Multiplexing Scheme Updates for QUICMicrosoft CorporationOne Microsoft WayRedmondWA98052United States of Americabernard.aboba@gmail.comCisco Systems7200-12 Kit Creek RoadResearch Triangle ParkNC27709United States of Americagsalguei@cisco.comSchool of Computing ScienceUniversity of GlasgowGlasgowG12 8QQUnited Kingdomcsp@csperkins.org
art
avtcoreRTPZRTPSTUNTURNDTLS
RFC 7983 defines a scheme for a Real-time Transport Protocol (RTP)
receiver to demultiplex Datagram Transport Layer Security (DTLS),
Session Traversal Utilities for NAT (STUN), Secure Real-time
Transport Protocol (SRTP) / Secure Real-time Transport Control
Protocol (SRTCP), ZRTP, and Traversal Using Relays around NAT (TURN)
channel packets arriving on a single port. This document updates RFC
7983 and RFC 5764 to also allow QUIC packets to be multiplexed on a
single receiving socket.Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.
Table of Contents
. Introduction
. Terminology
. Multiplexing of TURN Channels
. Updates to RFC 7983
. Security Considerations
. IANA Considerations
. References
. Normative References
. Informative References
Acknowledgments
Authors' Addresses
Introduction
"Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS)"
defines a scheme for a Real-time Transport Protocol (RTP)
receiver to demultiplex DTLS , Session Traversal
Utilities for NAT (STUN) , Secure Real-time Transport
Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP)
, ZRTP , and Traversal Using Relays around NAT
(TURN) channel packets arriving on a single port. This document
updates and "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)" to also allow QUIC to be
multiplexed on the same port.
The multiplexing scheme described in this document supports multiple
use cases. In the WebRTC scenarios described in and , SRTP transports audio and video while peer-to-peer QUIC is used for data exchange.
For this use case, SRTP
is keyed using DTLS-SRTP ; therefore, SRTP/SRTCP
, STUN, TURN, DTLS, and QUIC need to be multiplexed on the
same port. Were SRTP to be keyed using QUIC-SRTP (not yet
specified), SRTP/SRTCP, STUN, TURN, and QUIC would need to be
multiplexed on the same port. Where QUIC is used for peer-to-peer
transport of data as well as RTP/RTCP ,
STUN, TURN, and QUIC need to be multiplexed on the same port.
While the scheme described in this document is compatible with QUIC
version 2 , it is not compatible with QUIC bit
greasing . As a result, endpoints that wish to use
multiplexing on their socket MUST NOT send the grease_quic_bit
transport parameter.Terminology
The key words "MUST", "MUST NOT",
"REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be
interpreted as described in BCP 14 when, and only when, they appear in all capitals, as
shown here.
Multiplexing of TURN Channels
TURN channels are an optimization where data packets are exchanged
with a 4-byte prefix instead of the standard 36-byte STUN overhead
(see ). allocates the values from
64 to 79 in order to allow TURN channels to be demultiplexed when the
TURN client does the channel binding request in combination with the
demultiplexing scheme described in .
In the absence of QUIC bit greasing, the first octet of a QUIC packet
(e.g. a short header packet in QUIC v1 or v2) may fall in the range
64 to 127, thereby overlapping with the allocated range for TURN
channels of 64 to 79. However, in practice this overlap does not
represent a problem. TURN channel packets will only be received from
a TURN server to which TURN allocation and channel-binding requests
have been sent. Therefore, a TURN client receiving packets from the
source IP address and port of a TURN server only needs to
disambiguate STUN (i.e., regular TURN) packets from TURN channel
packets; (S)RTP, (S)RTCP, ZRTP, DTLS, or QUIC packets will not be sent
from a source IP address and port that had previously responded to
TURN allocation or channel-binding requests.
As a result, if the source IP address and port of a packet do not
match that of a responding TURN server, a packet with a first octet
of 64 to 127 can be unambiguously demultiplexed as QUIC.Updates to RFC 7983
This document updates the text in (which in
turn updates ) as follows:
OLD TEXT
The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is
in between 0 and 3 (inclusive), then the packet is STUN. If the
value is between 16 and 19 (inclusive), then the packet is ZRTP. If
the value is between 20 and 63 (inclusive), then the packet is DTLS.
If the value is between 64 and 79 (inclusive), then the packet is
TURN Channel. If the value is in between 128 and 191 (inclusive),
then the packet is RTP (or RTCP, if both RTCP and RTP are being
multiplexed over the same destination port). If the value does not
match any known range, then the packet MUST be dropped
and an alert MAY be logged. This process is summarized
in Figure 3.
+----------------+
| [0..3] -+--> forward to STUN
| |
| [16..19] -+--> forward to ZRTP
| |
packet --> | [20..63] -+--> forward to DTLS
| |
| [64..79] -+--> forward to TURN Channel
| |
| [128..191] -+--> forward to RTP/RTCP
+----------------+
Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm.
END OLD TEXTNEW TEXT
The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is
between 0 and 3 (inclusive), then the packet is STUN. If the value
is between 16 and 19 (inclusive), then the packet is ZRTP. If the
value is between 20 and 63 (inclusive), then the packet is DTLS. If
the value is between 128 and 191 (inclusive), then the packet is RTP
(or RTCP, if both RTCP and RTP are being multiplexed over the same
destination port). If the value is between 80 and 127 (inclusive)
or between 192 and 255 (inclusive), then the packet is QUIC. If the
value is between 64 and 79 (inclusive) and the packet has a source
IP address and port of a responding TURN server, then the packet
is TURN channel; if the source IP address and port are not that of
a responding TURN server, then the packet is QUIC.
If the value does not match any known range, then the packet MUST
be dropped and an alert MAY be logged. This process is summarized
in Figure 3.
+----------------+
| [0..3] -+--> forward to STUN
| |
| [4..15] -+--> DROP
| |
| [16..19] -+--> forward to ZRTP
| |
packet --> | [20..63] -+--> forward to DTLS
| |
| [64..79] -+--> forward to TURN Channel
| | (if from TURN server), else QUIC
| [80..127] -+--> forward to QUIC
| |
| [128..191] -+--> forward to RTP/RTCP
| |
| [192..255] -+--> forward to QUIC
+----------------+
Figure 3: The receiver's packet demultiplexing algorithm.
Note: Endpoints that wish to demultiplex QUIC MUST NOT send the
grease_quic_bit transport parameter, as described in .
END NEW TEXTSecurity Considerations
The solution discussed in this document could potentially introduce
some additional security issues beyond those described in .
These additional concerns are described below.
In order to support multiplexing of QUIC, this document adds logic to
the scheme defined in . If misimplemented, the logic could
potentially misclassify packets, exposing protocol handlers to
unexpected input.
When QUIC is used solely for data exchange, the TLS-within-QUIC
exchange derives keys used solely to protect QUIC data
packets. If properly implemented, this should not affect the
transport of SRTP or the derivation of SRTP keys via DTLS-SRTP.
However, if a future specification were to define use of the TLS-
within-QUIC exchange to derive SRTP keys, both transport and SRTP key
derivation could be adversely impacted by a vulnerability in the QUIC
implementation.IANA Considerations
In the "TLS ContentType" registry, IANA replaced references to with references to this document.ReferencesNormative ReferencesKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.RTP: A Transport Protocol for Real-Time ApplicationsThis memorandum describes RTP, the real-time transport protocol. RTP provides end-to-end network transport functions suitable for applications transmitting real-time data, such as audio, video or simulation data, over multicast or unicast network services. RTP does not address resource reservation and does not guarantee quality-of- service for real-time services. The data transport is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks, and to provide minimal control and identification functionality. RTP and RTCP are designed to be independent of the underlying transport and network layers. The protocol supports the use of RTP-level translators and mixers. Most of the text in this memorandum is identical to RFC 1889 which it obsoletes. There are no changes in the packet formats on the wire, only changes to the rules and algorithms governing how the protocol is used. The biggest change is an enhancement to the scalable timer algorithm for calculating when to send RTCP packets in order to minimize transmission in excess of the intended rate when many participants join a session simultaneously. [STANDARDS-TRACK]The Secure Real-time Transport Protocol (SRTP)This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, the Real-time Transport Control Protocol (RTCP). [STANDARDS-TRACK]Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)This document describes a Datagram Transport Layer Security (DTLS) extension to establish keys for Secure RTP (SRTP) and Secure RTP Control Protocol (SRTCP) flows. DTLS keying happens on the media path, independent of any out-of-band signalling channel present. [STANDARDS-TRACK]Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS)This document defines how Datagram Transport Layer Security (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using Relays around NAT (TURN), and ZRTP packets are multiplexed on a single receiving socket. It overrides the guidance from RFC 5764 ("SRTP Extension for DTLS"), which suffered from four issues described and fixed in this document.This document updates RFC 5764.Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.Session Traversal Utilities for NAT (STUN)Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with NAT traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs and does not require any special behavior from them.STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution.This document obsoletes RFC 5389.Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)If a host is located behind a NAT, it can be impossible for that host to communicate directly with other hosts (peers) in certain situations. In these situations, it is necessary for the host to use the services of an intermediate node that acts as a communication relay. This specification defines a protocol, called "Traversal Using Relays around NAT" (TURN), that allows the host to control the operation of the relay and to exchange packets with its peers using the relay. TURN differs from other relay control protocols in that it allows a client to communicate with multiple peers using a single relay address.The TURN protocol was designed to be used as part of the Interactive Connectivity Establishment (ICE) approach to NAT traversal, though it can also be used without ICE.This document obsoletes RFCs 5766 and 6156.QUIC: A UDP-Based Multiplexed and Secure TransportThis document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.Using TLS to Secure QUICThis document describes how Transport Layer Security (TLS) is used to secure QUIC.The Datagram Transport Layer Security (DTLS) Protocol Version 1.3This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.This document obsoletes RFC 6347.Greasing the QUIC BitThis document describes a method for negotiating the ability to send an arbitrary value for the second-most significant bit in QUIC packets.Informative ReferencesQUIC API For Peer-to-Peer ConnectionsW3C Community Group Draft Reportcommit 50d79c0RTCQuicTransport Coming to an Origin Trial Near You (Chrome 73)ZRTP: Media Path Key Agreement for Unicast Secure RTPThis document defines ZRTP, a protocol for media path Diffie-Hellman exchange to agree on a session key and parameters for establishing unicast Secure Real-time Transport Protocol (SRTP) sessions for Voice over IP (VoIP) applications. The ZRTP protocol is media path keying because it is multiplexed on the same port as RTP and does not require support in the signaling protocol. ZRTP does not assume a Public Key Infrastructure (PKI) or require the complexity of certificates in end devices. For the media session, ZRTP provides confidentiality, protection against man-in-the-middle (MiTM) attacks, and, in cases where the signaling protocol provides end-to-end integrity protection, authentication. ZRTP can utilize a Session Description Protocol (SDP) attribute to provide discovery and authentication through the signaling channel. To provide best effort SRTP, ZRTP utilizes normal RTP/AVP (Audio-Visual Profile) profiles. ZRTP secures media sessions that include a voice media stream and can also secure media sessions that do not include voice by using an optional digital signature. This document is not an Internet Standards Track specification; it is published for informational purposes.QUIC Version 2This document specifies QUIC version 2, which is identical to QUIC version 1 except for some trivial details. Its purpose is to combat various ossification vectors and exercise the version negotiation framework. It also serves as a template for the minimum changes in any future version of QUIC.Note that "version 2" is an informal name for this proposal that indicates it is the second version of QUIC to be published as a Standards Track document. The protocol specified here uses a version number other than 2 in the wire image, in order to minimize ossification risks.RTP over QUICTechnical University MunichTechnical University MunichTencent America LLCThis document specifies a minimal mapping for encapsulating Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) packets within the QUIC protocol. It also discusses how to leverage state from the QUIC implementation in the endpoints, in order to reduce the need to exchange RTCP packets and how to implement congestion control and rate adaptation without relying on RTCP feedback.Work in ProgressAcknowledgments
We would like to thank , , , and
other participants in the IETF QUIC and AVTCORE Working Groups for
their discussion of the QUIC multiplexing issue, and their input
relating to potential solutions.Authors' AddressesMicrosoft CorporationOne Microsoft WayRedmondWA98052United States of Americabernard.aboba@gmail.comCisco Systems7200-12 Kit Creek RoadResearch Triangle ParkNC27709United States of Americagsalguei@cisco.comSchool of Computing ScienceUniversity of GlasgowGlasgowG12 8QQUnited Kingdomcsp@csperkins.org