1 / 8

STUN bis draft-ietf-behave-rfc3489bis

STUN bis draft-ietf-behave-rfc3489bis. Jonathan Rosenberg Cisco Systems. Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional MUST use if cookie not enough SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range.

spiro
Download Presentation

STUN bis draft-ietf-behave-rfc3489bis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. STUN bisdraft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems

  2. Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional MUST use if cookie not enough SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range TCP-based congestion control added in Initial RTT estimate configurable, 100ms for fixed broadband Retransmit interval doubles after every xmit (not flatten out) Number of retransmits from 9 to 7 Karns’ algorithm for RTT estimation mentioned Changes from -04 to -05

  3. Changes from -04 to -05 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |M|M|M|M|M|C|M|M|M|C|M|M|M|M| |1|1|9|8|7|1|6|5|4|0|3|2|2|0| |1|0| | | | | | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • New structure for Message Type • Bits M11 to M0 is “method” • C1 to C0 is “class” • 0: Request • 1: Indication • 2: Success Response • 3: Error Response • Backwards compatible except TURN indications

  4. Retransmission rules called out Server sends same response Client ignores subsequent responses Servers check for unknown methods and reject if unknown If you get a 436 when using short term credential from shared secret, reobtain Softened authentication rules on keepalive – discuss what to do if you don’t authenticate Changes from -04 to -05

  5. Clarify applicability of shared secrets (all servers or just one) Clarify behavior if request omitted MESSAGE-INTEGRITY but response has it Reuse short term credentials on 300 Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED Server has to include MESSAGE-INTEGRITY in response if it was in request Success responses can include Nonce Changes from -04 to -05

  6. Changes from -04 to -05 • For shared secret requests, removed client IP address in computation of password • Leftover from rfc3489 stuff • Added procedures for retry on timing out

  7. Questions for the Group • Happy with congestion control behavior? • Happy with FINGERPRINT approach

  8. Open Issues • DNS Discovery • Not purely backwards compatible with RFC 3489 • Main difference • _stun._tcp was for shared secret before, now for binding usage • _stunpass._tcp for shared secret now, not defined previously • Recommendation: don’t care • Otherwise, ready for WGLC

More Related