Stun bis draft ietf behave rfc3489bis
This presentation is the property of its rightful owner.
Sponsored Links
1 / 8

STUN bis draft-ietf-behave-rfc3489bis PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on
  • Presentation posted in: General

STUN bis draft-ietf-behave-rfc3489bis. Jonathan Rosenberg Cisco Systems. Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional MUST use if cookie not enough SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range.

Download Presentation

STUN bis draft-ietf-behave-rfc3489bis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Stun bis draft ietf behave rfc3489bis

STUN bisdraft-ietf-behave-rfc3489bis

Jonathan Rosenberg

Cisco Systems


Changes from 04 to 05

Removed ICE connectivity check usage (in ICE now)

FINGERPRINT optional

MUST use if cookie not enough

SHOULD use otherwise

FINGERPRINT changed to CRC-32 (V.42 polynomial)

FINGERPRINT attribute number to optional range

TCP-based congestion control added in

Initial RTT estimate configurable, 100ms for fixed broadband

Retransmit interval doubles after every xmit (not flatten out)

Number of retransmits from 9 to 7

Karns’ algorithm for RTT estimation mentioned

Changes from -04 to -05


Changes from 04 to 051

Changes from -04 to -05

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|M|M|M|M|M|C|M|M|M|C|M|M|M|M|

|1|1|9|8|7|1|6|5|4|0|3|2|2|0|

|1|0| | | | | | | | | | | | |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  • New structure for Message Type

    • Bits M11 to M0 is “method”

    • C1 to C0 is “class”

      • 0: Request

      • 1: Indication

      • 2: Success Response

      • 3: Error Response

  • Backwards compatible except TURN indications


Changes from 04 to 052

Retransmission rules called out

Server sends same response

Client ignores subsequent responses

Servers check for unknown methods and reject if unknown

If you get a 436 when using short term credential from shared secret, reobtain

Softened authentication rules on keepalive – discuss what to do if you don’t authenticate

Changes from -04 to -05


Changes from 04 to 053

Clarify applicability of shared secrets (all servers or just one)

Clarify behavior if request omitted MESSAGE-INTEGRITY but response has it

Reuse short term credentials on 300

Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED

Server has to include MESSAGE-INTEGRITY in response if it was in request

Success responses can include Nonce

Changes from -04 to -05


Changes from 04 to 054

Changes from -04 to -05

  • For shared secret requests, removed client IP address in computation of password

    • Leftover from rfc3489 stuff

  • Added procedures for retry on timing out


Questions for the group

Questions for the Group

  • Happy with congestion control behavior?

  • Happy with FINGERPRINT approach


Open issues

Open Issues

  • DNS Discovery

    • Not purely backwards compatible with RFC 3489

    • Main difference

      • _stun._tcp was for shared secret before, now for binding usage

      • _stunpass._tcp for shared secret now, not defined previously

    • Recommendation: don’t care

  • Otherwise, ready for WGLC


  • Login