Application-Layer Protocol Negotiation (ALPN) for WebRTC
RFC 8833
Document | Type | RFC - Proposed Standard (January 2021; No errata) | |
---|---|---|---|
Author | Martin Thomson | ||
Last updated | 2021-01-18 | ||
Replaces | draft-thomson-rtcweb-alpn | ||
Stream | IETF | ||
Formats | plain text html xml pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Sean Turner | ||
Shepherd write-up | Show (last changed 2016-02-25) | ||
IESG | IESG state | RFC 8833 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Alissa Cooper | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) M. Thomson Request for Comments: 8833 Mozilla Category: Standards Track January 2021 ISSN: 2070-1721 Application-Layer Protocol Negotiation (ALPN) for WebRTC Abstract This document specifies two Application-Layer Protocol Negotiation (ALPN) labels for use with Web Real-Time Communication (WebRTC). The "webrtc" label identifies regular WebRTC: a DTLS session that is used to establish keys for the Secure Real-time Transport Protocol (SRTP) or to establish data channels using the Stream Control Transmission Protocol (SCTP) over DTLS. The "c-webrtc" label describes the same protocol, but the peers also agree to maintain the confidentiality of the media by not sharing it with other applications. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8833. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 1.1. Conventions 2. ALPN Labels for WebRTC 3. Media Confidentiality 4. Security Considerations 5. IANA Considerations 6. References 6.1. Normative References 6.2. Informative References Author's Address 1. Introduction Web Real-Time Communication (WebRTC) [RFC8825] uses Datagram Transport Layer Security (DTLS) [RFC6347] to secure all peer-to-peer communications. Identifying WebRTC protocol usage with Application-Layer Protocol Negotiation (ALPN) [RFC7301] enables an endpoint to positively identify WebRTC uses and distinguish them from other DTLS uses. Different WebRTC uses can be advertised and behavior can be constrained to what is appropriate to a given use. In particular, this allows for the identification of sessions that require confidentiality protection from the application that manages the signaling for the session. 1.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. ALPN Labels for WebRTC The following identifiers are defined for use in ALPN: webrtc: The DTLS session is used to establish keys for the Secure Real-time Transport Protocol (SRTP) -- known as DTLS-SRTP -- as described in [RFC5764]. The DTLS record layer is used for WebRTC data channels [RFC8831]. c-webrtc: The DTLS session is used for confidential WebRTC, where peers agree to maintain the confidentiality of the media, as described in Section 3. The confidentiality protections ensure that media is protected from other applications, but the confidentiality protections do not extend to messages on data channels. Both identifiers describe the same basic protocol: a DTLS session that is used to provide keys for an SRTP session in combination with WebRTC data channels. Either SRTP or data channels could be absent. The data channels send the Stream Control Transmission Protocol (SCTP) [RFC4960] over the DTLS record layer, which can be multiplexed with SRTP on the same UDP flow. WebRTC requires the use of Interactive Connectivity Establishment (ICE) [RFC8445] to establish UDP flow, but this is not covered by the identifier. A more thorough definition of what WebRTC entails is included in [RFC8835]. There is no functional difference between the identifiers except that an endpoint negotiating "c-webrtc" makes a promise to preserve the confidentiality of the media it receives. A peer that is not aware of whether it needs to requestShow full document text