Application-Layer Protocol Negotiation (ALPN) for WebRTC
RFC 8833
Internet Engineering Task Force (IETF) M. Thomson
Request for Comments: 8833 Mozilla
Category: Standards Track January 2021
ISSN: 2070-1721
Application-Layer Protocol Negotiation (ALPN) for WebRTC
Abstract
This document specifies two Application-Layer Protocol Negotiation
(ALPN) labels for use with Web Real-Time Communication (WebRTC). The
"webrtc" label identifies regular WebRTC: a DTLS session that is used
to establish keys for the Secure Real-time Transport Protocol (SRTP)
or to establish data channels using the Stream Control Transmission
Protocol (SCTP) over DTLS. The "c-webrtc" label describes the same
protocol, but the peers also agree to maintain the confidentiality of
the media by not sharing it with other applications.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8833.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
1.1. Conventions
2. ALPN Labels for WebRTC
3. Media Confidentiality
4. Security Considerations
5. IANA Considerations
6. References
6.1. Normative References
6.2. Informative References
Author's Address
1. Introduction
Web Real-Time Communication (WebRTC) [RFC8825] uses Datagram
Transport Layer Security (DTLS) [RFC6347] to secure all peer-to-peer
communications.
Identifying WebRTC protocol usage with Application-Layer Protocol
Negotiation (ALPN) [RFC7301] enables an endpoint to positively
identify WebRTC uses and distinguish them from other DTLS uses.
Different WebRTC uses can be advertised and behavior can be
constrained to what is appropriate to a given use. In particular,
this allows for the identification of sessions that require
confidentiality protection from the application that manages the
signaling for the session.
1.1. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. ALPN Labels for WebRTC
The following identifiers are defined for use in ALPN:
webrtc: The DTLS session is used to establish keys for the Secure
Real-time Transport Protocol (SRTP) -- known as DTLS-SRTP -- as
described in [RFC5764]. The DTLS record layer is used for WebRTC
data channels [RFC8831].
c-webrtc: The DTLS session is used for confidential WebRTC, where
peers agree to maintain the confidentiality of the media, as
described in Section 3. The confidentiality protections ensure
that media is protected from other applications, but the
confidentiality protections do not extend to messages on data
channels.
Both identifiers describe the same basic protocol: a DTLS session
that is used to provide keys for an SRTP session in combination with
WebRTC data channels. Either SRTP or data channels could be absent.
The data channels send the Stream Control Transmission Protocol
(SCTP) [RFC4960] over the DTLS record layer, which can be multiplexed
with SRTP on the same UDP flow. WebRTC requires the use of
Interactive Connectivity Establishment (ICE) [RFC8445] to establish
UDP flow, but this is not covered by the identifier.
A more thorough definition of what WebRTC entails is included in
[RFC8835].
There is no functional difference between the identifiers except that
an endpoint negotiating "c-webrtc" makes a promise to preserve the
confidentiality of the media it receives.
A peer that is not aware of whether it needs to request
Show full document text