Application-Layer Protocol Negotiation (ALPN) for WebRTC
RFC 8833

Document Type RFC - Proposed Standard (January 2021; No errata)
Author Martin Thomson 
Last updated 2021-01-18
Replaces draft-thomson-rtcweb-alpn
Stream IETF
Formats plain text html xml pdf htmlized bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd Sean Turner
Shepherd write-up Show (last changed 2016-02-25)
IESG IESG state RFC 8833 (Proposed Standard)
Action Holders
Consensus Boilerplate Yes
Telechat date
Responsible AD Alissa Cooper
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack

Internet Engineering Task Force (IETF)                        M. Thomson
Request for Comments: 8833                                       Mozilla
Category: Standards Track                                   January 2021
ISSN: 2070-1721

        Application-Layer Protocol Negotiation (ALPN) for WebRTC


   This document specifies two Application-Layer Protocol Negotiation
   (ALPN) labels for use with Web Real-Time Communication (WebRTC).  The
   "webrtc" label identifies regular WebRTC: a DTLS session that is used
   to establish keys for the Secure Real-time Transport Protocol (SRTP)
   or to establish data channels using the Stream Control Transmission
   Protocol (SCTP) over DTLS.  The "c-webrtc" label describes the same
   protocol, but the peers also agree to maintain the confidentiality of
   the media by not sharing it with other applications.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
     1.1.  Conventions
   2.  ALPN Labels for WebRTC
   3.  Media Confidentiality
   4.  Security Considerations
   5.  IANA Considerations
   6.  References
     6.1.  Normative References
     6.2.  Informative References
   Author's Address

1.  Introduction

   Web Real-Time Communication (WebRTC) [RFC8825] uses Datagram
   Transport Layer Security (DTLS) [RFC6347] to secure all peer-to-peer

   Identifying WebRTC protocol usage with Application-Layer Protocol
   Negotiation (ALPN) [RFC7301] enables an endpoint to positively
   identify WebRTC uses and distinguish them from other DTLS uses.

   Different WebRTC uses can be advertised and behavior can be
   constrained to what is appropriate to a given use.  In particular,
   this allows for the identification of sessions that require
   confidentiality protection from the application that manages the
   signaling for the session.

1.1.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  ALPN Labels for WebRTC

   The following identifiers are defined for use in ALPN:

   webrtc:  The DTLS session is used to establish keys for the Secure
      Real-time Transport Protocol (SRTP) -- known as DTLS-SRTP -- as
      described in [RFC5764].  The DTLS record layer is used for WebRTC
      data channels [RFC8831].

   c-webrtc:  The DTLS session is used for confidential WebRTC, where
      peers agree to maintain the confidentiality of the media, as
      described in Section 3.  The confidentiality protections ensure
      that media is protected from other applications, but the
      confidentiality protections do not extend to messages on data

   Both identifiers describe the same basic protocol: a DTLS session
   that is used to provide keys for an SRTP session in combination with
   WebRTC data channels.  Either SRTP or data channels could be absent.
   The data channels send the Stream Control Transmission Protocol
   (SCTP) [RFC4960] over the DTLS record layer, which can be multiplexed
   with SRTP on the same UDP flow.  WebRTC requires the use of
   Interactive Connectivity Establishment (ICE) [RFC8445] to establish
   UDP flow, but this is not covered by the identifier.

   A more thorough definition of what WebRTC entails is included in

   There is no functional difference between the identifiers except that
   an endpoint negotiating "c-webrtc" makes a promise to preserve the
   confidentiality of the media it receives.

   A peer that is not aware of whether it needs to request
Show full document text