]> Huawei

Melbourne Australia Christian.Groves@nteczone.com

Huawei

P.R.China tommy@huawei.com

Applications and Real-Time Area CORE template The WebRTC framework defines a generic transport service allowing WEB-browsers and other endpoints to exchange generic data from peer to peer utilizing a Stream Control Transmission Protocol (SCTP) transport. This service is known as Web Real Time Communication WebRTC data channels (WebRTC DC). The use of WebRTC DCs for the Constrained Application Protocol (CoAP) allows WebRTC enabled devices to exchange CoAP data between peers in a secure reliable manner.

Whilst the Constrained Application Protocol (CoAP) was designed for Internet of Things (IoT) deployments in constrained network environments its ready adoption has seen the use of it in a multitude of different network environments. provides use cases for alternate CoAP transports. highlights a number of issues using the native User Datagram Transport (UDP) and envisages deployments more closely integrated with a Web environment. In a similar manner proposes the use of the WebSocket protocol . The use of CoAP over WebRTC DCs has not yet been discussed. WebRTC is a framework that defines real time protocols for browser-based applications. It allows communications between peer WebRTC endpoints (e.g. browsers) without the need to communicate through a web server. In addition to protocols for the realtime transport of audio and video, the transport of generic peer-to-peer non-media data has been defined using WebRTC DCs. The non-media data is transported using the Stream Control Transmission Protocol (SCTP) encapsulated in the Datagram Transport Layer Security (DTLS) . It allows both reliable and partially reliable transport and provides confidentiality, source authenticated and integrity protected transfers. The use of Interactive Connectivity Establishment (ICE) allows network address translator (NAT) traversal. The SCTP/DTLS association may be shared with existing audio and video streams enabling multiplexing of several data streams over a single port further facilitating NAT traversal. Use cases for WebRTC DCs (section 3.1/ envisage scenarios where the real-time gaming experience is enhanced by additional object state information. Additional scenarios are considered where information such as heart rate sensor or oxygen saturation sensors could augment audio and video in remote medicine scenarios. The transport of such sensor information is what CoAP has been designed for. This is illustrated in showing the WebRTC Trapeziod with added sensor/CoAP information. The left hand side WebRTC endpoint acts as a CoAP to CoAP proxy.

By utilizing the WebRTC DC (SCTP over DTLS over ICE/UDP (or ICE/TCP)) transport for CoAP a number of important features are inherited including: congestion control, order and unordered messages delivery, large message transmission by providing segmentation and reassembly and multiple unidirectional streams. A more detailed analysis of the benefits of WebRTC DCs can be found in section 5/. describes the usage of SCTP over DTLS. WebRTC defines in-band and out-of-band methods for establishing a data channel and indicating its characteristics. The Data Channel Establishment Protocol (DCEP) provides an in band means of establishing individual data channels. uses the Session Description Protocol (SDP) to provide an out-of-band means to establish data channels. By defining the use of CoAP over WebRTC DC it negates the need for the WebRTC endpoint to interwork between any CoAP messages received from local devices to a proprietary WebRTC DC format when signalling a remote WebRTC endpoint. The SCTP Payload Protocol Identifier (PPID) allows the identification of whether a UTF-8 or Binary encoding is being used and thus facilitates the use of text or binary CoAP protocol serializations. Note: The draft does not yet consider . The intention has been to provide a draft that parallels the current CoAP over TCP and CoAP over Web Sockets drafts. It is likely that there will be impacts due to the .

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

This section describes the use of CoAP over WebRTC DC as a delta to the information contained in section 2/.

shows the CoAP abstract layering as applied to the WebRTC framework.

WebRTC DC mandates the use of SCTP over DTLS. Whilst the above diagram indicates the use of ICE over UDP the use of TCP is also possible in fall back scenarios.

WebRTC DC allows application protocol messages to be exchanged by peers. WebRTC supports both a reliable and partially reliable methods of transmitting user messages. CoAP supports four message types "Confirmable, Non-Confirmable, Acknowledge and Reset". As SCTP provides the reliability mechanism the CoAP message types are not strictly needed for CoAP over WebRTC DC. However the message type is still included in the modified CoAP header for usage over WebRTC DC to facilitate interworking. See section 5 for more information. WebRTC DC does not support multicast usage.

WebRTC DCs are realized as a pair of one incoming and one outgoing SCTP stream (with the same identifier) allowing bi-directional communication. Each channel has properties (see section 6.4/ as discussed below: reliable or unreliable message transmission: WebRTC DCs support the per message indication whether user messages are reliable or partially reliable. Partial reliability indicates that message retransmission is limited to a certain number of retransmissions or lifetime. This loosely parallels to the CoAP usage of Confirmable (CON) or Non-confirmable (NON) messages. in-order or out-of-order message delivery: WebRTC DCs support the per message indication whether user messages are delivered in or out of order. CoAP has been designed for unreliable transports and therefore assumes that messages may arrive out-of-order. CoAP implements a lightweight reliability mechanism to deal with this issue. priority: WebRTC DCs allows a priority to specified for stream scheduling. The usage of this is application specific. Usage of CoAP has no impact on this parameter. It's up to the application using CoAP to set this indication. an optional label: This is an application/implementation specific label. Uniqueness is not guaranteed. Usage of CoAP has no impact on this parameter. an optional protocol: This is used to indicate the application protocol in use. A value is required to identify the usage of CoAP. As discussed above WebRTC DC supports an unreliable / un-ordered delivery of messages. Implementations utilizing these data channel characteristics may use CoAP messages and request/response model largely unchanged. In this case the CoAP reliability mechanisms would be used. However as WebRTC DC's usage of SCTP is reliable or partially reliable there is some redundancy between the functionality that WebRTC DCs and CoAP provides. The redundancies are identified and discussed in section 3/. Namely: There is no need to carry acknowledgement semantics at a CoAP level. There is no need for duplicate delivery detection. This is part of the SCTP layer.

As discussed whilst the CoAP message type is not required for reliability of CoAP over WebRTC DC the use of message type is to facilitate interworking to other transports in intermediaries. No other impacts are foreseen.

The usage of CoAP over WebRTC DC has no foreseeable impacts on resource discovery.

As discussed in the use of a reliable underlying transport allows the use of a modified CoAP header format. The modified format removes the "Type (T)" and "Message ID" fields and introduces a "length" as illustrated below in .

The length field was introduced to introduce message delimitation to keep messages separate in TCP. WebRTC DC uses the message orientation of SCTP to preserve message boundaries thus the use of single application message per SCTP user message is mandated by the WebRTC framework. Therefore a further simplified form of header is defined for CoAP over WebRTC datachannel usage:

The "Version (Ver)" and "Type (T)" fields are re-introduced as compared to to maintain compatibility with CoAP . Thus the above header is only different from the CoAP header in that 2 bytes are saved due to the removal of the "Message ID". Version (Ver) is effectively redundant due to the negotiation of the sub-protocol "coap.v1" at data channel establishment. This field MUST match the version indicated in the protocol field. The use of the message type (T) is used as an indication to the CoAP receiver as to the characteristics of the message. The receiver MUST NOT use this information to implement a CoAP level reliability mechanism. Sections 5.2 and 5.3 detail the usage of message types. Author's Note 1: The 4 bits required for "Version" and "Type" could be removed however this would mean that octet aligned boundaries would no longer be reserved. instead indicates that the four most significant bits (i.e. those for Ver and T) be set to zero and are reserved. Author's Note 2: A further alternative option is to use the CoAP header as defined in and to indicate that for CoAP over WebRTC DC the "T" and "Message ID" are populated with "0-bits" when sending and ignored when receiving messages. CoAP supports the use of different content-formats. WebRTC DC defines the use of PPIDs per SCTP user message as follows: WebRTC String: to identify a non-empty JavaScript string encoded in UTF-8. WebRTC Binary: to identify a non-empty JavaScript binary data (ArrayBuffer, ArrayBufferView or Blob). Depending on the content-format (see section 12.3/) an appropriate PPID to the encoding type SHOULD be used to minimise the need for translating between encodings. For example content type of "text/plain" would result in the use of PPID "WebRTC String". Author's note: Specific mappings for each content-format could be provided however given that the formats may change in the future it may be sufficient to offer broad guidance instead.

There are no impacts to option formats or values due to the use of CoAP over WebRTC DCs. Author's note: Given that the host is determined by the usage of WebRTC are the Uri-Host and Uri-Port relevant? It would seem that this may be valuable to establish a resource tree independent of WebRTC.

In order to use a WebRTC DC, a SCTP over DTLS over ICE/UDP (or ICE/TCP) association must be established. A DTLS connection is established followed by an SCTP association. The out-of-band establishment method through the use of SDP-based Data Channel Negotiation allows the negotiation of SCTP over DTLS over ICE/UDP as well as the negotiation and establishment of the characteristics of an individual WebRTC DC. The in-band establishment method through the use of the Data Channel Establishment Protocol (DCEP) only allows for the establishment of a WebRTC DC once the SCTP over DTLS is established. It relies on DATA_CHANNEL_OPEN and DATA_CHANNEL_ACK messages on the relevant SCTP stream to negotiate the properties of the channel. A separate SCTP PPID (50) indicates that the SCTP user message is a WebRTC DCEP message to allow de-multiplexing by the endpoint. WebRTC DCs are realized as a pair of one incoming and one outgoing SCTP stream (with the same identifier). Requests are sent on an outgoing SCTP stream and received on the peer incoming stream. The SCTP stream identifier is bound to the WebRTC DC instance at the establishment of the data channel. The establishment protocol provides rules for determining the SCTP stream IDs. WebRTC DC closure (Stream Reset) is supported through the use of the SCTP stream reconfiguration extension defined in . The SCTP Stream Reconfiguration reset has the effect of setting the numbering sequence of the SCTP stream back to zero. This is separate function to the CoAP "Reset" message. There is no mapping between the SCTP Stream Reset and the CoAP "Reset" message.

As per section 5/ requests can be sent from both the connecting host and the endpoint that accepted the connection. Who initiated the SCTP/DTLS connection has no bearing on the meaning of the CoAP terms client and server. WebRTC DC mandates the use of DTLS thus the endpoint is identified depending on the security mode. WebRTC DCs allows the indication of whether a SCTP user message is empty through the use of PPIDs (WebRTC String Empty and WebRTC Binary Empty). CoAP defines the use of empty messages. However from the perspective of SCTP these CoAP messages would still contain header information thus PPIDs for empty data MUST not be used. CoAP uses an Empty Confirmable message to provoke a Reset message to check the liveness of an endpoint (so called "CoAP" ping). In WebRTC liveness and the ability to send data is determined through the usage of Session Traversal Utilities for NAT (STUN) Usage for Consent Freshness . Therefore endpoints utilising CoAP over WebRTC DC MUST not use CoAP "reset" messages. CoAP also uses Empty messages to acknowledge a request. This is not required due to the SCTP level acknowledgement. Therefore Empty messages MUST not be used with CoAP over WebRTC.

For CoAP messages marked as confirmable the sender SHALL use a reliable SCTP user message. A CoAP endpoint MUST use the ordered delivery SCTP service, as described in , for the CoAP protocol. CoAP receivers MUST NOT generate CoAP "ACK" or "reset" messages. SCTP level acknowledgement mechanisms are used.

WebRTC DC makes use of the SCTP Partial Reliability (SCTP-PR) Extension . This extension allows a user to indicate on a per message basis how persistent the transport service should be in attempting to send the message to the receiver. One of the benefits of using this extension identified by is: 1. Some application layer protocols may benefit from being able to use a single SCTP association to carry both reliable content, -- such as text pages, billing and accounting information, setup signaling -- and unreliable content, e.g., state that is highly sensitive to timeliness, where generating a new packet is more advantageous than transmitting an old one [3]. This benefit is also one of the reasons the CoAP "Non-Confirmable" message was introduced. However the SCTP-PR and the CoAP "Non-Confirmable" message mechanisms differs in their approach. The SCTP-PR mechanism focuses on sender side behaviour (e.g. when to abandon retransmission). The CoAP "Non-Confirmable" message focuses on receiver side behaviour (e.g. must not send a CoAP ACK). Even with the use of SCTP-PR an SCTP receiver will send an SCTP level ACK for a successfully received SCTP CHUNK. The CoAP "Non-Confirmable" message has no effect on the SCTP level function. Therefore the use of a CoAP "Non-Confirmable" message type is redundant as the CoAP receiver will never send a CoAP ACK message in response. However to facilitate potential interworking at the receiver the sender SHALL still indicate a "Non-confirmable" message type in a CoAP request/response when required. SCTP-PR provides a complimentary function and thus CoAP senders who send Non-confirmable messages SHALL also use SCTP-PR for that message.

Due to reliability being handled at the SCTP layers the CoAP "Message ID" is not required.

The SCTP layer provides message duplication protection. The CoAP application level procedure is not required.

The considerations in section 4.1/ regarding message size limitations also apply to the use of WebRTC DCs. However indicates that senders SHOULD limit the maximum message size to 16KB to avoid monopolization of the SCTP association. Section 5/ provides further details regarding segmentation and reassembly and path maximum transmission unit (MTU) discovery. Interleaving of large user messages is supported by an SCTP protocol extension defined in .

SCTP provides congestion control on a per-association basis (see section 5/.

The application level parameters defined in section 4.8/ are not relevant to SCTP.

Request and response semantics for CoAP over WebRTC DC is as per section 5/ with the following exceptions: section 5.2/: separate responses MUST be used. Given that WebRTC DC provides an SCTP level acknowledgement it is not possible to piggy back CoAP responses. section 5.3.1/: due to the use of DTLS the advice regarding token use without using TLS is invalid. section 5.3.2/: In addition CoAP request/response matching is unique to a particular WebRTC DC (SCTP StreamID pair). section 5.8/: It is not possible to use a 4.05 piggybacked response.

CoAP defines the "coap" and "coaps" URI schemes for identifying CoAP resources and providing a means of locating the resource. defines these resources for use with CoAP over UDP. Section 8/ (Multicast CoAP), does not apply to the URI schemes defined in the present specification. Resources made available via the "coaps+wr" schemes have no shared identity with the other scheme or with the "coap" or "coaps" scheme, even if their resource identifiers indicate the same authority (the same host listening to the same port). The schemes constitute distinct namespaces and, in combination with the authority, are considered to be distinct origin servers.

The semantics defined in section 6.3/, apply to this URI scheme, with the following changes: The port SHALL be omitted. The underlying UDP or TCP port and SCTP port is negotiated prior to the establishment of the CoAP over WebRTC DC.

WebRTC does not define peer discovery mechanisms. Peers discover each other through the use of the ICE protocol. ICE candidates need to be sent from peer to peer via signalling. The Javascript Session Establishment Protocol (JSEP) details the generic SDP media descriptions for peer endpoints to determine the characteristics of a session. The actual signalling protocol between application servers is unspecified. WebRTC endpoints MUST implement the network functions detailed by JSEP including ICE functionality. Whilst the inter-application server signalling protocol is unspecified, the Session Initiation Protocol (SIP) is able to carry SDP for the purposes of establishing a CoAP over WebRTC DC session. SIP allows the use of media feature tags to indicate user agent capabilities . In order to indicate that a SIP user agent supports the use of CoAP a new "sip.coap" media feature tag is proposed. A CoAP-capable endpoint SHOULD include this media feature tag in its REGISTER requests and OPTION responses. It SHOULD also include the media feature tag in INVITE and UPDATE requests and responses. Presence of the media feature tag in the contact field of a requestor response can be used to determine that the far end supports CLUE. The exchange of SDP results in: the underlying transport address (e.g. IPv4 or IPv6), the underlying transport port (e.g. UDP port) the SCTP port and the SCTP StreamID used for the CoAP WebRTC DC being exchanged between the peer endpoints.

On establishment of a CoAP WebRTC DC endpoints are able to use the resource discovery mechanism defined in for CoAP resources.

WebRTC DCs do not support multicast.

This document defines how to convey CoAP over WebRTC DCs. The WebRTC security architecture mandates the use of DTLS for data channels. The use of DTLS 1.2 is compatible with CoAP which allows makes use of DTLS 1.2. The use of DTLS for WebRTC is detailed in .

An WebRTC endpoint supporting CoAP may in affect act as a gateway between local sensor devices and a remote peer endpoint. The local sensors may utilise CoAP over an alternate signalling transport such as UDP to the local WebRTC endpoint. The WebRTC endpoint may then utilise CoAP over WebRTC to signal to the remote peer. A CoAP gateway when converting to and from a WebRTC transport will in general perform the following functions: Map received Empty CoAP message to SCTP level operations and discard the empty message. Map received ACK message to SCTP level operations and discard the ACK message. Separate piggy-backed messages. Provide a mapping between received and sent Tokens in order to match requests and responses. Other behaviour depends on the type of proxy behaviour the gateway is performing. See section 5.7/ for more details.

Security considerations for WebRTC are discussed in [ID. ietf-rtcweb-security]. The use of CoAP over WebRTC can potentially negate the risks mentioned in: section 11.3/ on insecure UDP and multicast being used to aid an amplification attack. section 11.4/ on IP address spoofing and section 11.5/ on Cross-Protocol attacks. section 11.6/ may also not be relevant as WebRTC endpoints are not expected to be severely constrained. Of particular relevance to the support of CoAP over WebRTC DC is access to local devices. Devices generating CoAP data are essentially the same as cameras and microphones in that they may expose sensitive data about the user or the location of the device. Thus the guidance of section 4.1/ applies to devices generating CoAP data. Whilst CoAP has been designed for constrained devices where there is no user interface to inform/request consent, it is assumed that device utilising WebRTC DC for CoAP is more likely at minimum a Class 2 device that could facilitate consent. The CoAP media feature tag defined by this document tag may be present in sessions not utilising CoAP, which increases the metadata available about the sending device, which can help an attacker differentiate between multiple devices and help them identify otherwise anonymised users via the fingerprint of features their device supports. To prevent this, SIP signalling SHOULD always be encrypted using TLS .

NOTE: This registration is exactly the same as the registration in . This document requests the registration of the subprotocol name "coap.v1" in the WebSocket Subprotocol Name Registry. Subprotocol Identifier: coap.v1 Subprotocol Common Name: Constrained Application Protocol (CoAP) Subprotocol Definition: [This document]

No need has been identified to register a new service name and port number for CoAP over WebRTC. Port number allocation is dynamic. The use of the SCTP over DTLS over UDP/TCP results in a layering of services.

defines a new "coap" application protocol negotiation protocol identity. However as the DTLS connection is used to establish a WebRTC application the protocol identifiers defined in MUST be used. Note: that confidentiality protection does not extend to WebRTC DCs.

This document registers a new URI scheme "coaps+wr" for the use of CoAP over WebRTC DCs. The "coaps+wr" URI schemes can be compared to the "https" URI scheme. The IANA is requested to add this new URI schemes to the registry established with .

This specification registers a new media feature tag in the SIP tree per the procedures defined in and . Media feature tag name: sip.coap ASN.1 Identifier: 1.3.6.1.8.4.30 Summary of the media feature indicated by this tag: This feature tag indicates that the device supports the Constrained Application Protocol (CoAP). Values appropriate for use with this feature tag: Boolean. The feature tag is intended primarily for use in the following applications, protocols, services, or negotiation mechanisms: This feature tag is useful to indicate the support of CoAP. Related standards or documents: [this draft] Security Considerations: Security considerations for this media feature tag are discussed in . Name(s) and email address(es) of person(s) to contact for further information: CORE workgroup: core@ietf.org CORE chairs: core-chairs@ietf.org Intended usage: COMMON

The example SDP Offer shows a CoAP over WebRTC DC utilising out-of-band negotiation . It is based on the example in section 7.2/. Modified lines are indicated with ">>>" at the start of the line. These indicators are NOT part of the SDP syntax. Note: some lines have been broken into two lines for formatting reasons.

>>a=dcmap:0 subprotocol="coap.v1";"label="coap" ]]>

We would like to thank the authors of and for providing a framework for this document. This template was derived from an initial version written by Pekka Savola and contributed by him to the xml2rfc project.

&RFC2119; &RFC2506; &RFC3264; &RFC3311; &RFC3758; &RFC3840; &RFC4566; &RFC4960; &RFC5245; &RFC5630; &RFC6347; &RFC6525; &RFC6690; &RFC7228; &RFC7252; &RFC7595; &RFC7675; &RFC6455;

This becomes an Appendix.