Download presentation
Presentation is loading. Please wait.
Published byJacob Lambert Pierce Modified over 9 years ago
1
STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems
2
Changes from -04 to -05 Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional –MUST use if cookie not enough –SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range TCP-based congestion control added in –Initial RTT estimate configurable, 100ms for fixed broadband –Retransmit interval doubles after every xmit (not flatten out) –Number of retransmits from 9 to 7 –Karns’ algorithm for RTT estimation mentioned
3
Changes from -04 to -05 New structure for Message Type –Bits M11 to M0 is “method” –C1 to C0 is “class” 0: Request 1: Indication 2: Success Response 3: Error Response Backwards compatible except TURN indications +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |M|M|M|M|M|C|M|M|M|C|M|M|M|M| |1|1|9|8|7|1|6|5|4|0|3|2|2|0| |1|0| | | | | | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4
Changes from -04 to -05 Retransmission rules called out –Server sends same response –Client ignores subsequent responses Servers check for unknown methods and reject if unknown If you get a 436 when using short term credential from shared secret, reobtain Softened authentication rules on keepalive – discuss what to do if you don’t authenticate
5
Changes from -04 to -05 Clarify applicability of shared secrets (all servers or just one) Clarify behavior if request omitted MESSAGE- INTEGRITY but response has it Reuse short term credentials on 300 Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED Server has to include MESSAGE-INTEGRITY in response if it was in request Success responses can include Nonce
6
Changes from -04 to -05 For shared secret requests, removed client IP address in computation of password –Leftover from rfc3489 stuff Added procedures for retry on timing out
7
Questions for the Group Happy with congestion control behavior? Happy with FINGERPRINT approach
8
Open Issues DNS Discovery –Not purely backwards compatible with RFC 3489 –Main difference _stun._tcp was for shared secret before, now for binding usage _stunpass._tcp for shared secret now, not defined previously –Recommendation: don’t care Otherwise, ready for WGLC
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.