Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Published bySibyl Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro."— Presentation transcript:

1 Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro

2 Changes Since -00 Addressed reported Errata Move the Acknowledgments and Contributor sections to the end of the document, in accordance with RFC 7322 section 4.RFC 7322 section 4 Make clear that the cache RTO is discarded only if there is no new transactions for 10 minutes Added more C snippets to Appendix A

3 Changes Since -00 Merge of STUN URI (RFC 7064) DNS discovery is done from the URI. Reorganized the text about default ports.

4 Changes Since -00 Merge of STUN over DTLS (RFC 7350) Split the "Sending over..." sections in 3. Add DTLS-over-UDP as transport. Update the cipher suites & cipher/compression restrictions. A stuns URI with an IP address is rejected. Update the STUN Usages list with transport applicability.

5 Changes Since -00 The RTP delay between transactions applies only to parallel transactions, not to serial transactions. That prevents a 3 RTT delay between the first transaction and the second transaction with long term authentication.

6 Changes Since -00 Add a new attribute ALTERNATE-DOMAIN to verify the certificate of the ALTERNATE-SERVER after a 300 over (D)TLS. Added support for DANE in resolution algorithm Prevent the server from allocating the same NONCE to clients with different IP address and/or different port. This prevents sharing the nonce between TURN allocations in TURN.

7 Changes Since -00 Describe the MESSAGE-INTEGRITY/MESSAGE- INTEGRITY2 protocol. As simple as possible MI2 is only SHA256 First transaction you must put MI/MI2 Subsequent transaction you use either MI2 comes after MI so it can be comprehension mandatory

8 Changes Since -00 Add negotiation mechanism for new password hash algorithms. Server proposes a list of algorithms, client chooses one. Magic prefix in NONCE and repeated algorithm list in subsequent authenticated transaction protect against bid down attacks. What hash algorithm do we want? (aligned with HTTP/SIP?)

9 Changes Since -00 Add text saying ORIGIN can increase a request size beyond the MTU and thus require an SCTPoUDP transport. Add support for SCTP to solve the fragmentation problem. Selected SCTPoDTLS in order to match WebRTC Changed prefix to use 8 bits instead of 2 Simpler solution would be STUN PMTUD (draft- petithuguenin-tram-stun-pmtud-00)

10 Next Steps Do we need to integrate RFC 5769 (stun vectors) as additional examples in STUNbis?RFC 5769 Update of Security Considerations pending Update of IANA Considerations section Remove text making initial registrations Update STUN Methods registry from RFC 5764 demux update draft-petithuguenin-avtcore-rfc5764-mux-fixes Additional reviews requested

Download ppt "Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro."

Similar presentations

Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003.

Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
Doc.: IEEE 802.19-11/0040r0 Submission April 2011 Miika Laaksonen, NokiaSlide 1 Coexistence Discovery Procedures Notice: This document has been prepared.

Doc.: IEEE /0040r0 Submission April 2011 Miika Laaksonen, NokiaSlide 1 Coexistence Discovery Procedures Notice: This document has been prepared.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.

1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems.

STUN bis draft-ietf-behave-rfc3489bis Jonathan Rosenberg Cisco Systems.
SIP Security Matt Hsu.

SIP Security Matt Hsu.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Chapter 8 Web Security.

Chapter 8 Web Security.
Host Identity Protocol

Host Identity Protocol
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.
TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.

TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.
WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
1 Notification Rate Control draft-ietf-sipcore-event-rate-control-04 78th IETF,

1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,

Similar presentations

Ads by Google