WebTransport

Draft Community Group Report,

This version:
https://wicg.github.io/web-transport/
Issue Tracking:
GitHub
Inline In Spec
Editors:
Peter Thatcher (Google)
Bernard Aboba (Microsoft Corporation)
Robin Raymond (Optical Tone Ltd.)

Abstract

This document defines a set of ECMAScript APIs in WebIDL to allow data to be sent and received between a browser and server, implementing pluggable protocols underneath with common APIs on top. APIs specific to QUIC are also provided. This specification is being developed in conjunction with a protocol specification developed by the IETF QUIC Working Group.

Status of this document

This specification was published by the Web Platform Incubator Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

1. Introduction

This section is non-normative.

This specification uses pluggable protocols, with QUIC [QUIC-TRANSPORT] as one such protocol, to send data to and receive data from servers. It can be used like WebSockets but with support for multiple streams, unidirectional streams, out-of-order delivery, and reliable as well as unreliable transport.

Note: The API presented in this specification represents a preliminary proposal based on work-in-progress within the IETF QUIC WG. Since the QUIC transport specification is a work-in-progress, both the protocol and API are likely to change significantly going forward.

2. Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MUST and SHOULD are to be interpreted as described in [RFC2119].

This specification defines conformance criteria that apply to a single product: the user agent that implements the interfaces that it contains.

Conformance requirements phrased as algorithms or specific steps may be implemented in any manner, so long as the end result is equivalent. (In particular, the algorithms defined in this specification are intended to be easy to follow, and not intended to be performant.)

Implementations that use ECMAScript to implement the APIs defined in this specification MUST implement them in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification [WEBIDL], as this specification uses that specification and terminology.

3. Terminology

The EventHandler interface, representing a callback used for event handlers, and the ErrorEvent interface are defined in [HTML].

The concepts queue a task and networking task source are defined in [HTML].

The terms event, event handlers and event handler event types are defined in [HTML].

When referring to exceptions, the terms throw and create are defined in [WEBIDL].

The terms fulfilled, rejected, resolved, pending and settled used in the context of Promises are defined in [ECMASCRIPT-6.0].

The terms ReadableStream and WritableStream are defined in [WHATWG-STREAMS]. Note that despite sharing the name "stream", these are distinct from the IncomingStream, OutgoingStream, and BidirectionalStream defined here. The IncomingStream, OutgoingStream, and BidirectionalStream defined here correspend to a higher level of abstraction that contain and depend on the lower-level concepts of "streams" defined in [WHATWG-STREAMS].

4. UnidirectionalStreamsTransport Mixin

A UnidirectionalStreamsTransport can send and receive unidirectional streams. Data within a stream is delivered in order, but data between streams may be delivered out of order. Data is generally sent reliably, but retransmissions may be disabled or the stream may aborted to produce a form of unreliability. All stream data is encrypted and congestion-controlled.

interface mixin UnidirectionalStreamsTransport {
  Promise<SendStream> createSendStream(optional SendStreamParameters parameters = {});
  ReadableStream receiveStreams();
};

4.1. Methods

createSendStream()

Creates a SendStream object.

When createSendStream() method is called, the user agent MUST run the following steps:

  1. Let transport be the UnidirectionalStreamsTransport on which createSendStream is invoked.

  2. If transport’s state is "closed" or "failed", immediately return a new rejected promise with a newly created InvalidStateError and abort these steps.

  3. Let p be a new promise.

  4. Return p and continue the following steps in background.

  5. Resolve p with a newly created SendStream object and add the SendStream to transport when all of the following conditions are met:

    1. The transport’s state has transitioned to "connected".

    2. Stream creation flow control is not being violated by exceeding the max stream limit set by the remote endpoint. For QUIC, this is specified in [QUIC-TRANSPORT].

    3. p has not been settled.

  6. Reject p with a newly created InvalidStateError when all of the following conditions are met:

    1. The transport’s state transitions to "closed" or "failed".

    2. p has not been settled.

receiveStreams()

Returns a ReadableStream of ReceiveStreams that have been received from the remote host.

When receiveStreams is called, the user agent MUST run the following steps:

  1. Let transport be the UnidirectionalStreamsTransport on which receiveStreams is invoked.

  2. Return the value of the [[ReceivedStreams]] internal slot.

  3. For each unidirectional stream received, create a corresponding IncomingStream and insert it into [[ReceivedStreams]]. As data is received over the unidirectional stream, insert that data into the corresponding IncomingStream. When the remote side closes or aborts the stream, close or abort the corresponding IncomingStream.

4.2. Procedures

4.2.1. Add SendStream to UnidirectionalStreamsTransport

To add the SendStream to a UnidirectionalStreamsTransport, run the following steps:

  1. Let transport be the UnidirectionalStreamsTransport in question.

  2. Let stream be the newly created SendStream object.

  3. Add stream to transport’s [[OutgoingStreams]] slot.

  4. Continue the following steps in the background.

  5. Create stream’s associated underlying transport.

4.3. SendStreamParameters Dictionary

The SendStreamParameters dictionary includes information relating to stream configuration.

dictionary SendStreamParameters {
};

5. BidirectionalStreamsTransport Mixin

A BidirectionalStreamsTransport can send and receive bidirectional streams. Data within a stream is delivered in order, but data between streams may be delivered out of order. Data is generally sent reliably, but retransmissions may be disabled or the stream may aborted to produce a form of unreliability. All stream data is encrypted and congestion-controlled.

interface mixin BidirectionalStreamsTransport {
    Promise<BidirectionalStream> createBidirectionalStream();
    ReadableStream receiveBidirectionalStreams();
};

5.1. Methods

createBidirectionalStream()

Creates a BidirectionalStream object.

When createBidirectionalStream is called, the user agent MUST run the following steps:

  1. Let transport be the BidirectionalStreamsTransport on which createBidirectionalStream is invoked.

  2. If transport’s state is "closed" or "failed", immediately return a new rejected promise with a newly created InvalidStateError and abort these steps.

  3. If transport’s state is "connected", immediately return a new fulfilled promise with a newly created BidirectionalStream object, add the BidirectionalStream to the transport and abort these steps.

  4. Let p be a new promise.

  5. Return p and continue the following steps in background.

  6. Resolve p with a newly created BidirectionalStream object and add the BidirectionalStream to transport when all of the following conditions are met:

    1. The transport’s state has transitioned to "connected".

    2. Stream creation flow control is not being violated by exceeding the max stream limit set by the remote endpoint. For QUIC, this is specified in [QUIC-TRANSPORT].

    3. p has not been settled.

  7. Reject p with a newly created InvalidStateError when all of the following conditions are met:

    1. The transport’s state transitions to "closed" or "failed".

    2. p has not been settled.

receiveBidirectionalStreams()

Returns a ReadableStream of BidirectionalStreams that have been received from the remote host.

When receiveBidirectionalStreams method is called, the user agent MUST run the following steps:

  1. Let transport be the BidirectionalStreamsTransport on which receiveBidirectionalStreams is invoked.

  2. Return the value of the [[ReceivedBidirectionalStreams]] internal slot.

  3. For each bidirectional stream received, create a corresponding BidirectionalStream and insert it into [[ReceivedBidirectionalStreams]]. As data is received over the bidirectional stream, insert that data into the corresponding BidirectionalStream. When the remote side closes or aborts the stream, close or abort the corresponding BidirectionalStream.

5.2. Procedures

5.2.1. Add BidirectionalStream to BidirectionalStreamsTransport

To add the BidirectionalStream to a BidirectionalStreamsTransport, run the following steps:

  1. Let transport be the BidirectionalStreamsTransport in question.

  2. Let stream be the newly created BidirectionalStream object.

  3. Add stream to transport’s [[ReceivedBidirectionalStreams]] slot.

  4. Add stream to transport’s [[OutgoingStreams]] slot.

  5. Continue the following steps in the background.

  6. Create stream’s associated underlying transport.

6. DatagramTransport Mixin

A DatagramTransport can send and receive datagrams. Datagrams are sent out of order, unreliably, and have a limited maximum size. Datagrams are encrypted and congestion controlled.

interface mixin DatagramTransport {
    readonly attribute unsigned short maxDatagramSize;
    WritableStream sendDatagrams();
    ReadableStream receiveDatagrams();
};

6.1. Attributes

maxDatagramSize, of type unsigned short, readonly

The maximum size data that may be passed to sendDatagrams.

6.2. Methods

sendDatagrams()

Sends datagrams that are written to the returned WritableStream.

When sendDatagrams is called, the user agent MUST run the following steps:

  1. Let transport be the DatagramTransport on which sendDatagram is invoked.

  2. Return the value of the [[SentDatagrams]] internal slot.

receiveDatagrams()

Return the value of the [[ReceivedDatagrams]] internal slot.

For each datagram received, insert it into [[ReceivedDatagrams]]. If too many datagrams are queued because the stream is not being read quickly enough, drop datagrams to avoid queueing. Implementations should drop older datagrams in favor of newer datagrams. The number of datagrams to queue should be kept small enough to avoid adding significant latency to packet delivery when the stream is being read slowly (due to the reader being slow) but large enough to avoid dropping packets when for the stream is not read for short periods of time (due to the reader being paused).

7. WebTransport Interface

WebTransport provides a unified interface to all client-server transports that are supported by the WebTransport API. It implements all of the transport mixins (UnidirectionalStreamsTransport, BidirectionalStreamsTransport, DatagramTransport), as well as stats and transport state information.

[Exposed=(Window,Worker)]
interface WebTransport {
  constructor(USVString url, optional WebTransportOptions options = {});

  Promise<WebTransportStats> getStats();
  readonly attribute WebTransportState state;
  readonly attribute Promise<WebTransportCloseInfo> closed;
  void close(optional WebTransportCloseInfo closeInfo = {});
  attribute EventHandler onstatechange;
};

WebTransport includes UnidirectionalStreamsTransport;
WebTransport includes BidirectionalStreamsTransport;
WebTransport includes DatagramTransport;

7.1. Constructor

When the WebTransport() constructor is invoked, the user agent MUST run the following steps:

  1. Let parsedURL be the URL record resulting from parsing url.

  2. If parsedURL is a failure, throw a SyntaxError exception.

  3. If parsedURL scheme is not quic-transport or https, throw a SyntaxError exception.

  4. If parsedURL fragment is not null, throw a SyntaxError exception.

  5. Let transport be a newly constructed WebTransport object.

  6. Let transport have an [[OutgoingStreams]] internal slot representing a sequence of OutgoingStream objects, initialized to empty.

  7. Let transport have a [[ReceivedStreams]] internal slot representing a ReadableStream of IncomingStream objects, initialized to empty.

  8. Let transport have a [[ReceivedBidirectionalStreams]] internal slot representing a ReadableStream of BidirectionalStream objects, initialized to empty.

  9. Let transport have a [[WebTransportState]] internal slot, initialized to "connecting".

  10. Let transport have a [[SentDatagrams]] internal slot representing a WritableStream of Uint8Arrays, initialized to empty.

  11. Let transport have a [[ReceivedDatagrams]] internal slot representing a ReadableStream of Uint8Arrays, initialized to empty.

  12. If the scheme of parsedURL is quic-transport, in parallel, initialize WebTransport over QUIC.

  13. If the scheme of parsedURL is https, in parallel, initialize WebTransport over HTTP.

  14. Return transport.

To initialize WebTransport over QUIC for a given transport and parsedURL, do the following:
  1. Let clientOrigin be transport’s relevant settings object's origin, serialized.

  2. Establish a QUIC connection to the address identified by parsedURL following the procedures in [WEB-TRANSPORT-QUIC] section 3 and using clientOrigin as the "origin of the client" referenced in section 3.2.1. While establishing the connection, follow all of the parameters specified in the options.

  3. If the connection fails, set transport’s [[WebTransportState]] internal slot to "failed" and abort these steps.

  4. Set transport’s [[WebTransportState]] internal slot to "connected".

To initialize WebTransport over HTTP for a given transport and parsedURL, do the following:
  1. If serverCertificateFingerprints is specified, throw a NotSupportedError exception.

  2. Establish an HTTP/3 WebTransport session to the address identified by parsedURL following the procedures in [WEB-TRANSPORT-HTTP3].

  3. If the session establishment fails, set transport’s [[WebTransportState]] internal slot to "failed" and abort these steps.

  4. Set transport’s [[WebTransportState]] internal slot to "connected".

7.2. Attributes

state, of type WebTransportState, readonly

The current state of the transport. On getting, it MUST return the value of the [[WebTransportState]] internal slot.

closed, of type Promise<WebTransportCloseInfo>, readonly

This promise MUST be resolved when the transport is closed; an implementation SHOULD include error information in the reason and errorCode fields of WebTransportCloseInfo.

onstatechange, of type EventHandler

This event handler, of event handler event type statechange, MUST be fired any time the [[WebTransportState]] slot changes, unless the state changes due to calling close.

7.3. Methods

close()

Closes the WebTransport object. For QUIC, this triggers an Immediate Close as described in [QUIC-TRANSPORT] section 10.3.

When close is called, the user agent MUST run the following steps:

  1. Let transport be the WebTransport on which close is invoked.

  2. If transport’s [[WebTransportState]] is "closed" or "failed", then abort these steps.

  3. Set transport’s [[WebTransportState]] to "closed".

  4. Let closeInfo be the first argument.

  5. For QUIC, start the Immediate Close procedure by sending an CONNECTION_CLOSE frame with its error code value set to the value of errorCode and its reason value set to the value of reason.

getStats()

Gathers stats for this WebTransport's QUIC connection and reports the result asynchronously.

When close is called, the user agent MUST run the following steps:

  1. Let transport be the WebTransport on which getStats is invoked.

  2. Let p be a new promise.

  3. If the URL scheme associated with transport is not quic-transport, reject p with NotSupportedError and return p.

  4. Return p and continue the following steps in background.

    1. Gather the stats from the underlying QUIC connection.

    2. Once stats have been gathered, resolve p with the WebTransportStats object, representing the gathered stats.

7.4. Configuration

dictionary WebTransportOptions {
  sequence<RTCDtlsFingerprint> serverCertificateFingerprints;
};

WebTransportOptions is a dictionary of parameters that determine how WebTransport connection is established and used.

serverCertificateFingerprints, of type sequence<RTCDtlsFingerprint>

This option is only supported for transports using dedicated TLS connections, such as quic-transport. For transport protocols that do not support this feature, having this field non-empty SHALL result in a NotSupportedError exception being thrown.

If supported and non-empty, the user agent SHALL deem a server certificate trusted if and only if it can successfully verify a certificate fingerprint against serverCertificateFingerprints and satisfies custom certificate requirements. The user agent SHALL ignore any fingerprint that uses an unknown algorithm or has a malformed value. If empty, the user agent SHALL use certificate verification procedures it would use for normal fetch operations.

To compute a certificate fingerprint, do the following:
  1. Let cert be the input certificate, represented as a DER encoding of Certificate message defined in [RFC5280].

  2. Compute the SHA-256 hash of cert. Format it as fingerprint BNF rule described in Section 5 of [RFC8122].

To verify a certificate fingerprint, do the following:
  1. Let fingerprints be the input array of fingerprints.

  2. Let referenceFingerprint be the computed fingerprint of the input certificate.

  3. For every fingerprint fingerprint in fingerprints:

    1. If algorithm of fingerprint is equal to "sha-256", and value of fingerprint is equal to referenceFingerprint, the certificate is valid. Return true.

  4. Return false.

The custom certificate requirements are as follows: the certificate MUST be an X.509v3 certificate as defined in [RFC5280], the current time MUST be within the validity period of the certificate as defined in Section 4.1.2.5 of [RFC5280] and the total length of the validity period MUST NOT exceed two weeks.

Reconsider the time period above. We want it to be sufficiently large that applications using this for ephemeral certificates can do so without having to fight the clock skew, but small enough to discourage long-term use without key rotation.

7.5. WebTransportState Enum

WebTransportState indicates the state of the transport.

enum WebTransportState {
  "connecting",
  "connected",
  "closed",
  "failed"
};
"connecting"

The transport is in the process of negotiating a secure connection. Once a secure connection is negotiated, incoming data can flow through.

"connected"

The transport has completed negotiation of a secure connection. Outgoing data and media can now flow through.

"closed"

The transport has been closed intentionally via a call to close() or receipt of a closing message from the remote side. When the WebTransport's internal [[WebTransportState]] slot transitions to closed the user agent MUST run the following steps:

  1. Let transport be the WebTransport.

  2. Close the ReadableStream in transport’s [[ReceivedStreams]] internal slot.

  3. Close the ReadableStream in transport’s [[ReceivedBidirectionalStreams]] internal slot.

  4. For each OutgoingStream in transport’s [[OutgoingStreams]] internal slot run the following:

    1. Let stream be the OutgoingStream.

    2. Remove the stream from the transport’s [[OutgoingStreams]] internal slot.

"failed"

The transport has been closed as the result of an error (such as receipt of an error alert). When the WebTransport’s internal [[WebTransportState]] slot transitions to failed the user agent MUST run the following steps:

  1. Close the ReadableStream in transport’s [[ReceivedStreams]] internal slot.

  2. Close the ReadableStream in transport’s [[ReceivedBidirectionalStreams]] internal slot.

  3. For each OutgoingStream in transport’s [[OutgoingStreams]] internal slot run the following:

    1. Remove the stream from the transport’s [[OutgoingStreams]] internal slot.

7.6. WebTransportCloseInfo Dictionary

The WebTransportCloseInfo dictionary includes information relating to the error code for closing a WebTransport. For QUIC, this information is used to set the error code and reason for an CONNECTION_CLOSE frame.

dictionary WebTransportCloseInfo {
  unsigned long long errorCode = 0;
  DOMString reason = "";
};

The dictionary SHALL have the following attributes:

errorCode, of type unsigned long long, defaulting to 0

The error code communicated to the peer.

reason, of type DOMString, defaulting to ""

The reason for closing the WebTransport.

7.7. WebTransportStats Dictionary

The WebTransportStats dictionary includes information on QUIC connection level stats.

some of those are safe to expose for HTTP/2 and HTTP/3 connections (like min-RTT), while most would either result in information disclosure or are impossible to define for pooled connections.

dictionary WebTransportStats {
  DOMHighResTimeStamp timestamp;
  unsigned long long bytesSent;
  unsigned long long packetsSent;
  unsigned long numOutgoingStreamsCreated;
  unsigned long numIncomingStreamsCreated;
  unsigned long long bytesReceived;
  unsigned long long packetsReceived;
  DOMHighResTimeStamp minRtt;
  unsigned long numReceivedDatagramsDropped;
};

The dictionary SHALL have the following attributes:

timestamp, of type DOMHighResTimeStamp

The timestamp for when the stats are gathered, relative to the UNIX epoch (Jan 1, 1970, UTC).

bytesSent, of type unsigned long long

The number of bytes sent on the QUIC connection, including retransmissions. Does not include UDP or any other outer framing.

packetsSent, of type unsigned long long

The number of packets sent on the QUIC connection, including retransmissions.

numOutgoingStreamsCreated, of type unsigned long

The number of outgoing QUIC streams created on the QUIC connection.

numIncomingStreamsCreated, of type unsigned long

The number of incoming QUIC streams created on the QUIC connection.

bytesReceived, of type unsigned long long

The number of total bytes received on the QUIC connection, including duplicate data for streams. Does not include UDP or any other outer framing.

packetsReceived, of type unsigned long long

The number of total packets received on the QUIC connection, including packets that were not processable.

minRtt, of type DOMHighResTimeStamp

The minimum RTT observed on the entire connection.

numReceivedDatagramsDropped, of type unsigned long

The number of datagrams that were dropped, due to too many datagrams buffered between calls to receiveDatagrams().

8. Interface Mixin OutgoingStream

An OutgoingStream is a stream that can be written to, as either a SendStream or a BidirectionalStream.

[ Exposed=(Window,Worker) ]
interface mixin OutgoingStream {
  readonly attribute WritableStream writable;
  readonly attribute Promise<StreamAbortInfo> writingAborted;
  void abortWriting(optional StreamAbortInfo abortInfo = {});
};

8.1. Overview

The OutgoingStream will initialize with the following:

  1. Let stream be the OutgoingStream.

  2. Let stream have a [[Writable]] internal slot initialized to a new WritableStream.

8.2. Attributes

writable, of type WritableStream, readonly

The writable attribute represents a WritableStream (of bytes) that can be used to write to the OutgoingStream. On getting it MUST return the value of the [[Writable]] slot.

writingAborted, of type Promise<StreamAbortInfo>, readonly

The writingAborted attribute represents a promise that is fulfilled when the a message from the remote side aborting the stream is received. For QUIC, that message is a STOP_SENDING frame. When the stream receives this mesage, the user agent MUST run the following:

  1. Let stream be the OutgoingStream object.

  2. Let transport be the WebTransport, which the stream was created from.

  3. Remove the stream from the transport’s [[OutgoingStreams]] internal slot.

  4. Resolve the promise with the resulting StreamAbortInfo with the errorCode set to the value from the aborting message from the remote side.

8.3. Methods

abortWriting()

A hard shutdown of the OutgoingStream. It may be called regardless of whether the OutgoingStream was created by the local or remote peer. When the abortWriting method is called, the user agent MUST run the following steps:

  1. Let stream be the OutgoingStream object which is about to abort writing.

  2. Let transport be the WebTransport, which the stream was created from.

  3. Remove the stream from the transport’s [[OutgoingStreams]] internal slot.

  4. Let abortInfo be the first argument.

  5. Start the closing procedure by sending a RST_STREAM frame with its error code set to the value of |abortInfo.errorCode|.

8.4. StreamAbortInfo Dictionary

The StreamAbortInfo dictionary includes information relating to the error code for aborting an incoming or outgoing stream. (For QUIC, in either a RST_STREAM frame or a STOP_SENDING frame).

dictionary StreamAbortInfo {
  unsigned long long errorCode = 0;
};

The dictionary SHALL have the following fields:

errorCode, of type unsigned long long, defaulting to 0

The error code. The default value of 0 means "CLOSING."

9. Interface Mixin IncomingStream

An IncomingStream is a stream that can be read from, as either a ReceiveStream or a BidirectionalStream.

[ Exposed=(Window,Worker) ]
interface mixin IncomingStream {
  readonly attribute ReadableStream readable;
  readonly attribute Promise<StreamAbortInfo> readingAborted;
  void abortReading(optional StreamAbortInfo abortInfo = {});
  Promise<ArrayBuffer> arrayBuffer();
};

9.1. Overview

The IncomingStream will initialize with the following:

  1. Let stream be the IncomingStream.

  2. Let stream have a [[Readable]] internal slot initialized to a new ReadableStream.

9.2. Attributes

readable, of type ReadableStream, readonly

The readable attribute represents a ReadableStream that can be used to read from the IncomingStream. On getting it MUST return the value of the IncomingStream's [[Readable]] slot.

readingAborted, of type Promise<StreamAbortInfo>, readonly

The readingAborted attribute represents a promise that is fulfilled when the a message from the remote side aborting the stream is received. For QUIC, that message is a RST_STREAM frame. When the stream receives this mesage, the user agent MUST run the following:

  1. Let stream be the IncomingStream object for which the abort message was received.

  2. Let transport be the WebTransport, which the stream was created from.

  3. Resolve the promise with the resulting StreamAbortInfo with the errorCode set to the value from the aborting message from the remote side.

9.3. Methods

abortReading()

A hard shutdown of the IncomingStream. It may be called regardless of whether the IncomingStream was created by the local or remote peer. When the abortWriting method is called, the user agent MUST run the following steps:

  1. Let stream be the IncomingStream object which is about to abort reading.

  2. Let transport be the WebTransport, which the stream was created from.

  3. Let abortInfo be the first argument.

  4. Start the closing procedure by sending a message to the remote side indicating that the stream has been aborted (for QUIC, this is a STOP_SENDING frame) with its error code set to the value of |abortInfo.errorCode|.

arrayBuffer()

A convenience method that asynchronously reads all the contents of |IncomingStream.readable| and returns it as an ArrayBuffer. This locks the stream while reading, just as if |IncomingStream.readable.getReader()| were used.

10. Interface BidirectionalStream

[ Exposed=(Window,Worker) ]
interface BidirectionalStream {
};
BidirectionalStream includes OutgoingStream;
BidirectionalStream includes IncomingStream;

11. Interface SendStream

[ Exposed=(Window,Worker) ]
interface SendStream {
};
SendStream includes OutgoingStream;

12. Interface ReceiveStream

[ Exposed=(Window,Worker) ]
interface ReceiveStream {
};
ReceiveStream includes IncomingStream;

13. Privacy and Security Considerations

This section is non-normative; it specifies no new behaviour, but instead summarizes information already present in other parts of the specification.

13.1. Confidentiality of Communications

The fact that communication is taking place cannot be hidden from adversaries that can observe the network, so this has to be regarded as public information.

All of the transport protocols described in this document use either TLS [RFC8446] or a semantically equivalent protocol, thus providing all of the security properties of TLS, including confidentiality and integrity of the traffic. Both QuicTransport and Http3Transport use the same certificate verification mechanism as outbound HTTP requests, thus relying on the same public key infrastructure for authentication of the remote server. In WebTransport, certificate verification errors are fatal; no interstitial allowing bypassing certificate validation is available.

13.2. State Persistence

WebTransport by itself does not create any new unique identifiers or new ways to persistently store state, nor does it automatically expose any of the existing persistent state to the server. For instance, none of the transports defined in this document automatically send cookies, support HTTP authentication or caching invalidation mechanisms. Since they use TLS, they may support TLS session tickets, which could be used by the server (though not by passive network observers) to correlate different connections from the same client. This is not specific to WebTransport by itself, but rather an inherent property of all TLS-based protocols; thus, this is out-of-scope for this specification.

13.3. Protocol Security

WebTransport imposes a common set of requirements on all of the protocols, described in [WEB-TRANSPORT-OVERVIEW]. Notable ones include:

  1. All transports must ensure that the remote server is aware that the connection in question originates from a Web application; this is required to prevent cross-protocol attacks. QUIC-based transports use ALPN [RFC7301] for that purpose.

  2. All transports must allow the server to filter connections based on the origin of the resource originating the transport session.

  3. All transports require the user agents to continually verify that the server is still interested in talking to them (concept commonly known as "Consent Freshness").

Protocol security considersations related to the individual transports are described in the Security Considerations sections of the corresponding protocol documents, [WEB-TRANSPORT-QUIC] and [WEB-TRANSPORT-HTTP3].

Networking APIs can be commonly used to scan the local network for available hosts, and thus be used for fingerprinting and other forms of attacks. WebTransport follows the WebSocket approach to this problem: the specific connection error is not returned until an endpoint is verified to be a WebTransport endpoint; thus, the Web application cannot distinguish between a non-existing endpoint and the endpoint that is not willing to accept connections from the Web.

14. Examples

14.1. Sending a buffer of datagrams

This section is non-normative.

Sending a buffer of datagrams can be achieved by using the sendDatagrams() method. In the following example datagrams are only sent if the DatagramTransport is ready to send.

const transport = getTransport();
const writer = transport.sendDatagrams().getWriter();
const datagrams = getDatagramsToSend();
datagrams.forEach((datagram) => {
  await writer.ready;
  writer.write(datagram);
});

14.2. Sending datagrams at a fixed rate

This section is non-normative.

Sending datagrams at a fixed rate regardless if the transport is ready to send can be achieved by simply using sendDatagrams() and not using the ready attribute. More complex scenarios can utilize the ready attribute.

// Sends datagrams every 100 ms.
const transport = getTransport();
const writer = transport.sendDatagrams().getWriter();
setInterval(() => {
  writer.write(createDatagram());
}, 100);

14.3. Receiving datagrams

This section is non-normative.

Receiving datagrams can be achieved by calling receiveDatagrams() method, remembering to check for null values indicating that packets are not being processed quickly enough.

const transport = getTransport();
const reader = transport.receiveDatagrams().getReader();
while (true) {
  const {value: datagram, done} = await reader.read();
  if (done) {
    break;
  }
  // Process the data
}

14.4. Receiving from ReceiveStream

This section is non-normative.

Reading from ReceiveStreams can be achieved by calling receiveStreams() method, then getting the reader for each ReceiveStream.

const transport = getTransport();
const receiveStreamReader = transport.receiveStreams().getReader();
while (true) {
  const {value: receiveStream, done: readingReceiveStreamsDone} =
      await receiveStreamReader.read();
  if (readingReceiveStreamsDone) {
    break;
  }
  // Process ReceiveStreams created by remote endpoint.
  const chunkReader = receiveStream.readable.getReader();
  while (true) {
    const {value: chunk, done: readingChunksDone} = await chunkReader.read();
    if (readingChunksDone) {
      break;
    }
    processTheData(chunk);
  }
}

15. Acknowledgements

The editors wish to thank the Working Group chairs and Team Contact, Harald Alvestrand, Stefan Håkansson, Bernard Aboba and Dominique Hazaël-Massieux, for their support. Contributions to this specification were provided by Robin Raymond.

The WebTransport interface is based on the QuicTransport interface initially described in the W3C ORTC CG, and has been adapted for use in this specification.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[DOM]
Anne van Kesteren. DOM Standard. Living Standard. URL: https://dom.spec.whatwg.org/
[ECMASCRIPT-6.0]
Allen Wirfs-Brock. ECMA-262 6th Edition, The ECMAScript 2015 Language Specification. June 2015. Standard. URL: http://www.ecma-international.org/ecma-262/6.0/index.html
[FETCH]
Anne van Kesteren. Fetch Standard. Living Standard. URL: https://fetch.spec.whatwg.org/
[HR-TIME-2]
Ilya Grigorik. High Resolution Time Level 2. 21 November 2019. REC. URL: https://www.w3.org/TR/hr-time-2/
[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[QUIC-TRANSPORT]
Jana Iyengar; Martin Thomson. QUIC: A UDP-Based Multiplexed and Secure Transport. Internet-Draft. URL: https://quicwg.org/base-drafts/draft-ietf-quic-transport.html
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
[RFC5280]
D. Cooper; et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. May 2008. Proposed Standard. URL: https://tools.ietf.org/html/rfc5280
[RFC8122]
J. Lennox; C. Holmberg. Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP). March 2017. Proposed Standard. URL: https://tools.ietf.org/html/rfc8122
[URL]
Anne van Kesteren. URL Standard. Living Standard. URL: https://url.spec.whatwg.org/
[WEB-TRANSPORT-HTTP3]
Victor Vasiliev. WebTransport over HTTP/3. Internet-Draft. URL: https://tools.ietf.org/html/draft-vvv-webtransport-http3
[WEB-TRANSPORT-OVERVIEW]
Victor Vasiliev. WebTransport Protocol Framework. Internet-Draft. URL: https://tools.ietf.org/html/draft-vvv-webtransport-overview
[WEB-TRANSPORT-QUIC]
Victor Vasiliev. WebTransport over QUIC. Internet-Draft. URL: https://tools.ietf.org/html/draft-vvv-webtransport-quic
[WEBIDL]
Boris Zbarsky. Web IDL. 15 December 2016. ED. URL: https://heycam.github.io/webidl/
[WEBRTC-1]
WebRTC 1.0: Real-time Communication Between Browsers URL: https://www.w3.org/TR/webrtc/
[WHATWG-STREAMS]
Adam Rice; Domenic Denicola; 吉野剛史 (Takeshi Yoshino). Streams Standard. Living Standard. URL: https://streams.spec.whatwg.org/

Informative References

[RFC7301]
S. Friedl; et al. Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension. July 2014. Proposed Standard. URL: https://tools.ietf.org/html/rfc7301
[RFC8446]
E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. August 2018. Proposed Standard. URL: https://tools.ietf.org/html/rfc8446

IDL Index

interface mixin UnidirectionalStreamsTransport {
  Promise<SendStream> createSendStream(optional SendStreamParameters parameters = {});
  ReadableStream receiveStreams();
};

dictionary SendStreamParameters {
};

interface mixin BidirectionalStreamsTransport {
    Promise<BidirectionalStream> createBidirectionalStream();
    ReadableStream receiveBidirectionalStreams();
};

interface mixin DatagramTransport {
    readonly attribute unsigned short maxDatagramSize;
    WritableStream sendDatagrams();
    ReadableStream receiveDatagrams();
};

[Exposed=(Window,Worker)]
interface WebTransport {
  constructor(USVString url, optional WebTransportOptions options = {});

  Promise<WebTransportStats> getStats();
  readonly attribute WebTransportState state;
  readonly attribute Promise<WebTransportCloseInfo> closed;
  void close(optional WebTransportCloseInfo closeInfo = {});
  attribute EventHandler onstatechange;
};

WebTransport includes UnidirectionalStreamsTransport;
WebTransport includes BidirectionalStreamsTransport;
WebTransport includes DatagramTransport;

dictionary WebTransportOptions {
  sequence<RTCDtlsFingerprint> serverCertificateFingerprints;
};

enum WebTransportState {
  "connecting",
  "connected",
  "closed",
  "failed"
};

dictionary WebTransportCloseInfo {
  unsigned long long errorCode = 0;
  DOMString reason = "";
};

dictionary WebTransportStats {
  DOMHighResTimeStamp timestamp;
  unsigned long long bytesSent;
  unsigned long long packetsSent;
  unsigned long numOutgoingStreamsCreated;
  unsigned long numIncomingStreamsCreated;
  unsigned long long bytesReceived;
  unsigned long long packetsReceived;
  DOMHighResTimeStamp minRtt;
  unsigned long numReceivedDatagramsDropped;
};

[ Exposed=(Window,Worker) ]
interface mixin OutgoingStream {
  readonly attribute WritableStream writable;
  readonly attribute Promise<StreamAbortInfo> writingAborted;
  void abortWriting(optional StreamAbortInfo abortInfo = {});
};

dictionary StreamAbortInfo {
  unsigned long long errorCode = 0;
};

[ Exposed=(Window,Worker) ]
interface mixin IncomingStream {
  readonly attribute ReadableStream readable;
  readonly attribute Promise<StreamAbortInfo> readingAborted;
  void abortReading(optional StreamAbortInfo abortInfo = {});
  Promise<ArrayBuffer> arrayBuffer();
};

[ Exposed=(Window,Worker) ]
interface BidirectionalStream {
};
BidirectionalStream includes OutgoingStream;
BidirectionalStream includes IncomingStream;

[ Exposed=(Window,Worker) ]
interface SendStream {
};
SendStream includes OutgoingStream;

[ Exposed=(Window,Worker) ]
interface ReceiveStream {
};
ReceiveStream includes IncomingStream;

Issues Index

Reconsider the time period above. We want it to be sufficiently large that applications using this for ephemeral certificates can do so without having to fight the clock skew, but small enough to discourage long-term use without key rotation.
some of those are safe to expose for HTTP/2 and HTTP/3 connections (like min-RTT), while most would either result in information disclosure or are impossible to define for pooled connections.