--- 1/draft-ietf-taps-transports-09.txt 2016-03-04 08:23:44.514328093 -0800 +++ 2/draft-ietf-taps-transports-10.txt 2016-03-04 08:23:45.106343031 -0800 @@ -1,21 +1,21 @@ Network Working Group G. Fairhurst, Ed. Internet-Draft University of Aberdeen Intended status: Informational B. Trammell, Ed. -Expires: July 31, 2016 M. Kuehlewind, Ed. +Expires: September 5, 2016 M. Kuehlewind, Ed. ETH Zurich - January 28, 2016 + March 04, 2016 Services provided by IETF transport protocols and congestion control mechanisms - draft-ietf-taps-transports-09 + draft-ietf-taps-transports-10 Abstract This document describes, surveys, classifies and compares the protocol mechanisms provided by existing IETF protocols, as background for determining a common set of transport services. It examines the Transmission Control Protocol (TCP), Multipath TCP, the Stream Control Transmission Protocol (SCTP), the User Datagram Protocol (UDP), UDP-Lite, the Datagram Congestion Control Protocol (DCCP), the Internet Control Message Protocol (ICMP), the Realtime @@ -33,21 +33,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on July 31, 2016. + This Internet-Draft will expire on September 5, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -64,63 +64,63 @@ 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Existing Transport Protocols . . . . . . . . . . . . . . . . 5 3.1. Transport Control Protocol (TCP) . . . . . . . . . . . . 6 3.1.1. Protocol Description . . . . . . . . . . . . . . . . 6 3.1.2. Interface description . . . . . . . . . . . . . . . . 8 3.1.3. Transport Features . . . . . . . . . . . . . . . . . 8 3.2. Multipath TCP (MPTCP) . . . . . . . . . . . . . . . . . . 9 3.2.1. Protocol Description . . . . . . . . . . . . . . . . 9 3.2.2. Interface Description . . . . . . . . . . . . . . . . 9 3.2.3. Transport features . . . . . . . . . . . . . . . . . 10 - 3.3. Stream Control Transmission Protocol (SCTP) . . . . . . . 10 + 3.3. User Datagram Protocol (UDP) . . . . . . . . . . . . . . 10 3.3.1. Protocol Description . . . . . . . . . . . . . . . . 11 - 3.3.2. Interface Description . . . . . . . . . . . . . . . . 13 - 3.3.3. Transport Features . . . . . . . . . . . . . . . . . 15 - 3.4. User Datagram Protocol (UDP) . . . . . . . . . . . . . . 16 - 3.4.1. Protocol Description . . . . . . . . . . . . . . . . 16 - 3.4.2. Interface Description . . . . . . . . . . . . . . . . 17 - 3.4.3. Transport Features . . . . . . . . . . . . . . . . . 17 - 3.5. Lightweight User Datagram Protocol (UDP-Lite) . . . . . . 18 - 3.5.1. Protocol Description . . . . . . . . . . . . . . . . 18 - 3.5.2. Interface Description . . . . . . . . . . . . . . . . 19 + 3.3.2. Interface Description . . . . . . . . . . . . . . . . 11 + 3.3.3. Transport Features . . . . . . . . . . . . . . . . . 12 + 3.4. Lightweight User Datagram Protocol (UDP-Lite) . . . . . . 12 + 3.4.1. Protocol Description . . . . . . . . . . . . . . . . 13 + 3.4.2. Interface Description . . . . . . . . . . . . . . . . 13 + 3.4.3. Transport Features . . . . . . . . . . . . . . . . . 13 + 3.5. Stream Control Transmission Protocol (SCTP) . . . . . . . 14 + 3.5.1. Protocol Description . . . . . . . . . . . . . . . . 14 + 3.5.2. Interface Description . . . . . . . . . . . . . . . . 16 3.5.3. Transport Features . . . . . . . . . . . . . . . . . 19 3.6. Datagram Congestion Control Protocol (DCCP) . . . . . . . 19 3.6.1. Protocol Description . . . . . . . . . . . . . . . . 20 3.6.2. Interface Description . . . . . . . . . . . . . . . . 21 3.6.3. Transport Features . . . . . . . . . . . . . . . . . 21 - 3.7. Internet Control Message Protocol (ICMP) . . . . . . . . 22 + 3.7. Transport Layer Security (TLS) and Datagram TLS (DTLS) as + a pseudotransport . . . . . . . . . . . . . . . . . . . . 22 3.7.1. Protocol Description . . . . . . . . . . . . . . . . 22 3.7.2. Interface Description . . . . . . . . . . . . . . . . 23 - 3.7.3. Transport Features . . . . . . . . . . . . . . . . . 23 - 3.8. Realtime Transport Protocol (RTP) . . . . . . . . . . . . 23 - 3.8.1. Protocol Description . . . . . . . . . . . . . . . . 24 - 3.8.2. Interface Description . . . . . . . . . . . . . . . . 25 - 3.8.3. Transport Features . . . . . . . . . . . . . . . . . 25 - 3.9. File Delivery over Unidirectional Transport/Asynchronous - Layered Coding Reliable Multicast (FLUTE/ALC) . . . . . . 25 - 3.9.1. Protocol Description . . . . . . . . . . . . . . . . 26 + 3.7.3. Transport Features . . . . . . . . . . . . . . . . . 24 + 3.8. Realtime Transport Protocol (RTP) . . . . . . . . . . . . 25 + 3.8.1. Protocol Description . . . . . . . . . . . . . . . . 25 + 3.8.2. Interface Description . . . . . . . . . . . . . . . . 26 + 3.8.3. Transport Features . . . . . . . . . . . . . . . . . 26 + 3.9. Hypertext Transport Protocol (HTTP) over TCP as a + pseudotransport . . . . . . . . . . . . . . . . . . . . . 27 + 3.9.1. Protocol Description . . . . . . . . . . . . . . . . 28 3.9.2. Interface Description . . . . . . . . . . . . . . . . 28 - 3.9.3. Transport Features . . . . . . . . . . . . . . . . . 28 - 3.10. NACK-Oriented Reliable Multicast (NORM) . . . . . . . . . 29 - 3.10.1. Protocol Description . . . . . . . . . . . . . . . . 29 - 3.10.2. Interface Description . . . . . . . . . . . . . . . 30 - 3.10.3. Transport Features . . . . . . . . . . . . . . . . . 30 - 3.11. Transport Layer Security (TLS) and Datagram TLS (DTLS) as - a pseudotransport . . . . . . . . . . . . . . . . . . . . 31 - 3.11.1. Protocol Description . . . . . . . . . . . . . . . . 31 - 3.11.2. Interface Description . . . . . . . . . . . . . . . 32 - 3.11.3. Transport Features . . . . . . . . . . . . . . . . . 33 - 3.12. Hypertext Transport Protocol (HTTP) over TCP as a - pseudotransport . . . . . . . . . . . . . . . . . . . . . 34 - 3.12.1. Protocol Description . . . . . . . . . . . . . . . . 35 - 3.12.2. Interface Description . . . . . . . . . . . . . . . 35 - 3.12.3. Transport features . . . . . . . . . . . . . . . . . 36 + 3.9.3. Transport features . . . . . . . . . . . . . . . . . 29 + 3.10. File Delivery over Unidirectional Transport/Asynchronous + Layered Coding Reliable Multicast (FLUTE/ALC) . . . . . . 30 + 3.10.1. Protocol Description . . . . . . . . . . . . . . . . 30 + 3.10.2. Interface Description . . . . . . . . . . . . . . . 32 + 3.10.3. Transport Features . . . . . . . . . . . . . . . . . 32 + 3.11. NACK-Oriented Reliable Multicast (NORM) . . . . . . . . . 33 + 3.11.1. Protocol Description . . . . . . . . . . . . . . . . 33 + 3.11.2. Interface Description . . . . . . . . . . . . . . . 34 + 3.11.3. Transport Features . . . . . . . . . . . . . . . . . 35 + 3.12. Internet Control Message Protocol (ICMP) . . . . . . . . 35 + 3.12.1. Protocol Description . . . . . . . . . . . . . . . . 36 + 3.12.2. Interface Description . . . . . . . . . . . . . . . 36 + 3.12.3. Transport Features . . . . . . . . . . . . . . . . . 37 4. Congestion Control . . . . . . . . . . . . . . . . . . . . . 37 5. Transport Features . . . . . . . . . . . . . . . . . . . . . 38 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42 7. Security Considerations . . . . . . . . . . . . . . . . . . . 42 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 42 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43 10. Informative References . . . . . . . . . . . . . . . . . . . 43 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53 1. Introduction @@ -177,32 +177,31 @@ provide partial integrity protection to enable corruption tolerance. Usually a protocol has been designed to support one specific type of delivery/framing: data either needs to be divided into transmission units based on network packets (datagram service), a data stream is segmented and re-combined across multiple packets (stream service), or whole objects such as files are handled accordingly. This decision strongly influences the interface that is provided to the upper layer. - In addition, transport protocols offer a certain support on + In addition, transport protocols offer a certain support for transmission control. For example, a transport service can provide flow control to allow a receiver to regulate the transmission rate of a sender. Further a transport service can provide congestion control (see Section 4). As an example TCP and SCTP provide congestion control for use in the Internet, whereas UDP leaves this function to the upper layer protocol that uses UDP. Security features are often provided independent of the transport - protocol, via Transport Layer Security (TLS, see {{transport-layer- - security-tls-and- datagram-tls-dtls-as-a-pseudotransport}}) or by the - application layer protocol itself. The security properties TLS + protocol, via Transport Layer Security (TLS, see Section 3.7) or by + the application layer protocol itself. The security properties TLS provides to the application (such as confidentiality, integrity, and authenticity) are also features of the transport layer, even though they are often presently implemented in a separate protocol. 2. Terminology The following terms are used throughout this document, and in subsequent documents produced by TAPS that describe the composition and decomposition of transport services. @@ -256,56 +255,60 @@ TCP provides multiplexing to multiple sockets on each host using port numbers. A similar approach is adopted by other IETF-defined transports. An active TCP session is identified by its four-tuple of local and remote IP addresses and local port and remote port numbers. The destination port during connection setup is often used to indicate the requested service. TCP partitions a continuous stream of bytes into segments, sized to fit in IP packets based on a negotiated maximum segment size and - further constrained by the effective MTU from PMTUD. ICMP-based Path - MTU discovery [RFC1191][RFC1981] as well as Packetization Layer Path - MTU Discovery (PMTUD) [RFC4821] have been defined by the IETF. + further constrained by the effective Maximum Transmission Unit (MTU) + from Path MTU Discovery (PMTUD). ICMP-based Path MTU discovery + [RFC1191][RFC1981] as well as Packetization Layer Path MTU Discovery + (PMTUD) [RFC4821] have been defined by the IETF. Each byte in the stream is identified by a sequence number. The sequence number is used to order segments on receipt, to identify segments in acknowledgments, and to detect unacknowledged segments for retransmission. This is the basis of the reliable, ordered delivery of data in a TCP stream. TCP Selective Acknowledgment (SACK) [RFC2018] extends this mechanism by making it possible to provide earlier identification of which segments are missing, allowing faster retransmission. SACK-based methods (e.g. DSACK) can also result in less spurious retransmission. Receiver flow control is provided by a sliding window: limiting the amount of unacknowledged data that can be outstanding at a given time. The window scale option [RFC7323] allows a receiver to use windows greater than 64KB. All TCP senders provide congestion control, such as described in - [RFC5681]. TCP's congestion control mechanism is tied to a sliding - window as well [RFC5681]. Examples for different kind of congestion - control schemes are given in Section 4. The sending window at a - given point in time is the minimum of the receiver window and the - congestion window. The congestion window is increased in the absence - of congestion and, respectively, decreased if congestion is detected. - Often loss is implicitly handled as a congestion indication which is - detected in TCP (also as input for retransmission handling) based on - two mechanisms: A retransmission timer with exponential back-up or - the reception of three acknowledgment for the same segment, so called + [RFC5681]. TCP uses a sequence number with a sliding receiver window + for flow control. The TCP congestion control mechanism also utilises + this TCP sequence number to manage a separate congestion window + [RFC5681]. The sending window at a given point in time is the + minimum of the receiver window and the congestion window. The + congestion window is increased in the absence of congestion and, + respectively, decreased if congestion is detected. Often loss is + implicitly handled as a congestion indication which is detected in + TCP (also as input for retransmission handling) based on two + mechanisms: A retransmission timer with exponential back-up or the + reception of three acknowledgment for the same segment, so called duplicated ACKs (Fast retransmit). In addition, Explicit Congestion Notification (ECN) [RFC3168] can be used in TCP, if supported by both endpoints, that allows a network node to signal congestion without inducing loss. Alternatively, a delay-based congestion control scheme can be used in TCP that reacts to changes in delay as an early indication of congestion as also further described in Section 4. + Examples for different kind of congestion control schemes are given + in Section 4. TCP protocol instances can be extended [RFC7414] and tuned. Some features are sender-side only, requiring no negotiation with the receiver; some are receiver-side only, some are explicitly negotiated during connection setup. TCP may buffer data, e.g., to optimize processing or capacity usage. TCP can therefore provides mechanisms to control this, including an optional "PUSH" function [RFC0793] that explicitly requests the transport service not to delay data. By default, TCP segment @@ -435,52 +438,217 @@ pair for TCP). The document also recommends the use of extensions defined for SCTP [RFC6458] (see next section) to support multihoming for resilience and mobility. 3.2.3. Transport features As an extension to TCP, MPTCP provides mostly the same features. By establishing multiple sessions between available endpoints, it can - additionally provide soft failover solutions should one of the paths - become unusable. + additionally provide soft failover solutions in the case that one of + the paths become unusable. The transport features provided by MPTCP in addition to TCP therefore are: o multihoming for load-balancing, with endpoint multiplexing of a single byte stream, using either coupled congestion control or for throughput maximization, o address family multiplexing (using IPv4 and IPv6 for the same session), o resilience to network failure and/or handover. -3.3. Stream Control Transmission Protocol (SCTP) +3.3. User Datagram Protocol (UDP) + + The User Datagram Protocol (UDP) [RFC0768] [RFC2460] is an IETF + standards track transport protocol. It provides a unidirectional + datagram protocol that preserves message boundaries. It provides no + error correction, congestion control, or flow control. It can be + used to send broadcast datagrams (IPv4) or multicast datagrams (IPv4 + and IPv6), in addition to unicast and anycast datagrams. IETF + guidance on the use of UDP is provided in + [I-D.ietf-tsvwg-rfc5405bis]. UDP is widely implemented and widely + used by common applications, including DNS. + +3.3.1. Protocol Description + + UDP is a connection-less protocol that maintains message boundaries, + with no connection setup or feature negotiation. The protocol uses + independent messages, ordinarily called datagrams. It provides + detection of payload errors and misdelivery of packets to an + unintended endpoint, either of which result in discard of received + datagrams, with no indication to the user of the service. + + It is possible to create IPv4 UDP datagrams with no checksum, and + while this is generally discouraged [RFC1122] + [I-D.ietf-tsvwg-rfc5405bis], certain special cases permit this use. + These datagrams rely on the IPv4 header checksum to protect from + misdelivery to an unintended endpoint. IPv6 does not permit UDP + datagrams with no checksum, although in certain cases this rule may + be relaxed [RFC6935]. + + UDP does not provide reliability and does not provide retransmission. + This implies messages may be re-ordered, lost, or duplicated in + transit. Note that due to the relatively weak form of checksum used + by UDP, applications that require end to end integrity of data are + recommended to include a stronger integrity check of their payload + data. + + Because UDP provides no flow control, a receiving application that is + unable to run sufficiently fast, or frequently, may miss messages. + The lack of congestion handling implies UDP traffic may experience + loss when using an overloaded path, and may cause the loss of + messages from other protocols (e.g., TCP) when sharing the same + network path. + + On transmission, UDP encapsulates each datagram into a single IP + packet or several IP packet fragments. This allows a datagram to be + larger than the effective path MTU. Fragments are reassembled before + delivery to the UDP receiver, making this transparent to the user of + the transport service. When the jumbograms are supported, larger + messages may be sent without performing fragmentation. + + Applications that need to provide fragmentation or that have other + requirements such as receiver flow control, congestion control, + PathMTU discovery/PLPMTUD, support for ECN, etc. need these to be + provided by protocols operating over UDP [I-D.ietf-tsvwg-rfc5405bis]. + +3.3.2. Interface Description + + [RFC0768] describes basic requirements for an API for UDP. Guidance + on use of common APIs is provided in [I-D.ietf-tsvwg-rfc5405bis]. + + A UDP endpoint consists of a tuple of (IP address, port number). De- + multiplexing using multiple abstract endpoints (sockets) on the same + IP address is supported. The same socket may be used by a single + server to interact with multiple clients (note: this behavior differs + from TCP, which uses a pair of tuples to identify a connection). + Multiple server instances (processes) that bind to the same socket + can cooperate to service multiple clients. The socket implementation + arranges to not duplicate the same received unicast message to + multiple server processes. + + Many operating systems also allow a UDP socket to be "connected", + i.e., to bind a UDP socket to a specific (remote) UDP endpoint. + Unlike TCP's connect primitive, for UDP, this is only a local + operation that serves to simplify the local send/receive functions + and to filter the traffic for the specified addresses and ports + [I-D.ietf-tsvwg-rfc5405bis]. + +3.3.3. Transport Features + + The transport features provided by UDP are: + + o unicast, multicast, anycast, or IPv4 broadcast transport, + + o port multiplexing (where a receiving port can be configured to + receive datagrams from multiple senders), + + o message-oriented delivery, + + o uni- or bidirectional communication where the transmissions in + each direction are independent, + + o non-reliable delivery, + + o unordered delivery, + + o error detection (implemented using a segment checksum to verify + delivery to the correct endpoint and integrity of the data; + optional for IPv4 and optional under specific conditions for IPv6 + where all or none of the payload data is protected), + +3.4. Lightweight User Datagram Protocol (UDP-Lite) + + The Lightweight User Datagram Protocol (UDP-Lite) [RFC3828] is an + IETF standards track transport protocol. It provides a + unidirectional, datagram protocol that preserves message boundaries. + IETF guidance on the use of UDP- Lite is provided in + [I-D.ietf-tsvwg-rfc5405bis]. A UDP-Lite service may support IPv4 + broadcast, multicast, anycast and unicast, and IPv6 multicast, + anycast and unicast. + + Examples of use include a class of applications that can derive + benefit from having partially-damaged payloads delivered, rather than + discarded. One use is to support error tolerate payload corruption + when used over paths that include error-prone links, another + application is when header integrity checks are required, but payload + integrity is provided by some other mechanism (e.g., [RFC6936]). + +3.4.1. Protocol Description + + Like UDP, UDP-Lite is a connection-less datagram protocol, with no + connection setup or feature negotiation. It changes the semantics of + the UDP "payload length" field to that of a "checksum coverage + length" field, and is identified by a different IP protocol/next- + header value. The "checksum coverage length" field specifies the + intended checksum coverage, with the remaining unprotected part of + the payload called the "error-insensitive part". Applications using + UDP-Lite therefore cannot make assumptions regarding the correctness + of the data received in the insensitive part of the UDP-Lite payload. + + Otherwise, UDP-Lite is semantically identical to UDP. In the same + way as for UDP, mechanisms for receiver flow control, congestion + control, PMTU or PLPMTU discovery, support for ECN, etc. needs to be + provided by upper layer protocols [I-D.ietf-tsvwg-rfc5405bis]. + +3.4.2. Interface Description + + There is no API currently specified in the RFC Series, but guidance + on use of common APIs is provided in [I-D.ietf-tsvwg-rfc5405bis]. + + The interface of UDP-Lite differs from that of UDP by the addition of + a single (socket) option that communicates a checksum coverage length + value. The checksum coverage may also be made visible to the + application via the UDP-Lite MIB module [RFC5097]. + +3.4.3. Transport Features + + The transport features provided by UDP-Lite are: + + o unicast, multicast, anycast, or IPv4 broadcast transport (as for + UDP), + + o port multiplexing (as for UDP), + + o message-oriented delivery (as for UDP), + o Uni- or bidirectional communication where the transmissions in + each direction are independent (as for UDP), + + o non-reliable delivery (as for UDP), + + o non-ordered delivery (as for UDP), + + o partial or full payload error detection (where the checksum + coverage field indicates the size of the payload data covered by + the checksum). + +3.5. Stream Control Transmission Protocol (SCTP) SCTP is a message-oriented IETF standards track transport protocol. The base protocol is specified in [RFC4960]. It supports multi- homing and path failover to provide resilience to path failures. An SCTP association has multiple streams in each direction, providing in-sequence delivery of user messages within each stream. This allows it to minimize head of line blocking. SCTP supports multiple stream scheduling schemes controlling stream multiplexing, including priority and fair weighting schemes. SCTP was originally developed for transporting telephony signaling messages and is deployed in telephony signaling networks, especially in mobile telephony networks. It can also be used for other services, for example, in the WebRTC framework for data channels. -3.3.1. Protocol Description +3.5.1. Protocol Description SCTP is a connection-oriented protocol using a four way handshake to establish an SCTP association, and a three way message exchange to gracefully shut it down. It uses the same port number concept as DCCP, TCP, UDP, and UDP-Lite. SCTP only supports unicast. SCTP uses the 32-bit CRC32c for protecting SCTP packets against bit errors and misdelivery of packets to an unintended endpoint. This is stronger than the 16-bit checksums used by TCP or UDP. However, partial payload checksum coverage as provided by DCCP or UDP-Lite is @@ -562,21 +730,21 @@ [I-D.ietf-tsvwg-natsupp] defines methods for endpoints and middleboxes to provide NAT traversal for SCTP over IPv4. For legacy NAT traversal, [RFC6951] defines the UDP encapsulation of SCTP- packets. Alternatively, SCTP packets can be encapsulated in DTLS packets as specified in [I-D.ietf-tsvwg-sctp-dtls-encaps]. The latter encapsulation is used within the WebRTC context. SCTP has a well-defined API, described in the next subsection. -3.3.2. Interface Description +3.5.2. Interface Description [RFC4960] defines an abstract API for the base protocol. This API describes the following functions callable by the upper layer of SCTP: Initialize, Associate, Send, Receive, Receive Unsent Message, Receive Unacknowledged Message, Shutdown, Abort, SetPrimary, Status, Change Heartbeat, Request Heartbeat, Get SRTT Report, Set Failure Threshold, Set Protocol Parameters, and Destroy. The following notifications are provided by the SCTP stack to the upper layer: COMMUNICATION UP, DATA ARRIVE, SHUTDOWN COMPLETE, COMMUNICATION LOST, COMMUNICATION ERROR, RESTART, SEND FAILURE, NETWORK STATUS CHANGE. @@ -600,27 +768,27 @@ delivery is requested or not. These parameters can also be provided on message reception. Additionally a context can be provided when sending, which can be use in case of send failures. The sending of arbitrary large user messages is supported. o the SCTP Partial Reliability extension defined in [RFC3758] to specify for a user message the PR-SCTP policy and the policy specific parameter. Examples of these policies defined in [RFC3758] and [RFC7496] are: - * Limiting the time a user message is dealt with by the sender. + o Limiting the time a user message is dealt with by the sender. - * Limiting the number of retransmissions for each fragment of a - user message. If the number of retransmissions is limited to - 0, one gets a service similar to UDP. + o Limiting the number of retransmissions for each fragment of a user + message. If the number of retransmissions is limited to 0, one + gets a service similar to UDP. - * Abandoning messages of lower priority in case of a send buffer + o Abandoning messages of lower priority in case of a send buffer shortage. o the SCTP Authentication extension defined in [RFC4895] allowing to manage the shared keys, the HMAC to use, set the chunk types which are only accepted in an authenticated way, and get the list of chunks which are accepted by the local and remote end point in an authenticated way. o the SCTP Dynamic Address Reconfiguration extension defined in [RFC5061]. It allows to manually add and delete local addresses @@ -680,21 +848,21 @@ cmsgs. These functions provide support for detecting partial delivery of user messages and notifications. The SCTP socket API allows a fine-grained control of the protocol behavior through an extensive set of socket options. The SCTP kernel implementations of FreeBSD, Linux and Solaris follow mostly the specified extension to the BSD Sockets API for the base protocol and the corresponding supported protocol extensions. -3.3.3. Transport Features +3.5.3. Transport Features The transport features provided by SCTP are: o connection-oriented transport with feature negotiation and application-to-port mapping, o unicast transport, o port multiplexing, @@ -715,187 +884,20 @@ o user message bundling, o flow control using a window-based mechanism, o congestion control using methods similar to TCP, o strong error detection (CRC32c), o transport layer multihoming for resilience and mobility. -3.4. User Datagram Protocol (UDP) - - The User Datagram Protocol (UDP) [RFC0768] [RFC2460] is an IETF - standards track transport protocol. It provides a unidirectional - datagram protocol that preserves message boundaries. It provides no - error correction, congestion control, or flow control. It can be - used to send broadcast datagrams (IPv4) or multicast datagrams (IPv4 - and IPv6), in addition to unicast and anycast datagrams. IETF - guidance on the use of UDP is provided in - [I-D.ietf-tsvwg-rfc5405bis]. UDP is widely implemented and widely - used by common applications, including DNS. - -3.4.1. Protocol Description - - UDP is a connection-less protocol that maintains message boundaries, - with no connection setup or feature negotiation. The protocol uses - independent messages, ordinarily called datagrams. It provides - detection of payload errors and misdelivery of packets to an - unintended endpoint, either of which result in discard of received - datagrams, with no indication to the user of the service. - - It is possible to create IPv4 UDP datagrams with no checksum, and - while this is generally discouraged [RFC1122] - [I-D.ietf-tsvwg-rfc5405bis], certain special cases permit this use. - These datagrams rely on the IPv4 header checksum to protect from - misdelivery to an unintended endpoint. IPv6 does not permit UDP - datagrams with no checksum, although in certain cases this rule may - be relaxed [RFC6935]. - - UDP does not provide reliability and does not provide retransmission. - This implies messages may be re-ordered, lost, or duplicated in - transit. Note that due to the relatively weak form of checksum used - by UDP, applications that require end to end integrity of data are - recommended to include a stronger integrity check of their payload - data. - - Because UDP provides no flow control, a receiving application that is - unable to run sufficiently fast, or frequently, may miss messages. - - The lack of congestion handling implies UDP traffic may experience - loss when using an overloaded path, and may cause the loss of - messages from other protocols (e.g., TCP) when sharing the same - network path. - - On transmission, UDP encapsulates each datagram into a single IP - packet or several IP packet fragments. This allows a datagram to be - larger than the effective path MTU. Fragments are reassembled before - delivery to the UDP receiver, making this transparent to the user of - the transport service. When the jumbograms are supported, larger - messages may be sent without performing fragmentation. - - Applications that need to provide fragmentation or that have other - requirements such as receiver flow control, congestion control, - PathMTU discovery/PLPMTUD, support for ECN, etc. need these to be - provided by protocols operating over UDP [I-D.ietf-tsvwg-rfc5405bis]. - -3.4.2. Interface Description - - [RFC0768] describes basic requirements for an API for UDP. Guidance - on use of common APIs is provided in [I-D.ietf-tsvwg-rfc5405bis]. - - A UDP endpoint consists of a tuple of (IP address, port number). De- - multiplexing using multiple abstract endpoints (sockets) on the same - IP address is supported. The same socket may be used by a single - server to interact with multiple clients (note: this behavior differs - from TCP, which uses a pair of tuples to identify a connection). - Multiple server instances (processes) that bind to the same socket - can cooperate to service multiple clients. The socket implementation - arranges to not duplicate the same received unicast message to - multiple server processes. - - Many operating systems also allow a UDP socket to be "connected", - i.e., to bind a UDP socket to a specific (remote) UDP endpoint. - Unlike TCP's connect primitive, for UDP, this is only a local - operation that serves to simplify the local send/receive functions - and to filter the traffic for the specified addresses and ports - [I-D.ietf-tsvwg-rfc5405bis]. - -3.4.3. Transport Features - - The transport features provided by UDP are: - - o unicast, multicast, anycast, or IPv4 broadcast transport, - - o port multiplexing (where a receiving port can be configured to - receive datagrams from multiple senders), - - o message-oriented delivery, - - o uni- or bidirectional communication where the transmissions in - each direction are independent, - - o non-reliable delivery, - - o unordered delivery, - - o error detection (implemented using a segment checksum to verify - delivery to the correct endpoint and integrity of the data; - optional for IPv4 and optional under specific conditions for IPv6 - where all or none of the payload data is protected), - -3.5. Lightweight User Datagram Protocol (UDP-Lite) - - The Lightweight User Datagram Protocol (UDP-Lite) [RFC3828] is an - IETF standards track transport protocol. It provides a - unidirectional, datagram protocol that preserves message boundaries. - IETF guidance on the use of UDP- Lite is provided in - [I-D.ietf-tsvwg-rfc5405bis]. A UDP-Lite service may support IPv4 - broadcast, multicast, anycast and unicast, and IPv6 multicast, - anycast and unicast. - - Examples of use include a class of applications that can derive - benefit from having partially-damaged payloads delivered, rather than - discarded. One use is to support error tolerate payload corruption - when used over paths that include error-prone links, another - application is when header integrity checks are required, but payload - integrity is provided by some other mechanism (e.g., [RFC6936]). - -3.5.1. Protocol Description - - Like UDP, UDP-Lite is a connection-less datagram protocol, with no - connection setup or feature negotiation. It changes the semantics of - the UDP "payload length" field to that of a "checksum coverage - length" field, and is identified by a different IP protocol/next- - header value. The "checksum coverage length" field specifies the - intended checksum coverage, with the remaining unprotected part of - the payload called the "error-insensitive part". Applications using - UDP-Lite therefore cannot make assumptions regarding the correctness - of the data received in the insensitive part of the UDP-Lite payload. - - Otherwise, UDP-Lite is semantically identical to UDP. In the same - way as for UDP, mechanisms for receiver flow control, congestion - control, PMTU or PLPMTU discovery, support for ECN, etc. needs to be - provided by upper layer protocols [I-D.ietf-tsvwg-rfc5405bis]. - -3.5.2. Interface Description - - There is no API currently specified in the RFC Series, but guidance - on use of common APIs is provided in [I-D.ietf-tsvwg-rfc5405bis]. - - The interface of UDP-Lite differs from that of UDP by the addition of - a single (socket) option that communicates a checksum coverage length - value. The checksum coverage may also be made visible to the - application via the UDP-Lite MIB module [RFC5097]. - -3.5.3. Transport Features - - The transport features provided by UDP-Lite are: - - o unicast, multicast, anycast, or IPv4 broadcast transport (as for - UDP), - - o port multiplexing (as for UDP), - - o message-oriented delivery (as for UDP), - - o Uni- or bidirectional communication where the transmissions in - each direction are independent (as for UDP), - - o non-reliable delivery (as for UDP), - - o non-ordered delivery (as for UDP), - - o partial or full payload error detection (where the checksum - coverage field indicates the size of the payload data covered by - the checksum). - 3.6. Datagram Congestion Control Protocol (DCCP) Datagram Congestion Control Protocol (DCCP) [RFC4340] is an IETF standards track bidirectional transport protocol that provides unicast connections of congestion-controlled messages without providing reliability. The DCCP Problem Statement describes the goals that DCCP sought to address [RFC4336]: It is suitable for applications that transfer fairly large amounts of data and that can benefit from control over @@ -924,21 +926,21 @@ some are explicitly negotiated during connection setup. DCCP uses a Connect packet to initiate a session, and permits each endpoint to choose the features it wishes to support. Simultaneous open [RFC5596], as in TCP, can enable interoperability in the presence of middleboxes. The Connect packet includes a Service Code [RFC5595] that identifies the application or protocol using DCCP, providing middleboxes with information about the intended use of a connection. - DCCP service is unicast-only. + The DCCP service is unicast-only. It provides multiplexing to multiple sockets at each endpoint using port numbers. An active DCCP session is identified by its four-tuple of local and remote IP addresses and local port and remote port numbers. The protocol segments data into messages, typically sized to fit in IP packets, but which may be fragmented providing they are smaller than the maximum packet size. A DCCP interface allows applications to request fragmentation for packets larger than PMTU, but not larger @@ -1005,94 +1008,162 @@ o unreliable delivery with drop notification, o unordered delivery, o flow control (implemented using the slow receiver function) o partial and full payload error detection (with optional strong integrity check). -3.7. Internet Control Message Protocol (ICMP) +3.7. Transport Layer Security (TLS) and Datagram TLS (DTLS) as a + pseudotransport - The Internet Control Message Protocol (ICMP) [RFC0792] for IPv4 and - ICMP for IPv6 [RFC4433] are IETF standards track protocols. It is a - connection-less unidirectional protocol that delivers individual - messages, without error correction, congestion control, or flow - control. Messages may be sent as unicast, IPv4 broadcast or - multicast datagrams (IPv4 and IPv6), in addition to anycast - datagrams. + Transport Layer Security (TLS) [RFC5246]} and Datagram TLS (DTLS) + [RFC6347]} are IETF protocols that provide several security-related + features to applications. TLS is designed to run on top of a + reliable streaming transport protocol (usually TCP), while DTLS is + designed to run on top of a best-effort datagram protocol (UDP or + DCCP [RFC5238]). At the time of writing, the current version of TLS + is 1.2; which is defined in [RFC5246]. DTLS provides nearly + identical functionality to applications; it is defined in [RFC6347] + and its current version is also 1.2. The TLS protocol evolved from + the Secure Sockets Layer (SSL) protocols developed in the mid-1990s + to support protection of HTTP traffic. - Transport Protocols and upper layer protocols can use received ICMP - messages to help them take appropriate decisions when network or - endpoint errors are reported. For example, to implement, ICMP-based - Path MTU discovery [RFC1191][RFC1981] or assist in Packetization - Layer Path MTU Discovery (PMTUD) [RFC4821]. Such reactions to - received messages need to protect from off-path data injection - [I-D.ietf-tsvwg-rfc5405bis], to avoid an application receiving - packets created by an unauthorized third party. An application - therefore needs to ensure that all messages are appropriately - validated, by checking the payload of the messages to ensure these - are received in response to actually transmitted traffic (e.g., a - reported error condition that corresponds to a UDP datagram or TCP - segment was actually sent by the application). This requires context - [RFC6056], such as local state about communication instances to each - destination (e.g., in the TCP, DCCP, or SCTP protocols). This state - is not always maintained by UDP-based applications - [I-D.ietf-tsvwg-rfc5405bis]. + While older versions of TLS and DTLS are still in use, they provide + weaker security guarantees. [RFC7457] outlines important attacks on + TLS and DTLS. [RFC7525] is a Best Current Practices (BCP) document + that describes secure configurations for TLS and DTLS to counter + these attacks. The recommendations are applicable for the vast + majority of use cases. 3.7.1. Protocol Description - ICMP is a connection-less unidirectional protocol, It delivers - independent messages, called datagrams. Each message is required to - carry a checksum as an integrity check and to protect from mis- - delivery to an unintended endpoint. + Both TLS and DTLS provide the same security features and can thus be + discussed together. The features they provide are: - ICMP messages typically relay diagnostic information from an endpoint - [RFC1122] or network device [RFC1716] addressed to the sender of a - flow. This usually contains the network protocol header of a packet - that encountered a reported issue. Some formats of messages can also - carry other payload data. Each message carries an integrity check - calculated in the same way as for UDP, this checksum is not optional. + o Confidentiality - The RFC series defines additional IPv6 message formats to support a - range of uses. In the case of IPv6 the protocol incorporates - neighbor discovery [RFC2461] [RFC3971]} (provided by ARP for IPv4) - and the Multicast Listener Discovery (MLD) [RFC2710] group management - functions (provided by IGMP for IPv4). + o Data integrity - Reliable transmission can not be assumed. A receiving application - that is unable to run sufficiently fast, or frequently, may miss - messages since there is no flow or congestion control. In addition - some network devices rate-limit ICMP messages. + o Peer authentication (optional) + o Perfect forward secrecy (optional) + + The authentication of the peer entity can be omitted; a common web + use case is where the server is authenticated and the client is not. + TLS also provides a completely anonymous operation mode in which + neither peer's identity is authenticated. It is important to note + that TLS itself does not specify how a peering entity's identity + should be interpreted. For example, in the common use case of + authentication by means of an X.509 certificate, it is the + application's decision whether the certificate of the peering entity + is acceptable for authorization decisions. + + Perfect forward secrecy, if enabled and supported by the selected + algorithms, ensures that traffic encrypted and captured during a + session at time t0 cannot be later decrypted at time t1 (t1 > t0), + even if the long-term secrets of the communicating peers are later + compromised. + + As DTLS is generally used over an unreliable datagram transport such + as UDP, applications will need to tolerate lost, re-ordered, or + duplicated datagrams. Like TLS, DTLS conveys application data in a + sequence of independent records. However, because records are mapped + to unreliable datagrams, there are several features unique to DTLS + that are not applicable to TLS: + + o Record replay detection (optional). + + o Record size negotiation (estimates of PMTU and record size + expansion factor). + + o Coveyance of IP don't fragment (DF) bit settings by application. + + o An anti-DoS stateless cookie mechanism (optional). + + Generally, DTLS follows the TLS design as closely as possible. To + operate over datagrams, DTLS includes a sequence number and limited + forms of retransmission and fragmentation for its internal + operations. The sequence number may be used for detecting replayed + information, according to the windowing procedure described in + Section 4.1.2.6 of [RFC6347]. DTLS forbids the use of stream + ciphers, which are essentially incompatible when operating on + independent encrypted records. 3.7.2. Interface Description - ICMP processing is integrated in many connection-oriented transports, - but like other functions needs to be provided by an upper-layer - protocol when using UDP and UDP-Lite. + TLS is commonly invoked using an API provided by packages such as + OpenSSL, wolfSSL, or GnuTLS. Using such APIs entails the + manipulation of several important abstractions, which fall into the + following categories: long-term keys and algorithms, session state, + and communications/connections. There may also be special APIs + required to deal with time and/or random numbers, both of which are + needed by a variety of encryption algorithms and protocols. - On some stacks, a bound socket also allows a UDP application to be - notified when ICMP error messages are received for its transmissions - [I-D.ietf-tsvwg-rfc5405bis]. + Considerable care is required in the use of TLS APIs to ensure + creation of a secure application. The programmer should have at + least a basic understanding of encryption and digital signature + algorithms and their strengths, public key infrastructure (including + X.509 certificates and certificate revocation), and the sockets API. + See [RFC7525] and [RFC7457], as mentioned above. - Any response to ICMP error messages ought to be robust to temporary - routing failures (sometimes called "soft errors"), e.g., transient - ICMP "unreachable" messages ought to not normally cause a - communication abort [RFC5461] [I-D.ietf-tsvwg-rfc5405bis]. + As an example, in the case of OpenSSL, the primary abstractions are + the library itself and method (protocol), session, context, cipher + and connection. After initializing the library and setting the + method, a cipher suite is chosen and used to configure a context + object. Session objects may then be minted according to the + parameters present in a context object and associated with individual + connections. Depending on how precisely the programmer wishes to + select different algorithmic or protocol options, various levels of + details may be required. 3.7.3. Transport Features - ICMP does not provide any transport service directly to applications. - Used together with other transport protocols, it provides - transmission of control, error, and measurement data between - endpoints, or from devices along the path to one endpoint. + Both TLS and DTLS employ a layered architecture. The lower layer is + commonly called the record protocol. It is responsible for: + + o message fragmentation, + + o authentication and integrity via message authentication codes + (MAC), + + o data encryption, + + o scheduling transmission using the underlying transport protocol. + + DTLS augments the TLS record protocol with: + + o ordering and replay protection, implemented using sequence + numbers. + + Several protocols are layered on top of the record protocol. These + include the handshake, alert, and change cipher spec protocols. + There is also the data protocol, used to carry application traffic. + The handshake protocol is used to establish cryptographic and + compression parameters when a connection is first set up. In DTLS, + this protocol also has a basic fragmentation and retransmission + capability and a cookie-like mechanism to resist DoS attacks. (TLS + compression is not recommended at present). The alert protocol is + used to inform the peer of various conditions, most of which are + terminal for the connection. The change cipher spec protocol is used + to synchronize changes in cryptographic parameters for each peer. + + The data protocol, when used with an appropriate cipher, provides: + + o authentication of one end or both ends of a connection, + + o confidentiality, + + o cryptographic integrity protection. + + Both TLS and DTLS are unicast-only. 3.8. Realtime Transport Protocol (RTP) RTP provides an end-to-end network transport service, suitable for applications transmitting real-time data, such as audio, video or data, over multicast or unicast transport services, including TCP, UDP, UDP-Lite, DCCP, TLS and DTLS. 3.8.1. Protocol Description @@ -1174,21 +1245,149 @@ with drop notification (if supported by lower layer protocol), o connection setup with feature negotiation (using associated protocols) and application-to-port mapping (provided by lower layer protocol), o segmentation, o performance metric reporting (using associated protocols). -3.9. File Delivery over Unidirectional Transport/Asynchronous Layered +3.9. Hypertext Transport Protocol (HTTP) over TCP as a pseudotransport + + The Hypertext Transfer Protocol (HTTP) is an application-level + protocol widely used on the Internet. It provides object-oriented + delivery of discrete data or files. Version 1.1 of the protocol is + specified in [RFC7230] [RFC7231] [RFC7232] [RFC7233] [RFC7234] + [RFC7235], and version 2 in [RFC7540]. HTTP is usually transported + over TCP using port 80 and 443, although it can be used with other + transports. When used over TCP it inherits its properties. + + Application layer protocols may use HTTP as a substrate with an + existing method and data formats, or specify new methods and data + formats. There are various reasons for this practice listed in + [RFC3205]; these include being a well-known and well-understood + protocol, reusability of existing servers and client libraries, easy + use of existing security mechanisms such as HTTP digest + authentication [RFC2617] and TLS [RFC5246], the ability of HTTP to + traverse firewalls makes it work over many types of infrastructure, + and in cases where an application server often needs to support HTTP + anyway. + + Depending on application need, the use of HTTP as a substrate + protocol may add complexity and overhead in comparison to a special- + purpose protocol (e.g., HTTP headers, suitability of the HTTP + security model, etc.). [RFC3205] addresses this issue and provides + some guidelines and identifies concerns about the use of HTTP + standard port 80 and 443, the use of HTTP URL scheme and interaction + with existing firewalls, proxies and NATs. + + Representational State Transfer (REST) [REST] is another example of + how applications can use HTTP as transport protocol. REST is an + architecture style that may be used to build applications using HTTP + as a communication protocol. + +3.9.1. Protocol Description + + Hypertext Transfer Protocol (HTTP) is a request/response protocol. A + client sends a request containing a request method, URI and protocol + version followed by a MIME-like message (see [RFC7231] for the + differences between an HTTP object and a MIME message), containing + information about the client and request modifiers. The message can + also contain a message body carrying application data. The server + responds with a status or error code followed by a MIME-like message + containing information about the server and information about the + data. This may include a message body. It is possible to specify a + data format for the message body using MIME media types [RFC2045]. + The protocol has additional features, some relevant to pseudo- + transport are described below. + + Content negotiation, specified in [RFC7231], is a mechanism provided + by HTTP to allow selection of a representation for a requested + resource. The client and server negotiate acceptable data formats, + character sets, data encoding (e.g., data can be transferred + compressed using gzip). HTTP can accommodate exchange of messages as + well as data streaming (using chunked transfer encoding [RFC7230]). + It is also possible to request a part of a resource using an object + range request [RFC7233]. The protocol provides powerful cache + control signaling defined in [RFC7234]. + + The persistent connections of HTTP 1.1 and HTTP 2.0 allow multiple + request- response transactions (streams) during the life-time of a + single HTTP connection. HTTP 2.0 connections can multiplex many + request/response pairs in parallel on a single transport connection. + This reduces overhead during connection establishment and mitigates + transport layer slow-start that would have otherwise been incurred + for each transaction. Both are important to reduce latency for + HTTP's primary use case. + + HTTP can be combined with security mechanisms, such as TLS (denoted + by HTTPS). This adds protocol properties provided by such a + mechanism (e.g., authentication, encryption). The TLS Application- + Layer Protocol Negotiation (ALPN) extension [RFC7301] can be used to + negotiate the HTTP version within the TLS handshake, eliminating the + latency incurred by additional round-trip exchanges. Arbitrary + cookie strings, included as part of the MIME headers, are often used + as bearer tokens in HTTP. + +3.9.2. Interface Description + + There are many HTTP libraries available exposing different APIs. The + APIs provide a way to specify a request by providing a URI, a method, + request modifiers and optionally a request body. For the response, + callbacks can be registered that will be invoked when the response is + received. If TLS is used, the API exposes a registration of + callbacks for a server that requests client authentication and when + certificate verification is needed. + + The World Wide Web Consortium (W3C) has standardized the + XMLHttpRequest API [XHR]. This API can be used for sending HTTP/ + HTTPS requests and receiving server responses. Besides the XML data + format, the request and response data format can also be JSON, HTML, + and plain text. JavaScript and XMLHttpRequest are ubiquitous + programming models for websites, and more general applications, where + native code is less attractive. + +3.9.3. Transport features + + The transport features provided by HTTP, when used as a pseudo- + transport, are: + + o unicast transport (provided by the lower layer protocol, usually + TCP), + + o uni- or bidirectional communication, + + o transfer of objects in multiple streams with object content type + negotiation, supporting partial transmission of object ranges, + + o ordered delivery (provided by the lower layer protocol, usually + TCP), + + o fully reliable delivery (provided by the lower layer protocol, + usually TCP), + + o flow control (provided by the lower layer protocol, usually TCP). + + o congestion control (provided by the lower layer protocol, usually + TCP). + + HTTPS (HTTP over TLS) additionally provides the following features + (as provided by TLS): + + o authentication (of one or both ends of a connection), + + o confidentiality, + + o integrity protection. + +3.10. File Delivery over Unidirectional Transport/Asynchronous Layered Coding Reliable Multicast (FLUTE/ALC) FLUTE/ALC is an IETF standards track protocol specified in [RFC6726] and [RFC5775]. It provides object-oriented delivery of discrete data or files. Asynchronous Layer Coding (ALC) provides an underlying reliable transport service and FLUTE a file-oriented specialization of the ALC service (e.g., to carry associated metadata). The [RFC6726] and [RFC5775] protocols are non-backward-compatible updates of the [RFC3926] and [RFC3450] experimental protocols; these experimental protocols are currently largely deployed in the 3GPP @@ -1208,21 +1407,21 @@ byte- and message-streaming, there is an exception: FLUTE/ALC is used to carry 3GPP Dynamic Adaptive Streaming over HTTP (DASH) when scalability is a requirement (see [MBMS], section 5.6). FLUTE/ALC's reliability, delivery mode, congestion control, and flow/ rate control mechanisms can be separately controlled to meet different application needs. Section 4.1 of [I-D.ietf-tsvwg-rfc5405bis] describes multicast congestion control requirements for UDP. -3.9.1. Protocol Description +3.10.1. Protocol Description The FLUTE/ALC protocol works on top of UDP (though it could work on top of any datagram delivery transport protocol), without requiring any connectivity from receivers to the sender. Purely unidirectional networks are therefore supported by FLUTE/ALC. This guarantees scalability to an unlimited number of receivers in a session, since the sender behaves exactly the same regardless of the number of receivers. FLUTE/ALC supports the transfer of bulk objects such as file or in- @@ -1288,33 +1487,33 @@ ([RFC6726], section 1.1.4). FLUTE/ALC is often used over a network path with pre-provisioned capacity [I-D.ietf-tsvwg-rfc5405bis] where there are no flows competing for capacity. In this case, a sender- based rate control mechanism and a single channel is sufficient. [RFC6584] provides per-packet authentication, integrity, and anti- replay protection in the context of the ALC and NORM protocols. Several mechanisms are proposed that seamlessly integrate into these protocols using the ALC and NORM header extension mechanisms. -3.9.2. Interface Description +3.10.2. Interface Description The FLUTE/ALC specification does not describe a specific application programming interface (API) to control protocol operation. Open source reference implementations of FLUTE/ALC are available at http://planete-bcast.inrialpes.fr/ (no longer maintained) and http://mad.cs.tut.fi/ (no longer maintained), and these implementations specify and document their own APIs. Commercial versions are also available, some derived from the above implementations, with their own API. -3.9.3. Transport Features +3.10.3. Transport Features The transport features provided by FLUTE/ALC are: o unicast, multicast, anycast or IPv4 broadcast transmission, o object-oriented delivery of discrete data or files and associated metadata, o fully reliable or partially reliable delivery (of file or in- memory objects), using proactive packet erasure coding (AL-FEC) to @@ -1318,47 +1517,46 @@ o fully reliable or partially reliable delivery (of file or in- memory objects), using proactive packet erasure coding (AL-FEC) to recover from packet erasures, o ordered or unordered delivery (of file or in-memory objects), o error detection (based on the UDP checksum), o per-packet authentication, - o per-packet integrity, o per-packet replay protection, o congestion control for layered flows (e.g., with WEBRC). -3.10. NACK-Oriented Reliable Multicast (NORM) +3.11. NACK-Oriented Reliable Multicast (NORM) NORM is an IETF standards track protocol specified in [RFC5740]. It provides object-oriented delivery of discrete data or files. The protocol was designed to support reliable bulk data dissemination to receiver groups using IP Multicast but also provides for point-to- point unicast operation. Support for bulk data dissemination includes discrete file or computer memory-based "objects" as well as byte- and message-streaming. NORM can incorporate packet erasure coding as a part of its selective ARQ in response to negative acknowledgments from the receiver. The packet erasure coding can also be proactively applied for forward protection from packet loss. NORM transmissions are governed by the TCP-friendly congestion control. The reliability, congestion control and flow control mechanisms can be separately controlled to meet different application needs. -3.10.1. Protocol Description +3.11.1. Protocol Description The NORM protocol is encapsulated in UDP datagrams and thus provides multiplexing for multiple sockets on hosts using port numbers. For loosely coordinated IP Multicast, NORM is not strictly connection- oriented although per-sender state is maintained by receivers for protocol operation. [RFC5740] does not specify a handshake protocol for connection establishment. Separate session initiation can be used to coordinate port numbers. However, in-band "client-server" style connection establishment can be accomplished with the NORM congestion control signaling messages using port binding techniques @@ -1402,31 +1600,31 @@ congestion event detection based on ECN. While NORM provides NACK-based reliability, it also supports a positive acknowledgment (ACK) mechanism that can be used for receiver flow control. This mechanism is decoupled from the reliability and congestion control, supporting applications with different needs. One example is use of NORM for quasi-reliable delivery, where timely delivery of newer content may be favored over completely reliable delivery of older content within buffering and RTT constraints. -3.10.2. Interface Description +3.11.2. Interface Description The NORM specification does not describe a specific application programming interface (API) to control protocol operation. A freely- available, open source reference implementation of NORM is available at https://www.nrl.navy.mil/itd/ncs/products/norm, and a documented API is provided for this implementation. While a sockets-like API is not currently documented, the existing API supports the necessary functions for that to be implemented. -3.10.3. Transport Features +3.11.3. Transport Features The transport features provided by NORM are: o unicast or multicast transport, o unidirectional communication, o stream-oriented delivery in a single stream or object-oriented delivery of in-memory data or file bulk content objects, @@ -1439,318 +1637,122 @@ o segmentation, o data bundling (using Nagle's algorithm), o flow control (timer-based and/or ack-based), o congestion control (also supporting fixed rate reliable or unreliable delivery). -3.11. Transport Layer Security (TLS) and Datagram TLS (DTLS) as a - pseudotransport - - Transport Layer Security (TLS) [RFC5246]} and Datagram TLS (DTLS) - [RFC6347]} are IETF protocols that provide several security-related - features to applications. TLS is designed to run on top of a - reliable streaming transport protocol (usually TCP), while DTLS is - designed to run on top of a best-effort datagram protocol (UDP or - DCCP [RFC5238]). At the time of writing, the current version of TLS - is 1.2; which is defined in [RFC5246]. DTLS provides nearly - identical functionality to applications; it is defined in [RFC6347] - and its current version is also 1.2. The TLS protocol evolved from - the Secure Sockets Layer (SSL) protocols developed in the mid-1990s - to support protection of HTTP traffic. - - While older versions of TLS and DTLS are still in use, they provide - weaker security guarantees. [RFC7457] outlines important attacks on - TLS and DTLS. [RFC7525] is a Best Current Practices (BCP) document - that describes secure configurations for TLS and DTLS to counter - these attacks. The recommendations are applicable for the vast - majority of use cases. - -3.11.1. Protocol Description - - Both TLS and DTLS provide the same security features and can thus be - discussed together. The features they provide are: - - o Confidentiality - - o Data integrity - - o Peer authentication (optional) - o Perfect forward secrecy (optional) - - The authentication of the peer entity can be omitted; a common web - use case is where the server is authenticated and the client is not. - TLS also provides a completely anonymous operation mode in which - neither peer's identity is authenticated. It is important to note - that TLS itself does not specify how a peering entity's identity - should be interpreted. For example, in the common use case of - authentication by means of an X.509 certificate, it is the - application's decision whether the certificate of the peering entity - is acceptable for authorization decisions. - - Perfect forward secrecy, if enabled and supported by the selected - algorithms, ensures that traffic encrypted and captured during a - session at time t0 cannot be later decrypted at time t1 (t1 > t0), - even if the long-term secrets of the communicating peers are later - compromised. - - As DTLS is generally used over an unreliable datagram transport such - as UDP, applications will need to tolerate lost, re-ordered, or - duplicated datagrams. Like TLS, DTLS conveys application data in a - sequence of independent records. However, because records are mapped - to unreliable datagrams, there are several features unique to DTLS - that are not applicable to TLS: - - o Record replay detection (optional). - - o Record size negotiation (estimates of PMTU and record size - expansion factor). - - o Coveyance of IP don't fragment (DF) bit settings by application. - - o An anti-DoS stateless cookie mechanism (optional). - - Generally, DTLS follows the TLS design as closely as possible. To - operate over datagrams, DTLS includes a sequence number and limited - forms of retransmission and fragmentation for its internal - operations. The sequence number may be used for detecting replayed - information, according to the windowing procedure described in - Section 4.1.2.6 of [RFC6347]. DTLS forbids the use of stream - ciphers, which are essentially incompatible when operating on - independent encrypted records. - -3.11.2. Interface Description - - TLS is commonly invoked using an API provided by packages such as - OpenSSL, wolfSSL, or GnuTLS. Using such APIs entails the - manipulation of several important abstractions, which fall into the - following categories: long-term keys and algorithms, session state, - and communications/connections. There may also be special APIs - required to deal with time and/or random numbers, both of which are - needed by a variety of encryption algorithms and protocols. - - Considerable care is required in the use of TLS APIs to ensure - creation of a secure application. The programmer should have at - least a basic understanding of encryption and digital signature - algorithms and their strengths, public key infrastructure (including - X.509 certificates and certificate revocation), and the sockets API. - See [RFC7525] and [RFC7457], as mentioned above. - - As an example, in the case of OpenSSL, the primary abstractions are - the library itself and method (protocol), session, context, cipher - and connection. After initializing the library and setting the - method, a cipher suite is chosen and used to configure a context - object. Session objects may then be minted according to the - parameters present in a context object and associated with individual - connections. Depending on how precisely the programmer wishes to - select different algorithmic or protocol options, various levels of - details may be required. - -3.11.3. Transport Features - - Both TLS and DTLS employ a layered architecture. The lower layer is - commonly called the record protocol. It is responsible for: - - o message fragmentation, - - o authentication and integrity via message authentication codes - (MAC), - - o data encryption, - - o scheduling transmission using the underlying transport protocol. - - DTLS augments the TLS record protocol with: - - o ordering and replay protection, implemented using sequence - numbers. - - Several protocols are layered on top of the record protocol. These - include the handshake, alert, and change cipher spec protocols. - There is also the data protocol, used to carry application traffic. - The handshake protocol is used to establish cryptographic and - compression parameters when a connection is first set up. In DTLS, - this protocol also has a basic fragmentation and retransmission - capability and a cookie-like mechanism to resist DoS attacks. (TLS - compression is not recommended at present). The alert protocol is - used to inform the peer of various conditions, most of which are - terminal for the connection. The change cipher spec protocol is used - to synchronize changes in cryptographic parameters for each peer. - - The data protocol, when used with an appropriate cipher, provides: - - o authentication of one end or both ends of a connection, - - o confidentiality, - - o cryptographic integrity protection. - - Both TLS and DTLS are unicast-only. - -3.12. Hypertext Transport Protocol (HTTP) over TCP as a pseudotransport - - The Hypertext Transfer Protocol (HTTP) is an application-level - protocol widely used on the Internet. It provides object-oriented - delivery of discrete data or files. Version 1.1 of the protocol is - specified in [RFC7230] [RFC7231] [RFC7232] [RFC7233] [RFC7234] - [RFC7235], and version 2 in [RFC7540]. HTTP is usually transported - over TCP using port 80 and 443, although it can be used with other - transports. When used over TCP it inherits its properties. - - Application layer protocols may use HTTP as a substrate with an - existing method and data formats, or specify new methods and data - formats. There are various reasons for this practice listed in - [RFC3205]; these include being a well-known and well-understood - protocol, reusability of existing servers and client libraries, easy - use of existing security mechanisms such as HTTP digest - authentication [RFC2617] and TLS [RFC5246], the ability of HTTP to - traverse firewalls makes it work over many types of infrastructure, - and in cases where an application server often needs to support HTTP - anyway. +3.12. Internet Control Message Protocol (ICMP) - Depending on application need, the use of HTTP as a substrate - protocol may add complexity and overhead in comparison to a special- - purpose protocol (e.g., HTTP headers, suitability of the HTTP - security model, etc.). [RFC3205] addresses this issue and provides - some guidelines and identifies concerns about the use of HTTP - standard port 80 and 443, the use of HTTP URL scheme and interaction - with existing firewalls, proxies and NATs. + The Internet Control Message Protocol (ICMP) [RFC0792] for IPv4 and + ICMP for IPv6 [RFC4433] are IETF standards track protocols. It is a + connection-less unidirectional protocol that delivers individual + messages, without error correction, congestion control, or flow + control. Messages may be sent as unicast, IPv4 broadcast or + multicast datagrams (IPv4 and IPv6), in addition to anycast + datagrams. - Representational State Transfer (REST) [REST] is another example of - how applications can use HTTP as transport protocol. REST is an - architecture style that may be used to build applications using HTTP - as a communication protocol. + Transport Protocols and upper layer protocols can use received ICMP + messages to help them take appropriate decisions when network or + endpoint errors are reported. For example, to implement, ICMP-based + Path MTU discovery [RFC1191][RFC1981] or assist in Packetization + Layer Path MTU Discovery (PMTUD) [RFC4821]. Such reactions to + received messages need to protect from off-path data injection + [I-D.ietf-tsvwg-rfc5405bis], to avoid an application receiving + packets created by an unauthorized third party. An application + therefore needs to ensure that all messages are appropriately + validated, by checking the payload of the messages to ensure these + are received in response to actually transmitted traffic (e.g., a + reported error condition that corresponds to a UDP datagram or TCP + segment was actually sent by the application). This requires context + [RFC6056], such as local state about communication instances to each + destination (e.g., in the TCP, DCCP, or SCTP protocols). This state + is not always maintained by UDP-based applications + [I-D.ietf-tsvwg-rfc5405bis]. 3.12.1. Protocol Description - Hypertext Transfer Protocol (HTTP) is a request/response protocol. A - client sends a request containing a request method, URI and protocol - version followed by a MIME-like message (see [RFC7231] for the - differences between an HTTP object and a MIME message), containing - information about the client and request modifiers. The message can - also contain a message body carrying application data. The server - responds with a status or error code followed by a MIME-like message - containing information about the server and information about the - data. This may include a message body. It is possible to specify a - data format for the message body using MIME media types [RFC2045]. - The protocol has additional features, some relevant to pseudo- - transport are described below. + ICMP is a connection-less unidirectional protocol, It delivers + independent messages, called datagrams. Each message is required to + carry a checksum as an integrity check and to protect from mis- + delivery to an unintended endpoint. - Content negotiation, specified in [RFC7231], is a mechanism provided - by HTTP to allow selection of a representation for a requested - resource. The client and server negotiate acceptable data formats, - character sets, data encoding (e.g., data can be transferred - compressed using gzip). HTTP can accommodate exchange of messages as - well as data streaming (using chunked transfer encoding [RFC7230]). - It is also possible to request a part of a resource using an object - range request [RFC7233]. The protocol provides powerful cache - control signaling defined in [RFC7234]. + ICMP messages typically relay diagnostic information from an endpoint + [RFC1122] or network device [RFC1716] addressed to the sender of a + flow. This usually contains the network protocol header of a packet + that encountered a reported issue. Some formats of messages can also + carry other payload data. Each message carries an integrity check + calculated in the same way as for UDP, this checksum is not optional. - The persistent connections of HTTP 1.1 and HTTP 2.0 allow multiple - request- response transactions (streams) during the life-time of a - single HTTP connection. HTTP 2.0 connections can multiplex many - request/response pairs in parallel on a single transport connection. - This reduces overhead during connection establishment and mitigates - transport layer slow-start that would have otherwise been incurred - for each transaction. Both are important to reduce latency for - HTTP's primary use case. + The RFC series defines additional IPv6 message formats to support a + range of uses. In the case of IPv6 the protocol incorporates + neighbor discovery [RFC2461] [RFC3971]} (provided by ARP for IPv4) + and the Multicast Listener Discovery (MLD) [RFC2710] group management + functions (provided by IGMP for IPv4). - HTTP can be combined with security mechanisms, such as TLS (denoted - by HTTPS). This adds protocol properties provided by such a - mechanism (e.g., authentication, encryption). The TLS Application- - Layer Protocol Negotiation (ALPN) extension [RFC7301] can be used to - negotiate the HTTP version within the TLS handshake, eliminating the - latency incurred by additional round-trip exchanges. Arbitrary - cookie strings, included as part of the MIME headers, are often used - as bearer tokens in HTTP. + Reliable transmission can not be assumed. A receiving application + that is unable to run sufficiently fast, or frequently, may miss + messages since there is no flow or congestion control. In addition + some network devices rate-limit ICMP messages. 3.12.2. Interface Description - There are many HTTP libraries available exposing different APIs. The - APIs provide a way to specify a request by providing a URI, a method, - request modifiers and optionally a request body. For the response, - callbacks can be registered that will be invoked when the response is - received. If TLS is used, the API exposes a registration of - callbacks for a server that requests client authentication and when - certificate verification is needed. - - The World Wide Web Consortium (W3C) has standardized the - XMLHttpRequest API [XHR]. This API can be used for sending HTTP/ - HTTPS requests and receiving server responses. Besides the XML data - format, the request and response data format can also be JSON, HTML, - and plain text. JavaScript and XMLHttpRequest are ubiquitous - programming models for websites, and more general applications, where - native code is less attractive. - -3.12.3. Transport features - - The transport features provided by HTTP, when used as a pseudo- - transport, are: - - o unicast transport (provided by the lower layer protocol, usually - TCP), - - o uni- or bidirectional communication, - - o transfer of objects in multiple streams with object content type - negotiation, supporting partial transmission of object ranges, - - o ordered delivery (provided by the lower layer protocol, usually - TCP), - - o fully reliable delivery (provided by the lower layer protocol, - usually TCP), - - o flow control (provided by the lower layer protocol, usually TCP). - - o congestion control (provided by the lower layer protocol, usually - TCP). + ICMP processing is integrated in many connection-oriented transports, + but like other functions needs to be provided by an upper-layer + protocol when using UDP and UDP-Lite. - HTTPS (HTTP over TLS) additionally provides the following features - (as provided by TLS): + On some stacks, a bound socket also allows a UDP application to be + notified when ICMP error messages are received for its transmissions + [I-D.ietf-tsvwg-rfc5405bis]. - o authentication (of one or both ends of a connection), + Any response to ICMP error messages ought to be robust to temporary + routing failures (sometimes called "soft errors"), e.g., transient + ICMP "unreachable" messages ought to not normally cause a + communication abort [RFC5461] [I-D.ietf-tsvwg-rfc5405bis]. - o confidentiality, +3.12.3. Transport Features - o integrity protection. + ICMP does not provide any transport service directly to applications. + Used together with other transport protocols, it provides + transmission of control, error, and measurement data between + endpoints, or from devices along the path to one endpoint. 4. Congestion Control Congestion control is critical to the stable operation of the Internet. A variety of mechanisms are used to provide the congestion control needed by many Internet transport protocols. Congestion is detected based on sensing of network conditions, whether through explicit or implicit feedback. The congestion control mechanisms that can be applied by different transport protocols are largely orthogonal to the choice of transport protocol. This section provides an overview of the congestion control mechanisms available to the protocols described in Section 3. Many protocols use a separate window to determine the maximum sending rate that is allowed by the congestion control. The used congestion control mechanism will increase the congestion window if feedback is received that indicates that the currently used network path is not congested, and will reduce the window otherwise. Window-based mechanisms often increase their window slowing over multiple RTTs, while decreasing strongly when the first indication of congestion is - received. One example are Additive Increase Multiplicative Decrease - (AIMD) schemes, where the window is increased by a certain number of - packets/bytes for each data segment that has been successfully - transmitted, while the window is multiplicatively decrease on the - occurrence of a congestion event. This can lead to a rather - unstable, oscillating sending rate, but will resolve a congestion - situation quickly. TCP New Reno [RFC5681] which is one of the - initial proposed schemes for TCP as well as TCP Cubic + received. One example is an Additive Increase Multiplicative + Decrease (AIMD) scheme, where the window is increased by a certain + number of packets/bytes for each data segment that has been + successfully transmitted, while the window is multiplicatively + decrease on the occurrence of a congestion event. This can lead to a + rather unstable, oscillating sending rate, but will resolve a + congestion situation quickly. TCP New Reno [RFC5681] which is one of + the initial proposed schemes for TCP as well as TCP Cubic [I-D.ietf-tcpm-cubic] which is the default mechanism for TCP in Linux are two examples for window-based AIMD schemes. This approach is also used by DCCP CCID-2 for datagram congestion control. Some classes of applications prefer to use a transport service that allows sending at a more stable rate, that is slowly varied in response to congestion. Rate-based methods offer this type of congestion control and have been defined based on the loss ratio and observed round trip time, such as TFRC [RFC5348] and TFRC-SP [RFC4828]. These methods utilize a throughput equation to determine @@ -1775,88 +1777,88 @@ The tables below summarize some key features to illustrate the range of functions provided across the IETF-specified transports. Figure 1 considers transports that may be directly layered over the network, and Figure 2 considers transports layered over another transport service. Features that are permitted, but not required, are marked as "Poss" indicating that it is possible for the transport service to offer this feature. +---------------+------+------+------+------+------+------+------+ - | Feature | TCP | MPTCP| SCTP | UDP | UDP-L|DCCP |ICMP | + | Feature | TCP | MPTCP| UDP | UDP | SCTP |DCCP |ICMP | +---------------+------+------+------+------+------+------+------+ | Datagram | No | No | Yes | Yes | Yes | Yes | Yes | +---------------+------+------+------+------+------+------+------+ - | Conn. Oriented| Yes | Yes | Yes | No | No | Yes | No | + | Conn. Oriented| Yes | Yes | No | No | Yes | Yes | No | +---------------+------+------+------+------+------+------+------+ - | Reliability | Yes | Yes | Yes | No | No | No | No | + | Reliability | Yes | Yes | No | No | Yes | No | No | +---------------+------+------+------+------+------+------+------+ - | Partial Rel. | No | No | Poss | N/A | N/A | Yes | N/A | + | Partial Rel. | No | No | N/A | N/A | Poss | Yes | N/A | +---------------+------+------+------+------+------+------+------+ - | Corupt. Tol | No | No | No | No | Yes | Yes | No | + | Corupt. Tol | No | No | No | Yes | No | Yes | No | +---------------+------+------+------+------+------+------+------+ - | Cong.Control | Yes | Yes | Yes | No | No | Yes | No | + | Cong.Control | Yes | Yes | No | No | Yes | Yes | No | +---------------+------+------+------+------+------+------+------+ - | Endpoint | 1 | >=1 | >=1 | 1 | 1 | 1 | 1 | + | Endpoint | 1 | >=1 | >=1 | >=1 | >=1 | 1 | 1 | +---------------+------+------+------+------+------+------+------+ - | Multicast Cap.| No | No | No | Yes | Yes | No | No | + | Multicast Cap.| No | No | Yes | Yes | No | No | No | +---------------+------+------+------+------+------+------+------+ Figure 1: Summary comparison: Transport protocols +---------------+------+------+------+------+------+ - | Feature | RTP | FLUTE| NORM |(D)TLS| HTTP | + | Feature |(D)TLS| RTP | HTTP | FLUTE| NORM | +---------------+------+------+------+------+------+ - | Datagram | Yes | No | Both | Both | No | + | Datagram | Both | Yes | No | No | Both | +---------------+------+------+------+------+------+ - | Conn. Oriented| No | Yes | Yes | Yes | Yes | + | Conn. Oriented| Yes | No | Yes | Yes | Yes | +---------------+------+------+------+------+------+ - | Reliability | No | Yes | Poss | Poss | Yes | + | Reliability | Poss | No | Yes | Yes | Poss | +---------------+------+------+------+------+------+ - | Partial R | Poss | No | Poss | No | No | + | Partial R | No | Poss | No | No | Poss | +---------------+------+------+------+------+------+ - | Corupt. Tol | Poss | No | No | No | No | + | Corupt. Tol | No | Poss | No | No | No | +---------------+------+------+------+------+------+ - | Cong.Control | Poss | Poss | Poss | N/A | N/A | + | Cong.Control | N/A | Poss | N/A | Poss | Poss | +---------------+------+------+------+------+------+ - | Endpoint | >=1 | >=1 | >=1 | 1 | 1 | + | Endpoint | 1 | >=1 | 1 | >=1 | >=1 | +---------------+------+------+------+------+------+ - | Multicast Cap.| Yes | Yes | Yes | No | No | + | Multicast Cap.| No | Yes | No | Yes | Yes | +---------------+------+------+------+------+------+ Figure 2: Upper layer transports and frameworks The transport protocol features described in this document could be used as a basis for defining common transport features: o Control Functions * Addressing - + unicast (TCP, MPTCP, SCTP, UDP, UDP-Lite, DCCP, ICMP, RTP, - TLS, HTTP) + + unicast (TCP, MPTCP, UDP, UDP-Lite, SCTP, DCCP, TLS, RTP, + HTTP, ICMP) - + multicast (UDP, UDP-Lite, DCCP, ICMP, RTP, FLUTE/ALC, NORM). - Note that, as TLS and DTLS are unicast-only, there is no - widely deployed mechanism for supporting the features in the + + multicast (UDP, UDP-Lite, RTP, FLUTE/ALC, NORM). Note that, + as TLS and DTLS are unicast-only, there is no widely + deployed mechanism for supporting the features in the Security section below when using multicast addressing. + IPv4 broadcast (UDP, UDP-Lite, ICMP) + anycast (UDP, UDP-Lite). Connection-oriented protocols such as TCP and DCCP have also been deployed using anycast addressing, with the risk that routing changes may cause connection failure. * Association type - + connection-oriented (TCP, MPTCP, SCTP, DCCP, RTP, NORM, TLS, - HTTP) + + connection-oriented (TCP, MPTCP, DCCP, SCTP, TLS, RTP, HTTP, + NORM) + connectionless (UDP, UDP-Lite, FLUTE/ALC) * Multihoming support + resilience and mobility (MPTCP, SCTP) + load-balancing (MPTCP) + address family multiplexing (MPTCP, SCTP) @@ -1865,100 +1867,100 @@ + application-class signaling to middleboxes (DCCP) + error condition signaling from middleboxes and routers to endpoints (ICMP) * Signaling + control information and error signaling (ICMP) - + performance metric reporting (RTP) + + application performance reporting (RTP) o Delivery * Reliability - + fully reliable delivery (TCP, MPTCP, SCTP, FLUTE/ALC, NORM, - TLS, HTTP) + + fully reliable delivery (TCP, MPTCP, SCTP, TLS, HTTP, FLUTE/ + ALC, NORM) + partially reliable delivery (SCTP, NORM) - - using packet erasure coding (FLUTE/ALC, NORM, RTP) + - using packet erasure coding (RTP, FLUTE/ALC, NORM) - with specified policy for dropped messages (SCTP) + unreliable delivery (SCTP, UDP, UDP-Lite, DCCP, RTP) - - with drop notification to sender (RTP, SCTP, DCCP) + - with drop notification to sender (SCTP, DCCP, RTP) + error detection - - checksum for error detection (TCP, MPTCP, SCTP, UDP, UDP- - Lite, DCCP, ICMP, FLUTE/ALC, NORM, TLS, DTLS) + - checksum for error detection (TCP, MPTCP, UDP, UDP-Lite, + SCTP, DCCP, TLS, DTLS, FLUTE/ALC, NORM, ICMP) - partial payload checksum protection (UDP-Lite, DCCP). Some uses of RTP can exploit partial payload checksum protection feature to provide a corruption tolerant transport service. - checksum optional (UDP). Possible with IPv4 and in certain cases with IPv6. * Ordering - + ordered delivery (TCP, MPTCP, SCTP, RTP, FLUTE, TLS, HTTP) + + ordered delivery (TCP, MPTCP, SCTP, TLS, RTP, HTTP, FLUTE) - + unordered delivery permitted (SCTP, UDP, UDP-Lite, DCCP, + + unordered delivery permitted (UDP, UDP-Lite, SCTP, DCCP, RTP, NORM) * Type/framing + stream-oriented delivery (TCP, MPTCP, SCTP, TLS, HTTP) - with multiple streams per association (SCTP, HTTP2) - + message-oriented delivery (SCTP, UDP, UDP-Lite, DCCP, RTP, - DTLS) + + message-oriented delivery (UDP, UDP-Lite, SCTP, DCCP, DTLS, + RTP) + object-oriented delivery of discrete data or files and - associated metadata (FLUTE/ALC, NORM, HTTP) + associated metadata (HTTP, FLUTE/ALC, NORM) - with partial delivery of object ranges (HTTP) * Directionality - + unidirectional (TCP, SCTP, UDP, UDP-Lite DCCP, RTP, FLUTE/ + + unidirectional (TCP, UDP, UDP-Lite, SCTP, DCCP, RTP, FLUTE/ ALC, NORM) - + bidirectional (TCP, MPTCP, SCTP, HTTP, TLS) + + bidirectional (TCP, MPTCP, SCTP, TLS, HTTP) o Transmission control - * flow control (TCP, MPTCP, SCTP, DCCP, RTP, TLS, HTTP) + * flow control (TCP, MPTCP, SCTP, DCCP, TLS, RTP, HTTP) * congestion control (TCP, MPTCP, SCTP, DCCP, RTP, FLUTE/ALC, NORM). Congestion control can also provided by the transport - supporting an upper later transport (e.g., RTP,HTTP, TLS). + supporting an upper later transport (e.g., TLS, RTP, HTTP). - * segmentation (TCP, MPTCP, SCTP, RTP, FLUTE/ALC, NORM, TLS, - HTTP) + * segmentation (TCP, MPTCP, SCTP, TLS, RTP, HTTP, FLUTE/ALC, + NORM) * data/message bundling (TCP, MPTCP, SCTP, TLS, HTTP) * stream scheduling prioritization (SCTP, HTTP2) * endpoint multiplexing (MPTCP) o Security - * authentication of one end of a connection (FLUTE/ALC, TLS, - DTLS) + * authentication of one end of a connection (TLS, DTLS, FLUTE/ + ALC) * authentication of both ends of a connection (TLS, DTLS) * confidentiality (TLS, DTLS) * cryptographic integrity protection (TLS, DTLS) * replay protection (FLUTE/ALC, DTLS) 6. IANA Considerations @@ -1979,123 +1981,123 @@ In addition to the editors, this document is the work of Brian Adamson, Dragana Damjanovic, Kevin Fall, Simone Ferlin-Oliviera, Ralph Holz, Olivier Mehani, Karen Nielsen, Colin Perkins, Vincent Roca, and Michael Tuexen. o Section 3.2 on MPTCP was contributed by Simone Ferlin-Oliviera (ferlin@simula.no) and Olivier Mehani (olivier.mehani@nicta.com.au) - o Section 3.4 on UDP was contributed by Kevin Fall (kfall@kfall.com) + o Section 3.3 on UDP was contributed by Kevin Fall (kfall@kfall.com) - o Section 3.3 on SCTP was contributed by Michael Tuexen (tuexen@fh- + o Section 3.5 on SCTP was contributed by Michael Tuexen (tuexen@fh- muenster.de) and Karen Nielsen (karen.nielsen@tieto.com) o Section 3.8 on RTP contains contributions from Colin Perkins (csp@csperkins.org) - o Section 3.9 on FLUTE/ALC was contributed by Vincent Roca + o Section 3.10 on FLUTE/ALC was contributed by Vincent Roca (vincent.roca@inria.fr) - o Section 3.10 on NORM was contributed by Brian Adamson + o Section 3.11 on NORM was contributed by Brian Adamson (brian.adamson@nrl.navy.mil) - o Section 3.11 on TLS and DTLS was contributed by Ralph Holz + o Section 3.7 on TLS and DTLS was contributed by Ralph Holz (ralph.holz@nicta.com.au) and Olivier Mehani (olivier.mehani@nicta.com.au) - o Section 3.12 on HTTP was contributed by Dragana Damjanovic + o Section 3.9 on HTTP was contributed by Dragana Damjanovic (ddamjanovic@mozilla.com) 9. Acknowledgments Thanks to Joe Touch, Michael Welzl, and the TAPS Working Group for the comments, feedback, and discussion. This work is supported by the European Commission under grant agreement No. 318627 mPlane and from the Horizon 2020 research and innovation program under grant agreements No. 644334 (NEAT) and No. 688421 (MAMI). This support does not imply endorsement. 10. Informative References - [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, - DOI 10.17487/RFC0768, August 1980, + [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI + 10.17487/RFC0768, August 1980, . [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, DOI 10.17487/RFC0792, September 1981, . - [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, - RFC 793, DOI 10.17487/RFC0793, September 1981, + [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC + 793, DOI 10.17487/RFC0793, September 1981, . [RFC0896] Nagle, J., "Congestion Control in IP/TCP Internetworks", RFC 896, DOI 10.17487/RFC0896, January 1984, . [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - - Communication Layers", STD 3, RFC 1122, - DOI 10.17487/RFC1122, October 1989, + Communication Layers", STD 3, RFC 1122, DOI 10.17487/ + RFC1122, October 1989, . [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, DOI 10.17487/RFC1191, November 1990, . [RFC1716] Almquist, P. and F. Kastenholz, "Towards Requirements for IP Routers", RFC 1716, DOI 10.17487/RFC1716, November 1994, . [RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU Discovery for IP version 6", RFC 1981, DOI 10.17487/RFC1981, August 1996, . [RFC2018] Mathis, M., Mahdavi, J., Floyd, S., and A. Romanow, "TCP - Selective Acknowledgment Options", RFC 2018, - DOI 10.17487/RFC2018, October 1996, + Selective Acknowledgment Options", RFC 2018, DOI 10.17487/ + RFC2018, October 1996, . [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, . [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, . [RFC2461] Narten, T., Nordmark, E., and W. Simpson, "Neighbor - Discovery for IP Version 6 (IPv6)", RFC 2461, - DOI 10.17487/RFC2461, December 1998, + Discovery for IP Version 6 (IPv6)", RFC 2461, DOI + 10.17487/RFC2461, December 1998, . [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, DOI 10.17487/RFC2617, June 1999, . [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast - Listener Discovery (MLD) for IPv6", RFC 2710, - DOI 10.17487/RFC2710, October 1999, + Listener Discovery (MLD) for IPv6", RFC 2710, DOI + 10.17487/RFC2710, October 1999, . [RFC2736] Handley, M. and C. Perkins, "Guidelines for Writers of RTP - Payload Format Specifications", BCP 36, RFC 2736, - DOI 10.17487/RFC2736, December 1999, + Payload Format Specifications", BCP 36, RFC 2736, DOI + 10.17487/RFC2736, December 1999, . [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition - of Explicit Congestion Notification (ECN) to IP", - RFC 3168, DOI 10.17487/RFC3168, September 2001, + of Explicit Congestion Notification (ECN) to IP", RFC + 3168, DOI 10.17487/RFC3168, September 2001, . [RFC3205] Moore, K., "On the use of HTTP as a Substrate", BCP 56, RFC 3205, DOI 10.17487/RFC3205, February 2002, . [RFC3260] Grossman, D., "New Terminology and Clarifications for Diffserv", RFC 3260, DOI 10.17487/RFC3260, April 2002, . @@ -2113,372 +2115,356 @@ M., and J. Crowcroft, "Forward Error Correction (FEC) Building Block", RFC 3452, DOI 10.17487/RFC3452, December 2002, . [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 2003, . [RFC3738] Luby, M. and V. Goyal, "Wave and Equation Based Rate - Control (WEBRC) Building Block", RFC 3738, - DOI 10.17487/RFC3738, April 2004, + Control (WEBRC) Building Block", RFC 3738, DOI 10.17487/ + RFC3738, April 2004, . [RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. Conrad, "Stream Control Transmission Protocol (SCTP) - Partial Reliability Extension", RFC 3758, - DOI 10.17487/RFC3758, May 2004, + Partial Reliability Extension", RFC 3758, DOI 10.17487/ + RFC3758, May 2004, . [RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., Ed., and G. Fairhurst, Ed., "The Lightweight User Datagram Protocol (UDP-Lite)", RFC 3828, DOI 10.17487/RFC3828, July 2004, . [RFC3926] Paila, T., Luby, M., Lehtonen, R., Roca, V., and R. Walsh, - "FLUTE - File Delivery over Unidirectional Transport", - RFC 3926, DOI 10.17487/RFC3926, October 2004, + "FLUTE - File Delivery over Unidirectional Transport", RFC + 3926, DOI 10.17487/RFC3926, October 2004, . [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, - "SEcure Neighbor Discovery (SEND)", RFC 3971, - DOI 10.17487/RFC3971, March 2005, + "SEcure Neighbor Discovery (SEND)", RFC 3971, DOI + 10.17487/RFC3971, March 2005, . [RFC4324] Royer, D., Babics, G., and S. Mansour, "Calendar Access Protocol (CAP)", RFC 4324, DOI 10.17487/RFC4324, December 2005, . [RFC4336] Floyd, S., Handley, M., and E. Kohler, "Problem Statement - for the Datagram Congestion Control Protocol (DCCP)", - RFC 4336, DOI 10.17487/RFC4336, March 2006, + for the Datagram Congestion Control Protocol (DCCP)", RFC + 4336, DOI 10.17487/RFC4336, March 2006, . [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram - Congestion Control Protocol (DCCP)", RFC 4340, - DOI 10.17487/RFC4340, March 2006, + Congestion Control Protocol (DCCP)", RFC 4340, DOI + 10.17487/RFC4340, March 2006, . [RFC4341] Floyd, S. and E. Kohler, "Profile for Datagram Congestion Control Protocol (DCCP) Congestion Control ID 2: TCP-like Congestion Control", RFC 4341, DOI 10.17487/RFC4341, March 2006, . [RFC4342] Floyd, S., Kohler, E., and J. Padhye, "Profile for Datagram Congestion Control Protocol (DCCP) Congestion Control ID 3: TCP-Friendly Rate Control (TFRC)", RFC 4342, DOI 10.17487/RFC4342, March 2006, . [RFC4433] Kulkarni, M., Patel, A., and K. Leung, "Mobile IPv4 - Dynamic Home Agent (HA) Assignment", RFC 4433, - DOI 10.17487/RFC4433, March 2006, + Dynamic Home Agent (HA) Assignment", RFC 4433, DOI + 10.17487/RFC4433, March 2006, . [RFC4654] Widmer, J. and M. Handley, "TCP-Friendly Multicast - Congestion Control (TFMCC): Protocol Specification", - RFC 4654, DOI 10.17487/RFC4654, August 2006, + Congestion Control (TFMCC): Protocol Specification", RFC + 4654, DOI 10.17487/RFC4654, August 2006, . [RFC4820] Tuexen, M., Stewart, R., and P. Lei, "Padding Chunk and Parameter for the Stream Control Transmission Protocol (SCTP)", RFC 4820, DOI 10.17487/RFC4820, March 2007, . [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, . [RFC4828] Floyd, S. and E. Kohler, "TCP Friendly Rate Control - (TFRC): The Small-Packet (SP) Variant", RFC 4828, - DOI 10.17487/RFC4828, April 2007, + (TFRC): The Small-Packet (SP) Variant", RFC 4828, DOI + 10.17487/RFC4828, April 2007, . [RFC4895] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla, "Authenticated Chunks for the Stream Control Transmission Protocol (SCTP)", RFC 4895, DOI 10.17487/RFC4895, August 2007, . [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", RFC 4960, DOI 10.17487/RFC4960, September 2007, . [RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M. Kozuka, "Stream Control Transmission Protocol (SCTP) - Dynamic Address Reconfiguration", RFC 5061, - DOI 10.17487/RFC5061, September 2007, + Dynamic Address Reconfiguration", RFC 5061, DOI 10.17487/ + RFC5061, September 2007, . [RFC5097] Renker, G. and G. Fairhurst, "MIB for the UDP-Lite protocol", RFC 5097, DOI 10.17487/RFC5097, January 2008, . [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security - (TLS) Protocol Version 1.2", RFC 5246, - DOI 10.17487/RFC5246, August 2008, + (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ + RFC5246, August 2008, . [RFC5238] Phelan, T., "Datagram Transport Layer Security (DTLS) over - the Datagram Congestion Control Protocol (DCCP)", - RFC 5238, DOI 10.17487/RFC5238, May 2008, + the Datagram Congestion Control Protocol (DCCP)", RFC + 5238, DOI 10.17487/RFC5238, May 2008, . [RFC5348] Floyd, S., Handley, M., Padhye, J., and J. Widmer, "TCP - Friendly Rate Control (TFRC): Protocol Specification", - RFC 5348, DOI 10.17487/RFC5348, September 2008, + Friendly Rate Control (TFRC): Protocol Specification", RFC + 5348, DOI 10.17487/RFC5348, September 2008, . - [RFC5461] Gont, F., "TCP's Reaction to Soft Errors", RFC 5461, - DOI 10.17487/RFC5461, February 2009, + [RFC5461] Gont, F., "TCP's Reaction to Soft Errors", RFC 5461, DOI + 10.17487/RFC5461, February 2009, . [RFC5595] Fairhurst, G., "The Datagram Congestion Control Protocol (DCCP) Service Codes", RFC 5595, DOI 10.17487/RFC5595, September 2009, . [RFC5596] Fairhurst, G., "Datagram Congestion Control Protocol (DCCP) Simultaneous-Open Technique to Facilitate NAT/ Middlebox Traversal", RFC 5596, DOI 10.17487/RFC5596, September 2009, . [RFC5622] Floyd, S. and E. Kohler, "Profile for Datagram Congestion Control Protocol (DCCP) Congestion ID 4: TCP-Friendly Rate - Control for Small Packets (TFRC-SP)", RFC 5622, - DOI 10.17487/RFC5622, August 2009, + Control for Small Packets (TFRC-SP)", RFC 5622, DOI + 10.17487/RFC5622, August 2009, . [RFC5651] Luby, M., Watson, M., and L. Vicisano, "Layered Coding - Transport (LCT) Building Block", RFC 5651, - DOI 10.17487/RFC5651, October 2009, + Transport (LCT) Building Block", RFC 5651, DOI 10.17487/ + RFC5651, October 2009, . [RFC5672] Crocker, D., Ed., "RFC 4871 DomainKeys Identified Mail - (DKIM) Signatures -- Update", RFC 5672, - DOI 10.17487/RFC5672, August 2009, + (DKIM) Signatures -- Update", RFC 5672, DOI 10.17487/ + RFC5672, August 2009, . [RFC5740] Adamson, B., Bormann, C., Handley, M., and J. Macker, "NACK-Oriented Reliable Multicast (NORM) Transport Protocol", RFC 5740, DOI 10.17487/RFC5740, November 2009, . [RFC5775] Luby, M., Watson, M., and L. Vicisano, "Asynchronous Layered Coding (ALC) Protocol Instantiation", RFC 5775, DOI 10.17487/RFC5775, April 2010, . [RFC5681] Allman, M., Paxson, V., and E. Blanton, "TCP Congestion Control", RFC 5681, DOI 10.17487/RFC5681, September 2009, . [RFC6056] Larsen, M. and F. Gont, "Recommendations for Transport- - Protocol Port Randomization", BCP 156, RFC 6056, - DOI 10.17487/RFC6056, January 2011, + Protocol Port Randomization", BCP 156, RFC 6056, DOI + 10.17487/RFC6056, January 2011, . [RFC6083] Tuexen, M., Seggelmann, R., and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control - Transmission Protocol (SCTP)", RFC 6083, - DOI 10.17487/RFC6083, January 2011, + Transmission Protocol (SCTP)", RFC 6083, DOI 10.17487/ + RFC6083, January 2011, . [RFC6093] Gont, F. and A. Yourtchenko, "On the Implementation of the TCP Urgent Mechanism", RFC 6093, DOI 10.17487/RFC6093, January 2011, . [RFC6525] Stewart, R., Tuexen, M., and P. Lei, "Stream Control - Transmission Protocol (SCTP) Stream Reconfiguration", - RFC 6525, DOI 10.17487/RFC6525, February 2012, + Transmission Protocol (SCTP) Stream Reconfiguration", RFC + 6525, DOI 10.17487/RFC6525, February 2012, . - [RFC6546] Trammell, B., "Transport of Real-time Inter-network - Defense (RID) Messages over HTTP/TLS", RFC 6546, - DOI 10.17487/RFC6546, April 2012, - . - [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, January 2012, . [RFC6356] Raiciu, C., Handley, M., and D. Wischik, "Coupled - Congestion Control for Multipath Transport Protocols", - RFC 6356, DOI 10.17487/RFC6356, October 2011, + Congestion Control for Multipath Transport Protocols", RFC + 6356, DOI 10.17487/RFC6356, October 2011, . [RFC6363] Watson, M., Begen, A., and V. Roca, "Forward Error - Correction (FEC) Framework", RFC 6363, - DOI 10.17487/RFC6363, October 2011, + Correction (FEC) Framework", RFC 6363, DOI 10.17487/ + RFC6363, October 2011, . [RFC6458] Stewart, R., Tuexen, M., Poon, K., Lei, P., and V. Yasevich, "Sockets API Extensions for the Stream Control - Transmission Protocol (SCTP)", RFC 6458, - DOI 10.17487/RFC6458, December 2011, + Transmission Protocol (SCTP)", RFC 6458, DOI 10.17487/ + RFC6458, December 2011, . [RFC6584] Roca, V., "Simple Authentication Schemes for the Asynchronous Layered Coding (ALC) and NACK-Oriented - Reliable Multicast (NORM) Protocols", RFC 6584, - DOI 10.17487/RFC6584, April 2012, + Reliable Multicast (NORM) Protocols", RFC 6584, DOI + 10.17487/RFC6584, April 2012, . [RFC6726] Paila, T., Walsh, R., Luby, M., Roca, V., and R. Lehtonen, - "FLUTE - File Delivery over Unidirectional Transport", - RFC 6726, DOI 10.17487/RFC6726, November 2012, + "FLUTE - File Delivery over Unidirectional Transport", RFC + 6726, DOI 10.17487/RFC6726, November 2012, . [RFC6773] Phelan, T., Fairhurst, G., and C. Perkins, "DCCP-UDP: A Datagram Congestion Control Protocol UDP Encapsulation for NAT Traversal", RFC 6773, DOI 10.17487/RFC6773, November 2012, . [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure, "TCP Extensions for Multipath Operation with Multiple Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013, . [RFC6897] Scharf, M. and A. Ford, "Multipath TCP (MPTCP) Application Interface Considerations", RFC 6897, DOI 10.17487/RFC6897, March 2013, . [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and - UDP Checksums for Tunneled Packets", RFC 6935, - DOI 10.17487/RFC6935, April 2013, + UDP Checksums for Tunneled Packets", RFC 6935, DOI + 10.17487/RFC6935, April 2013, . [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement for the Use of IPv6 UDP Datagrams with Zero Checksums", RFC 6936, DOI 10.17487/RFC6936, April 2013, . [RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream Control Transmission Protocol (SCTP) Packets for End-Host - to End-Host Communication", RFC 6951, - DOI 10.17487/RFC6951, May 2013, + to End-Host Communication", RFC 6951, DOI 10.17487/ + RFC6951, May 2013, . [RFC7053] Tuexen, M., Ruengeler, I., and R. Stewart, "SACK- IMMEDIATELY Extension for the Stream Control Transmission Protocol", RFC 7053, DOI 10.17487/RFC7053, November 2013, . [RFC7202] Perkins, C. and M. Westerlund, "Securing the RTP Framework: Why RTP Does Not Mandate a Single Media Security Solution", RFC 7202, DOI 10.17487/RFC7202, April 2014, . [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer - Protocol (HTTP/1.1): Message Syntax and Routing", - RFC 7230, DOI 10.17487/RFC7230, June 2014, + Protocol (HTTP/1.1): Message Syntax and Routing", RFC + 7230, DOI 10.17487/RFC7230, June 2014, . [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer - Protocol (HTTP/1.1): Semantics and Content", RFC 7231, - DOI 10.17487/RFC7231, June 2014, + Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI + 10.17487/RFC7231, June 2014, . [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer - Protocol (HTTP/1.1): Conditional Requests", RFC 7232, - DOI 10.17487/RFC7232, June 2014, + Protocol (HTTP/1.1): Conditional Requests", RFC 7232, DOI + 10.17487/RFC7232, June 2014, . [RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Range Requests", RFC 7233, DOI 10.17487/RFC7233, June 2014, . [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", RFC 7234, DOI 10.17487/RFC7234, June 2014, . [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer - Protocol (HTTP/1.1): Authentication", RFC 7235, - DOI 10.17487/RFC7235, June 2014, + Protocol (HTTP/1.1): Authentication", RFC 7235, DOI + 10.17487/RFC7235, June 2014, . [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, July 2014, . [RFC7323] Borman, D., Braden, B., Jacobson, V., and R. Scheffenegger, Ed., "TCP Extensions for High Performance", RFC 7323, DOI 10.17487/RFC7323, September 2014, . [RFC7414] Duke, M., Braden, R., Eddy, W., Blanton, E., and A. Zimmermann, "A Roadmap for Transmission Control Protocol - (TCP) Specification Documents", RFC 7414, - DOI 10.17487/RFC7414, February 2015, + (TCP) Specification Documents", RFC 7414, DOI 10.17487/ + RFC7414, February 2015, . [RFC7457] Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", RFC 7457, DOI 10.17487/RFC7457, February 2015, . [RFC7496] Tuexen, M., Seggelmann, R., Stewart, R., and S. Loreto, "Additional Policies for the Partially Reliable Stream - Control Transmission Protocol Extension", RFC 7496, - DOI 10.17487/RFC7496, April 2015, + Control Transmission Protocol Extension", RFC 7496, DOI + 10.17487/RFC7496, April 2015, . [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2015, . [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext - Transfer Protocol Version 2 (HTTP/2)", RFC 7540, - DOI 10.17487/RFC7540, May 2015, + Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI + 10.17487/RFC7540, May 2015, . - [I-D.ietf-aqm-ecn-benefits] - Fairhurst, G. and M. Welzl, "The Benefits of using - Explicit Congestion Notification (ECN)", draft-ietf-aqm- - ecn-benefits-08 (work in progress), November 2015. - [I-D.ietf-tsvwg-rfc5405bis] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage Guidelines", draft-ietf-tsvwg-rfc5405bis-07 (work in progress), November 2015. [I-D.ietf-tsvwg-sctp-dtls-encaps] Tuexen, M., Stewart, R., Jesup, R., and S. Loreto, "DTLS Encapsulation of SCTP Packets", draft-ietf-tsvwg-sctp- dtls-encaps-09 (work in progress), January 2015. [I-D.ietf-tsvwg-sctp-ndata] Stewart, R., Tuexen, M., Loreto, S., and R. Seggelmann, "Stream Schedulers and User Message Interleaving for the Stream Control Transmission Protocol", draft-ietf-tsvwg- sctp-ndata-04 (work in progress), July 2015. - [I-D.ietf-tsvwg-sctp-failover] - Nishida, Y., Natarajan, P., Caro, A., Amer, P., and K. - Nielsen, "SCTP-PF: Quick Failover Algorithm in SCTP", - draft-ietf-tsvwg-sctp-failover-14 (work in progress), - December 2015. - [I-D.ietf-tsvwg-natsupp] Stewart, R., Tuexen, M., and I. Ruengeler, "Stream Control Transmission Protocol (SCTP) Network Address Translation Support", draft-ietf-tsvwg-natsupp-08 (work in progress), July 2015. [I-D.ietf-tcpm-cubic] Rhee, I., Xu, L., Ha, S., Zimmermann, A., Eggert, L., and R. Scheffenegger, "CUBIC for Fast Long-Distance Networks", - draft-ietf-tcpm-cubic-00 (work in progress), June 2015. + draft-ietf-tcpm-cubic-01 (work in progress), January 2016. [XHR] van Kesteren, A., Aubourg, J., Song, J., and H. Steen, "XMLHttpRequest working draft (http://www.w3.org/TR/XMLHttpRequest/)", 2000. [REST] Fielding, R., "Architectural Styles and the Design of Network-based Software Architectures, Ph. D. (UC Irvine), Chapter 5: Representational State Transfer", 2000. [POSIX] 1-2008, IEEE., "IEEE Standard for Information Technology