Internet-Draft The WebRTC URI Scheme October 2022
Jiang,Jianxing Expires 20 April 2023 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-jiang7369-webrtc-uri-scheme-01
Published:
Intended Status:
Standards Track
Expires:
Author:
Jiang,Jianxing

The WebRTC URI Scheme

Abstract

This document registers the "wr://" and "wrs://" URI schemes to aid in the connect of WebRTC.

Note to Readers

RFC EDITOR: please remove this section before publication

The issues list for this draft can be found at https://github.com/jiang7369/I-D/issues/.

The most recent (unpublished) draft and demos is at https://jiang7369.github.io/I-D/.

Recent changes are listed at https://github.com/jiang7369/I-D/commits/gh-pages/.

See also the draft's current status in the IETF datatracker, at https://datatracker.ietf.org/doc/draft-jiang7369-webrtc-uri-scheme/.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 20 April 2023.

Table of Contents

1. Introduction

URI is short and compact, convenient for transmission. You can even send it offline to others without using any server, for example, you can generate a QR Code for use.

WebRTC is a widely used real-time connection protocol, but unlike WebSocket, it has no URI scheme.

This document registers the "wr://" and "wrs://" URI schemes to aid prevention of such accidental disclosures. When use the URI quickly open the connection, you can immediately to realize communication between two clients.

Use this URI Scheme to easily open a connection. You can open a data channel, then the connection can be used as a file transfer or signalling server, etc. You can also directly open a stable and complex connection by passing more parameters.

WebRTC URI Scheme defines one endpoint of the connection, rather than one port of the device. It defines the connection mode of WebRTC in the Internet/LAN that conforms to human intuition. One device can open multiple connections, corresponding to multiple endpoints, without paying special attention to which port is currently used for connection.

WebRTC URI Scheme may look like a compressed version of the SDP file. It avoids the trouble of inconvenient transmission of SDP newline characters, and does not expose more information in the first connection.

In addition, the WebRTC URI Scheme facilitates communication between two computers through browser application under the premise of light server or no server. Changing connections on the network connect pairs of endpoints. WebRTC endpoints are characterized by great variability and fast variability. We can dynamically connect these points to form a dynamic network.

1.1. Notational Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This document uses ABNF [RFC5234], Base64 [RFC4648]. It also uses the pchar rule from [RFC3986].

2. WebRTC URIs

This specification defines two URI schemes, using the ABNF syntax defined in RFC 5234 [RFC5234], and terminology and ABNF productions defined by the URI specification RFC 3986 [RFC3986].

       wr-URI = "wr" ":" [ host-part ] "/" endpoint [ "?" query ]
       wrs-URI = "wrs" ":" [ host-part ] "/" endpoint [ "?" query ]
       host-part = "//" [ hostport ]

       hostport = host [ ":" port ]
       host = <host, defined in [RFC3986], Section 3.2.2>
       port = <port, defined in [RFC3986], Section 3.2.3>
       endpoint = basehash pwd ufrag
       query = <query, defined in [RFC3986], Section 3.4>

       basehash = 44<pchar>
       pwd = *255<pchar>
       ufrag = *255<pchar>

See [RFC3986], Section 3.3 for a definition of pchar. Disallowed characters -- including non-ASCII characters -- MUST be encoded into UTF-8 [RFC3629] and then percent-encoded ([RFC3986], Section 2.1).

The hostport component is OPTIONAL; By default, WebRTC connection without STUN or TURN.

The port component is OPTIONAL; By default, "wr" runs on the same ports as STUN and TURN: 3478 for "wr" over UDP and TCP, and 5349 for "wrs" over TLS.

The ufrag component, pwd component and fingerprint used in basehash component below can be find in attributes ([RFC8859], Section 5.12) of SDP ([RFC8864], Section 5.12).

The basehash component MUST be calculated by the following steps:

  1. get the length of pwd component
  2. convert length of pwd component to hexadecimal (1 Byte)
  3. get the fingerprint hexadecimal (32 Byte)
  4. connect the length hexadecimal after the fingerprint hexadecimal
  5. Calculate the Base64([RFC3986], Section 2.1) of the result
    (33 Byte)

The advantage of this is to take endpoint component as a whole while taking readability into consideration.

Fragment identifiers are meaningless in the context of WebRTC URIs and MUST NOT be used on these URIs. As with any URI scheme, the character "#", when not indicating the start of a fragment, MUST be escaped as %23.

Example URIs are listed in Appendix A.

3. IANA Considerations

3.1. Registration of New URI Schemes

3.1.1. Registration of "wr" Scheme

A |wr| URI identifies a WebRTC offer and answer name.

Scheme name:

wr

Status:

Permanent

Applications/protocols that use this scheme:

none yet

Security considerations:

See "Security Considerations" section.

Contact:

IETF <iesg@ietf.org>

Change controller:

IETF <iesg@ietf.org>

References:

(this document)

3.1.2. Registration of "wrs" Scheme

A |wrs| URI identifies a WebRTC offer and answer name and indicates that traffic over that connection is to be protected via TLS (including standard benefits of TLS such as data confidentiality and integrity and endpoint authentication).

Scheme name:

wrs

Status:

Permanent

Applications/protocols that use this scheme:

none yet

Security considerations:

See "Security Considerations" section.

Contact:

IETF <iesg@ietf.org>

Change controller:

IETF <iesg@ietf.org>

References:

(this document)

4. Security Considerations

The token ABNF rule allows tokens as small as 0 character. This is not recommended practice; applications should evaluate their requirements for entropy and issue tokens correspondingly. See [RFC8445] for more information.

This document not solve the problem that attackers can flood stun/turn servers. Too many open ports may cause network layer rejection.

Although the WebRTC URI Scheme makes connections easy to open, you may connect untrusted nodes in static pages, just like click the link of a phishing website. Before connecting, you must confirm whether the URI provider is trusted.

If the stun/turn server is not trusted, man-in-the-middle attack may occur on the "ws://" connection. "wrs://" is intended to reduce the incidence of man-in-the-middle attack; it cannot prevent man-in-the-middle attack on client to client connections.

And The server side of "wrs://" protocol SHALL ensure the security of each link and the handling of blacklist.

5. References

5.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC3629]
Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, , <https://www.rfc-editor.org/info/rfc3629>.
[RFC3986]
Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, , <https://www.rfc-editor.org/info/rfc3986>.
[RFC4648]
Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, , <https://www.rfc-editor.org/info/rfc4648>.
[RFC5234]
Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, , <https://www.rfc-editor.org/info/rfc5234>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8859]
Nandakumar, S., "A Framework for Session Description Protocol (SDP) Attributes When Multiplexing", RFC 8859, DOI 10.17487/RFC8859, , <https://www.rfc-editor.org/info/rfc8859>.
[RFC8864]
Drage, K., Makaraju, M., Ejzak, R., Marcon, J., and R. Even, Ed., "Negotiation Data Channels Using the Session Description Protocol (SDP)", RFC 8864, DOI 10.17487/RFC8864, , <https://www.rfc-editor.org/info/rfc8864>.

5.2. Informative References

[RFC8445]
Keranen, A., Holmberg, C., and J. Rosenberg, "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal", RFC 8445, DOI 10.17487/RFC8445, , <https://www.rfc-editor.org/info/rfc8445>.
[RFC8959]
Nottingham, M., "The "secret-token" URI Scheme", RFC 8959, DOI 10.17487/RFC8959, , <https://www.rfc-editor.org/info/rfc8959>.

Appendix A. Example URIs

The content of sdp is as follows:

a=ice-ufrag:Yb1d
a=ice-pwd:uCiLWVRLVIKkrl14SzyO4TMF
a=fingerprint:sha-256 B6:9E:F3:DD:8B:83:8D:F6:95:4E:76:40:AF:F2:78
:0B:CA:78:DA:0B:73:21:1E:28:93:4F:70:DA:47:B4:41:7E

The ufrag component is "Yb1d".
The pwd component is "uCiLWVRLVIKkrl14SzyO4TMF"
The basehash component before Base64 is
0xB69EF3DD8B838DF6954E7640AFF2780BCA78DA0B73211E28934F70DA47B4417E18,
The basehash component is
"tp7z3YuDjfaVTnZAr/J4C8p42gtzIR4ok09w2ke0QX4Y"

So, the endpoint component is
"tp7z3YuDjfaVTnZAr/J4C8p42gtzIR4ok09w2ke0QX4YuCiLWVRLVIKk
rl14SzyO4TMFYb1d"

Without STUN or TURN:

o  If no STUN or TURN, expressed in "wr:///". For example:

   *  "wr:///tp7z3YuDjfaVTnZAr/J4C8p42gtzIR4ok09w2ke0QX4YuCiLWVRLVI
      Kkrl14SzyO4TMFYb1d?query=required&for&connect"

o  Or omit "//", expressed in "wr:/". For example:

   *  "wr:/tp7z3YuDjfaVTnZAr/J4C8p42gtzIR4ok09w2ke0QX4YuCiLWVRLVIKk
      rl14SzyO4TMFYb1d?query"

With STUN or TURN:

o  Use STUN or TURN server, For example:

   *  "wr://host.example.com/tp7z3YuDjfaVTnZAr/J4C8p42gtzIR4ok09w2
      ke0QX4YuCiLWVRLVIKkrl14SzyO4TMFYb1d?query"

o  Use STUNs or TURNs server, For example:

   *  "wrs://host.example.com/tp7z3YuDjfaVTnZAr/J4C8p42gtzIR4ok09w
      2ke0QX4YuCiLWVRLVIKkrl14SzyO4TMFYb1d?query"

Acknowledgements

Frankly speaking, the document format refers to [RFC8959] when writing.
Thank you~

Author's Address

Jiang,Jianxing
China