STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems.

Slides:

Advertisements

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

Advertisements

Open Issues in bis 12/6/2001 5:28 PM Jonathan Rosenberg dynamicsoft.

7. 7 Chapter 13 Transmission Control Protocol (TCP) Retransmission and Time-Out.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Internet Networking Spring 2003

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

Advanced UDP Sockets© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.

5/12/05CS118/Spring051 A Day in the Life of an HTTP Query 1.HTTP Brower application Socket interface 3.TCP 4.IP 5.Ethernet 2.DNS query 6.IP router 7.Running.

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Setting up in Outlook Express. Select “Tools” from the toolbar menu.

1 Enabling Secure Internet Access with ISA Server.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

RADIUS Server (Brocade Controller)

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

SQL SETUP FILE SELECTION

TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.

Bootstrap and Autoconfiguration (DHCP)

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker ： Wenping Zhang date ：

CS 4396 Computer Networks Lab

TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 5 – Configure Site-to-Site VPNs Using Digital Certificates.

Transport Layer Moving Segments. Transport Layer Protocols Provide a logical communication link between processes running on different hosts as if directly.

1 STUN Changes draft-ietf-behave-rfc3489bis-03 Jonathan Rosenberg Dan Wing Cisco Systems.

Quick-Start for TCP and IP draft-ietf-tsvwg-quickstart-01.txt A.Jain, S. Floyd, M. Allman, and P. Sarolahti TSVWG, November 2005 This and earlier presentations::

TURN -01 Changes and Issues Rohan Mahy BEHAVE at IETF66 - Montreal.

Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)

Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-00.

Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.

RFC3489bis Jonathan Rosenberg Cisco. Issue #1: IPSec Demux Raised by HIP folks IPSec in the kernel and ICE in userland –IPSec kicksc all packets with.

Caller Prefs and Friends Jonathan Rosenberg dynamicsoft.

Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.

Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund.

TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.

TCP Timeout and Retransmission

RTCWEB STUN Usage for Consent Freshness and Session Liveness draft-muthu-behave-consent-freshness-01 Authors: D. Wing, Muthu A M. Perumal, R. Ram Mohan,

New Revision of the Interactive Connectivity Establishment (ICE) IETF 85, Atlanta November 6 th, 2012 Ari Keränen.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.

IP Configuration API. Network Interface Configuration NAIfconfigIsDeviceUp() NAIfconfigDeviceFromInterface() NAIfconfigBringDeviceUp() NAIfconfigSetIpAddress()

TURN draft-ietf-behave-turn-09 Philip Matthews Rohan Mahy Jonathan Rosenberg.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

Draft-ietf-p2psip-base-08 Cullen Jennings Bruce Lowekamp Eric Rescorla Salman Baset Henning Schulzrinne March 25, 2010.

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

11 CS716 Advanced Computer Networks By Dr. Amir Qayyum.

How to develop a VoIP softphone in C# by using OZEKI VoIP SIP SDK This presentation demonstrates the first steps concerning to how to develop a fully-functional.

Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model

1 CMPT 471 Networking II OSPF © Janice Regan,

TCP - Part III TCP Timers Selective Acknowledgements.

Transmission Control Protocol (TCP) Retransmission and Time-Out

Open issues with PANA Protocol

Jonathan Rosenberg Volker Hilt Daryl Malas

PANA Issues and Resolutions

Cisco Unity Connection 2.0 Phone View Configuration

TCP Wrap-up TCP Timers Selective Acknowledgements.

Cryptography and Network Security

draft-ietf-behave-nat-behavior-discovery-01

Fix Thunderbird Error 5.7.1 Call Toll-free

Ana Maria Chanaba Robert Huylo

Charles E. Perkins RFC 2002bis Charles E. Perkins

ECN in QUIC - Questions Surfaced

Presentation transcript:

STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems

Changes from -04 to -05 Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional –MUST use if cookie not enough –SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range TCP-based congestion control added in –Initial RTT estimate configurable, 100ms for fixed broadband –Retransmit interval doubles after every xmit (not flatten out) –Number of retransmits from 9 to 7 –Karns’ algorithm for RTT estimation mentioned

Changes from -04 to -05 New structure for Message Type –Bits M11 to M0 is “method” –C1 to C0 is “class” 0: Request 1: Indication 2: Success Response 3: Error Response Backwards compatible except TURN indications |M|M|M|M|M|C|M|M|M|C|M|M|M|M| |1|1|9|8|7|1|6|5|4|0|3|2|2|0| |1|0| | | | | | | | | | | | |

Changes from -04 to -05 Retransmission rules called out –Server sends same response –Client ignores subsequent responses Servers check for unknown methods and reject if unknown If you get a 436 when using short term credential from shared secret, reobtain Softened authentication rules on keepalive – discuss what to do if you don’t authenticate

Changes from -04 to -05 Clarify applicability of shared secrets (all servers or just one) Clarify behavior if request omitted MESSAGE- INTEGRITY but response has it Reuse short term credentials on 300 Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED Server has to include MESSAGE-INTEGRITY in response if it was in request Success responses can include Nonce

Changes from -04 to -05 For shared secret requests, removed client IP address in computation of password –Leftover from rfc3489 stuff Added procedures for retry on timing out

Questions for the Group Happy with congestion control behavior? Happy with FINGERPRINT approach

Open Issues DNS Discovery –Not purely backwards compatible with RFC 3489 –Main difference _stun._tcp was for shared secret before, now for binding usage _stunpass._tcp for shared secret now, not defined previously –Recommendation: don’t care Otherwise, ready for WGLC