication", RFC 7657, DOI
734	              10.17487/RFC7657, November 2015,
735	              <http://www.rfc-editor.org/info/rfc7657>.

737	Appendix A.  Change log

739	   This section should be removed before publication as an RFC.

741	A.1.  Changes from -00 to -01

743	   o  Clarified DSCP requirements, with reference to -qos-

745	   o  Clarified "symmetric NAT" -> "NATs which perform endpoint-
746	      dependent mapping"

748	   o  Made support of TURN over TCP mandatory

750	   o  Made support of TURN over TLS a MAY, and added open question

752	   o  Added an informative reference to -firewalls-

754	   o  Called out that we don't make requirements on HTTP proxy
755	      interaction (yet

757	A.2.  Changes from -01 to -02

759	   o  Required support for 300 Alternate Server from STUN.

761	   o  Separated the ICE-TCP candidate requirement from the TURN-TCP
762	      requirement.

764	   o  Added new sections on using QoS functions, and on multiplexing
765	      considerations.

767	   o  Removed all mention of RTP profiles.  Those are the business of
768	      the RTP usage draft, not this one.

770	   o  Required support for TURN IPv6 extensions.

772	   o  Removed reference to the TURN URI scheme, as it was unnecessary.

774	   o  Made an explicit statement that multiplexing (or not) is an
775	      application matter.

777	   .

779	A.3.  Changes from -02 to -03

781	   o  Added required support for draft-ietf-tsvwg-sctp-ndata

783	   o  Removed discussion of multiplexing, since this is present in rtp-
784	      usage.

786	   o  Added RFC 4571 reference for framing RTP packets over TCP.

788	   o  Downgraded TURN TCP candidates from SHOULD to MAY, and added more
789	      language discussing TCP usage.

791	   o  Added language on IPv6 temporary addresses.

793	   o  Added language describing multiplexing choices.

795	   o  Added a separate section detailing what it means when we say that
796	      an WebRTC implementation MUST support both IPv4 and IPv6.

798	A.4.  Changes from -03 to -04

800	   o  Added a section on prioritization, moved the DSCP section into it,
801	      and added a section on local prioritization, giving a specific
802	      algorithm for interpreting "priority" in local prioritization.

804	   o  ICE-TCP candidates was changed from MAY to MUST, in recognition of
805	      the sense of the room at the London IETF.

807	A.5.  Changes from -04 to -05

809	   o  Reworded introduction

811	   o  Removed all references to "WebRTC".  It now uses only the term
812	      RTCWEB.

814	   o  Addressed a number of clarity / language comments

816	   o  Rewrote the prioritization to cover data channels and to describe
817	      multiple ways of prioritizing flows

819	   o  Made explicit reference to "MUST do DTLS-SRTP", and referred to
820	      security-arch for details

822	A.6.  Changes from -05 to -06

824	   o  Changed all references to "RTCWEB" to "WebRTC", except one
825	      reference to the working group

827	   o  Added reference to the httpbis "connect" protocol (being adopted
828	      by HTTPBIS)

830	   o  Added reference to the ALPN header (being adopted by RTCWEB)

832	   o  Added reference to the DART RTP document

834	   o  Said explicitly that SCTP for data channels has a single DSCP
835	      codepoint

837	A.7.  Changes from -06 to -07

839	   o  Updated references

841	   o  Removed reference to draft-hutton-rtcweb-nat-firewall-
842	      considerations

844	A.8.  Changes from -07 to -08

846	   o  Updated references

848	   o  Deleted "bundle each media type (audio, video or data) into its
849	      own 5-tuple (bundling by media type)" from MUST support
850	      configuration, since JSEP does not have a means to negotiate this
851	      configuration

853	A.9.  Changes from -08 to -09

855	   o  Added a clarifying note about DTLS-SRTP and ICE interaction.

857	A.10.  Changes from -09 to -10

859	   o  Re-added references to proxy authentication lost in 07-08
860	      transition (Bug #5)

862	   o  Rearranged and rephrased text in section 4 about prioritization to
863	      reflect discussions in TSVWG.

865	   o  Changed the "Connect" header to "ALPN", and updated reference.
866	      (Bug #6)

868	A.11.  Changes from -10 to -11

870	   o  Added a definition of the term "flow" used in the prioritization
871	      chapter

873	   o  Changed the names of the four priority levels to conform to other
874	      specs.

876	A.12.  Changes from -11 to -12

878	   o  Added a SHOULD NOT about using deprecated temporary IPv6
879	      addresses.

881	   o  Updated draft-ietf-dart-dscp-rtp reference to RFC 7657

883	A.13.  Changes from -12 to -13

885	   o  Clarify that the ALPN header needs to be sent.

887	   o  Mentioned that RFC 7657 also talks about congestion control

889	A.14.  Changes from -13 to -14

891	   o  Add note about non-support for marking flows as interactive or
892	      non-interactive.

894	A.15.  Changes from -14 to -15

896	   o  Various text clarifications based on comments in Last Call and
897	      IESG review

899	   o  Clarified that only non-deprecated IPv6 addresses are used
900	   o  Described handling of downgrading of DSCP markings when blackholes
901	      are detected

903	   o  Expanded acronyms in a new protocol list

905	A.16.  Changes from -15 to -16

907	   These changes are done post IESG approval, and address IESG comments
908	   and other late comments.  Issue numbers refer to https://github.com/
909	   rtcweb-wg/rtcweb-transport/issues.

911	   o  Moved RFC 4594, 7656 and -overview to normative (issue #28)

913	   o  Changed the terms "client", "WebRTC implementation" and "WebRTC
914	      device" to consistently be "WebRTC endpoint", as defined in
915	      -overview. (issue #40)

917	   o  Added a note mentioning TURN service discovery and RETURN (issue
918	      #42)

920	   o  Added a note mentioning that rtp-usage requires circut breaker and
921	      congestion control (issue #43)

923	   o  Added mention of the "don't discard temporary IPv6 addresses that
924	      are in use" (issue #44)

926	   o  Added a reference to draft-ietf-rmcat-coupled-cc (issue #46)

928	Author's Address

930	   Harald Alvestrand
931	   Google

933	   Email: harald@alvestrand.no