Overview: Real Time Protocols for Browser-based Applications
Note: This ballot was opened for revision 18 and is now closed.
Ben Campbell Yes
Comment (2017-04-24 for -18)
Alissa Cooper (was No Objection) Yes
Spencer Dawkins Yes
Comment (2017-04-26 for -18)
I've been waiting for this one, for a while. Thanks for finishing it. I'm a Yes, with comments. I agree with EKR that there's a lot of general philosophy in this draft. I wouldn't ask that you pull all of it, but perhaps it could be trimmed down a bit. This is a nit, but in this text, Other efforts, for instance the W3C WEBRTC, Web Applications and Device API working groups, focus on making standardized APIs and interfaces available, within or alongside the HTML5 effort, it would be nice to have the names here match what's on the W3C website. So, "Web Real-Time Communication", "Web Application Security", and "Device and Sensors", unless I'm guessing at the mapping wrong. It's also easy to read that text with "Web Applications and Device API" as a single working group, so using a comma after "Web Application Security" would be helpful. The term of art "floor control" is likely to be new to many readers in the future. Since it appears in a list of non-niche examples, maybe you don't need it at all? I'm not sure whether "let a thousand flowers bloom" is a reference to the Hundred Flowers campaign in 1956, but (1) that ended very badly for the bloomers, and (2) I could easily imagine the phrase tripping DPI filtering for a specific part of the Internet community. Maybe there's a better phrase? I'm not sure how tutorial you want section 4 to be, but I'd at least mention appropriate retransmission and in-order delivery, in addition to congestion control, since you get that with SCTP on the data channel. 4. Data transport Data transport refers to the sending and receiving of data over the network interfaces, the choice of network-layer addresses at each end of the communication, and the interaction with any intermediate entities that handle the data, but do not modify it (such as TURN relays). It includes necessary functions for congestion control: When not to send data. Or maybe you can just chop that sentence, because the next paragraph points to https://tools.ietf.org/html/draft-ietf-rtcweb-transports-06, anyway? I found the reference to MMUSIC WG in 3. When a new codec is specified, and the SDP for the new codec is specified in the MMUSIC WG, no other standardization should be required for it to be possible to use that in the web browsers. to be odd. MMUSIC may be around forever, but this work might be refactored at some point in the future. Is the point that 3. When SDP for a new codec is specified, no other standardization should be required for it to be used in the web browsers. Or is there another way to say this? I'm also wondering if the statement is true for any WebRTC endpoint, not just browsers. In this text, WebRTC endpoints MUST implement the functions described in that document that relate to the network layer (for example Bundle [I-D.ietf-mmusic-sdp-bundle-negotiation], RTCP-mux [RFC5761] and Trickle ICE [I-D.ietf-ice-trickle]), but do not need to support the API functionality described there. I would have thought these were related to the transport layer. No?
Adam Roach Yes
Comment (2017-08-10 for -18)
The GENART review contains a number of editorial nits to be addressed. [Reminder to myself so it doesn't get lost: The reference to ICE needs to be updated to point to the existing RFC, not the -bis draft; this is based on EKR's earlier Discuss]
(Alia Atlas) No Objection
Deborah Brungard No Objection
(Benoit Claise) (was Discuss) No Objection
Comment (2017-04-27 for -18)
This topic below was discussed during the IESG telechat: Reading from the document objectives, from the abstract: This document gives an overview and context of a protocol suite intended for use with real-time applications that can be deployed in browsers - "real time communication on the Web". It intends to serve as a starting and coordination point to make sure all the parts that are needed to achieve this goal are findable, and that the parts that belong in the Internet protocol suite are fully specified and on the right publication track. Reading this, I was thinking: great, I will have the full overview. With "deployed", "starting and coordination point to make sure that all the parts ..." I will have some focus on the operational aspects, basically, how should operators operate theses browser-embedded applications. Now, reading further ... This document is intended to serve as the roadmap to the WebRTC specifications. It defines terms used by other parts of the WebRTC protocol specifications, lists references to other specifications that don't need further elaboration in the WebRTC context, and gives pointers to other documents that form part of the WebRTC suite. ... I thought: Ok, if not covered here, at least I will have a pointer to another operational document. But wait: By reading this document and the documents it refers to, it should be possible to have all information needed to implement an WebRTC compatible implementation. So is this only about implementation? I like this document very much as it explains all the RTCWEB pieces in one location. However, there is one important piece missing: the network management considerations. See https://datatracker.ietf.org/doc/html/rfc5706#appendix-A This is where I'm coming from, discussing some more with Warren (this a cut and past from this ballot): [ Edit: So, after more thought (and some discussion) I think that it would be useful for the document to at least note the fact that technologies like this mean that some of the existing operational practices may need to change. For example, many enterprises perform QoS based upon the fact that certain types of devices live in certain subnets (e.g many phones get placed in a specific VLAN using LLDP or CDP). With more real time content coming from browsers, these matching practices break, and so operators may not be able to QoS mark / prioritize traffic accordingly. Perhaps something like: "One of the implications of a solution like WebRTC is that more real-time traffic will be sourced from computers (and not dedicated devices like telephones or videoconferencing devices). This may have implications for operators performing QoS marking and prioritization" ? This isn't really specific to webrtc, but rather to a more general set of solutions like softphones and the like, but is accelerated by WebRTC. ] In light of the previous discussions about draft-mm-wg-effect-encrypt-11, the operators are used to manage voice, video, gaming a certain way, with their operational current practices. Now, their current practices might not work any longer. What should they do now in term of monitoring, troubleshooting, QoS, SLA monitoring, etc these days with WebRTC? While we should add this note (or a similar one) in the doc, I'm wondering: where are (should be) those operational aspects discussed, if not here? I've seen https://tools.ietf.org/html/draft-ietf-tsvwg-rtcweb-qos-18, not sure it's appropriate. Anyway, it's now in a RFC-editor state. I could have requested a specific manageability doc in the charter. Too late now.
Suresh Krishnan No Objection
Warren Kumari No Objection
Comment (2017-04-25 for -18)
Thank you -- I like these sort of overview documents for complex things like WebRTC - they provide a newcomer to the technology a good place to start, and help describe some of the reasons why things look the way they do. [ Edit: So, after more thought (and some discussion) I think that it would be useful for the document to at least note the fact that technologies like this mean that some of the existing operational practices may need to change. For example, many enterprises perform QoS based upon the fact that certain types of devices live in certain subnets (e.g many phones get placed in a specific VLAN using LLDP or CDP). With more real time content coming from browsers, these matching practices break, and so operators may not be able to QoS mark / prioritize traffic accordingly. Perhaps something like: "One of the implications of a solution like WebRTC is that more real-time traffic will be sourced from computers (and not dedicated devices like telephones or videoconferencing devices). This may have implications for operators performing QoS marking and prioritization" ? This isn't really specific to webrtc, but rather to a more general set of solutions like softphones and the like, but is accelerated by WebRTC. ] I do have a few comments on the document itself - there are all minor / bikeshedding and can be ignored if you choose: 1: "Development of The Universal Solution has proved hard, however, for all the usual reasons." -- this is cute, but leaves people wondering what "all the usual reasons are". Perhaps just "Development of The Universal Solution has, however, proved hard." (or just cut after the "however in the original"). 2: I'm not sure why you have "Protocol" in the terminology section. It doesn't seem like it is useful for the document, and this document doesn't seem like the right place to (re) define it. 3: Acknowledgements: Funny spacing in "Olle E. Johansson"
Mirja Kühlewind No Objection
Comment (2017-04-24 for -18)
One high level comments on normative language: While I think this document is very useful to explain the relationship between the other webrtc documents and serves a a good starting point for an implementor, I'm not sure if the use of normative language is actually helpful. Most of the language is used to say that a webrtc endpoint MUST implement a certain other document. However, I believe this is inherently necessary to achieve interoperability. So I don't see a need to specify this normatively. In regard to the shepherd write-up, I just want to note that using normative language does not automatically make the document Standards Track; there are many informational docs that use normative language. As such, I don't want raise a big discussion on status now, but this document sounds more informational to me (giving pointers to other document). However, I don't object to publication on Standards Track. minor comments: 1) I would not need all the text on the history of Internet communication in this doc (especially all text on page 3 in the intro as well as section 2.3 and the second to last paragraph in 3)... however, I guess it doesn't hurt 2) Agree with Warren that 'Protocol' probably doesn't need to be (re)defined in this doc 3) section 3: "Data transport: TCP, UDP and the means to securely set up connections between entities, as well as the functions for deciding when to send data: Congestion management, bandwidth estimation and so on." This seems to implicitly assume that only TCP or something encapsulated over UDP can be used. Even though that might be true, I assume this was not intentionally, maybe: NEW "Data transport: such as TCP or UDP and the means to securely set up connections between entities, as well as the functions for deciding when to send data: Congestion management, bandwidth estimation and so on." nit: -"massage the signals": not sure if "massage" is actually a meaningful word here…
Terry Manderson No Objection
Alexey Melnikov No Objection
Comment (2017-04-20 for -18)
Last time I checked the document is referencing normatively 2 expired drafts (security considerations and security architecture). What is the plan for completing them?
(Kathleen Moriarty) No Objection
Comment (2017-04-25 for -18)
Thanks for your work on this draft, it's a helpful overview. I see the reasoning in the shepherd report for standards track (although it reads more like an informational draft), but am curious if the standards track status is needed for other SDOs that might reference this document? In reading sections 8 & 9, I would think the presentation and control in section 8 would have the privacy implications of the second bullet in section 9. As such, it seems odd that normative language is used in this bullet and not in section 8. I'd be fine with no normative language in either as long as the protocol drafts cover that appropriately. Some mention of privacy in section 8 could be helpful since it covers more ground than the example in section 9. Security considerations: I don't see anything listed for security or privacy considerations in respect to the signaling channel to the web/application server. Should there be considerations listed? Security of the actual server and content on the server as well as vulnerabilities in listening protocols are just a few of the questions that come to mind. If it doesn't matter, please let me know. I appreciate the comment on the browser being target rich as they have been in many attacks to gain entry into networks leveraging established outbound sessions. Maybe this is covered in I-D.ietf-rtcweb-security and if so (have not had a chance to review it yet), a high-level mention of gateway security here might be helpful. I agree with Warren's comment about the management aspects being covered here since it is an overview document. It could be a very helpful consideration for protocol developers that may devise new ways to enable management as a result of understanding the issues. I had to look up jingle and BOSH, you may want to consider adding references to the XMPP specifications.
Eric Rescorla (was Discuss) No Objection
Comment (2017-08-10 for -18)
UPDATE: Removing my discuss. Will let Adam manage this from here. This document seems rather long on philosophy (justifying MTI, the freed to innovate material in S 4.) I would remove all this. S 2.4. Why do you have two terminology sections? I would merge them. S 3. The diagrams here seem to assume a federation model that I generally don't see used with WebRTC. So, for instance, the on-the-wire protocols arrow on page 9. Who does that? This also applies to "a commonly imagined model" I would say HTTP(S) in this diagram. You should probably list DTLS, SCTP, and SDP in this section. It's not like we haven't decided we need them. "The functionality groups that are needed in the browser can be specified, more or less from the bottom up, as: ... Connection management: ... SIP and Jingle/XMPP belong in this category." As far as I know, nothing in this layer is specified in WebRTC or implemented in the browser, so this doesn't seem to make sense.