Stun bis draft ietf behave rfc3489bis
Download
1 / 8

STUN bis draft-ietf-behave-rfc3489bis - PowerPoint PPT Presentation


  • 139 Views
  • Uploaded on

STUN bis draft-ietf-behave-rfc3489bis. Jonathan Rosenberg Cisco Systems. Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional MUST use if cookie not enough SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'STUN bis draft-ietf-behave-rfc3489bis' - spiro


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Stun bis draft ietf behave rfc3489bis

STUN bisdraft-ietf-behave-rfc3489bis

Jonathan Rosenberg

Cisco Systems


Changes from 04 to 05

Removed ICE connectivity check usage (in ICE now)

FINGERPRINT optional

MUST use if cookie not enough

SHOULD use otherwise

FINGERPRINT changed to CRC-32 (V.42 polynomial)

FINGERPRINT attribute number to optional range

TCP-based congestion control added in

Initial RTT estimate configurable, 100ms for fixed broadband

Retransmit interval doubles after every xmit (not flatten out)

Number of retransmits from 9 to 7

Karns’ algorithm for RTT estimation mentioned

Changes from -04 to -05


Changes from 04 to 051
Changes from -04 to -05

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|M|M|M|M|M|C|M|M|M|C|M|M|M|M|

|1|1|9|8|7|1|6|5|4|0|3|2|2|0|

|1|0| | | | | | | | | | | | |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  • New structure for Message Type

    • Bits M11 to M0 is “method”

    • C1 to C0 is “class”

      • 0: Request

      • 1: Indication

      • 2: Success Response

      • 3: Error Response

  • Backwards compatible except TURN indications


Changes from 04 to 052

Retransmission rules called out

Server sends same response

Client ignores subsequent responses

Servers check for unknown methods and reject if unknown

If you get a 436 when using short term credential from shared secret, reobtain

Softened authentication rules on keepalive – discuss what to do if you don’t authenticate

Changes from -04 to -05


Changes from 04 to 053

Clarify applicability of shared secrets (all servers or just one)

Clarify behavior if request omitted MESSAGE-INTEGRITY but response has it

Reuse short term credentials on 300

Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED

Server has to include MESSAGE-INTEGRITY in response if it was in request

Success responses can include Nonce

Changes from -04 to -05


Changes from 04 to 054
Changes from -04 to -05 one)

  • For shared secret requests, removed client IP address in computation of password

    • Leftover from rfc3489 stuff

  • Added procedures for retry on timing out


Questions for the group
Questions for the Group one)

  • Happy with congestion control behavior?

  • Happy with FINGERPRINT approach


Open issues
Open Issues one)

  • DNS Discovery

    • Not purely backwards compatible with RFC 3489

    • Main difference

      • _stun._tcp was for shared secret before, now for binding usage

      • _stunpass._tcp for shared secret now, not defined previously

    • Recommendation: don’t care

  • Otherwise, ready for WGLC