Presentation is loading. Please wait.

Presentation is loading. Please wait.

STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems.

Published byJacob Lambert Pierce Modified over 9 years ago

Similar presentations

Presentation on theme: "STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems."— Presentation transcript:

1 STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems

2 Changes from -04 to -05 Removed ICE connectivity check usage (in ICE now) FINGERPRINT optional –MUST use if cookie not enough –SHOULD use otherwise FINGERPRINT changed to CRC-32 (V.42 polynomial) FINGERPRINT attribute number to optional range TCP-based congestion control added in –Initial RTT estimate configurable, 100ms for fixed broadband –Retransmit interval doubles after every xmit (not flatten out) –Number of retransmits from 9 to 7 –Karns’ algorithm for RTT estimation mentioned

3 Changes from -04 to -05 New structure for Message Type –Bits M11 to M0 is “method” –C1 to C0 is “class” 0: Request 1: Indication 2: Success Response 3: Error Response Backwards compatible except TURN indications +-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |M|M|M|M|M|C|M|M|M|C|M|M|M|M| |1|1|9|8|7|1|6|5|4|0|3|2|2|0| |1|0| | | | | | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4 Changes from -04 to -05 Retransmission rules called out –Server sends same response –Client ignores subsequent responses Servers check for unknown methods and reject if unknown If you get a 436 when using short term credential from shared secret, reobtain Softened authentication rules on keepalive – discuss what to do if you don’t authenticate

5 Changes from -04 to -05 Clarify applicability of shared secrets (all servers or just one) Clarify behavior if request omitted MESSAGE- INTEGRITY but response has it Reuse short term credentials on 300 Clarify backwards compatibility for clients for XOR-MAPPED vs. MAPPED Server has to include MESSAGE-INTEGRITY in response if it was in request Success responses can include Nonce

6 Changes from -04 to -05 For shared secret requests, removed client IP address in computation of password –Leftover from rfc3489 stuff Added procedures for retry on timing out

7 Questions for the Group Happy with congestion control behavior? Happy with FINGERPRINT approach

8 Open Issues DNS Discovery –Not purely backwards compatible with RFC 3489 –Main difference _stun._tcp was for shared secret before, now for binding usage _stunpass._tcp for shared secret now, not defined previously –Recommendation: don’t care Otherwise, ready for WGLC

Download ppt "STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems."

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
Open Issues in bis 12/6/2001 5:28 PM Jonathan Rosenberg dynamicsoft.

Open Issues in bis 12/6/2001 5:28 PM Jonathan Rosenberg dynamicsoft.
7. 7 Chapter 13 Transmission Control Protocol (TCP) Retransmission and Time-Out.

7. 7 Chapter 13 Transmission Control Protocol (TCP) Retransmission and Time-Out.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.

Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Internet Networking Spring 2003

Internet Networking Spring 2003
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Advanced UDP Sockets© Dr. Ayman Abdel-Hamid, CS4254 Spring 20061 CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.

Advanced UDP Sockets© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.
5/12/05CS118/Spring051 A Day in the Life of an HTTP Query 1.HTTP Brower application Socket interface 3.TCP 4.IP 5.Ethernet 2.DNS query 6.IP router 7.Running.

5/12/05CS118/Spring051 A Day in the Life of an HTTP Query 1.HTTP Brower application Socket interface 3.TCP 4.IP 5.Ethernet 2.DNS query 6.IP router 7.Running.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Setting up Email in Outlook Express. Select “Tools” from the toolbar menu.

Setting up in Outlook Express. Select “Tools” from the toolbar menu.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Similar presentations

Ads by Google