idnits 2.17.1 draft-thomson-rtcweb-consent-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (November 20, 2013) is 3809 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-13) exists of draft-ietf-rtcweb-data-channel-06 == Outdated reference: A later version (-05) exists of draft-ietf-tls-applayerprotoneg-03 == Outdated reference: A later version (-09) exists of draft-ietf-tsvwg-sctp-dtls-encaps-02 ** Obsolete normative reference: RFC 5245 (Obsoleted by RFC 8445, RFC 8839) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-03) exists of draft-ietf-avtcore-srtp-ekt-01 -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) Summary: 2 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 RTCWEB M. Thomson 3 Internet-Draft Mozilla 4 Intended status: Standards Track D. Wing 5 Expires: May 24, 2014 C. Jennings 6 Cisco 7 November 20, 2013 9 Gaining and Maintaining Consent for Real-Time Applications 10 draft-thomson-rtcweb-consent-00 12 Abstract 14 This document describes how DTLS provides a WebRTC application a 15 clear indication that a receiver is willing to receive packets. 16 Mechanisms are described for maintaining that consent are described. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on May 24, 2014. 35 Copyright Notice 37 Copyright (c) 2013 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 1.1. Conventions and Terminology . . . . . . . . . . . . . . . 2 54 2. Obtaining and Maintaining Receive Consent . . . . . . . . . . 2 55 2.1. Consent in WebRTC . . . . . . . . . . . . . . . . . . . . 3 56 2.2. The Role of ICE . . . . . . . . . . . . . . . . . . . . . 3 57 2.3. Relationship with Connection Liveness . . . . . . . . . . 4 58 3. Application Layer Protocol Identifiers . . . . . . . . . . . 4 59 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 60 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 61 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 62 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 64 7.2. Informative References . . . . . . . . . . . . . . . . . 6 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 67 1. Introduction 69 In addition to establishing connectivity, Interactive Connectivity 70 Establishment (ICE) [RFC5245] has been used in real-time applications 71 to establish that a peer is willing to receive packets. 73 This document describes how Datagram Transport Layer Security (DTLS) 74 [RFC6347] is sufficient for establishing consent to receive packets, 75 plus how this consent can be continuously refreshed. 77 This also uses Application-Layer Protocol Negotiation (ALPN) 78 [I-D.ietf-tls-applayerprotoneg] to restrict that consent to specific 79 uses. Application protocol tokens are defined for the Real-Time 80 Protocol (RTP) [RFC3550] over DTLS-SRTP [RFC5764], WebRTC data 81 channels [I-D.ietf-rtcweb-data-channel] and a multiplexed combination 82 of these two protocols. 84 1.1. Conventions and Terminology 86 At times, this document falls back on shorthands for establishing 87 interoperability requirements on implementations: the capitalized 88 words "MUST", "SHOULD" and "MAY". These terms are defined in 89 [RFC2119]. 91 2. Obtaining and Maintaining Receive Consent 93 An endpoint MUST NOT send application data (in WebRTC, RTP or SCTP 94 data) on a DTLS connection unless the receiving endpoint consents to 95 receive the data. 97 An endpoint that initiates or responds to a DTLS handshake that 98 negotiates a specific application layer protocol (see Section 3) 99 explicitly consents to receive packets containing the described 100 protocol. 102 Consent expires after a fixed amount of time. Explicit consent to 103 receive is indicated by the receiving endpoint sending authenticated 104 packets from the inverted 5-tuple. An endpoint uses the receipt of 105 packets as an indication that the remote endpoint still consents to 106 receive data. 108 Any packet received from the inverted 5-tuple refreshes consent if 109 the packet is successfully validated by the protocol's authentication 110 check (for instance, a MAC). Any DTLS message is sufficient to 111 refresh consent, since these contain a MAC. For DTLS-SRTP [RFC5764], 112 receipt of an authenticated SRTP packet is sufficient. 114 Consent is ended immediately by receipt of a an authenticated message 115 that closes the connection (for instance, a TLS fatal alert). 117 Receipt of an unauthenticated end-of-session message (e.g., TCP FIN) 118 does not indicate loss of consent. Thus, an endpoint receiving an 119 unauthenticated end-of-session message SHOULD continue sending media 120 (over connectionless transport) or attempt to re-establish the 121 connection (over connection-oriented transport) until consent expires 122 or it receives an authenticated message revoking consent. 124 2.1. Consent in WebRTC 126 WebRTC applications MUST cease transmission on a connection if they 127 have not received any valid, authenticated packets for 30 seconds. 129 WebRTC applications that intend to maintain consent MUST send an 130 authenticated packet at least every 10 seconds. If there is no 131 application data to send, the DTLS heartbeat extension [RFC6520] MUST 132 be sent to maintain consent. This reduces the probability that 133 transient network failures cause consent expiration. 135 2.2. The Role of ICE 137 Given that DTLS is used to establish and maintain consent, ICE is 138 only used to test and nominate candidate pairs. This allows for the 139 use of DTLS without ICE, though this is unlikely to work for 140 endpoints with poor connectivity. 142 If ICE is not employed, a DTLS server SHOULD use the denial of 143 service countermeasures described in Section 4.2.1 of [RFC6347]; 144 specifically the "HelloVerifyRequest" and the cookie that it carries. 146 2.3. Relationship with Connection Liveness 148 A connection is considered "live" if packets are received from a 149 remote endpoint within an application-dependent period. 151 A WebRTC application can request a notification when there are no 152 packets received for a certain period. Similarly, an application can 153 request that heartbeats are sent after an interval shorter than 10 154 seconds. These two time intervals might be controlled by the same 155 configuration item. 157 Sending heartbeats at a high rate could allow a malicious application 158 to generate congestion. A WebRTC application MUST NOT be able to 159 send heartbeats at a rate higher than 1 per second. 161 3. Application Layer Protocol Identifiers 163 The following ALPN identifiers are defined: 165 RTP (0x52 0x54 0x50): This token indicates that DTLS-SRTP [RFC5764] 166 is acceptable or selected. 168 SCTP (0x53 0x43 0x54 0x50): This token indicates that WebRTC Data 169 Channels [I-D.ietf-rtcweb-data-channel] is acceptable or accepted. 170 The DTLS record-layer carries encapsulated Stream Control 171 Transmission Protocol (SCTP) [RFC4960] packets as described in 172 [I-D.ietf-tsvwg-sctp-dtls-encaps]. 174 RTP+SCTP (0x52 0x54 0x50 0x2b 0x53 0x43 0x54 0x50): This token 175 indicates that both DTLS-SRTP [RFC5764] and WebRTC Data Channels 176 [I-D.ietf-rtcweb-data-channel] are acceptable or selected. The 177 DTLS record-layer carries encapsulated SCTP packets as described 178 in [I-D.ietf-tsvwg-sctp-dtls-encaps]; this is multiplexed with 179 SRTP [RFC3711] packets as described in [RFC5764]. 181 An application that can use a multiplexed combination of SRTP and 182 SCTP MUST select "RTP+SCTP" if it is available, even if it is not 183 using both protocols initially. This avoids any need to renegotiate 184 application layer protocols as usage needs change. 186 4. Security Considerations 188 This document defines a security mechanism. 190 Consent does not establish any bounds on the volume of packets that a 191 receiver is willing to accept. A receiver that receives packets at a 192 rate in excess of what it is willing to tolerate can close the 193 connection. If the close message is lost, this can result in 194 unwanted data being received until consent expires (i.e., 30 195 seconds). 197 SRTP is encrypted and authenticated with symmetric keys; that is, 198 both sender and receiver know the keys. With two party sessions, 199 receipt of an authenticated packet from the single remote party is a 200 strong assurance the packet came from that party. However, when a 201 session involves more than two parties, all of whom know each others 202 keys, any of those parties could have sent (or spoofed) the packet. 203 Such shared key distributions are possible with some MIKEY [RFC3830] 204 modes, Security Descriptions [RFC4568], and EKT 205 [I-D.ietf-avtcore-srtp-ekt]. 207 5. IANA Considerations 209 This document registers three identifiers in the "Application Layer 210 Protocol Negotiation (ALPN) Protocol IDs" established by 211 [I-D.ietf-tls-applayerprotoneg]. 213 Protocol: RTP over DTLS-SRTP 215 Identification Sequence: 0x52 0x54 0x50 ("RTP") 217 Specification: This document. 219 Protocol: WebRTC Data Channels 221 Identification Sequence: 0x53 0x43 0x54 0x50 ("SCTP") 223 Specification: This document. 225 Protocol: RTP over DTLS-SRTP multiplexed with WebRTC Data Channels 227 Identification Sequence: 0x52 0x54 0x50 0x2b 0x53 0x43 0x54 0x50 228 ("RTP+SCTP") 230 Specification: This document. 232 6. Acknowledgements 234 Muthu Arul Mozhi Perumal, Ram Mohan Ravindranath, Tirumaleswar Reddy, 235 and Dan Wing are the authors of the original draft that dealt with 236 managing consent. 238 7. References 240 7.1. Normative References 242 [I-D.ietf-rtcweb-data-channel] 243 Jesup, R., Loreto, S., and M. Tuexen, "RTCWeb Data 244 Channels", draft-ietf-rtcweb-data-channel-06 (work in 245 progress), October 2013. 247 [I-D.ietf-tls-applayerprotoneg] 248 Friedl, S., Popov, A., Langley, A., and S. Emile, 249 "Transport Layer Security (TLS) Application Layer Protocol 250 Negotiation Extension", draft-ietf-tls-applayerprotoneg-03 251 (work in progress), October 2013. 253 [I-D.ietf-tsvwg-sctp-dtls-encaps] 254 Tuexen, M., Stewart, R., Jesup, R., and S. Loreto, "DTLS 255 Encapsulation of SCTP Packets", draft-ietf-tsvwg-sctp- 256 dtls-encaps-02 (work in progress), October 2013. 258 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 259 Requirement Levels", BCP 14, RFC 2119, March 1997. 261 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 262 Jacobson, "RTP: A Transport Protocol for Real-Time 263 Applications", STD 64, RFC 3550, July 2003. 265 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 266 (ICE): A Protocol for Network Address Translator (NAT) 267 Traversal for Offer/Answer Protocols", RFC 5245, April 268 2010. 270 [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer 271 Security (DTLS) Extension to Establish Keys for the Secure 272 Real-time Transport Protocol (SRTP)", RFC 5764, May 2010. 274 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 275 Security Version 1.2", RFC 6347, January 2012. 277 [RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport 278 Layer Security (TLS) and Datagram Transport Layer Security 279 (DTLS) Heartbeat Extension", RFC 6520, February 2012. 281 7.2. Informative References 283 [I-D.ietf-avtcore-srtp-ekt] 284 McGrew, D. and D. Wing, "Encrypted Key Transport for 285 Secure RTP", draft-ietf-avtcore-srtp-ekt-01 (work in 286 progress), October 2013. 288 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 289 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 290 RFC 3711, March 2004. 292 [RFC3830] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and K. 293 Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830, 294 August 2004. 296 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 297 Description Protocol (SDP) Security Descriptions for Media 298 Streams", RFC 4568, July 2006. 300 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 301 4960, September 2007. 303 Authors' Addresses 305 Martin Thomson 306 Mozilla 307 Suite 300 308 650 Castro Street 309 Mountain View, CA 94041 310 US 312 Email: martin.thomson@gmail.com 314 Dan Wing 315 Cisco Systems, Inc. 316 510 McCarthy Blvd. 317 Milpitas, CA 95035 318 US 320 Phone: (408) 853 4197 321 Email: dwing@cisco.com 323 Cullen Jennings 324 Cisco 325 170 West Tasman Drive 326 San Jose, CA 95134 327 USA 329 Phone: +1 408 421-9990 330 Email: fluffy@cisco.com