BEHAVE                                                      J. Rosenberg
Internet-Draft                                             Cisco Systems
Expires:  August 5, 2006 January 12, 2007                                     C. Huitema
                                                               Microsoft
                                                                 R. Mahy
                                                             Plantronics
                                                                 D. Wing
                                                           Cisco Systems
                                                           February
                                                           July 11, 2006

  Simple Traversal of UDP Through Underneath Network Address Translators (NAT) (STUN)
                    draft-ietf-behave-rfc3489bis-03
                    draft-ietf-behave-rfc3489bis-04

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 5, 2006. January 12, 2007.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   Simple Traversal of UDP Through Underneath NATs (STUN) is a lightweight protocol
   that provides the ability serves as a tool for applications application protocols in dealing with NAT
   traversal.  It allows a client to determine the public IP
   addresses address and ports port
   allocated to them by the a NAT and to keep NAT bindings open.  These addresses and ports  It can be placed into protocol
   payloads where
   also serve as a check for connectivity between a client needs to provide and a publically routable IP
   address. server
   in the presence of NAT, and for the client to detect failure of the
   server.  STUN works with many existing NATs, and does not require any
   special behavior from them.  As a result, it allows a wide variety of
   applications to work through existing NAT infrastructure.

Table of Contents

   1.  Applicability Statement  . . . . . . . . . . . . . . . . . . .  5
   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  6
   4.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Overview of Operation  . . . . . . . . . . . . . . . . . . . .  7
   6.  STUN Message Structure . . . . . . . . . . . . . . . . . . . .  9 11
   7.  STUN Transactions  . . . . . . . . . . . . . . . . . . . . . . 11 14
     7.1.   Request Transaction Reliability   Request/Response Transactions . . . . . . . . . . . . . 11
   8.  General Client Behavior . 14
     7.2.   Indications . . . . . . . . . . . . . . . . . . 12
     8.1.   Request Message Types . . . . . 15
   8.  Client Behavior  . . . . . . . . . . . . . 12
       8.1.1.  Discovery . . . . . . . . . . 15
     8.1.   Discovery . . . . . . . . . . . . 12
       8.1.2.  Obtaining a Shared Secret . . . . . . . . . . . . 15
     8.2.   Obtaining a Shared Secret . . 13
       8.1.3.  Formulating the Request Message . . . . . . . . . . . 14
       8.1.4.  Processing Responses . . . 16
     8.3.   Request/Response Transactions . . . . . . . . . . . . . . 14
       8.1.5.  Using 17
       8.3.1.  Formulating the Mapped Address Request Message  . . . . . . . . . . . 17
       8.3.2.  Processing Responses . . . . 15
     8.2.   Indication Message Types . . . . . . . . . . . . . 18
     8.4.   Indication Transactions . . . 17
       8.2.1.  Formulating the Indication Message . . . . . . . . . . 17 . . . . 21
   9.  General  Server Behavior  . . . . . . . . . . . . . . . . . . . 17
     9.1.   Request Message Types . . . . 22
     9.1.   Request/Response Transactions . . . . . . . . . . . . . . 17 22
       9.1.1.  Receive Request Message  . . . . . . . . . . . . . . . 17 23
       9.1.2.  Constructing the Response  . . . . . . . . . . . . . . 19 25
       9.1.3.  Sending the Response . . . . . . . . . . . . . . . . . 19 26
     9.2.   Indication Message Types Transactions . . . . . . . . . . . . . . . . . 19 26
   10. Short-Term Passwords Demultiplexing of STUN and Application Traffic . . . . . . . . 27
   11. STUN Attributes  . . . . . . . . . . . . . 19
   11. STUN Attributes . . . . . . . . . . 28
     11.1.  MAPPED-ADDRESS  . . . . . . . . . . . . . 20
     11.1.  MAPPED-ADDRESS . . . . . . . . 28
     11.2.  USERNAME  . . . . . . . . . . . . . 21
     11.2.  RESPONSE-ADDRESS . . . . . . . . . . . 29
     11.3.  PASSWORD  . . . . . . . . . 21
     11.3.  CHANGED-ADDRESS . . . . . . . . . . . . . . . 29
     11.4.  MESSAGE-INTEGRITY . . . . . . 22
     11.4.  CHANGE-REQUEST . . . . . . . . . . . . . . 30
     11.5.  FINGERPRINT . . . . . . . 22
     11.5.  SOURCE-ADDRESS . . . . . . . . . . . . . . . . 30
     11.6.  ERROR-CODE  . . . . . 23
     11.6.  USERNAME . . . . . . . . . . . . . . . . . . 30
     11.7.  REALM . . . . . . 23
     11.7.  PASSWORD . . . . . . . . . . . . . . . . . . . . 32
     11.8.  NONCE . . . . 23
     11.8.  MESSAGE-INTEGRITY . . . . . . . . . . . . . . . . . . . . 23
     11.9.  ERROR-CODE . . 32
     11.9.  UNKNOWN-ATTRIBUTES  . . . . . . . . . . . . . . . . . . . 32
     11.10. XOR-MAPPED-ADDRESS  . . 24
     11.10. REFLECTED-FROM . . . . . . . . . . . . . . . . . 33
     11.11. SERVER  . . . . 26
     11.11. ALTERNATE-SERVER . . . . . . . . . . . . . . . . . . . . 26 . 34
     11.12. REALM ALTERNATE-SERVER  . . . . . . . . . . . . . . . . . . . . 34
     11.13. REFRESH-INTERVAL  . . . . . . 26
     11.13. NONCE . . . . . . . . . . . . . . 34
   12. STUN Usages  . . . . . . . . . . . . . 26
     11.14. UNKNOWN-ATTRIBUTES . . . . . . . . . . . . 34
     12.1.  Binding Discovery . . . . . . . 27
     11.15. XOR-MAPPED-ADDRESS . . . . . . . . . . . . . 35
       12.1.1. Applicability  . . . . . . 27
     11.16. SERVER . . . . . . . . . . . . . . 35
       12.1.2. Client Discovery of Server . . . . . . . . . . . . . 28
     11.17. ALTERNATE-SERVER . 36
       12.1.3. Server Determination of Usage  . . . . . . . . . . . . 36
       12.1.4. New Requests or Indications  . . . . . . . 28
     11.18. BINDING-LIFETIME . . . . . . 37
       12.1.5. New Attributes . . . . . . . . . . . . . . 29
   12. STUN Usages . . . . . . 37
       12.1.6. New Error Response Codes . . . . . . . . . . . . . . . 37
       12.1.7. Client Procedures  . . . . 29
     12.1.  Defined STUN Usages . . . . . . . . . . . . . . 37
       12.1.8. Server Procedures  . . . . . 29
     12.2. . . . . . . . . . . . . . 37
       12.1.9. Security Considerations for Binding Discovery  . . . . 37
     12.2.  Connectivity Check  . . . . . . . . . . . . . . . . . . 29 . 37
       12.2.1. Applicability  . . . . . . . . . . . . . . . . . . . . 29 37
       12.2.2. Client Discovery of Server . . . . . . . . . . . . . . 30 38
       12.2.3. Server Determination of Usage  . . . . . . . . . . . . 30 38
       12.2.4. New Requests or Indications  . . . . . . . . . . . . . 30 38
       12.2.5. New Attributes . . . . . . . . . . . . . . . . . . . . 30 39
       12.2.6. New Error Response Codes . . . . . . . . . . . . . . . 30 39
       12.2.7. Client Procedures  . . . . . . . . . . . . . . . . . . 30 39
       12.2.8. Server Procedures  . . . . . . . . . . . . . . . . . . 30 39
       12.2.9. Security Considerations for Binding Discovery Connectivity Check . . . . 30 39
     12.3.  Connectivity Check  NAT Keepalives  . . . . . . . . . . . . . . . . . . . 31 . . 39
       12.3.1. Applicability  . . . . . . . . . . . . . . . . . . . . 31 39
       12.3.2. Client Discovery of Server . . . . . . . . . . . . . . 31 40
       12.3.3. Server Determination of Usage  . . . . . . . . . . . . 31 40
       12.3.4. New Requests or Indications  . . . . . . . . . . . . . 31 40
       12.3.5. New Attributes . . . . . . . . . . . . . . . . . . . . 31 40
       12.3.6. New Error Response Codes . . . . . . . . . . . . . . . 31 40
       12.3.7. Client Procedures  . . . . . . . . . . . . . . . . . . 31 41
       12.3.8. Server Procedures  . . . . . . . . . . . . . . . . . . 32 41
       12.3.9. Security Considerations for Connectivity Check NAT Keepalives . . . . 32
     12.4.  NAT Keepalives . . 41
     12.4.  Short-Term Password . . . . . . . . . . . . . . . . . . . 32 41
       12.4.1. Applicability  . . . . . . . . . . . . . . . . . . . . 32 42
       12.4.2. Client Discovery of Server . . . . . . . . . . . . . . 32 42
       12.4.3. Server Determination of Usage  . . . . . . . . . . . . 32 42
       12.4.4. New Requests or Indications  . . . . . . . . . . . . . 33 42
       12.4.5. New Attributes . . . . . . . . . . . . . . . . . . . . 33 43
       12.4.6. New Error Response Codes . . . . . . . . . . . . . . . 33 43
       12.4.7. Client Procedures  . . . . . . . . . . . . . . . . . . 33 43
       12.4.8. Server Procedures  . . . . . . . . . . . . . . . . . . 33 44
       12.4.9. Security Considerations for NAT Keepalives Short-Term Password  . . . 44
   13. Security Considerations  . . . 33
     12.5.  Short-Term Password . . . . . . . . . . . . . . . . 46
     13.1.  Attacks on STUN . . . 33
       12.5.1. Applicability . . . . . . . . . . . . . . . . . . 46
       13.1.1. Attack I: DDoS Against a Target  . . 33
       12.5.2. Client Discovery of Server . . . . . . . . . 46
       13.1.2. Attack II: Silencing a Client  . . . . . 34
       12.5.3. Server Determination of Usage . . . . . . . 47
       13.1.3. Attack III: Assuming the Identity of a Client  . . . . 47
       13.1.4. Attack IV: Eavesdropping . 34
       12.5.4. New Requests or Indications . . . . . . . . . . . . . 34
       12.5.5. New Attributes . 47
     13.2.  Launching the Attacks . . . . . . . . . . . . . . . . . . 47
       13.2.1. Approach I: Compromise a Legitimate STUN Server  . 35
       12.5.6. New Error Response Codes . . 48
       13.2.2. Approach II: DNS Attacks . . . . . . . . . . . . . 35
       12.5.7. Client Procedures . . 48
       13.2.3. Approach III: Rogue Router or NAT  . . . . . . . . . . 48
       13.2.4. Approach IV: Man in the Middle . . . . . . 35
       12.5.8. Server Procedures  . . . . . . . . . . . . . . . . . . 35
       12.5.9. Security Considerations for Short-Term Password  . . . 35
   13. Security Considerations  . . . . . . . . . 49
       13.2.5. Approach V: Response Injection Plus DoS  . . . . . . . 49
       13.2.6. Approach VI: Duplication . . . 36
     13.1.  Attacks on STUN . . . . . . . . . . . . 50
     13.3.  Countermeasures . . . . . . . . . 36
       13.1.1. Attack I: DDoS Against a Target . . . . . . . . . . . 36
       13.1.2. Attack II: Silencing a Client . 50
     13.4.  Residual Threats  . . . . . . . . . . . 36
       13.1.3. Attack III: Assuming the Identity of a Client . . . . 37
       13.1.4. Attack IV: Eavesdropping . . . . . 52
   14. IAB Considerations . . . . . . . . . . 37
     13.2.  Launching the Attacks . . . . . . . . . . . . 52
     14.1.  Problem Definition  . . . . . . 37
       13.2.1. Approach I: Compromise a Legitimate STUN Server . . . 38
       13.2.2. Approach II: DNS Attacks . . . . . . . . . . 52
     14.2.  Exit Strategy . . . . . 38
       13.2.3. Approach III: Rogue Router or NAT . . . . . . . . . . 38
       13.2.4. Approach IV: Man in the Middle . . . . . . . 52
     14.3.  Brittleness Introduced by STUN  . . . . . 39
       13.2.5. Approach V: Response Injection Plus DoS . . . . . . . 39
       13.2.6. Approach VI: Duplication . 53
     14.4.  Requirements for a Long Term Solution . . . . . . . . . . 54
     14.5.  Issues with Existing NAPT Boxes . . . . 39
     13.3.  Countermeasures . . . . . . . . . 55
   15. IANA Considerations  . . . . . . . . . . . . 40
     13.4.  Residual Threats . . . . . . . . . 56
     15.1.  STUN Message Type Registry  . . . . . . . . . . . 42
   14. IAB Considerations . . . . 56
     15.2.  STUN Attribute Registry . . . . . . . . . . . . . . . . . 56
   16. Changes Since RFC 3489 . 42
     14.1.  Problem Definition . . . . . . . . . . . . . . . . . . . 42
     14.2.  Exit Strategy 57
   17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 43
     14.3.  Brittleness Introduced by STUN . 58
   18. References . . . . . . . . . . . . 43
     14.4.  Requirements for a Long Term Solution . . . . . . . . . . 45
     14.5.  Issues with Existing NAPT Boxes . . . . 58
     18.1.  Normative References  . . . . . . . . . 46
     14.6.  In Closing . . . . . . . . . 58
     18.2.  Informational References  . . . . . . . . . . . . . . 46
   15. IANA Considerations . . 59
   Authors' Addresses . . . . . . . . . . . . . . . . . . . 47
     15.1.  STUN Message Type Registry . . . . . 61
   Intellectual Property and Copyright Statements . . . . . . . . . . 47
     15.2.  STUN Attribute Registry . . . . . . . . . . . . . . . . . 47
   16. Changes Since RFC 3489 . . . . . . . . . . . . . . . . . . . . 48
   17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 49
   18. References . . . . . . . . . . . . . . . . . . . . . . . . . . 49
     18.1.  Normative References  . . . . . . . . . . . . . . . . . . 49
     18.2.  Informational References  . . . . . . . . . . . . . . . . 50
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 52
   Intellectual Property and Copyright Statements . . . . . . . . . . 53 62

1.  Applicability Statement

   This protocol is not a cure-all for the problems associated with NAT.
   It does is a tool that is typically used in conjunction with other
   protocols, such as Interactive Connectivity Establishment (ICE) [11]
   for a more complete solution.  The binding discovery usage, defined
   by this specification, can be used by itself with numerous
   application protocols as a solution for NAT traversal.  However, when
   used in that way, STUN will not enable work with applications that require
   incoming TCP connections through NAT.  It allows will allow incoming UDP
   packets through NAT, but only through a subset of existing NAT types.
   In particular, the STUN binding usage by itself does not enable
   incoming UDP packets through "symmetric NATs", which is

      a NAT where all requests from the same internal IP address and
      port, to a specific destination IP address and port, are mapped to
      the same external IP NATs whose mapping property is address and port.  If the same host sends a
      packet with the same source
   dependent or address and port, but to a different
      destination, a different mapping is used. port dependent [12].  Furthermore, only the
      external host that receives a packet can send a UDP packet back to the internal host.

   This type of NAT is common in large enterprises.  STUN
   binding usage, when used by itself, does not work when it a client is used to obtain an address to communicate
   communicating with a peer which happens to be behind the same NAT.  STUN does not
   Nor will it work when the STUN server is not in a common shared
   address realm.

   In order to work with such a NAT, a media

   The STUN relay such as TURN [3] is
   required.  All other types of NATs work without a media relay.

   For usage, defined in [14], allows a more complete discussion client to obtain an
   IP address and port that actually reside on the STUN server.  The
   STUN relay usage, when used by itself, eliminates all of the
   limitations of STUN, see
   Section 14.

2.  Introduction

   Network Address Translators (NATs), while providing many benefits,
   also come with many drawbacks.  The most troublesome of those
   drawbacks is using the fact that they break many existing IP applications,
   and make binding usage by itself, as described above.
   However, it difficult to deploy new ones.  Guidelines have been
   developed [17] that describe how requires a server to build "NAT friendly" protocols,
   but many protocols simply cannot act as a relay for application
   traffic, which can be constructed according expensive to those
   guidelines.  Examples of such provide, operate and manage.

   For multimedia protocols include almost all peer-to-
   peer based on the offer/answer model [20],
   including the Session Initiation Protocol (SIP) [9], Interactive
   Connectivity Establishment (ICE) uses both the binding usage and
   relay usage, and furthermore makes use of the connectivity check
   usage defined here to help decide which of those two mechanisms ought
   to be used.

   Implementors should be aware of the specific deployment scenarios
   that are of interest, and of the specific protocol (whether its SIP
   or something else) in order to determine whether STUN is suitable as
   a tool to facilitate NAT traversal, and which usage should be used.

2.  Introduction

   Network Address Translators (NATs), while providing many benefits,
   also come with many drawbacks.  The most troublesome of those
   drawbacks is the fact that they break many existing IP applications,
   and make it difficult to deploy new ones.  Guidelines have been
   developed [18] that describe how to build "NAT friendly" protocols,
   but many protocols simply cannot be constructed according to those
   guidelines.  Examples of such protocols include almost all peer-to-
   peer protocols, such as multimedia communications, file sharing and
   games.

   To combat this problem, Application Layer Gateways (ALGs) have been
   embedded in NATs.  ALGs perform the application layer functions
   required for a particular protocol to traverse a NAT.  Typically,
   this involves rewriting application layer messages to contain
   translated addresses, rather than the ones inserted by the sender of
   the message.  ALGs have serious limitations, including scalability,
   reliability, and speed of deploying new applications.

   Many existing proprietary protocols, such as those for online games
   (such as the games described in RFC3027 [18]) [19]) and Voice over IP, have
   developed tricks that allow them to operate through NATs without
   changing those NATs and without relying on ALG behavior in the NATs.
   This document takes some of those ideas and codifies them into an
   interoperable protocol that can meet the needs of many applications.

   The protocol described here, Simple Traversal of UDP Through Underneath NAT (STUN),
   provides a toolkit of functions.  These functions allow entities
   behind a NAT to learn the address bindings allocated by the NAT, to
   keep those bindings open, and communicate with other STUN-
   aware STUN-aware
   entities to validate connecivity. connectivity and liveness.  STUN requires no
   changes to NATs, and works with an arbitrary number of NATs in tandem
   between the application entity and the public Internet.

3.  Terminology

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119
   [1] and indicate requirement levels for compliant STUN
   implementations.

4.  Definitions

   STUN Client Client: A STUN client (also just referred to as a client) is an
      entity that generates STUN requests. requests and receives STUN Server responses.
      Clients can also generate STUN indications.

   STUN Server: A STUN Server (also just referred to as a server) is an
      entity that receives STUN requests, and sends STUN responses.
      Servers also send STUN indications.

   Transport Address Address: The combination of an IP address and (UDP or TCP)
      port.

   Reflexive Transport Address Address: A transport address learned by a client
      which identifies that client as seen by another host on an IP
      network, typically a STUN server.  When there is an intervening
      NAT between the client and the other host, the reflexive transport
      address represents the binding allocated to the client on the
      public side of the NAT.  Reflexive transport addresses are learned
      from the mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) XOR-MAPPED-
      ADDRESS) in STUN responses.

   Mapped Address Address: The source IP address and port of the STUN Binding
      Request packet received by the STUN server and inserted into the
      mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) of
      the Binding Response message.

5.  Overview of Operation

   This section is descriptive only.  Normative behavior is described

   Long Term Credential: A username and associated password which
      represent a shared secret between client and server.  Long term
      credentials are generally granted to the client when a subscriber
      enrolles in
   Section 8 a service and Section .

                             /----\
                           // STUN \\
                          |  Server  |
                           \\      //
                             \----/

                        +--------------+             Public Internet
        ................|     NAT 2    |.......................
                        +--------------+

                        +--------------+             Private NET 2
        ................|     NAT 1    |.......................
                        +--------------+

                             /----\
                           // STUN \\
                          |  Client  |
                           \\      // persists until the subscriber leaves the
      service or explicitly changes the credential.

   Long Term Password: The password from a long term credential.

   Short Term Credential: A temporary username and associated password
      which represent a shared secret between client and server.  A
      short term credential has an explicit temporal scope, which may be
      based on a specific amount of time (such as 5 minutes) or on an
      event (such as termination of a SIP dialog).  The specific scope
      of a short term credential is defined by the application usage.  A
      short term credential can be obtained from a Shared Secret
      request, though other mechanisms are possible.

   Short Term Password: The password component of a short term
      credential.

5.  Overview of Operation

   This section is descriptive only.  Normative behavior is described in
   Section 8 and Section 9
                                /-----\
                              // STUN  \\
                             |   Server  |
                              \\       //
                                \-----/

                           +--------------+             Public Internet
           ................|     NAT 2    |.......................
                           +--------------+

                           +--------------+             Private NET 2
           ................|     NAT 1    |.......................
                           +--------------+

                                /-----\
                              // STUN  \\
                             |   Client  |
                              \\       //               Private NET 1
                             \----/
                                \-----/

   Figure 1: Typical STUN Server Configuration

   The typical STUN configuration is shown in Figure 1.  A STUN client
   is connected to private network 1.  This network connects to private
   network 2 through NAT 1.  Private network 2 connects to the public
   Internet through NAT 2.  The STUN server resides on the public
   Internet.

   STUN is a simple client-server protocol.  Two  It supports two types of messages are
   available --
   transactions.  One is a request/response transaction in which client
   sends a request to a server, and the server returns a response; and response.  The
   second are indications which can
   be are initiated by the client server or by the server
   client and which do not elicit a response.  There are two types of requests
   defined in this specification - Binding Requests, sent over UDP, Requests and Shared Secret
   Requests, sent over TLS [6] over TCP.  Shared Secret Requests ask the
   server to return a temporary username and password.  This username
   and password
   Requests.  There are used in a subsequent Binding Request and Binding
   Response, for the purposes of authentication and message integrity. no indications defined by this specification.

   Binding requests Requests are used to determine sent from the bindings allocated by
   NATs.  The client sends a towards the server.  When
   the Binding Request to arrives at the server, over UDP.
   The server examines the source IP address and port of the request,
   and copies them into a response that is sent back to the client --
   this is the 'mapped address'.  There are attributes for providing
   message integrity and authentication.

   The STUN client is typically embedded in an application which needs
   to obtain a public IP address and port that can be used to receive
   data.  For example, it might need to obtain an IP address and port to
   receive Real Time Transport Protocol (RTP [14]) traffic.  When the
   application starts, the STUN client within the application sends a
   STUN Shared Secret Request to its server, obtains a username and
   password, and then sends it a Binding Request.  STUN servers can be
   discovered through DNS SRV records [4], and it is generally assumed
   that the client is configured with the domain to use to find the STUN
   server.  Generally, this will be the domain of the provider of the
   service the application is using (such a provider is incented to
   deploy STUN servers in order to allow its customers to use its
   application through NAT).  Of course, a client can determine the
   address or domain name of a STUN server through other means.  A STUN
   server can even be embedded within an end system.

   The STUN Binding Request is used to discover the public IP address
   and port mappings generated by the NAT.  Binding Requests are sent to
   the STUN server using UDP.  When a Binding Request arrives at the
   STUN STUN server, it may have passed
   through one or more NATs between the STUN client and the STUN server. server
   (in Figure 1, there were two such NATs).  As a result, the source
   transport address of the request received by the server will be the
   mapped address created by the NAT closest to the server.  The STUN
   server copies that source IP address and port into a STUN Binding
   Response, and sends it back to the source IP address and port of the
   STUN request.  Every type of NAT will route that response so that it
   arrives at the STUN client.

   When  From this response, the STUN client receives the STUN Binding Response, it compares
   the knows its
   IP address and port in the packet with the local IP address and
   port it bound to when allocated by the request was sent.  If these do not match, outermost NAT towards the STUN
   server.

   STUN provides several mechanisms for authentication and message
   integrity.  The client knows and server can share a pre-provisioned shared
   secret, which is behind one used for a digest challenge/response authentication
   operation.  This is known as a long-term credential or more NATs.  If long-term
   shared secret.

   Alternatively, if the shared secret is obtained by some out-of-bands
   means and has a lifetime that is temporally scoped, a simple HMAC is
   provided, without a challenge operation.  This is known as a short
   term credential or short term password.  Short-term passwords are
   useful when there is no long-term relationship with a STUN server
   is publicly routable the IP address and port in
   thus no long-term password is shared between the STUN Binding
   Response are also publicly routable, client and can be used by any host on STUN
   server.  Even if there is a long-term password, the public Internet to send packets issuance of a
   short-term password is useful to the application that sent the prevent dictionary attacks.

   STUN request.  An application need only listen on the IP address and
   port from which itself provides a mechanism for obtaining such short term
   credentials, using the STUN request was sent.  Packets Shared Secret Request.  Shared Secret requests
   are sent by a host on over TLS [5] over TCP.  Shared Secret Requests ask the public Internet
   server to the public address return a temporary username and port learned by STUN
   will password that can be received by the application, so long as conditions permit.

   The conditions used
   in subsequent STUN requests.

   There are many ways in which these packets will not basic mechanisms can be received by the
   client are described in Section 1.

   It should be noted that used to
   accomplish a specific task.  As a result, STUN has the configuration in Figure 1 notion of a
   usage.  A usage is not a specific use case for the only
   permissible configuration.  The STUN server can be located anywhere,
   including within another client. protocol.  The only requirement
   usage will define what it is that the
   STUN server is reachable by client does with the client, and if mapped
   address it receives, defines when the client is trying
   to obtain a publicly routable address, that the server reside on would send Binding
   requests and why, and would constrain the
   public Internet.

6.  STUN Message Structure

   STUN messages are TLV (type-length-value) encoded using big endian
   (network ordered) binary.  STUN messages are encoded using binary
   fields.  All integer fields are carried in network byte order, that
   is, most significant byte (octet) first.  This byte order is commonly
   known as big-endian.  The transmission order is described in detail
   in Appendix B set of RFC791 [2].  Unless otherwise noted, numeric
   constants are authentication
   mechanisms or attributes that get used in decimal (base 10).  All STUN messages start with a
   single that usage.  STUN header followed by a usages
   can also define new attributes and message types, if needed.  This
   specification defines four STUN payload. usages - binding discovery,
   connectivity check, NAT keepalives, and short-term password.

   The payload binding discovery usage is sometimes referred to as 'classic
   STUN', since it is a
   series of STUN attributes, the set of which depends on usage originally envisioned in RFC 3489 [13],
   the message
   type.  The STUN header contains a STUN message type, transaction ID,
   and length. predecessor to this specification.  The length indicates the total length purpose of the STUN
   payload, not including binding
   discovery usage is for the 20-byte header.

   There are two categories of STUN message types:  Requests client to obtain an IP address and
   Indications.

   Upon receiving a STUN request, port at
   which it is reachable, that it can include in application layer
   signaling messages, such as the Session Description Protocol (SDP)
   [17] body of a SIP message, utilized to receive Real Time Transport
   Protocol (RTP [15]) traffic.  In this usage, the STUN server will send a STUN success
   response or a STUN error response.  All STUN success responses MUST
   have a type whose value is 0x100 higher than their associated
   request,
   typically located on the public Internet and all STUN error responses MUST have run by the service
   provider offering the application service (such as a type whose value is
   0x110 higher than their associated request.  Any newly defined STUN
   message types MUST use message type values 0x100 and 0x110 higher for
   their success and error responses, respectively.  STUN Requests are
   sent reliably (Section 7.1).  The transaction ID is used to correlate
   requests and responses.

   An indication message can SIP provider),
   though this need not be sent from the case.  The client to the server, or
   from would utilize the server STUN
   request just prior to the client.  Indication messages are not sent
   reliably do not have an associated success response sending a protocol message type (such as a SIP
   INVITE request or
   associated error response message type.  Indication messages can be
   sent by 200 OK response) which requires the STUN client to embed
   its IP address in it.

   In the server, or from connectivity check usage, two hosts on the STUN server Internet have used
   a protocol such as SIP to the
   client.  The transaction ID is rendezvous, and have used it to exchange IP
   addresses and ports at which they might be reachable.  However, each
   host does not know whether it can actually connect to distinguish indication
   messages.

   All STUN messages consist of a 20 byte header:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |0 0|     STUN Message Type     |         Message Length        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                         Magic Cookie                          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                              Transaction ID
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                                                     |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 2: Format of STUN Message Header

   The most significant two bits of every STUN message are 0b00.  This,
   combined with the magic cookie, aids in differentiating STUN packets
   from other protocols when STUN is multiplexed with other protocols on
   the same port.

   The STUN message types Binding Request, Response, host
   using that IP address and Error Response
   are defined in Section 8 port, and Section 9.1.  The Shared Secret Request,
   Response, whether that remote host can
   reach it.  To figure this out, each host will send a STUN Binding
   Request to the other host, and Error Response are described in Section 12.5.  Their
   values are enumerated in Section 15.

   The message length if a reply is received, it knows that
   the size, remote host was reachable.  Furthermore, the mapped address
   returned in bytes, of the message not
   including response tells the 20 byte STUN header. host the address and port at which
   it can be reached by the remote host.  The magic cookie connectivity check usage
   is a fixed value, 0x2112A442. used by ICE [11], for example.

   In the previous
   version of this specification [13] this field was part of the
   transaction ID.  This fixed value affords easy identification of binding keepalive usage, a
   STUN client sends an application
   protocol message when STUN is multiplexed with other protocols on the
   same port, (such as is done for example in [12] and [15]. a SIP REGISTER message) to a server.  The magic cookie
   additionally indicates
   server notes the STUN client is compliant with this
   specification.  The magic cookie is present in all STUN messages --
   requests, success responses source IP address and error responses.

   The transaction ID is port of the request, and
   remembers it.  Later on, if it needs to reach the client, it sends a 96 bit identifier.  STUN transactions are
   identified
   message to that IP address and port.  However, this message will only
   be received by their unique 96-bit transaction ID.  This transaction
   ID the client if the binding in the NAT is chosen still alive.
   Since bindings allocated by NAT expire unless refreshed, the STUN client and MUST be unique for each new
   must generate keepalive messages towards the server to refresh the
   binding.  Rather than use expensive application layer messages, a
   STUN
   transaction binding request is sent by that STUN client.  Any two requests that are not bit-
   wise identical, the client to the server, and not is sent
   to the same server from the exact same IP address and port, MUST have a different transaction ID.  The
   transaction ID MUST be uniformly and randomly distributed between 0
   and 2**96 - 1.  The large range is needed because port used by the transaction ID
   serves as a form server for the
   application protocol.  In the case of randomization, helping to prevent replays SIP, this would typically mean
   port 5060 or 5061.  This has the effect of
   previously signed responses from keeping the server.

   After bindings in
   the NAT alive.  The STUN header are zero or more attributes.  Each attribute is
   TLV encoded, with a 16 bit type, 16 bit length, binding responses also inform the client
   that the server is still responsive, and variable value:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |         Type                  |            Length             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                             Value                 ....        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 3: Format of STUN Attributes

   The attribute types defined in this specification are in Section 11 .

7.  STUN Transactions

   STUN clients are allowed to pipeline STUN requests.  That is, a STUN also inform the client MAY if
   its IP address and port towards the server have multiple outstanding STUN requests with different
   transaction IDs changed, in which
   case it may need application layer protocol messaging to update its
   IP address and not wait port as seen by the server.  The binding keepalive
   usage is used by the SIP outbound mechanism, for completion of a STUN request/
   response exchange before sending another STUN request.

7.1. example [16].

   These three usages all utilize the same Binding Request Transaction Reliability

   When running STUN over UDP it message, and
   all require the same basic processing on the server.  They differ
   only in where the server is possible that (embedded in a peer host, a standalone
   server in the STUN request network, or
   its response might be dropped by embedded in an application layer server),
   when the network.  Reliability of STUN
   request message types is Binding Request is accomplished through client
   retransmissions.  Clients SHOULD retransmit used, and what the request starting client does with
   an interval of 100ms, doubling every retransmit until the interval
   reaches 1.6 seconds.  Retransmissions continue with intervals
   mapped address that is returned.

   The short-term password usage makes use of 1.6
   seconds until the Shared Secret request
   and response, and allows a response is received, or client to obtain a total temporary set of 9 requests have
   been sent.  If no response is received by 1.6 seconds after
   credentials to authenticate itself with the last
   request has been sent, STUN server.  The
   credentials obtained from this usage can be used in requests for any
   other usage.

   Many of the client SHOULD consider usages (such as the transaction binding keepalive and connectivity
   check usages) require STUN messages to
   have failed.  In other words, requests would be sent at times 0ms,
   100ms, 300ms, 700ms, 1500ms, 3100ms, 4700ms, 6300ms, on the same IP address
   and 7900ms.  At
   9500ms, port as some application protocol, such as RTP or SIP.  To
   facilitate the client considers demultiplexing of the transaction to have failed if no
   response has been received.

   When running two, STUN over TCP, TCP defines a special
   field in the message called the magic cookie, which is responsible for ensuring delivery.
   The a fixed 32 bit
   value that identifies STUN application SHOULD NOT retransmit traffic.  STUN requests when running
   over TCP.

   For STUN requests, failure occurs if there also contain a
   fingerprint, which is a transport failure of
   some sort (generally, due to fatal ICMP errors in UDP or connection
   failures in TCP) or if retransmissions cryptographic hash of the same STUN Request
   doesn't elicit a Response.  If a failure occurs and message, that allow
   for validation that the SRV query
   indicated other message was a STUN servers are available, the client SHOULD create request and not a new request, which is identical data
   packet that happened to have the previous, but has a
   different transaction ID and MESSAGE INTEGRITY attribute (the HMAC
   will change because the transaction ID has changed).  That request is
   sent to same 32 bit value in the next element right place
   in the list as specified by RFC2782.

   The Indication message types are message.

   STUN servers can be discovered through DNS, though this is not sent reliably.

8.  General Client Behavior

   There are two classes
   necessary in all usages.  For those usages where it is needed, STUN
   makes use of client behavior -- one SRV records [3] to facilitate discovery.  This discovery
   allows for the request
   message types different IP addresses and another for the indication message types.

8.1.  Request Message Types

   This section applies ports to client behavior be found for the Request message types
   -- Binding Request and Shared Secret Request.  For Request message
   types, the client must discover the different
   usages.

6.  STUN server's address and port,
   obtain a shared secret, formulate the Request, transmit the request
   reliability, process the Binding Response, and use the information Message Structure

   STUN messages are TLV (type-length-value) encoded using big endian
   (network ordered) binary.  STUN messages are encoded using binary
   fields.  All integer fields are carried in
   the Response.

8.1.1.  Discovery network byte order, that
   is, most significant byte (octet) first.  This byte order is commonly
   known as big-endian.  The transmission order is described in detail
   in Appendix B of RFC791 [2].  Unless stated otherwise by noted, numeric
   constants are in decimal (base 10).  All STUN messages start with a
   single STUN usage, DNS is used to discover the header followed by a STUN server following these procedures. payload.  The client will be configured with payload is a domain name
   series of STUN attributes, the provider set of which depends on the message
   type.  The STUN servers.  This domain name is resolved to an IP address header contains a STUN message type, transaction ID,
   and
   port using the SRV procedures specified in RFC2782 [4]. length.  The
   mechanism for configuring length indicates the STUN client with total length of the domain name to
   look up is STUN
   payload, not in scope including the 20-byte header.

   There are two types of this document.

   The DNS SRV service name is "stun". transactions in STUN - request/response
   transactions, which utilize a request message and a response message,
   and an indication transaction, which utilizes a single indication
   message.  Furthermore, responses are broken into two types - success
   responses and error responses.  The protocol specific message (for example,
   that it is "udp" for
   sending a Binding Requests, Response or "tcp" for sending a Shared Secret
   Requests.  The procedures of RFC 2782 are followed to determine the
   server to contact.  RFC 2782 spells out Request) is encoded
   into the details message type field of how the STUN header.  For a set of
   SRV records are sorted particular
   request message, its success response has a type that is always 0x100
   higher than its own type, and then tried.  However, RFC2782 only states its error response has a type that the client should "try to connect to the (protocol, address,
   service)" without giving any details on what happens in the event of
   failure; those details for STUN are described in Section 8.1.3.

   The default port for STUN requests is 3478, for both TCP
   0x110 higher than its own type.  Extensions defining new requests,
   responses and UDP.
   Administrators SHOULD error responses MUST use this port in their SRV records, but MAY use
   others.  If no SRV records were found, the client performs an A or
   AAAA record lookup of the domain name.  The result will be a list of
   IP addresses, each of which can be contacted at the default port.

8.1.2.  Obtaining a Shared Secret

   As discussed in Section 13, there message type values 0x100 and
   0x110 higher for their success and error responses, respectively.

   STUN Requests are several attacks possible on sent reliably.  STUN systems.  Many of these attacks can run over UDP or TCP.  When
   run over UDP, STUN requests are prevented through integrity
   protection of retransmitted in order to achieve
   reliability.  The transaction ID is used to correlate requests and
   responses.  To provide that integrity,
   STUN makes use of a shared secret between client and server which is
   used as

   An indication message can be sent from the keying material for client to the MESSAGE-INTEGRITY attribute in
   STUN messages.  STUN allows for server, or
   from the shared secret server to the client.  Indication messages can be obtained in
   any way (for example Kerberos [16] sent over
   TCP or ICE [12]).  The shared secret
   MUST UDP.  STUN itself does not provide reliability for these
   messages, though they will be delivered reliably when sent over TCP.
   Indication messages do not have at least 128 bits of randomness.

   When a client is needs to send a Request or an Indication, it associated success response
   message type or associated error response message type.  Indication
   messages can do
   one of three things:

   1.  send be sent from the message without MESSAGE-INTEGRITY, if permitted by server to the client or client to
   server.  The transaction ID is used to distinguish indication
   messages.

   All STUN usage.

   2.  use messages consist of a short term credential, as determined by the STUN usage.  In
       this case, the 20 byte header:

         0                   1                   2                   3
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |0 0|     STUN Request or Message Type     |         Message Length        |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                         Magic Cookie                          |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                 Transaction ID
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                                                        |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 2: Format of STUN Indication would contain the
       USERNAME and MESSAGE-INTEGRITY attributes. Message Header

   The most significant two bits of every STUN message would not
       contain are both zeroes.
   This, combined with the NONCE attribute.  The key for MESSAGE-INTEGRITY is magic cookie and the password.

   3.  use long term credential, as determined by fingerprint attribute,
   aid in differentiating STUN usage.  In this
       case, the packets from other protocols when STUN request contains is
   multiplexed with other protocols on the USERNAME, REALM, same port.

   The STUN message types Binding Request, Response, and MESSAGE-
       INTEGRITY attributes. Error Response
   are defined in Section 8 and Section 9.1.  The request does not contain the NONCE
       attribute. Shared Secret Request,
   Response, and Error Response are described in Section 12.4.  Their
   values are enumerated in Section 15.

   The key for MESSAGE-INTEGRITY message length is MD5(unq(USERNAME-
       value) ":" unq(REALM-value) ":" password).

   Based on the STUN usage, the server does one size, in bytes, of four things:

   1.  The server processes the request and generates message not
   including the 20 byte STUN header.

   The magic cookie is a response.  If fixed value, 0x2112A442.  In the request included previous
   version of this specification [13] this field was part of the MESSAGE-INTEGRITY attribute, the server
       would also include MESSAGE-INTEGRITY in its response.

   2.  The server generates an error response indicating that MESSAGE-
       INTEGRITY with short-term or with long-term credentials are
       required (error 401).  To indicate that short-term credentials
       are required, the REALM attribute MUST NOT be present in the
       error response.  To indicate short-term credentials are required,
       the REALM attribute MOST be present in
   transaction ID.  This fixed value is used as part of the error response.

   3.  The server generates an error response indicating that
   identification of a NONCE
       attribute STUN message when STUN is required (error 435) or that multiplexed with other
   protocols on the supplied NONCE
       attribute's value same port, as is stale (error 437).

   4. done for example in [11] and [16].
   The server generates an error response indicating that magic cookie additionally indicates the short-
       term credentials are no longer valid (error 430).  The client
       will have to obtain new short-term credentials appropriate to its STUN usage.

   In all of the above error responses, the NONCE attribute MAY
   optionally be included in the error response, in which case the client MUST include that NONCE is compliant
   with this specification.  The magic cookie is present in the subsequent all STUN transaction.
   messages -- requests, success responses, error responses and
   indications.

   The NONCE value transaction ID is not stored a 96 bit identifier.  STUN transactions are
   identified by their unique 96-bit transaction ID.  For request/
   response transactions, the STUN client; it transaction ID is only valid
   for chosen by the subsequent STUN transaction
   client and that transactions
   retransmissions. MUST be unique for each new STUN messages transaction generated in order by
   that STUN client.  Any two requests that are not bit-wise identical,
   and not sent to obtain the shared secret are
   formulated like other messages by following Section 8.1.3.

8.1.3.  Formulating the Request Message

   The client follows same server from the syntax rules defined in Section 6 same IP address and the
   transmission rules of Section 7. port,
   MUST have a different transaction ID.  The message type of the transaction ID MUST be a
   request type; "Binding Request" or "Shared Secret Request" are the
   two defined by this document.
   uniformly and randomly distributed between 0 and 2**96 - 1.  The client creates a STUN message following
   large range is needed because the STUN message
   structure described in Section 6.  The client SHOULD add transaction ID serves as a MESSAGE-
   INTEGRITY and USERNAME attribute form of
   randomization, helping to prevent replays of previously signed
   responses from the Request message.

   Once formulated, the client sends the Binding Request.  Reliability
   is accomplished through client retransmissions, following the
   procedure in Section 7.1.

   The client MAY send multiple requests on the connection, and it may
   pipeline requests (that is, it can have multiple requests outstanding
   at the same time).  When using TCP the client SHOULD close the
   connection as soon as it has received server.  A reponse to the STUN Response.

8.1.4.  Processing Responses

   All responses, request, whether it
   be a success responses or error responses, MUST
   first be authenticated by the client.  Authentication is performed by
   first comparing response, carries the Transaction same transaction ID of as
   the response to an oustanding request.  If there  Indications are also identified by their transaction
   ID.  The value is no match, chosen by the client server an MUST discard the response.
   Then the client SHOULD check the response be unique for a MESSAGE-INTEGRITY
   attribute.  If each
   unique indication generated by the server.  Any two requests that are
   not present, bit-wise identical, and not sent to the client placed a MESSAGE-INTEGRITY
   attribute into same server from the associated request, it same
   IP address and port, MUST discard have a different transaction ID.  The
   transaction ID MUST be uniformly and randomly distributed between 0
   and 2**96 - 1.

   After the response.
   If MESSAGE-INTEGRITY STUN header are zero or more attributes.  Each attribute is present,
   TLV encoded, with a 16 bit type, 16 bit length, and variable value.
   Each STUN attribute ends on a 32 bit boundary:

         0                   1                   2                   3
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |         Type                  |            Length             |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                             Value                 ....        |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 3: Format of STUN Attributes

   The Length refers to the client computes length of the HMAC over actual useful content of the response as described
   Value portion of the attribute, measured in Section 11.8.  The key bytes.  Since STUN aligns
   attributes on 32 bit boundaries, attributes whose content is not a
   multiple of 4 bytes are padded with 1, 2 or 3 bytes of padding so
   that they are a multiple of 4 btyes.  Such padding is only needed
   with attributes that take freeform strings, such as USERNAME and
   PASSWORD.  For attributes that contain more structured data, the
   attributes are constructed to use depends align on 32 bit boundaries.  The value
   in the shared secret mechanism.  If Length field refers to the STUN Shared Secret Request was
   used, length of the key MUST be same as used to compute Value part of the MESSAGE-INTEGRITY
   attribute in prior to padding - i.e., the request.

   If useful content.  Consequently,
   when parsing messages, implementations will need to round up the computed HMAC matches the one from the response, processing
   continues.  The response can either be a Binding Response or Binding
   Error Response.

   If the response is an Error Response, the client checks the response
   code from
   Length field to the ERROR-CODE attribute nearest multiple of the response.  For a 400
   response code, the client SHOULD display the reason phrase four in order to find the
   user.  For a 420 response code, the client SHOULD retry
   start of the request, next attribute.

   The attribute types defined in this time omitting any attributes listed specification are in the UNKNOWN-ATTRIBUTES
   attribute Section 11 .

7.  STUN Transactions

   STUN defines two types of the response.  For transactions - request/response
   transactions and indication transactions.

7.1.  Request/Response Transactions

   STUN clients are allowed to pipeline STUN requests.  That is, a 430 response code, the STUN
   client
   SHOULD obtain a new one-time username and password, and retry the
   Allocate Request MAY have multiple outstanding STUN requests with a new transaction.  For 401 different
   transaction IDs and 432 not wait for completion of a STUN request/
   response
   codes, if the client had omitted the USERNAME or MESSAGE-INTEGRITY
   attribute as indicated by the error, exchange before sending another STUN request.

   When running STUN over UDP it SHOULD try again with those
   attributes.  A new one-time username and password is needed in possible that
   case.  For a 431 response code, the client SHOULD alert the user, and
   MAY try the STUN request again after obtaining a new username and
   password.  For a 300 or
   its response code, might be dropped by the network.  Reliability of STUN
   request message types is is accomplished through client
   retransmissions.  Clients SHOULD attempt a new
   transaction to the server indicated in the ALTERNATE-SERVER
   attribute.  For a 500 response code, the client MAY wait several
   seconds and then retry retransmit the request starting with
   an interval of 100ms, doubling every retransmit until the interval
   reaches 1.6 seconds.  Retransmissions continue with intervals of 1.6
   seconds until a new username and password.
   For response is received, or a 600 total of 9 requests have
   been sent.  If no response code, client MUST NOT retry is received by 1.6 seconds after the last
   request and has been sent, the client SHOULD
   display consider the reason phrase transaction to the user.  Unknown response codes
   between 400 and 499 are treated like a 400, unknown response codes
   between 500 and 599 are treated like a 500, and unknown response
   codes between 600 and 699 are treated like a 600.  Any response
   between 100
   have failed.  In other words, requests would be sent at times 0ms,
   100ms, 300ms, 700ms, 1500ms, 3100ms, 4700ms, 6300ms, and 299 MUST result in 7900ms.  At
   9500ms, the cessation of request
   retransmissions, but otherwise is discarded.

   Binding Responses containing unknown optional attributes (greater
   than 0x7FFF) MUST be ignored by client considers the STUN client.  Binding Responses
   containing unknown mandatory attributions (less than or equal transaction to
   0x7FFF) MUST be discarded and considered immediately as a have failed
   transaction.

   It if no
   response has been received.  A STUN transaction over UDP is also possible for an IPv4 host to receive
   considered failed if there has been a XOR-MAPPED-ADDRESS
   or MAPPED-ADDRESS containing an IPv6 address, or for an IPv6 host to
   receive transport failure of some sort,
   such as a XOR-MAPPED-ADDRESS or MAPPED-ADDRESS containing an IPv4
   address.  Clients MUST be prepared for this case.

8.1.5.  Using the Mapped Address

   This section applies to the Binding Response message type. fatal ICMP error.

   When running STUN over TCP, TCP is responsible for ensuring delivery.
   The
   Binding Response message type always includes either the MAPPED-
   ADDRESS attribute or STUN application SHOULD NOT retransmit STUN requests when running
   over TCP.  If the XOR-MAPPED-ADDRESS attribute, depending on client has not received a response after 9500ms, it
   considers the presence transaction to have failed.

   Regardless of whether TCP or UDP was used for the magic cookie in the corresponding Binding
   Request.

   The mapped address present in transaction, if a
   failure occurs and the binding response client has other servers it can be used by
   clients to facilitate traversal reach (as a
   consequence of NATs for many applications.  NAT
   traversal is problematic for applications an SRV query which require provides a multiplicity of STUN
   servers Section 8.1, for example), the client to
   insert an IP address and port into SHOULD create a message, to new
   request, which subsequent
   messages will be delivered by other entities in is identical to the previous, but has a network.  Normally, different
   transaction ID (and consequently a different MESSAGE INTEGRITY and
   FINGERPRINT attribute).

7.2.  Indications

   Indications are sent from the client would insert to the IP address and port server, or from a local
   interface into the message.  However, if
   server to the client client.  Though no indications are used by this
   specification, they are used by the STUN relay usage [14].  When sent
   over UDP, there are no retransmissions, and reliability is behind not
   provided.  When sent over TCP, reliability is provided by TCP.

   If a NAT,
   this local interface will be data indication solicits a private address.  Clients within other
   address realms will not be able to send messages to that address.

   An example of fatal ICMP error, or causes a such an application TCP
   error, the transaction is SIP, which requires considered to have failed.  In such a case,
   the client SHOULD create a new transaction, which is identical to include IP address the
   previous, but has a different transaction ID (and consequently a
   different MESSAGE INTEGRITY and port information FINGERPRINT attribute).  That request
   is sent to the next element in several places,
   including the Session Description Protocol (SDP [19]) body carried list as specified by
   SIP. RFC2782.

8.  Client Behavior

   Client behavior can be broken down into several steps.  The IP address and port present in the SDP first is used for receipt
   discovery of media.

   To use the STUN as server.  The next is obtaining a technique for traversal of SIP shared secret.
   For request/response transactions, the next steps are formulating the
   request and other protocols,
   when processing the client wishes to send a protocol message, it figures out response.  For indication transactions,
   the
   places in next step is formulating the protocol data unit where it indication.

8.1.  Discovery

   Unless stated otherwise by a STUN usage, DNS is supposed used to insert its
   own IP address along with a port.  Instead of directly using a port
   allocated from a local interface, discover the
   STUN server following these procedures.

   The client allocates will be configured with a port from domain name of the local interface, and from that port, initiates provider of
   the STUN
   procedures described above.  The mapped address in the Binding
   Response (XOR-MAPPED-ADDRESS or MAPPED- ADDRESS) provides the client
   with servers.  This domain name is resolved to an alternative IP address and
   port which it can then include using the SRV procedures specified in RFC2782 [3].  The
   mechanism for configuring the protocol payload.  This IP address and port may be within a
   different address family than the local interfaces used by the
   client.  This is not an error condition.  In such a case, the client
   would use the learned IP address and port as if the STUN client was a host with an interface within that address family.

   In the case of SIP, domain name to populate the SDP appropriately, a client would
   generate two STUN Binding Request messages at the time a call is
   initiated or answered.  One
   look up is used to obtain the IP address and port
   for RTP, and the other, for the Real Time Control Protocol
   (RTCP)[14].  The client might also need to use STUN to obtain IP
   addresses and ports for usage not in other parts of the SIP message.  The
   detailed usage of STUN to facilitate SIP NAT traversal is outside the scope of this specification.

   As discussed above, the addresses learned by STUN may not be usable
   with all entities with whom a client might wish to communicate. document.

   The
   way in which this problem is handled DNS SRV service name depends on the application
   protocol.  The ideal solution usage.  For the
   binding usage, the service name is for a "stun".  The protocol to allow a client to
   include a multiplicity of addresses and ports in the PDU.  One of
   those can be the address and port determined from STUN, "udp"
   for UDP, "tcp" for TCP and "tls" for TLS over TCP.  For the
   others can include addresses and ports learned from other techniques.
   The short
   term password application usage, the service name is "stun-pass".
   The protocol would then provide a means is always "tls" for dynamically
   detecting which one works.  An example of such an TLS over TCP.  The binding keepalive
   and connectivity check usages always start with an approach is
   Interactive Connectivity Establishment (ICE [12]).

8.2.  Indication Message Types

   This section applies to client behavior IP address, so no
   DNS SRV service names are defined for the Indication message
   types.

8.2.1.  Formulating the Indication Message them.  New STUN usages MAY
   define additional DNS SRV service names.  These SHOULD start with
   "stun".

   The client follows procedures of RFC 2782 are followed to determine the syntax rules defined in Section 6 and server to
   contact.  RFC 2782 spells out the
   transmission rules details of Section 7.  The message type MUST be one how a set of the
   Indication message types; none SRV records
   are defined by this document.

   The sorted and then tried.  However, RFC2782 only states that the
   client creates a STUN message following should "try to connect to the (protocol, address, service)"
   without giving any details on what happens in the event of failure;
   those details for STUN message
   structure are described in Section 6.  The client SHOULD add a MESSAGE-
   INTEGRITY and USERNAME attribute to the Request message.

   Once formulated, 8.3.1.

   A STUN server supporting multiple usages (such as the client sends short term
   password and binding discovery usage) MAY use the Indication message.  Indication
   message types same ports for
   different usages, as long as ports are not sent reliably, do not elicit a response from needed to differentiate
   the server, and usages.  Different ports are not retransmitted.

   The client MAY send multiple indications on the connection, and it
   may pipeline indication messages.  When using TCP needed to differentiate the client
   usages defined in this specification.  Different ports SHOULD
   close the be used
   for TCP connection as soon as it has transmitted and TCP/TLS, so that the indication
   message.

9.  General Server Behavior

9.1.  Request Message Types

   The server behavior for receiving request can determine whether the
   first message types it will receive after the TCP connection is described
   in set up is a
   STUN message or a TLS message.

   The default port for STUN requests is 3478, for both TCP and UDP.
   There is no default port for STUN over TLS.  Administrators SHOULD
   use this section.

9.1.1.  Receive Request Message port in their SRV records for UDP and TCP, but MAY use
   others.  If no SRV records were found, the client performs an A STUN server MUST or
   AAAA record lookup of the domain name.  The result will be prepared a list of
   IP addresses, each of which can be contacted at the default port
   using UDP or TCP, independent of the STUN usage.  For usages that
   require TLS, such as the short term password usage, lack of SRV
   records is equivalent to receive Request and Indication
   messages on a failure of the IP transaction, since the
   request or indication MUST NOT be sent unless SRV records provided an
   address and UDP or TCP port specifically for TLS.

8.2.  Obtaining a Shared Secret

   As discussed in Section 13, there are several attacks possible on
   STUN systems.  Many of these attacks are prevented through integrity
   protection of requests and responses.  To provide that will be
   discovered by the integrity,
   STUN makes use of a shared secret between client when and server which is
   used as the keying material for the MESSAGE-INTEGRITY attribute in
   STUN client follows its
   discovery procedures described messages.  STUN allows for the shared secret to be obtained in Section 8.1.1.  Depending
   any way.  The application usage defines the mechanism and required
   implementation strength for shared secrets.

   Some usages, such as the connectivity check usage, assume that out of
   band protocols, such as ICE, are used to obtain the necessary
   credentials.  Other usages, such as binding keepalives, don't use
   authentication, as it is not required.  Others, such as the binding
   discovery, allows for authentication using either a long term shared
   secret or a short term shared secret.  The latter can be obtained by
   using the short term password usage to obtain a short term shared
   secret.

   Consequently, the STUN usages define rules for obtaining shared
   secrets prior to sending a request.

8.3.  Request/Response Transactions

8.3.1.  Formulating the Request Message

   The client follows the syntax rules defined in Section 6 and the
   transmission rules of Section 7.  The message type of the MUST be a
   request type; "Binding Request" or "Shared Secret Request" are the
   two defined by this document.

   The client creates a STUN message following the STUN message
   structure described in Section 6.  The client SHOULD add a MESSAGE-
   INTEGRITY and USERNAME attribute to the Request message if the usage
   employs authentication.  The specific credentials to use are
   described by the STUN usage, which can specify no credentials, a
   short term credential, or a long term credential.  The procedures for
   each are:

   1.  If the STUN usage specifies that no credentials are used, the
       message is sent without MESSAGE-INTEGRITY

   2.  If a short term credential is to be used, the STUN Request or
       STUN Indication would contain the USERNAME and MESSAGE-INTEGRITY
       attributes.  The message would not contain the NONCE attribute.
       The key for MESSAGE-INTEGRITY is the password.

   3.  If a long term credential is to be used, the STUN request
       contains the USERNAME, REALM, and MESSAGE-INTEGRITY attributes.
       The 16-byte key for MESSAGE-INTEGRITY HMAC is formed by taking
       the MD5 hash of the result of concatenating the following five
       fields: (1) The username, with any quotes and trailing nulls
       removed, (2) A single colon, (3) The realm, with any quotes and
       trailing nulls removed, (4) A single colon, and (5) The password,
       with any trailing nulls removed.  For example, if the USERNAME
       field were 'user', the REALM field were '"realm"', and the
       PASSWORD field were 'pass', then the 16-byte HMAC key would be
       the result of performing an MD5 hash on the string 'user:realm:
       pass', or 0x8493fbc53ba582fb4c044c456bdc40eb.

      This format for the key was chosen so as to enable a common
      authentication database for SIP, which uses digest authentication
      as defined in RFC 2617 [7] and STUN, as it is expected that
      credentials are usually stored in their hashed forms.

   The NONCE is included in the request only if a short or long term
   credential is being used, and only if the STUN request is a retry as
   a consequence of a previous error response which provided the client
   with a NONCE.

   For TCP and TLS-over-TCP, the client opens a TCP connection to the
   server.  The TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite MUST be
   supported at a minimum by implementers when TLS is used with STUN.
   Implementers MAY also support any other ciphersuite.  When it
   receives the TLS Certificate message, the client SHOULD verify the
   certificate and inspect the site identified by the certificate.  If
   the certificate is invalid, revoked, or if it does not identify the
   appropriate party, the client MUST NOT send the STUN message or
   otherwise proceed with the STUN transaction.  The client MUST verify
   the identity of the server.  To do that, it follows the
   identification procedures defined in Section 3.1 of RFC 2818 [4].
   Those procedures assume the client is dereferencing a URI.  For
   purposes of usage with this specification, the client treats the
   domain name or IP address used in Section 8.1as the host portion of
   the URI that has been dereferenced.  If DNS was not used, the client
   MUST be configured with a set of authorized domains whose
   certificates will be accepted.

   The client MUST include a FINGERPRINT attribute as the last
   attribute.

   Next, the client sends the request.  For UDP-based requests,
   reliability is accomplished through client retransmissions, following
   the procedure in Section 7.1.  For TCP (including TLS over TCP),
   there are no retransmissions.

   For TCP and TLS over TCP, the client MAY send multiple requests on
   the connection, and it MAY pipeline requests (that is, it can have
   multiple requests outstanding at the same time).  When using TCP or
   TLS over TCP, the client SHOULD close the connection as soon as it
   has received the STUN Response, if it has no plans to send further
   requests.

8.3.2.  Processing Responses

   All responses, whether success responses or error responses, MUST
   first be authenticated by the client.  Authentication is performed by
   first comparing the Transaction ID of the response to an oustanding
   request.  If there is no match, the client MUST discard the response.
   Then the client SHOULD check the response for a MESSAGE-INTEGRITY
   attribute.  If not present, and the client placed a MESSAGE-INTEGRITY
   attribute into the associated request, it MUST discard the response.
   If MESSAGE-INTEGRITY is present, the client computes the HMAC over
   the response as described in Section 11.4.  The key that is used MUST
   be same as used to compute the MESSAGE-INTEGRITY attribute in the
   request.

   If the computed HMAC matches the one from the response, processing
   continues.

   If the response is an Error Response, the client checks the response
   code from the ERROR-CODE attribute of the response.  For a 400
   response code, the client SHOULD display the reason phrase to the
   user.  For a 420 response code, the client SHOULD retry the request,
   this time omitting any attributes listed in the UNKNOWN-ATTRIBUTES
   attribute of the response.

   If the client receives a 401 response and had not included a MESSAGE-
   INTEGRITY attribute in the request, it is an indication from the
   server that credentials are required.  If the REALM attribute was
   present in the response, it is a signal to the client to use a long
   term shared secret and retry the request.  The client SHOULD retry
   the request, using the username and password associated with the
   REALM.  If the server had provided a nonce in the 401 response, the
   client SHOULD include the same nonce in the retry.  If the REALM
   attribute was absent in the resposne, it is a signal to the client to
   use a short term shared secret and retry the request.  If the client
   doesn't have a short term shared secret, it SHOULD use the Shared
   Secret request to obtain one, and then retry the request with the
   username and password obtained as a result.  If the 401 response had
   contained a NONCE attribute, that same nonce is included in the
   retry.

   If the client receives a 401 response but had included a MESSAGE-
   INTEGRITY attribute in the request, there has been an unrecoverable
   error.  This shouldn't ever happen, but if it does, the client SHOULD
   NOT retry the request.

   If the client receives a 432 response, and the client had omitted the
   USERNAME from the request but included a MESSAGE-INTEGRITY, the
   client SHOULD retry the request and include both MESSAGE-INTEGRITY
   and USERNAME.  If the 432 response had contained a NONCE attribute,
   that same nonce is included in the retry.  If the client receives a
   432 but had included both MESSAGE-INTEGRITY and USERNAME in the
   request, there has been an unrecoverable error.  This shouldn't ever
   happen, but if it does, the client SHOULD NOT retry the request.

   If the client receives a 435 response, but had included a NONCE in
   the request, an unrecoverable error has occurred and the client
   SHOULD NOT retry.  However, if it had omitted the NONCE in the
   request and received a 435, or it had included the NONCE but received
   a 438, it is a request from the server to retry using the same
   credential, but with a different nonce.  The client SHOULD retry the
   request, using the nonce provided in the NONCE attribute of the 435
   or 438 response.

   If the client receives a 430 response, it means that the client used
   a short term credential which has expired.  If the client had
   submitted the request using a short term credential obtained from a
   Shared Secret request, the client SHOULD generate a new Shared Secret
   request to obtain a new short term credential, and then retry the
   request with that credential.  Note that the Shared Secret request
   may or may not go to the same server which generated the 430
   response; the server that receives the Shared Secret request is
   determined by the DNS procedures defined above.  If a 430 response
   was received and the client had used a short term credential provided
   through some other means, the client SHOULD obtain a new short term
   credential using that mechanism.  If the client had not used a short
   term credential in the request, the 430 error is unrecoverable and
   the request SHOULD NOT be retried.  If the 430 response had contained
   a NONCE attribute, that same nonce is included in the retry.

   For a 431 response code, the client SHOULD alert the user, and if a
   short term credential obtained from a Shared Secret request had been
   used previously, the client MAY try the request again after obtaining
   a new short term username and password.  If the 431 response had
   contained a NONCE attribute, that same nonce is included in the
   retry.

   If the client receives a 433 response, and the request was a Shared
   Secret request which was not sent over TLS, the client SHOULD retry
   the request, and MUST send it using TLS.  If this response is
   received to any other request except for a Shared Secret request, or
   if the client had sent the Shared Secret request over TLS, it is an
   unrecoverable error and the client SHOULD NOT retry.  As with other
   error responses, the 433 can contain a NONCE, and if present, that
   nonce is used in the request retry.

   If the client receives a 434 response, and had omitted the REALM in
   the request, but had included MESSAGE-INTEGRITY, it is an indication
   that, though a short-term credential was used for the request, the
   server desires the client to use a long term credential.  The client
   SHOULD retry the request using the username and password associated
   with the REALM.  As with other error responses, the 434 can contain a
   NONCE, and if present, that nonce is used in the request retry.  If
   the 434 was received but the request had contained a REALM, and the
   REALM in the response differs from the REALM in the request, the
   client SHOULD retry using the username and password associated with
   the REALM in the response.  If the REALMS were equal, this is an
   unrecoverable error and the client SHOULD NOT retry.

   It the client receives a 436 response, it means that the username it
   provided in the request is unknown.  For usages where the username
   was collectedd from the user, the client SHOULD alert the user.  The
   client SHOULD NOT retry with the same username.

   For error responses which can contain a NONCE, the client includes
   the NONCE in a subsequent retry as discussed above.  Furthermore, the
   client SHOULD cache the nonce, and continue using it in subsequent
   requests sent to the same server, identified by IP address and port.

   For a 300 response code, the client SHOULD attempt a new transaction
   to the server indicated in the ALTERNATE-SERVER attribute.  This is
   useful for load balancing requests across a STUN server cluster, when
   those requests require some amount of resources to process.  Though
   this specification allows the 300 response to be applied to Binding
   Requests, it is generally not useful to do so, since the work of
   redirecting a Binding Request is equal to, if not more than, the work
   of just processing the Binding Request.  Consequently, the 300
   response code is targeted for other usages of STUN, such as the relay
   usage [14].

   For a 500 response code, the client MAY wait several seconds and then
   retry the request on the same server.  Or, if the server was learned
   through DNS SRV records, the client MAY try the request on a
   different server.  The same username and password MAY be used.  For a
   600 response code, client MUST NOT retry the request on this server,
   or if the server was learned through DNS, any other server found
   through the DNS resolution procedures.  Unknown response codes
   between 400 and 499 are treated like a 400, unknown response codes
   between 500 and 599 are treated like a 500, and unknown response
   codes between 600 and 699 are treated like a 600.  Any response
   between 100 and 299 MUST result in the cessation of request
   retransmissions, but otherwise is discarded.

   Responses containing unknown optional attributes (greater than
   0x7FFF) MUST be ignored by the STUN client.  Responses containing
   unknown mandatory attributions (less than or equal to 0x7FFF) MUST be
   discarded and considered immediately as a failed transaction.

   It is also possible for an IPv4 host to receive a XOR-MAPPED-ADDRESS
   or MAPPED-ADDRESS containing an IPv6 address, or for an IPv6 host to
   receive a XOR-MAPPED-ADDRESS or MAPPED-ADDRESS containing an IPv4
   address.  Clients MUST be prepared for this case.

   The processing of other attributes in the response, such as the
   mapped address (present in the XOR-MAPPED-ADDRESS attribute or
   MAPPED-ADDRESS attribute) depends on the STUN usage.

8.4.  Indication Transactions

   This section applies to client and server behavior for sending an
   Indication message.

   The client or server follows the syntax rules defined in Section 6
   and the transmission rules of Section 7.  The message type MUST be
   one of the Indication message types; none are defined by this
   document.

   Indication messages cannot be challenged or rejected.  Consequently,
   they cannot be authenticated using long term credentials.  If a STUN
   usage specifies that authentication is needed for an indication
   message, it can only be done using a short term credential.  In that
   case, the client or server MUST add a MESSAGE-INTEGRITY and USERNAME
   attribute to the Request message.  The key for MESSAGE-INTEGRITY is
   the password.

   The client or server MUST include a FINGERPRINT attribute as the last
   attribute of any Indication message.

   Typically, indication messages are sent to the same IP address and
   port, or over the same TCP connections as a previous request message.
   However, a usage can specify that indication messages are sent based
   on a DNS query, in which case the discovery procedures in Section 8.1
   are followed, along with the TCP/TLS connection establishment
   procedures defined in Section 8.3.1.

   Indication message types are not sent reliably, do not elicit a
   response from the server, and are not retransmitted.

   For TCP and TLS over TCP, the client or server MAY send multiple
   indications on the connection.  By definition, since indications to
   not generate a response, they can be pipelined on the connection.
   For clients, the connection is closed once it determines it has no
   further messages to send to the server.  Servers do not normally
   close TCP connections.

9.  Server Behavior

   As with clients, server behavior depends on whether it is a request/
   response transaction or indication.

9.1.  Request/Response Transactions

   The server behavior for receiving request message types is described
   in this section.

9.1.1.  Receive Request Message

   A STUN server MUST be prepared to receive request messages on the IP
   address and UDP or TCP port that will be discovered by the STUN
   client when the STUN client follows its discovery procedures
   described in Section 8.1.  Depending on the usage, the STUN server
   will listen for incoming UDP STUN messages, incoming TCP STUN
   messages, or incoming TLS exchanges followed by TCP STUN messages.

   When a STUN request is received, the server determines the usage.
   The usages describe how the STUN server makes this determination.

   Based on the usage, the server determines whether the request
   requires any authentication and message integrity checks.  It can
   require none, short-term credential based authentication, or long-
   term credential authentication.

   If authentication is required, the server checks for the presence of
   the MESSAGE-INTEGRITY attribute.  If not present, the server
   generates an error response with an ERROR-CODE attribute and a
   response code of 401.  If the server wishes the client to use a short
   term credential, the REALM is omitted from the response.  If the
   server wishes the client to use a long term credential, the REALM is
   included in the response containing a realm from which the username
   and password are scoped [7].  When the REALM is present in the
   response, the server MUST include a NONCE attribute in the response.
   The nonce includes a random value that the server wishes the client
   to reflect back in a subsequent request (and therefore include in the
   message integrity computation).  When the REALM is absent in the
   response, the server MAY include a NONCE in the response if it wishes
   to use nonces along with short-term shared secrets.  However, there
   is little reason to do so, since the short-term password is, by
   definition, short-term, and thus additional temporal scoping through
   the nonce is not needed.

   If the MESSAGE-INTEGRITY attribute was present, the server checks for
   the existence of the USERNAME attribute.  If it was not present, the
   server MUST generate an error response.  The error response MUST
   include an ERROR-CODE attribute with a response code of 432.  If the
   server is using a long term credential for authentication, the
   response MUST include a REALM and a NONCE.  If the server is using a
   short-term credential, it MUST NOT include a REALM in the response
   and MAY include a NONCE.

   If the server is using long term credentials for authentication, and
   the request contained the MESSAGE-INTEGRITY and USERNAME attributes,
   the server checks for the existence of the REALM attribute.  If the
   attribute is not present, the server MUST generate an error response.

   That error response MUST include an ERROR-CODE attribute with
   response code of 434.  That error response MUST also include a NONCE
   and a REALM attribute.

   If the REALM attribute was present and the server is using a long
   term credential for authentication, the server checks for the
   existence of the NONCE attribute.  If the NONCE attribute is not
   present, the server MUST generate an error response.  That error
   response MUST include an ERROR-CODE attribute with a response code of
   435.  That error response MUST include a NONCE attribute and a REALM
   attribute.  If the NONCE was absent and the server is authenticating
   with short term credentials, the server MAY generate an error
   response with an ERROR-CODE attribute with a response code of 435.
   This response MUST included a NONCE.  If the NONCE was present in the
   request, but the server has determined it is stale, the server MUST
   generate an error response with an ERROR-CODE attribute with a
   response code of 438.

   Next, if the server is authenticating the request, it checks for the
   presence of the USERNAME attribute.  If absent, the server generates
   an error response with an ERROR-CDE attribute with a response code of
   432.  If the server is authenticating using long term credentials, it
   MUST include a REALM and NONCE in the response.  If the server is
   authenticating with short term credentials, it MUST NOT include a
   REALM and MAY include a NONCE.

   If the server is authenticating the request with a short term
   credential, it checks the value of the USERNAME field.  If the
   USERNAME was previously valid but has expired, the server generates
   an error response with an ERROR-CODE attribute with a response code
   of 430.  This error response MAY include a NONCE.  If the server is
   authenticating with either short or long term credentials, it
   determines whether the USERNAME contains a known entity, and in the
   case of a long-term credential, known within the realm of the REALM
   attribute of the request.  If the USERNAME is unknown, the server
   generates an error response with an ERROR-CODE attribute with a
   response code of 436.  For authentication using long-term
   credentials, that error response MUST include a NONCE attribute and a
   REALM attribute.  For authentication using short-term credentials, it
   MAY include a NONCE but MUST NOT include a REALM.

   At this point, if the server is doing authentication, the request
   contains everything needed for that purpose.  The server computes the
   HMAC over the request as described in Section 11.4.  The key depends
   on the credential.  For short-term credentials, it equals the
   password associated with the username.  For long term credentials, it
   is computed as described in Section 8.3.1.

   If the computed HMAC differs from the one from the MESSAGE-INTEGRITY
   attribute in the request, the server MUST generate an error response
   with an ERROR-CODE attribute with a response code of 431.  If long
   term credentials are being used for authentication, this response
   MUST include a NONCE attribute and a REALM attribute.  If short term
   credentials are being used, it MAY include a NONCE and MUST NOT
   include a REALM.

   At this point, the request has been authentication checked and
   integrity verified.

   Next, the server MUST check for any mantadory attributes in the
   request (values less than or equal to 0x7fff) which it does not
   understand.  If it encounters any, the server MUST generate an error
   response, and it MUST include an ERROR-CODE attribute with a 420
   response code.  Any attributes that are known, but are not supposed
   to be present in a message (MAPPED-ADDRESS in a request, for example)
   MUST be ignored.

9.1.2.  Constructing the Response

   To construct the STUN Response the STUN server follows the message
   structure described in Section 6.  The server then copies the
   Transaction ID from the Request to the Response.  If the STUN
   response is a success response, the STUN server adds 0x100 to the
   Message Type of the request.  If the STUN response is a success
   response, the STUN server adds 0x110 to the Message Type of the
   request.

   The attributes that get added to the response depend on the type of
   response.  See Figure 4 for a summary.

   If the response is a type which can carry either MAPPED-ADDRESS or
   XOR-MAPPED-ADDRESS (the Binding Response as defined in this
   specification meets that criteria), the server examines the magic
   cookie in the STUN header.  If it has the value 0x2112A442, it
   indicates that the client supports this version of the specification.
   The server MUST insert a XOR-MAPPED-ADDRESS into the response,
   carrying the exclusive-or of the source IP address and port from the
   request.  If the magic cookie did not have this value, it indicates
   that the client supports the previous version of this specification.
   The server MUST insert a MAPPED-ADDRESS attribute into the response,
   carrying the souce IP address and port from the request.  Insertion
   of either XOR-MAPPED-ADDRESS or MAPPED-ADDRESS happens regardless of
   the transport protocol used for the request.

   XOR-MAPPED-ADDRESS and MAPPED-ADDRESS differ only in their encoding
   of the IP address and port.  The former, as implied by the name,
   encodes the IP address and port by exclusive-or'ing them with the
   magic cookie.  The latter encodes them directly in binary.  RFC 3489
   originally specified only MAPPED-ADDRESS.  However, deployment
   experience found that some NATs rewrite the 32-bit binary payloads
   containing the NAT's public IP address, such as STUN's MAPPED-ADDRESS
   attribute, in the well-meaning but misguided attempt at providing a
   generic ALG function.  Such behavior interferes with the operation of
   STUN and also causes failure of STUN's message integrity checking.

   The server SHOULD include a SERVER attribute in all responses,
   indicating the identity of the server generating the response.  This
   is useful for diagnostic purposes.

   The server MUST include a FINGERPRINT attribute as the last attribute
   of any Indication message.

   In cases where the server cannot handle the request, due to
   exhaustion of resources, the server MAY generate a 300 response with
   an ALTERNATE-SERVER attribute.  This attribute identifies an
   alternate server which can service the requests.  It is not expected
   that 300 responses or this attribute would be used by the requests
   defined in this specification.

9.1.3.  Sending the Response

   All UDP response messages are sent to the IP address and port the
   associated Binding Request came from, and sent from the IP address
   and port the Binding Request was sent to.  All TCP or TLS over TCP
   responses messages are sent on the TCP connections that the request
   arrived on.

9.2.  Indication Transactions

   Indication messages cause the server to change its state.  Indication
   message types to not cause the server to send a response message.

   A STUN server MUST be prepared to receive indication messages on the
   IP address and UDP or TCP port that will be discovered by the STUN
   client when the STUN client follows its discovery procedures
   described in Section 8.1.  Depending on the usage, the STUN server
   will listen for incoming UDP STUN messages, incoming TCP STUN
   messages, or incoming TLS exchanges followed by TCP STUN messages.

   When a STUN indication is received, the server determines the usage.
   The usages describe how the STUN server makes this determination.

   Based on the usage, the server determines whether the indication
   requires any authentication and message integrity checks.  It can
   require none or short-term credential based authentication.  If
   short-term credentials are utilized, the server follows the same
   procedures as defined in Section 9.1.1, but if those procedures
   require transmission of an error response, the server MUST instead
   silently discard the indication.

   Once authenticated (if authentication was in use), the processing of
   the indication message depends on the message type.  This
   specification doesn't define any indication messages.

10.  Demultiplexing of STUN and Application Traffic

   In both the connectivity check and binding refresh usages, STUN
   traffic is multiplexed on the same IP address and port as application
   traffic, such as RTP.  In order to apply the processing described in
   this specification, STUN messages must first be separated from the
   application packets.  This disambiguation is done identically for
   requests and responses of all types.

   First, all STUN messages start with two bits equal to zero.  If STUN
   is being multiplexed with application traffic where it is known that
   the topmost two bits are never zeroes, the presence of these two
   zeroes signals STUN traffic.

   If this mechanism doesn't suffice, the magic cookie can be used.  All
   STUN messages have the value 0x2112A442 as the second 32 bit word.
   If the application traffic can not have this value as the second 32
   bit word, then any packets with this value are STUN packets.  Even if
   the application packet can have this value (for example, in cases
   where the application packets contain random binary data), there is
   only a one in 2^32 chance that an application packet will have a
   value of 0x2112A442 in its second 32 bit word.  If this probability
   is deemed sufficiently small for the application at hand (for
   example, it is considered adequate for Voice over IP applications),
   then any packet with this value in its second 32 bit word is
   processed as a STUN packet.

   However, a mis-classification of 1 in 2^32 may still be too high for
   some usages of STUN.  Consequently, all STUN messages contain a
   FINGERPRINT attribute.  This is a cryptographic hash over the
   message, covering everything prior to the attribute.  This attribute
   is different from MESSAGE-INTEGRITY.  The latter uses a keyed HMAC,
   and thus requires a shared secret.  FINGERPRINT does not use a
   password, and can be computed just by examining the STUN message.
   Thus, if a packet appears to be a STUN message because it has a value
   of 0x2112A442 in its second 32 bit word, a client or server then
   assumes the message is a STUN message, and computes the value for the
   fingerprint.  It then looks for the FINGERPRINT attribute in the
   message, and if the value equals the computed value, the message is
   considered to be a STUN message.  If not, it is considered to be an
   application packet

11.  STUN Attributes

   To allow future revisions of this specification to add new attributes
   if needed, the attribute space is divided into optional and mandatory
   ones.  Attributes with values greater than 0x7fff are optional, which
   means that the message can be processed by the client or server even
   though the attribute is not understood.  Attributes with values less
   than or equal to 0x7fff are mandatory to understand, which means that
   the client or server cannot successfully process the message unless
   it understands the attribute.

   The values of the message attributes are enumerated in Section 15.

   The following figure indicates which attributes are present in which
   messages.  An M indicates that inclusion of the attribute in the
   message is mandatory, O means its optional, C means it's conditional
   based on some other aspect of the message, and - means that the
   attribute is not applicable to that message type.

                                                   Error
              Attribute         Request  Response Response Indication
              _______________________________________________________
              MAPPED-ADDRESS       -        C         -       -
              USERNAME             O        -         -       O
              PASSWORD             -        C         -       -
              MESSAGE-INTEGRITY    O        O         O       O
              ERROR-CODE           -        -         M       -
              ALTERNATE-SERVER     -        -         C       -
              REALM                C        -         C       -
              NONCE                C        -         C       -
              UNKNOWN-ATTRIBUTES   -        -         C       -
              XOR-MAPPED-ADDRESS   -        C         -       -
              SERVER               -        O         O       O
              REFRESH-INTERVAL     -        O         -       -
              FINGERPRINT          M        M         M       M

   Figure 4: Mandatory Attributes and Message Types

11.1.  MAPPED-ADDRESS

   The MAPPED-ADDRESS attribute indicates the mapped IP address and
   port.  It consists of an eight bit address family, and a sixteen bit
   port, followed by a fixed length value representing the IP address.
   If the address family is IPv4, the address is 32 bits.  If the
   address family is IPv6, the address is 128 bits.

   The format of the MAPPED-ADDRESS attribute is:

         0                   1                   2                   3
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |x x x x x x x x|    Family     |           Port                |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                   Address  (variable)
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 5: Format of MAPPED-ADDRESS attribute

   The address family can take on the
   usage, the STUN server will listen for incoming UDP STUN messages,
   incoming TCP STUN messages, or incoming TLS exchanges followed by TCP
   STUN messages. following values:

   0x01:IPv4
   0x02:IPv6

   The usages describe how port is a network byte ordered representation of the STUN server determines port the usage.
   request arrived from.

   The server checks first 8 bits of the request MAPPED-ADDRESS are ignored for a MESSAGE-INTEGRITY attribute.  If
   not present, the server generates an error response with an ERROR-
   CODE attribute and a response code purposes
   of 401.  That error response MUST
   include a NONCE attribute, containing a nonce that the server wishes aligning parameters on natural 32 bit boundaries.

11.2.  USERNAME

   The USERNAME attribute is used for message integrity.  It identifies
   the client to reflect back in a subsequent request (and therefore
   include shared secret used in the message integrity computation).  The error response
   MUST include a REALM attribute, containing a realm from which check.  Consequently,
   the
   username and password are scoped [8].

   If USERNAME MUST be included in any request that contains the
   MESSAGE-INTEGRITY attribute was present, the server checks for
   the existence of the REALM attribute.  If the attribute

   The USERNAME is not
   present, the server MUST generate an error response.  That error
   response MUST include an ERROR-CODE attribute with response code of
   434.  That error response MUST also include a NONCE and always present in a REALM
   attribute.

   If the REALM attribute was present, the server checks for Shared Secret Response,
   along with the
   existence PASSWORD, which informs a client of the NONCE attribute.  If the NONCE attribute is not
   present, the server MUST generate an error response.  That error
   response MUST include an ERROR-CODE attribute with a response code short term
   password.

   The value of
   435.  That error response MUST include USERNAME is a NONCE attribute and variable length opaque value.  Note that,
   as described above, if the USERNAME is not a REALM
   attribute.

   If multiple of four bytes
   it is padded for encoding into the NONCE attribute was present, STUN message, in which case the server checks for
   attribute length represents the
   existence length of the USERNAME attribute. prior to
   padding.

11.3.  PASSWORD

   If it was not present, the
   server MUST generate an error response.  The error response message type is Shared Secret Response it MUST include an ERROR-CODE attribute with a response code the
   PASSWORD attribute.

   The value of 432.  It MUST
   include a NONCE attribute and PASSWORD is a REALM attribute.

   If the USERNAME attribute was present, variable length opaque value.  The
   password returned in the server computes Shared Secret Response is used as the HMAC
   over
   in the request MESSAGE-INTEGRITY attribute of a subsequent STUN transaction.
   Note that, as described in Section 11.8.  The key is computed
   as MD5(unq(USERNAME-value) ":" unq(REALM-value) ":" password), where above, if the password USERNAME is not a multiple of
   four bytes it is padded for encoding into the password associated with the username and realm
   provided STUN message, in which
   case the request.  If attribute length represents the server does not have a record for
   that username within that realm, length of the server generates an error
   response.  That error response MUST include an ERROR-CODE USERNAME prior
   to padding.

11.4.  MESSAGE-INTEGRITY

   The MESSAGE-INTEGRITY attribute
   with a response code contains an HMAC-SHA1 [8] of 436.  That error response MUST include a
   NONCE the STUN
   message.  The MESSAGE-INTEGRITY attribute and a REALM attribute.

      This format for can be present in any STUN
   message type.  Since it uses the key was chosen so SHA1 hash, the HMAC will be 20
   bytes.  The text used as input to enable a common
      authentication database for SIP and STUN, as it HMAC is expected that
      credentials are usually stored in their hashed forms.

   If the computed HMAC differs from STUN message, including
   the one from header, up to and including the MESSAGE-INTEGRITY attribute in the request, preceding the server MUST generate an error response
   with an ERROR-CODE attribute MESSAGE-
   INTEGRITY attribute.  That text is then padded with zeroes so as to
   be a response code multiple of 431.  This
   response MUST include a NONCE attribute and 64 bytes.  As a REALM attribute.

   If result, the computed HMAC doesn't differ from MESSAGE-INTEGRITY
   attribute is generally the one next to last attribute in any STUN
   message.  With the request, but
   the nonce is stale, exception of the server MUST generate an error response.  That
   error response MUST include an ERROR-CODE attribute with response
   code 430.  That error response MUST include a NONCE attribute and a
   REALM attribute.

   The server FINGERPRINT attribute, which
   appears after MESSAGE-INTEGRITY, elements MUST check for any mantadory ignore all other
   attributes in the request
   (values less than or equal to 0x7fff) which it does not understand.
   If it encounters any, follow MESSAGE-INTEGRITY.

   The key used as input to HMAC depends on the server MUST generate a Binding Error
   Response, STUN usage and it MUST include an ERROR-CODE the
   shared secret mechanism.

11.5.  FINGERPRINT

   The FINGERPRINT attribute with is present in all STUN messages.  It is
   computed as a 420
   response code.  Any attributes that are known, but are not supposed SHA1 hash of the STUN message up to (but excluding) the
   FINGERPRINT attribute itself.  The value of the attribute is the
   actual binary output of the SHA-1 function.  The FINGERPRINT
   attribute MUST be the last attribute in the message.

11.6.  ERROR-CODE

   The ERROR-CODE attribute is present in the Binding Error Response and
   Shared Secret Error Response.  It is a message (MAPPED-ADDRESS numeric value in the range of
   100 to 699 plus a request, textual reason phrase encoded in UTF-8, and is
   consistent in its code assignments and semantics with SIP [9] and
   HTTP [10].  The reason phrase is meant for example)
   MUST user consumption, and can
   be ignored.

9.1.2.  Constructing anything appropriate for the Response response code.  Recommended reason
   phrases for the defined response codes are presented below.

   To construct facilitate processing, the STUN Response class of the STUN server follows error code (the hundreds
   digit) is encoded separately from the message
   structure described in Section 6. rest of the code.

         0                   1                   2                   3
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |                   0                     |Class|     Number    |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |      Reason Phrase (variable)                                ..
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The server then copies class represents the
   Transaction ID from hundreds digit of the Request to response code.  The
   value MUST be between 1 and 6.  The number represents the Response. response
   code modulo 100, and its value MUST be between 0 and 99.

   If the STUN
   response is reason phrase has a success response, the STUN server adds 0x100 to the
   Message Type; if length that is not a failure response multiple of four
   bytes, it is padded for encoding into the STUN server adds 0x110 to the
   Message Type.

   Depending message, in which case
   the Request message type and attribute length represents the message attributes length of the request, entire ERROR-CODE
   attribute (including the reason phrase) prior to padding.

   The following response is constructed; see Figure 4.

9.1.3.  Sending the Response

   All Response messages codes, along with their recommended reason
   phrases (in brackets) are sent to the IP address and port defined at this time:

   300  (Try Alternate): The client should contact an alternate server
        for this request.

   400  (Bad Request): The request was malformed.  The client should not
        retry the
   associated Binding Request came from, and sent request without modification from the IP address
   and port the Binding Request was sent to.

9.2.  Indication Message Types

   Indication messages cause the server to change its state.  Indication
   message types to previous
        attempt.

   401  (Unauthorized): The request did not cause the contain a MESSAGE-INTEGRITY
        attribute.

   420  (Unknown Attribute): The server to send did not understand a response message.

   Indication message types are defined in other documents, for example mandatory
        attribute in [3].

10.  Short-Term Passwords

   Short-term passwords are useful to provide authentication and
   integrity protection to STUN Request and STUN Response messages.
   Short-term passwords are useful when there is no long-term
   relationship with the request.

   430  (Stale Credentials): The request did contain a MESSAGE-INTEGRITY
        attribute, but it used a STUN server and thus no long-term password is shared between the STUN secret that has expired.  The
        client should obtain a new shared secret and STUN server.  Even if there is try again.

   431  (Integrity Check Failure): The request contained a
   long-term password, MESSAGE-
        INTEGRITY attribute, but the issuance HMAC failed verification.  This
        could be a sign of a short-term password is useful
   to prevent dictionary attacks.

   Short-term passwords can potential attack, or client implementation
        error.

   432  (Missing Username): The request contained a MESSAGE-INTEGRITY
        attribute, but not a USERNAME attribute.  Both USERNAME and
        MESSAGE-INTEGRITY must be used multiple times present for as long as a
   usage allows the same short-term password integrity checks.

   433  (Use TLS): The Shared Secret request has to be used. sent over TLS,
        but was not received over TLS.

   434  (Missing Realm): The duration
   of validity is determined by usage.

11.  STUN Attributes

   To allow future revisions of this specification to add new attributes
   if needed, the REALM attribute space is divided into optional and mandatory
   ones.  Attributes with values greater than 0x7fff are optional, which
   means that was not present in the message can be processed by
        request.

   435  (Missing Nonce): The NONCE attribute was not present in the client or server even
   though
        request.

   436  (Unknown Username): The USERNAME supplied in the attribute request is not understood.  Attributes with values less
   than or equal to 0x7fff are mandatory to understand, which means that
   the client
        known or server cannot successfully process the message unless
   it understands the attribute.

   In order is not known to align attributes on word boundaries, the length of server.

   438  (Stale Nonce): The NONCE attribute was present in the
   all message attributes values MUST be 0 or request
        but wasn't valid.

   500  (Server Error): The server has suffered a multiple of 4 bytes.
   Extensions to this specification MUST also follow this requirement. temporary error.  The values of
        client should try again.

   600  (Global Failure): The server is refusing to fulfill the message attributes are enumerated in Section 15. request.
        The following figure indicates which attributes are client should not retry.

11.7.  REALM

   The REALM attribute is present in requests and responses.  It
   contains text which
   messages.  An M indicates that inclusion of meets the attribute grammar for "realm" as described in RFC
   3261 [9], and will thus contain a quoted string (including the
   message is mandatory, O means its optional, C means it's conditional
   based on some other aspect
   quotes).

   Presence of the message, and - means REALM attribute in a request indicates that long-term
   credentials are being used for authentication.  Presence in certain
   error responses indicates that the
   attribute is not applicable server wishes the client to that message type.

                                                     Error
               Attribute         Request  Response Response
               ______________________________________________
               MAPPED-ADDRESS       -        C         -
               USERNAME             O        -         -
               PASSWORD             -        -         -
               MESSAGE-INTEGRITY    O        O         O
               ERROR-CODE           -        -         M
               ALTERNATE-SERVER     -        -         C
               REALM                C        C         C use a
   long-term credential for authentication.

11.8.  NONCE                C        -         C
               UNKNOWN-ATTRIBUTES   -        -         C
               XOR-MAPPED-ADDRESS   -        M         -
               XOR-ONLY             O        -         -
               SERVER               -        O         O
               BINDING-LIFETIME     -        O         -
   Figure 4: Mandatory Attributes and Message Types

11.1.  MAPPED-ADDRESS

   The MAPPED-ADDRESS NONCE attribute indicates the mapped IP address is present in requests and
   port. in error responses.
   It consists of an eight bit address family, and a sixteen bit
   port, followed by contains a fixed length value representing the IP address.
   If the address family is IPv4, the address is 32 bits.  If the
   address family is IPv6, the address is 128 bits.

   For backwards compatibility with RFC3489-compliant STUN clients, if
   the magic cookie was not present sequence of qdtext or quoted-pair, which are defined in the associated Binding Request,
   this
   RFC 3261 [9].  See RFC 2617 [7] for guidance on selection of nonce
   values in a server.

11.9.  UNKNOWN-ATTRIBUTES

   The UNKNOWN-ATTRIBUTES attribute MUST be is present only in an error response
   when the associated response.

      Discussion:  Some NATs rewrite response code in the 32-bit binary payloads
      containing ERROR-CODE attribute is 420.

   The attribute contains a list of 16 bit values, each of which
   represents an attribute type that was not understood by the NAT's public IP address, such as STUN's MAPPED-
      ADDRESS attribute.  Such behavior interferes with server.
   If the operation of
      STUN and also causes failure number of STUN's message integrity checking.

      Presence unknown attributes is an odd number, one of the magic cookie
   attributes MUST be repeated in the STUN Request indicates list, so that the
      client is compatible with this specification and is capable of
      processing XOR-MAPPED-ADDRESS.

   The format total length of
   the MAPPED-ADDRESS attribute is:

      0                   1                   2                   3 list is a multiple of 4 bytes.

         0                   1                   2                   3 4 5 6 7 8 9
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |x x x x x x x x|    Family     |           Port                |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                   Address  (variable)
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 5: Format of MAPPED-ADDRESS attribute

   The address family can take on the following values:
       0x01:  IPv4
       0x02:  IPv6

   The port is a network byte ordered representation of the port the
   Binding Request arrived from.

   The first 8 bits of the MAPPED-ADDRESS are ignored for the purposes
   of aligning parameters on natural boundaries.

11.2.  RESPONSE-ADDRESS

   The RESPONSE-ADDRESS attribute indicates where the response to a
   Binding Request should be sent.  Its syntax is identical to MAPPED-
   ADDRESS.

   This attribute is not used by any STUN usages defined in this
   document except for backwards compatibility with RFC3489 clients when
   using the Binding Discovery usage (Section 12.2).  Section 12.2.8
   describes when this attribute must be included in a binding response.

      Issue:  should this 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |      Attribute 1 Type           |     Attribute 2 Type        |
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        |      Attribute 3 Type           |     Attribute 4 Type    ...
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 8: Format of UNKNOWN-ATTRIBUTES attribute be made specific to Binding
      Discovery or moved to another document entirely.

11.3.  CHANGED-ADDRESS

11.10.  XOR-MAPPED-ADDRESS

   The CHANGED-ADDRESS XOR-MAPPED-ADDRESS attribute indicates is present in responses.  It
   provides the IP address and port where
   responses same information that would have been sent from if the "change IP" and "change
   port" flags had been set present in the CHANGE-REQUEST MAPPED-
   ADDRESS attribute of but because the
   Binding Request.  Its syntax NAT's public IP address is identical
   obfuscated through the XOR function, STUN messages are able to MAPPED-ADDRESS. pass
   through NATs which would otherwise interfere with STUN.

   This attribute is not used by any STUN usages defined MUST always be present in this
   document except for backwards compatibility with RFC3489 clients when
   using the a Binding Discovery usage (Section 12.2).  Section 12.2.8
   describes when this attribute must Response and may
   be included used in a binding response.

      Issue: other responses as well.  Usages defining new requests and
   responses should this attribute be made specific to Binding
      Discovery or moved to another document entirely.

11.4.  CHANGE-REQUEST

   The CHANGE-REQUEST attribute specify if XOR-MAPPED-ADDRESS is used by the client applicable to request that
   the server use a different address and/or port when sending the
   response. their
   responses.

   The attribute is 32 bits long, although only two bits (A
   and B) are used: format of the XOR-MAPPED-ADDRESS is:

          0                   1                   2                   3
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 A B 0|
         |x x x x x x x x|    Family     |         X-Port                |
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The meaning
         |                X-Address (Variable)
         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 9: Format of XOR-MAPPED-ADDRESS Attribute

   The Family represents the flags are:

   A: This is the "change IP" flag.  If true, it requests the server to
      send the Binding Response with a different IP address than the one
      the Binding Request was received on.

   B: This family, and is the "change port" flag.  If true, it requests the server encoded
   identically to send the Binding Response Family in MAPPED-ADDRESS.

   X-Port is the mapped port, exclusive or'd with a different port than most significant 16
   bits of the one magic cookie.  If the Binding Request was received on.

   This attribute IP address family is not used by any STUN usages defined in this
   document.

      Issue:  should this attribute be made specific to Binding
      Discovery or moved to another document entirely.

11.5.  SOURCE-ADDRESS

   The SOURCE-ADDRESS attribute IPv4,
   X-Address is present in Binding Responses.  It
   indicates the source mapped IP address and port that exclusive or'd with the server is sending magic
   cookie.  If the response from.  Its syntax IP address family is identical to that of MAPPED-
   ADDRESS.

   This attribute IPv6, the X-Address is not used by any STUN usages defined in this
   document except for backwards compatibility the
   mapped IP address exclusively or'ed with RFC3489 clients when the magic cookie and the 96-
   bit transaction ID.

   For example, using the Binding Discovery usage (Section 12.2).  Section 12.2.8
   describes when this attribute must be included in a binding response.

      Issue:  should this attribute be made specific to Binding
      Discovery or moved "^" character to another document entirely.

11.6.  USERNAME

   The USERNAME attribute indicate exclusive or, if the
   IP address is used for message integrity.  It identifies 192.168.1.1 (0xc0a80101) and the shared secret used in port is 5555 (0x15B3),
   the message integrity check. X-Port would be 0x15B3 ^ 0x2112 = 0x34A1, and the X-Address would
   be 0xc0a80101 ^ 0x2112A442 = 0xe1baa543.

11.11.  SERVER

   The USERNAME
   is always present in server attribute contains a Shared Secret Response, along with textual description of the
   PASSWORD.  When message integrity is software
   being used with Binding Request
   messages, by the USERNAME server, including manufacturer and version number.
   The attribute MUST be included. has no impact on operation of the protocol, and serves
   only as a tool for diagnostic and debugging purposes.  The value of USERNAME
   SERVER is a variable length opaque value.

11.7.  PASSWORD length.  If the message type is Shared Secret Response it MUST include the
   PASSWORD attribute.

   The value of PASSWORD SERVER is not a variable length opaque value.  The
   password returned in the Shared Secret Response multiple
   of four bytes, it is used as padded for encoding into the HMAC STUN message, in
   which case the MESSAGE-INTEGRITY attribute length represents the length of a subsequent STUN transaction.

11.8.  MESSAGE-INTEGRITY the USERNAME
   prior to padding.

11.12.  ALTERNATE-SERVER

   The MESSAGE-INTEGRITY attribute contains alternate server represents an HMAC-SHA1 [9] of the alternate IP address and port for
   a different STUN
   message.  The MESSAGE-INTEGRITY attribute can be present server to try.  It is encoded in any STUN
   message type.  Since it uses the SHA1 hash, the HMAC will be 20
   bytes.  The text used same way as input to HMAC
   MAPPED-ADDRESS.

   This attribute is MUST only appear in an error response.

11.13.  REFRESH-INTERVAL

   The REFRESH-INTERVAL indicates the STUN message, including number of milliseconds that the header, up to
   server suggests the client should use between refreshes of the NAT
   bindings between the client and including server.  Even though the attribute preceding server may
   not know the MESSAGE-
   INTEGRITY attribute.  That text is then padded with zeroes so binding lifetimes in intervening NATs, this attribute
   serves as to
   be a multiple of 64 bytes.  As useful configuration mechanism for suggesting a result, value for
   use by the MESSAGE-INTEGRITY
   attribute is client.  Furthermore, when the last attribute in any STUN message.  However, STUN
   clients MUST be able to successfully parse and process STUN messages
   which have additional attributes after NAT Keepalive usage is
   being used, the MESSAGE-INTEGRITY
   attribute.  STUN clients that are compliant server may become overloaded with this specification
   SHOULD ignore attributes Binding Requests
   that are after the MESSAGE-INTEGRITY
   attribute.

   The key being used as input for keepalives.  The REFRESH-INTERVAL provies a
   mechanism for the server to HMAC depends on gradually reduce the STUN usage and load on itself by
   pushing back on the
   shared secret mechanism.

11.9.  ERROR-CODE

   The ERROR-CODE attribute client.

   REFRESH-INTERVAL is specified as an unsigned 32 bit integer, and
   represents an interval measured in millseconds.  It can be present in the
   Binding Error Response and
   Shared Secret Error Response.  It Responses.

12.  STUN Usages
   STUN is a numeric value in the range of
   100 to 699 plus simple request/response protocol that provides a textual reason phrase encoded in UTF-8, and is
   consistent useful
   capability in its code assignments and semantics with SIP [10] and
   HTTP [11].  The reason phrase is meant for user consumption, and can
   be anything appropriate for the response code.  The length of the
   reason phrase MUST be a multiple several situations.  In this section, different usages
   of 4 (measured STUN are described.  Each usage may differ in bytes),
   accomplished by added spaces to the end of the text, if necessary.
   Recommended reason phrases for the defined response codes how STUN servers are
   presented below.

   To facilitate processing, the class of
   discovered, when the error code (the hundreds
   digit) STUN requests are sent, what message types are
   used, what message attributes are used, and how authentication is encoded separately from
   performed.

   This specification defines the rest STUN usages for binding discovery
   (Section 12.1), connectivity check (Section 12.2), NAT keepalives
   (Section 12.3) and short-term password (Section 12.4).

   New STUN usages may be defined by other standards-track documents.
   New STUN usages MUST describe their applicability, client discovery
   of the code.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                   0                     |Class|     Number    |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      Reason Phrase (variable)                                ..
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The class represents the hundreds digit of STUN server, how the response code.  The
   value MUST be between 1 and 6.  The number represents server determines the usage, new message
   types (requests or indications), new message attributes, new error
   response
   code modulo 100, codes, and its value MUST be between 0 new client and 99. server procedures.

12.1.  Binding Discovery

   The following response codes, along with their recommended reason
   phrases (in brackets) are defined at previous version of this time:

   300  (Try Alternate):  The client should contact an alternate server
        for specification, RFC3489 [13], described
   only this request.

   400  (Bad Request):  The request was malformed.  The client should
        not retry the request without modification binding discovery usage.

12.1.1.  Applicability

   Binding discovery is used to learn reflexive addresses from servers
   on the previous
        attempt.

   401  (Unauthorized):  The Binding Request did not contain a MESSAGE-
        INTEGRITY attribute.

   420  (Unknown Attribute):  The server did not understand a mandatory
        attribute in network, generally the request.

   430  (Stale Credentials):  The Binding Request did contain a MESSAGE-
        INTEGRITY attribute, but public Internet.  That is, it is used
   by a shared secret that has
        expired.  The client should obtain a new shared secret to determine its dynamically-bound 'public' IP address
   and try
        again.

   431  (Integrity Check Failure):  The Binding Request contained a
        MESSAGE-INTEGRITY attribute, but the HMAC failed verification.
        This could be UDP port that is assigned by a sign of NAT between a potential attack, or STUN client
        implementation error.

   432  (Missing Username):  The Binding Request contained a MESSAGE-
        INTEGRITY attribute, but not and a USERNAME attribute.  Both
        USERNAME
   STUN server.  This address and MESSAGE-INTEGRITY must be present for integrity
        checks.

   433  (Use TLS):  The Shared Secret request has to port will be sent over TLS,
        but was not received over TLS.

   434  (Missing Realm):  The REALM attribute was not present in the
        request.

   435  (Missing Nonce): mapped
   address of the STUN Binding Response.

   The NONCE attribute was not mapped address present in the
        request.

   436  (Unknown Username):  The USERNAME supplied binding response can be used by
   clients to facilitate traversal of NATs for many applications.  NAT
   traversal is problematic for applications which require a client to
   insert an IP address and port into a message, to which subsequent
   messages will be delivered by other entities in a network.  Normally,
   the Request client would insert the IP address and port from a local
   interface into the message.  However, if the client is behind a NAT,
   this local interface will be a private address.  Clients within other
   address realms will not
        known or be able to send messages to that address.

   An example of a such an application is not known SIP, which requires a client
   to include IP address and port information in several places,
   including the given REALM.

   437  (Stale Nonce): Session Description Protocol (SDP [17]) body carried by
   SIP.  The NONCE attribute was IP address and port present in the request
        but wasn't valid.

   500  (Server Error):  The server has suffered SDP is used for receipt
   of media.

   To use STUN as a temporary error.  The technique for traversal of SIP and other protocols,
   when the client should try again.

   600  (Global Failure):  The server wishes to send a protocol message, it figures out the
   places in the protocol data unit where it is refusing supposed to fulfill insert its
   own IP address along with a port.  Instead of directly using a port
   allocated from a local interface, the
        request.  The client should not retry.

      Issue:  Do 300/500/600 mean allocates a port from
   the local interface, and from that other port, generates a STUN servers returned Binding
   Request.  The mapped address in the same SRV lookup should Binding Response (XOR-MAPPED-
   ADDRESS or MAPPED-ADDRESS) provides the client with an alternative IP
   address and port which it can then include in the protocol payload.
   This IP address and port may be retried / not retried?  With same
      SRV Priority?

11.10.  REFLECTED-FROM

   The REFLECTED-FROM attribute within a different address family
   than the local interfaces used by the client.  This is present only in Binding Responses,
   when not an error
   condition.  In such a case, the client would use the learned IP
   address and port as if the client was a host with an interface within
   that address family.

   In the case of SIP, to populate the SDP appropriately, a client would
   generate two STUN Binding Request contained messages at the time a RESPONSE-ADDRESS attribute.  The
   attribute contains call is
   initiated or answered.  One is used to obtain the identity (in terms of IP address) of address and port
   for RTP, and the
   source where other, for the request came from.  Its purpose is Real Time Control Protocol
   (RTCP)[15].  The client might also need to provide
   traceability, so that a use STUN server cannot be used as a reflector for
   denial-of-service attacks.  Its syntax is identical to obtain IP
   addresses and ports for usage in other parts of the MAPPED-
   ADDRESS attribute.

   This attribute SIP message.  The
   detailed usage of STUN to facilitate SIP NAT traversal is not used outside the
   scope of this specification.

   As discussed above, the addresses learned by any STUN usages defined may not be usable
   with all entities with whom a client might wish to communicate.  The
   way in which this
   document.

      Issue:  should this attribute be made specific problem is handled depends on the application
   protocol.  The ideal solution is for a protocol to Binding
      Discovery or moved allow a client to another document entirely.

11.11.  ALTERNATE-SERVER

   The alternate server represents an alternate IP
   include a multiplicity of addresses and ports in the PDU.  One of
   those can be the address and port determined from STUN, and the
   others can include addresses and ports learned from other techniques.
   The application protocol would then provide a means for dynamically
   detecting which one works.  An example of such an an approach is
   Interactive Connectivity Establishment (ICE [11]).

12.1.2.  Client Discovery of Server

   Clients SHOULD be configured with a domain name for a different TURN STUN server to try.  It is encoded in the same way as
   MAPPED-ADDRESS.

11.12.  REALM

   The REALM attribute is present in Requests and Responses.  It
   contains text which meets
   use.  In cases where the grammar client has no explicit configuration
   mechanism for "realm" as described in
   RFC3261 [10], and will thus contain a quoted string (including STUN, but knows the
   quotes).

   Presence domain of its service provider, the REALM attribute indicates
   client SHOULD use that long-term credentials
   are used for domain (in the values case of SIP, this would be the USERNAME, PASSWORD, and MESSAGE-
   INTEGRITY attributes.

11.13.  NONCE
   domain from their Address-of-Record).  The NONCE attribute is present in Requests and in Error responses.
   It contains a sequence of qdtext or quoted-pair, which are discovery mechanisms
   defined in
   RFC3261 [10].

11.14.  UNKNOWN-ATTRIBUTES

   The UNKNOWN-ATTRIBUTES attribute Section 8.1 are then applied to that domain name.

12.1.3.  Server Determination of Usage

   It is present only in anticipated that servers would advertise a Binding Error
   Response or Shared Secret Error Response when the response code specific port in the ERROR-CODE attribute is 420.

   The attribute contains
   DNS for the Binding Discovery usage.  Thus, when a list of 16 bit values, each of which
   represents an attribute type request arrives at
   that was not understood by particular port, the server.
   If server knows that the number of unknown attributes binding usage is an odd number, one of the
   attributes MUST be repeated in the list, so that the total length
   use.  This fact is only needed for purposes of determining the list
   authentication and message integrity mechanism to apply.

12.1.4.  New Requests or Indications

   This usage does not define any new message types.

12.1.5.  New Attributes

   This usage does not define any new message attributes.

12.1.6.  New Error Response Codes

   This usage does not define any new error response codes.

12.1.7.  Client Procedures

   The binding discovery is utilized by a client just prior to
   generating an application PDU that requires the client to include its
   IP address and port.  The client MAY first obtain a multiple of 4 bytes.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      Attribute 1 Type           |     Attribute 2 Type        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      Attribute 3 Type           |     Attribute 4 Type    ...
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 9: Format of UNKNOWN-ATTRIBUTES attribute

11.15.  XOR-MAPPED-ADDRESS short term
   credential using the short term password STUN usage.  The XOR-MAPPED-ADDRESS attribute credential
   that is only present obtained is then using in Binding
   Responses.  It provides the same information Request messages.  A
   Binding Request message is generated for each distinct IP address and
   port that would present in the MAPPED-ADDRESS attribute but because client requires to formulate the NAT's public IP address application PDU.

12.1.8.  Server Procedures

   It is obfuscated through RECOMMENDED that servers utilize short term credentials,
   obtained by the XOR function, STUN messages client from a Shared Secret request, for
   authentication and message integrity.  Consequently, if a Binding
   Request is generated without a short term credential, the server
   SHOULD challenge for one.

12.1.9.  Security Considerations for Binding Discovery

   There are able no security considerations for this usage beyond those
   described in Section 13.

12.2.  Connectivity Check

12.2.1.  Applicability

   This STUN usage primarily provides a connectivity check to
   pass a peer
   discovered through NATs which rendezvous protocols.  The usage presumes that
   some other mechanism, such as ICE [11] has been used allow two peer
   agents to exchange IP addresses and ports.  The agents would otherwise interfere like to
   initiate direct communications with STUN.  See the
   discussion in Section 11.1.

   This attribute MUST always be present in each other, using those IP
   addresses and ports.  However, it is not known which IP addresses and
   ports will actually work for direct exchange of communications, due
   to NAT, firewall and other network connectivity issues.
   Consequently, each agent uses a STUN Binding Response.

      Note:  Version -02 Request from each of
   their transport addresses to each of this Internet Draft used 0x8020 for this
      attribute, which was in the Optional range transport addresses of attributes. their
   peers.  This
      attribute has been moved back to 0x0020 as check serves numerous purposes.  Firstly, if a Mandatory attribute.
      [This paragraph should be removed prior response
   is received to publication as a Binding Request, an RFC.]
   The format of agent knows that that particular
   5-tuple (the transport address that the XOR-MAPPED-ADDRESS is:

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |x x x x x x x x|    Family     |         X-Port                |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                X-Address (Variable)
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Figure 10: Format of XOR-MAPPED-ADDRESS Attribute

   The Family represents Binding Request was sent to,
   along with the IP one it was sent from) are viable for direct
   communciations.  Secondly, the mapped address family, and is encoded
   identically to from the Family Binding
   Response tells the agent its reflexive address towards its peer,
   which may be another candidate for receipt of communications.
   Finally, the connectivity checks can keep NAT bindings in MAPPED-ADDRESS.

   X-Port intervening
   NATs active.

   It is fundamental to this STUN usage that the mapped port, exclusive or'd with most significant 16
   bits of addresses and ports
   used for direct communications are the magic cookie.  If same ones used for the IP address family is IPv4,
   X-Address Binding
   Requests and responses.  Consequently, it will be necessary to
   demultiplex STUN traffic from whatever the application data traffic
   is.  This demultiplexing is mapped IP address exclusive or'd with done using the magic cookie.
   If cookie along with
   the IP address family is IPv6, FINGERPRINT attribute.

   Because the X-Address connectivity check usage is the mapped IP
   address exclusively or'ed always used in conjunction
   with some kind of rendezvous protocol, it is assumed that the magic cookie
   rendezvous protocol provides the exchange of a short term credential.
   This credential is then used for authentication and message integrity
   of the 96-bit
   transaction ID.

      Issue: STUN Binding Requests and Responses.

   The motivation for XORing username and password exchanged in the IP address rendezvous protocol is clear.  Is
      there a motivation
   valid for XORing the port?

   For example, using duration of the "^" character to indicate exclusive or, if connection being checked.

12.2.2.  Client Discovery of Server

   The client does not follow the general procedure in Section 8.1.
   Instead, the client discovers the STUN server's IP address and port
   through a rendezvous protocol.  Note that the STUN server is 192.168.1.1 (0xc0a80101) a
   logical entity in this usage, and it will be running on the exact
   same IP address and port as is 5555 (0x15B3), used for actual communications.

12.2.3.  Server Determination of Usage

   The server is aware of this usage because it signalsed this port
   through the X-Port would rendezvous protocol.  Any STUN packets received on this
   port will be 0x15B3 ^ 0x2112 = 0x34A1, and for the X-Address would
   be 0xc0a80101 ^ 0x2112A442 = 0xe1baa543.

11.16.  SERVER

   The server attribute contains connectivity check usage.

12.2.4.  New Requests or Indications

   This usage does not define any new message types.

12.2.5.  New Attributes

   This usage does not define any new message attributes.

12.2.6.  New Error Response Codes

   This usage does not define any new error response codes.

12.2.7.  Client Procedures

   A client will generate a textual description of connectivity check based on the software
   being used by procedures
   defined in the server, including manufacturer rendezvous protocol that uses this usage.  Generally
   this will be done after an exchange of IP addresses and version number.
   The attribute ports has no impact on operation of
   occurred between the protocol, two clients, at which point connectivity checks
   will begin.

   Clients MUST include the FINGERPRINT attribute, to aid in
   disambiguation of STUN and serves
   only as application traffic.  Clients MUST used a tool for diagnostic and debugging purposes.
   short term credential obtained through the rendezvous protocol.  The length
   specific structure and format of the server attribute MUST be a multiple of 4 (measured in bytes),
   accomplished username and password are
   defined by added spaces to the end of the text, if necessary.
   The value rendezvous protocol.  Receipt of SERVER any non-recoverable
   STUN error is variable length.

11.17.  ALTERNATE-SERVER

   The alternate server represents an alternate indication that there is no connectivity to that IP
   address and port for
   a different STUN server to try.  It is encoded in port.

12.2.8.  Server Procedures

   In this usage, the same way short-term password is valid as
   MAPPED-ADDRESS.

   This attribute long as the UDP
   port is MUST only appear in an Error Response.  This
   attribute MUST only appear listening for STUN packets.  For example when using the TURN usage.

11.18.  BINDING-LIFETIME

   The binding lifetime indicates the number of seconds used with ICE,
   the NAT binding
   will be valid.  This attribute MUST only be present in Response
   messages.  This attribute MUST NOT short-term password would be present unless valid as long as the RTP session
   (which multiplexes STUN server and RTP) is aware of the minimum binding lifetime of all NATs on the path
   between active.

12.2.9.  Security Considerations for Connectivity Check

   The username and password, which are used for STUN's message
   integrity, are exchanged in the STUN client rendezvous protocol.  Failure to
   encrypt and integrity protect the rendezvous protocol is equivalent
   in risk to using STUN server.

12.  STUN Usages without message integrity.

12.3.  NAT Keepalives

12.3.1.  Applicability

   In this STUN usage, a client is connected to a simple request/response server for a
   particular application protocol that provides (for example, a useful
   capability in several situations.  In this section, different usages
   of STUN are described.  Each usages may differ in how STUN servers
   are discovered, SIP proxy server).
   The connection is long-lived, allowing for asynchronous messaging
   from the message types, and server to the message attributes that
   are supported.

   This specification defines client.  The client is connected to the server
   either using TCP, in which case there is a long-lived TCP connection
   from the STUN usages for binding discovery
   (Section 12.2), connectivity check (Section 12.3), NAT keepalives
   (Section 12.4) and short-term password (Section 12.5).

   New STUN usages may be defined by other standards-track documents.
   New STUN usages MUST describe their applicability, client discovery
   of to the STUN server, how or using UDP, in which case the server determines
   stores the usage, new message
   types (requests or indications), new source IP address and port of a message attributes, new error
   response codes, from a client
   (such as SIP REGISTER), and new sends messages to the client using that
   IP address and port.

   Since the connection between the client and server procedures.

12.1.  Defined STUN Usages

12.2.  Binding Discovery

   The previous version of this specification, RFC3489 [13], described
   only this binding discovery usage.

12.2.1.  Applicability is very-long
   lived, the bindings established by that connection need to be
   maintained in any intervening NATs.  Rather than implement expensive
   application-layer keepalives, the keepalives can be accomplished
   using STUN Binding discovery is useful Requests.  The client will periodically sending a
   Binding Request to learn reflexive addresses from servers
   on the network.  That is, it is used to determine your dynamically-
   bound 'public' server, using the same IP address and UDP port ports
   used for the application protocol.  These Binding Requests are
   demultiplexed at the server using the magic cookie and possibly
   FINGERPRINT.  The response from the server informs the client that
   the server is assigned by a NAT
   between a STUN client and a still alive.  The STUN server.  This usage is used with ICE
   [12].

   When short-term passwords are used with message also keeps the binding discovery,
   active in intervening NATs.  The client can also examine the
   username mapped
   address in the Binding Response.  If it has changed, the client can
   re-initiate application layer procedures to inform the server of its
   new IP address and password are valid for subsequent transactions for nine
   (9) minutes.

12.2.2. port.

12.3.2.  Client Discovery of Server

   The general client discovery of

   In this usage, the STUN server behavior and the application protocol are using
   the same fixed port.  While the multiplexing of two applications on
   the same port is sufficient for similar to the connectivity check (Section 12.2)
   usage, this usage.

12.2.3. usage is differs as the server's port is fixed and the
   server's port isn't communicated using a rendezvous protocol.

12.3.3.  Server Determination of Usage

   The general binding server behavior multiplexes both STUN and its application protocol on the
   same port.  The server knows it is sufficient for has this usage.

12.2.4. usage because the URI
   that gets resolved to this port indicates the server supports this
   multiplexing.

12.3.4.  New Requests or Indications

   This usage does not define any new message types.

12.2.5.

12.3.5.  New Attributes

   This usage does not define any new message attributes.

12.2.6.

12.3.6.  New Error Response Codes

   This usage does not define any new error response codes.

12.2.7.

12.3.7.  Client Procedures

   This usage does not define any new client procedures.

12.2.8.  Server Procedures

   In this usage, the short-term password is valid for 30 seconds after
   its initial assignment.

   For backwards compatibility with RFC3489-compliant STUN servers, if

   If the STUN server receives a Binding request without Response indicates the magic cookie, client's mapped address has
   changed from the STUN server MUST include client's expected mapped address, the following attributes in client SHOULD
   inform other applications of its new mapped address.  For example, a
   SIP client should send a new registration message indicating the Binding
   response; otherwise these attribute MUST new
   mapped address.

   The client SHOULD NOT be included:
     MAPPED-ADDRESS
     SOURCE-ADDRESS

   Likewise if the STUN server receives include a Binding Request containing the
   CHANGE-REQUEST attribute without the magic cookie, the MESSAGE-INTEGRITY attribute, since
   authentication is not used with this STUN usage.

12.3.8.  Server Procedures

   The server MUST include NOT authenticate the CHANGED-ADDRESS attribute in its Binding Response.

12.2.9. client or look for a MESSAGE-
   INTEGRITY attribute.  Authentication is not used with this STUN
   usage.

12.3.9.  Security Considerations for Binding Discovery

      Issue:  Currently, the security considerations applies to all the
      various usages.  Split it up to talk about each one?  Create
      subsections talking about each usage?

12.3.  Connectivity Check

12.3.1.  Applicability NAT Keepalives

   This STUN usage primarily provides a connectivity check to a peer
   discovered through rendezvous protocols and additionally allows
   learning reflexive does not employ message integrity or authentication
   of any sort.  This is because the client never actually uses the
   mapped address discovery to from the peer.

   The username and password exchanged STUN response.  It merely treats a change in
   that address as a hint that the rendezvous protocol is
   valid client should re-apply application
   layer procedures for the duration of the connection being checked.

12.3.2.  Client Discovery of Server

   The client does not follow establishment and registration.

   An attacker could attempt to inject faked responses, or modify
   responses in transit.  Such an attack would require the general procedure attacker to
   be on-path in Section 8.1.1.
   Instead, order to determine the transaction ID.  In the worse
   case, the attack would cause the client discovers to see a change in IP address
   or port, and then perform an application layer re-registration.  Such
   a re-registration would not use the STUN server's IP address and port
   through a rendezvous protocol such as Session Description Protocol
   (SDP [19]).  An example of such a discovery technique is ICE [12].

12.3.3.  Server Determination of Usage

   The server obtained from
   the Binding Response.  Thus, the worst that the attacker can do is aware of this usage because
   cause the client to re-register every half minute or so, when it signalsed this port
   through
   otherwise wouldn't need to.  Given the rendezvous protocol.

   When operating difficulty in launching this usage, the STUN server is listening on an
   ephemeral port rather than
   attack (it requires the IANA-assigned STUN port.  The server
   is typically multiplexing two protocols on this port, one protocol is
   STUN attacker to be on-path and to disrupt the other protocol is the peer-to-peer protocol using that
   same port.  When used with ICE,
   actual response from the two protocols multiplexed on server) compared to the
   same port are STUN and RTP [14].

12.3.4.  New Requests benefit, there is
   little motivation for authentication or Indications

   This usage does not define any new message types.

12.3.5.  New Attributes

   This usage does not define any new message attributes.

12.3.6.  New Error Response Codes

   This usage does not define any new error response codes.

12.3.7.  Client Procedures

   This usage does not define any new client procedures.

12.3.8.  Server Procedures integrity mechanisms.

12.4.  Short-Term Password

   In order to ensure interoperability, this usage, usage describes a TLS-based
   mechanism to obtain a short-term credential.  The usage makes use of
   the short-term password Shared Secret Request and Response messages.  It is valid as long defined as the UDP
   port is listening for STUN packets.  For example when used with ICE,
   the short-term password would a
   separate usage in order to allow it to run on a separate port, and to
   allow it to be valid as long as more easily separated from the RTP session
   (which multiplexes different STUN and RTP) is active.

12.3.9.  Security Considerations for Connectivity Check

   The username and password, usages,
   only some of which are used for STUN's message
   integrity, are exchanged require this mechanism.

12.4.1.  Applicability

   To thwart some on-path attacks described in Section 13, it is
   necessary for the rendezvous protocol.  Failure to
   encrypt STUN client and STUN server to integrity protect
   the rendezvous protocol information they exchange over UDP.  In the absence of a long-
   term secret (password) that is equivalent
   in risk to shared between them, a short-term
   password can be obtained using STUN without message integrity.

12.4.  NAT Keepalives

12.4.1.  Applicability

   This the usage is useful in two cases:  keeping a NAT binding open described in a
   client connection to a server and detecting server failure and NAT
   reboots. this section.

   The username and password used for returned in the STUN integrity can be used for 24
   hours.

      Issue:  do we need message integrity Shared Secret Response
   are valid for keepalives when doing use in subsequent STUN and SIP on transactions for nine (9)
   minutes with any hosts that have the same port?  Do we need message integrity for
      keepalives when doing STUN SRV Priority value as
   discovered via Section 12.4.2.  The username and RTP on password obtained
   with this usage are used as the same port (recvonly,
      inactive)

      If yes, do we continue using same USERNAME and in the HMAC for the
   MESSAGE-INTEGRITY in a subsequent STUN username/password forever
      (days?) message, respectively.

12.4.2.  Client Discovery of Server

   In this usage, the STUN server and

   The client follows the application procedures in Section 8.1.  The SRV protocol are using
   is "tls" and the same fixed port.  While service name "stun-pass".

   For example a client would look up "_stun-pass._tls.example.com" in
   DNS.

12.4.3.  Server Determination of Usage

   The server advertises this port in the multiplexing DNS as capable of two applications on receiving
   TLS over TCP connections, along with the Shared Secret messages that
   run over it.  The server MAY also advertise this same port in DNS for
   other TLS over TCP usages if the server is similar to capable of multiplexing
   those different usages.  For example, the connectivity check (Section 12.3)
   usage, server could advertise the
   short-term password and binding discovery usages on the same TLS/TCP
   port.

12.4.4.  New Requests or Indications

   The message type Shared Secret Request and its associated Shared
   Secret Response and Shared Secret Error Response are defined in this usage is differs as
   section.  Their values are enumerated in Section 15.

   The following figure indicates which attributes are present in the server's port is fixed
   Shared Secret Request, Response, and Error Response.  An M indicates
   that inclusion of the
   server's port isn't communicated using a rendezvous protocol.

12.4.3.  Server Determination attribute in the message is mandatory, O means
   its optional, C means it's conditional based on some other aspect of Usage
   the message, and - means that the attribute is not applicable to that
   message type.  Attributes not listed are not applicable to Shared
   Secret Request, Response, or Error Response.

                          Shared   Shared    Shared
                          Secret   Secret    Secret
       Attribute          Request  Response  Error
                                             Response
       ____________________________________________________________________
       USERNAME             O         M         -
       PASSWORD             -         M         -
       MESSAGE-INTEGRITY    O         O         O
       ERROR-CODE           -         -         M
       ALTERNATE-SERVER     -         -         C
       UNKNOWN-ATTRIBUTES   -         -         C
       SERVER               -         O         O
       REALM                C         -         C
       NONCE                C         -         C

   The server multiplexes both Shared Secret requests, like other STUN and requests, can be
   authenticated.  However, since its application protocol on the
   same port.  The server knows it purpose is has this usage because the URI
   that gets resolved to this port indicates obtain a short-term
   credential, the server supports this
   multiplexing.

12.4.4.  New Requests or Indications

   This usage does not define any new message types. Shared Secret request itself cannot be authenticated
   with a short-term credential.  However, it can be authenticated with
   a long-term credential.

12.4.5.  New Attributes

   This usage does not define any

   No new message attributes. attributes are defined by this usage.

12.4.6.  New Error Response Codes

   This usage does not define any new defines the 433 error response codes. response.  Only the MESSAGE-
   INTEGRITY, ERROR-CODE and SERVER attributes are applicable to this
   response.

12.4.7.  Client Procedures

   If

   Shared Secret requests are formed like other STUN requests, with the
   following additions.  Clients MUST NOT use a short-term credential
   with a Shared Secret request.  They SHOULD send the request with no
   credentials (omitting MESSAGE-INTEGRITY and USERNAME).

   Processing of the Shared Secret response follows that of any other
   STUN Response indicates response.  Note that clients MUST be prepared to be challenged
   for a long-term credential.

   If the client's mapped address has
   changed from response was a Shared Secret Response, the it will contain a
   short lived username and password, encoded in the USERNAME and
   PASSWORD attributes, respectively.  A client SHOULD use these
   credentials whenever short term credentials are needed for any server
   discovered using the client's expected mapped address, same domain name as was used to discover the client SHOULD
   inform other applications of its new mapped address. one
   which returned those credentials.  For example, if a
   SIP client should send a new registration message indicating the new
   mapped address.

12.4.8.  Server Procedures

   In this usage no authentication is used so there is no duration a
   domain name of
   the short-term password.

12.4.9.  Security Considerations for NAT Keepalives

      Issue:  Currently, the security considerations applies to all the
      various usages.  Split example.com, it would have looked up _stun-
   pass._tls.example.com in DNS, found a server, and sent a Shared
   Secret request that provided a credential to talk about each one?  Create
      subsections talking about each usage?

12.5.  Short-Term Password

   In order to ensure interoperability, the client.  The client
   would use this usage describes credential with a TLS-based
   mechanism to obtain server discovered by looking up
   _stun._udp.example.com in the DNS.

   If the response was a short-term username Shared Secret Error Response, and ERROR-CODE
   attribute was present with a response code of 433, and short-term password.

12.5.1.  Applicability

   To thwart some on-path attacks described in Section 13, it is
   necessary for the STUN client and STUN server to integrity protect had
   not sent the information they exchange request over UDP.  In TLS, the absence of client SHOULD establish a long-
   term secret (password) TLS
   connection to the server and retry the request over that is shared between them, a short-term
   password can be obtained using connection.
   If the usage described in client had used TLS, this section.

   The username error response is unrecoverable and password returned
   the client SHOULD NOT retry.

12.4.8.  Server Procedures

   The procedures for general processing of STUN requests apply to
   Shared Secret requests.  Servers MAY challenge the client for a long-
   term credential if one was not provided in a request.  However, they
   MUST NOT challenge the request for a short-term credential.

   If the STUN Shared Secret Response
   are valid for use in subsequent STUN transactions for nine (9)
   minutes Request did not arrive over a TLS connection,
   the server MUST generate a Shared Secret Error response with any hosts an
   ERROR-CODE attribute that have has a response code of 433.

   If the same SRV Priority value as
   discovered via Section 12.5.2.  The username request is valid and password obtained
   with this usage are used as authenticated (assuming the USERNAME and as server is
   performing authentication), the HMAC server MUST create a short term
   credential for the
   MESSAGE-ID in user.  This credential consists of a subsequent STUN message, respectively. username and
   password.  The credentials MUST be valid for a duration of validity of the username at least
   nine minutes, and password obtained via
   this usage depends on the usage SHOULD NOT be valid for a duration of the subsequent STUN messages longer than
   thirty minutes.  The username MUST be distinct, with extremely high
   probabilities, from all usernames that have been handed out across
   all servers that are protected with returned from DNS SRV queries for the same
   domain name.  Extremely high probability means that the likelihood of
   collision SHOULD be better than 1 in 2**64.  The password for each
   username and password.

12.5.2.  Client Discovery MUST be cryptographically random with at least 128 bits of Server
   entropy.

12.4.9.  Security Considerations for Short-Term Password

   The client follows the procedures security considerations in Section 8.1.1, except 13 do not apply to the SRV
   protocol is TCP rather than UDP Shared
   Secret request and response, since these messages do not make use of
   mapped addresses, which is the service name "stun-tls".

   For example a client would look up "_stun-tls._tcp.example.com" in
   DNS.

12.5.3.  Server Determination primary source of Usage

   The server advertises this port security
   consideration discussed there.  Rather, shared secret requests are
   used to obtain short term credentials that are used in the DNS as capable
   authentication of receiving
   TLS-protected STUN messages for this usage.  The server MAY also
   advertise this same port in DNS for other TCP usages if the server is
   capable of multiplexing those different usages.  For example, messages.

   Because the
   server could advertise

12.5.4.  New Requests or Indications

   The message type Shared Secret Request response itself carries a credential, in
   the form of a username and its associated password, it must be sent encrypted.  For
   this reason, STUN servers MUST reject any Shared Secret Response and request that
   has not arrived over a TLS connection.

   Malicious clients could generate a multiplicity of Shared Secret Error Response
   requests, each of which causes the server to allocate shared secrets,
   each of which might consume memory and processing resources.  If
   shared secret requests are defined in not being authenticated, this
   section.  Their values are enumerated in Section 15.

   The following figure indicates which attributes leads to a
   possible denial-of-service attack.  Indeed, even if the requestor is
   authenticated, attacks are present in still possible.

   To prevent being swamped with traffic, a STUN server SHOULD limit the
   Shared Secret Request, Response, and Error Response.  An M indicates
   that inclusion
   number of simultaneous TLS connections it will hold open by dropping
   an existing connection when a new connection request arrives (based
   on an Least Recently Used (LRU) policy, for example).

   Similarly, servers SHOULD allocate only a small number of shared
   secrets to a host with a particular source IP address and port.
   Requests from the attribute in same IP address and port which exceed this limit
   SHOULD be rejected with a 600 response.  Servers SHOULD also limit
   the message is mandatory, O means
   its optional, C means it's conditional total number of shared secrets they will provide at a time across
   all clients, based on some other aspect of the message, number of users and expected loads during
   normal peak usage.  If a Shared Secret request arrives and N/A means that the attribute is server
   has exceeded its limit, it SHOULD reject the request with a 500
   response.

   Furthermore, for servers which are not applicable to authenticating shared secret
   requests, it is RECOMMENDED that message type.  Attributes not listed are short-term credentials be
   constructed in a way such that they do not applicable to
   Shared Secret Request, Response, require memory or Error Response.

                       Shared   Shared    Shared
                       Secret   Secret    Secret
    Attribute          Request  Response  Error
                                          Response
    ____________________________________________________________________
    USERNAME             -         M         -
    PASSWORD             -         M         -
    ERROR-CODE           -         -         M
    UNKNOWN-ATTRIBUTES   -         -         C
    SERVER               -         O         O
    REALM                C         -         C
   Note:  As this usage requires running over TLS, MESSAGE-INTEGRITY
   isn't necessary.

12.5.5.  New Attributes

   No new attributes are defined by this usage.

12.5.6.  New Error Response Codes disk to
   store.

   This usage does not define any new error response codes.

12.5.7.  Client Procedures

   The client opens up can be done by intelligently computing the connection to that address and port, username and
   immediately begins TLS negotiation[6].  The client MUST verify
   password.  One approach is to construct the
   identity of USERNAME as:

         USERNAME = <prefix,rounded-time,clientIP,hmac>

   Where prefix is some random text string (different for each shared
   secret request), rounded-time is the server.  To do that, it follows current time modulo 20 minutes,
   clientIP is the identification
   procedures defined in Section 3.1 of RFC2818 [5].  Those procedures
   assume source IP address where the client Shared Secret Request
   came from, and hmac is dereferencing an HMAC [13] over the prefix, rounded-time,
   and client IP, using a URI.  For purposes of usage with server private key.

   The password is then computed as:

         password = <hmac(USERNAME,anotherprivatekey)>

   With this specification, the client treats structure, the domain name or IP address
   used username itself, which will be present in Section 9.1 as the host portion of
   the URI that has been
   dereferenced.  Once Binding Request, contains the connection is opened, source IP address where the client sends a Shared
   Secret request.  This request has no attributes, just the
   header.  The transaction ID in Request came from.  That allows the header MUST server to meet the
   requirements
   outlined for the transaction ID in a binding request, described specified in Section 9.3 below.

   If 8.1 for constructing the response was a Shared Secret Error Response, REFLECTED-
   FROM attribute.  The server can verify that the client checks username was not
   tampered with, using the response code hmac present in the ERROR-CODE attribute.  If username.

13.  Security Considerations

   Attacks on STUN systems vary depending on the response was a
   Shared Secret Response, it will contain a usage.  The short lived username term
   password usage is quite different from the other usages defined here,
   and
   password, encoded in its security considerations are unique to it and discussed as
   part of the USERNAME usage definition.  However, all of the other usages are
   very similar, and PASSWORD attributes,
   respectively.

12.5.8.  Server Procedures

   After share a client has established similar set of security considerations as a TLS session,
   consequence of their usage of the server should
   expect a mapped address from STUN message containing a Shared Secret Request.  The server
   will generates a response, which can either be a Shared Secret
   Response or a Shared Secret Error Response.

12.5.9.  Security Considerations for Short-Term Password

      Issue:  Currently, the Binding
   Responses.  Consequently, these security considerations applies to all the
      various usages.  Split it up to talk about each one?  Create
      subsections talking about each usage?

13.  Security Considerations

   Issue:  This section has not been revised to properly consider the
   attacks on each of STUN's different usages.  This needs apply to be done.
   usage of the mapped address.

13.1.  Attacks on STUN

   Generally speaking, attacks on STUN can be classified into denial of
   service attacks and eavesdropping attacks.  Denial of service attacks
   can be launched against a STUN server itself, or against other
   elements using the STUN protocol.  STUN servers create state through
   the Shared Secret Request mechanism.  To prevent being swamped with
   traffic, a STUN server SHOULD limit the number of simultaneous TLS
   connections it will hold open by dropping an existing connection when
   a new connection request arrives (based on an Least Recently Used
   (LRU) policy, for example).  Similarly, if the server is storing
   short-term passwords it SHOULD limit the number of shared secrets it
   will store.  The attacks of greater interest
   are those in which the STUN server and client are used to launch
   denial of service (DoS) attacks against other entities, including the
   client itself.  Many of the attacks require the attacker to generate
   a response to a legitimate STUN request, in order to provide the
   client with a faked
   XOR-MAPPED-ADDRESS or MAPPED-ADDRESS.  In the sections below, we
   refer to either the XOR-MAPPED-ADDRESS or MAPPED-ADDRESS as just the mapped address (note the lower case). address.  The attacks that can be launched
   using such a technique include:

13.1.1.  Attack I: DDoS Against a Target

   In this case, the attacker provides a large number of clients with
   the same faked mapped address that points to the intended target.
   This will trick all the STUN clients into thinking that their
   addresses are equal to that of the target.  The clients then hand out
   that address in order to receive traffic on it (for example, in SIP
   or H.323 messages).  However, all of that traffic becomes focused at
   the intended target.  The attack can provide substantial
   amplification, especially when used with clients that are using STUN
   to enable multimedia applications.

13.1.2.  Attack II: Silencing a Client

   In this attack, the attacker seeks to deny a client access to
   services enabled by STUN (for example, a client using STUN to enable
   SIP-based multimedia traffic).  To do that, the attacker provides
   that client with a faked mapped address.  The mapped address it
   provides is an IP address that routes to nowhere.  As a result, the
   client won't receive any of the packets it expects to receive when it
   hands out the mapped address.  This exploitation is not very
   interesting for the attacker.  It impacts a single client, which is
   frequently not the desired target.  Moreover, any attacker that can
   mount the attack could also deny service to the client by other
   means, such as preventing the client from receiving any response from
   the STUN server, or even a DHCP server.

13.1.3.  Attack III: Assuming the Identity of a Client

   This attack is similar to attack II.  However, the faked mapped
   address points to the attacker themself.  This allows the attacker to
   receive traffic which was destined for the client.

13.1.4.  Attack IV: Eavesdropping

   In this attack, the attacker forces the client to use a mapped
   address that routes to itself.  It then forwards any packets it
   receives to the client.  This attack would allow the attacker to
   observe all packets sent to the client.  However, in order to launch
   the attack, the attacker must have already been able to observe
   packets from the client to the STUN server.  In most cases (such as
   when the attack is launched from an access network), this means that
   the attacker could already observe packets sent to the client.  This
   attack is, as a result, only useful for observing traffic by
   attackers on the path from the client to the STUN server, but not
   generally on the path of packets being routed towards the client.

13.2.  Launching the Attacks

   It is important to note that attacks of this nature (injecting
   responses with fake mapped addresses) require that the attacker be
   capable of eavesdropping requests sent from the client to the server
   (or to act as a man in the middle for such attacks).  This is because
   STUN requests contain a transaction identifier, selected by the
   client, which is random with 96 bits of entropy.  The server echoes
   this value in the response, and the client ignores any responses that
   don't have a matching transaction ID.  Therefore, in order for an
   attacker to provide a faked response that is accepted by the client,
   the attacker needs to know the transaction ID of the request.  The
   large amount of randomness, combined with the need to know when the
   client sends a request and the IP address and UDP ports used for that
   request, precludes attacks that involve guessing the transaction ID.

   Since all of the above attacks rely on this one primitive - injecting
   a response with a faked mapped address - preventing the attacks is
   accomplished by preventing this one operation.  To prevent it, we
   need to consider the various ways in which it can be accomplished.
   There are several:

13.2.1.  Approach I: Compromise a Legitimate STUN Server

   In this attack, the attacker compromises a legitimate STUN server
   through a virus or Trojan horse.  Presumably, this would allow the
   attacker to take over the STUN server, and control the types of
   responses it generates.  Compromise of a STUN server can also lead to
   discovery of open ports.  Knowledge of an open port creates an
   opportunity for DoS attacks on those ports (or DDoS attacks if the
   traversed NAT is a full cone NAT).  Discovering open ports is already
   fairly trivial using port probing, so this does not represent a major
   threat.

13.2.2.  Approach II: DNS Attacks

   STUN servers are discovered using DNS SRV records.  If an attacker
   can compromise the DNS, it can inject fake records which map a domain
   name to the IP address of a STUN server run by the attacker.  This
   will allow it to inject fake responses to launch any of the attacks
   above.  Clearly, this attack is only applicable for usages which
   discover servers through DNS.

13.2.3.  Approach III: Rogue Router or NAT

   Rather than compromise the STUN server, an attacker can cause a STUN
   server to generate responses with the wrong mapped address by
   compromising a router or NAT on the path from the client to the STUN
   server.  When the STUN request passes through the rogue router or
   NAT, it rewrites the source address of the packet to be that of the
   desired mapped address.  This address cannot be arbitrary.  If the
   attacker is on the public Internet (that is, there are no NATs
   between it and the STUN server), and the attacker doesn't modify the
   STUN request, the address has to have the property that packets sent
   from the STUN server to that address would route through the
   compromised router.  This is because the STUN server will send the
   responses back to the source address of the request.  With a modified
   source address, the only way they can reach the client is if the
   compromised router directs them there.

   If the attacker is on the
   public Internet, but they can modify the STUN request, they can
   insert a RESPONSE-ADDRESS attribute into the request, containing the
   actual source address of the STUN request.  This will cause the
   server to send the response to the client, independent of the source
   address the STUN server sees.  This gives the attacker the ability to
   forge an arbitrary source address when it forwards the STUN request.

      Todo:  RESPONSE-ADDRESS has been removed from this version of the
      specification.  Reword or remove above paragraph accordingly.

   If the attacker is on a private network (that is, there are NATs
   between it and the STUN server), the attacker will not be able to
   force the server to generate arbitrary mapped addresses in responses.
   They will only be able force the STUN server to generate mapped
   addresses which route to the private network.  This is because the
   NAT between the attacker and the STUN server will rewrite the source
   address of the STUN request, mapping it to a public address that
   routes to the private network.  Because of this, the attacker can
   only force the server to generate faked mapped addresses that route
   to the private network.  Unfortunately, it is possible that a low
   quality NAT would be willing to map an allocated public address to
   another public address (as opposed to an internal private address),
   in which case the attacker could forge the source address in a STUN
   request to be an arbitrary public address.  This kind of behavior
   from NATs does appear to be rare.

13.2.4.  Approach IV: Man in the Middle

   As an alternative to approach III (Section 13.2.3), if the attacker
   can place an element on the path from the client to the server, the
   element can act as a man-in-the-middle.  In that case, it can
   intercept a STUN request, and generate a STUN response directly with
   any desired value of the mapped address field.  Alternatively, it can
   forward the STUN request to the server (after potential
   modification), receive the response, and forward it to the client.
   When forwarding the request and response, this attack is subject to
   the same limitations on the mapped address described in Approach III
   (Section 13.2.3).

13.2.5.  Approach V: Response Injection Plus DoS

   In this approach, the attacker does not need to be a MitM (as in
   approaches III and IV).  Rather, it only needs to be able to
   eavesdrop onto a network segment that carries STUN requests.  This is
   easily done in multiple access networks such as ethernet or
   unprotected 802.11.  To inject the fake response, the attacker
   listens on the network for a STUN request.  When it sees one, it
   simultaneously launches a DoS attack on the STUN server, and
   generates its own STUN response with the desired mapped address
   value.  The STUN response generated by the attacker will reach the
   client, and the DoS attack against the server is aimed at preventing
   the legitimate response from the server from reaching the client.
   Arguably, the attacker can do without the DoS attack on the server,
   so long as the faked response beats the real response back to the
   client, and the client uses the first response, and ignores the
   second (even though it's different).

13.2.6.  Approach VI: Duplication

   This approach is similar to approach V (Section 13.2.5).  The
   attacker listens on the network for a STUN request.  When it sees it,
   it generates its own STUN request towards the server.  This STUN
   request is identical to the one it saw, but with a spoofed source IP
   address.  The spoofed address is equal to the one that the attacker
   desires to have placed in the mapped address of the STUN response.
   In fact, the attacker generates a flood of such packets.  The STUN
   server will receive the one original request, plus a flood of
   duplicate fake ones.  It generates responses to all of them.  If the
   flood is sufficiently large for the responses to congest routers or
   some other equipment, there is a reasonable probability that the one
   real response is lost (along with many of the faked ones), but the
   net result is that only the faked responses are received by the STUN
   client.  These responses are all identical and all contain the mapped
   address that the attacker wanted the client to use.

   The flood of duplicate packets is not needed (that is, only one faked
   request is sent), so long as the faked response beats the real
   response back to the client, and the client uses the first response,
   and ignores the second (even though it's different).

   Note that, in this approach, launching a DoS attack against the STUN
   server or the IP network, to prevent the valid response from being
   sent or received, is problematic.  The attacker needs the STUN server
   to be available to handle its own request.  Due to the periodic
   retransmissions of the request from the client, this leaves a very
   tiny window of opportunity.  The attacker must start the DoS attack
   immediately after the actual request from the client, causing the
   correct response to be discarded, and then cease the DoS attack in
   order to send its own request, all before the next retransmission
   from the client.  Due to the close spacing of the retransmits (100ms
   to a few seconds), this is very difficult to do.

   Besides DoS attacks, there may be other ways to prevent the actual
   request from the client from reaching the server.  Layer 2
   manipulations, for example, might be able to accomplish it.

   Fortunately, this approach is subject to the same limitations
   documented in Approach III (Section 13.2.3), which limit the range of
   mapped addresses the attacker can cause the STUN server to generate.

13.3.  Countermeasures

   STUN provides mechanisms to counter the approaches described above,
   and additional, non-STUN techniques can be used as well.

   First off, it is RECOMMENDED that networks with STUN clients
   implement ingress source filtering [7]. [6].  This is particularly
   important for the NATs themselves.  As Section 13.2.3 explains, NATs
   which do not perform this check can be used as "reflectors" in DDoS
   attacks.  Most NATs do perform this check as a default mode of
   operation.  We strongly advise people that purchase NATs to ensure
   that this capability is present and enabled.

   Secondly, for usages where the STUN server is not co-located with
   some kind of application (such as the binding discovery usage), it is
   RECOMMENDED that STUN servers be run on hosts dedicated to STUN, with
   all UDP and TCP ports disabled except for the STUN ports.  This is to
   prevent viruses and Trojan horses from infecting STUN servers, in
   order to prevent their compromise.  This helps mitigate Approach I
   (Section 13.2.1).

   Thirdly, to prevent the DNS attack of Section 13.2.2, Section 8.1.2 8.2
   recommends that the client verify the credentials provided by the
   server with the name used in the DNS lookup.

   Finally, all of the attacks above rely on the client taking the
   mapped address it learned from STUN, and using it in application
   layer protocols.  If encryption and message integrity are provided
   within those protocols, the eavesdropping and identity assumption
   attacks can be prevented.  As such, applications that make use of
   STUN addresses in application protocols SHOULD use integrity and
   encryption, even if a SHOULD level strength is not specified for that
   protocol.  For example, multimedia applications using STUN addresses
   to receive RTP traffic would use secure RTP [20]. [21].

   The above three techniques are non-STUN mechanisms.  STUN itself
   provides several countermeasures.

   Approaches IV (Section 13.2.4), when generating the response locally,
   and V (Section 13.2.5) require an attacker to generate a faked
   response.  A faked response must match the 96-bit transaction ID of
   the request.  The attack further prevented by using the message
   integrity mechanism provided in STUN, described in Section 11.8.

   Approaches III (Section 13.2.3), IV (Section 13.2.4), when using the
   relaying technique, and VI (Section 13.2.6), however, are not
   preventable through server signatures.  All three approaches are most
   potent when the attacker can modify the request, inserting a
   RESPONSE-ADDRESS that routes to the client.  Fortunately, such
   modifications are preventable using the message integrity techniques STUN, described in Section 11.8.  However, these 11.4.

   Approaches III (Section 13.2.3), IV (Section 13.2.4), when using the
   relaying technique, and VI (Section 13.2.6), however, are not
   preventable through server signatures.  These three approaches are still
   functional when the attacker modifies nothing but the source address
   of the STUN request.  Sadly, this is the one thing that cannot be
   protected through cryptographic means, as this is the change that
   STUN itself is seeking to detect and report.  It is therefore an
   inherent weakness in NAT, and not fixable in STUN.

13.4.  Residual Threats

   None of the countermeasures listed above can prevent the attacks
   described in Section 13.2.3 if the attacker is in the appropriate
   network paths.  Specifically, consider the case in which the attacker
   wishes to convince client C that it has address V. The attacker needs
   to have a network element on the path between A and the server (in
   order to modify the request) and on the path between the server and V
   so that it can forward the response to C. Furthermore, if there is a
   NAT between the attacker and the server, V must also be behind the
   same NAT.  In such a situation, the attacker can either gain access
   to all the application-layer traffic or mount the DDOS attack
   described in Section 13.1.1.  Note that any host which exists in the
   correct topological relationship can be DDOSed.  It need not be using
   STUN.

14.  IAB Considerations

      Todo:  The diagnostic usages have been removed from this document,
      which reduces the brittleness of STUN.  This section should be
      updated accordingly.

   The IAB has studied the problem of "Unilateral Self Address Fixing"
   (UNSAF), which is the general process by which a client attempts to
   determine its address in another realm on the other side of a NAT
   through a collaborative protocol reflection mechanism (RFC3424 [21]). [22]).
   STUN is an example of a protocol that performs this type of function. function
   for the binding discovery and connectivity check usages.  The IAB has
   mandated that any protocols developed for this purpose document a
   specific set of considerations.  This section meets those
   requirements.
   requirements for those two usages.

14.1.  Problem Definition

   From RFC3424 [21], [22], any UNSAF proposal must provide:

      Precise definition of a specific, limited-scope problem that is to
      be solved with the UNSAF proposal.  A short term fix should not be
      generalized to solve other problems; this is why "short term fixes
      usually aren't".

   The specific problem being solved by STUN is to provide a means for a
   client to obtain an address on the public Internet from a non-
   symmetric NAT, mapped address which can be used for the express purpose of receiving incoming UDP
   traffic from another host, targeted to that address.  STUN does not
   address traversal receipt
   of NATs using TCP, either incoming or outgoing, and
   does not address outgoing UDP communications. application packets.

14.2.  Exit Strategy

   From RFC3424 [21], [22], any UNSAF proposal must provide:

      Description of an exit strategy/transition plan.  The better short
      term fixes are the ones that will naturally see less and less use
      as the appropriate technology is deployed.

   STUN by itself does not provide an exit strategy.  This is provided
   by techniques, such as Interactive Connectivity Establishment (ICE
   [12]),
   [11]), which allow a client to determine whether addresses learned
   from STUN are needed, or whether other addresses, such as the one on
   the local interface, will work when communicating with another host.
   With such a detection technique, as a client finds that the addresses
   provided by STUN are never used, STUN queries can cease to be made,
   thus allowing them to phase out.

   STUN can also help facilitate the introduction of other NAT traversal
   techniques such as MIDCOM [22].  As midcom-capable NATs are deployed,
   applications will, instead of using STUN (which also resides at the
   application layer), first allocate an address binding using midcom.
   However, it is a well-known limitation of MIDCOM that it only works
   when the agent knows the middleboxes through which its traffic will
   flow.  Once bindings have been allocated from those middleboxes, a
   STUN detection procedure can validate that there are no additional
   middleboxes on the path from the public Internet to the client.  If
   this is the case, the application can continue operation using the
   address bindings allocated from MIDCOM.  If it is not the case, STUN
   provides a mechanism for self-address fixing through the remaining
   MIDCOM-unaware middleboxes.  Thus, STUN provides a way to help
   transition to full MIDCOM-aware networks.

14.3.  Brittleness Introduced by STUN

   From RFC3424 [21], [22], any UNSAF proposal must provide:

      Discussion of specific issues that may render systems more
      "brittle".  For example, approaches that involve using data at
      multiple network layers create more dependencies, increase
      debugging challenges, and make it harder to transition.

   STUN introduces brittleness into the system in several ways:

   o  The binding acquisition usage is dependant on NAT's behavior when
      forwarding UDP packets from arbitrary hosts on harder to transition.

   STUN introduces brittleness into the public side of system in several ways:

   o  Transport addresses discovered by STUN in the NAT.  Application specific processing Binding Discovery
      usage will generally only be
      needed.  For symmetric NATs, useful for receiving packets from a peer if the binding acquisition will
      NAT does not
      yield a usable address.  The tight dependency have address or address and port dependent mapping
      properties.  When this usage is used in isolation, this makes STUN
      brittle, since its effectiveness depends on the specific type of NAT makes NAT.  This
      brittleness is eliminated when the protocol brittle. Binding Discovery usage is used
      in concert with mechanisms which can verify the transport address
      and use others if it doesn't work.  ICE is an example of such a
      mechanism.

   o  Transport addresses discovered by STUN assumes that in the Binding Discovery
      usage will only be useful for receive packets from a peer if the
      STUN server exists on subtends the address realm of the peer.  For example,
      consider client A and B, both of which have residential NAT
      devices.  Both devices connect them to their cable operators, but
      both clients have different providers.  Each provider has a NAT in
      front of their entire network, connecting it to the public
      Internet.  If the STUN server used by A is located in another private A's cable operator's
      network, an address realm, the user
      may or may obtained by it will not be able usable by B. The
      STUN server must be in the network which is a common ancestor to use
      both - in this case, the public Internet.  When this usage is used
      in isolation, this makes STUN brittle, since its discovered address to
      communicate effectiveness
      depends on the topological placement of the STUN server.  This
      brittleness is eliminated when the Binding Discovery usage is used
      in concert with other users.  There mechanisms which can verify the transport address
      and use others if it doesn't work.  ICE is no way to detect an example of such a
      condition.
      mechanism.

   o  The bindings allocated from the NAT need to be continuously
      refreshed.  Since the timeouts for these bindings is very
      implementation specific, the refresh interval cannot easily be
      determined.  When the binding is not being actively used to
      receive traffic, but to wait for an incoming message, the binding
      refresh will needlessly consume network bandwidth.

   o  The use of the STUN server in the Binding Discovery usage as an
      additional network element introduces another point of potential
      security attack.  These
      attacks are largely prevented by the security measures provided by
      STUN, but not entirely.

   o  The use of the STUN server as an additional network element
      introduces another point of failure.  If the client cannot locate
      a STUN server, or if the server should be unavailable due to
      failure, the application cannot function.

   o  The use of STUN to discover address bindings will result in an
      increase in latency for applications.  For example, a Voice over
      IP application will see an increase of call setup delays equal to
      at least one RTT to the STUN server.

   o  STUN imposes some restrictions on the network topologies for
      proper operation.  If client A obtains an address from STUN server
      X, and sends it to client B, B may not be able to send to A using
      that IP address.  The address will not work if any of the
      following is true:

      *  The STUN server is not in an address realm that is a common
         ancestor (topologically) of both clients A and B. For example,
         consider client A and B, both of which have residential NAT
         devices.  Both devices connect them to their cable operators,
         but both clients have different providers.  Each provider has a
         NAT in front of their entire network, connecting it to the
         public Internet.  If the STUN server used by A is in A's cable
         operator's network, an address obtained attacks are largely prevented by it will not be
         usable the
      security measures provided by B. STUN, but not entirely.

   o  The use of the STUN server must be in the as an additional network which is element
      introduces another point of failure.  If the client cannot locate
      a
         common ancestor STUN server, or if the server should be unavailable due to both - in this case,
      failure, the public Internet.

      * application cannot function.

   o  The use of STUN server is to discover address bindings may result in an address realm that is
      increase in latency for applications.

   o  Transport addresses discovered by STUN in the Binding Discovery
      usage will only be useful for receive packets from a common
         ancestor to both clients, but both clients are peer behind
      the same NAT connecting to that address realm.  For example, if the two
         clients in the previous example had the same cable operator,
         that cable operator had a single NAT connecting their network
         to the public Internet, and the STUN server was supports hairpinning [12].  When
      this usage is used in isolation, this makes STUN brittle, since
      its effectiveness depends on the public
         Internet, topological placement of the address obtained by A would not be usable by B.
         That STUN
      server.  This brittleness is because some NATs will not accept an internal packet
         sent to a public IP address which eliminated when the Binding Discovery
      usage is mapped back to an internal
         address.  To deal used in concert with this, additional protocol mechanisms or
         configuration parameters need to be introduced which detect
         this case.

   o  Most significantly, STUN introduces potential security threats which cannot be eliminated.  This specification describes
      heuristics that can be used to mitigate verify the problem, but
      transport address and use others if it doesn't work.  ICE is
      provably unsolvable given what an
      example of such a mechanism.

   o  Most significantly, STUN is trying to accomplish. introduces potential security threats
      which cannot be eliminated through cryptographic means.  These
      security problems are described fully in Section 13.

14.4.  Requirements for a Long Term Solution

   From RFC3424 [21], [22], any UNSAF proposal must provide:

      Identify requirements for longer term, sound technical solutions
      -- contribute to the process of finding the right longer term
      solution.

   Our experience with STUN has led to the following requirements for a
   long term solution to the NAT problem:

   o  Requests for bindings and control of other resources in a NAT need
      to be explicit.  Much of the brittleness in STUN derives from its
      guessing at the parameters of the NAT, rather than telling the NAT
      what parameters to use, or knowing what parameters the NAT will
      use.

   o  Control needs to be in-band.  There are far too many scenarios in
      which the client will not know about the location of middleboxes
      ahead of time.  Instead, control of such boxes needs to occur in-
      band, traveling along the same path as the data will itself
      travel.  This guarantees that the right set of middleboxes are
      controlled.  This is only true for first-party controls; third-
      party controls are best handled using the MIDCOM framework.

   o  Control needs to be limited.  Users will need to communicate
      through NATs which are outside of their administrative control.
      In order for providers to be willing to deploy NATs which can be
      controlled by users in different domains, the scope of such
      controls needs to be extremely limited - typically, allocating a
      binding to reach the address where the control packets are coming
      from.

   o  Simplicity is Paramount.  The control protocol will need to be
      implement in very simple clients.  The servers will need to
      support extremely high loads.  The protocol will need to be
      extremely robust, being the precursor to a host of application
      protocols.  As such, simplicity is key.

14.5.  Issues with Existing NAPT Boxes

   From RFC3424 [21], [22], any UNSAF proposal must provide:

      Discussion of the impact of the noted practical issues with
      existing, deployed NA[P]Ts and experience reports.

   Several of the practical issues with STUN involve future proofing -
   breaking the protocol when new

   Originally, RFC 3489 was developed as a standalone solution for NAT
   traversal for several types get deployed.  Fortunately,
   this is not an issue at the current time, since most of the deployed
   NATs are of the types assumed by STUN.  The primary usage STUN has
   found is in the area of VoIP, to facilitate allocation of addresses
   for receiving RTP [14] traffic.  In that application, the periodic
   keepalives are usually (but not always) provided by the RTP traffic
   itself. applications, including VoIP.
   However, several practical problems arise for RTP.  First,
   in the absence of [23], RTP assumes that RTCP traffic is on a port
   one higher than the RTP traffic.  This pairing property cannot be
   guaranteed through NATs that are not directly controllable.  As a
   result, RTCP traffic may not be properly received. [23] mitigates
   this by allowing the client to signal a different port for RTCP but
   there will be interoperability problems for some time.

   For VoIP, silence suppression can cause a gap in the transmission of
   RTP packets.  If experience found that silence period exceeds the NAT binding timeout,
   this could result in the loss limitations of a NAT binding its usage
   in the middle of isolation made it impractical as a
   call.  This can be mitigated by sending occasional packets to keep
   the binding alive.  However, the result is additional brittleness.

14.6.  In Closing

   The problems with STUN are not design flaws in STUN.  The problems in
   STUN have to do with the lack of standardized behaviors complete solution.  There were
   too many NATs which didn't support hairpinning or which had address
   and controls
   in NATs.  The result of port dependent mapping properties.

   Consequently, STUN was revised to produce this lack of standardization has been specification, which
   turns STUN into a
   proliferation of devices whose behavior tool that is highly unpredictable,
   extremely variable, and uncontrollable.  STUN does the best it can in
   such used as part of a hostile environment.  Ultimately, the broader solution.
   For multimedia communciations protocols, this broader solution is to make
   ICE.  ICE uses the
   environment less hostile, and to introduce controls binding discovery and standardized
   behaviors into NAT.  However, until such time as that happens, STUN
   provides a good short term solution given connectivity check usages
   together.  When done this way, ICE eliminates almost all of the terrible conditions
   under which it is forced to operate.
   brittleness and issues found with RFC 3489 alone.

15.  IANA Considerations

   IANA is hereby requsted to create two new registries STUN Message
   Types and STUN Attributes.  IANA must assign the following values to
   both registeries before publication of this document as an RFC.  New
   values for both STUN Message Type and STUN Attributes are assigned
   through the IETF consensus process via RFCs approved by the IESG. IESG
   [23].

15.1.  STUN Message Type Registry

   For STUN Message Types that are request message types, they MUST must be
   registered including associated Response message types and Error
   Response message types, and those responses must have values that are
   0x100 and 0x110 higher than their respective Request values.

   For STUN Message Types that are Indication message types, no
   associated restriction applies.  As the message type field is only 14
   bits the range of valid values is 0x001 through 0x3FFF.

   The initial STUN Message Types are:

        0x0001  :  Binding

    0x0001:Binding Request
        0x0101  :  Binding
    0x0101:Binding Response
        0x0111  :  Binding
    0x0111:Binding Error Response
        0x0002  :  Shared
    0x0002:Shared Secret Request
        0x0102  :  Shared
    0x0102:Shared Secret Response
        0x0112  :  Shared Secret Error Response
        0x0002  :  Shared Secret Request
        0x0102  :  Shared Secret Responsed
        0x0112  :  Shared
    0x0112:Shared Secret Error Response

15.2.  STUN Attribute Registry

   STUN attributes values above 0x7FFF are considered optional
   attributes; attributes equal to 0x7FFF or below are considered
   mandatory attributes.  The STUN client and STUN server process
   optional and mandatory attributes differently.  IANA should assign
   values based on the RFC consensus process.

   The initial STUN Attributes are:

    0x0001: MAPPED-ADDRESS
        0x0002: RESPONSE-ADDRESS
        0x0003: CHANGE-REQUEST
        0x0004: SOURCE-ADDRESS
        0X0005: CHANGED-ADDRESS
    0x0006: USERNAME
    0x0007: PASSWORD
    0x0008: MESSAGE-INTEGRITY
    0x0009: ERROR-CODE
    0x000A: UNKNOWN-ATTRIBUTES
        0x000B: REFLECTED-FROM
        0x000E: ALTERNATE-SERVER
    0x0014: REALM
    0x0015: NONCE
    0x0020: XOR-MAPPED-ADDRESS
    0x0023: FINGERPRINT
    0x8022: SERVER
    0x8023: ALTERNATE-SERVER
    0x8024: BINDING-LIFETIME REFRESH-INTERVAL

16.  Changes Since RFC 3489

   This specification updates RFC3489 [13].  This specification differs
   from RFC3489 in the following ways:

   o  Removed the usage of STUN for NAT type detection and binding
      lifetime discovery.  These techniques have proven overly brittle
      due to wider variations in the types of NAT devices than described
      in this document.  Removed the RESPONSE-ADDRESS, CHANGED-ADDRESS,
      CHANGE-REQUEST, SOURCE-ADDRESS, and REFLECTED-FROM attributes.

   o  Removed the STUN example that centered around the separation of
      the control and media planes.  Instead, provided more information
      on using STUN with protocols.

   o  Added a fixed 32-bit magic cookie and reduced length of
      transaction ID by 32 bits.  The magic cookie begins at the same
      offset as the original transaction ID.

   o  Added the XOR-MAPPED-ADDRESS attribute, which is included in
      Binding Responses if the magic cookie is present in the request.
      Otherwise the RFC3489 behavior is retained (that is, Binding
      Response includes MAPPED-ADDRESS).  See discussion in XOR-MAPPED-
      ADDRESS regarding this change.

   o  Explicitly point out that the most significant two bits of STUN
      are 0b00, allowing easy differentiation with RTP packets when used
      with ICE.

   o  Added support for IPv6.  Made it clear that an IPv4 client could
      get a v6 mapped address, and vice-a-versa.

   o  Added long-term credential-based authentication.

   o  Added the SERVER, REALM, NONCE, and ALTERNATE-SERVER attributes.

   o  Removed recommendation to continue listening for STUN Responses
      for 10 seconds in an attempt to recognize an attack.

   o  Introduced the concept of STUN usages and defined four usages -
      Binding Discovery, Connectivity Check, NAT Keepalive, and Short
      term password.

17.  Acknowledgements

   The authors would like to thank Cedric Aoun, Pete Cordell, Cullen
   Jennings, Bob Penfield and Chris Sullivan for their comments, and
   Baruch Sterman and Alan Hawrylyshen for initial implementations.
   Thanks for Leslie Daigle, Allison Mankin, Eric Rescorla, and Henning
   Schulzrinne for IESG and IAB input on this work.

18.  References

18.1.  Normative References

   [1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [2]  Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.

   [3]  Rosenberg, J., "Traversal Using Relay NAT (TURN)",
        draft-rosenberg-midcom-turn-08 (work in progress),
        September 2005.

   [4]  Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
        specifying the location of services (DNS SRV)", RFC 2782,
        February 2000.

   [5]

   [4]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

   [6]

   [5]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
        RFC 2246, January 1999.

   [7]

   [6]  Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating
        Denial of Service Attacks which employ IP Source Address
        Spoofing", BCP 38, RFC 2827, May 2000.

   [8]

   [7]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
        Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication:

        Basic and Digest Access Authentication", RFC 2617, June 1999.

18.2.  Informational References

   [9]

   [8]   Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing
         for Message Authentication", RFC 2104, February 1997.

   [10]

   [9]   Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
         Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
         Session Initiation Protocol", RFC 3261, June 2002.

   [11]

   [10]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
         Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
         HTTP/1.1", RFC 2616, June 1999.

   [12]

   [11]  Rosenberg, J., "Interactive Connectivity Establishment (ICE): A
         Methodology for Network  Address Translator (NAT) Traversal for
         Offer/Answer Protocols", draft-ietf-mmusic-ice-06 draft-ietf-mmusic-ice-08 (work in
         progress), October 2005. March 2006.

   [12]  Audet, F. and C. Jennings, "NAT Behavioral Requirements for
         Unicast UDP", draft-ietf-behave-nat-udp-07 (work in progress),
         June 2006.

   [13]  Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, "STUN
         - Simple Traversal of User Datagram Protocol (UDP) Through
         Network Address Translators (NATs)", RFC 3489, March 2003.

   [14]  Rosenberg, J., "Obtaining Relay Addresses from Simple Traversal
         of UDP Through NAT (STUN)", draft-ietf-behave-turn-00 (work in
         progress), March 2006.

   [15]  Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson,
         "RTP: A Transport Protocol for Real-Time Applications", STD 64,
         RFC 3550, July 2003.

   [15]

   [16]  Jennings, C. and R. Mahy, "Managing Client Initiated
         Connections in the Session Initiation Protocol  (SIP)",
         draft-ietf-sip-outbound-01
         draft-ietf-sip-outbound-03 (work in progress), October 2005.

   [16]  Kohl, J. and B. Neuman, "The Kerberos Network Authentication
         Service (V5)", RFC 1510, September 1993. March 2006.

   [17]  Handley, M., "SDP: Session Description Protocol",
         draft-ietf-mmusic-sdp-new-26 (work in progress), January 2006.

   [18]  Senie, D., "Network Address Translator (NAT)-Friendly
         Application Design Guidelines", RFC 3235, January 2002.

   [18]

   [19]  Holdrege, M. and P. Srisuresh, "Protocol Complications with the
         IP Network Address Translator", RFC 3027, January 2001.

   [19]

   [20]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with
         Session Description Protocol (SDP)", RFC 3264, June 2002.

   [20]

   [21]  Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
         Norrman, "The Secure Real-time Transport Protocol (SRTP)",
         RFC 3711, March 2004.

   [21]

   [22]  Daigle, L. and IAB, "IAB Considerations for UNilateral Self-
         Address Fixing (UNSAF) Across Network Address Translation",
         RFC 3424, November 2002.

   [22]  Srisuresh, P., Kuthan, J., Rosenberg, J., Molitor, A., and A.
         Rayhan, "Middlebox communication architecture and framework",
         RFC 3303, August 2002.

   [23]  Huitema, C., "Real Time Control Protocol (RTCP) attribute  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
         Considerations Section in
         Session Description Protocol (SDP)", RFCs", BCP 26, RFC 3605, 2434,
         October 2003. 1998.

Authors' Addresses

   Jonathan Rosenberg
   Cisco Systems
   600 Lanidex Plaza
   Parsippany, NJ  07054
   US

   Phone: +1 973 952-5000
   Email: jdrosen@cisco.com
   URI:   http://www.jdrosen.net

   Christian Huitema
   Microsoft
   One Microsoft Way
   Redmond, WA  98052
   US

   Email: huitema@microsoft.com

   Rohan Mahy
   Plantronics
   345 Encinal Street
   Santa Cruz, CA  95060
   US

   Email: rohan@ekabal.com

   Dan Wing
   Cisco Systems
   771 Alder Drive
   San Jose, CA  95035
   US

   Email: dwing@cisco.com

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.