wdiff draft-ietf-behave-rfc3489bis-06.txt draft-ietf-behave-rfc3489bis-07.txt

BEHAVE Working Group J. Rosenberg
Internet-Draft Cisco
Obsoletes: 3489 (if approved) C. Huitema
Intended status: Standards Track Microsoft
Expires: September 6, 2007 January 9, 2008 R. Mahy
Plantronics
P. Matthews
Avaya
D. Wing
Cisco Systems
March 5,
July 8, 2007

Session Traversal Utilities for (NAT) (STUN)
draft-ietf-behave-rfc3489bis-06
draft-ietf-behave-rfc3489bis-07

Status of this Memo

By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on September 6, 2007. January 9, 2008.

Abstract

Session Traversal Utilities for NAT (STUN) is a lightweight protocol that serves
as a tool for application other protocols in dealing with NAT traversal. It allows a client can
be used by an endpoint to determine the IP address and port allocated
to them it by a NAT and to keep NAT bindings open. NAT. It can also serve as a be used to check for connectivity between a client
two endpoints, and as a server
in the presence of NAT, and for the client keep-alive protocol to detect failure of the
server. maintain NAT bindings.
STUN works with many existing NATs, and does not require any special
behavior from them. As

STUN is not a result, NAT traversal solution by itself. Rather, it allows is a wide variety of
applications tool
to work through existing be used in the context of a NAT infrastructure. traversal solution. This is an
important change from the previous version of this specification (RFC
3489), which presented STUN as a complete solution.

This document obsoletes RFC 3489.

Table of Contents

1. Applicability Statement Introduction . . . . . . . . . . . . . . . . . . . 5
2. Introduction . . . . . . 4
2. Evolution from RFC 3489 . . . . . . . . . . . . . . . . . . . 5 4
3. Terminology Overview of Operation . . . . . . . . . . . . . . . . . . . . 5
4. Terminology . . . . . 6
4. Definitions . . . . . . . . . . . . . . . . . . . . 8
5. Definitions . . . . . 6
5. Overview of Operation . . . . . . . . . . . . . . . . . . . . 7 9
6. STUN Message Structure . . . . . . . . . . . . . . . . . . . . 11 10
7. STUN Transactions . Base Protocol Procedures . . . . . . . . . . . . . . . . . . . 12
7.1. Forming a Request or an Indication . . 14
7.1. Request/Response Transactions . . . . . . . . . 12
7.2. Sending the Request or Indication . . . . . 14
7.2. Indications . . . . . . . 13
7.2.1. Sending over UDP . . . . . . . . . . . . . . . . 15
8. Client Behavior . . . 13
7.2.2. Sending over TCP or TLS-over-TCP . . . . . . . . . . . 14
7.3. Receiving a STUN Message . . . . . . . . . 15
8.1. Discovery . . . . . . . 15
7.3.1. Processing a Request . . . . . . . . . . . . . . . . . 15
8.2. Obtaining 16
7.3.1.1. Forming a Shared Secret . Success or Error Response . . . . . . . 17
7.3.1.2. Sending the Success or Error Response . . . . . . 17
7.3.2. Processing an Indication . . 16
8.3. Request/Response Transactions . . . . . . . . . . . . . 18
7.3.3. Processing a Success Response . 17
8.3.1. Formulating the Request Message . . . . . . . . . . . 17
8.3.2. 18
7.3.4. Processing Responses an Error Response . . . . . . . . . . . . . 18
8. FINGERPRINT Mechanism . . . . 19
8.3.3. Timeouts . . . . . . . . . . . . . . . . 19
9. DNS Discovery of a Server . . . . . . . 22
8.4. Indication Transactions . . . . . . . . . . . 19
10. Authentication and Message-Integrity Mechanisms . . . . . . 22
9. Server Behavior . 20
10.1. Short-Term Credential Mechanism . . . . . . . . . . . . . 21
10.1.1. Forming a Request or Indication . . . . . . . . . 23
9.1. Request/Response Transactions . . 21
10.1.2. Receiving a Request or Indication . . . . . . . . . . 21
10.1.3. Receiving a Response . . 23
9.1.1. Receive Request Message . . . . . . . . . . . . . . . 23
9.1.2. Constructing the Response 22
10.2. Long-term Credential Mechanism . . . . . . . . . . . . . 23
10.2.1. Forming a Request . 26
9.1.3. Sending the Response . . . . . . . . . . . . . . . . . 27
9.2. Indication Transactions 24
10.2.1.1. First Request . . . . . . . . . . . . . . . . . 27
10. Demultiplexing of STUN and Application Traffic . 24
10.2.1.2. Subsequent Requests . . . . . . . 28
11. STUN Attributes . . . . . . . . 24
10.2.2. Receiving a Request . . . . . . . . . . . . . . . 29
11.1. MAPPED-ADDRESS . . 24
10.2.3. Receiving a Response . . . . . . . . . . . . . . . . . 25
11. ALTERNATE-SERVER Mechanism . . 29
11.2. USERNAME . . . . . . . . . . . . . . . . 26
12. Backwards Compatibility with RFC 3489 . . . . . . . . 30
11.3. PASSWORD . . . . 26
12.1. Changes to Client Processing . . . . . . . . . . . . . . 27
12.2. Changes to Server Processing . . . . . . 31
11.4. MESSAGE-INTEGRITY . . . . . . . . 27
13. STUN Usages . . . . . . . . . . . . 31
11.5. FINGERPRINT . . . . . . . . . . . . . 28
14. STUN Attributes . . . . . . . . . . 31
11.6. ERROR-CODE . . . . . . . . . . . . . 29
14.1. MAPPED-ADDRESS . . . . . . . . . . 31
11.7. REALM . . . . . . . . . . . 30
14.2. XOR-MAPPED-ADDRESS . . . . . . . . . . . . . . . 33
11.8. NONCE . . . . 31
14.3. USERNAME . . . . . . . . . . . . . . . . . . . . . . 33
11.9. UNKNOWN-ATTRIBUTES . . 32
14.4. MESSAGE-INTEGRITY . . . . . . . . . . . . . . . . . 33
11.10. XOR-MAPPED-ADDRESS . . . 32
14.5. FINGERPRINT . . . . . . . . . . . . . . . . 34
11.11. SERVER . . . . . . . 33
14.6. ERROR-CODE . . . . . . . . . . . . . . . . . . 35
11.12. ALTERNATE-SERVER . . . . . 33
14.7. REALM . . . . . . . . . . . . . . . 35
11.13. REFRESH-INTERVAL . . . . . . . . . . . 34
14.8. NONCE . . . . . . . . . 35
12. STUN Usages . . . . . . . . . . . . . . . . . 35
14.9. UNKNOWN-ATTRIBUTES . . . . . . . . 36
12.1. Binding Discovery . . . . . . . . . . . 35
14.10. SERVER . . . . . . . . . 36
12.1.1. Applicability . . . . . . . . . . . . . . . . 35
14.11. ALTERNATE-SERVER . . . . 36
12.1.2. Client Discovery of Server . . . . . . . . . . . . . . 37
12.1.3. Server Determination of Usage . . 36
15. Security Considerations . . . . . . . . . . 38
12.1.4. New Requests or Indications . . . . . . . . . 36
15.1. Attacks against the Protocol . . . . 38
12.1.5. New Attributes . . . . . . . . . . 36
15.1.1. Outside Attacks . . . . . . . . . . 38
12.1.6. New Error Response Codes . . . . . . . . . 36
15.1.2. Inside Attacks . . . . . . 38
12.1.7. Client Procedures . . . . . . . . . . . . . . 36
15.2. Attacks Affecting the Usage . . . . 38
12.1.8. Server Procedures . . . . . . . . . . . 36
15.2.1. Attack I: DDoS Against a Target . . . . . . . 38
12.1.9. Security Considerations for Binding Discovery . . . . 38
12.2. NAT Keepalives 37
15.2.2. Attack II: Silencing a Client . . . . . . . . . . . . 37
15.2.3. Attack III: Assuming the Identity of a Client . . . . 37
15.2.4. Attack IV: Eavesdropping . . . . . 39
12.2.1. Applicability . . . . . . . . . . 38
15.3. Hash Agility Plan . . . . . . . . . . 39
12.2.2. Client Discovery of Server . . . . . . . . . . 38
16. IAB Considerations . . . . 39
12.2.3. Server Determination of Usage . . . . . . . . . . . . 39
12.2.4. New Requests or Indications . . . . . . 38
17. IANA Considerations . . . . . . . 39
12.2.5. New Attributes . . . . . . . . . . . . . . 39
17.1. STUN Methods Registry . . . . . . 40
12.2.6. New Error Response Codes . . . . . . . . . . . . 39
17.2. STUN Attribute Registry . . . 40
12.2.7. Client Procedures . . . . . . . . . . . . . . 39
17.3. STUN Error Code Registry . . . . 40
12.2.8. Server Procedures . . . . . . . . . . . . 40
18. Changes Since RFC 3489 . . . . . . 40
12.2.9. Security Considerations for NAT Keepalives . . . . . . 40
12.3. Short-Term Password . . . . . . . . 40
19. Acknowledgements . . . . . . . . . . . 41
12.3.1. Applicability . . . . . . . . . . . . . . . . . . . . 41
12.3.2. Client Discovery of Server . . . . 42
20. References . . . . . . . . . . 41
12.3.3. Server Determination of Usage . . . . . . . . . . . . 42
12.3.4. New Requests or Indications . . . . . . . . . . . . . 42
12.3.5. New Attributes . . . . . . . . . . . . . . . . . . .
20.1. Normative References . 43
12.3.6. New Error Response Codes . . . . . . . . . . . . . . . 43
12.3.7. Client Procedures . . 42
20.2. Informational References . . . . . . . . . . . . . . . . 43
12.3.8. Server Procedures . . . . . . . . . . . . . . .
Appendix A. C Snippet to Determine STUN Message Types . . . 43
12.3.9. Security Considerations for Short-Term Password . . . 44
13. Security Considerations . . . . . . . . . . . . . . . . .
Authors' Addresses . . 45
13.1. Attacks on STUN . . . . . . . . . . . . . . . . . . . . . 45
13.1.1. Attack I: DDoS Against a Target . 44
Intellectual Property and Copyright Statements . . . . . . . . . . 46
13.1.2. Attack II: Silencing

1. Introduction

The protocol defined in this specification, Session Traversal
Utilities for NAT, provides a Client . . . . . . . . . . . . 46
13.1.3. Attack III: Assuming the Identity toolkit of functions for dealing with
NATs. It provides a Client . . . . 46
13.1.4. Attack IV: Eavesdropping . . . . . . . . . . . . . . . 46
13.2. Launching means for an endpoint to determine the Attacks . . . . . . . . . . . . . . . . . . 47
13.2.1. Approach I: Compromise IP
address and port allocated by a Legitimate STUN Server . . . 47
13.2.2. Approach II: DNS Attacks . . . . . . . . . . . . . . . 47
13.2.3. Approach III: Rogue Router or NAT . . . . . . . . . . 48
13.2.4. Approach IV: Man in the Middle . . . . . . . . . . . . 48
13.2.5. Approach V: Response Injection Plus DoS . . . . . . . 49
13.2.6. Approach VI: Duplication . . . . . . . . . . . . . . . 49
13.3. Countermeasures . . . . . . . . . . . . . . . . . . . . . 50
13.4. Residual Threats . . . . . . . . . . . . . . . . . . . . 51
14. IAB Considerations . . . . . . . . . . . . . . . . . . . . . . 51
14.1. Problem Definition . . . . . . . . . . . . . . . . . . . 52
14.2. Exit Strategy . . . . . . . . . . . . . . . . . . . . . . 52
14.3. Brittleness Introduced by STUN . . . . . . . . . . . . . 52
14.4. Requirements for a Long Term Solution . . . . . . . . . . 54
14.5. Issues with Existing NAPT Boxes . . . . . . . . . . . . . 55
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55
15.1. STUN Methods Registry . . . . . . . . . . . . . . . . . . 55
15.2. STUN Attribute Registry . . . . . . . . . . . . . . . . . 55
16. Changes Since RFC 3489 . . . . . . . . . . . . . . . . . . . . 56
17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 57
18. References . . . . . . . . . . . . . . . . . . . . . . . . . . 57
18.1. Normative References . . . . . . . . . . . . . . . . . . 57
18.2. Informational References . . . . . . . . . . . . . . . . 58
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 59
Intellectual Property and Copyright Statements . . . . . . . . . . 61

1. Applicability Statement

This protocol is not a cure-all for the problems associated with NAT.
It is a tool that is typically used in conjunction with other
protocols, such as Interactive Connectivity Establishment (ICE) [13]
for a more complete solution. The binding discovery usage, defined
by this specification, can be used by itself with numerous
application protocols as a solution for NAT traversal. However, when
used in that way, STUN will not work with applications that require
incoming TCP connections through NAT. It will allow incoming UDP
packets through NAT, but only through a subset of existing NAT types.
In particular, the STUN binding usage by itself does not enable
incoming UDP packets through NATs whose mapping property is address
dependent or address and port dependent [14]. Furthermore, the
binding usage, when used by itself, does not work when a client is
communicating with a peer which happens to be behind the same NAT.
Nor will it work when the STUN server is not in a common shared
address realm.

The STUN relay usage, defined in [16], allows a client to obtain an
IP address and port that actually reside on the STUN server. The
STUN relay usage, when used by itself, eliminates all of the
limitations of using the binding usage by itself, as described above.
However, it requires a server to act as a relay for application
traffic, which can be expensive to provide, operate, and manage.

For multimedia protocols based on the offer/answer model [22],
including the Session Initiation Protocol (SIP) [11], Interactive
Connectivity Establishment (ICE) uses both the binding usage and
relay usage, and furthermore defines a connectivity check usage to
help determine which transport address to use.

Implementers should be aware of the specific deployment scenarios and
the specific protocol (SIP, etc) being used to determine whether NAT
traversal can be facilitated by STUN and which STUN usages are
required.

2. Introduction

Network Address Translators (NATs), while providing many benefits,
also come with many drawbacks. The most troublesome of those
drawbacks is the fact that they break many existing IP applications
and make it difficult to deploy new ones. Guidelines have been
developed [20] that describe how to build "NAT friendly" protocols,
but many protocols simply cannot be constructed according to those
guidelines. Examples of such protocols include almost all peer-to-
peer protocols such as multimedia communications, file sharing and
games.

To combat this problem, Application Layer Gateways (ALGs) have been
embedded in NATs. ALGs perform the application layer functions
required for a particular protocol to traverse a NAT. Typically,
this involves rewriting application layer messages to contain
translated addresses, rather than the ones inserted by the sender of
the message. ALGs have serious limitations, including scalability,
reliability, and speed of deploying new applications.

Many existing proprietary protocols, such as those for online games
(such as the games described in RFC3027 [21]) and Voice over IP, have
developed tricks that allow them to operate through NATs without
changing those NATs and without relying on ALG behavior in the NATs.
This document takes some of those ideas and codifies them into an
interoperable protocol that can meet the needs of many applications.

The protocol described here, Session Traversal Utilities for NAT
(STUN), provides a toolkit of functions. These functions allow
entities behind a NAT to learn the address bindings allocated by the
NAT and to keep those bindings open. STUN requires no changes to
NATs and works with an arbitrary number of NATs in tandem between the
application entity and the public Internet.

3. Terminology

In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119
[1] and indicate requirement levels for compliant STUN
implementations.

4. Definitions

STUN Client: A STUN client (also just referred to as a client) is an
entity that generates STUN requests and receives STUN responses.
Clients can also generate STUN indications.

STUN Server: A STUN Server (also just referred to as a server) is an
entity that receives STUN requests and sends STUN responses.
Servers also send STUN indications.

Transport Address: The combination of an IP address and transport
protocol (such as UDP or TCP) port.

Reflexive Transport Address: A transport address learned by a client
that identifies that client as seen by another host on an IP
network, typically a STUN server. When there is an intervening
NAT between the client and the other host, the reflexive transport
address represents the binding allocated to the client on the
public side of the NAT. Reflexive transport addresses are learned
from the mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-
ADDRESS) in STUN responses.

Mapped Address: The source IP address and port of the STUN Binding
Request packet received by the STUN server and inserted into the
mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) of
the Binding Response message.

Long Term Credential: A username and associated password that
represent a shared secret between client and server. Long term
credentials are generally granted to the client when a subscriber
enrolles in a service and persist until the subscriber leaves the
service or explicitly changes the credential.

Long Term Password: The password from a long term credential.

Short Term Credential: A temporary username and associated password
which represent a shared secret between client and server. A
short term credential has an explicit temporal scope, which may be
based on a specific amount of time (such as 5 minutes) or on an
event (such as termination of a SIP dialog). The specific scope
of a short term credential is defined by the application usage. A
short term credential can be obtained from a Shared Secret
request, though other mechanisms are possible.

Short Term Password: The password component of a short term
credential.

5. Overview of Operation

This section is descriptive only. Normative behavior is described in
Section 8 and Section 9
/-----\
// STUN \\
| Server |
\\ //
\-----/

+--------------+ Public Internet
................| NAT 2 |.......................
+--------------+

+--------------+ Private NET 2
................| NAT 1 |.......................
+--------------+

/-----\
// STUN \\
| Client |
\\ // Private NET 1
\-----/

Figure 1: Typical STUN Server Configuration

The typical STUN configuration is shown in Figure 1. A STUN client
is connected to private network 1. This network connects to private
network 2 through NAT 1. Private network 2 connects to the public
Internet through NAT 2. The STUN server resides on the public
Internet.

STUN is a simple client-server protocol. It supports two types of
transactions. One is a request/response transaction in which client
sends a request to a server, and the server returns a response. The
second are indications that are initiated by the server or the client
and do not elicit a response. There are two types of requests
defined in this specification - Binding Requests and Shared Secret
Requests. There are no indications defined by this specification.

Binding Requests are sent from the client towards the server. When
the Binding Request arrives at the STUN server, it may have passed
through one or more NATs between the STUN client and the STUN server
(in Figure 1, there were two such NATs). As a result, the source
transport address of the request received by the server will be the
mapped address created by the NAT closest to the server. The STUN
server copies that source transport address into a STUN Binding
Response and sends it back to the source transport address of the
STUN request. Every type of NAT will route that response so that it
arrives at the STUN client. From this response, the client knows its
transport address allocated by the outermost NAT towards the STUN
server.

STUN provides several mechanisms for authentication and message
integrity. The client and server can share a pre-provisioned shared
secret, which is used for a digest challenge/response authentication
operation. This is known as a long-term credential or long-term
shared secret.

Alternatively, if the shared secret is obtained by some out-of-bands
means and has a lifetime that is temporally scoped, a simple HMAC is
provided, without a challenge operation. This is known as a short
term credential or short term password. Short-term passwords are
useful when there is no long-term relationship with a STUN server and
thus no long-term password is shared between the STUN client and STUN
server. Even if there is a long-term password, the issuance of a
short-term password is useful to prevent dictionary attacks.

STUN itself provides a mechanism for obtaining such short term
credentials, using the Shared Secret Request. Shared Secret requests
are sent over TLS [5] over TCP. Shared Secret Requests ask the
server to return a temporary username and password that can be used
in subsequent STUN requests.

There are many ways in which these basic mechanisms can be used to
accomplish a specific task. As a result, STUN has the notion of a
usage. A usage is a specific use case for the STUN protocol. The
usage will define what the client does with the mapped address it
receives, defines when the client would send Binding requests and
why, and would constrain the set of authentication mechanisms or
attributes that get used in that usage. STUN usages can also define
new attributes and message types, if needed. This specification
defines three STUN usages - binding discovery, NAT keepalives, and
short-term password.

The binding discovery usage is sometimes referred to as 'classic
STUN,' since it is the usage originally envisioned in RFC 3489 [15],
the predecessor to this specification. The purpose of the binding
discovery usage is for the client to obtain a transport address at
which it is reachable. The client can include these transport
addresses in application layer signaling messages such as the Session
Description Protocol (SDP) [19] (present in the body of SIP
messages), where it indicates where the client wants to receive Real
Time Transport Protocol (RTP [17]) traffic. In this usage, the STUN
server is typically located on the public Internet and run by the
service provider offering the application service (such as a SIP
provider), though this need not be the case. The client would
utilize the STUN request just prior to sending a protocol message
(such as a SIP INVITE request or 200 OK response) that requires the
client to embed its transport address.

In the binding keepalive usage, a client sends an application
protocol message (such as a SIP REGISTER message) to a server. The
server notes the source transport address of the request, and
remembers it. Later on, if it needs to reach the client, it sends a
message to that transport address. However, this message will only
be received by the client if the binding in the NAT is still alive.
Since bindings allocated by NAT expire unless refreshed, the client
must generate keepalive messages toward the server to refresh the
binding. Rather than use expensive application layer messages, a
STUN binding request is sent by the client to the server, and is sent
to the exact same transport address used by the server for the
application protocol. In the case of SIP, this would typically mean
port 5060 or 5061. This has the effect of keeping the bindings in
the NAT alive. The STUN binding responses also inform the client
that the server is still responsive, and also inform the client if
its transport address towards the server have changed (its reflexive
transport address), in which case it may need application layer
protocol messaging to update its transport address as seen by the
server. The binding keepalive usage is used by the SIP outbound
mechanism, for example [18].

These two usages all utilize the same Binding Request message, and
all require the same basic processing on the server. They differ
only in where the server is (a standalone server in the network, or
embedded in an application layer server), when the Binding Request is
used and what the client does with the mapped address that is
returned.

The short-term password usage makes use of the Shared Secret request
and response, and allows a client to obtain a temporary set of
credentials to authenticate itself with the STUN server. The
credentials obtained from this usage can be used in requests for any
other usage.

Some usages (such as the binding keepalive) require STUN messages to
be sent on the same transport address as some application protocol,
such as RTP or SIP. To facilitate the demultiplexing of the two,
STUN defines a special field in the message called the magic cookie,
which is a fixed 32 bit value that identifies STUN traffic. STUN
requests also contain a fingerprint, which is a cryptographic hash of
the message, that allow for validation that the message was a STUN
request and not a data packet that happened to have the same 32 bit
value in the right place in the message.

STUN servers can be discovered through DNS, though this is not
necessary in all usages. For those usages where it is needed, STUN
makes use of SRV records [3] to facilitate discovery. This discovery
allows for different transport addresses to be found for different
usages.

6. STUN Message Structure

STUN messages are TLV (type-length-value) encoded using big endian
(network ordered) binary. STUN messages are encoded using binary
fields. All integer fields are carried in network byte order, that
is, most significant byte (octet) first. This byte order is commonly
known as big-endian. The transmission order is described in detail
in Appendix B of RFC791 [2]. Unless otherwise noted, numeric
constants are in decimal (base 10). All STUN messages start with a
single STUN header followed by a STUN payload. The payload is a
series of STUN attributes, the set of which depends on the message
type. The STUN header contains a STUN message type, magic cookie,
transaction ID, and length. The length indicates the total length of
the STUN payload, not including the 20-byte header.

There are two types of transactions in STUN - request/response
transactions, which utilize a request message and a response message,
and indication transactions, which utilizes a single indication
message. Furthermore, responses are broken into two types - success
responses and error responses. Two bits in the message type field of
the STUN header indicate the class of the message - whether the
message is a request, a success response, an indication, or a failure
response. An additional 12 bits in the message type indicate the
method, which is the primary function of the message. This
specification defines two methods, Binding and Shared Secret.

STUN Requests are sent reliably. STUN can run over UDP, TCP or TCP/
TLS. When run over UDP, STUN requests are retransmitted in order to
achieve reliability. The transaction ID is used to correlate
requests and responses.

An indication message can be sent from the client to the server, or
from the server to the client. Indication messages can be sent over
TCP or UDP. STUN itself does not provide reliability for these
messages, though they will be delivered reliably when sent over TCP.
The transaction ID is used to distinguish indication messages.

All STUN messages consist of a 20 byte header:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0| STUN Message Type | Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Magic Cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Transaction ID
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 2: Format of STUN Message Header

The most significant two bits of every STUN message are both zeroes.
This, combined with the magic cookie and the fingerprint attribute,
aid in differentiating STUN packets from other protocols when STUN is
multiplexed with other protocols on the same port.

The message type field is decomposed further into the following
structure:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|M|M|M|M|C|M|M|M|C|M|M|M|M|
|1|1|9|8|7|1|6|5|4|0|3|2|1|0|
|1|0| | | | | | | | | | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 3: Format of STUN Message Type Field

M11 through M0 represent a 12-bit encoding of the method. C1 through
C0 represent a 2 bit encoding of the class. A class of 0 is a
Request, a class of 1 is an indication, a class of 2 is a success
response, and a class of 3 is an error response. This specification
defines two methods, Binding and Shared Secret. Their method values
are enumerated in Section 15.

The message length is the size, in bytes, of the message not
including the 20 byte STUN header.

The magic cookie is a fixed value, 0x2112A442. In the previous
version of this specification [15] this field was part of the
transaction ID. This fixed value is used as part of the
identification of a STUN message when STUN is multiplexed with other
protocols on the same port, as is done for example in [13] and [18].
The magic cookie additionally indicates the STUN client is compliant
with this specification. The magic cookie is present in all STUN
messages -- requests, success responses, error responses and
indications.

The transaction ID is a 96 bit identifier. STUN transactions are
identified by their unique 96-bit transaction ID. For request/
response transactions, the transaction ID is chosen by the STUN
client and MUST be unique for each new STUN transaction generated by
that STUN client. The transaction ID MUST be uniformly and randomly
distributed between 0 and 2**96 - 1. The large range is needed
because the transaction ID serves as a form of randomization, helping
to prevent replays of previously signed responses from the server. A
reponse to the STUN request, whether it be a success or error
response, carries the same transaction ID as the request.
Indications are also identified by their transaction ID. The
transaction ID there MUST also be uniformly and randomly distributed
between 0 and 2**96 - 1.As with requests, the value is chosen by the
server and MUST be unique for each unique indication generated by the
server. Unless a request or indication is bit-wise identical to a
previous request, and was sent to the same server from the same
transport address, a client MUST choose a new transaction ID for it.

After the STUN header are zero or more attributes. Each attribute is
TLV encoded, with a 16 bit type, 16 bit length, and variable value.
Each STUN attribute ends on a 32 bit boundary:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 4: Format of STUN Attributes

The Length refers to the length of the actual useful content of the
Value portion of the attribute, measured in bytes. Since STUN aligns
attributes on 32 bit boundaries, attributes whose content is not a
multiple of 4 bytes are padded with 1, 2 or 3 bytes of padding so
that they are a multiple of 4 bytes. Such padding is only needed
with attributes that take freeform strings, such as USERNAME and
PASSWORD. For attributes that contain more structured data, the
attributes are constructed to align on 32 bit boundaries. The value
in the Length field refers to the length of the Value part of the
attribute prior to padding - i.e., the useful content. Consequently,
when parsing messages, implementations will need to round up the
Length field to the nearest multiple of four in order to find the
start of the next attribute.

The attribute types defined in this specification are in Section 11 .

7. STUN Transactions

STUN defines two types of transactions - request/response
transactions and indication transactions.

7.1. Request/Response Transactions

STUN clients are allowed to pipeline STUN requests. That is, a STUN
client MAY have multiple outstanding STUN requests with different
transaction IDs and not wait for completion of a STUN request/
response exchange before sending another STUN request.

When running STUN over UDP it is possible that the STUN request or
its response might be dropped by the network. Reliability of STUN
request message types is accomplished through client retransmissions.
Clients SHOULD retransmit the request starting with an interval of
RTO, doubling after each retransmission. RTO is an estimate of the
round-trip-time, and is computed as described in RFC 2988 [8], with
two exceptions. First, the initial value for RTO SHOULD be
configurable (rather than the 3s recommended in RFC 2988). In fixed-
line access links, a value of 100ms is RECOMMENDED. Secondly, the
value of RTO MUST NOT be rounded up to the nearest second. Rather, a
1ms accuracy MUST be maintained. As with TCP, the usage of Karn's
algorithm is RECOMMENDED. When applied to STUN, it means that RTT
estimates SHOULD NOT be computed from STUN transactions which result
in the retransmission of a request.

The value for RTO SHOULD be cached by an agent after the completion
of the transaction, and used as the starting value for RTO for the
next transaction to the same host (based on equality of IP address).
The value SHOULD be considered stale and discarded after 10 minutes.

Retransmissions continue until a response is received, or a total of
7 requests have been sent. If no response is received by 1.6 seconds
after the last request has been sent, the client SHOULD consider the
transaction to have failed. A STUN transaction over UDP is also
considered failed if there has been a transport failure of some sort,
such as a fatal ICMP error. For example, assuming an RTO of 100ms,
requests would be sent at times 0ms, 100ms, 300ms, 700ms, 1500ms,
3100ms, and 6300ms. At 7900ms, the agent would consider the
transaction to have timed out if no response has been received.

When running STUN over TCP, TCP is responsible for ensuring delivery.
The STUN application SHOULD NOT retransmit STUN requests when running
over TCP. If the client has not received a response after 7900ms, it
considers the transaction to have timed out.

Regardless of whether TCP or UDP was used for the transaction, if a
failure occurs and the client has other servers it can reach (as a
consequence of an SRV query which provides a multiplicity of STUN
servers Section 8.1, for example), the client SHOULD create a new
request, which is identical to the previous, but has a different
transaction ID (and consequently a different MESSAGE INTEGRITY and/or
FINGERPRINT attribute).

7.2. Indications

Indications are sent from the client to the server, or from the
server to the client. Though no indications are used by this
specification, they are used by the STUN relay usage [16]. When sent
over UDP, there are no retransmissions, and reliability is not
provided. When sent over TCP, reliability is provided by TCP.

Regardless of whether TCP or UDP was used for the indication, if a
failure occurs (due to a fatal ICMP error or TCP error), and the
client has other servers it can reach (as a consequence of an SRV
query which provides a multiplicity of STUN servers Section 8.1, for
example), the client SHOULD create a new indication, which is
identical to the previous, but has a different transaction ID (and
consequently a different MESSAGE INTEGRITY and/or FINGERPRINT
attribute).

8. Client Behavior

Client behavior can be broken down into several steps. The first is
discovery of the STUN server. The next is obtaining a shared secret.
For request/response transactions, the next steps are formulating the
request and processing the response. For indication transactions,
the next step is formulating the indication.

8.1. Discovery

Unless stated otherwise by a STUN usage, DNS is used to discover the
STUN server following these procedures.

The client will be configured with a domain name of the provider of
the STUN servers. This domain name is resolved to a transport
address using the SRV procedures specified in RFC2782 [3]. The
mechanism for configuring the STUN client with the domain name to
look up is not in scope of this document.

The DNS SRV service name depends on the application usage. For the
binding usage, the service name is "stun". The protocol can be "udp"
for UDP, "tcp" for TCP and "tls" for TLS over TCP. For the short
term password application usage, the service name is "stun-pass".
The protocol is always "tls" for TLS over TCP. The binding keepalive
usage always starts with a transport address, so no DNS SRV service
names are defined for it. New STUN usages MAY define additional DNS
SRV service names. These SHOULD start with "stun".

The procedures of RFC 2782 are followed to determine the server to
contact. RFC 2782 spells out the details of how a set of SRV records
are sorted and then tried. However, RFC2782 only states that the
client should "try to connect to the (protocol, address, service)"
without giving any details on what happens in the event of failure;
those details for STUN are described in Section 8.3.3.

A STUN server supporting multiple usages (such as the short term
password and binding discovery usage) MAY use the same ports for
different usages, as long as ports are not needed to differentiate
the usages. Different ports are not needed to differentiate the
usages defined in this specification. Different ports SHOULD be used
for TCP and TCP/TLS, so that the server can determine whether the
first message it will receive after the TCP connection is set up is a
STUN message or a TLS message.

The default port for STUN requests is 3478, for both TCP and UDP.
There is no default port for STUN over TLS. Administrators SHOULD
use this port in their SRV records for UDP and TCP, but MAY use
others. If no SRV records were found, the client performs an A or
AAAA record lookup of the domain name. The result will be a list of
IP addresses, each of which can be contacted at the default port
using UDP or TCP, independent of the STUN usage. For usages that
require TLS, such as the short term password usage, lack of SRV
records is equivalent to a failure of the transaction, since the
request or indication MUST NOT be sent unless SRV records provided a
transport address specifically for TLS.

8.2. Obtaining a Shared Secret

As discussed in Section 13, there are several attacks possible on
STUN systems. Many of these attacks are prevented through integrity
protection of requests and responses. To provide that integrity,
STUN makes use of a shared secret between client and server which is
used as the keying material for the MESSAGE-INTEGRITY attribute in
STUN messages. STUN allows for the shared secret to be obtained in
any way. The application usage defines the mechanism and required
implementation strength for shared secrets.

Some usages assume that out of band protocols are used to obtain the
necessary credentials. Other usages, such as binding keepalives,
don't use authentication, as it is not required. Others, such as the
binding discovery, allows for authentication using either a long term
shared secret or a short term shared secret. The latter can be
obtained by using the short term password usage to obtain a short
term shared secret.

Consequently, the STUN usages define rules for obtaining shared
secrets prior to sending a request.

8.3. Request/Response Transactions

8.3.1. Formulating the Request Message

The client follows the syntax rules defined in Section 6 and the
transmission rules of Section 7. The message class MUST be a
request.

The client creates a STUN message following the STUN message
structure described in Section 6. The client SHOULD add a MESSAGE-
INTEGRITY and USERNAME attribute to the Request message if the usage
employs authentication. The specific credentials to use are
described by the STUN usage, which can specify no credentials, a
short term credential, or a long term credential. The procedures for
each are:

1. If the STUN usage specifies that no credentials are used, the
message is sent without MESSAGE-INTEGRITY

2. If a short term credential is to be used, the STUN Request or
STUN Indication would contain the USERNAME and MESSAGE-INTEGRITY
attributes. The message MUST NOT contain the REALM attribute.
The key for MESSAGE-INTEGRITY is the password.

3. If a long term credential is to be used, the STUN request
contains the USERNAME, REALM, and MESSAGE-INTEGRITY attributes.
The 16-byte key for MESSAGE-INTEGRITY HMAC is formed by taking
the MD5 hash of the result of concatenating the following five
fields: (1) The username, with any quotes and trailing nulls
removed, (2) A single colon, (3) The realm, with any quotes and
trailing nulls removed, (4) A single colon, and (5) The password,
with any trailing nulls removed. For example, if the USERNAME
field were 'user', the REALM field were '"realm"', and the
PASSWORD field were 'pass', then the 16-byte HMAC key would be
the result of performing an MD5 hash on the string 'user:realm:

pass', or 0x8493fbc53ba582fb4c044c456bdc40eb.

This format for the key was chosen so as to enable a common
authentication database for SIP, which uses digest authentication
as defined in RFC 2617 [7] and STUN, as it is expected that
credentials are usually stored in their hashed forms.

The NONCE is included in the request only if a short or long term
credential is being used, and only if the STUN request is a retry as
a consequence of a previous error response which provided the client
with a NONCE.

For TCP and TLS-over-TCP, the client opens a TCP connection to the
server. The TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite MUST be
supported at a minimum by implementers when TLS is used with STUN.
Implementers MAY also support any other ciphersuite. When it
receives the TLS Certificate message, the client SHOULD verify the
certificate and inspect the site identified by the certificate. If
the certificate is invalid, revoked, or if it does not identify the
appropriate party, the client MUST NOT send the STUN message or
otherwise proceed with the STUN transaction. The client MUST verify
the identity of the server. To do that, it follows the
identification procedures defined in Section 3.1 of RFC 2818 [4].
Those procedures assume the client is dereferencing a URI. For
purposes of usage with this specification, the client treats the
domain name or IP address used in Section 8.1 as the host portion of
the URI that has been dereferenced. If DNS was not used, the client
MUST be configured with a set of authorized domains whose
certificates will be accepted.

When STUN is being multiplexed on the same transport address as
application data, and there are valid application layer data packets
which could be confused with STUN packets (because, for example, bits
32 through 63 can contain an arbitrary binary value which might be
equal to 0x2112A442), the FINGERPRINT attribute MUST be present.
Otherwise, its inclusion is RECOMMENDED.

Next, the client sends the request. For UDP-based requests,
reliability is accomplished through client retransmissions, following
the procedure in Section 7.1. For TCP (including TLS over TCP),
there are no retransmissions.

For TCP and TLS over TCP, the client MAY send multiple requests on
the connection. When using TCP or TLS over TCP, the client SHOULD
keep the connection open until it has no further requests to send,
and has no plans to use any resources (such as a mapped address or
relayed address [16]) learned though STUN requests sent over that
connection.

Regardless of the transport protocol, a client MAY pipeline requests
(that is, it can have multiple requests outstanding at the same
time).

8.3.2. Processing Responses

Once the client has received a response to its request that it did
not discard, it MUST discard any further responses for the same
request.

All responses that were not discarded, whether success responses or
error responses, MUST first be authenticated by the client.
Authentication is performed by first comparing the Transaction ID of
the response to an oustanding request. If there is no match, the
client MUST discard the response. Then the client SHOULD check the
response for a MESSAGE-INTEGRITY attribute. If not present, and the
client placed a MESSAGE-INTEGRITY attribute into the associated
request, it MUST discard the response. If MESSAGE-INTEGRITY is
present, the client computes the HMAC over the response as described
in Section 11.4. The key that is used MUST be same as used to
compute the MESSAGE-INTEGRITY attribute in the request. If the
client did not place a MESSAGE-INTEGRITY attribute into the request,
it MUST ignore the MESSAGE-INTEGRITY attribute in the response and
continue processing the response.

If the computed HMAC matches the one from the response, processing
continues.

If the response is an Error Response, the client checks the response
code from the ERROR-CODE attribute of the response. For a 400 (Bad
Request) response code, the client SHOULD display the reason phrase
to the user. For a 420 (Unknown Attribute) response code, the client
SHOULD retry the request, this time omitting any attributes listed in
the UNKNOWN-ATTRIBUTES attribute of the response.

If the client receives a 401 (Unauthorized) response and had not
included a MESSAGE-INTEGRITY attribute in the request, it is an
indication from the server that credentials are required. If the
REALM attribute was present in the response, it is a signal to the
client to use a long term shared secret and retry the request. The
client SHOULD retry the request, using the username and password
associated with the REALM (this username and password are assumed to
be pre-provisioned into the client through some other means). If the
REALM attribute was absent in the response, it is a signal to the
client to use a short term shared secret and retry the request. If
the client doesn't have a short term shared secret, it SHOULD use the
Shared Secret request to obtain one, and then retry the request with
the username and password obtained as a result.

If the client receives a 401 (Unauthorized) response but had included
a MESSAGE-INTEGRITY attribute in the request, there has been an
unrecoverable error. This shouldn't ever happen, but if it does, the
client SHOULD NOT retry the request.

If the client receives a 432 (Missing Username) response, and the
client had omitted the USERNAME from the request but included a
MESSAGE-INTEGRITY, the client SHOULD retry the request and include
both MESSAGE-INTEGRITY and USERNAME. If the client receives a 432
(Missing Username) but had included both MESSAGE-INTEGRITY and
USERNAME in the request, there has been an unrecoverable error. This
shouldn't ever happen, but if it does, the client SHOULD NOT retry
the request.

If the client receives a 435 (Missing Nonce) response, but had
included a NONCE in the request, an unrecoverable error has occurred
and the client SHOULD NOT retry. However, if it had omitted the
NONCE in the request and received a 435, or it had included the NONCE
but received a 438, it is a request from the server to retry using
the same credential, but with a different nonce. The client SHOULD
retry the request.

If the client receives a 430 (Stale Credentials) response, it means
that the client used a short term credential that has expired. If
the client had submitted the request using a short term credential
obtained from a Shared Secret request, the client SHOULD generate a
new Shared Secret request to obtain a new short term credential and
then retry the request with that credential. Note that the Shared
Secret request may or may not go to the same server which generated
the 430 (Stale Credentials) response; the server that receives the
Shared Secret request is determined by the DNS procedures defined
above. If a 430 (Stale Credentials) response was received and the
client had used a short term credential provided through some other
means, the client SHOULD obtain a new short term credential using
that mechanism. If the client had not used a short term credential
in the request, the 430 (Stale Credentials) error is unrecoverable
and the request SHOULD NOT be retried.

For a 431 (Integrity Check Failure) response code, the client SHOULD
alert the user, and if a short term credential obtained from a Shared
Secret request had been used previously, the client MAY try the
request again after obtaining a new short term username and password.

If the client receives a 433 (Use TLS) response, and the request was
a Shared Secret request which was not sent over TLS, the client
SHOULD retry the request, and MUST send it using TLS. If this
response is received to any other request except for a Shared Secret
request, or if the client had sent the Shared Secret request over
TLS, it is an unrecoverable error and the client SHOULD NOT retry.

If the client receives a 434 (Missing Realm) response, and had
omitted the REALM in the request, but had included MESSAGE-INTEGRITY,
it is an indication that, though a short-term credential was used for
the request, the server desires the client to use a long term
credential. The client SHOULD retry the request using the username
and password associated with the REALM. If the 434 (Missing Realm)
was received but the request had contained a REALM, and the REALM in
the response differs from the REALM in the request, the client SHOULD
retry using the username and password associated with the REALM in
the response. If the REALMS were equal, this is an unrecoverable
error and the client SHOULD NOT retry.

It the client receives a 436 (Unknown Username) response, it means
that the username it provided in the request is unknown. For usages
where the username was collected from the user, the client SHOULD
alert the user. The client SHOULD NOT retry with the same username.
If the username was obtained using the Shared Secret request, the
client SHOULD obtain a new credential and retry. However, if the
retries are repeatedly rejected with a 436 (Unknown Username), it
SHOULD cease retrying.

For error responses which can contain a NONCE, if the error response
results in a retry, the client MUST include the NONCE in a subsequent
retry. Furthermore, the client SHOULD cache the nonce, and continue
using it in subsequent requests sent to the same server, identified
by transport address.

For a 300 (Try Alternate) response code, the client SHOULD attempt a
new transaction to the server indicated in the ALTERNATE-SERVER
attribute. The client SHOULD reuse its credentials (username and
password) when retrying. This is useful for load balancing requests
across a STUN server cluster, when those requests require some amount
of resources to process. Though this specification allows the 300
(Try Alternate) response to be applied to Binding Requests, it is
generally not useful to do so, since the work of redirecting a
Binding Request is equal to, if not more than, the work of just
processing the Binding Request. Consequently, the 300 (Try
Alternate) response code is targeted for other usages of STUN, such
as the relay usage [16].

For a 500 (Server Error) response code, the client MAY wait several
seconds and then retry the request on the same server. Or, if the
server was learned through DNS SRV records, the client MAY try the
request on the next server in the list. The same username and
password MAY be used. For a 600 (Global Failure) response code,
client MUST NOT retry the request on this server, or if the server
was learned through DNS, any other server found through the DNS
resolution procedures.

Unknown response codes between 300 and 399 are treated like a 300.
Unknown response codes between 400 and 499 are treated like a 400,
unknown response codes between 500 and 599 are treated like a 500,
and unknown response codes between 600 and 699 are treated like a
600. Any response between 100 and 299 MUST result in the cessation
of request retransmissions, but otherwise is discarded.

Unknown optional attributes in a response (greater than 0x7FFF) MUST
be ignored by the STUN client. Responses containing unknown
mandatory attributions (less than or equal to 0x7FFF) MUST be
discarded and considered immediately as a failed transaction.

For a success response, the client SHOULD cache any nonce present in
the response, and continue using it in subsequent requests sent to
the same server, identified by transport address.

8.3.3. Timeouts

If the STUN transaction times out without receipt of a response, the
client SHOULD consider it a failure and retry the request to the next
server in the list of servers from the DNS SRV response, as specified
in RFC 2782.

8.4. Indication Transactions

This section applies to client and server behavior for sending an
Indication message.

The client or server follows the syntax rules defined in Section 6
and the transmission rules of Section 7. The message class MUST be
an indication.

Indication messages cannot be challenged or rejected. Consequently,
they cannot be authenticated using long term credentials. If a STUN
usage specifies that authentication is needed for an indication
message, it can only be done using a short term credential. In that
case, the client or server MUST add a MESSAGE-INTEGRITY and USERNAME
attribute to the Request message. The key for MESSAGE-INTEGRITY is
the password.

Otherwise, its inclusion is RECOMMENDED.

Typically, indication messages are sent to the same transport
address, or over the same TCP connections as a previous request
message. However, a usage can specify that indication messages are
sent based on a DNS query, in which case the discovery procedures in
Section 8.1 are followed, along with the TCP/TLS connection
establishment procedures defined in Section 8.3.1.

Indication message types are not sent reliably, do not elicit a
response from the server, and are not retransmitted.

For TCP and TLS over TCP, the client or server MAY send multiple
indications on the connection. When using TCP or TLS over TCP, the
client SHOULD close the connection as soon as it determines it has no
further messages to send to the server.

By definition, since indications do not generate a response, they can
be pipelined, regardless of the transport protocol.

9. Server Behavior

As with clients, server behavior depends on whether it is a request/
response transaction or indication.

9.1. Request/Response Transactions

9.1.1. Receive Request Message

A STUN server MUST be prepared to receive request messages on the
transport address that will be discovered by the STUN client when the
STUN client follows corresponds to its discovery procedures described in
Section 8.1. Depending on the usage, the STUN server will listen for
incoming UDP STUN messages, incoming TCP STUN messages, or incoming
TLS exchanges followed by TCP STUN messages.

If the request is a retransmission of private
IP address and port. It also provides a request way for which the server
has already generated an endpoint to keep
a response within the last 10 seconds, the
server MUST retransmit NAT binding alive. With some extensions, the response. A server protocol can be used
to do this either by
remembering the response it transmitted, connectivity checks between two endpoints
[I-D.ietf-mmusic-ice], or by re-processing the
request and computing the response. The latter technique can only be
applied to requests which are idempotent relay packets between two endpoints
[I-D.ietf-behave-turn].

In keeping with its toolkit nature, this specification defines an
extensible packet format, defines operation over several transport
protocols, and would result in the same
response provides for the same request. This two forms of authentication.

STUN is the case for the Binding
Request, but not for the Shared Secret Request. Extensions intended to STUN
SHOULD state whether their request types have this property be used in context of one or not.

When a more NAT traversal
solutions. These solutions are known as STUN request is received, the server determines the usage.

The usages describe usages. Each usage
describes how the STUN server makes this determination.

Based on the usage, is utilized to achieve the NAT traversal solution.
Typically, a usage indicates when STUN messages get sent, which
optional attributes to include, what server determines whether the request
requires any authentication is used, and message integrity checks. It can
require none, short-term credential based authentication, or long-
term credential authentication.

If what
authentication mechanism is required, the server checks for the presence to be used. Interactive Connectivity
Establishment (ICE) [I-D.ietf-mmusic-ice] is one usage of ICE. SIP
Outbound [I-D.ietf-sip-outbound] is another usage of ICE. In some
cases, a usage will require extensions to STUN. A STUN extension can
be in the MESSAGE-INTEGRITY attribute. If not present, the server
generates an form of new methods, attributes, or error response with an ERROR-CODE attribute and codes.
More information on STUN usages can be found in Section 13.

2. Evolution from RFC 3489

STUN was originally defined in RFC 3489 [RFC3489]. That
specification, sometimes referred to as "classic STUN", represented
itself as a
response code of 401 (Unauthorized). If the server wishes complete solution to the NAT traversal problem. In that
solution, a client
to use would discover whether it was behind a short term credential, the REALM is omitted from NAT,
determine its NAT type, discover its IP address and port on the
response. If
public side of the server wishes outermost NAT, and then utilize that IP address
and port within the client to use a long term
credential, body of protocols, such as the REALM is included in Session Initiation
Protocol (SIP) [RFC3261]. However, experience since the response containing publication
of RFC 3489 has found that classic STUN simply does not work
sufficiently well to be a realm
from which the username deployable solution. The address and password port
learned through classic STUN are scoped [7].

If the MESSAGE-INTEGRITY attribute was present, the server checks sometimes usable for
the existence of the USERNAME attribute. If communications
with a peer, and sometimes not. Classic STUN provided no way to
discover whether it would, in fact, work or not, and it provided no
remedy in cases where it did not. Furthermore, classic STUN's
algorithm for classification of NAT types was found to be faulty, as
many NATs did not present, fit cleanly into the
server MUST generate an error response. The error response MUST
include types defined there. Classic
STUN also had security vulnerabilities which required an ERROR-CODE attribute with a response code of 432 (Missing
Username). If extremely
complicated mechanism to address, and despite the server is using a long term credential for
authentication, complexity of the response MUST include
mechanism, were not fully remedied.

For these reasons, this specification obsoletes RFC 3489, and instead
describes STUN as a REALM. If the server tool that is
using a short-term credential, it MUST NOT include utilized as part of a REALM in the
response.

If the server complete NAT
traversal solution. ICE is using long term credentials a complete NAT traversal solutions for authentication, and
the request contained the MESSAGE-INTEGRITY and USERNAME attributes,
protocols based on the server checks offer/answer [RFC3264] methodology, such as
SIP. SIP Outbound is a complete solution for the existence traversal of the REALM attribute. If the
attribute SIP
signaling, and it uses STUN in a very different way. Though it is not present, the server MUST generate an error response.
That error response MUST include an ERROR-CODE attribute with
response code of 434 (Missing Realm). That error response MUST also
include
possible that a protocol may be able to use STUN by itself (classic
STUN) as a REALM attribute.

If the REALM attribute was present traversal solution, such usage is not described here and
is strongly discouraged for the server reasons described above.

The on-the-wire protocol described here is using changed only slightly from
classic STUN. The protocol now runs over TCP in addition to UDP.
Extensibility was added to the protocol in a long
term credential more structured way. A
magic-cookie mechanism for authentication, demultiplexing STUN with application
protocols was added by stealing 32 bits from the server checks 128 bit transaction
ID defined in RFC 3489, allowing the change to be backwards
compatible. Mapped addresses are encoded using a new exclusive-or
format. There are other, more minor changes. See Section 18 for a
more complete listing.

Due to the
existence change in scope, STUN has also been renamed from "Simple
Traversal of the NONCE attribute. If the NONCE attribute UDP Through NAT" to "Session Traversal Utilities for
NAT". The acronym remains STUN, which is not
present, the server MUST generate an error response. That error
response MUST include an ERROR-CODE attribute with a response code all anyone ever remembers
anyway.

3. Overview of
435 (Missing Nonce). That error response MUST include a REALM
attribute. If the NONCE was absent and the server Operation

This section is authenticating
with short term credentials, descriptive only.

/--------\
// STUN \\
| Agent |
\\ (server) //
\--------/

+----------------+ Public Internet
................| NAT 2 |.......................
+----------------+

+----------------+ Private NET 2
................| NAT 1 |.......................
+----------------+

/--------\
// STUN \\
| Agent |
\\ (client) // Private NET 1
\--------/

Figure 1: One possible STUN Configuration

One possible STUN configuration is shown in Figure 1. In this
configuration, there are two entities (called STUN agents) that
implement the server MAY generate an error
response with an ERROR-CODE attribute with a response code of 435
(Missing Nonce). STUN protocol. The lower agent in the figure is
connected to private network 1. This response MUST include a NONCE. If network connects to private
network 2 through NAT 1. Private network 2 connects to the NONCE
was present public
Internet through NAT 2. The upper agent in the request, but figure resides on the server has determined it
public Internet.

STUN is
stale, the server MUST generate an error response with an ERROR-CODE
attribute with a response code client-server protocol. It supports two types of 438 (Stale Nonce).

If the server
transactions. One is authenticating the a request/response transaction in which a
client sends a request with to a short term
credential, it checks the value of the USERNAME field. If the
USERNAME was previously valid but has expired, server, and the server generates
an error response with an ERROR-CODE attribute with returns a response code
of 430 (Stale Credentials). If the server
response. The second is authenticating with
either short or long term credentials, it determines whether the
USERNAME contains a known entity, and an indication transaction in the case of which a long-term
credential, known within the realm of the REALM attribute of the
request. If client
sends an indication to the USERNAME is unknown, server and the server generates an error
response with an ERROR-CODE attribute with a response code does not respond.
Both types of 436
(Unknown Username). For authentication using long-term credentials,
that error response MUST transactions include a REALM attribute. For
authentication using short-term credentials, it MUST NOT include transaction ID, which is a
REALM.

At
randomly selected 96-bit number. For request/response transactions,
this point, if the server is doing authentication, the request
contains everything needed for that purpose. The server computes the
HMAC over the request as described in Section 11.4. The key depends
on transaction ID allows the credential. For short-term credentials, it equals client to associate the
password associated response with
the username. For long term credentials, it
is computed request that generated it; for indications, this simply serves as described in Section 8.3.1.

If
a debugging aid.

All STUN messages start with a fixed header that includes a method, a
class, and the computed HMAC differs from transaction ID. The method indicates which of the
various requests or indications this is; this specification defines
just one from the MESSAGE-INTEGRITY
attribute method, Binding, but other methods are expected to be
defined in the other documents. The class indicates whether this is a
request, the server MUST generate a (success) response, an error response
with response, or an ERROR-CODE attribute with a response code of 431 (Integrity
Check Failure). If long term credentials indication.
Following the fixed header comes zero or more attributes, which are being used
type-length-value extensions that convey additional information for
authentication, this response MUST include
the specific message.

This document defines a REALM attribute. If
short term credentials are being used, it MUST NOT include single method called Binding. The Binding
method can be used either in request/response transactions or in
indication transactions. When used in request/response transactions,
the Binding method can be used to determine the particular "binding"
a NAT has allocated to a REALM. STUN client. When an error used in either request/
response or in indication transactions, the Binding method can also
be used to keep these "bindings" alive.

In the Binding request/response transaction, a Binding Request is
sent from a STUN client to be generated by a STUN server. When the Binding Request
arrives at the STUN server, it may have passed through one or more
NATs between the STUN client and the STUN server as (in Figure 1, there
were two such NATs). As the Binding Request message passes through a
consequence of authentication problems (error codes 401, 432, 434,
435, 430 and 436, and
NAT, the REALM is present in NAT will modify the response
(signifying source transport address (that is, the usage
source IP address and the source port) of the packet. As a long term credential), result,
the source transport address of the request received by the server MUST
include a NONCE attribute in
will be the response. The nonce includes public IP address and port created by the NAT closest to
the server. This is called a
random value reflexive transport address. The STUN
server copies that source transport address into an XOR-MAPPED-
ADDRESS attribute in the server wishes STUN Binding Response and sends the client Binding
Response back to reflect the the STUN client. As this packet passes back in
through a
subsequent request (and therefore include in NAT, the message integrity
computation). When NAT will modify the REALM is absent destination transport address,
but the transport address in the response, XOR-MAPPED-ADDRESS attribute within
the server
MAY include a NONCE in body of the STUN response if it wishes to use nonces along will remain untouched. In this way,
the client can learn its reflexive transport address allocated by the
outermost NAT with short-term shared secrets (with respect to the exception of 435, where
NONCE is mandatory even for short term credentials). However, STUN server.

In some usages, STUN must be multiplexed with other protocols (e.g.,
[I-D.ietf-mmusic-ice], [I-D.ietf-sip-outbound]). In these usages,
there
is little reason must be a way to do so, since the short-term password is, by
definition, short-term, inspect a packet and thus additional temporal scoping through determine if it is a STUN
packet or not. STUN provides two fields in the nonce STUN header with
fixed values that can be used for this purpose. If this is not needed.

At this point,
sufficient, then STUN packets can also contain a FINGERPRINT value
which can further be used to distinguish the request packets.

STUN has been optional mechanisms for providing authentication checked and message
integrity verified.

If when required. These mechanisms revolve around the method use of
a username, password, and message-integrity value. Two of these
mechanisms, the request is unknown to long-term credential mechanism and the server, it MUST
generate an error response which includes an ERROR-CORE attribute short-term
credential mechanism, are defined in this specification. Each usage
specifies the mechanisms allowed with a 400 response code.

Next, that usage.

In the server MUST check for any mandatory attributes in short-term credential mechanism, the
request (values less than or equal to 0x7fff) which it does not
understand. If it encounters any, client and the server MUST generate an error
response, and it MUST include an ERROR-CODE attribute with
exchange a 420
response code. Any attributes that are known, but are not supposed username and password through some out-of-band method
prior to be present the STUN exchange. For example, in the ICE usage
[I-D.ietf-mmusic-ice] the two endpoints use out-of-band signaling to
exchange a message (MAPPED-ADDRESS username and password. The client then includes the
username and a message-integrity value in the request message, where
the message-integrity value is computed as a request, for example)
MUST be ignored.

9.1.2. Constructing cryptographic hash of
the Response

To construct message contents and the STUN Response password. If the STUN server follows the message
structure described in Section 6. The message type MUST indicate
either replies with a
success response, then the response or error response class and MUST indicate will include a message-integrity
value (computed using the same method as the request. The server MUST copy the transaction
ID from username and password), but the request to
username is not included. Error responses are not message-integrity
protected.

In the response.

The attributes that get added to long-term credential mechanism, the client and server share a
pre-provisioned username and password and perform a digest challenge/
response depend on exchange inspired by (but differing in details) to the type of
response. See Figure 5 one
defined for a summary.

If HTTP [RFC2617]. Initially, the response is client sends a request
message (e.g., a type which can carry either MAPPED-ADDRESS or
XOR-MAPPED-ADDRESS (the Binding Response as defined in this
specification meets that criteria), the Request) without any username or message-
integrity value included. The server examines the magic
cookie in replies with an error response
indicating that the STUN header. If it has request must be authenticated. This error
response includes a realm value and a nonce value. The client then
uses the realm value 0x2112A442, to help it
indicates that select a username and password (for
example, the client supports this version of the specification.
The server MUST insert might have a XOR-MAPPED-ADDRESS into the response,
carrying the exclusive-or number of the source transport address username and magic
cookie. If password
combinations stored, each one keyed by a different realm value). The
client then retries the magic cookie did not have request, this value, it indicates
that time including the client supports realm, the previous version of this specification.
The server MUST insert a MAPPED-ADDRESS attribute into
username, the response,
carrying nonce, and a message-integrity value in the souce transport address from request,
where the request. Insertion of
either XOR-MAPPED-ADDRESS or MAPPED-ADDRESS happens regardless message-integrity value is computed as a cryptographic hash
of the
transport protocol used for the request.

XOR-MAPPED-ADDRESS message contents and MAPPED-ADDRESS differ only in their encoding
of the transport address. password. The former, as implied nonce is provided by
the name,
encodes the transport address server and merely echoed by exclusive-or'ing them with the magic
cookie. The latter encodes them directly in binary. RFC 3489
originally specified only MAPPED-ADDRESS. However, deployment
experience found that some NATs rewrite the 32-bit binary payloads
containing client into the NAT's public IP address, request. It is
chosen by the server such as STUN's MAPPED-ADDRESS
attribute, in that it encodes information about the well-meaning but misguided
client, the time-of-day, or other parameters. In this way, if an
attacker should attempt at providing a
generic ALG function. Such behavior interferes with to replay the operation of
STUN and also causes failure of STUN's message integrity checking.

If request, the request contained server would find
the MESSAGE-INTEGRITY attribute, nonce invalid, and then reject the request. If the server
MUST include
replies with a MESSAGE-INTEGRITY attribute in success response, then the response will include a successful response.

The MESSAGE-INTEGRITY attribute MUST use
message-integrity value (computed using the same username and
password used
password), but realm, username, and nonce are not included. Error
responses are not message-integrity protected. If the client has
further requests to authenticate send, it can try to reuse the request. same username,
realm, and nonce values. If long term credentials
were used, the server does not accept them, it will
reply with an error response MUST include a NONCE. For short term
credentials, giving a NONCE MAY realm and nonce value again.

4. Terminology

In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are to be included.

The server SHOULD include a SERVER attribute interpreted as described in all responses,
indicating the identity of the server generating the response. This
is useful BCP 14, RFC 2119
[RFC2119] and indicate requirement levels for diagnostic purposes.

When compliant STUN is being multiplexed on
implementations.

5. Definitions

STUN Agent: An entity that implements the same transport address STUN protocol. Agents can
act as STUN clients for some transactions and as
application data, and there are valid application layer data packets
which could be confused with STUN packets (because, servers for example, bits
32 through 63 can contain an arbitrary binary value which might be
equal to 0x2112A442), the FINGERPRINT attribute MUST be present
other transactions.

STUN Client: A logical role in the response. Otherwise, its inclusion STUN protocol. A STUN client
sends STUN requests or STUN indications, and receives STUN
responses. The term "STUN client" is RECOMMENDED.

In cases where the server cannot handle the request, due also used colloquially to
refer to
exhaustion of resources, the server MAY generate a 300 response with
an ALTERNATE-SERVER attribute. This attribute identifies an
alternate server which can service the requests. It is not expected STUN agent that 300 responses or this attribute would be used by the methods
defined only acts as a STUN client.

STUN Server: A logical role in this specification.

9.1.3. Sending the Response

All UDP response messages are sent STUN protocol. A STUN server
receives STUN requests or STUN indications and sends STUN
responses. The term "STUN server" is also used colloquially to the transport
refer to a STUN agent that only acts as a STUN server.

Transport Address: The combination of an IP address the
associated Binding Request came from, and sent from the transport
address the Binding Request was sent to. All TCP port number
(such as a UDP or TLS over TCP
responses messages are sent on the TCP connections port number).

Reflexive Transport Address: A transport address learned by a client
that the request
arrived on.

9.2. Indication Transactions

Indication messages cause the server to change its state. Indication
message types do not cause the server to send identifies that client as seen by another host on an IP
network, typically a response message.

A STUN server MUST be prepared to receive indication messages on server. When there is an intervening
NAT between the client and the other host, the reflexive transport
address that will be discovered by represents the STUN client when mapped address allocated to the
STUN client follows its discovery procedures described in
Section 8.1. Depending on
the usage, public side of the STUN server will listen for
incoming UDP STUN messages, incoming TCP STUN messages, NAT. Reflexive transport addresses are
learned from the mapped address attribute (MAPPED-ADDRESS or incoming
TLS exchanges followed by TCP STUN messages.

When a XOR-
MAPPED-ADDRESS) in STUN indication responses.

Mapped Address: Same meaning as Reflexive Address. This term is received,
retained only for for historic reasons and due to the server determines naming of
the usage.
The usages describe how MAPPED-ADDRESS and XOR-MAPPED-ADDRESS attributes.

Long Term Credential: A username and associated password that
represent a shared secret between client and server. Long term
credentials are generally granted to the STUN server makes this determination.

Based on client when a subscriber
enrolls in a service and persist until the usage, subscriber leaves the server determines whether
service or explicitly changes the indication
requires any authentication credential.

Long Term Password: The password from a long term credential.

Short Term Credential: A temporary username and message integrity checks. It can
require none or short-term credential based authentication. If
short-term associated password
which represent a shared secret between client and server. Short
term credentials are utilized, obtained through some kind of protocol
mechanism between the server follows client server, preceding the same
procedures as defined in Section 9.1.1, but if those procedures
require transmission STUN exchange.
A short term credential has an explicit temporal scope, which may
be based on a specific amount of time (such as 5 minutes) or on an error response, the server MUST instead
silently discard the indication.

Once authenticated (if authentication was in use), the processing
event (such as termination of a SIP dialog). The specific scope
of a short term credential is defined by the indication message depends on the method. This specification
doesn't define any indication messages.

10. Demultiplexing application usage.

Short Term Password: The password component of a short term
credential.

STUN Indication: A STUN message that does not receive a response

Attribute: The STUN term for a Type-Length-Value (TLV) object that
can be added to a STUN message. Attributes are divided into two
types: comprehension-required and Application Traffic

In the binding refresh usage, comprehension-optional. STUN traffic is multiplexed on the same
transport address as application traffic, such
agents can safely ignore comprehension-optional attributes they
don't understand, but cannot successfully process a message if it
contains comprehension-required attributes that are not
understood.

RTO: Retransmission TimeOut

6. STUN Message Structure

STUN messages are encoded in binary using network-oriented format
(most significant byte or octet first, also commonly known as RTP. In big-
endian). The transmission order to
apply the processing is described in this specification, STUN messages
must first be separated from the application packets. This
disambiguation is done identically for all message types.

First, all detail in Appendix B
of RFC791 [RFC0791]. Unless otherwise noted, numeric constants are
in decimal (base 10).

All STUN messages MUST start with two bits equal to zero. If a 20-byte header followed by zero
or more Attributes. The STUN header contains a STUN message type,
magic cookie, transaction ID, and message length.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0| STUN Message Type | Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Magic Cookie |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Transaction ID (96 bits) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 2: Format of STUN
is being multiplexed with application traffic where it is known that
the topmost Message Header

The most significant two bits are never zeroes, the presence of these two
zeroes signals every STUN traffic.

If this mechanism doesn't suffice, the magic cookie message MUST be zeroes.
This can be used. All used to differentiate STUN messages have the value 0x2112A442 as the second 32 bit word.
If the application traffic can not have this value as the second 32
bit word, then any packets with this value are from other protocols
when STUN packets. Even if is multiplexed with other protocols on the application packet can have this value (for example, in cases
where same port.

The message type defines the application packets contain random binary data), there is
only a one in 2^32 chance that an application packet will have a
value message class (request, success
response, failure response, or indication) and the message method
(the primary function) of 0x2112A442 in its second 32 bit word. If this probability
is deemed sufficiently small for the application at hand (for
example, it is considered adequate for Voice over IP applications),
then any packet with this value in its second 32 bit word is
processed as a STUN packet.

However, a mis-classification message. Although there are four
message classes, there are only two types of 1 transactions in 2^32 may still be too high for
some usages STUN:
request/response transactions (which consist of STUN. Consequently, STUN messages can contain a
FINGERPRINT attribute. This is a cryptographic hash over the
message, covering everything prior to the attribute. This attribute
is different from MESSAGE-INTEGRITY. The latter uses a keyed HMAC, request message and thus requires
a shared secret. FINGERPRINT does not use response message), and indication transactions (which consists a
password,
single indication message). Response classes are split into error
and can be computed just by examining success responses to aid in quickly processing the STUN message.
Thus, if a packet appears to be a STUN

The message because it has a value type field is decomposed further into the following
structure:

+--+--+-+-+-+-+-+-+-+-+-+-+-+-+
|M |M |M|M|M|C|M|M|M|C|M|M|M|M|
|11|10|9|8|7|1|6|5|4|0|3|2|1|0|
+--+--+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 3: Format of 0x2112A442 STUN Message Type Field

Here the bits in its second 32 bit word, a client or server then
assumes the message is type field are shown as most-significant
(M11) through least-significant (M0). M11 through M0 represent a STUN message, and computes the value for the
fingerprint. It then looks for the FINGERPRINT attribute in 12-
bit encoding of the
message, method. C1 and if the value equals the computed value, C0 represent a 2 bit encoding of
the message class. A class of 0b00 is
considered to be a STUN message. If not, it Request, a class of 0b01 is considered to be an
application packet.

11. STUN Attributes

To allow future revisions
indication, a class of this 0b10 is a success response, and a class of
0b11 is an error response. This specification to add new attributes
if needed, the attribute space defines a single
method, Binding. The method and class are orthogonal, so that four
each method, a request, success response, error response and
indication are defined for that method.

For example, a Binding Request has class=0b00 (request) and
method=0b000000000001 (Binding), and is divided encoded into optional the first 16
bits as 0x0001. A Binding response has class=0b10 (success response)
and mandatory
ones. Attributes with method=0b000000000001, and is encoded into the first 16 bits as
0x0101.

Note: This unfortunate encoding is due to assignment of values greater than 0x7fff are optional, in
[RFC3489] which
means that did not consider encoding Indications, Success,
and Errors using bit fields.

The magic cookie field MUST contain the message can be processed by fixed value 0x2112A442 in
network byte order. In RFC 3489 [RFC3489], this field was part of
the transaction ID; placing the client or magic cookie in this location allows
a server even
though the attribute is not understood. Attributes with values less
than or equal to 0x7fff are mandatory to understand, which means that detect if the client or server cannot successfully process the message unless will understand certain attributes
that were added in this revised specification. In addition, it understands the attribute.

The values aids
in distinguishing STUN packets from packets of other protocols when
STUN is multiplexed with those other protocols on the message attributes are enumerated in Section 15. same port.

The following figure indicates which attributes are present transaction ID is a 96 bit identifier, used to uniquely identify
STUN transactions. The transaction ID is chosen by the STUN client.
It primarily serves to correlate requests with responses, though it
also plays a small role in which
messages. An M indicates that inclusion helping to prevent certain types of
attacks. As such, the attribute in transaction ID MUST be uniformly and randomly
chosen from the
message is mandatory, O means its optional, C means it's conditional
based on some other aspect interval 0 .. 2**96-1. Resends of the message, and - means that same request
reuse the
attribute same transaction ID, but the client MUST choose a new
transaction ID for new transactions unless the new request is not applicable bit-
wise identical to that message type.

Error
Attribute Request Response Response Indication
_______________________________________________________
MAPPED-ADDRESS - C - -
USERNAME C - - O
PASSWORD - C - -
MESSAGE-INTEGRITY O C C O
ERROR-CODE - - M -
ALTERNATE-SERVER - - C -
REALM C - C -
NONCE C - C -
UNKNOWN-ATTRIBUTES - - C -
XOR-MAPPED-ADDRESS - C - -
SERVER - O O O
REFRESH-INTERVAL - O - -
FINGERPRINT O O O O

Figure 5: Mandatory Attributes the previous request and Message Types

11.1. MAPPED-ADDRESS

The MAPPED-ADDRESS attribute indicates sent from the mapped same
transport address.
It consists of an eight bit address family, and a sixteen bit port,
followed by a fixed length value representing to the same IP address. If Success and error
responses MUST carry the
address family same transaction ID as their corresponding
request. When an agent is IPv4, acting as a STUN server and STUN client on
the address is 32 bits, same port, the transaction IDs in network byte
order. If requests sent by the address family is IPv6, agent have
no relationship to the address is 128 bits transaction IDs in
network byte order. requests received by the
agent.

The format of message length MUST contain the MAPPED-ADDRESS attribute is:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|x x x x x x x x| Family | Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address (variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 6: Format size, in bytes, of MAPPED-ADDRESS attribute

The address family can take on the following values:

0x01:IPv4
0x02:IPv6

The port is a network message
not including the 20 byte ordered representation STUN header. Since all STUN attributes are
padded to a multiple of four bytes, the port the
request arrived from.

The first 8 last two bits of the MAPPED-ADDRESS this field
are ignored for always zero. This provides another way to distinguish STUN
packets from packets of other protocols.

Following the purposes STUN fixed portion of aligning parameters on natural 32 bit boundaries.

It is possible for an IPv4 host to receive a MAPPED-ADDRESS
containing an IPv6 address, the header are zero or for an IPv6 host to receive a MAPPED-
ADDRESS containing an IPv4 address. Clients MUST be prepared for
this case.

11.2. USERNAME

The USERNAME more
attributes. Each attribute is used for message integrity. It identifies
the shared secret used in TLV (type-length-value) encoded. The
details of the message integrity check. Consequently, encoding, and of the USERNAME MUST be included attributes themselves is given in any request that contains
Section 14.

7. Base Protocol Procedures

This section defines the
MESSAGE-INTEGRITY attribute.

The USERNAME is base procedures of the STUN protocol. It
describes how messages are formed, how they are sent, and how they
are processed when they are received. It also always present in a Shared Secret Response,
along with defines the PASSWORD, which informs a client detailed
processing of the Binding method. Other sections in this document
describe optional procedures that a short term
password.

The value of USERNAME is usage may elect to use in certain
situations. Other documents may define other extensions to STUN, by
adding new methods, new attributes, or new error response codes.

7.1. Forming a variable length opaque value. Note that,
as described above, if the USERNAME is not Request or an Indication

When formulating a multiple of four bytes
it is padded for encoding into the STUN request or indication message, in which case the
attribute length represents client MUST
follow the length of rules in Section 6 when creating the USERNAME prior to
padding.

11.3. PASSWORD

If header. In addition,
the message type is Shared Secret Response it class MUST include be either "Request" or "Indication" (as
appropriate), and the
PASSWORD attribute.

The value of PASSWORD is a variable length opaque value. The
password returned method must be either Binding or some method
defined in another document.

The client then adds any attributes specified by the Shared Secret Response is used as method or the
usage. For example, some usages may specify that the HMAC
key in client use an
authentication method (Section 10) or the MESSAGE-INTEGRITY FINGERPRINT attribute of a subsequent STUN
transaction. Note that, as described above, if the USERNAME is not a
multiple of four bytes it is padded for encoding into
(Section 8).

For the STUN
message, in which case Binding method with no authentication, no attributes are
required unless the attribute length represents usage specifies otherwise.

7.2. Sending the length of Request or Indication

The client then sends the USERNAME prior request to padding.

11.4. MESSAGE-INTEGRITY

The MESSAGE-INTEGRITY attribute contains an HMAC-SHA1 [10] of the server. This document
specifies how to send STUN message. The MESSAGE-INTEGRITY attribute can messages over UDP, TCP, or TLS-over-TCP;
other transport protocols may be present added in any
STUN message type. Since it uses the SHA1 hash, the HMAC will be 20
bytes. future. The text used as input to HMAC STUN usage
must specify which transport protocol is used, and how the STUN message, including client
determines the header, up to IP address and including the attribute preceding port of the MESSAGE-
INTEGRITY attribute. That text is then padded with zeroes so as to
be server. Section 9
describes a multiple DNS-based method of 64 bytes. As a result, the MESSAGE-INTEGRITY
attribute is either the last attribute, or determining the next IP address and port
of a server which a usage may elect to last attribute
in use.

At any time, a client MAY have multiple outstanding STUN message (depending on whether FINGERPRINT is present).
With the exception of requests
with the FINGERPRINT attribute, which appears after
MESSAGE-INTEGRITY, elements MUST ignore all other attributes same STUN server (that is, multiple transactions in
progress, with different transaction ids).

7.2.1. Sending over UDP

When running STUN over UDP it is possible that
follow MESSAGE-INTEGRITY.

The key used as input to HMAC depends on the STUN usage and the
shared secret mechanism.

11.5. FINGERPRINT

The FINGERPRINT attribute can message might
be present in all dropped by the network. Reliability of STUN messages. It request/response
transactions is
computed as the CRC-32 accomplished through retransmissions of the STUN request
message up to (but excluding) by the
FINGERPRINT attribute itself, xor-d client application itself. STUN indications are not
retransmitted; thus indication transactions over UDP are not
reliable.

A client SHOULD retransmit a STUN request message starting with the 32 bit value 0x5354554e
(the XOR helps in cases where an application packet is also using
CRC-32 in it).
interval of RTO ("Retransmission TimeOut"), doubling after each
retransmission. The 32 bit CRC RTO is an estimate of the one defined round-trip-time, and
is computed as described in ITU V.42 [9],
which has a generator polynomial of x32+x26+x23+x22+x16+x12+x11+x10+
x8+x7+x5+x4+x2+x+1. When present, RFC 2988 [RFC2988], with two exceptions.
First, the FINGERPRINT attribute MUST initial value for RTO SHOULD be configurable (rather than
the last attribute in the message.

11.6. ERROR-CODE

The ERROR-CODE attribute is present 3s recommended in the Binding Error Response and
Shared Secret Error Response. It is RFC 2988). In fixed- line access links, a numeric
value in of 100ms is RECOMMENDED. Secondly, the range value of
100 RTO MUST NOT
be rounded up to 699 plus the nearest second. Rather, a textual reason phrase encoded in UTF-8, and is
consistent in its code assignments and semantics with SIP [11] and
HTTP [12]. The reason phrase is meant for user consumption, and can 1ms accuracy MUST be anything appropriate for the response code. Recommended reason
phrases for the defined response codes are presented below.

To facilitate processing,
maintained. As with TCP, the class usage of the error code (the hundreds
digit) Karn's algorithm is encoded separately
RECOMMENDED. When applied to STUN, it means that RTT estimates
SHOULD NOT be computed from STUN transactions which result in the rest
retransmission of the code.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0 |Class| Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reason Phrase (variable) ..
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ a request.

The class represents value for RTO SHOULD be cached by an client after the hundreds digit completion
of the response code. transaction, and used as the starting value for RTO for the
next transaction to the same server (based on equality of IP
address). The value MUST SHOULD be between 1 considered stale and 6. The number represents the discarded after
10 minutes.

Retransmissions continue until a response
code modulo 100, and its value MUST is received, or until a
total of 7 requests have been sent. If, after the last request, a
duration equal to 16 times the RTO has passed without a response, the
client SHOULD consider the transaction to have failed. A STUN
transaction over UDP is also considered failed if there has been a
transport failure of some sort, such as a fatal ICMP error. For
example, assuming an RTO of 100ms, requests would be between 0 sent at times
0ms, 100ms, 300ms, 700ms, 1500ms, 3100ms, and 99. 6300ms. If the reason phrase client
has a length that is not received a multiple of four
bytes, it is padded for encoding into response after 7900ms, the STUN message, in which case client will consider
the attribute length represents transaction to have timed out.

7.2.2. Sending over TCP or TLS-over-TCP

For TCP and TLS-over-TCP, the length client opens a TCP connection to the
server.

In some usage of STUN, STUN is sent as the entire ERROR-CODE
attribute (including only protocol over the reason phrase) prior to padding.

The following response codes, along with their recommended reason
phrases (in brackets) are defined at this time:

300 (Try Alternate): The client should contact an alternate server
for TCP
connection. In this request.

400 (Bad Request): The request was malformed. The client should not
retry the request case, it can be sent without modification from the previous
attempt.

401 (Unauthorized): The request did not contain a MESSAGE-INTEGRITY
attribute.

420 (Unknown Attribute): The server did not understand a mandatory
attribute in the request.

430 (Stale Credentials): The request did contain a MESSAGE-INTEGRITY
attribute, but aid of any
additional framing or demultiplexing. In other usages, or with other
extensions, it used may be multiplexed with other data over a shared secret TCP
connection. In that has expired. The
client should obtain a new shared secret and try again.

431 (Integrity Check Failure): The request contained a MESSAGE-
INTEGRITY attribute, but the HMAC failed verification. This
could case, STUN MUST be a sign run ontop of a potential attack, some kind of
framing protocol, specified by the usage or client implementation
error.

432 (Missing Username): The request contained a MESSAGE-INTEGRITY
attribute, but not a USERNAME attribute. Both USERNAME and
MESSAGE-INTEGRITY must be present extension, which allows
for integrity checks.

433 (Use TLS): The Shared Secret request has the agent to extract complete STUN messages and complete
application layer messages.

For TLS-over-TCP, the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite MUST
be sent over TLS,
but was not received over TLS.

434 (Missing Realm): The REALM attribute was not present in supported at a minimum. Implementations MAY also support any
other ciphersuite. When it receives the
request.

435 (Missing Nonce): The NONCE attribute was not present in TLS Certificate message, the
request.

436 (Unknown Username): The USERNAME supplied in
client SHOULD verify the request certificate and inspect the site identified
by the certificate. If the certificate is not
known invalid, revoked, or is if it
does not known to identify the server.

438 (Stale Nonce): appropriate party, the client MUST NOT send the
STUN message or otherwise proceed with the STUN transaction. The NONCE attribute was present
client MUST verify the identity of the server. To do that, it
follows the identification procedures defined in Section 3.1 of RFC
2818 [RFC2818]. Those procedures assume the request
but wasn't valid.

500 (Server Error): The server has suffered a temporary error. The client should try again.

600 (Global Failure): The server is refusing to fulfill dereferencing
a URI. For purposes of usage with this specification, the request.
The client should
treats the domain name or IP address used in Section 8.1 as the host
portion of the URI that has been dereferenced. If DNS was not retry.

11.7. REALM

The REALM attribute used,
the client MUST be configured with a set of authorized domains whose
certificates will be accepted.

Reliability of STUN over TCP and TLS-over-TCP is present in requests handled by TCP
itself, and responses. It
contains text which meets there are no retransmissions at the grammar STUN protocol level.
However, for "realm" as described in RFC
3261 [11], and will thus contain a quoted string (including the
quotes).

Presence of request/response transaction, if the REALM attribute in client has not
received a request indicates that long-term
credentials are being used response after 7900ms, it considers the transaction to
have timed out. This value has been chosen to equalize the TCP and
UDP timeouts for authentication. Presence in certain
error responses indicates that the server wishes default initial RTO.

In addition, if the client is unable to use a
long-term credential for authentication.

11.8. NONCE

The NONCE attribute establish the TCP connection,
or the TCP connection is present in requests and in error responses.
It contains a sequence of qdtext reset or quoted-pair, which are defined in
RFC 3261 [11]. See RFC 2617 [7] for guidance on selection of nonce
values in fails before a server.

11.9. UNKNOWN-ATTRIBUTES

The UNKNOWN-ATTRIBUTES attribute is present only in an error response
when the response code is
received, any request/response transaction in the ERROR-CODE attribute progress is 420. considered
to have failed

The attribute contains client MAY send multiple transactions over a list of 16 bit values, each of which
represents an attribute type that was not understood by the server.
If the number of unknown attributes is an odd number, one of single TCP (or TLS-
over-TCP) connection, and it MAY send another request before
receiving a response to the
attributes MUST be repeated in previous. The client SHOULD keep the list, so
connection open until it

o has no further STUN requests or indications to send over that the total length of
the list is a multiple of 4 bytes.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute 1 Type | Attribute 2 Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute 3 Type | Attribute 4 Type ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 9: Format of UNKNOWN-ATTRIBUTES attribute

11.10. XOR-MAPPED-ADDRESS

The XOR-MAPPED-ADDRESS attribute
connection, and;

o has no plans to use any resources (such as a mapped address
(MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) or relayed address
[I-D.ietf-behave-turn]) that were learned though STUN requests
sent over that connection, and;

o if multiplexing other application protocols over that port, has
finished using that other application, and;

o if using that learned port with a remote peer, has established
communications with that remote peer, as is present in responses. It
provides required by some TCP
NAT traversal techniques (e.g., [I-D.ietf-mmusic-ice-tcp]).

At the same information that would present in server end, the MAPPED-
ADDRESS attribute but because server SHOULD keep the NAT's public IP address is
obfuscated through connection open, and
let the XOR function, STUN messages are able client close it. If a server becomes overloaded and needs to pass
through NATs
close connections to free up resources, it SHOULD close an existing
connection rather than reject new connection requests. The server
SHOULD NOT close a connection if a request was received over that
connection for which would otherwise interfere with STUN.

This attribute a response was not sent. A server MUST always be present in NOT ever
open a Binding Response and may
be used connection back towards the client in other responses as well. Usages defining new requests and
responses should specify if XOR-MAPPED-ADDRESS is applicable order to their
responses.

The format of the XOR-MAPPED-ADDRESS is:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|x x x x x x x x| Family | X-Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| X-Address (Variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 10: Format send a
response.

7.3. Receiving a STUN Message

This section specifies the processing of XOR-MAPPED-ADDRESS Attribute a STUN message. The Family represents the IP address family, and
processing specified here is encoded
identically for STUN messages as defined in this
specification; additional rules for backwards compatibility are
defined in in Section 12. Those additional procedures are optional,
and usages can elect to utilize them. First, a set of processing
operations are applied that are independent of the Family in MAPPED-ADDRESS.

X-Port class. This is
followed by class-specific processing, described in the mapped port, exclusive or'd with most significant 16
bits subsections
which follow.

When a STUN agent receives a STUN message, it first checks that the
message obeys the rules of Section 6. It checks that the first two
bits are 0, that the magic cookie. If cookie field has the IP address family correct value, that
the message length is IPv4,
X-Address sensible, and that the method value is a
supported method. If the message-class is Success Response or Error
Response, the mapped IP address exclusive or'd with agent checks that the magic
cookie. transaction ID matches a
transaction that is still in progress. If the IP address family FINGERPRINT extension
is IPv6, being used, the X-Address agent checks that the FINGERPRINT attribute is
present and contains the
mapped IP address exclusively or'ed with correct value. If any errors are detected,
the magic cookie and message is silently discarded. In the 96-
bit transaction ID.

For example, using case when STUN is being
multiplexed with another protocol, an error may indicate that this is
not really a STUN message; in this case, the "^" character agent should try to indicate exclusive or, if
parse the message as a different protocol.

The STUN agent then does any checks that are required by a
authentication mechanism that the usage has specified (see
Section 10.

Once the
IP address is 192.168.1.1 (0xc0a80101) and authentication checks are done, the port is 5555 (0x15B3), STUN agent checks for
unknown attributes and known-but-unexpected attributes in the X-Port would
message. Unknown comprehension-optional attributes MUST be 0x15B3 ^ 0x2112 = 0x34A1, and ignored
by the X-Address would agent. Known-but-unexpected attributes SHOULD be 0xc0a80101 ^ 0x2112A442 = 0xe1baa543.

It ignored by
the agent. Unknown comprehension-required attributes cause
processing that depends on the message-class and is possible for an IPv4 host to receive described below.

At this point, further processing depends on the message class of the
request.

7.3.1. Processing a XOR-MAPPED-ADDRESS
containing an IPv6 address, Request

If the request contains one or for more unknown comprehension-required
attributes, the server replies with an IPv6 host to receive a XOR-
MAPPED-ADDRESS containing error response with an IPv4 address. Clients MUST be prepared
for this case.

11.11. SERVER

The server attribute contains a textual description error
code of 420 Unknown attributes, and includes an UNKNOWN-ATTRIBUTES
attribute in the software
being used by response that lists the server, including manufacturer and version number. unknown comprehension-
required attributes.

The attribute has no impact on operation of server then does any additional checking that the protocol, and serves
only as method or the
specific usage requires. If all the checks succeed, the server
formulates a tool for diagnostic and debugging purposes. The value of
SERVER is variable length. success response as described below.

If the value of SERVER request uses UDP transport and is not a multiple retransmission of four bytes, it is padded a
request for encoding into the STUN message, in which case the attribute length represents server has already generated a success response
within the length of last 10 seconds, the USERNAME
prior to padding.

11.12. ALTERNATE-SERVER

The alternate server represents an alternate transport address MUST retransmit the same
success response. One way for a
different STUN server to try. It do this is encoded to remember all
transaction IDs received over UDP and their corresponding responses
in the same last 10 seconds. Another way as
MAPPED-ADDRESS.

This attribute is to reprocess the request and
recompute the response. The latter technique MUST only appear be applied to
requests which are idempotent and result in an error response.

11.13. REFRESH-INTERVAL

The REFRESH-INTERVAL indicates the number of milliseconds that the
server suggests the client should use between refreshes of the NAT
bindings between same success response
for the client and server. Even same request. The Binding method is considered to idempotent
in this way (even though certain rare network events could cause the server may
not know the binding lifetimes in intervening NATs,
reflexive transport address value to change). Extensions to STUN
SHOULD state whether their request types have this attribute
serves as a useful configuration mechanism for suggesting property or not.

7.3.1.1. Forming a value for
use by the client. Furthermore, when Success or Error Response

When forming the NAT Keepalive usage is
being used, response (success or error), the server may become overloaded with Binding Requests
that are being used for keepalives. follows the
rules of section 6. The REFRESH-INTERVAL provies a
mechanism for method of the server to gradually reduce response is the load on itself by
pushing back on same as that
of the client.

REFRESH-INTERVAL request, and the message class is specified as either "Success Response" or
"Error Response".

For an unsigned 32 bit integer, and
represents error response, the server MUST add an interval measured in millseconds. It can be present ERROR-CODE attribute
containing the error code specified in
Binding Responses.

12. STUN Usages

STUN the processing above. The
reason phrase is a simple request/response protocol that provides a useful
capability in several situations. In this section, different usages
of STUN are described. Each usage may differ in how STUN servers not fixed, but SHOULD be something suitable for the
error code. For certain errors, additional attributes are
discovered, when added to
the STUN requests are sent, what message types are
used, what message message. These attributes are used, and how authentication is
performed.

This specification defines spelled out in the STUN usages description
where the error code is specified. For example, for binding discovery
(Section 12.1), NAT keepalives (Section 12.2) and short-term password
(Section 12.3).

New STUN usages may an error code of
420 Unknown Attribute, the server MUST include an UNKNOWN-ATTRIBUTES
attribute. Certain authentication errors also cause attributes to be defined by
added (see Section 10). Extensions may define other standards-track documents.
New STUN usages MUST describe their applicability, client discovery
of errors and/or
additional attributes to add in error cases.

If the STUN server, how server authenticated the request using an authentication
mechanism, then the server determines SHOULD add the appropriate authentication
attributes to the usage, new message
types (requests or indications), new message attributes, new error response codes, and new client and server procedures.

12.1. Binding Discovery (see Section 10).

The previous version of this specification, RFC3489 [15], described
only this binding discovery server also adds any attributes required by the specific method
or usage.

12.1.1. Applicability

Binding discovery is used In addition, the server SHOULD add a SERVER attribute to learn reflexive addresses from servers
on
the network, generally message.

For the public Internet. That is, it Binding method, no additional checking is used
by required unless the
usage specifies otherwise. When forming the success response, the
server adds a client XOR-MAPPED-ADDRESS attribute to determine its dynamically-bound 'public' UDP the response, where the
contents of the attribute are the source transport address that of the
request message. For UDP, this is assigned the source IP address and source
UDP port of the request message. For TCP and TLS-over-TCP, this is
the source IP address and source TCP port of the TCP connection as
seen by a NAT between a STUN client and a STUN the server. This

7.3.1.2. Sending the Success or Error Response

The response (success or error) is sent over the same transport as
the request was received on. If the request was received over UDP,
the destination IP address will be present in and port of the mapped response is the source IP
address and port of the STUN Binding Response.

The mapped received request message, and the source IP
address present in and port of the binding response can be used by
clients to facilitate traversal of NATs for many applications. NAT
traversal is problematic for applications that require a client to
insert a transport address into a message, equal to which subsequent
messages will be delivered by other entities in a network. Normally, the client would insert the transport destination IP
address from a local interface
into and port of the received request message. However, if If the client request was
received over TCP or TLS-over-TCP, the response is behind a NAT, this local
interface will be a private address. Clients within other address
realms will not be able to send messages to that address.

An example of a such sent back on the
same TCP connection as the request was received on.

7.3.2. Processing an application is SIP, which requires a client
to include transport address information in several places, including Indication

If the Session Description Protocol (SDP [19]) body carried by SIP. indication contains unknown comprehension-required attributes,
the indication is discarded and processing ceases.

The
transport address present in server then does any additional checking that the method or the
specific usage requires. If all the checks succeed, the SDP server then
processes the indication. No response is used generated for an
indication.

For the Binding method, no additional checking or processing is
required, unless the usage specifies otherwise. The mere receipt of media.

To use STUN as a technique for traversal of SIP and other protocols,
when
the client wishes to send a protocol message, it figures out message by the server has refreshed the
places "bindings" in the protocol data unit where it
intervening NATs.

Since indications are not re-transmitted over UDP (unlike requests),
there is supposed no need to insert its
own transport address. Instead handle re-transmissions of directly using a port allocated
from a local interface, indications at the client allocates
server.

7.3.3. Processing a port from Success Response

If the success response contains unknown comprehension-required
attributes, the local
interface, response is discarded and from that port, generates a STUN Binding Request. the transaction is
considered to have failed.

The
mapped address in client then does any additional checking that the Binding Response (XOR-MAPPED-ADDRESS method or MAPPED-
ADDRESS) provides the
specific usage requires. If all the checks succeed, the client with an alternative transport address
that it can then include
processes the success response.

For the Binding method, the client checks that the XOR-MAPPED-ADDRESS
attribute is present in the protocol payload. This transport response. The client checks the address may
family specified. If it is an unsupported address family, the
attribute SHOULD be within a different ignored. If it is an unexpected but supported
address family than (for example, the local
interfaces used by Binding transaction was sent over
IPv4, but the client. This address family specified is not IPv6), then the client MAY
accept and use the value.

7.3.4. Processing an Error Response

If the error condition. In
such response contains unknown comprehension-required
attributes, or if the error response does not contain an ERROR-CODE
attribute, then the transaction is simply considered to have failed.

The client then does any processing specified by the authentication
mechanism (see Section 10). This may result in a case, new transaction
attempt.

The processing at this point depends on the error-code, the method,
and the usage; the following are the default rules:

o If the error code is 300 through 399, the client would use SHOULD consider
the learned IP address and port transaction as
if failed unless the ALTERNATE-SERVER extension is
being used. See Section 11.

o If the error code is 400 through 499, the client was a host with an interface within that address
family.

In declares the
transaction failed; in the case of SIP, to populate 420, the SDP appropriately, response should
contain a client would
generate two STUN Binding Request messages at UNKNOWN-ATTRIBUTES attribute that gives additional
information.

o If the time a call is
initiated or answered. One error code is used to obtain 500 through 599, the transport address
for RTP, and client MAY resend the other, for
request; clients that do so MUST limit the number of times they do
this. Any other error code causes the Real Time Control Protocol
(RTCP)[17]. The client might also need to use STUN to obtain
transport addresses consider the
transaction failed.

8. FINGERPRINT Mechanism

This section describes an optional mechanism for usage STUN that aids in other parts
distinguishing STUN messages from packets of other protocols when the SIP message. The
detailed
two are multiplexed on the same transport address. This mechanism is
optional, and a STUN usage of must describe if and when it is used.

In some usages, STUN messages are multiplexed on the same transport
address as other protocols, such as RTP. In order to facilitate SIP NAT traversal is outside apply the
scope of this specification.

As discussed above,
processing described in Section 7, STUN messages must first be
separated from the application packets. Section 6 describes three
fixed fields in the transport addresses learned by STUN header that can be used for this purpose.
However, in some cases, these three fixed fields may not be usable with all entities with whom a client might wish to
communicate. The way
sufficient.

When the FINGERPRINT extension is used, an agent includes the
FINGERPRINT attribute in which messages it sends to another agent.
Section 14.5 describes the placement and value of this problem is handled depends on attribute.
When the
application protocol. The ideal solution agent receives what it believes is for a protocol to allow
a client to include a multiplicity of transport addresses STUN message, then, in
addition to other basic checks, the PDU.
One of those can be agent also checks that the transport address determined from STUN,
message contains a FINGERPRINT attribute and that the others can include transport addresses learned from other
techniques. The application protocol would then provide a means for
dynamically detecting which one works. An example attribute
contains the correct value (see Section 7.3. This additional check
helps the agent detect messages of such an an
approach is Interactive Connectivity Establishment (ICE [13]).

12.1.2. Client other protocols that might
otherwise seem to be STUN messages.

9. DNS Discovery of Server

Clients SHOULD be configured with a domain name Server

This section describes an optional procedure for a STUN server to
use. In cases where the client has no explicit configuration
mechanism for STUN, but knows the domain of its service provider, the that allows a
client SHOULD to use that domain (in DNS to determine the case IP address and port of SIP, a server.
A STUN usage must describe if and when this would be extension is used. To
use this procedure, the client must have a domain from their Address-of-Record). The discovery mechanisms
defined in Section 8.1 are then applied to that domain name.

12.1.3. Server Determination of Usage

It is anticipated that servers would advertise name and a specific port in service
name; the
DNS for usage must also describe how the Binding Discovery usage. Thus, when client obtains these.

When a request arrives at
that particular port, client wishes to locate a STUN server in the server knows public Internet
that accepts Binding Request/Response transactions, the binding usage SRV service
name is "stun". STUN usages MAY define additional DNS SRV service
names.

The domain name is resolved to a transport address using the SRV
procedures specified in
use. This fact [RFC2782]. The DNS SRV service name is only needed for purposes of determining the
authentication and message integrity mechanism
service name provided as input to apply.

12.1.4. New Requests or Indications

This usage does not define any new message types.

12.1.5. New Attributes

This usage does not define any new message attributes.

12.1.6. New Error Response Codes

This usage does not define any new error response codes.

12.1.7. Client Procedures this procedure. The binding discovery protocol in
the SRV lookup is utilized by a the transport protocol the client just prior will run STUN
over: "udp" for UDP, "tcp" for TCP, and "tls" for TLS-over-TCP. If,
in the future, additional SRV records are defined for TLS over other
transport protocols, those will need to
generating utilize an application PDU that requires SRV transport
token of the client to include its form "tls-foo" for transport address. protocol "foo".

The client MAY first obtain a short term
credential using procedures of RFC 2782 are followed to determine the short term password STUN usage. The credential
that is obtained is server to
contact. RFC 2782 spells out the details of how a set of SRV records
are sorted and then using in Binding Request messages. A
Binding Request message is generated for each distinct transport
address tried. However, RFC2782 only states that the
client requires should "try to connect to formulate the application PDU.

A successful response message will carry either an XOR-MAPPED-ADDRESS
or MAPPED-ADDRESS attribute, depending (protocol, address, service)"
without giving any details on what happens in the event of failure.
When following these procedures, if the version STUN transaction times out
without receipt of a response, the server.
A client SHOULD use retry the XOR-MAPPED-ADDRESS if present. If not, it
uses request to
the MAPPED-ADDRESS.

12.1.8. Server Procedures

It is RECOMMENDED that servers utilize short term credentials,
obtained by next server in the client list of servers from the DNS SRV response.
Such a Shared Secret request, retry is only possible for
authentication and message integrity. Consequently, if a Binding
Request request/response transmissions,
since indication transactions generate no response or timeout.

The default port for STUN requests is generated without a short term credential, the server
SHOULD challenge 3478, for one.

12.1.9. Security Considerations both TCP and UDP.
Administrators SHOULD use this port in their SRV records for Binding Discovery UDP and
TCP, but MAY use others. There are is no security considerations default port for this usage beyond those
described in Section 13.

12.2. NAT Keepalives

12.2.1. Applicability

In this STUN usage, over TLS,
however a STUN server SHOULD use a port number for TLS different from
3478 so that the server can determine whether the first message it
will receive after the TCP connection is set up, is a STUN message or
a TLS message.

If no SRV records were found, the client performs an A or AAAA record
lookup of the domain name. The result will be a list of IP
addresses, each of which can be contacted at the default port using
UDP or TCP, independent of the STUN usage. For usages that require
TLS, lack of SRV records is connected equivalent to a server failure of the
transaction, since the request or indication MUST NOT be sent unless
SRV records provided a transport address specifically for TLS.

10. Authentication and Message-Integrity Mechanisms

This section defines two mechanisms for STUN that a
particular application protocol (for example, a SIP proxy server).
The connection is long-lived, allowing for asynchronous messaging
from the client and server
can use to provide authentication and message-integrity; these two
mechanisms are known as the client. The client short-term credential mechanism and the
long-term credential mechanism. These two mechanisms are optional,
and each usage must specify if and when these mechanisms are used.
An overview of these two mechanisms is connected given in .

Each mechanism specifies the additional processing required to use
that mechanism, extending the server
either using TCP, processing specified in which case there is Section 7. The
additional processing occurs in three different places: when forming
a long-lived TCP connection
from message; when receiving a message immediately after the client the basic
checks have been performed; and when doing the detailed processing of
error responses.

10.1. Short-Term Credential Mechanism

The short-term credential mechanism assumes that, prior to the server, or using UDP, in which case STUN
transaction, the client and server
stores have used some other protocol to
exchange a credential in the source transport address form of a message from a client (such
as SIP REGISTER), username and sends messages to password. This
credential is time-limited. The time-limit is defined by the client using that
transport address.

Since usage.
As an example, in the connection between ICE usage [I-D.ietf-mmusic-ice], the client two
endpoints use out-of-band signaling to agree on a username and server
password, and this username and password is very-long
lived, applicable for the bindings established by that connection need
duration of the media session.

This credential is used to be
maintained form a message integrity check in each
request and in many responses. There is no challenge and response as
in any intervening NATs. Rather than implement expensive
application-layer keepalives, the keepalives can be accomplished
using STUN Binding Requests. The client will periodically send long term mechanism; consequently, replay is prevented by
virtue of the time-limited nature of the credential.

10.1.1. Forming a
Binding Request to the server, using or Indication

For a request or indication message, the same transport addresses
used for agent MUST include the application protocol. These Binding Requests are
demultiplexed at
USERNAME and MESSAGE-INTEGRITY attributes in the server using message. The HMAC
for the magic cookie and possibly
FINGERPRINT. MESSAGE-INTEGRITY attribute is computed as described in
Section 14.4. The response from key for the server informs HMAC is the client password. Note that the server
password is still alive. The STUN message also keeps the binding
active never included in intervening NATs. The client can also examine the mapped
address in request or indication.

10.1.2. Receiving a Request or Indication

After the Binding Response. If it agent has changed, the client can
re-initiate application layer procedures to inform done the server of its
new transport address.

12.2.2. Client Discovery basic processing of Server

In this usage, a message, the STUN server and agent
performs the application protocol are using checks listed below in order specified:

o If the same fixed port.

12.2.3. Server Determination of Usage

The server multiplexes message does not contain both STUN a MESSAGE-INTEGRITY and its application protocol on a
USERNAME attribute:

* If the
same port. The server knows it message is has this usage because the URI
that gets resolved to this port indicates a request, the server supports this
multiplexing.

12.2.4. New Requests or Indications MUST reject the request
with an error response. This usage does not define any new response MUST use an error code
of 400.

* If the message types.

12.2.5. New Attributes

This usage is an indication, the server MUST silently
discard the indication.

o If the USERNAME does not define any new contain a username value currently valid
within the server:

* If the message attributes.

12.2.6. New Error Response Codes

This usage does not define any new is a request, the server MUST reject the request
with an error response. This response codes.

12.2.7. Client Procedures MUST use an error code
of 401.

* If the STUN Response indicates message is an indication, the client's mapped address has
changed from server MUST silently
discard the client's expected mapped address, indication.

o Using the client SHOULD
inform other applications of its new mapped address. For example, a
SIP client could use password associated with the binding discovery usage to obtain a new
mapped address, and then register it using SIP registration
procedures.

The client SHOULD NOT include a MESSAGE-INTEGRITY attribute unless
prompted username, compute the value
for one by the server, since authentication is message-integrity as described in Section 14.4. If the
resulting value does not generally
used with this STUN usage.

12.2.8. Server Procedures

The server SHOULD NOT authenticate match the contents of the client or look for a MESSAGE-
INTEGRITY attribute. Since attribute:

* If the keepalives come with some regularity,
and will come for each client that message is connected to a request, the server, server MUST reject the
processing cost associated with authenticating each request is very
high. Consequently, authentication should only be used by small
servers, for whom
with an error response. This response MUST use an error code
of 431.

* If the processing cost message is not an issue, or when used
with application protocols where indication, the consequences of a fake response
are very significant.

12.2.9. Security Considerations for NAT Keepalives

This STUN usage does not recommend server MUST silently
discard the usage of message integrity indication.

If these checks pass, the server continues to process the request or
authentication. This is because
indication. Any response generated by the client never actually uses server MUST include the
mapped address from
MESSAGE-INTEGRITY attribute, computed using the STUN response. It merely treats username and password
utilized to authenticate the request.

If any of the checks fail, the server MUST NOT include a change MESSAGE-
INTEGRITY or USERNAME attribute in
that address as the error response.

10.1.3. Receiving a hint that Response

The processing here takes place prior to the processing in
Section 7.3.3 or Section 7.3.4.

The client should re-apply application
layer procedures looks for connection establishment and registration.

An attacker could attempt to inject faked responses, or modify
responses in transit. Such an attack would require the attacker to
be on-path MESSAGE-INTEGRITY attribute in order to determine the transaction ID. In response.
If present, the worst
case, client computes the attack would cause message integrity over the client to see a change
response as defined in IP address
or port, and then perform an application layer re-registration. Such
a re-registration would not use Section 14.4, using the transport address obtained from same password it
utilized for the Binding Response. Thus, request. If the worst that resulting value matches the attacker can do
contents of the MESSAGE-INTEGRITY attribute, the response is
cause
considered authenticated. If the client to re-register every half minute value does not match, or so, when it
otherwise wouldn't need to. Given if
MESSAGE-INTEGRITY was absent, the difficulty response MUST be discarded, as if
it was never received. This means that retransmits, if applicable,
will continue.

10.2. Long-term Credential Mechanism

The long-term credential mechanism relies on a long term credential,
in launching this
attack (it requires the attacker to be on-path form of a username and to disrupt the
actual response from the server) compared to the benefit, there password, that are shared between
client and server. The credential is
little motivation for authentication or integrity mechanisms.

When used with application protocols where the cost of "re-
registration" considered long-term since it
is assumed that it is provisioned for a user, and remains in fact high, effect
until the keepalive usage can still be used
without authentication. However, user is no longer a subscriber of the usage would serve ONLY system, or is
changed. This is basically a traditional "log-in" username and
password given to users.

Because these usernames and passwords are expected to keep
NAT bindings alive; it would not be useful valid for detecting failures
extended periods of time, replay prevention is provided in the server or form
of intervening NAT. In such a case, digest challenge. In this mechanism, the client would
not perform initially sends
a request, without offering any application layer processing based on credentials or any integrity checks.
The server rejects this request, providing the STUN
response, even if it indicated user a change in transport address.

12.3. Short-Term Password

In order realm (used to ensure interoperability, this usage describes
guide the user or agent in selection of a TLS-based
mechanism to obtain username and password) and
a short-term credential. nonce. The usage makes use of nonce provides the Shared Secret Request and Response messages. replay protection. It is defined as a
separate usage cookie,
selected by the server, and encoded in order to allow it to run on such a separate port, and to
allow it way as to be more easily separated from the different STUN usages,
only some indicate a
duration of validity or client identity from which require this mechanism.

12.3.1. Applicability

To thwart some on-path attacks described in Section 13, it is
necessary for the STUN valid. The
client retries the request, this time including its username, the
realm, and STUN server to integrity protect echoing the information they exchange over UDP. In nonce provided by the absence of a long-
term secret (password) that is shared between them, server. The client also
includes a short-term
password can be obtained using message-integrity, which provides an HMAC over the usage described in this section.

The username and password returned in entire
request, including the STUN Shared Secret Response
are valid for use in subsequent STUN transactions for nine (9)
minutes with any applicable hosts as described in Section 12.3.2. nonce. The username server validates the nonce, and password obtained with this usage are used as
checks the
USERNAME message-integrity. If they match, the request is
authenticated. If the nonce is no longer valid, it is considered
"stale", and in the HMAC for server rejects the MESSAGE-INTEGRITY in request, providing a new nonce.

In subsequent
STUN message, respectively.

12.3.2. Client Discovery of Server

The client follows requests to the procedures in Section 8.1. The SRV protocol
is "tls" and same server, the service name "stun-pass".

For example a client would look up "_stun-pass._tls.example.com" in
DNS.

12.3.3. Server Determination of Usage

The server advertises reuses the
nonce, username, realm and password it used previously. In this port way,
subsequent requests are not rejected until the nonce becomes invalid
by the server, in which case the DNS as capable of receiving
TLS over TCP connections, along with rejection provides a new nonce to
the Shared Secret messages client.

Note that
run over it. The server MAY also advertise this same port in DNS the long-term credential mechanism cannot be used to
protect indications, since indications cannot be challenged. Usages
utilizing indications must either use a short-term credential, or
omit authentication and message integrity for
other TLS over TCP usages if them.

Since the server long-term credential mechanism is capable of multiplexing
those different usages. susceptible to offline
dictionary attacks, deployments SHOULD utilize strong passwords.

For example, STUN servers used in conjunction with SIP servers, it is
desirable to use the server could advertise same credentials for authentication to the
short-term password SIP
server and binding discovery usages on STUN server. Typically, SIP systems utilizing SIP's
digest authentication mechanism do not actually store the same TLS/TCP
port.

12.3.4. New Requests or Indications

The message type Shared Secret Request and its associated Shared
Secret Response and Shared Secret Error Response are defined in this
section. Their values are enumerated password in Section 15.

The following figure indicates
the database. Rather, they store a value called H(A1), which attributes are present in is
computed as:

H(A1) = MD5(username ":" realm ":" password)

If a system wishes to utilize this credential, the
Shared Secret Request, Response, STUN password
would be computed by taking the user-entered username and password,
and Error Response. An M indicates using H(A1) as the STUN password. It is RECOMMENDED that inclusion of clients
utilize this construction for the attribute in STUN password.

10.2.1. Forming a Request

There are two cases when forming a request. In the message first case, this
is mandatory, O means
its optional, C means it's conditional based on some other aspect of the message, and - means that first request from the attribute is not applicable to that
message type. Attributes not listed are not applicable client to Shared
Secret Request, Response, or Error Response.

Shared Shared Shared
Secret Secret Secret
Attribute Request Response Error
Response
_________________________________________________
USERNAME O M -
PASSWORD - M -
MESSAGE-INTEGRITY O O O
ERROR-CODE - - M
ALTERNATE-SERVER - - C
UNKNOWN-ATTRIBUTES - - C
SERVER - O O
REALM C - C
NONCE C - C

The Shared Secret requests, like other STUN requests, can be
authenticated. However, since the server (as identified by
its purpose IP address and port). In the second case, the client is to obtain
submitting a short-term
credential, the Shared Secret subsequent request itself cannot be authenticated
with once a short-term credential. However, it can be authenticated with previous request/response
transaction has completed successfully.

10.2.1.1. First Request

If the client has not completed a long-term credential.

12.3.5. New Attributes

No new attributes are defined by this usage.

12.3.6. New Error Response Codes

This usage defines successful request/response
transaction with the 433 error response. Only server, it SHOULD omit the USERNAME, MESSAGE-
INTEGRITY, ERROR-CODE REALM, and SERVER attributes are applicable to this
response.

12.3.7. Client Procedures

Shared Secret requests are formed like NONCE attributes. In other STUN requests, with the
following additions. Clients MUST NOT use a short-term credential
with a Shared Secret request. They SHOULD send words, the very
first request with is sent as if there were no
credentials (omitting MESSAGE-INTEGRITY and USERNAME).

Processing of the Shared Secret response follows that of any other
STUN response. Note that clients MUST be prepared to be challenged
for authentication or message
integrity applied.

10.2.1.2. Subsequent Requests

Once a long-term credential.

If request/response transaction has completed successfully, the response was a Shared Secret Response, it
client will contain have been been presented a short
lived username realm and password, encoded in nonce by the USERNAME server,
and PASSWORD
attributes, respectively. A selected a username and password with which it authenticated.
The client SHOULD use these credentials
whenever short term credentials are needed cache the username, password, realm, and nonce for any server discovered
using
subsequent communications with the same domain name as was used to discover server. When the one which
returned those credentials. For example, if a client used sends a domain
name of example.com,
subsequent request, it would have looked up _stun-
pass._tls.example.com in DNS, found a server, SHOULD include the USERNAME, REALM, and sent a Shared
Secret request that provided NONCE
attributes with these cached values. It SHOULD include a credential to MESSAGE-
INTEGRITY attributed, computed as described in Section 14.4 using the client. The client
would use this credential with
cached password as the key.

10.2.2. Receiving a Request

After the server discovered by looking up
_stun._udp.example.com has done the basic processing of a request, it
performs the checks listed below in the DNS. order specified:

o If the response was message:

* does not contain a Shared Secret Error Response, and ERROR-CODE
attribute was present with MESSAGE-INTEGRITY attribute,

* OR, it contains a response code of 433, and the client had USERNAME whose value is not sent the request over TLS, the client SHOULD establish a TLS
connection to valid username,

the server and retry the request over that connection.
If the client had used TLS, this MUST generate an error response with an error code of
401. This response MUST include a REALM value. It is unrecoverable and RECOMENDED
that the client SHOULD NOT retry.

12.3.8. Server Procedures

The procedures for general processing REALM value by the domain name of the provider of STUN requests apply to
Shared Secret requests. Servers MAY challenge the client for a long-
term credential if one was not provided in a request. However, they
STUN server. The response MUST NOT challenge the request for include a short-term credential. NONCE, selected by the
server.

o If the Shared Secret Request did not arrive over message contains a TLS connection, MESSAGE-INTEGRITY attribute, but is
missing the USERNAME, REALM or NONCE attributes, the server MUST
generate a Shared Secret Error an error response with an
ERROR-CODE attribute that has a response error code of 433. 400.

o If the request is valid and authenticated (assuming the server NONCE is
performing authentication), no longer valid, the server MUST create a short term
credential for the user. This credential consists generate an error
response with an error code of a username and
password. The credentials 438 (Stale Nonce). This response
MUST be valid for include a duration of at least
nine minutes, NONCE and SHOULD NOT be valid for a duration of longer than
thirty minutes. The username MUST be distinct, with extremely high
probabilities, from all usernames that have been handed out across
all servers that are returned from DNS SRV queries for the same
domain name. Extremely high probability means that REALM attribute.

o Using the likelihood of
collision SHOULD be better than 1 in 2**64. The password for each
username MUST be cryptographically random associated with at least 128 bits of
entropy.

12.3.9. Security Considerations for Short-Term Password

The security considerations in Section 13 do not apply to the Shared
Secret request and response, since these messages do not make use of
mapped addresses, which is the primary source of security
consideration discussed there. Rather, shared secret requests are
used to obtain short term credentials that are used username in the
authentication of other messages.

Because USERNAME
attribute, compute the Shared Secret response itself carries a credential, in value for the form of a username and password, it must be sent encrypted. For
this reason, STUN servers MUST reject any Shared Secret request that
has message-integrity as
described in Section 14.4. If the resulting value does not arrived over a TLS connection.

Malicious clients could generate a multiplicity of Shared Secret
requests, each match
the contents of which causes the MESSAGE-INTEGRITY attribute, the server to allocate shared secrets,
each MUST
reject the request with an error response. This response MUST use
an error code of which might consume memory 401. It MUST include a REALM and processing resources. NONCE
attribute.

If
shared secret requests are not being authenticated, this leads to a
possible denial-of-service attack. Indeed, even if these checks pass, the requestor is
authenticated, attacks are still possible.

To prevent being swamped with traffic, a STUN server SHOULD limit continues to process the
number of simultaneous TLS connections it will hold open by dropping
an existing connection when a new connection request arrives (based
on an Least Recently Used (LRU) policy, for example).

Similarly, servers SHOULD allocate only a small number of shared
secrets or
indication. Any response generated by the server MUST include the
MESSAGE-INTEGRITY attribute, computed using the username and password
utilized to a host with a particular source transport address.
Requests from authenticate the same transport address which exceed this limit request. The REALM, NONCE, and USERNAME
attributes SHOULD NOT be rejected with included.

10.2.3. Receiving a 600 response. Servers SHOULD also limit Response

The processing here takes place prior to the total number of shared secrets they will provide at a time across
all clients, based on processing in
Section 7.3.3 or Section 7.3.4.

If the number response is an error response, with an error code of users and expected loads during
normal peak usage. If a Shared Secret request arrives and 401
(Unauthorized), the server
has exceeded its limit, it client SHOULD reject retry the request with a 500
response.

Furthermore, for servers that are not authenticating shared secret
requests, it is RECOMMENDED that short-term credentials be
constructed in a way such that they do not require memory or disk to
store.

This can be done new
transaction. This request MUST contain a USERNAME, determined by intelligently computing the username and
password. One approach is to construct
client as the USERNAME as:

USERNAME = <prefix,rounded-time,hmac>

Where prefix is some random text string (different appropriate username for each shared
secret request), rounded-time is the current time modulo 20 minutes,
and hmac is an HMAC [13] over REALM from the prefix and rounded-time, using a
server private key. error
response. The password is then computed as:

password = <hmac(USERNAME,anotherprivatekey)>

With this structure request MUST contain the server can verify that REALM, copied from the username was not
tampered with error
response. The request MUST contain the NONCE, copied from the error
response. The request MUST contain the MESSAGE-INTEGRITY attribute,
computed using the hmac present in password associated with the username.

13. Security Considerations

Attacks on STUN systems vary depending on username in the usage.
USERNAME attribute. The short term
password usage client MUST NOT perform this retry if it is quite different from
not changing the other usages defined here,
and USERNAME or REALM or its security considerations are unique to it and discussed as
part of associated password, from
the usage definition. However, all of previous attempt.

If the other usages are
very similar and share a similar set of security considerations as a
consequence of their usage response is an error response with an error code of 438, the mapped address from STUN Binding
Responses. Consequently, these security considerations apply to
usage of
client MUST retry the mapped address.

13.1. Attacks on STUN

Generally speaking, attacks on STUN can be classified into denial of
service attacks and eavesdropping attacks. Denial of service attacks
can be launched against a STUN server itself or against other
elements request, using the STUN protocol. new NONCE supplied in the
438 response. This retry MUST also include the USERNAME, REALM and
MESSAGE-INTEGRITY.

The attacks of greater interest
are those client looks for the MESSAGE-INTEGRITY attribute in which the STUN server and client are used to launch
denial of service (DoS) attacks against other entities, including response
(either success or failure). If present, the client itself. Many of computes the attacks require
message integrity over the attacker to generate
a response to a legitimate STUN request, as defined in order to provide the
client with a faked mapped address. The attacks that can be launched Section 14.4, using such a technique include:

13.1.1. Attack I: DDoS Against a Target

In this case, the attacker provides a large number of clients with
the same faked mapped address that points to password it utilized for the intended target.
This will trick all request. If the STUN clients into thinking that their
addresses are equal to that of resulting
value matches the target. The clients then hand out
that address in order to receive traffic on it (for example, in SIP
or H.323 messages). However, all contents of that traffic becomes focused at
the intended target. The attack can provide substantial
amplification, especially when used with clients that are using STUN
to enable multimedia applications.

13.1.2. Attack II: Silencing a Client

In this attack, the attacker seeks to deny a client access to
services enabled by STUN (for example, a client using STUN to enable
SIP-based multimedia traffic). To do that, MESSAGE-INTEGRITY attribute, the attacker provides
that client with a faked mapped address. The mapped address it
provides
response is a transport address that routes to nowhere. As a result, considered authenticated. If the client won't receive any of value does not match,
or if MESSAGE-INTEGRITY was absent, the packets response MUST be discarded,
as if it expects was never received. This means that retransmits, if
applicable, will continue.

11. ALTERNATE-SERVER Mechanism

This section describes a mechanism in STUN that allows a server to receive
when it hands out the mapped address.
redirect a client to another server. This exploitation extension is not very
interesting for the attacker. It impacts optional, and
a single client, which usage must define if and when this extension is
frequently not the desired target. Moreover, any attacker that can
mount the attack could also deny service to used. To prevent
denial-of-service attacks, this extension MUST only be used in
situations where the client by other
means, such as preventing the and server are using an authentication
and message-integrity mechanism.

A server using this extension redirects a client from receiving any response from
the STUN server, or even to another server by
replying to a DHCP server.

13.1.3. Attack III: Assuming the Identity request message with an error response message with an
error code of 300 (Try Alternate). The server MUST include a Client

This attack is similar to attack II. However, the faked mapped
address points to the attacker themself. This allows
ALTERNATE-SERVER attribute in the attacker to
receive traffic error response. The error response
message MUST be authenticated, which was destined for the client.

13.1.4. Attack IV: Eavesdropping

In this attack, in practice means the attacker forces request
message must have passed the authentication checks.

A client to use using this extension handles a mapped
address that routes to itself. It then forwards any packets it
receives to 300 (Try Alternate) error
code as follows. If the client. This attack would allow error response has passed the attacker to
observe all packets sent to authentication
checks, then the client. However, client looks for a ALTERNATE-SERVER attribute in order to launch the attack, the attacker must have already been able to observe
packets from
error response. If one is found, then the client to considers the STUN server. In most cases (such
current transaction as
when failed, and re-attempts the attack is launched request with the
server specified in the attribute. The client SHOULD reuse any
authentication credentials from an access network), this means that the attacker could already observe packets sent to old request in the client. new
transaction.

12. Backwards Compatibility with RFC 3489

This
attack is, as section define procedures that allow a result, only useful for observing traffic by
attackers on the path from degree of backwards
compatible with the original protocol defined in RFC 3489 [RFC3489].
This mechanism is optional, meant to be utilized only in cases where
a new client can connect to the STUN an old server, but not
generally on or vice-a-versa. A usage
must define if and when this procedure is used.

Section 18 lists all the path changes between this specification and RFC
3489 [RFC3489]. However, not all of packets being routed towards the client.

13.2. Launching these differences are important,
because "classic STUN" was only used in a few specific ways. For the Attacks

It is important to note that attacks
purposes of this nature (injecting
responses with fake mapped addresses) require that the attacker be
capable of eavesdropping requests sent from extension, the client to important changes are the server
(or to act as a man in following.
In RFC 3489:

o UDP was the middle for such attacks). This only supported transport;

o The field that is because
STUN requests contain now the Magic Cookie field was a transaction identifier, selected by part of the
client, which is random with 96
transaction id field, and transaction ids were 128 bits of entropy. long;

o The server echoes
this value in XOR-MAPPED-ADDRESS attribute did not exist, and the response, Binding
method used the MAPPED-ADDRESS attribute instead

o There were two comprehension-required attributes, RESPONSE-ADDRESS
and CHANGE-REQUEST, that have been removed from this
specification.

* These attributes are now part of the NAT Behavior Discovery
usage.

12.1. Changes to Client Processing

A client ignores any responses that
don't have a matching transaction ID. Therefore, in order for an
attacker wants to provide interoperate with a faked response [RFC3489] server SHOULD
send a request message that is accepted by uses the client, Binding method, contains no
attributes, and uses UDP as the attacker needs transport protocol to know the transaction ID of the request. The
large amount of randomness, combined with server. If
successful, the need to know when success response received from the
client sends server will
contain a request and the transport addresses used for that
request, precludes attacks that involve guessing MAPPED-ADDRESS attribute rather than an XOR-MAPPED-ADDRESS
attribute; other than this change, the transaction ID.

Since all processing of the above attacks rely on this one primitive - injecting
a response with a faked mapped address - preventing the attacks is
accomplished by preventing this one operation. To prevent it, we
need
identical to consider the various ways in which it can be accomplished.
There are several:

13.2.1. Approach I: Compromise a Legitimate STUN procedures described above.

12.2. Changes to Server

In this attack, the attacker compromises a legitimate Processing

A STUN server
through can detect when a virus or Trojan horse. Presumably, this would allow given Binding Request message was
sent from an RFC 3489 [RFC3489] client by the
attacker to take over absence of the STUN server, and control correct
value in the Magic Cookie field. When the types of
responses it generates. Compromise of a STUN server can also lead detects an RFC 3489
client, it SHOULD copy the value seen in the Magic Cookie field in
the Binding Request to
discovery of open ports. Knowledge the Magic Cookie field in the Binding Response
message, and insert a MAPPED-ADDRESS attribute instead of an open port creates XOR-
MAPPED-ADDRESS attribute.

The client might, in rare situations, include either the RESPONSE-
ADDRESS or CHANGE-REQUEST attributes. In these situations, the
server will view these as unknown comprehension-required attributes
and reply with an
opportunity for DoS attacks on those ports (or DDoS attacks if error response. Since the
traversed NAT mechanisms utilizing
those attributes are no longer supported, this behavior is a full cone NAT). Discovering open ports
acceptable.

13. STUN Usages

STUN by itself is already
fairly trivial using port probing, so this does not represent a major
threat.

13.2.2. Approach II: DNS Attacks

STUN servers are discovered using DNS SRV records. If an attacker
can compromise the DNS, it can inject fake records which map a domain
name solution to the IP address NAT traversal problem.
Rather, STUN defines a toolkit of functions that can be used inside a
larger solution. The term "STUN Usage" is used for any solution that
uses STUN server run by as a component.

At the attacker. This
will allow it to inject fake responses to launch any time of the attacks
above. Clearly, this attack is only applicable for writing, three STUN usages which
discover servers through DNS.

13.2.3. Approach III: Rogue Router or are defined: Interactive
Connectivity Establishment (ICE) [I-D.ietf-mmusic-ice], Client-
initiated connections for SIP [I-D.ietf-sip-outbound], and NAT

Rather than compromise
Behavior Discovery [I-D.ietf-behave-nat-behavior-discovery]. Other
STUN usages may be defined in the future.

A STUN server, an attacker can cause a usage defines how STUN
server is actually utilized - when to generate responses send
requests, what to do with the wrong mapped address by
compromising a router or NAT on the path from the client responses, and which optional
procedures defined here (or in an extension to the STUN) are to be used.
A usage would also define:

o Which STUN
server. methods are used;

o What authentication and message integrity mechanisms are used;

o What mechanisms are used to distinguish STUN messages from other
messages. When the STUN request passes through the rogue router or
NAT, it rewrites the source transport address of the packet to be
that of the desired mapped address. This address cannot be
arbitrary. If the attacker is on run over TCP, a framing mechanism may be
required;

o How a STUN client determines the public Internet (that is, there
are no NATs between it IP address and port of the STUN server),
server;

o Whether backwards compatibility to RFC 3489 is required;

o What optional attributes defined here (such as FINGERPRINT and the attacker doesn't
modify the
ALTERNATE-SERVER) or in other extensions are required.

In addition, any STUN request, the address has to have the property that
packets sent from usage must consider the security implications
of using STUN server to in that address would route through
the compromised router. This is because usage. A number of attacks against STUN are
known (see the Security Considerations section in this document) and
any usage must consider how these attacks can be thwarted or
mitigated.

Finally, a usage must consider whether its usage of STUN server will send is an
example of the responses back Unilateral Self-Address Fixing approach to the source transport NAT
traversal, and if so, address of the request.
With questions raised in RFC 3424.

14. STUN Attributes

After the STUN header are zero or more attributes. Each attribute
MUST be TLV encoded, with a modified source transport address, 16 bit type, 16 bit length, and value.
Each STUN attribute MUST end on a 32 bit boundary. As mentioned
above, all fields in an attribute are transmitted most significant
bit first.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value (variable) ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 5: Format of STUN Attributes

The value in the only way they can reach Length field MUST contain the client is if length of the compromised router directs them there.

If Value
part of the attacker is attribute, prior to padding, measured in bytes. Since
STUN aligns attributes on 32 bit boundaries, attributes whose content
is not a private network (that is, there multiple of 4 bytes are NATs
between it padded with 1, 2 or 3 bytes of
padding so that its value contains a multiple of 4 bytes. The
padding bits are ignored, and the STUN server), the attacker will not may be able to
force the server to generate arbitrary mapped addresses any value.

Any attribute type MAY appear more than once in responses.
They will a STUN message.
Unless specified otherwise, the order of appearance is significant:
only be able force the STUN server first occurance needs to generate mapped
addresses which route be processed by a receiver, and any
duplicates MAY be ignored by a receiver.

To allow future revisions of this specification to add new attributes
if needed, the private network. This attribute space is because the
NAT divided into two ranges.
Attributes with type values between the attacker 0x0000 and 0x7FFF are
comprehension-required attributes, which means that the STUN server will rewrite the source
transport address of agent
cannot successfully process the STUN request, mapping message unless it to a public address understands the
attribute. Attributes with type values between 0x8000 and 0xFFFF are
comprehension-optional attributes, which means that routes to those attributes
can be ignored by the private network. Because STUN agent if it does not understand them.

The STUN Attribute types defined by this specification are:

Comprehension-required range (0x0000-0x7FFF):
0x0000: (Reserved)
0x0001: MAPPED-ADDRESS
0x0006: USERNAME
0x0007: (Reserved; was PASSWORD)
0x0008: MESSAGE-INTEGRITY
0x0009: ERROR-CODE
0x000A: UNKNOWN-ATTRIBUTES
0x0014: REALM
0x0015: NONCE
0x0020: XOR-MAPPED-ADDRESS

Comprehension-optional range (0x8000-0xFFFF)
0x8022: SERVER
0x8023: ALTERNATE-SERVER
0x8028: FINGERPRINT

The rest of this, the attacker
can only force this section describes the server to generate faked mapped addresses that
route to format of the private network. Unfortunately, it is possible that various
attributes defined in this specification.

14.1. MAPPED-ADDRESS

The MAPPED-ADDRESS attribute indicates a
low quality NAT would be willing to map reflexive transport address
of the client. It consists of an allocated public eight bit address
to another public family, and a
sixteen bit port, followed by a fixed length value representing the
IP address. If the address (as opposed to an internal private
address), in which case family is IPv4, the attacker could forge address MUST be 32
bits. If the source address
in a STUN request to family is IPv6, the address MUST be an arbitrary public address. This kind of
behavior from NATs does appear to 128 bits.
All fields must be rare.

13.2.4. Approach IV: Man in network byte order.

The format of the Middle

As an alternative to approach III (Section 13.2.3), if the attacker MAPPED-ADDRESS attribute is:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 0 0 0 0 0 0| Family | Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Address (32 bits or 128 bits) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Figure 7: Format of MAPPED-ADDRESS attribute
The address family can place an element take on the path from following values:

0x01:IPv4
0x02:IPv6

The first 8 bits of the client MAPPED-ADDRESS MUST be set to the server, the
element can act as a man-in-the-middle. In that case, it can
intercept a STUN request, 0 and generate a STUN response directly MUST be
ignored by receivers. These bits are present for aligning parameters
on natural 32 bit boundaries.

This attribute is used only by servers for achieving backwards
compatibility with
any desired value of the mapped address field. Alternatively, it can
forward the STUN request RFC 3489 [RFC3489] clients.

14.2. XOR-MAPPED-ADDRESS

The XOR-MAPPED-ADDRESS attribute is identical to the server (after potential
modification), receive MAPPED-ADDRESS
attribute, except that the response, and forward it to reflexive transport address is obfuscated
through the client.
When forwarding XOR function.

The format of the request XOR-MAPPED-ADDRESS is:

Figure 9: Format of XOR-MAPPED-ADDRESS Attribute

The Family represents the IP address family, and response, this attack is subject encoded
identically to the same limitations on Family in MAPPED-ADDRESS.

X-Port is the mapped address described in Approach III
(Section 13.2.3).

13.2.5. Approach V: Response Injection Plus DoS

In this approach, port, exclusive or'd with most significant 16
bits of the attacker does not need to be a MitM (as in
approaches III and IV). Rather, it only needs to be able to
eavesdrop onto a network segment that carries STUN requests. This magic cookie. If the IP address family is IPv4,
X-Address is
easily done in multiple access networks such as ethernet or
unprotected 802.11. To inject the fake response, mapped IP address exclusive or'd with the attacker
listens on magic
cookie. If the network for a STUN request. When it sees one, it
simultaneously launches a DoS attack on IP address family is IPv6, the STUN server, and
generates its own STUN response with X-Address is the desired
mapped IP address
value. The STUN response generated by the attacker will reach exclusively or'ed with the
client, magic cookie and the DoS attack against the server is aimed at preventing
the legitimate response from 96-
bit transaction ID.

For example, using the server from reaching "^" character to indicate exclusive or, if the client.
Arguably,
IP address is 192.168.1.1 (0xc0a80101) and the attacker can do without port is 5555 (0x15B3),
the DoS attack on X-Port would be 0x15B3 ^ 0x2112 = 0x34A1, and the server,
so long as X-Address would
be 0xc0a80101 ^ 0x2112A442 = 0xe1baa543.

The rules for encoding and processing the faked response beats first 8 bits of the real response back to
attribute's value, the
client, rules for handling multiple occurrences of the
attribute, and the client uses rules for processing addresses families are the first response,
same as for MAPPED-ADDRESS.

NOTE: XOR-MAPPED-ADDRESS and ignores MAPPED-ADDRESS differ only in their
encoding of the
second (even though it's different).

13.2.6. Approach VI: Duplication

This approach is similar to approach V (Section 13.2.5). transport address. The
attacker listens on former encodes the network for a STUN request. When transport
address by exclusive-or'ing it sees
one, with the magic cookie. The latter
encodes it generates its own STUN request towards directly in binary. RFC 3489 originally specified only
MAPPED-ADDRESS. However, deployment experience found that some NATs
rewrite the server. This STUN
request is identical to 32-bit binary payloads containing the one it saw, NAT's public IP
address, such as STUN's MAPPED-ADDRESS attribute, in the well-meaning
but with misguided attempt at providing a spoofed source IP
address. generic ALG function. Such
behavior interferes with the operation of STUN and also causes
failure of STUN's message integrity checking.

14.3. USERNAME

The spoofed address USERNAME attribute is equal to the one that used for message integrity. It identifies
the attacker
desires to have placed username and password combination used in the mapped address message integrity
check.

The value of the STUN response.
In fact, the attacker generates USERNAME is a variable length value. It MUST contain a flood
UTF-8 encoded sequence of such packets. less than 128 characters.

14.4. MESSAGE-INTEGRITY

The MESSAGE-INTEGRITY attribute contains an HMAC-SHA1 [RFC2104] of
the STUN message. The MESSAGE-INTEGRITY attribute can be present in
any STUN
server will receive the one original request, plus a flood of
duplicate fake ones. It generates responses to all of them. If message type. Since it uses the
flood is sufficiently large for SHA1 hash, the responses HMAC will be
20 bytes. The text used as input to congest routers or
some other equipment, there HMAC is a reasonable probability that the one
real response is lost (along with many of STUN message,
including the faked ones), but header, up to and including the
net result is that only attribute preceding the faked responses are received by
MESSAGE-INTEGRITY attribute. With the STUN
client. These responses are all identical and all contain exception of the mapped
address FINGERPRINT
attribute, which appears after MESSAGE-INTEGRITY, agents MUST ignore
all other attributes that the attacker wanted the client to use. follow MESSAGE-INTEGRITY.

The flood of duplicate packets is not needed (that is, only one faked
request is sent), so long key used as the faked response beats the real
response back input to HMAC is the client, and password.

Since the client uses hash is computed over the first response,
and ignores entire STUN message, it includes
the second (even though it's different).

Note that, in this approach, launching a DoS attack against length field from the STUN
server or message header. This length indicates
the IP network, to prevent length of the valid response from being
sent or received, is problematic. The attacker needs entire message, including the STUN server
to MESSAGE-INTEGRITY
attribute itself. Consequently, the MESSAGE-INTEGRITY attribute MUST
be available to handle its own request. Due inserted into the message (with dummy content) prior to the periodic
retransmissions
computation of the request from integrity check. Once the client, this leaves a very
tiny window of opportunity. The attacker must start computation is
performed, the DoS attack
immediately after value of the actual request from attribute can be filled in. This ensures
the client, causing length has the correct response to be discarded, and then cease value when the DoS attack in
order to send its own request, all before hash is performed.
Similarly, when validating the next retransmission
from MESSAGE-INTEGRITY, the client. Due length field
should be adjusted to point to the close spacing end of the retransmits (100ms MESSAGE-INTEGRITY
attribute prior to a few seconds), this calculating the HMAC. Such adjustment is very difficult to do.

Besides DoS attacks, there
necessary when attributes, such as FINTERPRINT, appear after MESSAGE-
INTEGRITY.

14.5. FINGERPRINT

The FINGERPRINT attribute may be other ways to prevent present in all STUN messages. The
value of the actual
request from attribute is computed as the client from reaching CRC-32 of the server. Layer 2
manipulations, for example, might be able STUN message
up to accomplish it.

Fortunately, this approach (but excluding) the FINGERPRINT attribute itself, xor-d with
the 32 bit value 0x5354554e (the XOR helps in cases where an
application packet is also using CRC-32 in it). The 32 bit CRC is subject to
the same limitations
documented one defined in Approach III (Section 13.2.3), ITU V.42 [ITU.V42.1994], which limit the range has a generator
polynomial of
mapped addresses x32+x26+x23+x22+x16+x12+x11+x10+x8+x7+x5+x4+x2+x+1.
When present, the attacker can cause FINGERPRINT attribute MUST be the STUN server to generate.

13.3. Countermeasures

STUN provides mechanisms to counter last attribute in
the approaches described above, message, and additional, non-STUN techniques thus will appear after MESSAGE-INTEGRITY.

The FINGERPRINT attribute can be used as well.

First off, it aid in distinguishing STUN packets from
packets of other protocols. See Section 8.

When using the FINGERPRINT attribute in a message, the attribute is RECOMMENDED that networks
first placed into the message with STUN clients
implement ingress source filtering [6]. This a dummy value, then the CRC is
computed, and then the value of the attribute is updated. If the
MESSAGE-INTEGRITY attribute is also present, then it must be present
with the correct message-integrity value before the CRC is computed,
since the CRC is particularly
important for done over the NATs themselves. As Section 13.2.3 explains, NATs
which do not perform this check can be used value of the MESSAGE-INTEGRITY
attribute as "reflectors" well.

14.6. ERROR-CODE

The ERROR-CODE attribute is used in DDoS
attacks. Most NATs do perform this check as Error Response messages. It
contains a default mode numeric error code value in the range of
operation. We strongly advise people who purchase NATs 300 to ensure
that this capability is present 699 plus a
textual reason phrase encoded in UTF-8, and enabled.

Secondly, for usages where the STUN server is not co-located consistent in its code
assignments and semantics with
some kind of application (such as the binding discovery usage), it SIP [RFC3261] and HTTP [RFC2616]. The
reason phrase is
RECOMMENDED that STUN servers be run on hosts dedicated to STUN, with
all UDP meant for user consumption, and TCP ports disabled except can be anything
appropriate for the STUN ports. This is to
prevent viruses and Trojan horses from infecting STUN servers, in
order to prevent their compromise. This helps mitigate Approach I
(Section 13.2.1).

Thirdly, to prevent error code. Recommended reason phrases for the DNS attack
defined error codes are presented below. The reason phrase MUST be a
UTF-8 encoded sequence of Section 13.2.2, Section 8.2
recommends that less than 128 characters.

To facilitate processing, the client verify class of the credentials provided by error code (the hundreds
digit) is encoded separately from the
server with rest of the name used in code.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved, should be 0 |Class| Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reason Phrase (variable) ..
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Reserved bits SHOULD be 0, and are for alignment on 32-bit
boundaries. Receivers MUST ignore these bits. The Class represents
the DNS lookup.

Finally, all hundreds digit of the attacks above rely on the client taking error code. The value MUST be between 3
and 6. The number represents the
mapped address it learned from STUN, error code modulo 100, and using it in application
layer protocols. If encryption its
value MUST be between 0 and message integrity 99.

The following error codes, along with their recommended reason
phrases (in brackets) are provided
within those protocols, defined:

300 Try Alternate: The client should contact an alternate server for
this request. This error response MUST only be sent if the eavesdropping
request included a USERNAME attribute and identity assumption
attacks can a valid MESSAGE-
INTEGRITY attribute; otherwise it MUST NOT be prevented. As such, applications that make use of
STUN addresses in application protocols SHOULD use integrity sent and
encryption, even if a SHOULD level strength error
code 400 is not specified for that
protocol. For example, multimedia applications using STUN addresses
to receive RTP traffic would use secure RTP [23].

The above three techniques are non-STUN mechanisms. STUN itself
provides several countermeasures.

Approaches IV (Section 13.2.4), when generating suggested. This error response MUST be protected
with the MESSAGE-INTEGRITY attribute, and receivers MUST
validate the MESSAGE-INTEGRITY of this response locally, before
redirecting themselves to an alternate server.

Note: failure to generate and V (Section 13.2.5) require validate message-integrity
for a 300 response allows an on-path attacker to generate falsify a faked
response. A faked
300 response must match the 96-bit transaction ID of
the request. thus causing subsequent STUN messages to be
sent to a victim.

400 Bad Request: The attack is further prevented by using the message
integrity mechanism provided in STUN, described in Section 11.4.

Approaches III (Section 13.2.3), IV (Section 13.2.4), when using the
relaying technique, and VI (Section 13.2.6), however, are not
preventable through server signatures. These three approaches are
functional when the attacker modifies nothing but the source address
of request was malformed. The client SHOULD NOT
retry the STUN request. Sadly, this is request without modification from the one thing that cannot previous
attempt. The server may not be
protected through cryptographic means, as able to generate a valid
MESSAGE-INTEGRITY for this is error, so the change that
STUN itself is seeking to detect and report. It is therefore an
inherent weakness in NAT, and client MUST NOT expect
a valid MESSAGE-INTEGRITY attribute on this response.

401 Unauthorized: The request did not fixable in STUN.

13.4. Residual Threats

None of contain the countermeasures listed above can prevent expected MESSAGE-
INTEGRITY attribute. The server MAY include the attacks
described MESSAGE-
INTEGRITY attribute in Section 13.2.3 if the attacker is its error response.

420 Unknown Attribute: The server received STUN packet containing a
comprehension-required attribute which it did not understand.
The server MUST put this unknown attribute in the appropriate
network paths. Specifically, consider the case in which UNKNOWN-
ATTRIBUTE attribute of its error response.

438 Stale Nonce: The NONCE used by the attacker
wishes to convince client C that it has address V. was no longer valid.
The attacker needs
to have a network element on client should retry, using the path between A and NONCE provided in the
response.

500 Server Error: The server (in
order to modify the request) has suffered a temporary error. The
client should try again.

14.7. REALM

The REALM attribute may be present in requests and on responses. It
contains text which meets the path between grammar for "realm-value" as described
in RFC 3261 [RFC3261] but without the server double quotes and V
so that their
surrounding whitespace. That is, it can forward the response to C. Furthermore, if there is an unquoted realm-value. It
MUST be a
NAT between UTF-8 encoded sequence of less than 128 characters.

Presence of the REALM attribute in a request indicates that long-term
credentials are being used for authentication. Presence in certain
error responses indicates that the attacker and server wishes the server, V must also client to use a
long-term credential for authentication.

14.8. NONCE

The NONCE attribute may be behind the
same NAT. In such present in requests and responses. It
contains a situation, the attacker can either gain access
to all the application-layer traffic sequence of qdtext or mount the DDOS attack
described quoted-pair, which are defined in
RFC 3261 [RFC3261]. See RFC 2617 [RFC2617], Section 13.1.1. Note that any host which exists 4.3, for
guidance on selection of nonce values in the
correct topological relationship can be DDOSed. a server. It need not MUST be using
STUN.

14. IAB Considerations less
than 128 characters.

14.9. UNKNOWN-ATTRIBUTES

The IAB has studied the problem of "Unilateral Self Address Fixing"
(UNSAF), which UNKNOWN-ATTRIBUTES attribute is present only in an error response
when the general process by which a client attempts to
determine its address response code in another realm on the other side of a NAT
through a collaborative protocol reflection mechanism (RFC3424 [24]).
STUN ERROR-CODE attribute is 420.

The attribute contains a list of 16 bit values, each of which
represents an example attribute type that was not understood by the server.

Figure 11: Format of UNKNOWN-ATTRIBUTES attribute

Note: In [RFC3489], this field was padded to 32 by duplicating the
last attribute. In this version of the specification, the normal
padding rules for attributes are used instead.

14.10. SERVER

The server attribute contains a protocol that performs this type textual description of function
for the binding discovery usage. software
being used by the server, including manufacturer and version number.
The IAB attribute has mandated that any
protocols developed for this purpose document a specific set no impact on operation of
considerations. This section meets those requirements for the
binding discovery usage.

14.1. Problem Definition

From RFC3424 [24], any UNSAF proposal must provide:

Precise definition of protocol, and serves
only as a specific, limited-scope problem that tool for diagnostic and debugging purposes. The value of
SERVER is to
be solved with the UNSAF proposal. A short term fix should not variable length. It MUST be
generalized to solve other problems; this is why "short term fixes
usually aren't". a UTF-8 encoded sequence of
less than 128 characters

14.11. ALTERNATE-SERVER

The specific problem being solved by alternate server represents an alternate transport address
identifying a different STUN server which the STUN client should try.

It is to provide encoded in the
functionality necessary same way as MAPPED-ADDRESS, and thus refers to describe how a
single server by IP address. The IP address family MUST be identical
to connect two endpoints
regardless that of the location of type source IP address of NATs in the topology.

14.2. Exit Strategy

From RFC3424 [24], any UNSAF proposal must provide:

Description of request.

This attribute MUST only appear in an exit strategy/transition plan. The better short
term fixes error response that contains a
MESSAGE-INTEGRITY attribute. This prevents it from being used in
denial-of-service attacks.

15. Security Considerations

15.1. Attacks against the Protocol

15.1.1. Outside Attacks

An attacker can try to modify STUN messages in transit, in order to
cause a failure in STUN operation. These attacks are prevented for
both requests and responses through the ones message integrity mechanism,
using either a short term or long term credential.

An attacker that will naturally can observe, but not modify STUN messages in-transit
(for example, an attacker present on a shared access medium, such as
Wi-Fi), can see less a STUN request, and less use
as the appropriate technology is deployed. then immediately send a STUN by itself does not provide
response, typically an exit strategy. error response, in order to disrupt STUN
processing. This attack is provided
by techniques, such as Interactive Connectivity Establishment (ICE
[13]), also prevented for messages that allow a client utilize
MESSAGE-INTEGRITY. However, some error responses, those related to determine whether addresses learned
from
authentication in particular, cannot be protected by MESSAGE-
INTEGRITY. When STUN itself is run over a secure transport protocol
(e.g., TLS), these attacks are needed, or whether other addresses, such as the one on
the local interface, will work when communicating with another host.
With such completely mitigated.

15.1.2. Inside Attacks

A rogue client may try to launch a detection technique, as DoS attack against a client finds that the addresses
provided server by
sending it a large number of STUN are never used, requests. Fortunately, STUN queries
requests can cease to be made,
thus allowing them to phase out.

14.3. Brittleness Introduced processed statelessly by STUN

From RFC3424 [24], any UNSAF proposal must provide:

Discussion of specific issues that may render systems more
"brittle". For example, approaches that involve using data at
multiple network layers create more dependencies, increase
debugging challenges, and make it harder a server, making such
attacks hard to transition.

STUN introduces brittleness into the system in several ways:

o Transport addresses discovered by STUN in launch.

15.2. Attacks Affecting the Binding Discovery
usage will only Usage

This section lists attacks that might be useful for receiving packets from launched against a peer if the
NAT does not have address or address and port dependent mapping
properties. When this usage is used in isolation, this makes of
STUN. Each STUN
brittle, since its effectiveness depends on the type usage must consider whether these attacks are
applicable to it, and if so, discuss counter-measures.

Most of NAT. This
brittleness is eliminated when the Binding Discovery usage is used attacks in concert with mechanisms which can verify this section revolve around an attacker
modifying the transport reflexive address
and use others if it doesn't work. ICE is an example of such a
mechanism.

o Transport addresses discovered learned by a STUN in the Binding Discovery
usage will only be useful for receiving packets from client through a peer if
Binding Request/Binding Response transaction. Since the
STUN server subtends usage of the
reflexive address realm is a function of the peer. For example,
consider client A usage, the applicability and B, both
remediation of which have residential NAT
devices. Both devices connect them to their cable operators, but
both clients have different providers. Each provider has a NAT in
front these attacks is usage-specific. In common
situations, modification of their entire network, connecting it to the public
Internet. If reflexive address by an on-path
attacker is easy to do. Consider, for example, the common situation
where STUN server used by A is in A's cable operator's
network, run directly over UDP. In this case, an on-path
attacker can modify the source IP address obtained by of the Binding Request
before it will not be usable by B. arrives at the STUN server. The STUN server will then
return this IP address in the XOR-MAPPED-ADDRESS attribute to the
client. Protecting against this attack by using a message-integrity
check is impossible, since a message-integrity value cannot cover the
source IP address, since the intervening NAT must be in able to modify
this value. Instead, one solution to preventing the network which attacks listed
below is for the client to verify the reflexive address learned, as
is done in ICE [I-D.ietf-mmusic-ice]. Other usages may use other
means to prevent these attacks.

15.2.1. Attack I: DDoS Against a common ancestor Target

In this attack, the attacker provides one or more clients with the
same faked reflexive address that points to the intended target.
This will trick the STUN clients into thinking that their reflexive
addresses are equal to
both - in this case, that of the public Internet. When this usage is used target. If the clients hand out
that reflexive address in isolation, this makes STUN brittle, since its effectiveness
depends order to receive traffic on it (for
example, in SIP messages), the topological placement of traffic will instead be sent to the STUN server.
target. This
brittleness is eliminated attack can provide substantial amplification,
especially when the Binding Discovery usage is used
in concert with mechanisms which can verify clients that are using STUN to enable
multimedia applications.

15.2.2. Attack II: Silencing a Client

In this attack, the transport attacker provides a STUN client with a faked
reflexive address. The reflexive address
and use others if it doesn't work. ICE provides is an example of such a
mechanism.

o The bindings allocated from the NAT need transport
address that routes to be continuously
refreshed. Since nowhere. As a result, the timeouts for these bindings is very
implementation specific, client won't
receive any of the refresh interval cannot easily be
determined. When packets it expects to receive when it hands out
the binding reflexive address. This exploitation is not being actively used to
receive traffic, but to wait very interesting for an incoming message, the binding
refresh will needlessly consume network bandwidth.

o The use of the STUN server in the Binding Discovery usage as an
additional network element introduces another point of potential
security attack. These attacks are largely prevented by
the
security measures provided by STUN, but attacker. It impacts a single client, which is frequently not entirely.

o The use of the STUN server as an additional network element
introduces another point of failure. If
the client cannot locate
a STUN server, or if desired target. Moreover, any attacker that can mount the server should be unavailable due attack
could also deny service to
failure, the application cannot function.

o The use of STUN to discover address bindings may result in an
increase in latency for applications.

o Transport addresses discovered client by STUN in other means, such as
preventing the Binding Discovery
usage will only be useful for client from receiving packets any response from a peer behind
the same NAT if the STUN server supports hairpinning [14]. When
this usage is used in isolation, this makes STUN brittle, since
its effectiveness depends on
server, or even a DHCP server.

15.2.3. Attack III: Assuming the topological placement Identity of the STUN
server. a Client

This brittleness is eliminated when the Binding Discovery
usage attack is used in concert with mechanisms which can verify similar to attack III. However, the
transport faked reflexive
address and use others if it doesn't work. ICE is an
example of such a mechanism.

o Most significantly, STUN introduces potential security threats points to the attacker itself. This allows the attacker to
receive traffic which cannot be eliminated through cryptographic means. These
security problems are described fully in Section 13.

14.4. Requirements was destined for the client.

15.2.4. Attack IV: Eavesdropping

In this attack, the attacker forces the client to use a Long Term Solution

From RFC3424 [24], reflexive
address that routes to itself. It then forwards any UNSAF proposal must provide:

Identify requirements for longer term, sound technical solutions
-- contribute packets it
receives to the process of finding client. This attack would allow the right longer term
solution.

Our experience with STUN has led attacker to the following requirements for a
long term solution
observe all packets sent to the NAT problem:

o Requests for bindings and control of other resources client. However, in a NAT need order to launch
the attack, the attacker must have already been able to observe
packets from the client to be explicit. Much of the brittleness in STUN derives server. In most cases (such as
when the attack is launched from its
guessing at an access network), this means that
the parameters of attacker could already observe packets sent to the NAT, rather than telling client. This
attack is, as a result, only useful for observing traffic by
attackers on the NAT
what parameters to use, or knowing what parameters path from the NAT will
use.

o Control needs client to be in-band. There are far too many scenarios in
which the client will STUN server, but not know about
generally on the location of middleboxes
ahead path of time. Instead, control packets being routed towards the client.

15.3. Hash Agility Plan

This specification uses SHA-1 for computation of such boxes needs the message
integrity. If, at a later time, SHA-1 is found to occur in-
band, traveling along be compromised,
the same path as following is the data will itself
travel. This guarantees remedy that the right set of middleboxes are
controlled.

o Control needs to will be limited. Users applied.

We will need to communicate
through NATs define a STUN extension which are outside of their administrative control.
In order for providers to introduces a new message
integrity attribute, computed using a new hash. Clients would be willing
required to deploy NATs which can be
controlled by users include both the new and old message integrity attributes
in different domains, their requests or indications. A new server will utilize the scope of such
controls needs to be extremely limited - typically, allocating a
binding to reach new
message integrity attribute, and an old one, the address old. After a
transition period where the control packets mixed implementations are coming
from.

o Simplicity is Paramount. The control protocol will need to be
implemented in very simple clients. The servers will need to
support extremely high loads. The protocol deployment, the
old message-integrity attribute will need to be
extremely robust, being the precursor to a host of application
protocols. As such, simplicity is key.

14.5. Issues with Existing NAPT Boxes

From RFC3424 [24], any UNSAF proposal must provide:

Discussion of the impact of the noted practical issues with
existing, deployed NA[P]Ts deprecated by another
specification, and experience reports.

Originally, RFC 3489 was developed as a standalone solution for NAT
traversal for several types of applications, including VoIP.
However, practical experience found that clients will cease including it in requests.

16. IAB Considerations

The IAB has studied the limitations problem of its usage
in isolation made it impractical as a complete solution. There were
too many NATs "Unilateral Self Address Fixing"
(UNSAF), which didn't support hairpinning or is the general process by which had a client attempts to
determine its address
and port dependent mapping properties.

Consequently, in another realm on the other side of a NAT
through a collaborative protocol reflection mechanism (RFC3424
[RFC3424]). STUN was revised can be used to produce perform this specification, which
turns STUN into function using a tool that
BindingRequest/BindingResponse transaction if one agent is used as part of behind a broader solution.
For multimedia communications protocols, this broader solution
NAT and the other is
ICE. ICE uses on the binding discovery usage and defines its own
connectivity check usage, and then utilizes them together. When done
this way, ICE eliminates almost all public side of the brittleness NAT.

The IAB has mandated that protocols developed for this purpose
document a specific set of considerations. Because some STUN usages
provide UNSAF functions (such as ICE [I-D.ietf-mmusic-ice] ), and issues
found with RFC 3489 alone.

15.
others do not (such as SIP Outbound [I-D.ietf-sip-outbound]), answers
to these considerations need to be addressed by the usages
themselves.

17. IANA Considerations

IANA is hereby requested to create two three new registries - registries: a STUN
methods registry, a STUN Attributes registry, and a STUN Attributes. IANA must assign Error Codes
registry.

17.1. STUN Methods Registry

A STUN method is a hex number in the following values to both
registries before publication range 0x000 - 0x3FF. The
encoding of this document as an RFC. New values
for both STUN method into a STUN message is described in
Section 6.

The initial STUN methods and are:

0x000: (Reserved)
0x001: Binding
0x002: (Reserved; was SharedSecret)

STUN attributes methods in the range 0x000 - 0x1FF are assigned through the
IETF consensus process via RFCs approved by IETF
Consensus [RFC2434]. STUN methods in the IESG [25].

15.1. range 0x200 - 0x3FF are
assigned on a First Come First Served basis [RFC2434]

17.2. STUN Methods Attribute Registry

The initial STUN methods are:

0x001:Binding
0x002:Shared Secret

15.2.

A STUN Attribute Registry type is a hex number in the range 0x0000 - 0xFFFF.
STUN attributes values above attribute types in the range 0x0000 - 0x7FFF are considered optional
attributes; attributes equal to 0x7FFF or below
comprehension-required; STUN attribute types in the range 0x8000 -
0xFFFF are considered
mandatory attributes. The STUN client and comprehension-optional. A STUN server process
optional agent handles
unknown comprehension-required and mandatory comprehension-optional attributes
differently. IANA should assign
values based on the RFC consensus process.

The initial STUN Attributes types are:

Comprehension-required range (0x0000-0x7FFF):
0x0000: (Reserved)
0x0001: MAPPED-ADDRESS
0x0006: USERNAME
0x0007: PASSWORD (Reserved; was PASSWORD)
0x0008: MESSAGE-INTEGRITY
0x0009: ERROR-CODE
0x000A: UNKNOWN-ATTRIBUTES
0x0014: REALM
0x0015: NONCE
0x0020: XOR-MAPPED-ADDRESS
0x8023: FINGERPRINT

Comprehension-optional range (0x8000-0xFFFF)
0x8022: SERVER
0x8023: ALTERNATE-SERVER
0x8024: REFRESH-INTERVAL

16.
0x8028: FINGERPRINT

STUN Attribute types in the first half of the comprehension-required
range (0x0000 - 0x3FFF) and in the first half of the comprehension-
optional range (0x8000 - 0xBFFF) are assigned by IETF Consensus
[RFC2434]. STUN Attribute types in the second half of the
comprehension-required range (0x4000 - 0x7FFF) and in the second half
of the comprehension-optional range (0xC000 - 0xFFFF) are assigned on
a First Come First Served basis [RFC2434].

17.3. STUN Error Code Registry

A STUN Error code is a number in the range 0 - 699. STUN error codes
are accompanied by a textual reason phrase in UTF-8 which is intended
only for human consumption and can be anything appropriate; this
document proposes only suggested values.

STUN error codes are consistent in codepoint assignments and
semantics with SIP [RFC3261] and HTTP [RFC2616].

The initial values in this registry are given in Section 14.6.

New STUN error codes are assigned on a Specification-Required basis
[RFC2434]. The specification must carefully consider how clients
that do not understand this error code will process it before
granting the request. See the rules in Section 7.3.4.

18. Changes Since RFC 3489

This specification updates obsoletes RFC3489 [15]. [RFC3489]. This specification
differs from RFC3489 in the following ways: following ways:

o Removed the notion that STUN is a complete NAT traversal solution.
STUN is now a toolkit that can be used to produce a NAT traversal
solution. As a consequence, changed the name of the protocol to
Session Traversal Utilities for NAT.

o Introduced the concept of STUN usages, and described what a usage
of STUN must document.

o Removed the usage of STUN for NAT type detection and binding
lifetime discovery. These techniques have proven overly brittle
due to wider variations in the types of NAT devices than described
in this document. Removed the RESPONSE-ADDRESS, CHANGED-ADDRESS,
CHANGE-REQUEST, SOURCE-ADDRESS, and REFLECTED-FROM attributes.

o Added a fixed 32-bit magic cookie and reduced length of
transaction ID by 32 bits. The magic cookie begins at the same
offset as the original transaction ID.

o Added the XOR-MAPPED-ADDRESS attribute, which is included in
Binding Responses if the magic cookie is present in the request.
Otherwise the RFC3489 behavior is retained (that is, Binding
Response includes MAPPED-ADDRESS). See discussion in XOR-MAPPED-
ADDRESS regarding this change.

o Introduced formal structure into the Message Type header field,
with an explicit pair of bits for indication of request, response,
error response or indication. Consequently, the message type
field is split into the class (one of the previous four) and
method.

o Explicitly point out that the most significant two bits of STUN
are 0b00, allowing easy differentiation with RTP packets when used
with ICE.

o Added the FINGERPRINT attribute to provide a method of definitely
detecting the difference between STUN and another protocol when
the two protocols are multiplexed together.

o Added support for IPv6. Made it clear that an IPv4 client could
get a v6 mapped address, and vice-a-versa.

o Added long-term credential-based authentication.

o Added the SERVER, REALM, NONCE, and ALTERNATE-SERVER attributes.

o Removed the SharedSecret method, and thus the PASSWORD attribute.
This method was almost never implemented and is not needed with
current usages.

o Removed recommendation to continue listening for STUN Responses
for 10 seconds in an attempt to recognize an attack.

o Introduced the concept of STUN usages and defined three usages -
Binding Discovery, NAT Keepalive, and Short term password.

o Changed transaction timers to be more TCP friendly.

o Removed the STUN example that centered around the separation of
the control and media planes. Instead, provided more information
on using STUN with protocols.

17.

o Defined a generic padding mechanism that changes the
interpretation of the length attribute. This would, in theory,
break backwards compatibility. However, the mechanism in RFC 3489
never worked for the few attributes that weren't aligned naturally
on 32 bit boundaries.

o REALM, USERNAME, SERVER, reason phrases and NONCE limited to 127
characters.

19. Acknowledgements

The authors would like to thank Cedric Aoun, Pete Cordell, Cullen
Jennings, Bob Penfield, Xavier Marjou, Bruce Lowekamp and Chris
Sullivan for their comments, and Baruch Sterman and Alan Hawrylyshen
for initial implementations. Thanks for Leslie Daigle, Allison
Mankin, Eric Rescorla, and Henning Schulzrinne for IESG and IAB input
on this work.

18.

20. References

18.1.

20.1. Normative References

[1]

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[2]

[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
September 1981.

[3]

[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
February 2000.

[4]

[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

[5] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.

[6] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000.

[7]

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.

[8]

[RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission
Timer", RFC 2988, November 2000.

[9]

[ITU.V42.1994]
International Telecommunications Union, "Error-correcting
Procedures for DCEs Using Asynchronous-to-Synchronous
Conversion", ITU-T Recommendation V.42, 1994.

18.2.

20.2. Informational References

[10]

[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing Keyed-
Hashing for Message Authentication", RFC 2104,
February 1997.

[11]

[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
June 2002.

[12]

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[13]

[I-D.ietf-mmusic-ice]
Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A
Methodology Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", draft-ietf-mmusic-ice-13
draft-ietf-mmusic-ice-16 (work in progress), January June 2007.

[14] Audet, F. and C. Jennings, "NAT Behavioral Requirements for
Unicast UDP", draft-ietf-behave-nat-udp-08 (work in progress),
October 2006.

[15]

[RFC3489] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy,
"STUN - Simple Traversal of User Datagram Protocol (UDP)
Through Network Address Translators (NATs)", RFC 3489,
March 2003.

[16]

[I-D.ietf-behave-turn]
Rosenberg, J., "Obtaining Relay Addresses from Simple
Traversal Underneath NAT (STUN)", draft-ietf-behave-turn-02
draft-ietf-behave-turn-03 (work in progress), October 2006.

[17] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson,
"RTP: A Transport Protocol for Real-Time Applications",
RFC 3550, July 2003.

[18] March 2007.

[I-D.ietf-sip-outbound]
Jennings, C. and R. Mahy, "Managing Client Initiated
Connections in the Session Initiation Protocol (SIP)",
draft-ietf-sip-outbound-07
draft-ietf-sip-outbound-09 (work in progress), January June 2007.

[19] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session
Description Protocol", RFC 4566, July 2006.

[20] Senie, D., "Network Address Translator (NAT)-Friendly
Application Design Guidelines", RFC 3235, January 2002.

[21] Holdrege, M.

[I-D.ietf-behave-nat-behavior-discovery]
MacDonald, D. and P. Srisuresh, "Protocol Complications B. Lowekamp, "NAT Behavior Discovery
Using STUN", draft-ietf-behave-nat-behavior-discovery-00
(work in progress), February 2007.

[I-D.ietf-mmusic-ice-tcp]
Rosenberg, J., "TCP Candidates with the
IP Network Address Translator", RFC 3027, January 2001.

[22] Interactive
Connectivity Establishment (ICE",
draft-ietf-mmusic-ice-tcp-03 (work in progress),
March 2007.

[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264,
June 2002.

[23] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004.

[24]

[RFC3424] Daigle, L. and IAB, "IAB Considerations for UNilateral Self-
Address
Self-Address Fixing (UNSAF) Across Network Address
Translation", RFC 3424, November 2002.

[25]

[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.

Appendix A. C Snippet to Determine STUN Message Types

Given an 16-bit STUN message type value in host byte order in
msg_type parameter, below are C macros to determine the STUN message
types:

#define IS_REQUEST(msg_type) (((msg_type) & 0x0110) == 0x0000)
#define IS_INDICATION(msg_type) (((msg_type) & 0x0110) == 0x0010)
#define IS_SUCCESS_RESP(msg_type) (((msg_type) & 0x0110) == 0x0100)
#define IS_ERR_RESP(msg_type) (((msg_type) & 0x0110) == 0x0110)

Authors' Addresses

Jonathan Rosenberg
Cisco
Edison, NJ
US

Email: jdrosen@cisco.com
URI: http://www.jdrosen.net
Christian Huitema
Microsoft
One Microsoft Way
Redmond, WA 98052
US

Email: huitema@microsoft.com

Rohan Mahy
Plantronics
345 Encinal Street
Santa Cruz, CA 95060
US

Email: rohan@ekabal.com

Philip Matthews
Avaya
1135 Innovation Drive
Ottawa, Ontario K2K 3G7
Canada

Phone: +1 613 592 4343 x224
Fax:
Email: philip_matthews@magma.ca
URI:

Dan Wing
Cisco Systems
771 Alder Drive
San Jose, CA 95035
US

Email: dwing@cisco.com

Full Copyright Statement

This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

Acknowledgment

Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).