Stun bis draft ietf behave rfc3489bis
Download
1 / 8

STUN bis draft-ietf-behave-rfc3489bis - PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on
  • Presentation posted in: General

STUN bis draft-ietf-behave-rfc3489bis. Jonathan Rosenberg Cisco Systems. Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional MUST use if cookie not enough SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

STUN bis draft-ietf-behave-rfc3489bis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


STUN bisdraft-ietf-behave-rfc3489bis

Jonathan Rosenberg

Cisco Systems


Removed ICE connectivity check usage (in ICE now)

FINGERPRINT optional

MUST use if cookie not enough

SHOULD use otherwise

FINGERPRINT changed to CRC-32 (V.42 polynomial)

FINGERPRINT attribute number to optional range

TCP-based congestion control added in

Initial RTT estimate configurable, 100ms for fixed broadband

Retransmit interval doubles after every xmit (not flatten out)

Number of retransmits from 9 to 7

Karns’ algorithm for RTT estimation mentioned

Changes from -04 to -05


Changes from -04 to -05

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|M|M|M|M|M|C|M|M|M|C|M|M|M|M|

|1|1|9|8|7|1|6|5|4|0|3|2|2|0|

|1|0| | | | | | | | | | | | |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  • New structure for Message Type

    • Bits M11 to M0 is “method”

    • C1 to C0 is “class”

      • 0: Request

      • 1: Indication

      • 2: Success Response

      • 3: Error Response

  • Backwards compatible except TURN indications


Retransmission rules called out

Server sends same response

Client ignores subsequent responses

Servers check for unknown methods and reject if unknown

If you get a 436 when using short term credential from shared secret, reobtain

Softened authentication rules on keepalive – discuss what to do if you don’t authenticate

Changes from -04 to -05


Clarify applicability of shared secrets (all servers or just one)

Clarify behavior if request omitted MESSAGE-INTEGRITY but response has it

Reuse short term credentials on 300

Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED

Server has to include MESSAGE-INTEGRITY in response if it was in request

Success responses can include Nonce

Changes from -04 to -05


Changes from -04 to -05

  • For shared secret requests, removed client IP address in computation of password

    • Leftover from rfc3489 stuff

  • Added procedures for retry on timing out


Questions for the Group

  • Happy with congestion control behavior?

  • Happy with FINGERPRINT approach


Open Issues

  • DNS Discovery

    • Not purely backwards compatible with RFC 3489

    • Main difference

      • _stun._tcp was for shared secret before, now for binding usage

      • _stunpass._tcp for shared secret now, not defined previously

    • Recommendation: don’t care

  • Otherwise, ready for WGLC


ad
  • Login