idnits 2.17.1 draft-ietf-taps-arch-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (23 December 2019) is 1584 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-26) exists of draft-ietf-taps-interface-05 == Outdated reference: A later version (-18) exists of draft-ietf-taps-impl-05 == Outdated reference: A later version (-12) exists of draft-ietf-taps-transport-security-10 -- Obsolete informational reference (is this intentional?): RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 7230 (Obsoleted by RFC 9110, RFC 9112) -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TAPS Working Group T. Pauly, Ed. 3 Internet-Draft Apple Inc. 4 Intended status: Standards Track B. Trammell, Ed. 5 Expires: 25 June 2020 Google 6 A. Brunstrom 7 Karlstad University 8 G. Fairhurst 9 University of Aberdeen 10 C. Perkins 11 University of Glasgow 12 P. Tiesel 13 TU Berlin 14 C. Wood 15 Apple Inc. 16 23 December 2019 18 An Architecture for Transport Services 19 draft-ietf-taps-arch-06 21 Abstract 23 This document describes an architecture for exposing transport 24 protocol features to applications for network communication, the 25 Transport Services architecture. The Transport Services Application 26 Programming Interface (API) is based on an asynchronous, event-driven 27 interaction pattern. It uses messages for representing data transfer 28 to applications, and it assumes an implementation that can use 29 multiple IP addresses, multiple protocols, and multiple paths, and 30 provide multiple application streams. This document further defines 31 common terminology and concepts to be used in definitions of 32 Transport Services APIs and implementations. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on 25 June 2020. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 57 license-info) in effect on the date of publication of this document. 58 Please review these documents carefully, as they describe your rights 59 and restrictions with respect to this document. Code Components 60 extracted from this document must include Simplified BSD License text 61 as described in Section 4.e of the Trust Legal Provisions and are 62 provided without warranty as described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 4 68 1.2. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 69 1.3. Specification of Requirements . . . . . . . . . . . . . . 5 70 2. API Model . . . . . . . . . . . . . . . . . . . . . . . . . . 5 71 2.1. Event-Driven API . . . . . . . . . . . . . . . . . . . . 7 72 2.2. Data Transfer Using Messages . . . . . . . . . . . . . . 7 73 2.3. Flexibile Implementation . . . . . . . . . . . . . . . . 8 74 3. Design Principles . . . . . . . . . . . . . . . . . . . . . . 9 75 3.1. Common APIs for Common Features . . . . . . . . . . . . . 9 76 3.2. Access to Specialized Features . . . . . . . . . . . . . 9 77 3.3. Scope for API and Implementation Definitions . . . . . . 10 78 4. Transport Services Architecture and Concepts . . . . . . . . 11 79 4.1. Transport Services API Concepts . . . . . . . . . . . . . 12 80 4.1.1. Connections and Related Objects . . . . . . . . . . . 14 81 4.1.2. Pre-Establishment . . . . . . . . . . . . . . . . . . 15 82 4.1.3. Establishment Actions . . . . . . . . . . . . . . . . 16 83 4.1.4. Data Transfer Objects and Actions . . . . . . . . . . 17 84 4.1.5. Event Handling . . . . . . . . . . . . . . . . . . . 18 85 4.1.6. Termination Actions . . . . . . . . . . . . . . . . . 18 86 4.2. Transport System Implementation Concepts . . . . . . . . 19 87 4.2.1. Candidate Gathering . . . . . . . . . . . . . . . . . 20 88 4.2.2. Candidate Racing . . . . . . . . . . . . . . . . . . 20 89 4.2.3. Protocol Stack Equivalence . . . . . . . . . . . . . 21 90 4.2.4. Separating Connection Groups . . . . . . . . . . . . 22 91 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 92 6. Security Considerations . . . . . . . . . . . . . . . . . . . 23 93 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24 94 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 95 8.1. Normative References . . . . . . . . . . . . . . . . . . 24 96 8.2. Informative References . . . . . . . . . . . . . . . . . 24 97 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 99 1. Introduction 101 Many application programming interfaces (APIs) to perform transport 102 networking have been deployed, perhaps the most widely known and 103 imitated being the BSD Socket [POSIX] interface. The naming of 104 objects and functions across these APIs is not consistent, and varies 105 depending on the protocol being used. For example, sending and 106 receiving streams of data is conceptually the same for both an 107 unencrypted Transmission Control Protocol (TCP) stream and operating 108 on an encrypted Transport Layer Security (TLS) [RFC8446] stream over 109 TCP, but applications cannot use the same socket "send()" and 110 "recv()" calls on top of both kinds of connections. Similarly, 111 terminology for the implementation of transport protocols varies 112 based on the context of the protocols themselves: terms such as 113 "flow", "stream", "message", and "connection" can take on many 114 different meanings. This variety can lead to confusion when trying 115 to understand the similarities and differences between protocols, and 116 how applications can use them effectively. 118 The goal of the Transport Services architecture is to provide a 119 common, flexible, and reusable interface for transport protocols. As 120 applications adopt this interface, they will benefit from a wide set 121 of transport features that can evolve over time, and ensure that the 122 system providing the interface can optimize its behavior based on the 123 application requirements and network conditions, without requiring 124 changes to the applications. This flexibility enables faster 125 deployment of new features and protocols. It can also support 126 applications by offering racing and fallback mechanisms, which 127 otherwise need to be implemented in each application separately. 129 This document was developed in parallel with the specification of the 130 Transport Services API [I-D.ietf-taps-interface] and Implementation 131 Guidelines [I-D.ietf-taps-impl]. Although following the Transport 132 Services Architecture does not require that all APIs and 133 implementations are identical, a common minimal set of features 134 represented in a consistent fashion will enable applications to be 135 easily ported from one system to another. 137 1.1. Background 139 The Transport Services architecture is based on the survey of 140 services provided by IETF transport protocols and congestion control 141 mechanisms [RFC8095], and the distilled minimal set of the features 142 offered by transport protocols [I-D.ietf-taps-minset]. These 143 documents identified common features and patterns across all 144 transport protocols developed thus far in the IETF. 146 Since transport security is an increasingly relevant aspect of using 147 transport protocols on the Internet, this architecture also considers 148 the impact of transport security protocols on the feature-set exposed 149 by transport services [I-D.ietf-taps-transport-security]. 151 One of the key insights to come from identifying the minimal set of 152 features provided by transport protocols [I-D.ietf-taps-minset] was 153 that features either require application interaction and guidance 154 (referred to in that document as Functional or Optimizing Features), 155 or else can be handled automatically by a system implementing 156 Transport Services (referred to as Automatable Features). Among the 157 Functional and Optimizing Features, some were common across all or 158 nearly all transport protocols, while others could be seen as 159 features that, if specified, would only be useful with a subset of 160 protocols, but would not harm the functionality of other protocols. 161 For example, some protocols can deliver messages faster for 162 applications that do not require messages to arrive in the order in 163 which they were sent. However, this functionality needs to be 164 explicitly allowed by the application, since reordering messages 165 would be undesirable in many cases. 167 1.2. Overview 169 This document describes the Transport Services architecture in three 170 sections: 172 * Section 2 describes how the API model of Transport Services 173 differs from traditional socket-based APIs. Specifically, it 174 offers asynchronous event-driven interaction, the use of messages 175 for data transfer, and the ability to easily adopt different 176 transport protocols. 178 * Section 3 explains the design principles behind the Transport 179 Services API. These principles are intended to make sure that 180 transport protocols can continue to be enhanced and evolve without 181 requiring too many changes by application developers. 183 * Section 4 presents the Transport Services architecture diagram and 184 defines the concepts that are used by both the API and 185 implementation documents. The Preconnection allows applications 186 to configure connection properties, and the Connection represents 187 an object that can be used to send and receive Messages. 189 1.3. Specification of Requirements 191 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 192 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 193 "OPTIONAL" in this document are to be interpreted as described in BCP 194 14 [RFC2119] [RFC8174] when, and only when, they appear in all 195 capitals, as shown here. 197 2. API Model 199 The traditional model of using sockets for networking can be 200 represented as follows: 202 * Applications create connections and transfer data using the Socket 203 API. 205 * The Socket API provides the interface to the implementations of 206 TCP and UDP (typically implemented in the system's kernel). 208 * TCP and UDP in the kernel send and receive data over the available 209 network-layer interfaces. 211 * Sockets are bound directly to transport-layer and network-layer 212 addresses, obtained via a separate resolution step, usually 213 performed by a system-provided stub resolver. 215 +-----------------------------------------------------+ 216 | Application | 217 +-----------------------------------------------------+ 218 | | | 219 +------------+ +------------+ +--------------+ 220 | stub | | Stream API | | Datagram API | 221 | resolver | +------------+ +--------------+ 222 +------------+ | | 223 +---------------------------------+ 224 | TCP UDP | 225 | Kernel Networking Stack | 226 +---------------------------------+ 227 | 228 +-----------------------------------------------------+ 229 | Network Layer Interface | 230 +-----------------------------------------------------+ 232 Figure 1: Socket API Model 234 The Transport Services architecture evolves this general model of 235 interaction, aiming to both modernize the API surface presented to 236 applications by the transport layer and enrich the capabilities of 237 the transport system implementation. It combines interfaces for 238 multiple interaction patterns into a unified whole. By combining 239 name resolution with connection establishment and data transfer in a 240 single API, it allows for more flexible implementations to provide 241 path and transport protocol agility on the application's behalf. 243 +-----------------------------------------------------+ 244 | Application | 245 +-----------------------------------------------------+ 246 | 247 +-----------------------------------------------------+ 248 | Transport Services API | 249 +-----------------------------------------------------+ 250 | 251 +-----------------------------------------------------+ 252 | Transport System Implementation | 253 | (Using: DNS, UDP, TCP, SCTP, DCCP, TLS, QUIC, etc) | 254 +-----------------------------------------------------+ 255 | 256 +-----------------------------------------------------+ 257 | Network Layer Interface | 258 +-----------------------------------------------------+ 260 Figure 2: Transport Services API Model 262 The Transport Services API [I-D.ietf-taps-interface] defines the 263 mechanism for an application to create network connections and 264 transfer data. The implementation [I-D.ietf-taps-impl] is 265 responsible for mapping the API to the various available transport 266 protocols and managing the available network interfaces and paths. 268 There are key differences between the architecture of the Transport 269 Services system and the architecture of the sockets API: the 270 Transport Services API is asynchronous and event-driven; it uses 271 messages for representing data transfer to applications, and it 272 assumes an implementation that can use multiple IP addresses, 273 multiple protocols, multiple paths, and provide multiple application 274 streams. 276 2.1. Event-Driven API 278 Originally, sockets presented a blocking interface for establishing 279 connections and transferring data. However, most modern applications 280 interact with the network asynchronously. Emulation of an 281 asynchronous interface using sockets generally uses a try-and-fail 282 model. If the application wants to read, but data has not yet been 283 received from the peer, the call to read will fail. The application 284 then waits and can try again later. 286 In contrast to sockets, all interaction with a Transport Services 287 system is expected to be asynchronous, and use an event-driven model 288 (see Section 4.1.5). For example, if the application wants to read, 289 its call to read will not complete immediately, but will deliver an 290 event containing the received data once it is available. Error 291 handling is also asynchronous; a failure to send results in an 292 asynchronous send error as an event. 294 The Transport Services API also delivers events regarding the 295 lifetime of a connection and changes in the available network links, 296 which were not previously made explicit in sockets. 298 Using asynchronous events allows for a more natural interaction model 299 when establishing connections and transferring data. Events in time 300 more closely reflect the nature of interactions over networks, as 301 opposed to how sockets represent network resources as file system 302 objects that may be temporarily unavailable. 304 Separate from events, callbacks are also provided for asynchronous 305 interactions with the API not directly related to events on the 306 network or network interfaces. 308 2.2. Data Transfer Using Messages 310 Sockets provide a message interface for datagram protocols like UDP, 311 but provide an unstructured stream abstraction for TCP. While TCP 312 does indeed provide the ability to send and receive data as streams, 313 most applications need to interpret structure within these streams. 314 For example, HTTP/1.1 uses character delimiters to segment messages 315 over a stream [RFC7230]; TLS record headers carry a version, content 316 type, and length [RFC8446]; and HTTP/2 uses frames to segment its 317 headers and bodies [RFC7540]. 319 The Transport Services API represents data as messages, so that it 320 more closely matches the way applications use the network. Providing 321 a message-based abstraction provides many benefits, such as: 323 * the ability to associate deadlines with messages, for applications 324 that care about timing; 326 * the ability to provide control of reliability, choosing which 327 messages to retransmit when there is packet loss, and how best to 328 make use of the data that arrived; 330 * the ability to manage dependencies between messages, when the 331 transport system could decide to not deliver a message, either 332 following packet loss or because it has missed a deadline. In 333 particular, this can avoid (re-)sending data that relies on a 334 previous transmission that was never received. 336 * the ability to automatically assign messages and connections to 337 underlying transport connections to utilize multi-streaming and 338 pooled connections. 340 Allowing applications to interact with messages is backwards- 341 compatible with existings protocols and APIs, as it does not change 342 the wire format of any protocol. Instead, it gives the protocol 343 stack additional information to allow it to make better use of modern 344 transport services, while simplifying the application's role in 345 parsing data. For protocols which natively use a streaming 346 abstraction, framers (Section 4.1.4) bridge the gap between the two 347 abstractions. 349 2.3. Flexibile Implementation 351 Sockets, for protocols like TCP, are generally limited to connecting 352 to a single address over a single interface. They also present a 353 single stream to the application. Software layers built upon sockets 354 often propagate this limitation of a single-address single-stream 355 model. The Transport Services architecture is designed to handle 356 multiple candidate endpoints, protocols, and paths; and support 357 multipath and multistreaming protocols. 359 Transport Services implementations are meant to be flexible at 360 connection establishment time, considering many different options and 361 trying to select the most optimal combinations (Section 4.2.1 and 362 Section 4.2.2). This requires applications to provide higher-level 363 endpoints than IP addresses, such as hostnames and URLs, which are 364 used by a Transport Services implementation for resolution, path 365 selection, and racing. 367 Flexibility after connection establishment is also important. 368 Transport protocols that can migrate between multiple network-layer 369 interfaces need to be able to process and react to interface changes. 370 Protocols that support multiple application-layer streams need to 371 support initiating and receiving new streams using existing 372 connections. 374 3. Design Principles 376 The goal of the Transport Services architecture is to redefine the 377 interface between applications and transports in a way that allows 378 the transport layer to evolve and improve without fundamentally 379 changing the contract with the application. This requires a careful 380 consideration of how to expose the capabilities of protocols. 382 There are several degrees in which a Transport Services system is 383 intended to offer flexibility to an application: it can provide 384 access to multiple sets of protocols and protocol features; it can 385 use these protocols across multiple paths that could have different 386 performance and functional characteristics; and it can communicate 387 with different remote systems to optimize performance, robustness to 388 failure, or some other metric. Beyond these, if the API for the 389 system remains the same over time, new protocols and features could 390 be added to the system's implementation without requiring changes in 391 applications for adoption. 393 3.1. Common APIs for Common Features 395 Functionality that is common across multiple transport protocols 396 SHOULD be accessible through a unified set of API calls. An 397 application ought to be able to implement logic for its basic use of 398 transport networking (establishing the transport, and sending and 399 receiving data) once, and expect that implementation to continue to 400 function as the transports change. 402 Any Transport Services API is REQUIRED to allow access to the 403 distilled minimal set of features offered by transport protocols 404 [I-D.ietf-taps-minset]. 406 3.2. Access to Specialized Features 408 There are applications that will need to control fine-grained details 409 of transport protocols to optimize their behavior and ensure 410 compatibility with remote systems. A Transport Services system 411 therefore SHOULD also permit more specialized protocol features to be 412 used. The interface for these specialized options ought to be 413 exposed differently from the common options to ensure flexibility. 415 A specialized feature could be required by an application only when 416 using a specific protocol, and not when using others. For example, 417 if an application is using UDP, it could require control over the 418 checksum or fragmentation behavior for UDP; if it used a protocol to 419 frame its data over a byte stream like TCP, it would not need these 420 options. In such cases, the API ought to expose the features in such 421 a way that they take effect when a particular protocol is selected, 422 but do not imply that only that protocol could be used. For example, 423 if the API allows an application to specify a preference to use a 424 partial checksum, communication would not fail when a protocol such 425 as TCP is selected, which uses a checksum covering the entire 426 payload. 428 Other specialized features, however, could be strictly required by an 429 application and thus constrain the set of protocols that can be used. 430 For example, if an application requires support for automatic 431 handover or failover for a Connection, only protocol stacks that 432 provide this feature are eligible to be used, e.g., protocol stacks 433 that include a multipath protocol or a protocol that supports 434 connection migration. A Transport Services API MUST allow 435 applications to define such requirements and constrain the system's 436 options. Since such options are not part of the core/common 437 features, it will generally be simple for an application to modify 438 its set of constraints and change the set of allowable protocol 439 features without changing the core implementation. 441 3.3. Scope for API and Implementation Definitions 443 The Transport Services API is envisioned as the abstract model for a 444 family of APIs that share a common way to expose transport features 445 and encourage flexibility. The abstract API definition 446 [I-D.ietf-taps-interface] describes this interface and how it can be 447 exposed to application developers. 449 Implementations that provide the Transport Services API 450 [I-D.ietf-taps-impl] will vary due to system-specific support and the 451 needs of the deployment scenario. It is expected that all 452 implementations of Transport Services will offer the entire mandatory 453 API. All implementations are REQUIRED to offer an API that is 454 sufficient to use the distilled minimal set of features offered by 455 transport protocols [I-D.ietf-taps-minset], including API support for 456 TCP and UDP transport. However, some features provided by this API 457 will not be functional in certain implementations. For example, it 458 is possible that some very constrained devices might not have a full 459 TCP implementation beneath the API. 461 To preserve flexibility and compatibility with future protocols, top- 462 level features in the Transport Services API SHOULD avoid referencing 463 particular transport protocols. The mappings of these API features 464 to specific implementations of each feature is explained in the 465 [I-D.ietf-taps-impl] along with the implications of the feature on 466 existing protocols. It is expected that [I-D.ietf-taps-interface] 467 will be updated and supplemented as new protocols and protocol 468 features are developed. 470 It is important to note that neither the Transport Services API 471 [I-D.ietf-taps-interface] nor the Implementation document 472 [I-D.ietf-taps-impl] define new protocols or protocol capabilities 473 that affect what is communicated across the network: this implies 474 that a Transport Services system MUST be deployable on only one side 475 of a connection. A Transport Services system acting as a connection 476 initiator can communicate with any existing system that implements 477 the transport protocol(s) selected by the Transport Services system. 478 Similarly, a Transport Services system acting as a listener can 479 receive connections for any protocol that is supported by the system, 480 from existing initiators. 482 4. Transport Services Architecture and Concepts 484 The concepts defined in this document are intended primarily for use 485 in the documents and specifications that describe the Transport 486 Services architecture and API. While the specific terminology can be 487 used in some implementations, it is expected that there will remain a 488 variety of terms used by running code. 490 The architecture divides the concepts for Transport Services into two 491 categories: 493 1. API concepts, which are intended to be exposed to applications; 494 and 496 2. System-implementation concepts, which are intended to be 497 internally used when building systems that implement Transport 498 Services. 500 The following diagram summarizes the top-level concepts in the 501 architecture and how they relate to one another. 503 +-----------------------------------------------------+ 504 | Application | 505 +-+----------------+------^-------+--------^----------+ 506 | | | | | 507 pre- | data | events 508 establishment | transfer | | 509 | establishment | termination | 510 | | | | | 511 | +--v------v-------v+ | 512 +-v-------------+ Connection(s) +-------+----------+ 513 | Transport +--------+---------+ | 514 | Services | | 515 | API | | 516 +------------------------|----------------------------+ 517 | 518 +------------------------|----------------------------+ 519 | Transport | | 520 | System | +-----------------+ | 521 | Implementation | | Cached | | 522 | | | State | | 523 | (Candidate Gathering) | +-----------------+ | 524 | | | 525 | (Candidate Racing) | +-----------------+ | 526 | | | System | | 527 | | | Policy | | 528 | +----------v-----+ +-----------------+ | 529 | | Protocol | | 530 +-------------+ Stack(s) +----------------------+ 531 +-------+--------+ 532 V 533 Network Layer Interface 535 Figure 3: Concepts and Relationships in the Transport Services 536 Architecture 538 4.1. Transport Services API Concepts 540 Fundamentally, a Transport Services API needs to provide connection 541 objects (Section 4.1.1) that allow applications to establish 542 communication, and then send and receive data. These could be 543 exposed as handles or referenced objects, depending on the language. 545 Beyond the connection objects, there are several high-level groups of 546 actions that any Transport Services API implementing this 547 specification MUST provide: 549 * Pre-Establishment (Section 4.1.2) encompasses the properties that 550 an application can pass to describe its intent, requirements, 551 prohibitions, and preferences for its networking operations. For 552 any system that provides generic Transport Services, these 553 properties SHOULD apply to multiple transport protocols. 554 Properties specified during Pre-Establishment can have a large 555 impact on the rest of the interface: they modify how establishment 556 occurs, they influence the expectations around data transfer, and 557 they determine the set of events that will be supported. 559 * Establishment (Section 4.1.3) focuses on the actions that an 560 application takes on the connection objects to prepare for data 561 transfer. 563 * Data Transfer (Section 4.1.4) consists of how an application 564 represents the data to be sent and received, the functions 565 required to send and receive that data, and how the application is 566 notified of the status of its data transfer. 568 * Event Handling (Section 4.1.5) defines categories of notifications 569 which an application can receive during the lifetime of transport 570 objects. Events MAY also provide opportunities for the 571 application to interact with the underlying transport by querying 572 state or updating maintenance options. 574 * Termination (Section 4.1.6) focuses on the methods by which data 575 transmission is stopped, and state is torn down in the transport. 577 The diagram below provides a high-level view of the actions and 578 events during the lifetime of a connection. Note that some actions 579 are alternatives (e.g., whether to initiate a connection or to listen 580 for incoming connections), while others are optional (e.g., setting 581 Connection and Message Properties in Pre-Establishment) or have been 582 omitted for brevity. 584 Pre-Establishment : Established : Termination 585 ----------------- : ----------- : ----------- 586 : : 587 +-- Local Endpoint : Message : 588 +-- Remote Endpoint : Receive() | : 589 +-- Transport Properties : Send() | : 590 | : | Close() : 591 | +---------------+ Initiate() +-----+------+ Abort() : 592 +---+ Preconnection |------------->| Connection |-----------> Closed 593 +---------------+ Rendezvous() +------------+ Conn. : 594 | : ^ | Finished : 595 Listen() | : | | : 596 | : | v : 597 v : | Connection : 598 +----------+ : | Ready : 599 | Listener |----------------------+ : 600 +----------+ Connection Received : 601 : : 603 Figure 4: The lifetime of a connection 605 4.1.1. Connections and Related Objects 607 * Preconnection: A Preconnection object is a representation of a 608 potential connection. It has state that describes parameters of a 609 Connection that might exist in the future: the Local Endpoint from 610 which that Connection will be established, the Remote Endpoint 611 (Section 4.1.2) to which it will connect, and Transport Properties 612 that influence the paths and protocols a Connection will use. A 613 Preconnection can be fully specified such that it represents a 614 single possible Connection, or it can be partially specified such 615 that it represents a family of possible Connections. The Local 616 Endpoint (Section 4.1.2) MUST be specified if the Preconnection is 617 used to Listen for incoming connections. The Local Endpoint is 618 OPTIONAL if it is used to Initiate connections. The Remote 619 Endpoint MUST be specified in the Preconnection that is used to 620 Initiate connections. The Remote Endpoint is OPTIONAL if it is 621 used to Listen for incoming connections. The Local Endpoint and 622 the Remote Endpoint MUST both be specified if a peer-to-peer 623 Rendezvous is to occur based on the Preconnection. 625 * Transport Properties: Transport Properties allow the application 626 to express their requirements, prohibitions, and preferences and 627 configure the Transport System. There are three kinds of 628 Transport Properties: 630 - Selection Properties (Section 4.1.2) that can only be specified 631 on a Preconnection. 633 - Connection Properties (Section 4.1.2) that can be specified on 634 a Preconnection and changed on the Connection. 636 - Message Properties (Section 4.1.4) that can be specified as 637 defaults on a Preconnection or a Connection, and can also be 638 specified during data transfer to affect specific Messages. 640 * Connection: A Connection object represents one or more active 641 transport protocol instances that can send and/or receive Messages 642 between local and remote systems. It holds state pertaining to 643 the underlying transport protocol instances and any ongoing data 644 transfers. This represents, for example, an active connection in 645 a connection-oriented protocol such as TCP, or a fully-specified 646 5-tuple for a connectionless protocol such as UDP. It can also 647 represent a pool of transport protocol instances, e.g., a set of 648 TCP and QUIC connections to equivalent endpoints, or a stream of a 649 multi-streaming transport protocol instance. Connections can be 650 created from a Preconnection or by a Listener. 652 * Listener: A Listener object accepts incoming transport protocol 653 connections from remote systems and generates corresponding 654 Connection objects. It is created from a Preconnection object 655 that specifies the type of incoming connections it will accept. 657 4.1.2. Pre-Establishment 659 * Endpoint: An Endpoint represents an identifier for one side of a 660 transport connection. Endpoints can be Local Endpoints or Remote 661 Endpoints, and respectively represent an identity that the 662 application uses for the source or destination of a connection. 663 An Endpoint can be specified at various levels of abstraction, and 664 an Endpoint at a higher level of abstraction (such as a hostname) 665 can be resolved to more concrete identities (such as IP 666 addresses). 668 * Remote Endpoint: The Remote Endpoint represents the application's 669 identifier for a peer that can participate in a transport 670 connection; for example, the combination of a DNS name for the 671 peer and a service name/port. 673 * Local Endpoint: The Local Endpoint represents the application's 674 identifier for itself that it uses for transport connections; for 675 example, a local IP address and port. 677 * Selection Properties: The Selection Properties consist of the 678 options that an application can set to influence the selection of 679 paths between the local and remote systems, to influence the 680 selection of transport protocols, or to configure the behavior of 681 generic transport protocol features. These options can take the 682 form of requirements, prohibitions, or preferences. Examples of 683 options that influence path selection include the interface type 684 (such as a Wi-Fi connection, or a Cellular LTE connection), 685 requirements around the Maximum Transmission Unit (MTU) or path 686 MTU (PMTU), or preferences for throughput and latency properties. 687 Examples of options that influence protocol selection and 688 configuration of transport protocol features include reliability, 689 service class, multipath support, and fast open support. 691 * Connection Properties: The Connection Properties are used to 692 configure protocol-specific options and control per-connection 693 behavior of the Transport System; for example, a protocol-specific 694 Connection Property can express that if UDP is used, the 695 implementation ought to use checksums. Note that the presence of 696 such a property does not require that a specific protocol will be 697 used. In general, these properties do not explicitly determine 698 the selection of paths or protocols, but can be used in this way 699 by an implementation during connection establishment. Connection 700 Properties are specified on a Preconnection prior to Connection 701 establishment, and can be modified on the Connection later. 702 Changes made to Connection Properties after Connection 703 establishment take effect on a best-effort basis. 705 4.1.3. Establishment Actions 707 * Initiate: The primary action that an application can take to 708 create a Connection to a Remote Endpoint, and prepare any required 709 local or remote state to enable the transmission of Messages. For 710 some protocols, this will initiate a client-to-server style 711 handshake; for other protocols, this will just establish local 712 state (e.g., with connectionless protocols such as UDP). The 713 process of identifying options for connecting, such as resolution 714 of the Remote Endpoint, occurs in response to the Initiate call. 716 * Listen: Enables a listener to accept incoming Connections. The 717 Listener will then create Connection objects as incoming 718 connections are accepted (Section 4.1.5). Listeners by default 719 register with multiple paths, protocols, and local endpoints, 720 unless constrained by Selection Properties and/or the specified 721 Local Endpoint(s). Connections can be accepted on any of the 722 available paths or endpoints. 724 * Rendezvous: The action of establishing a peer-to-peer connection 725 with a Remote Endpoint. It simultaneously attempts to initiate a 726 connection to a Remote Endpoint while listening for an incoming 727 connection from that endpoint. The process of identifying options 728 for the connection, such as resolution of the Remote Endpoint, 729 occurs during the Rendezvous call. As with Listeners, the set of 730 local paths and endpoints is constrained by Selection Properties. 731 If successful, the Rendezvous call returns a Connection object to 732 represent the established peer-to-peer connection. The processes 733 by which connections are initiated during a Rendezvous action will 734 depend on the set of Local and Remote Endpoints configured on the 735 Preconnection. For example, if the Local and Remote Endpoints are 736 TCP host candidates, then a TCP simultaneous open [RFC0793] will 737 be performed. However, if the set of Local Endpoints includes 738 server reflexive candidates, such as those provided by STUN, a 739 Rendezvous action will race candidates in the style of the ICE 740 algorithm [RFC8445] to perform NAT binding discovery and initiate 741 a peer-to-peer connection. 743 4.1.4. Data Transfer Objects and Actions 745 * Message: A Message object is a unit of data that can be 746 represented as bytes that can be transferred between two systems 747 over a transport connection. The bytes within a Message are 748 assumed to be ordered within the Message. If an application does 749 not care about the order in which a peer receives two distinct 750 spans of bytes, those spans of bytes are considered independent 751 Messages. 753 * Message Properties: Message Properties are used to specify details 754 about Message transmission. They can be specified directly on 755 individual Messages, or can be set on a Preconnection or 756 Connection as defaults. These properties might only apply to how 757 a Message is sent (such as how the transport will treat 758 prioritization and reliability), but can also include properties 759 that specific protocols encode and communicate to the Remote 760 Endpoint. When receiving Messages, Message Properties can contain 761 information about the received Message, such as metadata generated 762 at the receiver and information signalled by the remote endpoint. 764 * Send: The action to transmit a Message over a Connection to the 765 remote system. The interface to Send MAY include Message 766 Properties specific to how the Message content is to be sent. The 767 status of the Send operation MUST be delivered back to the sending 768 application in an event (Section 4.1.5). 770 * Receive: An action that indicates that the application is ready to 771 asynchronously accept a Message over a Connection from a remote 772 system, while the Message content itself will be delivered in an 773 event (Section 4.1.5). The interface to Receive MAY include 774 Message Properties specific to the Message that is to be delivered 775 to the application. 777 * Framer: A Framer is a data translation layer that can be added to 778 a Connection to define how application-layer Messages are 779 transmitted over a transport protocol. This is particularly 780 relevant for protocols that otherwise present unstructured 781 streams, such as TCP. 783 4.1.5. Event Handling 785 The following categories of events can be delivered to an 786 application: 788 * Connection Ready: Signals to an application that a given 789 Connection is ready to send and/or receive Messages. If the 790 Connection relies on handshakes to establish state between peers, 791 then it is assumed that these steps have been taken. 793 * Connection Finished: Signals to an application that a given 794 Connection is no longer usable for sending or receiving Messages. 795 The event SHOULD deliver a reason or error to the application that 796 describes the nature of the termination. 798 * Connection Received: Signals to an application that a given 799 Listener has received a Connection. 801 * Message Received: Delivers received Message content to the 802 application, based on a Receive action. This MAY include an error 803 if the Receive action cannot be satisfied due to the Connection 804 being closed. 806 * Message Sent: Notifies the application of the status of its Send 807 action. This might indicate a failure if the Message cannot be 808 sent, or an indication that Message has been processed by the 809 protocol stack. 811 * Path Properties Changed: Notifies the application that some 812 property of the Connection has changed that might influence how 813 and where data is sent and/or received. 815 4.1.6. Termination Actions 817 * Close: The action an application takes on a Connection to indicate 818 that it no longer intends to send data, is no longer willing to 819 receive data, and that the protocol SHOULD signal this state to 820 the remote system if the transport protocol allows this. (Note 821 that this is distinct from the concept of "half-closing" a 822 bidirectional connection, such as when a FIN is sent in one 823 direction of a TCP connection. Indicating the end of a stream in 824 the Transport Services architecture is possible using Message 825 Properties when sending.) 827 * Abort: The action the application takes on a Connection to 828 indicate a Close and also indicate that the transport system 829 SHOULD NOT attempt to deliver any outstanding data. This is 830 intended for immediate termination of a connection, without 831 cleaning up state. 833 4.2. Transport System Implementation Concepts 835 This section defines the set of objects used internally to a system 836 or library to implement the functionality needed to provide a 837 transport service across a network, as required by the abstract 838 interface. 840 * Connection Group: A set of Connections that share properties and 841 caches. For multiplexing transport protocols, only Connections 842 within the same Connection Group are allowed to be multiplexed 843 together. An application can explicitly define Connection Groups 844 to control caching boundaries, as discussed in Section 4.2.4. 846 * Path: Represents an available set of properties that a local 847 system can use to communicate with a remote system, such as 848 routes, addresses, and physical and virtual network interfaces. 850 * Protocol Instance: A single instance of one protocol, including 851 any state necessary to establish connectivity or send and receive 852 Messages. 854 * Protocol Stack: A set of Protocol Instances (including relevant 855 application, security, transport, or Internet protocols) that are 856 used together to establish connectivity or send and receive 857 Messages. A single stack can be simple (a single transport 858 protocol instance over IP), or complex (multiple application 859 protocol streams going through a single security and transport 860 protocol, over IP; or, a multi-path transport protocol over 861 multiple transport sub-flows). 863 * Candidate Path: One path that is available to an application and 864 conforms to the Selection Properties and System Policy. Candidate 865 Paths are identified during the gathering phase (Section 4.2.1) 866 and can be used during the racing phase (Section 4.2.2). 868 * Candidate Protocol Stack: One protocol stack that can be used by 869 an application for a connection, of which there can be several. 870 Candidate Protocol Stacks are identified during the gathering 871 phase (Section 4.2.1) and are started during the racing phase 872 (Section 4.2.2). 874 * System Policy: Represents the input from an operating system or 875 other global preferences that can constrain or influence how an 876 implementation will gather candidate paths and protocol stacks 877 (Section 4.2.1) and race the candidates during establishment 878 (Section 4.2.2). Specific aspects of the System Policy either 879 apply to all Connections or only certain ones, depending on the 880 runtime context and properties of the Connection. 882 * Cached State: The state and history that the implementation keeps 883 for each set of associated Endpoints that have been used 884 previously. This can include DNS results, TLS session state, 885 previous success and quality of transport protocols over certain 886 paths. 888 4.2.1. Candidate Gathering 890 * Candidate Path Selection: Candidate Path Selection represents the 891 act of choosing one or more paths that are available to use based 892 on the Selection Properties and any available Local and Remote 893 Endpoints provided by the application, as well as the policies and 894 heuristics of a Transport Services system. 896 * Candidate Protocol Selection: Candidate Protocol Selection 897 represents the act of choosing one or more sets of protocol stacks 898 that are available to use based on the Transport Properties 899 provided by the application, and the heuristics or policies within 900 the Transport Services system. 902 4.2.2. Candidate Racing 904 Connection establishment attempts for a set of candidates may be 905 performed simultaneously, synchronously, serially, or some 906 combination of all of these. We refer to this process as racing, 907 borrowing terminology from Happy Eyeballs [RFC8305]. 909 * Protocol Option Racing: Protocol Option Racing is the act of 910 attempting to establish, or scheduling attempts to establish, 911 multiple Protocol Stacks that differ based on the composition of 912 protocols or the options used for protocols. 914 * Path Racing: Path Racing is the act of attempting to establish, or 915 scheduling attempts to establish, multiple Protocol Stacks that 916 differ based on a selection from the available Paths. Since 917 different Paths will have distinct configurations for local 918 addresses and DNS servers, attempts across different Paths will 919 perform separate DNS resolution steps, which can lead to further 920 racing of the resolved Remote Endpoints. 922 * Remote Endpoint Racing: Remote Endpoint Racing is the act of 923 attempting to establish, or scheduling attempts to establish, 924 multiple Protocol Stacks that differ based on the specific 925 representation of the Remote Endpoint, such as IP addresses 926 resolved from a DNS hostname. 928 4.2.3. Protocol Stack Equivalence 930 The Transport Services architecture defines a mechanism that allows 931 applications to easily use different network paths and Protocol 932 Stacks. In some cases, changing which Protocol Stacks or network 933 paths are used will require updating the preferences expressed by the 934 application that uses the Transport Services system. For example, an 935 application can enable the use of a multipath or multistreaming 936 transport protocol by modifying the properties in its Pre-Connection 937 configuration. In some cases, however, the Transport Services system 938 will be able to automatically change Protocol Stacks without an 939 update to the application, either by selecting a new stack entirely, 940 or by racing multiple candidate Protocol Stacks during connection 941 establishment. This functionality in the API can be a powerful 942 driver of new protocol adoption, but needs to be constrained 943 carefully to avoid unexpected behavior that can lead to functional or 944 security problems. 946 If two different Protocol Stacks can be safely swapped, or raced in 947 parallel (see Section 4.2.2), then they are considered to be 948 "equivalent". Equivalent Protocol Stacks need to meet the following 949 criteria: 951 1. Both stacks MUST offer the interface requested by the application 952 for connection establishment and data transmission. For example, 953 if an application requires preservation of message boundaries, a 954 Protocol Stack that runs UDP as the top-level interface to the 955 application is not equivalent to a Protocol Stack that runs TCP 956 as the top-level interface. A UDP stack would allow an 957 application to read out message boundaries based on datagrams 958 sent from the remote system, whereas TCP does not preserve 959 message boundaries on its own, but needs a framing protocol on 960 top to determine message boundaries. 962 2. Both stacks MUST offer the transport services that are requested 963 by the application. For example, if an application specifies 964 that it requires reliable transmission of data, then a Protocol 965 Stack using UDP without any reliability layer on top would not be 966 allowed to replace a Protocol Stack using TCP. However, if the 967 application does not require reliability, then a Protocol Stack 968 that adds reliability could be regarded as an equivalent Protocol 969 Stack as long as providing this would not conflict with any other 970 application-requested properties. 972 3. Both stacks MUST offer security protocols and parameters as 973 requested by the application [I-D.ietf-taps-transport-security]. 974 Security features and properties, such as cryptographic 975 algorithms, peer authentication, and identity privacy vary across 976 security protocols, and across versions of security protocols. 977 Protocol equivalence ought not to be assumed for different 978 protocols or protocol versions, even if they offer similar 979 application configuration options. To ensure that security 980 protocols are not incorrectly swapped, Transport Services systems 981 SHOULD only automatically generate equivalent Protocol Stacks 982 when the transport security protocols within the stacks are 983 identical. Specifically, a transport system would consider 984 protocols identical only if they are of the same type and 985 version. For example, the same version of TLS running over two 986 different transport protocol stacks are considered equivalent, 987 whereas TLS 1.2 and TLS 1.3 [RFC8446] are not considered 988 equivalent. However, Transport Services systems MAY allow 989 applications to indicate that they consider two different 990 transport protocols equivalent, e.g., to allow fallback to TLS 991 1.2 if TLS 1.3 is not available. 993 4.2.4. Separating Connection Groups 995 By default, stored properties of the implementation, such as cached 996 protocol state, cached path state, and heuristics, may be shared 997 (e.g. across multiple connections in an application). This provides 998 efficiency and convenience for the application, since the Transport 999 System implementation can automatically optimize behavior. 1001 There are several reasons, however, that an application might want to 1002 explicitly isolate some Connections. These reasons include: 1004 * Privacy concerns about re-using cached protocol state that can 1005 lead to linkability. Sensitive state may include TLS session 1006 state [RFC8446] and HTTP cookies [RFC6265]. 1008 * Privacy concerns about allowing Connections to multiplex together, 1009 which can tell a Remote Endpoint that all of the Connections are 1010 coming from the same application (for example, when Connections 1011 are multiplexed HTTP/2 or QUIC streams). 1013 * Performance concerns about Connections introducing head-of-line 1014 blocking due to multiplexing or needing to share state on a single 1015 thread. 1017 The Transport Services API SHOULD allow applications to explicitly 1018 define Connection Groups that force separation of Cached State and 1019 Protocol Stacks. For example, a web browser application might use 1020 Connection Groups with separate caches for different tabs in the 1021 browser to decrease linkability. 1023 The interface to specify these groups MAY expose fine-grained tuning 1024 for which properties and cached state is allowed to be shared with 1025 other Connections. For example, an application might want to allow 1026 sharing TCP Fast Open cookies across groups, but not TLS session 1027 state. 1029 5. IANA Considerations 1031 RFC-EDITOR: Please remove this section before publication. 1033 This document has no actions for IANA. 1035 6. Security Considerations 1037 The Transport Services architecture does not recommend use of 1038 specific security protocols or algorithms. Its goal is to offer ease 1039 of use for existing protocols by providing a generic security-related 1040 interface. Each provided interface translates to an existing 1041 protocol-specific interface provided by supported security protocols. 1042 For example, trust verification callbacks are common parts of TLS 1043 APIs. Transport Services APIs will expose similar functionality 1044 [I-D.ietf-taps-transport-security]. 1046 As described above in Section 4.2.3, if a Transport Services system 1047 races between two different Protocol Stacks, both MUST use the same 1048 security protocols and options. 1050 Applications need to ensure that they use security APIs 1051 appropriately. In cases where applications use an interface to 1052 provide sensitive keying material, e.g., access to private keys or 1053 copies of pre-shared keys (PSKs), key use needs to be validated. For 1054 example, applications ought not to use PSK material created for the 1055 Encapsulating Security Protocol (ESP, part of IPsec) [RFC4303] with 1056 QUIC, and applications ought not to use private keys intended for 1057 server authentication as keys for client authentication. 1059 Moreover, Transport Services systems MUST NOT automatically fall back 1060 from secure protocols to insecure protocols, or to weaker versions of 1061 secure protocols. For example, if an application requests TLS, but 1062 the desired version of TLS is not available, its connection will 1063 fail. Applications are thus responsible for implementing security 1064 protocol fallback or version fallback by creating multiple Transport 1065 Services Connections, if so desired. 1067 7. Acknowledgements 1069 This work has received funding from the European Union's Horizon 2020 1070 research and innovation programme under grant agreements No. 644334 1071 (NEAT) and No. 688421 (MAMI). 1073 This work has been supported by Leibniz Prize project funds of DFG - 1074 German Research Foundation: Gottfried Wilhelm Leibniz-Preis 2011 (FKZ 1075 FE 570/4-1). 1077 This work has been supported by the UK Engineering and Physical 1078 Sciences Research Council under grant EP/R04144X/1. 1080 Thanks to Stuart Cheshire, Josh Graessley, David Schinazi, and Eric 1081 Kinnear for their implementation and design efforts, including Happy 1082 Eyeballs, that heavily influenced this work. 1084 8. References 1086 8.1. Normative References 1088 [I-D.ietf-taps-interface] 1089 Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G., 1090 Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T. 1091 Pauly, "An Abstract Application Layer Interface to 1092 Transport Services", Work in Progress, Internet-Draft, 1093 draft-ietf-taps-interface-05, 4 November 2019, 1094 . 1097 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1098 Requirement Levels", BCP 14, RFC 2119, 1099 DOI 10.17487/RFC2119, March 1997, 1100 . 1102 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1103 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1104 May 2017, . 1106 8.2. Informative References 1108 [I-D.ietf-taps-impl] 1109 Brunstrom, A., Pauly, T., Enghardt, T., Grinnemo, K., 1110 Jones, T., Tiesel, P., Perkins, C., and M. Welzl, 1111 "Implementing Interfaces to Transport Services", Work in 1112 Progress, Internet-Draft, draft-ietf-taps-impl-05, 4 1113 November 2019, . 1116 [I-D.ietf-taps-minset] 1117 Welzl, M. and S. Gjessing, "A Minimal Set of Transport 1118 Services for End Systems", Work in Progress, Internet- 1119 Draft, draft-ietf-taps-minset-11, 27 September 2018, 1120 . 1123 [I-D.ietf-taps-transport-security] 1124 Enghardt, T., Pauly, T., Perkins, C., Rose, K., and C. 1125 Wood, "A Survey of the Interaction Between Security 1126 Protocols and Transport Services", Work in Progress, 1127 Internet-Draft, draft-ietf-taps-transport-security-10, 17 1128 November 2019, . 1131 [POSIX] "IEEE Std. 1003.1-2008 Standard for Information Technology 1132 -- Portable Operating System Interface (POSIX). Open 1133 group Technical Standard: Base Specifications, Issue 7", 1134 2008. 1136 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, 1137 RFC 793, DOI 10.17487/RFC0793, September 1981, 1138 . 1140 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 1141 RFC 4303, DOI 10.17487/RFC4303, December 2005, 1142 . 1144 [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, 1145 DOI 10.17487/RFC6265, April 2011, 1146 . 1148 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1149 Protocol (HTTP/1.1): Message Syntax and Routing", 1150 RFC 7230, DOI 10.17487/RFC7230, June 2014, 1151 . 1153 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 1154 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 1155 DOI 10.17487/RFC7540, May 2015, 1156 . 1158 [RFC8095] Fairhurst, G., Ed., Trammell, B., Ed., and M. Kuehlewind, 1159 Ed., "Services Provided by IETF Transport Protocols and 1160 Congestion Control Mechanisms", RFC 8095, 1161 DOI 10.17487/RFC8095, March 2017, 1162 . 1164 [RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2: 1165 Better Connectivity Using Concurrency", RFC 8305, 1166 DOI 10.17487/RFC8305, December 2017, 1167 . 1169 [RFC8445] Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive 1170 Connectivity Establishment (ICE): A Protocol for Network 1171 Address Translator (NAT) Traversal", RFC 8445, 1172 DOI 10.17487/RFC8445, July 2018, 1173 . 1175 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1176 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1177 . 1179 Authors' Addresses 1181 Tommy Pauly (editor) 1182 Apple Inc. 1183 One Apple Park Way 1184 Cupertino, California 95014, 1185 United States of America 1187 Email: tpauly@apple.com 1189 Brian Trammell (editor) 1190 Google 1191 Gustav-Gull-Platz 1 1192 CH- 8004 Zurich 1193 Switzerland 1195 Email: ietf@trammell.ch 1197 Anna Brunstrom 1198 Karlstad University 1199 Universitetsgatan 2 1200 SE- 651 88 Karlstad 1201 Sweden 1203 Email: anna.brunstrom@kau.se 1204 Godred Fairhurst 1205 University of Aberdeen 1206 Fraser Noble Building 1207 Aberdeen, AB24 3UE 1209 Email: gorry@erg.abdn.ac.uk 1210 URI: http://www.erg.abdn.ac.uk/ 1212 Colin Perkins 1213 University of Glasgow 1214 School of Computing Science 1215 Glasgow G12 8QQ 1216 United Kingdom 1218 Email: csp@csperkins.org 1220 Philipp S. Tiesel 1221 TU Berlin 1222 Einsteinufer 25 1223 10587 Berlin 1224 Germany 1226 Email: philipp@tiesel.net 1228 Chris Wood 1229 Apple Inc. 1230 One Apple Park Way 1231 Cupertino, California 95014, 1232 United States of America 1234 Email: cawood@apple.com