rfc8835xml2.original.xml   rfc8835.xml 
<?xml version="1.0" encoding="US-ASCII"?> <?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd"> <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<?rfc toc="yes"?>
<?rfc tocompact="yes"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std"
<?rfc tocdepth="3"?> ipr="trust200902" submissionType="IETF" consensus="true" number="8835"
<?rfc tocindent="yes"?> obsoletes="" updates="" xml:lang="en" tocInclude="true" symRefs="true"
<?rfc symrefs="yes"?> sortRefs="true" version="3" docName="draft-ietf-rtcweb-transports-17">
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?> <!-- xml2rfc v2v3 conversion 2.30.0 -->
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-ietf-rtcweb-transports-17"
ipr="trust200902">
<front> <front>
<title abbrev="WebRTC Transports">Transports for WebRTC</title> <title abbrev="WebRTC Transports">Transports for WebRTC</title>
<seriesInfo name="RFC" value="8835"/>
<author fullname="Harald Alvestrand" initials="H. T." surname="Alvestrand"> <author fullname="Harald Alvestrand" initials="H." surname="Alvestrand">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<email>harald@alvestrand.no</email> <email>harald@alvestrand.no</email>
</address> </address>
</author> </author>
<date month="June" year="2020"/>
<date day="26" month="October" year="2016"/> <!-- [rfced] Please insert any keywords (beyond those that appear in
the title) for use on https://www.rfc-editor.org/search.
-->
<keyword>example</keyword>
<abstract> <abstract>
<t>This document describes the data transport protocols used by WebRTC, <t>This document describes the data transport protocols used by Web
Real-Time Communication (WebRTC),
including the protocols used for interaction with intermediate boxes including the protocols used for interaction with intermediate boxes
such as firewalls, relays and NAT boxes.</t> such as firewalls, relays, and NAT boxes.</t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section title="Introduction"> <section numbered="true" toc="default">
<t>WebRTC is a protocol suite aimed at real time multimedia exchange <name>Introduction</name>
<t>WebRTC is a protocol suite aimed at real-time multimedia exchange
between browsers, and between browsers and other entities.</t> between browsers, and between browsers and other entities.</t>
<t>WebRTC is described in the WebRTC overview document <xref target="RFC88
<t>WebRTC is described in the WebRTC overview document, <xref 25" format="default"/>, which also defines terminology used
target="I-D.ietf-rtcweb-overview"/>, which also defines terminology used
in this document, including the terms "WebRTC endpoint" and "WebRTC in this document, including the terms "WebRTC endpoint" and "WebRTC
browser".</t> browser".</t>
<t>Terminology for RTP sources is taken from <xref target="RFC7656" format
<t>Terminology for RTP sources is taken from<xref target="RFC7656"/> ="default"/>.</t>
.</t>
<t>This document focuses on the data transport protocols that are used <t>This document focuses on the data transport protocols that are used
by conforming implementations, including the protocols used for by conforming implementations, including the protocols used for
interaction with intermediate boxes such as firewalls, relays and NAT interaction with intermediate boxes such as firewalls, relays, and NAT
boxes.</t> boxes.</t>
<t>This protocol suite is intended to satisfy the security considerations
<t>This protocol suite intends to satisfy the security considerations described in the WebRTC security documents, <xref target="RFC8826" format=
described in the WebRTC security documents, <xref "default"/> and <xref target="RFC8827" format="default"/>.</t>
target="I-D.ietf-rtcweb-security"/> and <xref
target="I-D.ietf-rtcweb-security-arch"/>.</t>
<t>This document describes requirements that apply to all WebRTC <t>This document describes requirements that apply to all WebRTC
endpoints. When there are requirements that apply only to WebRTC endpoints. When there are requirements that apply only to WebRTC
browsers, this is called out explicitly.</t> browsers, this is called out explicitly.</t>
</section> </section>
<section numbered="true" toc="default">
<name>Requirements Language</name>
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t>
<section title="Requirements language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119">RFC 2119</xref>.</t>
</section> </section>
<section anchor="app-transport" numbered="true" toc="default">
<section anchor="app-transport" <name>Transport and Middlebox Specification</name>
title="Transport and Middlebox specification">
<t/> <t/>
<section numbered="true" toc="default">
<section title="System-provided interfaces"> <name>System-Provided Interfaces</name>
<t>The protocol specifications used here assume that the following <t>The protocol specifications used here assume that the following
protocols are available to the implementations of the WebRTC protocols are available to the implementations of the WebRTC
protocols:</t> protocols:</t>
<dl>
<dt>UDP <xref target="RFC0768" format="default"/>:</dt><dd>This is the
protocol assumed by
most protocol elements described.</dd>
<dt>TCP <xref target="RFC0793" format="default"/>:</dt><dd>This is use
d for HTTP/WebSockets,
as well as TURN/TLS and
ICE-TCP.</dd>
</dl>
<t>For both protocols, IPv4 and IPv6 support is assumed.</t>
<t><list style="symbols"> <!-- [rfced] As DSCP stands for "Differentiated Services Code Point", we have
<t>UDP <xref target="RFC0768"/>. This is the protocol assumed by removed instances of "code point" when it appeared after DSCP. Please let us
most protocol elements described.</t> know if any corrections are needed.
<t>TCP <xref target="RFC0793"/>. This is used for HTTP/WebSockets, A few examples:
as well as for TURN/TLS and ICE-TCP.</t>
</list></t>
<t>For both protocols, IPv4 and IPv6 support is assumed.</t> Original:
It does not assume that the DSCP codepoints will be honored, ...
<t>For UDP, this specification assumes the ability to set the DSCP A particularly hard problem is when one media transport uses multiple
code point of the sockets opened on a per-packet basis, in order to DSCP code points, ...
achieve the prioritizations described in <xref
target="I-D.ietf-tsvwg-rtcweb-qos"/> (see <xref target="s-qos"/>) when
multiple media types are multiplexed. It does not assume that the DSCP
codepoints will be honored, and does assume that they may be zeroed or
changed, since this is a local configuration issue.</t>
Current:
It does not assume that the DSCPs will be
honored ...
A particularly hard problem is when one media transport uses multiple
DSCPs, ...
-->
<t>For UDP, this specification assumes the ability to set the
Differentiated Services Code Point (DSCP) of the sockets opened on a per-
packet basis, in order to
achieve the prioritizations described in <xref target="RFC8837" format="
default"/> (see <xref target="s-qos" format="default"/> of this document) when
multiple media types are multiplexed. It does not assume that the DSCPs
will be honored and does assume that they may be zeroed or
changed, since this is a local configuration issue.</t>
<t>Platforms that do not give access to these interfaces will not be <t>Platforms that do not give access to these interfaces will not be
able to support a conforming WebRTC endpoint.</t> able to support a conforming WebRTC endpoint.</t>
<t>This specification does not assume that the implementation will <t>This specification does not assume that the implementation will
have access to ICMP or raw IP.</t> have access to ICMP or raw IP.</t>
<t>The following protocols may be used, but they can be implemented by a
<t>The following protocols may be used, but can be implemented by a WebRTC endpoint and are therefore not defined as "system-provided
WebRTC endpoint, and are therefore not defined as "system-provided
interfaces":</t> interfaces":</t>
<t><list style="symbols"> <dl>
<t>TURN - Traversal Using Relays Around NAT, <xref <dt>TURN:</dt><dd>Traversal Using Relays Around NAT <xref target="RFC57
target="RFC5766"/></t> 66" format="default"/></dd>
<dt>STUN:</dt><dd>Session Traversal Utilities for NAT <xref target="RF
<t>STUN - Session Traversal Utilities for NAT, <xref C5389" format="default"/></dd>
target="RFC5389"/></t> <dt>ICE:</dt><dd>Interactive Connectivity Establishment <xref target="
RFC8445" format="default"/></dd>
<t>ICE - Interactive Connectivity Establishment, <xref <!--[rfced] FYI: RFC 5246 has been obsoleted by RFC 8446. Per guidance from
target="I-D.ietf-ice-rfc5245bis"/></t> Adam Roach, we have update citations accordingly.
-->
<t>TLS - Transport Layer Security, <xref target="RFC5246"/></t> <dt>TLS:</dt><dd>Transport Layer Security <xref target="RFC8446" forma
t="default"/></dd>
<t>DTLS - Datagram Transport Layer Security, <xref <dt>DTLS:</dt><dd>Datagram Transport Layer Security <xref target="RFC6
target="RFC6347"/>.</t> 347" format="default"/></dd>
</list></t> </dl>
</section> </section>
<section numbered="true" toc="default">
<section title="Ability to use IPv4 and IPv6"> <name>Ability to Use IPv4 and IPv6</name>
<t>Web applications running in a WebRTC browser MUST be able to <t>Web applications running in a WebRTC browser <bcp14>MUST</bcp14> be a
utilize both IPv4 and IPv6 where available - that is, when two peers ble to
utilize both IPv4 and IPv6 where available -- that is, when two peers
have only IPv4 connectivity to each other, or they have only IPv6 have only IPv4 connectivity to each other, or they have only IPv6
connectivity to each other, applications running in the WebRTC browser connectivity to each other, applications running in the WebRTC browser
MUST be able to communicate.</t> <bcp14>MUST</bcp14> be able to communicate.</t>
<t>When TURN is used, and the TURN server has IPv4 or IPv6 <t>When TURN is used, and the TURN server has IPv4 or IPv6
connectivity to the peer or the peer's TURN server, candidates of the connectivity to the peer or the peer's TURN server, candidates of the
appropriate types MUST be supported. The "Happy Eyeballs" appropriate types <bcp14>MUST</bcp14> be supported. The "Happy Eyeballs"
specification for ICE <xref specification for ICE <xref target="RFC8421" format="default"/> <bcp14>S
target="I-D.ietf-mmusic-ice-dualstack-fairness"/> SHOULD be HOULD</bcp14> be
supported.</t> supported.</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Usage of temporary IPv6 addresses"> <name>Usage of Temporary IPv6 Addresses</name>
<t>The IPv6 default address selection specification <xref <t>The IPv6 default address selection specification <xref
target="RFC6724"/> specifies that temporary addresses <xref target="RFC6724" format="default"/> specifies that temporary addresses
target="RFC4941"/> are to be preferred over permanent addresses. This <xref target="RFC4941" format="default"/> are to be preferred over
is a change from the rules specified by <xref target="RFC3484"/>. For permanent addresses. This
is a change from the rules specified by <xref target="RFC3484" format="d
efault"/>. For
applications that select a single address, this is usually done by the applications that select a single address, this is usually done by the
IPV6_PREFER_SRC_TMP preference flag specified in <xref IPV6_PREFER_SRC_TMP preference flag specified in <xref target="RFC5014"
target="RFC5014"/>. However, this rule, which is intended to ensure format="default"/>. However, this rule, which is intended to ensure
that privacy-enhanced addresses are used in preference to static that privacy-enhanced addresses are used in preference to static
addresses, doesn't have the right effect in ICE, where all addresses addresses, doesn't have the right effect in ICE, where all addresses
are gathered and therefore revealed to the application. Therefore, the are gathered and therefore revealed to the application. Therefore, the
following rule is applied instead:</t> following rule is applied instead:</t>
<!-- [rfced] Note that we have indented the following two paragraphs to make
it clear that the "rule" is both paragraphs. Please let us know if this is
incorrect.
<t>When a WebRTC endpoint gathers all IPv6 addresses on its host, and Original (preceding sentence included for contet):
both non-deprecated temporary addresses and permanent addresses of the Therefore, the following rule is applied instead:
same scope are present, the WebRTC endpoint SHOULD discard the
When a WebRTC endpoint gathers all IPv6 addresses on its host, and
both non-deprecated temporary addresses and permanent addresses of
the same scope are present, the WebRTC endpoint SHOULD discard the
permanent addresses before exposing addresses to the application or
using them in ICE. This is consistent with the default policy
described in [RFC6724].
If some of the temporary IPv6 addresses, but not all, are marked
deprecated, the WebRTC endpoint SHOULD discard the deprecated
addresses, unless they are used by an ongoing connection. In an ICE
restart, deprecated addresses that are currently in use MAY be
retained.
-->
<ul empty="true">
<li><t>When a WebRTC endpoint gathers all IPv6 addresses on its host, an
d
both nondeprecated temporary addresses and permanent addresses of the
same scope are present, the WebRTC endpoint <bcp14>SHOULD</bcp14> discar
d the
permanent addresses before exposing addresses to the application or permanent addresses before exposing addresses to the application or
using them in ICE. This is consistent with the default policy using them in ICE. This is consistent with the default policy
described in <xref target="RFC6724"/>.</t> described in <xref target="RFC6724" format="default"/>.</t>
<t>If some, but not all, of the temporary IPv6 addresses are marked
<t>If some of the temporary IPv6 addresses, but not all, are marked deprecated, the WebRTC endpoint <bcp14>SHOULD</bcp14> discard the deprec
deprecated, the WebRTC endpoint SHOULD discard the deprecated ated
addresses, unless they are used by an ongoing connection. In an ICE addresses, unless they are used by an ongoing connection. In an ICE
restart, deprecated addresses that are currently in use MAY be restart, deprecated addresses that are currently in use <bcp14>MAY</bcp1
retained.</t> 4> be
retained.</t></li>
</ul>
</section> </section>
<section anchor="s-middlebox" numbered="true" toc="default">
<section anchor="s-middlebox" title="Middle box related functions"> <name>Middlebox-Related Functions</name>
<t>The primary mechanism to deal with middle boxes is ICE, which is an <t>The primary mechanism for dealing with middleboxes is ICE, which is a
n
appropriate way to deal with NAT boxes and firewalls that accept appropriate way to deal with NAT boxes and firewalls that accept
traffic from the inside, but only from the outside if it is in traffic from the inside, but only from the outside if it is in
response to inside traffic (simple stateful firewalls).</t> response to inside traffic (simple stateful firewalls).</t>
<t>ICE <xref target="RFC8445" format="default"/> <bcp14>MUST</bcp14> be
<t>ICE <xref target="I-D.ietf-ice-rfc5245bis"/> MUST be supported. The supported. The
implementation MUST be a full ICE implementation, not ICE-Lite. A full implementation <bcp14>MUST</bcp14> be a full ICE implementation, not ICE
-Lite. A full
ICE implementation allows interworking with both ICE and ICE-Lite ICE implementation allows interworking with both ICE and ICE-Lite
implementations when they are deployed appropriately.</t> implementations when they are deployed appropriately.</t>
<t>In order to deal with situations where both parties are behind NATs <t>In order to deal with situations where both parties are behind NATs
of the type that perform endpoint-dependent mapping (as defined in of the type that perform endpoint-dependent mapping (as defined in
<xref target="RFC5128"/> section 2.4), TURN <xref target="RFC5766"/> <xref target="RFC5128" sectionFormat="comma" section="2.4" />), TURN <xr
MUST be supported.</t> ef target="RFC5766" format="default"/>
<bcp14>MUST</bcp14> be supported.</t>
<t>WebRTC browsers MUST support configuration of STUN and TURN <t>WebRTC browsers <bcp14>MUST</bcp14> support configuration of STUN and
servers, both from browser configuration and from an application.</t> TURN
servers, from both browser configuration and an application.</t>
<t>Note that there is other work around STUN and TURN sever discovery <t>Note that other work exists around STUN and TURN server discovery
and management, including <xref and management, including <xref target="RFC8155" format="default"/> for
target="I-D.ietf-tram-turn-server-discovery"/> for server discovery, server discovery,
as well as <xref target="I-D.ietf-rtcweb-return"/>.</t> as well as <xref target="I-D.ietf-rtcweb-return" format="default"/>.</t>
<t>In order to deal with firewalls that block all UDP traffic, the <t>In order to deal with firewalls that block all UDP traffic, the
mode of TURN that uses TCP between the WebRTC endpoint and the TURN mode of TURN that uses TCP between the WebRTC endpoint and the TURN
server MUST be supported, and the mode of TURN that uses TLS over TCP server <bcp14>MUST</bcp14> be supported, and the mode of TURN that uses
between the WebRTC endpoint and the TURN server MUST be supported. See TLS over TCP
<xref target="RFC5766"/> section 2.1 for details.</t> between the WebRTC endpoint and the TURN server <bcp14>MUST</bcp14> be s
upported. See
<xref target="RFC5766" sectionFormat="of" section="2.1"/>, for details.<
/t>
<t>In order to deal with situations where one party is on an IPv4 <t>In order to deal with situations where one party is on an IPv4
network and the other party is on an IPv6 network, TURN extensions for network and the other party is on an IPv6 network, TURN extensions for
IPv6 <xref target="RFC6156"/> MUST be supported.</t> IPv6 <xref target="RFC6156" format="default"/> <bcp14>MUST</bcp14> be su
pported.</t>
<t>TURN TCP candidates, where the connection from the WebRTC <t>TURN TCP candidates, where the connection from the WebRTC
endpoint's TURN server to the peer is a TCP connection, <xref endpoint's TURN server to the peer is a TCP connection, <xref target="RF
target="RFC6062"/> MAY be supported.</t> C6062" format="default"/> <bcp14>MAY</bcp14> be supported.</t>
<t>However, such candidates are not seen as providing any significant <t>However, such candidates are not seen as providing any significant
benefit, for the following reasons.</t> benefit, for the following reasons.</t>
<!--[rfced] In the following sentence, should PeerConnection be
"RTCPeerConnection"?
Original:
First, use of TURN TCP candidates would only be relevant in cases
which both peers are required to use TCP to establish a
PeerConnection.
Perhaps:
First, use of TURN TCP candidates would only be relevant in cases
where both peers are required to use TCP to establish a
peer connection.
-->
<t>First, use of TURN TCP candidates would only be relevant in cases <t>First, use of TURN TCP candidates would only be relevant in cases
which both peers are required to use TCP to establish a where both peers are required to use TCP to establish a
PeerConnection.</t> PeerConnection.</t>
<t>Second, that use case is supported in a different way by both sides <t>Second, that use case is supported in a different way by both sides
establishing UDP relay candidates using TURN over TCP to connect to establishing UDP relay candidates using TURN over TCP to connect to
their respective relay servers.</t> their respective relay servers.</t>
<t>Third, using TCP between the WebRTC endpoint's TURN server and the <t>Third, using TCP between the WebRTC endpoint's TURN server and the
peer may result in more performance problems than using UDP, e.g. due peer may result in more performance problems than using UDP, e.g., due
to head of line blocking.</t> to head of line blocking.</t>
<t>ICE-TCP candidates <xref target="RFC6544" format="default"/> <bcp14>M
<t>ICE-TCP candidates <xref target="RFC6544"/> MUST be supported; this UST</bcp14> be supported; this
may allow applications to communicate to peers with public IP may allow applications to communicate to peers with public IP
addresses across UDP-blocking firewalls without using a TURN addresses across UDP-blocking firewalls without using a TURN
server.</t> server.</t>
<t>If TCP connections are used, RTP framing according to <xref target="R
<t>If TCP connections are used, RTP framing according to <xref FC4571" format="default"/> <bcp14>MUST</bcp14> be used for all packets. This inc
target="RFC4571"/> MUST be used for all packets. This includes the RTP ludes the RTP
packets, DTLS packets used to carry data channels, and STUN packets, DTLS packets used to carry data channels, and STUN
connectivity check packets.</t> connectivity check packets.</t>
<t>The ALTERNATE-SERVER mechanism specified in <xref <t>The ALTERNATE-SERVER mechanism specified in <xref
target="RFC5389"/> (STUN) section 11 (300 Try Alternate) MUST be target="RFC5389" sectionFormat="of" section="11"/> (300 Try Alternate) <b cp14>MUST</bcp14> be
supported.</t> supported.</t>
<t>The WebRTC endpoint <bcp14>MAY</bcp14> support accessing the Internet
<t>The WebRTC endpoint MAY support accessing the Internet through an through an
HTTP proxy. If it does so, it MUST include the "ALPN" header as HTTP proxy. If it does so, it <bcp14>MUST</bcp14> include the "ALPN" hea
specified in <xref target="RFC7639"/>, and proxy authentication as der as
described in Section 4.3.6 of <xref target="RFC7231"/> and <xref specified in <xref target="RFC7639" format="default"/>, and proxy authen
target="RFC7235"/> MUST also be supported.</t> tication as
described in <xref target="RFC7231"
sectionFormat="of" section="4.3.6"/> and <xref target="RFC7235" format="d
efault"/> <bcp14>MUST</bcp14> also be supported.</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Transport protocols implemented"> <name>Transport Protocols Implemented</name>
<t>For transport of media, secure RTP is used. The details of the <t>For transport of media, secure RTP is used. The details of the
profile of RTP used are described in "RTP Usage" <xref RTP profile used are described in "Media Transport and Use of RTP in Web
target="I-D.ietf-rtcweb-rtp-usage"/>, which mandates the use of a RTC" <xref target="RFC8834" format="default"/>, which mandates the use of a
circuit breaker <xref target="I-D.ietf-avtcore-rtp-circuit-breakers"/> circuit breaker <xref target="RFC8083" format="default"/>
and congstion control (see <xref and congestion control (see <xref target="RFC8836" format="default"/> fo
target="I-D.ietf-rmcat-cc-requirements"/> for further guidance).</t> r further guidance).</t>
<t>Key exchange <bcp14>MUST</bcp14> be done using DTLS-SRTP, as describe
<t>Key exchange MUST be done using DTLS-SRTP, as described in <xref d in <xref target="RFC8827" format="default"/>.</t>
target="I-D.ietf-rtcweb-security-arch"/>.</t>
<t>For data transport over the WebRTC data channel <xref <t>For data transport over the WebRTC data channel <xref target="RFC8831
target="I-D.ietf-rtcweb-data-channel"/>, WebRTC endpoints MUST support " format="default"/>, WebRTC endpoints <bcp14>MUST</bcp14> support
SCTP over DTLS over ICE. This encapsulation is specified in <xref SCTP over DTLS over ICE. This encapsulation is specified in <xref target
target="I-D.ietf-tsvwg-sctp-dtls-encaps"/>. Negotiation of this ="RFC8261" format="default"/>. Negotiation of this
transport in SDP is defined in <xref <!--[rfced] To what does "NDATA" refer? We don't see NDATA appear in RFC
target="I-D.ietf-mmusic-sctp-sdp"/>. The SCTP extension for NDATA, 8260. Should this refer to "I-DATA" instead?
<xref target="I-D.ietf-tsvwg-sctp-ndata"/>, MUST be supported.</t>
<t>The setup protocol for WebRTC data channels described in <xref Original:
target="I-D.ietf-rtcweb-data-protocol"/> MUST be supported.</t> The SCTP extension for NDATA, [I-D.ietf-tsvwg-sctp-ndata], MUST be supported.
-->
transport in the Session Description Protocol (SDP) is defined in <xref
target="RFC8841" format="default"/>. The SCTP extension for NDATA
<xref target="RFC8260" format="default"/> <bcp14>MUST</bcp14> be support
ed.</t>
<t>The setup protocol for WebRTC data channels described in <xref target
="RFC8832" format="default"/> <bcp14>MUST</bcp14> be supported.</t>
<!--[rfced] The cited section does not exist in the referenced RFC nor in the
currect document. Please verify the correct reference location.
<t>Note: DTLS-SRTP as defined in <xref target="RFC5764"/> section Original:
6.7.1 defines the interaction between DTLS and ICE ( <xref Note: DTLS-SRTP as defined in [RFC5764] section 6.7.1 defines the
target="I-D.ietf-ice-rfc5245bis"/>). The effect of this specification interaction between DTLS and ICE ( [I-D.ietf-ice-rfc5245bis]).
-->
<aside><t>Note: DTLS-SRTP as defined in <xref target="RFC5764"
sectionFormat="of" section="6.7.1"/> defines the interaction between DTLS
and ICE <xref target="RFC8445" format="default"/>. The effect of this specifica
tion
is that all ICE candidate pairs associated with a single component are is that all ICE candidate pairs associated with a single component are
part of the same DTLS association. Thus, there will only be one DTLS part of the same DTLS association. Thus, there will only be one DTLS
handshake even if there are multiple valid candidate pairs.</t> handshake, even if there are multiple valid candidate pairs.</t>
<t>WebRTC endpoints <bcp14>MUST</bcp14> support multiplexing of DTLS and
<t>WebRTC endpoints MUST support multiplexing of DTLS and RTP over the RTP over the
same port pair, as described in the DTLS-SRTP specification <xref same port pair, as described in the DTLS-SRTP specification <xref
target="RFC5764"/>, section 5.1.2, with clarifications in <xref target="RFC5764" sectionFormat="comma" section="5.1.2"/>, with clarificat
target="I-D.ietf-avtcore-rfc5764-mux-fixes"/>. All application layer ions in <xref target="RFC7983" format="default"/>. All application-layer
protocol payloads over this DTLS connection are SCTP packets.</t> protocol payloads over this DTLS connection are SCTP packets.</t>
<t>Protocol identification <bcp14>MUST</bcp14> be supplied as part of th
<t>Protocol identification MUST be supplied as part of the DTLS e DTLS
handshake, as specified in <xref target="I-D.ietf-rtcweb-alpn"/>.</t> handshake, as specified in <xref target="RFC8833" format="default"/>.</t
></aside>
</section> </section>
</section> </section>
<section numbered="true" toc="default">
<section title="Media Prioritization"> <name>Media Prioritization</name>
<t>The WebRTC prioritization model is that the application tells the <t>In the WebRTC prioritization model, the application tells the
WebRTC endpoint about the priority of media and data that is controlled WebRTC endpoint about the priority of media and data that is controlled
from the API.</t> from the API.</t>
<t>In this context, a "flow" is used for the units that are given a <t>In this context, a "flow" is used for the units that are given a
specific priority through the WebRTC API.</t> specific priority through the WebRTC API.</t>
<t>For media, a "media flow", which can be an "audio flow" or a "video <t>For media, a "media flow", which can be an "audio flow" or a "video
flow", is what <xref target="RFC7656"/> calls a "media source", which flow", is what <xref target="RFC7656" format="default"/> calls a "media so urce", which
results in a "source RTP stream" and one or more "redundancy RTP results in a "source RTP stream" and one or more "redundancy RTP
streams". This specification does not describe prioritization between streams". This specification does not describe prioritization between
the RTP streams that come from a single "media source".</t> the RTP streams that come from a single media source.</t>
<t>All media flows in WebRTC are assumed to be interactive, as defined <t>All media flows in WebRTC are assumed to be interactive, as defined
in <xref target="RFC4594"/>; there is no browser API support for in <xref target="RFC4594" format="default"/>; there is no browser API supp
indicating whether media is interactive or non-interactive.</t> ort for
indicating whether media is interactive or noninteractive.</t>
<t>A "data flow" is the outgoing data on a single WebRTC data <t>A "data flow" is the outgoing data on a single WebRTC data
channel.</t> channel.</t>
<t>The priority associated with a media flow or data flow is classified <t>The priority associated with a media flow or data flow is classified
as "very-low", "low", "medium or "high". There are only four priority as "very-low", "low", "medium", or "high". There are only four priority
levels at the API.</t> levels in the API.</t>
<t>The priority settings affect two pieces of behavior: packet send
<t>The priority settings affect two pieces of behavior: Packet send
sequence decisions and packet markings. Each is described in its own sequence decisions and packet markings. Each is described in its own
section below.</t> section below.</t>
<section numbered="true" toc="default">
<section title="Local prioritization"> <name>Local Prioritization</name>
<t>Local prioritization is applied at the local node, before the <t>Local prioritization is applied at the local node, before the
packet is sent. This means that the prioritization has full access to packet is sent. This means that the prioritization has full access to
the data about the individual packets, and can choose differing the data about the individual packets and can choose differing
treatment based on the stream a packet belongs to.</t> treatment based on the stream a packet belongs to.</t>
<t>When a WebRTC endpoint has packets to send on multiple streams
<t>When an WebRTC endpoint has packets to send on multiple streams that are congestion controlled under the same congestion control
that are congestion-controlled under the same congestion control regime, the WebRTC endpoint <bcp14>SHOULD</bcp14> cause data to be emitt
regime, the WebRTC endpoint SHOULD cause data to be emitted in such a ed in such a
way that each stream at each level of priority is being given way that each stream at each level of priority is being given
approximately twice the transmission capacity (measured in payload approximately twice the transmission capacity (measured in payload
bytes) of the level below.</t> bytes) of the level below.</t>
<t>Thus, when congestion occurs, a high-priority flow will have the
<t>Thus, when congestion occurs, a "high" priority flow will have the ability to send 8 times as much data as a very-low-priority flow if
ability to send 8 times as much data as a "very-low" priority flow if
both have data to send. This prioritization is independent of the both have data to send. This prioritization is independent of the
media type. The details of which packet to send first are media type. The details of which packet to send first are
implementation defined.</t> implementation defined.</t>
<t>For example, if there is a high-priority audio flow sending
<t>For example: If there is a high priority audio flow sending 100 100-byte packets and a low-priority video flow sending 1000-byte
byte packets, and a low priority video flow sending 1000 byte packets, packets, and outgoing capacity exists for sending &gt; 5000 payload bytes
and outgoing capacity exists for sending &gt;5000 payload bytes, it , it
would be appropriate to send 4000 bytes (40 packets) of audio and 1000 would be appropriate to send 4000 bytes (40 packets) of audio and 1000
bytes (one packet) of video as the result of a single pass of sending bytes (one packet) of video as the result of a single pass of sending
decisions.</t> decisions.</t>
<t>Conversely, if the audio flow is marked low priority and the video <t>Conversely, if the audio flow is marked low priority and the video
flow is marked high priority, the scheduler may decide to send 2 video flow is marked high priority, the scheduler may decide to send 2 video
packets (2000 bytes) and 5 audio packets (500 bytes) when outgoing packets (2000 bytes) and 5 audio packets (500 bytes) when outgoing
capacity exists for sending &gt; 2500 payload bytes.</t> capacity exists for sending &gt; 2500 payload bytes.</t>
<t>If there are two high-priority audio flows, each will be able to
<t>If there are two high priority audio flows, each will be able to send 4000 bytes in the same period where a low-priority video flow is
send 4000 bytes in the same period where a low priority video flow is
able to send 1000 bytes.</t> able to send 1000 bytes.</t>
<t>Two example implementation strategies are:</t> <t>Two example implementation strategies are:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>When the available bandwidth is known from the congestion
<t>When the available bandwidth is known from the congestion
control algorithm, configure each codec and each data channel with control algorithm, configure each codec and each data channel with
a target send rate that is appropriate to its share of the a target send rate that is appropriate to its share of the
available bandwidth.</t> available bandwidth.</li>
<li>When congestion control indicates that a specified number of
<t>When congestion control indicates that a specified number of
packets can be sent, send packets that are available to send using packets can be sent, send packets that are available to send using
a weighted round robin scheme across the connections.</t> a weighted round-robin scheme across the connections.</li>
</list>Any combination of these, or other schemes that have the same </ul>
<t>Any combination of these, or other schemes that have the same
effect, is valid, as long as the distribution of transmission capacity effect, is valid, as long as the distribution of transmission capacity
is approximately correct.</t> is approximately correct.</t>
<t>For media, it is usually inappropriate to use deep queues for <t>For media, it is usually inappropriate to use deep queues for
sending; it is more useful to, for instance, skip intermediate frames sending; it is more useful to, for instance, skip intermediate frames
that have no dependencies on them in order to achieve a lower bitrate. that have no dependencies on them in order to achieve a lower bitrate.
For reliable data, queues are useful.</t> For reliable data, queues are useful.</t>
<t>Note that this specification doesn't dictate when disparate streams <t>Note that this specification doesn't dictate when disparate streams
are to be "congestion controlled under the same congestion control are to be "congestion controlled under the same congestion control
regime". The issue of coupling congestion controllers is explored regime". The issue of coupling congestion controllers is explored
further in <xref target="I-D.ietf-rmcat-coupled-cc"/>.</t> further in <xref target="RFC8699" format="default"/>.</t>
</section> </section>
<section anchor="s-qos" numbered="true" toc="default">
<section anchor="s-qos" <name>Usage of Quality of Service -- DSCP and Multiplexing</name>
title="Usage of Quality of Service - DSCP and Multiplexing">
<t>When the packet is sent, the network will make decisions about <t>When the packet is sent, the network will make decisions about
queueing and/or discarding the packet that can affect the quality of queueing and/or discarding the packet that can affect the quality of
the communication. The sender can attempt to set the DSCP field of the the communication. The sender can attempt to set the DSCP field of the
packet to influence these decisions.</t> packet to influence these decisions.</t>
<t>Implementations <bcp14>SHOULD</bcp14> attempt to set QoS on the packe
<t>Implementations SHOULD attempt to set QoS on the packets sent, ts sent,
according to the guidelines in <xref according to the guidelines in <xref target="RFC8837" format="default"/>
target="I-D.ietf-tsvwg-rtcweb-qos"/>. It is appropriate to depart from . It is appropriate to depart from
this recommendation when running on platforms where QoS marking is not this recommendation when running on platforms where QoS marking is not
implemented.</t> implemented.</t>
<t>The implementation <bcp14>MAY</bcp14> turn off use of DSCP markings i
<t>The implementation MAY turn off use of DSCP markings if it detects f it detects
symptoms of unexpected behaviour like priority inversion or blocking symptoms of unexpected behavior such as priority inversion or blocking
of packets with certain DSCP markings. Some examples of such behaviors of packets with certain DSCP markings. Some examples of such behaviors
are described in <xref target="ANRW16"/>. The detection of these are described in <xref target="ANRW16" format="default"/>. The detection of these
conditions is implementation dependent.</t> conditions is implementation dependent.</t>
<t>A particularly hard problem is when one media transport uses <t>A particularly hard problem is when one media transport uses
multiple DSCP code points, where one may be blocked and another may be multiple DSCPs, where one may be blocked and another may be
allowed. This is allowed even within a single media flow for video in allowed. This is allowed even within a single media flow for video in
<xref target="I-D.ietf-tsvwg-rtcweb-qos"/>. Implementations need to <xref target="RFC8837" format="default"/>. Implementations need to
diagnose this scenario; one possible implementation is to send initial diagnose this scenario; one possible implementation is to send initial
ICE probes with DSCP 0, and send ICE probes on all the DSCP code ICE probes with DSCP 0, and send ICE probes on all the DSCPs
points that are intended to be used once a candidate pair has been that are intended to be used once a candidate pair has been
selected. If one or more of the DSCP-marked probes fail, the sender selected. If one or more of the DSCP-marked probes fail, the sender
will switch the media type to using DSCP 0. This can be carried out will switch the media type to using DSCP 0. This can be carried out
simultaneously with the initial media traffic; on failure, the initial simultaneously with the initial media traffic; on failure, the initial
data may need to be resent. This switch will of course invalidate any data may need to be resent. This switch will, of course, invalidate any
congestion information gathered up to that point.</t> congestion information gathered up to that point.</t>
<t>Failures can also start happening during the lifetime of the call; <t>Failures can also start happening during the lifetime of the call;
this case is expected to be rarer, and can be handled by the normal this case is expected to be rarer and can be handled by the normal
mechanisms for transport failure, which may involve an ICE mechanisms for transport failure, which may involve an ICE
restart.</t> restart.</t>
<t>Note that when a DSCP causes nondelivery, one has to
<t>Note that when a DSCP code point causes non-delivery, one has to
switch the whole media flow to DSCP 0, since all traffic for a single switch the whole media flow to DSCP 0, since all traffic for a single
media flow needs to be on the same queue for congestion control media flow needs to be on the same queue for congestion control
purposes. Other flows on the same transport, using different DSCP code purposes. Other flows on the same transport, using different DSCPs, don'
points, don't need to change.</t> t need to change.</t>
<t>All packets carrying data from the SCTP association supporting the <t>All packets carrying data from the SCTP association supporting the
data channels MUST use a single DSCP code point. The code point used data channels <bcp14>MUST</bcp14> use a single DSCP. The code point used
SHOULD be that recommended by <xref <bcp14>SHOULD</bcp14> be that recommended by <xref target="RFC8837" form
target="I-D.ietf-tsvwg-rtcweb-qos"/> for the highest priority data at="default"/> for the highest-priority data
channel carried. Note that this means that all data packets, no matter channel carried. Note that this means that all data packets, no matter
what their relative priority is, will be treated the same by the what their relative priority is, will be treated the same by the
network.</t> network.</t>
<t>All packets on one TCP connection, no matter what it carries, <bcp14>
<t>All packets on one TCP connection, no matter what it carries, MUST MUST</bcp14>
use a single DSCP code point.</t> use a single DSCP.</t>
<t>More advice on the use of DSCPs with RTP, as well as the
<t>More advice on the use of DSCP code points with RTP and on the relationship between DSCP and congestion control, is given in <xref targ
relationship between DSCP and congestion control is given in <xref et="RFC7657" format="default"/>.</t>
target="RFC7657"/>.</t> <!-- start here -->
<t>There exist a number of schemes for achieving quality of service <t>There exist a number of schemes for achieving quality of service
that do not depend solely on DSCP code points. Some of these schemes that do not depend solely on DSCPs. Some of these schemes
depend on classifying the traffic into flows based on 5-tuple (source depend on classifying the traffic into flows based on 5-tuple (source
address, source port, protocol, destination address, destination port) address, source port, protocol, destination address, destination port)
or 6-tuple (5-tuple + DSCP code point). Under differing conditions, it or 6-tuple (5-tuple + DSCP). Under differing conditions, it
may therefore make sense for a sending application to choose any of may therefore make sense for a sending application to choose any of
the configurations:</t> the following configurations:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>Each media stream carried on its own 5-tuple</li>
<t>Each media stream carried on its own 5-tuple</t> <li>Media streams grouped by media type into 5-tuples (such as
carrying all audio on one 5-tuple)</li>
<t>Media streams grouped by media type into 5-tuples (such as <li>All media sent over a single 5-tuple, with or without
carrying all audio on one 5-tuple)</t> differentiation into 6-tuples based on DSCPs</li>
</ul>
<t>All media sent over a single 5-tuple, with or without <t>In each of the configurations mentioned, data channels may be
differentiation into 6-tuples based on DSCP code points</t> carried in their own 5-tuples or multiplexed together with one of the
</list>In each of the configurations mentioned, data channels may be
carried in its own 5-tuple, or multiplexed together with one of the
media flows.</t> media flows.</t>
<t>More complex configurations, such as sending a high-priority video
<t>More complex configurations, such as sending a high priority video
stream on one 5-tuple and sending all other video streams multiplexed stream on one 5-tuple and sending all other video streams multiplexed
together over another 5-tuple, can also be envisioned. More together over another 5-tuple, can also be envisioned. More
information on mapping media flows to 5-tuples can be found in <xref information on mapping media flows to 5-tuples can be found in <xref tar
target="I-D.ietf-rtcweb-rtp-usage"/>.</t> get="RFC8834" format="default"/>.</t>
<t>A sending implementation <bcp14>MUST</bcp14> be able to support the f
<t>A sending implementation MUST be able to support the following ollowing
configurations:</t> configurations:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>Multiplex all media and data on a single 5-tuple (fully
<t>Multiplex all media and data on a single 5-tuple (fully bundled)</li>
bundled)</t> <li>Send each media stream on its own 5-tuple and data on its own
5-tuple (fully unbundled)</li>
<t>Send each media stream on its own 5-tuple and data on its own </ul>
5-tuple (fully unbundled)</t> <t>The sending implementation <bcp14>MAY</bcp14> choose to support other
</list>It MAY choose to support other configurations, such as configurations, such as
bundling each media type (audio, video or data) into its own 5-tuple bundling each media type (audio, video, or data) into its own 5-tuple
(bundling by media type).</t> (bundling by media type).</t>
<t>Sending data channel data over multiple 5-tuples is not <t>Sending data channel data over multiple 5-tuples is not
supported.</t> supported.</t>
<t>A receiving implementation <bcp14>MUST</bcp14> be able to receive med
<t>A receiving implementation MUST be able to receive media and data ia and data
in all these configurations.</t> in all these configurations.</t>
</section> </section>
</section> </section>
<section anchor="IANA" numbered="true" toc="default">
<section anchor="IANA" title="IANA Considerations"> <name>IANA Considerations</name>
<t>This document makes no request of IANA.</t> <t>This document has no IANA actions.</t>
<t>Note to RFC Editor: this section may be removed on publication as an
RFC.</t>
</section> </section>
<section anchor="Security" numbered="true" toc="default">
<section anchor="Security" title="Security Considerations"> <name>Security Considerations</name>
<t>RTCWEB security considerations are enumerated in <xref <t>WebRTC security considerations are enumerated in <xref target="RFC8826"
target="I-D.ietf-rtcweb-security"/>.</t> format="default"/>.</t>
<t>Security considerations pertaining to the use of DSCP are enumerated <t>Security considerations pertaining to the use of DSCP are enumerated
in <xref target="I-D.ietf-tsvwg-rtcweb-qos"/>.</t> in <xref target="RFC8837" format="default"/>.</t>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>This document is based on earlier versions embedded in <xref
target="I-D.ietf-rtcweb-overview"/>, which were the results of
contributions from many RTCWEB WG members.</t>
<t>Special thanks for reviews of earlier versions of this draft go to
Eduardo Gueiros, Magnus Westerlund, Markus Isomaki and Dan Wing; the
contributions from Andrew Hutton also deserve special mention.</t>
</section> </section>
</middle> </middle>
<back> <back>
<references title="Normative References"> <displayreference target="I-D.ietf-rtcweb-return" to="RETURN"/>
<?rfc include='reference.RFC.2119'?> <references>
<name>References</name>
<?rfc include='reference.RFC.0768'?> <references>
<name>Normative References</name>
<?rfc include='reference.RFC.0793'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.2119.xml"/>
<?rfc include='reference.RFC.4571'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8174.xml"/>
<?rfc include='reference.RFC.4594'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.0768.xml"/>
<?rfc include='reference.RFC.4941'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.0793.xml"/>
<?rfc include='reference.RFC.5246'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.4571.xml"/>
<?rfc include='reference.RFC.5389'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.4594.xml"/>
<?rfc include='reference.RFC.5764'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.4941.xml"/>
<?rfc include='reference.RFC.5766'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8446.xml"/>
<?rfc include='reference.RFC.6062'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.5389.xml"/>
<?rfc include='reference.RFC.6156'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.5764.xml"/>
<?rfc include='reference.RFC.6347'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.5766.xml"/>
<?rfc include='reference.RFC.6544'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6062.xml"/>
<?rfc include='reference.RFC.6724'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6156.xml"/>
<?rfc include='reference.RFC.7231'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6347.xml"/>
<?rfc include='reference.RFC.7235'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6544.xml"/>
<?rfc include='reference.RFC.7639'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6724.xml"/>
<?rfc include='reference.RFC.7656'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7231.xml"/>
<?rfc include='reference.I-D.ietf-rtcweb-overview'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7235.xml"/>
<?rfc include='reference.I-D.ietf-avtcore-rtp-circuit-breakers'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7639.xml"/>
<?rfc include='reference.I-D.ietf-rmcat-cc-requirements'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7656.xml"/>
<?rfc include='reference.I-D.ietf-rtcweb-security'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8260.xml"/>
<?rfc include='reference.I-D.ietf-rtcweb-rtp-usage'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8261.xml"/>
<?rfc include='reference.I-D.ietf-rtcweb-data-channel'?> <!-- draft-ietf-rtcweb-overview: RFC 8825 -->
<reference anchor="RFC8825" target="https://www.rfc-editor.org/info/rfc8825">
<?rfc include='reference.I-D.ietf-rtcweb-data-protocol'?> <front>
<title>Overview: Real-Time Protocols for Browser-Based Applications</title>
<?rfc include='reference.I-D.ietf-rtcweb-security-arch'?> <author initials="H." surname="Alvestrand" fullname="Harald T. Alvestrand">
<organization />
</author>
<?rfc include='reference.I-D.ietf-ice-rfc5245bis'?> <date month="June" year="2020" />
</front>
<seriesInfo name="RFC" value="8825" />
<seriesInfo name="DOI" value="10.17487/RFC8825"/>
<?rfc include='reference.I-D.ietf-tsvwg-rtcweb-qos'?> </reference>
<?rfc include='reference.I-D.ietf-tsvwg-sctp-dtls-encaps'?> <!-- draft-ietf-rmcat-cc-requirements-09: RFC 8836 -->
<reference anchor="RFC8836" target="https://www.rfc-editor.org/info/rfc8836">
<front>
<title>Congestion Control Requirements for Interactive Real-Time Media</titl
e>
<author initials="R" surname="Jesup" fullname="Randell Jesup">
<organization/>
</author>
<author initials="Z" surname="Sarker" fullname="Zaheduzzaman Sarker" role="e
ditor">
<organization/>
</author>
<date month="June" year="2020"/>
</front>
<seriesInfo name="RFC" value="8836" />
<seriesInfo name="DOI" value="10.17487/RFC8836"/>
</reference>
<?rfc include='reference.I-D.ietf-mmusic-sctp-sdp'?> <!--draft-ietf-rtcweb-security: RFC 8826 -->
<reference anchor="RFC8826" target="https://www.rfc-editor.org/info/rfc8826">
<front>
<title>Security Considerations for WebRTC</title>
<author initials='E.' surname='Rescorla' fullname='Eric Rescorla'>
<organization/>
</author>
<date month='May' year='2020'/>
</front>
<seriesInfo name="RFC" value="8826"/>
<seriesInfo name="DOI" value="10.17487/RFC8826"/>
</reference>
<?rfc include='reference.I-D.ietf-tsvwg-sctp-ndata'?> <!-- draft-ietf-rtcweb-rtp-usage; RFC 8834 -->
<reference anchor="RFC8834" target="https://www.rfc-editor.org/info/rfc8834">
<front>
<title>Media Transport and Use of RTP in WebRTC</title>
<author initials="C." surname="Perkins" fullname="Colin Perkins">
<organization />
</author>
<author initials="M." surname="Westerlund" fullname="Magnus Westerlund">
<organization />
</author>
<author initials="J." surname="Ott" fullname="Jörg Ott">
<organization />
</author>
<date month="June" year="2020" />
</front>
<seriesInfo name="RFC" value="8834" />
<seriesInfo name="DOI" value="10.17487/RFC8834"/>
</reference>
<?rfc include='reference.I-D.ietf-mmusic-ice-dualstack-fairness'?> <!-- draft-ietf-rtcweb-data-channel: 8831 -->
<reference anchor="RFC8831" target="https://www.rfc-editor.org/info/rfc8831">
<front>
<title>WebRTC Data Channels</title>
<author initials="R" surname="Jesup" fullname="Randell Jesup">
<organization/>
</author>
<author initials="S" surname="Loreto" fullname="Salvatore Loreto">
<organization/>
</author>
<author initials="M" surname="Tüxen" fullname="Michael Tüxen">
<organization/>
</author>
<date month='June' year='2020'/>
</front>
<seriesInfo name="RFC" value="8831"/>
<seriesInfo name="DOI" value="10.17487/RFC8831"/>
</reference>
<?rfc include='reference.I-D.ietf-rtcweb-alpn'?> <!--draft-ietf-rtcweb-data-protocol: 8832 -->
<reference anchor="RFC8832" target="https://www.rfc-editor.org/info/rfc8832">
<front>
<title>WebRTC Data Channel Establishment Protocol</title>
<author initials='R.' surname='Jesup' fullname='Randell Jesup'>
<organization/>
</author>
<author initials='S.' surname='Loreto' fullname='Salvatore Loreto'>
<organization/>
</author>
<author initials='M' surname='Tüxen' fullname='Michael Tüxen'>
<organization/>
</author>
<date month='June' year='2020'/>
</front>
<seriesInfo name="RFC" value="8832"/>
<seriesInfo name="DOI" value="10.17487/RFC8832"/>
</reference>
<?rfc include='reference.I-D.ietf-avtcore-rfc5764-mux-fixes'?> <!--draft-ietf-rtcweb-security-arch: 8827 -->
</references> <reference anchor="RFC8827" target="https://www.rfc-editor.org/info/rfc8827">
<front>
<title>WebRTC Security Architecture</title>
<author initials='E.' surname='Rescorla' fullname='Eric Rescorla'>
<organization/>
</author>
<date month='June' year='2020'/>
</front>
<seriesInfo name="RFC" value="8827"/>
<seriesInfo name="DOI" value="10.17487/RFC8827"/>
</reference>
<references title="Informative References"> <!-- draft-ietf-tsvwg-rtcweb-qos-18: 8837 -->
<?rfc include='reference.RFC.5128'?> <reference anchor="RFC8837" target="https://www.rfc-editor.org/info/rfc8837">
<front>
<title>Differentiated Services Code Point (DSCP) Packet Markings for
WebRTC QoS</title>
<author initials="P." surname="Jones" fullname="Paul Jones">
<organization/>
</author>
<author initials="S." surname="Dhesikan" fullname="Subha Dhesikan">
<organization/>
</author>
<author initials="C." surname="Jennings" fullname="Cullen Jennings">
<organization/>
</author>
<author initials="D." surname="Druta" fullname="Dan Druta">
<organization/>
</author>
<date month="June" year="2020"/>
</front>
<seriesInfo name="RFC" value="8837" />
<seriesInfo name="DOI" value="10.17487/RFC8837"/>
</reference>
<?rfc include='reference.RFC.5014'?> <!-- draft-ietf-mmusic-sctp-sdp -->
<reference anchor="RFC8841" target="https://www.rfc-editor.org/info/rfc8841">
<front>
<title>Session Description Protocol (SDP) Offer/Answer Procedures for
Stream Control Transmission Protocol (SCTP) over Datagram Transport Layer
Security (DTLS) Transport</title>
<author initials="C." surname="Holmberg" fullname="Christer Holmberg">
<organization />
</author>
<author initials="R." surname="Shpount" fullname="Roman Shpount">
<organization />
</author>
<author initials="S." surname="Loreto" fullname="Salvatore Loreto">
<organization />
</author>
<author initials="G." surname="Camarillo" fullname="Gonzalo Camarillo">
<organization />
</author>
<date month="June" year="2020" />
</front>
<seriesInfo name="RFC" value="8841" />
<seriesInfo name="DOI" value="10.17487/RFC8841"/>
</reference>
<?rfc include='reference.RFC.3484'?> <reference anchor="RFC8833" target="https://www.rfc-editor.org/info/rfc8833">
<front>
<title>Application-Layer Protocol Negotiation (ALPN) for WebRTC</title>
<?rfc include='reference.RFC.7657'?> <author initials="M." surname="Thomson" fullname="Martin Thomson">
<organization />
</author>
<?rfc include='reference.I-D.ietf-rmcat-coupled-cc'?> <date month="June" year="2020" />
</front>
<seriesInfo name="RFC" value="8833" />
<seriesInfo name="DOI" value="10.17487/RFC8833"/>
<?rfc include='reference.I-D.ietf-tram-turn-server-discovery'?> </reference>
<?rfc include='reference.I-D.ietf-rtcweb-return'?> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7983.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8083.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8445.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8421.xml"/>
</references>
<references>
<name>Informative References</name>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.5128.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.5014.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.3484.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7657.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8155.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8699.xml"/>
<xi:include href="https://www.rfc-editor.org/refs/bibxml3/reference.I-D.i
etf-rtcweb-return.xml"/>
<reference anchor="ANRW16" target=""> <reference anchor="ANRW16" target="https://irtf.org/anrw/2016/anrw16-fin
<front> al17.pdf">
<title>How to say that you're special: Can we use bits in the IPv4 <front>
<title>How to say that you're special: Can we use bits in the IPv4
header?</title> header?</title>
<author fullname="R. Barik" initials="R." surname="Barik"/>
<author fullname="R. Barik" initials="R." surname="Barik"/> <author fullname="M. Welzl" initials="M." surname="Welzl"/>
<author fullname="A. Elmokashfi" initials="A." surname="Elmokashfi"/
<author fullname="M. Welzl" initials="M." surname="Welzl"/> >
<date month="July" year="2016"/>
<author fullname="A. Elmokashfi" initials="A." surname="Elmokashfi"/> </front>
<seriesInfo name="DOI" value="10.1145/2959424.2959442"/>
<date month="July" year="2016"/> <seriesInfo name="ANRW '16:" value="Proceedings of the 2016 Applied
</front> Networking Research Workshop"/>
<refcontent>pages 68-70</refcontent>
<seriesInfo name="ACM, IRTF, ISOC Applied Networking Research Workshop ( </reference>
ANRW 2016), Berlin" </references>
value=""/>
</reference>
</references> </references>
<section anchor="Acknowledgements" numbered="false" toc="default">
<name>Acknowledgements</name>
<!-- [rfced] This sentence has been updated to refer to RFC 8826. Please
review and let us know if any corrections are required. For example, do you
want to refer to a specific version of draft-ietf-rtcweb-overview?
<section title="Change log"> Original:
<t>This section should be removed before publication as an RFC.</t> This document is based on earlier versions embedded in
[I-D.ietf-rtcweb-overview], which were the results of contributions
<section title="Changes from -00 to -01"> from many RTCWEB WG members.
<t><list style="symbols"> -->
<t>Clarified DSCP requirements, with reference to -qos-</t>
<t>Clarified "symmetric NAT" -&gt; "NATs which perform
endpoint-dependent mapping"</t>
<t>Made support of TURN over TCP mandatory</t>
<t>Made support of TURN over TLS a MAY, and added open
question</t>
<t>Added an informative reference to -firewalls-</t>
<t>Called out that we don't make requirements on HTTP proxy
interaction (yet</t>
</list></t>
</section>
<section title="Changes from -01 to -02">
<t><list style="symbols">
<t>Required support for 300 Alternate Server from STUN.</t>
<t>Separated the ICE-TCP candidate requirement from the TURN-TCP
requirement.</t>
<t>Added new sections on using QoS functions, and on multiplexing
considerations.</t>
<t>Removed all mention of RTP profiles. Those are the business of
the RTP usage draft, not this one.</t>
<t>Required support for TURN IPv6 extensions.</t>
<t>Removed reference to the TURN URI scheme, as it was
unnecessary.</t>
<t>Made an explicit statement that multiplexing (or not) is an
application matter.</t>
</list>.</t>
</section>
<section title="Changes from -02 to -03">
<t><list style="symbols">
<t>Added required support for draft-ietf-tsvwg-sctp-ndata</t>
<t>Removed discussion of multiplexing, since this is present in
rtp-usage.</t>
<t>Added RFC 4571 reference for framing RTP packets over TCP.</t>
<t>Downgraded TURN TCP candidates from SHOULD to MAY, and added
more language discussing TCP usage.</t>
<t>Added language on IPv6 temporary addresses.</t>
<t>Added language describing multiplexing choices.</t>
<t>Added a separate section detailing what it means when we say
that an WebRTC implementation MUST support both IPv4 and IPv6.</t>
</list></t>
</section>
<section title="Changes from -03 to -04">
<t><list style="symbols">
<t>Added a section on prioritization, moved the DSCP section into
it, and added a section on local prioritization, giving a specific
algorithm for interpreting "priority" in local prioritization.</t>
<t>ICE-TCP candidates was changed from MAY to MUST, in recognition
of the sense of the room at the London IETF.</t>
</list></t>
</section>
<section title="Changes from -04 to -05">
<t><list style="symbols">
<t>Reworded introduction</t>
<t>Removed all references to "WebRTC". It now uses only the term
RTCWEB.</t>
<t>Addressed a number of clarity / language comments</t>
<t>Rewrote the prioritization to cover data channels and to
describe multiple ways of prioritizing flows</t>
<t>Made explicit reference to "MUST do DTLS-SRTP", and referred to
security-arch for details</t>
</list></t>
</section>
<section title="Changes from -05 to -06">
<t><list style="symbols">
<t>Changed all references to "RTCWEB" to "WebRTC", except one
reference to the working group</t>
<t>Added reference to the httpbis "connect" protocol (being
adopted by HTTPBIS)</t>
<t>Added reference to the ALPN header (being adopted by
RTCWEB)</t>
<t>Added reference to the DART RTP document</t>
<t>Said explicitly that SCTP for data channels has a single DSCP
codepoint</t>
</list></t>
</section>
<section title="Changes from -06 to -07">
<t><list style="symbols">
<t>Updated references</t>
<t>Removed reference to
draft-hutton-rtcweb-nat-firewall-considerations</t>
</list></t>
</section>
<section title="Changes from -07 to -08">
<t><list style="symbols">
<t>Updated references</t>
<t>Deleted "bundle each media type (audio, video or data) into its
own 5-tuple (bundling by media type)" from MUST support
configuration, since JSEP does not have a means to negotiate this
configuration</t>
</list></t>
</section>
<section title="Changes from -08 to -09">
<t><list style="symbols">
<t>Added a clarifying note about DTLS-SRTP and ICE
interaction.</t>
</list></t>
</section>
<section title="Changes from -09 to -10">
<t><list style="symbols">
<t>Re-added references to proxy authentication lost in 07-08
transition (Bug #5)</t>
<t>Rearranged and rephrased text in section 4 about prioritization
to reflect discussions in TSVWG.</t>
<t>Changed the "Connect" header to "ALPN", and updated reference.
(Bug #6)</t>
</list></t>
</section>
<section title="Changes from -10 to -11">
<t><list style="symbols">
<t>Added a definition of the term "flow" used in the
prioritization chapter</t>
<t>Changed the names of the four priority levels to conform to
other specs.</t>
</list></t>
</section>
<section title="Changes from -11 to -12">
<t><list style="symbols">
<t>Added a SHOULD NOT about using deprecated temporary IPv6
addresses.</t>
<t>Updated draft-ietf-dart-dscp-rtp reference to RFC 7657</t>
</list></t>
</section>
<section title="Changes from -12 to -13">
<t><list style="symbols">
<t>Clarify that the ALPN header needs to be sent.</t>
<t>Mentioned that RFC 7657 also talks about congestion control</t>
</list></t>
</section>
<section title="Changes from -13 to -14">
<t><list style="symbols">
<t>Add note about non-support for marking flows as interactive or
non-interactive.</t>
</list></t>
</section>
<section title="Changes from -14 to -15">
<t><list style="symbols">
<t>Various text clarifications based on comments in Last Call and
IESG review</t>
<t>Clarified that only non-deprecated IPv6 addresses are used</t>
<t>Described handling of downgrading of DSCP markings when
blackholes are detected</t>
<t>Expanded acronyms in a new protocol list</t>
</list></t>
</section>
<section title="Changes from -15 to -16">
<t>These changes are done post IESG approval, and address IESG
comments and other late comments. Issue numbers refer to
https://github.com/rtcweb-wg/rtcweb-transport/issues.</t>
<t><list style="symbols">
<t>Moved RFC 4594, 7656 and -overview to normative (issue #28)</t>
<t>Changed the terms "client", "WebRTC implementation" and "WebRTC
device" to consistently be "WebRTC endpoint", as defined in
-overview. (issue #40)</t>
<t>Added a note mentioning TURN service discovery and RETURN
(issue #42)</t>
<t>Added a note mentioning that rtp-usage requires circut breaker
and congestion control (issue #43)</t>
<t>Added mention of the "don't discard temporary IPv6 addresses
that are in use" (issue #44)</t>
<t>Added a reference to draft-ietf-rmcat-coupled-cc (issue
#46)</t>
</list></t>
</section>
<section title="Changes from -16 to -17">
<t><list style="symbols">
<t>Added an informative reference to the "DSCP blackholing"
paper</t>
<t>Changed the reference for ICE from RFC 5245 to <t>This document is based on earlier draft versions embedded in <xref
draft-ietf-ice-rfc5245bis</t> target="RFC8825"/>, which were the result of contributions from many RTCWE
</list></t> B Working Group
</section> members.</t>
<t>Special thanks for reviews of earlier draft versions of this document g
o to
<contact fullname="Eduardo Gueiros"/>, <contact fullname="Magnus
Westerlund"/>, <contact fullname="Markus Isomaki"/>, and <contact fullnam
e="Dan Wing"/>; the
contributions from <contact fullname="Andrew Hutton"/> also deserve specia
l mention.</t>
</section> </section>
</back> </back>
</rfc> </rfc>
 End of changes. 134 change blocks. 
635 lines changed or deleted 620 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/