RFC 7983 defines a scheme for a Real-time Transport Protocol (RTP) receiver to demultiplex Datagram Transport Layer Security (DTLS), Session Traversal Utilities for NAT (STUN), Secure Real-time Transport Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP), ZRTP, and Traversal Using Relays around NAT (TURN) channel packets arriving on a single port. This document updates RFC 7983 and RFC 5764 to also allow QUIC packets to be multiplexed on a single receiving socket.

This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9443.

Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

"Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS)" [RFC 7983] defines a scheme for a Real-time Transport Protocol (RTP) [RFC 3550] receiver to demultiplex DTLS [RFC 9147], Session Traversal Utilities for NAT (STUN) [RFC 8489], Secure Real-time Transport Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP) [RFC 3711], ZRTP [RFC 6189], and Traversal Using Relays around NAT (TURN) channel packets arriving on a single port. This document updates [RFC 7983] and "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)" [RFC 5764] to also allow QUIC [RFC 9000] to be multiplexed on the same port. The multiplexing scheme described in this document supports multiple use cases. In the WebRTC scenarios described in [P2P-QUIC] and [P2P-QUIC-TRIAL], SRTP transports audio and video while peer-to-peer QUIC is used for data exchange. For this use case, SRTP [RFC 3711] is keyed using DTLS-SRTP [RFC 5764]; therefore, SRTP/SRTCP [RFC 3550], STUN, TURN, DTLS, and QUIC need to be multiplexed on the same port. Were SRTP to be keyed using QUIC-SRTP (not yet specified), SRTP/SRTCP, STUN, TURN, and QUIC would need to be multiplexed on the same port. Where QUIC is used for peer-to-peer transport of data as well as RTP/RTCP [RTP-OVER-QUIC], STUN, TURN, and QUIC need to be multiplexed on the same port. While the scheme described in this document is compatible with QUIC version 2 [RFC 9369], it is not compatible with QUIC bit greasing [RFC 9287]. As a result, endpoints that wish to use multiplexing on their socket MUST NOT send the grease_quic_bit transport parameter.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC 2119] [RFC 8174] when, and only when, they appear in all capitals, as shown here.

TURN channels are an optimization where data packets are exchanged with a 4-byte prefix instead of the standard 36-byte STUN overhead (see Section 3.5 of RFC 8656). [RFC 7983] allocates the values from 64 to 79 in order to allow TURN channels to be demultiplexed when the TURN client does the channel binding request in combination with the demultiplexing scheme described in [RFC 7983]. In the absence of QUIC bit greasing, the first octet of a QUIC packet (e.g. a short header packet in QUIC v1 or v2) may fall in the range 64 to 127, thereby overlapping with the allocated range for TURN channels of 64 to 79. However, in practice this overlap does not represent a problem. TURN channel packets will only be received from a TURN server to which TURN allocation and channel-binding requests have been sent. Therefore, a TURN client receiving packets from the source IP address and port of a TURN server only needs to disambiguate STUN (i.e., regular TURN) packets from TURN channel packets; (S)RTP, (S)RTCP, ZRTP, DTLS, or QUIC packets will not be sent from a source IP address and port that had previously responded to TURN allocation or channel-binding requests. As a result, if the source IP address and port of a packet do not match that of a responding TURN server, a packet with a first octet of 64 to 127 can be unambiguously demultiplexed as QUIC.

This document updates the text in Section 7 of RFC 7983 (which in turn updates [RFC 5764]) as follows: OLD TEXT

---

---

END OLD TEXT NEW TEXT

---

---

END NEW TEXT

The solution discussed in this document could potentially introduce some additional security issues beyond those described in [RFC 7983]. These additional concerns are described below. In order to support multiplexing of QUIC, this document adds logic to the scheme defined in [RFC 7983]. If misimplemented, the logic could potentially misclassify packets, exposing protocol handlers to unexpected input. When QUIC is used solely for data exchange, the TLS-within-QUIC exchange [RFC 9001] derives keys used solely to protect QUIC data packets. If properly implemented, this should not affect the transport of SRTP or the derivation of SRTP keys via DTLS-SRTP. However, if a future specification were to define use of the TLS- within-QUIC exchange to derive SRTP keys, both transport and SRTP key derivation could be adversely impacted by a vulnerability in the QUIC implementation.

In the "TLS ContentType" registry, IANA replaced references to [RFC 7983] with references to this document.

[RFC2119]

S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.

[RFC3550]

H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 2003,
<https://www.rfc-editor.org/info/rfc3550>.

[RFC3711]

M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, DOI 10.17487/RFC3711, March 2004,
<https://www.rfc-editor.org/info/rfc3711>.

[RFC5764]

D. McGrew, and E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)", RFC 5764, DOI 10.17487/RFC5764, May 2010,
<https://www.rfc-editor.org/info/rfc5764>.

[RFC7983]

M. Petit-Huguenin, and G. Salgueiro, "Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS)", RFC 7983, DOI 10.17487/RFC7983, September 2016,
<https://www.rfc-editor.org/info/rfc7983>.

[RFC8174]

B. Leiba, "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017,
<https://www.rfc-editor.org/info/rfc8174>.

[RFC8489]

M. Petit-Huguenin, G. Salgueiro, J. Rosenberg, D. Wing, R. Mahy, and P. Matthews, "Session Traversal Utilities for NAT (STUN)", RFC 8489, DOI 10.17487/RFC8489, February 2020,
<https://www.rfc-editor.org/info/rfc8489>.

[RFC8656]

T. Reddy, A. Johnston, P. Matthews, and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 8656, DOI 10.17487/RFC8656, February 2020,
<https://www.rfc-editor.org/info/rfc8656>.

[RFC9000]

J. Iyengar, and M. Thomson, "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>.

[RFC9001]

M. Thomson, and S. Turner, "Using TLS to Secure QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>.

[RFC9147]

E. Rescorla, H. Tschofenig, and N. Modadugu, "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022,
<https://www.rfc-editor.org/info/rfc9147>.

[RFC9287]

M. Thomson, "Greasing the QUIC Bit", RFC 9287, DOI 10.17487/RFC9287, August 2022,
<https://www.rfc-editor.org/info/rfc9287>.

[P2P-QUIC]

P. Thatcher, B. Aboba, and R. Raymond, "QUIC API For Peer-to-Peer Connections", May 2023,
<https://www.w3.org/p2p-webtransport/>.

[P2P-QUIC-TRIAL]

S. Hampson, "RTCQuicTransport Coming to an Origin Trial Near You (Chrome 73)", January 2019,
<https://developer.chrome.com/blog/rtcquictransport-api/>.

[RFC6189]

P. Zimmermann, A. Johnston, and J. Callas, "ZRTP: Media Path Key Agreement for Unicast Secure RTP", RFC 6189, DOI 10.17487/RFC6189, April 2011,
<https://www.rfc-editor.org/info/rfc6189>.

[RFC9369]

M. Duke, "QUIC Version 2", RFC 9369, DOI 10.17487/RFC9369, May 2023,
<https://www.rfc-editor.org/info/rfc9369>.

[RTP-OVER-QUIC]

Tencent America LLC, J. Ott, M. Engelbart, and S. Dawkins, "RTP over QUIC", Internet-Draft draft-ietf-avtcore-rtp-over-quic-04, July 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-avtcore-rtp-over-quic-04>.

We would like to thank Martin Thomson, Roni Even, Jonathan Lennox, and other participants in the IETF QUIC and AVTCORE Working Groups for their discussion of the QUIC multiplexing issue, and their input relating to potential solutions.

Bernard Aboba

Gonzalo Salgueiro

Colin Perkins