MMUSIC M. Thomson Internet-Draft Microsoft Intended status: Standards Track October 8, 2013 Expires: April 11, 2014 Using Interactive Connectivity Establishment (ICE) in Web Real-Time Communications (WebRTC) draft-thomson-mmusic-ice-webrtc-00 Abstract Interactive Connectivity Establishment (ICE) has been selected as the basis for establishing peer-to-peer UDP flows between Web Real-Time Communication (WebRTC) clients. The risks and complications arising from this choice are discussed. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 11, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Thomson Expires April 11, 2014 [Page 1] Internet-Draft ICE for WebRTC October 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Conventions and Terminology . . . . . . . . . . . . . . . . 3 2. ICE in a Web Browser . . . . . . . . . . . . . . . . . . . . . 3 3. Modified ICE Algorithm . . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 3 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 3 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6.1. Normative References . . . . . . . . . . . . . . . . . . . 4 6.2. Informative References . . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 Thomson Expires April 11, 2014 [Page 2] Internet-Draft ICE for WebRTC October 2013 1. Introduction ICE [RFC5245] describes a process whereby peers establish a bi- directional UDP flow. This process has been adopted for use in Web Real-Time Communications (WebRTC) for establishing flows to and from web browsers ([I-D.ietf-rtcweb-overview]). Properties of ICE are also critical to the security of WebRTC (see Section 4.2.1 of [I-D.ietf-rtcweb-security]). The design of RFC 5245 does not fully consider the threat models enabled by the web environment. TBC... 1.1. Conventions and Terminology In cases where normative language needs to be emphasized, this document falls back on established shorthands for expressing interoperability requirements on implementations: the capitalized words "MUST", "MUST NOT", "SHOULD" and "MAY". The meaning of these is described in [RFC2119]. 2. ICE in a Web Browser Details coming... 3. Modified ICE Algorithm Details coming... 4. Security Considerations This entire document is about security. 5. Acknowledgements The bulk of the algorithm described in this document came out of a discussion with Emil Ivov and Pal-Erik Martinsen. Eric Rescorla and Bernard Aboba provided some feedback on *mumble*. 6. References Thomson Expires April 11, 2014 [Page 3] Internet-Draft ICE for WebRTC October 2013 6.1. Normative References [I-D.ivov-mmusic-trickle-ice] Ivov, E., Rescorla, E., and J. Uberti, "Trickle ICE: Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol", draft-ivov-mmusic-trickle-ice-01 (work in progress), March 2013. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", RFC 5245, April 2010. 6.2. Informative References [I-D.ietf-rtcweb-overview] Alvestrand, H., "Overview: Real Time Protocols for Brower- based Applications", draft-ietf-rtcweb-overview-08 (work in progress), September 2013. [I-D.ietf-rtcweb-security] Rescorla, E., "Security Considerations for WebRTC", draft-ietf-rtcweb-security-05 (work in progress), July 2013. [I-D.ietf-rtcweb-security-arch] Rescorla, E., "WebRTC Security Architecture", draft-ietf-rtcweb-security-arch-07 (work in progress), July 2013. [I-D.martinsen-mmusic-malice] Penno, R., Martinsen, P., Wing, D., and A. Zamfir, "Meta- data Attribute signaLling with ICE", draft-martinsen-mmusic-malice-00 (work in progress), July 2013. [I-D.muthu-behave-consent-freshness] Perumal, M., Wing, D., R, R., and T. Reddy, "STUN Usage for Consent Freshness", draft-muthu-behave-consent-freshness-04 (work in progress), July 2013. [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, Thomson Expires April 11, 2014 [Page 4] Internet-Draft ICE for WebRTC October 2013 October 2008. [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, April 2010. [RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, December 2011. Author's Address Martin Thomson Microsoft 3210 Porter Drive Palo Alto, CA 94304 US Email: martin.thomson@skype.net Thomson Expires April 11, 2014 [Page 5]