Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Slides:



Advertisements
Similar presentations
Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003.
Advertisements

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
Doc.: IEEE /0040r0 Submission April 2011 Miika Laaksonen, NokiaSlide 1 Coexistence Discovery Procedures Notice: This document has been prepared.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems.
SIP Security Matt Hsu.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Chapter 8 Web Security.
Host Identity Protocol
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.
TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.
WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Curtsy Web
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
1 STUN Changes draft-ietf-behave-rfc3489bis-03 Jonathan Rosenberg Dan Wing Cisco Systems.
Transport Layer Security (TLS) IETF-72, Dublin July 27, 2008 Chairs: Eric Rescorla Joseph Salowey.
June 6, CRISP Overview and Update Andrew Newton VeriSign Labs
Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
RFC3489bis Jonathan Rosenberg Cisco. Issue #1: IPSec Demux Raised by HIP folks IPSec in the kernel and ICE in userland –IPSec kicksc all packets with.
SIP working group IETF#70 Essential corrections Keith Drage.
IETF-81, Quebec City, July 25-29, 2011
6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund.
TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
Moving HIP to Standards Track Robert Moskowitz ICSAlabs an Independent Div of Verizon Business Systems July 30, 2009 Slides presented.
TURN draft-ietf-behave-turn-09 Philip Matthews Rohan Mahy Jonathan Rosenberg.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
Transport Layer Security (TLS) IETF 73 Thursday, November Chairs: Eric Rescorla Joe Salowey.
MIDCOM MIB Juergen Quittek, Martin Stiemerling, Pyda Srisuresh 60th IETF meeting, MIDCOM session.
Page 1 IETF Speermint Working Group Speermint draft-ietf-speermint-requirements-04 IETF 71 - Wednesday March 12, 2008 Jean-François Mulé -
Globally Identifiable Number (GIN) Registration Adam Roach draft-martini-roach-gin-01 IETF 77 – Anaheim, CA, USA March 22, 2010.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
SDP draft-ietf-mmusic-sdp-new-21.txt Colin Perkins.
Draft-gu-ppsp-tracker-protocol-04 Presenter : Gu Yingjie IETF-81, Quebec, July, 2011.
Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.
Informing AAA about what lower layer protocol is carrying EAP
Open issues with PANA Protocol
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
draft-ietf-lisp-sec-12
Phil Hunt, Hannes Tschofenig
PANA Issues and Resolutions
draft-ietf-simple-message-sessions-00 Ben Campbell
draft-ietf-behave-nat-behavior-discovery-01
AAA and AAAS URI Miguel A. Garcia draft-garcia-dime-aaa-uri-00.txt
Configuring and Troubleshooting Routing and Remote Access
draft-ietf-simple-message-session-09
draft-ipdvb-sec-01.txt ULE Security Requirements
TG1 Draft Topics Date: Authors: September 2012 Month Year
Agenda Wednesday, March 30, :00 – 11:30 AM
Presentation transcript:

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro

Changes Since -00 Addressed reported Errata Move the Acknowledgments and Contributor sections to the end of the document, in accordance with RFC 7322 section 4.RFC 7322 section 4 Make clear that the cache RTO is discarded only if there is no new transactions for 10 minutes Added more C snippets to Appendix A

Changes Since -00 Merge of STUN URI (RFC 7064) DNS discovery is done from the URI. Reorganized the text about default ports.

Changes Since -00 Merge of STUN over DTLS (RFC 7350) Split the "Sending over..." sections in 3. Add DTLS-over-UDP as transport. Update the cipher suites & cipher/compression restrictions. A stuns URI with an IP address is rejected. Update the STUN Usages list with transport applicability.

Changes Since -00 The RTP delay between transactions applies only to parallel transactions, not to serial transactions. That prevents a 3 RTT delay between the first transaction and the second transaction with long term authentication.

Changes Since -00 Add a new attribute ALTERNATE-DOMAIN to verify the certificate of the ALTERNATE-SERVER after a 300 over (D)TLS. Added support for DANE in resolution algorithm Prevent the server from allocating the same NONCE to clients with different IP address and/or different port. This prevents sharing the nonce between TURN allocations in TURN.

Changes Since -00 Describe the MESSAGE-INTEGRITY/MESSAGE- INTEGRITY2 protocol. As simple as possible MI2 is only SHA256 First transaction you must put MI/MI2 Subsequent transaction you use either MI2 comes after MI so it can be comprehension mandatory

Changes Since -00 Add negotiation mechanism for new password hash algorithms. Server proposes a list of algorithms, client chooses one. Magic prefix in NONCE and repeated algorithm list in subsequent authenticated transaction protect against bid down attacks. What hash algorithm do we want? (aligned with HTTP/SIP?)

Changes Since -00 Add text saying ORIGIN can increase a request size beyond the MTU and thus require an SCTPoUDP transport. Add support for SCTP to solve the fragmentation problem. Selected SCTPoDTLS in order to match WebRTC Changed prefix to use 8 bits instead of 2 Simpler solution would be STUN PMTUD (draft- petithuguenin-tram-stun-pmtud-00)

Next Steps Do we need to integrate RFC 5769 (stun vectors) as additional examples in STUNbis?RFC 5769 Update of Security Considerations pending Update of IANA Considerations section Remove text making initial registrations Update STUN Methods registry from RFC 5764 demux update draft-petithuguenin-avtcore-rfc5764-mux-fixes Additional reviews requested

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.