draft-ietf-tram-alpn-02.txt   draft-ietf-tram-alpn-03.txt 
TRAM P. Patil TRAM P. Patil
Internet-Draft T. Reddy Internet-Draft T. Reddy
Intended status: Standards Track G. Salgueiro Intended status: Standards Track G. Salgueiro
Expires: March 20, 2015 Cisco Expires: March 21, 2015 Cisco
M. Petit-Huguenin M. Petit-Huguenin
Impedance Mismatch Impedance Mismatch
September 16, 2014 September 17, 2014
Application Layer Protocol Negotiation (ALPN) labels for Session Application Layer Protocol Negotiation (ALPN) labels for Session
Traversal Utilities for NAT (STUN) and its Usages Traversal Utilities for NAT (STUN) and its Usages
draft-ietf-tram-alpn-02 draft-ietf-tram-alpn-03
Abstract Abstract
Application Layer Protocol Negotiation (ALPN) labels for Session Application Layer Protocol Negotiation (ALPN) labels for Session
Traversal Utilities for NAT (STUN) and its usages, such as Traversal Traversal Utilities for NAT (STUN) and its usages, such as Traversal
Using Relays around NAT (TURN) and NAT discovery, are defined in this Using Relays around NAT (TURN) and NAT discovery, are defined in this
document to allow an application layer negotiate STUN and its usages document to allow an application layer negotiate STUN and its usages
within the Transport Layer Security (TLS) connection. ALPN protocol within the Transport Layer Security (TLS) connection. ALPN protocol
identifiers defined in this document apply to both TLS and Datagram identifiers defined in this document apply to both TLS and Datagram
Transport Layer Security (DTLS). Transport Layer Security (DTLS).
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 20, 2015. This Internet-Draft will expire on March 21, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. ALPN Labels . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. ALPN Labels . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
7.1. Normative References . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 4
7.2. Informative References . . . . . . . . . . . . . . . . . 5 7.2. Informative References . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction 1. Introduction
STUN can be securely transported using TLS-over-TCP (referred to as STUN can be securely transported using TLS-over-TCP (referred to as
TLS [RFC5246]), as specified in [RFC5389], or TLS-over-UDP (referred TLS [RFC5246]), as specified in [RFC5389], or TLS-over-UDP (referred
to as DTLS [RFC6347]), as specified in [RFC7350]. to as DTLS [RFC6347]), as specified in [RFC7350].
ALPN [RFC7301] enables an endpoint to positively identify an ALPN [RFC7301] enables an endpoint to positively identify an
application protocol in TLS/DTLS and distinguish it from other TLS/ application protocol in TLS/DTLS and distinguish it from other TLS/
DTLS protocols. With ALPN, the client sends the list of supported DTLS protocols. With ALPN, the client sends the list of supported
application protocols as part of the TLS/DTLS ClientHello message. application protocols as part of the TLS/DTLS ClientHello message.
The server chooses a protocol and sends the selected protocol as part The server chooses a protocol and sends the selected protocol as part
of the TLS/DTLS ServerHello message. Application protocol of the TLS/DTLS ServerHello message. Application protocol
negotiation can thus be accomplished within the TLS/DTLS handshake, negotiation can thus be accomplished within the TLS/DTLS handshake,
without adding network round-trips. without adding network round-trips.
A STUN protocol identifier and its associated usages, such as TURN, A STUN protocol identifier and its associated usages, such as TURN
can be used to identify the purpose of a flow without initiating a [RFC5766], can be used to identify the purpose of a flow without
session. This capability is useful and adds efficiency, as shown in initiating a session. This capability is useful and adds efficiency,
the following scenarios. as shown in the following scenarios.
1. Consider an Enterprise network that deploys a TURN server in a 1. Consider an Enterprise network that deploys a TURN server in a
DeMilitarized Zone (DMZ) to audit all media sessions from inside DeMilitarized Zone (DMZ) to audit all media sessions from inside
the Enterprise premises to any external peer. In this the Enterprise premises to any external peer. In this
deployment, an Enterprise firewall could use the TURN ALPN deployment, an Enterprise firewall could use the TURN ALPN
identifier to detect the use of a TURN server that is outside the identifier to detect the use of a TURN server that is outside the
Enterprise domain (i.e., a TURN server provided by an application Enterprise domain (i.e., a TURN server provided by an application
server, access network, etc). server, access network, etc).
2. If a firewall is configured to block all outgoing traffic except 2. If a firewall is configured to block all outgoing traffic except
skipping to change at page 3, line 26 skipping to change at page 3, line 26
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. ALPN Labels 3. ALPN Labels
The document proposes the following ALPN labels to identify the STUN The document proposes the following ALPN labels to identify the STUN
protocol and its associated usages. protocol [RFC5389] and its associated usages.
'stun': Generic label to identify STUN over (D)TLS. This label
identifies the STUN protocol or any of currently defined usages
(e.g., "stun.turn", "stun.nat-discovery") as well as any future
usages that may be defined at a later date (e.g., any labels
starting with "stun.").
'stun.turn': Label to identify the specific use of STUN over (D)TLS 'stun.turn': Label to identify the specific use of STUN over (D)TLS
for TURN. for TURN [RFC5766].
'stun.nat-discovery': Label to identify the specific use of STUN 'stun.nat-discovery': Label to identify the specific use of STUN
over (D)TLS for NAT discovery. over (D)TLS for NAT discovery.
'stun': This label is used as a fallback for STUN usages that do not
have a corresponding ALPN label.
This document does not explicitly assign ALPN labels for other usages This document does not explicitly assign ALPN labels for other usages
of STUN, such as NAT Behavior Discovery using STUN ([RFC5780]). All of STUN, such as NAT Behavior Discovery using STUN ([RFC5780]). All
such usages that do not have a dedicated label are implicitly such usages that do not have a dedicated label are implicitly
identified by the generic "stun" ALPN label. identified by the generic "stun" ALPN label.
4. IANA Considerations 4. IANA Considerations
The following entries are to be added to the "Application Layer The following entries are to be added to the "Application Layer
Protocol Negotiation (ALPN) Protocol IDs" registry established by Protocol Negotiation (ALPN) Protocol IDs" registry established by
[RFC7301]. [RFC7301].
 End of changes. 9 change blocks. 
17 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/