Re: More on demultiplexing
Eric Rescorla <ekr@rtfm.com> Wed, 06 December 2017 23:47 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C9D5128A32 for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 15:47:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjTF_SOArQQT for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 15:47:46 -0800 (PST)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D90C12871F for <quic@ietf.org>; Wed, 6 Dec 2017 15:47:46 -0800 (PST)
Received: by mail-yw0-x234.google.com with SMTP id n25so2272206ywh.10 for <quic@ietf.org>; Wed, 06 Dec 2017 15:47:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jxAYG4WzX46RjUVHhPBXF9Snll+m4/v5tTBcDVNPe9I=; b=XL7q9pLlupDaVc73/jm5ctdxmC9UjZDQdBq8bSm8xmt/OEElmJQeVZVreTssmujjK4 6ixN6bzoZOmHCv4xmE+7B2k/7feJKhZazVMVvQC+FKb4hw4xgHTXDZTJKMWfEFqObpY+ zF+BBbuErx7ah7C86JAi4BSd2rDMMvG93j+ZAQmclbrWKCmoV8FESm4Izry6Lj59k8G1 s5iSZMdy7kx4H0/tLvuGVHEMloceJnTaoOl5RnNOnvV0+ZYd9y29hbjvL2sV1wpI21a6 ONs3j9RJVeNxfhX8059nE0XoNbQYOlO34GRHxfzjkwi+k04sF5ivUwn7mM/F+Dk2GCxH Fcyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jxAYG4WzX46RjUVHhPBXF9Snll+m4/v5tTBcDVNPe9I=; b=M3oHuXry5LPCR2A1s7gyDq2Ch7tbpZ9DnycUy7p/el6iU72yZjKXx2JW7yNc4uJUuN Cdxv/Bxpi3Hg6Fv3xeVYsoHkgnZP16uNOjPhw0T651eFUtFo+vE0Us/E8HytK0a9OKBA nfmnoxNuIKqAlR9jyb+ZOQ1yo3gyniqYl5kw2U21rFz3AuK373DWdEOB8yOIQ/xrjh7Z MhEz5dFfzIM5Jc3e79FgnzKkVF8yzcMfnPfo1jlVizw6A3B7QOir18dt/fWpBSSo4IcF aUzLRwe6XUXalPBlmeoWLy/DQo/Gw9IQ3dcgTq4AnidOPQbpaXc68ZfXwlYtBviNK9Fs UxkQ==
X-Gm-Message-State: AJaThX5y5jetBj07K4p9e1p7OCvLj9MvabKp54aQcCBMriqQ47DK+kPa nIT/ozt0MxMbvViQ9SIl8CCrQuYBctnjS+juFoElcwEy
X-Google-Smtp-Source: AGs4zMaW+ZbQmLqEW6pMAonpNkArBVsA3zIYDOAriMsImn+juXiY+uJUk0BXysQnCjwqxYue9zJvs2Aypm7G/sSI59o=
X-Received: by 10.129.222.9 with SMTP id k9mr17689081ywj.47.1512604065573; Wed, 06 Dec 2017 15:47:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.123.132 with HTTP; Wed, 6 Dec 2017 15:47:04 -0800 (PST)
In-Reply-To: <61C0885E-3363-4B70-B64F-C471A4A16B3C@csperkins.org>
References: <CABcZeBO=WCTLuuxaOJXKzQdiBduOxLdoqNtMpvPatBOAwNjZkQ@mail.gmail.com> <61C0885E-3363-4B70-B64F-C471A4A16B3C@csperkins.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 06 Dec 2017 15:47:04 -0800
Message-ID: <CABcZeBM2dZehQDaqC092OUZVc36oY1FRNN-z5N_vkMztFg02UA@mail.gmail.com>
Subject: Re: More on demultiplexing
To: Colin Perkins <csp@csperkins.org>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="f403043d048803b616055fb494ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Cg0YNZ1flmKzSIe_D8dswDJBhh8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2017 23:47:48 -0000
On Wed, Dec 6, 2017 at 3:43 PM, Colin Perkins <csp@csperkins.org> wrote: > > > On 6 Dec 2017, at 18:41, Eric Rescorla <ekr@rtfm.com> wrote: > > > > I've been doing some thinking about the QUIC muxing story. It seems > > like the case that everyone has in their head is WebRTC, so I'd like > > to focus on that. It seems to me that there are two main deployment > models > > one might have in mind: > > > > - A browser unilaterally decides to support QUIC-WebRTC and just > advertises > > it in its SDP, so that if that browser encounters another such browser, > > they do QUIC > > > > - A service provider decides to do QUIC-WebRTC and turns it on for > > clients which can do it. > > > > These have different muxing requirements, and then there are also > > some subchoices about whether you want everything in WebRTC to be QUIC > > or just parts of it. > > > > > > As background, current WebRTC stacks attempt to mux all of the > > following protocols on the same 5-tuple: > > > > - STUN (for ICE and for TURN) > > - TURN channels > > - DTLS (for key management) > > - SRTP (for media) > > > > Note that I don't say SCTP because that's encapsulated in DTLS. > > > > STUN > > I think the general consensus is that we need to be able to mux STUN > > with QUIC, because otherwise we would need to reinvent all of STUN > > and ICE and that would be very not fun, and in some ways problematic > > because the non-ICE parts of STUN don't assume any server authentication > > so it’s not clear how you would ever think to do them with QUIC. > > Agree. > > > TURN > > TURN can either run over STUN, in which case it's covered by the previous > > case, or it can run in channels, which are not. If you're willing to > > abandon channels, then you don't have a problem. If you're not, then you > > need TURN channels to work. I've heard suggestions that we should run > > TURN over QUIC but I don't think that's sensible because the point of > > TURN channels is to reduce overhead, and at that point you probably > > could run the non-channel version of TURN without too much overhead > > loss vis-a-vis QUIC and then you wouldn't have to address other problems > > (e.g., server auth) that we never really resolved with TURN-TLS and would > > maybe come back with QUIC. > > Do TURN channels need to demux with QUIC? I was assuming we’d run > STUN/TURN channels to a server, or QUIC+STUN+DTLS+SRTP to a server, but not > both? (i.e., it’s either a TURN server or a media endpoint, but not both). > You might (for instance) start sending data to a TURN server and then have a srflx candidate succeed. > > In the case where you mux SRTP and QUIC on the same 5-tuple, you then > > have to address key management. You could, of course, run DTLS-SRTP > > and demux DTLS, but it seems like you could probably just use QUIC's > > TLS handshake the way you run DTLS-SRTP and do the SRTP exporter from > > there, so maybe you don't need to mux DTLS. > > Exporting SRTP keys from the QUIC handshake seems sensible, but is an > extra level of specification complexity. I suspect we’ll want SRTP demux > short term Note that if you don't expert keys, then you need DTLS demux (or no bundle) -Ekr
- More on demultiplexing Eric Rescorla
- Re: More on demultiplexing Ted Hardie
- Re: More on demultiplexing Mikkel Fahnøe Jørgensen
- Re: More on demultiplexing Eric Rescorla
- Re: More on demultiplexing Mikkel Fahnøe Jørgensen
- Re: More on demultiplexing Colin Perkins
- Re: More on demultiplexing Eric Rescorla
- Re: More on demultiplexing Cullen Jennings
- Re: More on demultiplexing Jana Iyengar
- Re: More on demultiplexing Christian Huitema
- Re: More on demultiplexing Jana Iyengar
- Re: More on demultiplexing Bernard Aboba
- Re: More on demultiplexing Bernard Aboba
- Re: More on demultiplexing Ian Swett