]> Microsoft

pthatcher@microsoft.com

Applications and Real-Time Audio/Video Transport Core Maintenance Internet-Draft This document describes how to combine ICE and QUIC to do p2p QUIC.

Introduction ICE is a protocol for establishing peer-to-peer (p2p) connections. It can be combined with client-server protocols such as DTLS for p2p versions of those protocols. This document describes how to use ICE with QUIC for p2p QUIC connections.

Terminology and Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

ALPN The QUIC ALPN MUST be "q2q".

(De)multiplexing ICE and QUIC QUIC packets MUST be sent using the ICE selected candidate pair. ICE and QUIC packets are demultiplexed using the STUN magic cookie. If a packet contains a STUN magic cookied, it MUST treated as an ICE packet. If it does not contain a STUN magic cookie, it SHOULD be treated as a QUIC packet (but further demultiplexing between QUIC and other protocols is possible).

Signaling In addition to all signaling necessary for ICE (ICE parameters and candidates), the following information MUST be signaled or otherwise negotiated between the peers: - Which side will take on the active (client) or passive (server) role. - Certificate fingerprint(s) - Whether or not to enable the grease bit - Whether or not to the MuliplexingID is used

Certificate verification Peers MAY use self-signed certificates. Each peer MUST verify the certificate, meaning a QUIC implementation MUST support a server verifying a client certificate.

Grease bit Peers SHOULD enable and use the grease bit if only multiplexing ICE and QUIC. When multiplexing other protocols that conflict with the grease bit, peers SHOULD NOT use the grease bit.

Multipath QUIC multipath SHOULD NOT be used unless it is known that one of the peers is a server.

QUIC datagrams QUIC datagrams SHOULD be supported.

Congestion control A real-time congestion control algorithm SHOULD be used, which may require extensions to QUIC (such as additional timestamps in feedback messages) and additional signaling.

QUIC Pings ACKed QUIC PING frames MAY be treated the same as a succesful ICE check, such that a peer may choose to send QUIC PING frames instead of ICE checks once an ICE candidate pair has had at least one successful ICE check.

Network Migration Network migration SHOULD be done using ICE, not QUIC. But ICE migrates between candidate pairs, QUIC should change behavior (such as congestion control) as if it had done a network migration, but it SHOULD NOT change the connection ID due to ICE migration.

MultiplexingID Because it is often difficult to obtain an ICE connection, it is often advantageous to multiplex many uses over a single ICE connection. For example, one may wish to send control data, real-time audio and video, and real-time data altogether over the same ICE connection. If all of these uses are done using QUIC, there must be a way to distinguish multiple uses of QUIC within the same QUIC connection, both for streams and for datagrams. The MultiplexingID is an optional, variable-length integer at the beginning of every QUIC datagram and stream. If it is negotiated to be used, it MUST be included on every datagram and stream. If it is not negotiated to be used, it MUST NOT be included on any datagram or stream. The variable-length encoding is the same as used by QUIC, as defined in section 16.

SDP If SDP is used for signaling, the media type may be "audio", "video", or "application". The transport protocol MUST begin with "UDP/QUIC". The transport protocol suffix combined with the media format may be any values which describe the protocol used on top of QUIC, either defined by other specifications or by applications. The media format MAY be the value "generic". The ICE parameters and candidates are signaled as defined by ICE ("a=ice-ufrag", "a=ice-pwd", "a=ice-options", "a=candidate"). The QUIC role and fingerprints are signaled using the same attributes as DTLS ("a=setup", and "a=fingerprint"). QUIC options are negotiated the same as ICE options but with an "a=quic-options" field. The grease bit defaults to off unless a QUIC option of "grease" is included. The MultiplexingID is signaled using an "a=mid" line, and the value MUST be a base-10 integer. If any "a=mid" is specified in any QUIC m-section in a BUNDLE group, then all QUIC m-sections in the same BUNDLE group MUST have an "a=mid" specified. For example:

Security Considerations This document is subject to the security considerations of ICE and QUIC.

IANA Considerations The ALPN "q2q" should be registered.

Normative References This document describes a protocol for Network Address Translator (NAT) traversal for UDP-based communication. This protocol is called Interactive Connectivity Establishment (ICE). ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN). This document obsoletes RFC 5245. This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol. This document obsoletes RFC 6347. This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.