draft-ietf-avtcore-rfc5764-mux-fixes-11.txt   rfc7983.txt 
AVTCORE M. Petit-Huguenin Internet Engineering Task Force (IETF) M. Petit-Huguenin
Internet-Draft Impedance Mismatch Request for Comments: 7983 Impedance Mismatch
Updates: 5764 (if approved) G. Salgueiro Updates: 5764 G. Salgueiro
Intended status: Standards Track Cisco Systems Category: Standards Track Cisco Systems
Expires: March 5, 2017 September 1, 2016 ISSN: 2070-1721 September 2016
Multiplexing Scheme Updates for Secure Real-time Transport Protocol Multiplexing Scheme Updates
(SRTP) Extension for Datagram Transport Layer Security (DTLS) for Secure Real-time Transport Protocol (SRTP) Extension
draft-ietf-avtcore-rfc5764-mux-fixes-11 for Datagram Transport Layer Security (DTLS)
Abstract Abstract
This document defines how Datagram Transport Layer Security (DTLS), This document defines how Datagram Transport Layer Security (DTLS),
Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP),
Session Traversal Utilities for NAT (STUN), Traversal Using Relays Session Traversal Utilities for NAT (STUN), Traversal Using Relays
around NAT (TURN), and ZRTP packets are multiplexed on a single around NAT (TURN), and ZRTP packets are multiplexed on a single
receiving socket. It overrides the guidance from RFC 5764 ("SRTP receiving socket. It overrides the guidance from RFC 5764 ("SRTP
Extension for DTLS"), which suffered from four issues described and Extension for DTLS"), which suffered from four issues described and
fixed in this document. fixed in this document.
This document updates RFC 5764. This document updates RFC 5764.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on March 5, 2017. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7983.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 30 skipping to change at page 2, line 39
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Implicit Allocation of Codepoints for New STUN Methods . . . 4 3. Implicit Allocation of Codepoints for New STUN Methods . . . 4
4. Multiplexing of ZRTP . . . . . . . . . . . . . . . . . . . . 5 4. Multiplexing of ZRTP . . . . . . . . . . . . . . . . . . . . 5
5. Implicit Allocation of New Codepoints for TLS ContentTypes . 5 5. Implicit Allocation of New Codepoints for TLS ContentTypes . 5
6. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 6 6. Multiplexing of TURN Channels . . . . . . . . . . . . . . . . 7
7. RFC 5764 Updates . . . . . . . . . . . . . . . . . . . . . . 8 7. Updates to RFC 5764 . . . . . . . . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9.1. STUN Methods . . . . . . . . . . . . . . . . . . . . . . 9 9.1. STUN Methods . . . . . . . . . . . . . . . . . . . . . . 10
9.2. TLS ContentType . . . . . . . . . . . . . . . . . . . . . 10 9.2. TLS ContentType . . . . . . . . . . . . . . . . . . . . . 10
9.3. Traversal Using Relays around NAT (TURN) Channel Numbers 10 9.3. Traversal Using Relays around NAT (TURN) Channel Numbers 11
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 10.1. Normative References . . . . . . . . . . . . . . . . . . 11
11.1. Normative References . . . . . . . . . . . . . . . . . . 11 10.2. Informative References . . . . . . . . . . . . . . . . . 12
11.2. Informative References . . . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13
Appendix A. Release notes . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
A.1. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-11 and draft-ietf-avtcore-rfc5764-mux-fixes-10 . . 12
A.2. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-10 and draft-ietf-avtcore-rfc5764-mux-fixes-09 . . 13
A.3. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-09 and draft-ietf-avtcore-rfc5764-mux-fixes-08 . . 13
A.4. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-08 and draft-ietf-avtcore-rfc5764-mux-fixes-07 . . 13
A.5. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-07 and draft-ietf-avtcore-rfc5764-mux-fixes-06 . . 13
A.6. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-06 and draft-ietf-avtcore-rfc5764-mux-fixes-05 . . 13
A.7. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-05 and draft-ietf-avtcore-rfc5764-mux-fixes-04 . . 13
A.8. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-04 and draft-ietf-avtcore-rfc5764-mux-fixes-03 . . 13
A.9. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-03 and draft-ietf-avtcore-rfc5764-mux-fixes-02 . . 14
A.10. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-02 and draft-ietf-avtcore-rfc5764-mux-fixes-01 . . 14
A.11. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-01 and draft-ietf-avtcore-rfc5764-mux-fixes-00 . . 14
A.12. Modifications between draft-ietf-avtcore-rfc5764-mux-
fixes-00 and draft-petithuguenin-avtcore-rfc5764-mux-
fixes-02 . . . . . . . . . . . . . . . . . . . . . . . . 14
A.13. Modifications between draft-petithuguenin-avtcore-rfc5764
-mux-fixes-00 and draft-petithuguenin-avtcore-rfc5764
-mux-fixes-01 . . . . . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
Section 5.1.2 of Secure Real-time Transport Protocol (SRTP) Extension Section 5.1.2 of "Datagram Transport Layer Security (DTLS) Extension
for DTLS [RFC5764] defines a scheme for a Real-time Transport to Establish Keys for the Secure Real-time Transport Protocol (SRTP)"
Protocol (RTP) [RFC3550] receiver to demultiplex Datagram Transport [RFC5764] defines a scheme for a Real-time Transport Protocol (RTP)
Layer Security (DTLS) [RFC6347], Session Traversal Utilities for NAT [RFC3550] receiver to demultiplex DTLS [RFC6347], Session Traversal
(STUN) [RFC5389] and Secure Real-time Transport Protocol Utilities for NAT (STUN) [RFC5389], and Secure Real-time Transport
(SRTP)/Secure RTP Control Protocol (SRTCP) [RFC3711] packets that are Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP)
arriving on the RTP port. Unfortunately, this demultiplexing scheme [RFC3711] packets that are arriving on the RTP port. Unfortunately,
has created problematic issues: this demultiplexing scheme has created problematic issues:
1. It implicitly allocated codepoints for new STUN methods without 1. It implicitly allocated codepoints for new STUN methods without
an IANA registry reflecting these new allocations. an IANA registry reflecting these new allocations.
2. It did not take into account the fact that ZRTP [RFC6189] also 2. It did not take into account the fact that ZRTP [RFC6189] also
needs to be demultiplexed with the other packet types explicitly needs to be demultiplexed with the other packet types explicitly
mentioned in Section 5.1.2 of RFC 5764. mentioned in Section 5.1.2 of RFC 5764.
3. It implicitly allocated codepoints for new Transport Layer 3. It implicitly allocated codepoints for new Transport Layer
Security (TLS) ContentTypes without an IANA registry reflecting Security (TLS) ContentTypes without an IANA registry reflecting
skipping to change at page 4, line 13 skipping to change at page 3, line 40
explicitly mentioned in Section 5.1.2 of RFC 5764. explicitly mentioned in Section 5.1.2 of RFC 5764.
Having overlapping ranges between different IANA registries becomes Having overlapping ranges between different IANA registries becomes
an issue when a new codepoint is allocated in one of these registries an issue when a new codepoint is allocated in one of these registries
without carefully analyzing the impact it could have on the other without carefully analyzing the impact it could have on the other
registries when that codepoint is demultiplexed. Among other registries when that codepoint is demultiplexed. Among other
downsides of the bad design of the demultiplexing algorithm detailed downsides of the bad design of the demultiplexing algorithm detailed
in [RFC5764], it creates a requirement for coordination between in [RFC5764], it creates a requirement for coordination between
codepoint assignments where none should exist, and that is codepoint assignments where none should exist, and that is
organizationally and socially undesirable. However, RFC 5764 has organizationally and socially undesirable. However, RFC 5764 has
been widely deployed so there must be an awareness of this issue and been widely deployed, so there must be an awareness of this issue and
how it must be dealt with. Thus, even if the feature related to a how it must be dealt with. Thus, even if the feature related to a
codepoint is not initially thought to be useful in the context of codepoint is not initially thought to be useful in the context of
demultiplexing, the respective IANA registry expert should at least demultiplexing, the respective IANA registry expert should at least
raise a flag when the allocated codepoint irrevocably prevents raise a flag when the allocated codepoint irrevocably prevents
multiplexing. multiplexing.
The first goal of this document is to make sure that future The first goal of this document is to make sure that future
allocations in any of the affected protocols are done with the full allocations in any of the affected protocols are done with the full
knowledge of their impact on multiplexing. This is achieved by knowledge of their impact on multiplexing. This is achieved by
updating [RFC5764], which includes modifying the IANA registries with updating [RFC5764], which includes modifying the IANA registries with
instructions for coordination between the protocols at risk. instructions for coordination between the protocols at risk.
A second goal is to permit the addition of new protocols to the list A second goal is to permit the addition of new protocols to the list
of existing multiplexed protocols in a manner that does not break of existing multiplexed protocols in a manner that does not break
existing implementations. existing implementations.
At the time of this writing, the flaws in the demultiplexing scheme At the time of this writing, the flaws in the demultiplexing scheme
were unavoidably inherited by other documents, such as [RFC7345] and were unavoidably inherited by other documents, such as [RFC7345] and
[I-D.ietf-mmusic-sdp-bundle-negotiation]. So in addition, these and [SDP-BUNDLE]. So in addition, these and any other affected documents
any other affected documents will need to be corrected with the will need to be corrected with the updates this document provides.
updates this document provides.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Implicit Allocation of Codepoints for New STUN Methods 3. Implicit Allocation of Codepoints for New STUN Methods
The demultiplexing scheme in [RFC5764] states that the receiver can The demultiplexing scheme in [RFC5764] states that the receiver can
identify the packet type by looking at the first byte. If the value identify the packet type by looking at the first byte. If the value
of this first byte is 0 or 1, the packet is identified to be STUN. of this first byte is 0 or 1, the packet is identified to be STUN.
The problem that arises as a result of this implicit allocation is The problem with this implicit allocation is that it restricts the
that this restricts the codepoints for STUN methods (as described in codepoints for STUN methods (as described in Section 18.1 of
Section 18.1 of [RFC5389]) to values between 0x000 and 0x07F, which [RFC5389]) to values between 0x000 and 0x07F, which in turn reduces
in turn reduces the number of possible STUN method codepoints the number of possible STUN method codepoints assigned by IETF Review
assigned by IETF Review (i.e., the range from (0x000 - 0x7FF) from (i.e., the range 0x000 - 0x7FF) from 2048 to only 128 and eliminates
2048 to only 128 and eliminating the possibility of having STUN the possibility of having STUN method codepoints assigned by
method codepoints assigned by Designated Expert (i.e., the range Designated Expert (i.e., the range 0x800 - 0xFFF).
0x800 - 0xFFF).
To preserve the Designated Expert range, this document allocates the To preserve the Designated Expert range, this document allocates the
value 2 and 3 to also identify STUN methods. values 2 and 3 to also identify STUN methods.
The IANA Registry for STUN methods is modified to mark the codepoints The IANA Registry for STUN methods has been modified to mark the
from 0x100 to 0xFFF as Reserved. These codepoints can still be codepoints from 0x100 to 0xFFF as Reserved. These codepoints can
allocated, but require IETF Review with a document that will properly still be allocated, but require IETF Review with a document that will
evaluate the risk of an assignment overlapping with other registries. properly evaluate the risk of an assignment overlapping with other
registries.
In addition, this document also updates the IANA registry such that In addition, this document also updates the IANA registry such that
the STUN method codepoints assigned in the 0x080-0x0FF range are also the STUN method codepoints assigned in the 0x080-0x0FF range are also
assigned via Designated Expert. The proposed changes to the STUN assigned via Designated Expert. The "STUN Methods" registry has been
Method Registry are: changed as follows:
OLD: OLD:
0x000-0x7FF IETF Review 0x000-0x7FF IETF Review
0x800-0xFFF Designated Expert 0x800-0xFFF Designated Expert
NEW: NEW:
0x000-0x07F IETF Review 0x000-0x07F IETF Review
0x080-0x0FF Designated Expert 0x080-0x0FF Designated Expert
0x100-0xFFF Reserved 0x100-0xFFF Reserved
4. Multiplexing of ZRTP 4. Multiplexing of ZRTP
ZRTP [RFC6189] is a protocol for media path Diffie-Hellman exchange ZRTP [RFC6189] is a protocol for media path Diffie-Hellman exchange
to agree on a session key and parameters for establishing unicast to agree on a session key and parameters for establishing unicast
Secure Real-time Transport Protocol (SRTP) sessions for Voice over IP SRTP sessions for Voice over IP (VoIP) applications. The ZRTP
(VoIP) applications. The ZRTP protocol is media path keying because protocol is media path keying because it is multiplexed on the same
it is multiplexed on the same port as RTP and does not require port as RTP and does not require support in the signaling protocol.
support in the signaling protocol.
In order to prevent future documents from assigning values from the In order to prevent future documents from assigning values from the
unused range to a new protocol, this document modifies the [RFC5764] unused range to a new protocol, this document modifies the [RFC5764]
demultiplexing algorithm to properly account for ZRTP [RFC6189] by demultiplexing algorithm to properly account for ZRTP [RFC6189] by
allocating the values from 16 to 19 for this purpose. allocating the values from 16 to 19 for this purpose.
5. Implicit Allocation of New Codepoints for TLS ContentTypes 5. Implicit Allocation of New Codepoints for TLS ContentTypes
The demultiplexing scheme in [RFC5764] dictates that if the value of The demultiplexing scheme in [RFC5764] dictates that if the value of
the first byte is between 20 and 63 (inclusive), then the packet is the first byte is between 20 and 63 (inclusive), then the packet is
identified to be DTLS. For DTLS 1.0 [RFC4347] and DTLS 1.2 [RFC6347] identified to be DTLS. For DTLS 1.0 [RFC4347] and DTLS 1.2
that first byte corresponds to the TLS ContentType field. [RFC6347], that first byte corresponds to the TLS ContentType field.
Considerations must be taken into account when assigning additional Considerations must be taken into account when assigning additional
ContentTypes in the code point ranges 0 to 19 and 64 to 255 so this ContentTypes in the codepoint ranges 0 to 19 and 64 to 255, so this
does not prevent demultiplexing when this functionality is desirable. does not prevent demultiplexing when this functionality is desirable.
Note that [RFC5764] describes a narrow use of DTLS that works as long Note that [RFC5764] describes a narrow use of DTLS that works as long
as the specific DTLS version used abides by the restrictions on the as the specific DTLS version used abides by the restrictions on the
demultiplexing byte (the ones that this document imposes on the TLS demultiplexing byte (the ones that this document imposes on the "TLS
ContentType Registry). Any extension or revision to DTLS that causes ContentType Registry"). Any extension or revision to DTLS that
it to no longer meet these constraints should consider what values causes it to no longer meet these constraints should consider what
may occur in the first byte of the DTLS message and what impact it values may occur in the first byte of the DTLS message and what
would have on the multiplexing that [RFC5764] describes. impact it would have on the multiplexing that [RFC5764] describes.
With respect to TLS packet identification, this document explicitly With respect to TLS packet identification, this document explicitly
adds a warning to the codepoints from 0 to 19 and from 64 to 255 adds a warning to the codepoints from 0 to 19 and from 64 to 255
indicating that allocations in these ranges require coordination, as indicating that allocations in these ranges require coordination, as
described in this document. The proposed changes to the TLS described in this document. The "TLS ContentType Registry" has been
ContentType Registry are: changed as follows:
OLD: OLD:
0-19 Unassigned 0-19 Unassigned
20 change_cipher_spec 20 change_cipher_spec
21 alert 21 alert
22 handshake 22 handshake
23 application_data 23 application_data
24 heartbeat 24 heartbeat
25-255 Unassigned 25-255 Unassigned
NEW: NEW:
0-19 Unassigned (Requires coordination, see RFCXXXX) 0-19 Unassigned (Requires coordination; see RFC 7983)
20 change_cipher_spec 20 change_cipher_spec
21 alert 21 alert
22 handshake 22 handshake
23 application_data 23 application_data
24 heartbeat 24 heartbeat
25-63 Unassigned 25-63 Unassigned
64-255 Unassigned (Requires coordination, see RFCXXXX) 64-255 Unassigned (Requires coordination; see RFC 7983)
6. Multiplexing of TURN Channels 6. Multiplexing of TURN Channels
When used with ICE [RFC5245], an RFC 5764 implementation can receive When used with Interactive Connectivity Establishment (ICE)
packets on the same socket from three different paths, as shown in [RFC5245], an implementation of RFC 5764 can receive packets on the
Figure 1: same socket from three different paths, as shown in Figure 1:
1. Directly from the source 1. Directly from the source
2. Through a NAT 2. Through a NAT
3. Relayed by a TURN server 3. Relayed by a TURN server
+------+ +------+
| TURN |<------------------------+ | TURN |<------------------------+
+------+ | +------+ |
| | | |
| +-------------------------+ | | +-------------------------+ |
| | | | | | | |
v v | | v v | |
NAT ----------- | | NAT ----------- | |
| | +---------------------+ | | | | +---------------------+ | |
| | | | | | | | | | | |
skipping to change at page 7, line 19 skipping to change at page 7, line 32
| | | | | | | |
v v | | v v | |
NAT ----------- | | NAT ----------- | |
| | +---------------------+ | | | | +---------------------+ | |
| | | | | | | | | | | |
v v v | | | v v v | | |
+----------+ +----------+ +----------+ +----------+
| RFC 5764 | | RFC 5764 | | RFC 5764 | | RFC 5764 |
+----------+ +----------+ +----------+ +----------+
Figure 1: Packet Reception by an RFC 5764 Implementation Figure 1: Packet Reception by an Implementation of RFC 5764
Even if the ICE algorithm succeeded in selecting a non-relayed path, Even if the ICE algorithm succeeded in selecting a non-relayed path,
it is still possible to receive data from the TURN server. For it is still possible to receive data from the TURN server. For
instance, when ICE is used with aggressive nomination the media path instance, when ICE is used with aggressive nomination, the media path
can quickly change until it stabilizes. Also, freeing ICE candidates can quickly change until it stabilizes. Also, freeing ICE candidates
is optional, so the TURN server can restart forwarding STUN is optional, so the TURN server can restart forwarding STUN
connectivity checks during an ICE restart. connectivity checks during an ICE restart.
TURN channels are an optimization where data packets are exchanged TURN channels are an optimization where data packets are exchanged
with a 4-byte prefix, instead of the standard 36-byte STUN overhead with a 4-byte prefix instead of the standard 36-byte STUN overhead
(see Section 2.5 of [RFC5766]). The problem is that the RFC 5764 (see Section 2.5 of [RFC5766]). The problem is that the RFC 5764
demultiplexing scheme does not define what to do with packets demultiplexing scheme does not define what to do with packets
received over a TURN channel since these packets will start with a received over a TURN channel since these packets will start with a
first byte whose value will be between 64 and 127 (inclusive). If first byte whose value will be between 64 and 127 (inclusive). If
the TURN server was instructed to send data over a TURN channel, then the TURN server was instructed to send data over a TURN channel, then
the current RFC 5764 demultiplexing scheme will reject these packets. the demultiplexing scheme specified in RFC 5764 will reject these
Current implementations violate RFC 5764 for values 64 to 127 packets. Current implementations violate RFC 5764 for values 64 to
(inclusive) and they instead parse packets with such values as TURN. 127 (inclusive) and they instead parse packets with such values as
TURN.
In order to prevent future documents from assigning values from the In order to prevent future documents from assigning values from the
unused range to a new protocol, this document modifies the RFC 5764 unused range to a new protocol, this document modifies the
demultiplexing algorithm to properly account for TURN channels by demultiplexing algorithm in RFC 5764 to properly account for TURN
allocating the values from 64 to 79 for this purpose. This channels by allocating the values from 64 to 79 for this purpose.
modification restricts the TURN channel space to a more limited set This modification restricts the TURN channel space to a more limited
of possible channels when the TURN client does the channel binding set of possible channels when the TURN client does the channel
request in combination with the demultiplexing scheme described in binding request in combination with the demultiplexing scheme
[RFC5764]. described in [RFC5764].
7. RFC 5764 Updates 7. Updates to RFC 5764
This document updates the text in Section 5.1.2 of [RFC5764] as This document updates the text in Section 5.1.2 of [RFC5764] as
follows: follows:
OLD TEXT OLD TEXT
The process for demultiplexing a packet is as follows. The receiver The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is looks at the first byte of the packet. If the value of this byte is
0 or 1, then the packet is STUN. If the value is in between 128 and 0 or 1, then the packet is STUN. If the value is in between 128 and
191 (inclusive), then the packet is RTP (or RTCP, if both RTCP and 191 (inclusive), then the packet is RTP (or RTCP, if both RTCP and
RTP are being multiplexed over the same destination port). If the RTP are being multiplexed over the same destination port). If the
value is between 20 and 63 (inclusive), the packet is DTLS. This value is between 20 and 63 (inclusive), the packet is DTLS. This
process is summarized in Figure 3. process is summarized in Figure 3.
+----------------+ +----------------+
| 127 < B < 192 -+--> forward to RTP | 127 < B < 192 -+--> forward to RTP
| | | |
packet --> | 19 < B < 64 -+--> forward to DTLS packet --> | 19 < B < 64 -+--> forward to DTLS
| | | |
| B < 2 -+--> forward to STUN | B < 2 -+--> forward to STUN
+----------------+ +----------------+
Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm. Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm.
Here the field B denotes the leading byte of the packet. Here the field B denotes the leading byte of the packet.
END OLD TEXT END OLD TEXT
NEW TEXT NEW TEXT
The process for demultiplexing a packet is as follows. The receiver The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is looks at the first byte of the packet. If the value of this byte is
in between 0 and 3 (inclusive), then the packet is STUN. If the in between 0 and 3 (inclusive), then the packet is STUN. If the
value is between 16 and 19 (inclusive), then the packet is ZRTP. If value is between 16 and 19 (inclusive), then the packet is ZRTP. If
the value is between 20 and 63 (inclusive), then the packet is DTLS. the value is between 20 and 63 (inclusive), then the packet is DTLS.
If the value is between 64 and 79 (inclusive), then the packet is If the value is between 64 and 79 (inclusive), then the packet is
TURN Channel. If the value is in between 128 and 191 (inclusive), TURN Channel. If the value is in between 128 and 191 (inclusive),
then the packet is RTP (or RTCP, if both RTCP and RTP are being then the packet is RTP (or RTCP, if both RTCP and RTP are being
skipping to change at page 8, line 44 skipping to change at page 9, line 15
The process for demultiplexing a packet is as follows. The receiver The process for demultiplexing a packet is as follows. The receiver
looks at the first byte of the packet. If the value of this byte is looks at the first byte of the packet. If the value of this byte is
in between 0 and 3 (inclusive), then the packet is STUN. If the in between 0 and 3 (inclusive), then the packet is STUN. If the
value is between 16 and 19 (inclusive), then the packet is ZRTP. If value is between 16 and 19 (inclusive), then the packet is ZRTP. If
the value is between 20 and 63 (inclusive), then the packet is DTLS. the value is between 20 and 63 (inclusive), then the packet is DTLS.
If the value is between 64 and 79 (inclusive), then the packet is If the value is between 64 and 79 (inclusive), then the packet is
TURN Channel. If the value is in between 128 and 191 (inclusive), TURN Channel. If the value is in between 128 and 191 (inclusive),
then the packet is RTP (or RTCP, if both RTCP and RTP are being then the packet is RTP (or RTCP, if both RTCP and RTP are being
multiplexed over the same destination port). If the value does not multiplexed over the same destination port). If the value does not
match any known range then the packet MUST be dropped and an alert match any known range, then the packet MUST be dropped and an alert
MAY be logged. This process is summarized in Figure 3. MAY be logged. This process is summarized in Figure 3.
+----------------+ +----------------+
| [0..3] -+--> forward to STUN | [0..3] -+--> forward to STUN
| | | |
| [16..19] -+--> forward to ZRTP | [16..19] -+--> forward to ZRTP
| | | |
packet --> | [20..63] -+--> forward to DTLS packet --> | [20..63] -+--> forward to DTLS
| | | |
| [64..79] -+--> forward to TURN Channel | [64..79] -+--> forward to TURN Channel
skipping to change at page 9, line 24 skipping to change at page 9, line 37
| [128..191] -+--> forward to RTP/RTCP | [128..191] -+--> forward to RTP/RTCP
+----------------+ +----------------+
Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm. Figure 3: The DTLS-SRTP receiver's packet demultiplexing algorithm.
END NEW TEXT END NEW TEXT
8. Security Considerations 8. Security Considerations
This document updates existing IANA registries and adds a new range This document updates existing IANA registries and adds a new range
for TURN channels in the demuxing algorithm. for TURN channels in the demultiplexing algorithm.
These modifications do not introduce any specific security These modifications do not introduce any specific security
considerations beyond those detailed in [RFC5764]. considerations beyond those detailed in [RFC5764].
9. IANA Considerations 9. IANA Considerations
9.1. STUN Methods 9.1. STUN Methods
This specification contains the registration information for reserved This specification contains the registration information for reserved
STUN Methods codepoints, as explained in Section 3 and in accordance STUN Methods codepoints, as explained in Section 3 and in accordance
with the procedures defined in Section 18.1 of [RFC5389]. with the procedures defined in Section 18.1 of [RFC5389].
Value: 0x100-0xFFF Value: 0x100-0xFFF
Name: Reserved (MUST be allocated with IETF Review. For DTLS-SRTP Name: Reserved (For DTLS-SRTP multiplexing collision avoidance, see
multiplexing collision avoidance see RFCXXXX) RFC 7983. Cannot be made available for assignment without IETF
Review.)
Reference: RFC5764, RFCXXXX Reference: RFC 5764, RFC 7983
This specification also reassigns the ranges in the STUN Methods This specification also reassigns the ranges in the STUN Methods
Registry as follow: Registry as follows:
Range: 0x000-0x07F Range: 0x000-0x07F
Registration Procedures: IETF Review Registration Procedures: IETF Review
Range: 0x080-0x0FF Range: 0x080-0x0FF
Registration Procedures: Designated Expert Registration Procedures: Designated Expert
9.2. TLS ContentType 9.2. TLS ContentType
This specification contains the registration information for reserved This specification contains the registration information for reserved
TLS ContentType codepoints, as explained in Section 5 and in TLS ContentType codepoints, as explained in Section 5 and in
accordance with the procedures defined in Section 12 of [RFC5246]. accordance with the procedures defined in Section 12 of [RFC5246].
Value: 0-19 Value: 0-19
skipping to change at page 10, line 14 skipping to change at page 10, line 40
Registration Procedures: Designated Expert Registration Procedures: Designated Expert
9.2. TLS ContentType 9.2. TLS ContentType
This specification contains the registration information for reserved This specification contains the registration information for reserved
TLS ContentType codepoints, as explained in Section 5 and in TLS ContentType codepoints, as explained in Section 5 and in
accordance with the procedures defined in Section 12 of [RFC5246]. accordance with the procedures defined in Section 12 of [RFC5246].
Value: 0-19 Value: 0-19
Description: Unassigned (Requires coordination, see RFCXXXX) Description: Unassigned (Requires coordination; see RFC 7983)
DTLS-OK: N/A DTLS-OK: N/A
Reference: RFC5764, RFCXXXX Reference: RFC 5764, RFC 7983
Value: 64-255 Value: 64-255
Description: Unassigned (Requires coordination, see RFCXXXX)) Description: Unassigned (Requires coordination; see RFC 7983)
DTLS-OK: N/A DTLS-OK: N/A
Reference: RFC5764, RFCXXXX Reference: RFC 5764, RFC 7983
9.3. Traversal Using Relays around NAT (TURN) Channel Numbers 9.3. Traversal Using Relays around NAT (TURN) Channel Numbers
This specification contains the registration information for reserved This specification contains the registration information for reserved
Traversal Using Relays around NAT (TURN) Channel Numbers codepoints, codepoints in the "Traversal Using Relays around NAT (TURN) Channel
as explained in Section 6 and in accordance with the procedures Numbers" registry, as explained in Section 6 and in accordance with
defined in Section 18 of [RFC5766]. the procedures defined in Section 18 of [RFC5766].
Value: 0x5000-0xFFFF Value: 0x5000-0xFFFF
Name: Reserved (For DTLS-SRTP multiplexing collision avoidance see Name: Reserved (For DTLS-SRTP multiplexing collision avoidance, see
RFCXXXX) RFC 7983.)
Reference: RFCXXXX
[RFC EDITOR NOTE: Please replace RFCXXXX with the RFC number assigned
to this document (for all instances where this convention is used
throughout this draft).]
10. Acknowledgements
The implicit STUN Method codepoint allocations problem was first
reported by Martin Thomson in the RTCWEB mailing-list and discussed
further with Magnus Westerlund.
Thanks to Simon Perreault, Colton Shields, Cullen Jennings, Colin Reference: RFC 7983
Perkins, Magnus Westerlund, Paul Jones, Jonathan Lennox, Varun Singh,
Justin Uberti, Joseph Salowey, Martin Thomson, Ben Campbell, Stephen
Farrell, Alan Johnston, Mehmet Ersue, Matt Miller, Spencer Dawkins,
Joel Halpern and Paul Kyzivat for the comments, suggestions, and
questions that helped improve this document.
11. References 10. References
11.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550,
July 2003, <http://www.rfc-editor.org/info/rfc3550>. July 2003, <http://www.rfc-editor.org/info/rfc3550>.
skipping to change at page 12, line 15 skipping to change at page 12, line 21
[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
Relays around NAT (TURN): Relay Extensions to Session Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN)", RFC 5766, Traversal Utilities for NAT (STUN)", RFC 5766,
DOI 10.17487/RFC5766, April 2010, DOI 10.17487/RFC5766, April 2010,
<http://www.rfc-editor.org/info/rfc5766>. <http://www.rfc-editor.org/info/rfc5766>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>. January 2012, <http://www.rfc-editor.org/info/rfc6347>.
11.2. Informative References 10.2. Informative References
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security", RFC 4347, DOI 10.17487/RFC4347, April 2006, Security", RFC 4347, DOI 10.17487/RFC4347, April 2006,
<http://www.rfc-editor.org/info/rfc4347>. <http://www.rfc-editor.org/info/rfc4347>.
[RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP:
Media Path Key Agreement for Unicast Secure RTP", Media Path Key Agreement for Unicast Secure RTP",
RFC 6189, DOI 10.17487/RFC6189, April 2011, RFC 6189, DOI 10.17487/RFC6189, April 2011,
<http://www.rfc-editor.org/info/rfc6189>. <http://www.rfc-editor.org/info/rfc6189>.
[RFC7345] Holmberg, C., Sedlacek, I., and G. Salgueiro, "UDP [RFC7345] Holmberg, C., Sedlacek, I., and G. Salgueiro, "UDP
Transport Layer (UDPTL) over Datagram Transport Layer Transport Layer (UDPTL) over Datagram Transport Layer
Security (DTLS)", RFC 7345, DOI 10.17487/RFC7345, August Security (DTLS)", RFC 7345, DOI 10.17487/RFC7345, August
2014, <http://www.rfc-editor.org/info/rfc7345>. 2014, <http://www.rfc-editor.org/info/rfc7345>.
[I-D.ietf-mmusic-sdp-bundle-negotiation] [SDP-BUNDLE]
Holmberg, C., Alvestrand, H., and C. Jennings, Holmberg, C., Alvestrand, H., and C. Jennings,
"Negotiating Media Multiplexing Using the Session "Negotiating Media Multiplexing Using the Session
Description Protocol (SDP)", draft-ietf-mmusic-sdp-bundle- Description Protocol (SDP)", Work in Progress,
negotiation-32 (work in progress), August 2016. draft-ietf-mmusic-sdp-bundle-negotiation-32, August 2016.
Appendix A. Release notes
This section must be removed before publication as an RFC.
A.1. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-11 and
draft-ietf-avtcore-rfc5764-mux-fixes-10
o Addressed comments from AD review (editorial).
o Addressed comments from Gen-ART, Sec-Dir and OPS-Dir reviews.
A.2. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-10 and
draft-ietf-avtcore-rfc5764-mux-fixes-09
o Removed Implementation Status section.
o Updated based on Magnus Westerlund's LC review comments.
o On advice of EKR changed boilerplate to pre5378Trust200902.
A.3. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-09 and
draft-ietf-avtcore-rfc5764-mux-fixes-08
o Added ZRTP awareness to demultiplexing logic.
A.4. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-08 and
draft-ietf-avtcore-rfc5764-mux-fixes-07
o Minor update to Security Considerations section.
A.5. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-07 and
draft-ietf-avtcore-rfc5764-mux-fixes-06
o Addresses Martin Thomson, Ben Campbell and Stephen Farrell's
review comments about TLS ContentType registrations.
A.6. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-06 and
draft-ietf-avtcore-rfc5764-mux-fixes-05
o Addresses Colin's WGLC review comments
A.7. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-05 and
draft-ietf-avtcore-rfc5764-mux-fixes-04
o Removed some remnants of the ordering from Section 6
o Moved Terminology from Section 5 to Section 2
A.8. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-04 and
draft-ietf-avtcore-rfc5764-mux-fixes-03
o Removed Section on "Demultiplexing Algorithm Test Order"
o Split the Introduction into separate sections
A.9. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-03 and
draft-ietf-avtcore-rfc5764-mux-fixes-02
o Revert to the RFC 5389, as the stunbis reference was needed only
for STUN over SCTP.
A.10. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-02 and
draft-ietf-avtcore-rfc5764-mux-fixes-01
o Remove any discussion about SCTP until a consensus emerges in
TRAM.
A.11. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-01 and
draft-ietf-avtcore-rfc5764-mux-fixes-00
o Instead of allocating the values that are common on each registry,
the specification now only reserves them, giving the possibility
to allocate them in case muxing is irrelevant.
o STUN range is now 0-3m with 2-3 being Designated Expert.
o TLS ContentType 0-19 and 64-255 are now reserved.
o Add SCTP over UDP value.
o If an implementation uses the source IP address/port to separate
TURN channels packets then the whole channel numbers are
available.
o If not the prefix is between 64 and 79.
o First byte test order is now by incremental values, so failure is
deterministic.
o Redraw the demuxing diagram.
A.12. Modifications between draft-ietf-avtcore-rfc5764-mux-fixes-00 and
draft-petithuguenin-avtcore-rfc5764-mux-fixes-02
o Adoption by WG.
o Add reference to STUNbis. Acknowledgements
A.13. Modifications between draft-petithuguenin-avtcore-rfc5764-mux- The implicit STUN Method codepoint allocations problem was first
fixes-00 and draft-petithuguenin-avtcore-rfc5764-mux-fixes-01 reported by Martin Thomson in the RTCWEB mailing list and discussed
further with Magnus Westerlund.
o Change affiliation. Thanks to Simon Perreault, Colton Shields, Cullen Jennings, Colin
Perkins, Magnus Westerlund, Paul Jones, Jonathan Lennox, Varun Singh,
Justin Uberti, Joseph Salowey, Martin Thomson, Ben Campbell, Stephen
Farrell, Alan Johnston, Mehmet Ersue, Matt Miller, Spencer Dawkins,
Joel Halpern, and Paul Kyzivat for the comments, suggestions, and
questions that helped improve this document.
Authors' Addresses Authors' Addresses
Marc Petit-Huguenin Marc Petit-Huguenin
Impedance Mismatch Impedance Mismatch
Email: marc@petit-huguenin.org Email: marc@petit-huguenin.org
Gonzalo Salgueiro Gonzalo Salgueiro
Cisco Systems Cisco Systems
7200-12 Kit Creek Road 7200-12 Kit Creek Road
Research Triangle Park, NC 27709 Research Triangle Park, NC 27709
US United States of America
Email: gsalguei@cisco.com Email: gsalguei@cisco.com
 End of changes. 54 change blocks. 
268 lines changed or deleted 129 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/