Re: More on demultiplexing
Ted Hardie <ted.ietf@gmail.com> Wed, 06 December 2017 19:16 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D81F6127005 for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 11:16:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMYnwNwAwpiw for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 11:16:18 -0800 (PST)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A45A126CC4 for <quic@ietf.org>; Wed, 6 Dec 2017 11:16:18 -0800 (PST)
Received: by mail-qt0-x22c.google.com with SMTP id 33so11660025qtv.1 for <quic@ietf.org>; Wed, 06 Dec 2017 11:16:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JjvALUIFTOL0D5Muvok42Z6cUKbZCUWDzjaI7GO9c/g=; b=IUr1MOFb6g++HV9dX1ZSCbwHhPwIz8W8TTI4Cq+EI0mo6uR48LW+0o6ZxaZJe89oUe aYu0JsAqlyxjZz/Rm75HSMrtk7sslF+zaxVlRJWdUyYFCh5Y64D5hRZlRT//u2oNwVry Q5DdYzcCGJw3nmgDYdc5MK3q3n+ipyk1Cq/4/VM0mah1qG8QvXh8NAzRYt4YjEFVo7aB vk3V9TwpxRFukHMzFUnDtlzOZftc08Gif+ohVXdUkRYJNNNO3E3ej11rlHqb9wvq2tCY MWfjxgG+DufvUS/mAxtKTUBVptCAQWK40RuV1GN9LieyqUi4BMenHFsdrLYaB6iS1pBm 9tIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JjvALUIFTOL0D5Muvok42Z6cUKbZCUWDzjaI7GO9c/g=; b=k5UgyED+5gK88vY8nt4B0lXeu8P65S3CQt2DLpmtG+G2ad2R9HqJR21js0w2YsHbj6 BCUHclTiHR7GZ0B/2JpeFxBHVSntaDjxkCLQRsUIg3gZZ2ItY67CzN8vENNpUr0y4uwu 6ZQisEaE0Jl3om+3Xi6FBrxqSRZAne5B0gdwiKWpN4m5TDIQt+r8eA7WjfVwGDVwqvfX WeXETU+L4gKiv5msNVHoZxzRy+EhlHwWyw8Y76UznaLOIO8DCk5gflRb6UbYrkrjwrnE d8B+Op+6KF1zP3HNol7Z7witLZdKZMKALHDD8wYBw/5b/JqirS87S9qmXUlcIQ5nd5xt wfsA==
X-Gm-Message-State: AKGB3mL44AKMQgbpx13dS2/MUPrVxZavYDhYsmdnzjVF/NrGY83NEKUg 2+unMgSInATn9+8V1Y1i9KxntiuNMHHKbmj51e3Fsg==
X-Google-Smtp-Source: AGs4zMa9Q+988mUuAs/gKbX++DapdudS6zBZMpWw+fO5MhdnrRZac9wO+lUkB0cliN+Q0w/tw+W394cf1AaNjK9zvHU=
X-Received: by 10.55.170.130 with SMTP id t124mr26530451qke.84.1512587776977; Wed, 06 Dec 2017 11:16:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.36.169 with HTTP; Wed, 6 Dec 2017 11:15:46 -0800 (PST)
In-Reply-To: <CABcZeBO=WCTLuuxaOJXKzQdiBduOxLdoqNtMpvPatBOAwNjZkQ@mail.gmail.com>
References: <CABcZeBO=WCTLuuxaOJXKzQdiBduOxLdoqNtMpvPatBOAwNjZkQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 06 Dec 2017 11:15:46 -0800
Message-ID: <CA+9kkMAc3NopLuEGQvuvu82X2LpuL-RiCoKzdfiWYUSfzfhRKA@mail.gmail.com>
Subject: Re: More on demultiplexing
To: Eric Rescorla <ekr@rtfm.com>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05f874236fe2055fb0c9e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/693_GWiGRCQHMs4wexo9tvfRyzc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2017 19:16:21 -0000
Howdy, Some additional thoughts and clarifying questions in-line. On Wed, Dec 6, 2017 at 10:41 AM, Eric Rescorla <ekr@rtfm.com> wrote: > I've been doing some thinking about the QUIC muxing story. It seems > like the case that everyone has in their head is WebRTC, so I'd like > to focus on that. It seems to me that there are two main deployment models > one might have in mind: > > I think there is a case zero here that we all agree should just work: downloading the javascript application for WebRTC should be the same over HTTPS-QUIC as it is for HTTPS-TLS. It's worth saying out loud only because we have to remember that this support is orthogonal: it neither helps nor hurts the WebRTC application's functioning once it is loaded in the browser. > - A browser unilaterally decides to support QUIC-WebRTC and just advertises > it in its SDP, so that if that browser encounters another such browser, > they do QUIC > > > - A service provider decides to do QUIC-WebRTC and turns it on for > clients which can do it. > > Probably worth pasting the usual ascii art here for the benefit of folks who think about QUIC and haven't thought about WebRTC much: +-----------+ +-----------+ | Web | | Web | | | Signaling | | | |-------------| | | Server | path | Server | | | | | +-----------+ +-----------+ / \ / \ Application-defined / \ over / \ HTTPS/WebSockets / Application-defined over \ / HTTPS/WebSockets \ / \ +-----------+ +-----------+ |JS/HTML/CSS| |JS/HTML/CSS| +-----------+ +-----------+ +-----------+ +-----------+ | | | | | | | | | Browser | ------------------------- | Browser | | | Media path | | | | | | +-----------+ +-----------+ In your case one, the SDP flows over the signaling path, which is why this isn't an 'open box with enclosed ax' situation. For your case two, I'm assuming you mean a conference bridge situation, where the clients notify the bridge that they can handle QUIC and the bridge speaks some QUIC and some non-QUIC flavors of WebRTC. > These have different muxing requirements, and then there are also > some subchoices about whether you want everything in WebRTC to be QUIC > or just parts of it. > > > As background, current WebRTC stacks attempt to mux all of the > following protocols on the same 5-tuple: > > - STUN (for ICE and for TURN) > - TURN channels > - DTLS (for key management) > - SRTP (for media) > > Note that I don't say SCTP because that's encapsulated in DTLS. > > STUN > I think the general consensus is that we need to be able to mux STUN > with QUIC, because otherwise we would need to reinvent all of STUN > and ICE and that would be very not fun, and in some ways problematic > because the non-ICE parts of STUN don't assume any server authentication > so it's not clear how you would ever think to do them with QUIC. > > > TURN > TURN can either run over STUN, in which case it's covered by the previous > case, or it can run in channels, which are not. If you're willing to > abandon channels, then you don't have a problem. If you're not, then you > need TURN channels to work. I've heard suggestions that we should run > TURN over QUIC but I don't think that's sensible because the point of > TURN channels is to reduce overhead, and at that point you probably > could run the non-channel version of TURN without too much overhead > loss vis-a-vis QUIC and then you wouldn't have to address other problems > (e.g., server auth) that we never really resolved with TURN-TLS and would > maybe come back with QUIC. > > > DTLS and SRTP > Exactly what you need here depends on the deployment model. One might > imagine having QUIC-WebRTC in which the media and data channels are both > carried on QUIC, but you might also imagine having the data channel be > QUIC but the media being carried over RTP. I know there's active work > on a mapping for media over QUIC, but it's obviously not as straightforward > as a datachannels mapping, for which QUIC is basically a drop-in > replacement > for SCTP, so that's a consideration here. > > I agree that the QUIC substitution for the current data channel stack is pretty straight forward. On the media side, I have a question about using a PERC-like approach with QUIC. PERC's framework document gives this summary of its goals and methods: This solution framework focuses on the end-to-end privacy and integrity of the participant's media by limiting access of the end- to-end key information to trusted entities. However, this framework does give a Media Distributor access to RTP headers and all or most header extensions, as well as the ability to modify a certain subset of those headers and to add header extensions. Packets received by a Media Distributor or an endpoint are authenticated hop-by-hop. To enable all of the above, this framework defines the use of two security contexts and two associated encryption keys: an "inner" key (an E2E key distinct for each transmitted media flow) for authenticated encryption of RTP media between endpoints and an "outer" key (HBH key) known only to media distributor and the adjacent endpoint) for the hop between an endpoint and a Media Distributor or between Media Distributor. Reference the following figure. If I am reading this correctly, the parallel method to use in PERC for QUIC would have a set of private keys for the media and would carry the media encrypted with those keys in one set of streams, but would make the header information available on a different set of streams, encrypted only at the transport layer . That makes the header information something that QUIC can pass up to the media distributor (presuming the endpoints were speaking QUIC to the media distributor), but the RTP protected as PERC intends. That looks fairly do-able to me, but my familiarity with PERC is glancing at best, so it would be useful if someone with more familiarity could comment. Supporting PERC has a lot of benefits for privacy, and I would like to make architectural support for it a requirement, if the timing allows. In the case where you wanted SRTP separately, you would then need to > either (a) figure out a way to demux SRTP and QUIC or (b) not run them > on the same 5-tuple. (b) seems natural at some level, but > we adopted BUNDLE for a reason and this would push against that. So, > it seems to me that if you want to run data-over-QUIC and > media-over-SRTP you probably do need to figure out how to demux. > > I think if you bundled all the media on one 5-tuple and had QUIC on another, the core NAT exhaustion problem would not be that bad. There are some corner cases where the media is meant to be tightly synced to the media and might end up on a different path because it is a different 5-tuple. If the paths are not equivalent latency, that can bite you. > In the case where you mux SRTP and QUIC on the same 5-tuple, you then > have to address key management. You could, of course, run DTLS-SRTP > and demux DTLS, but it seems like you could probably just use QUIC's > TLS handshake the way you run DTLS-SRTP and do the SRTP exporter from > there, so maybe you don't need to mux DTLS. > > Having to run DTLS for DTLS-SRTP seems kind of sub-optimal to me, but that's a gut reaction rather than a measured analysis. Ted > -Ekr > > > > > > > > > > > >
- More on demultiplexing Eric Rescorla
- Re: More on demultiplexing Ted Hardie
- Re: More on demultiplexing Mikkel Fahnøe Jørgensen
- Re: More on demultiplexing Eric Rescorla
- Re: More on demultiplexing Mikkel Fahnøe Jørgensen
- Re: More on demultiplexing Colin Perkins
- Re: More on demultiplexing Eric Rescorla
- Re: More on demultiplexing Cullen Jennings
- Re: More on demultiplexing Jana Iyengar
- Re: More on demultiplexing Christian Huitema
- Re: More on demultiplexing Jana Iyengar
- Re: More on demultiplexing Bernard Aboba
- Re: More on demultiplexing Bernard Aboba
- Re: More on demultiplexing Ian Swett