draft-ietf-tram-stun-dtls-04.txt   draft-ietf-tram-stun-dtls-05.txt 
TRAM M. Petit-Huguenin TRAM M. Petit-Huguenin
Internet-Draft Jive Communications Internet-Draft Jive Communications
Updates: 5389, 5928 (if approved) G. Salgueiro Updates: 5389, 5928 (if approved) G. Salgueiro
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: December 25, 2014 June 23, 2014 Expires: December 29, 2014 June 27, 2014
Datagram Transport Layer Security (DTLS) as Transport for Session Datagram Transport Layer Security (DTLS) as Transport for Session
Traversal Utilities for NAT (STUN) Traversal Utilities for NAT (STUN)
draft-ietf-tram-stun-dtls-04 draft-ietf-tram-stun-dtls-05
Abstract Abstract
This document specifies the usage of Datagram Transport Layer This document specifies the usage of Datagram Transport Layer
Security (DTLS) as a transport protocol for Session Traversal Security (DTLS) as a transport protocol for Session Traversal
Utilities for NAT (STUN). It provides guidances on when and how to Utilities for NAT (STUN). It provides guidances on when and how to
use DTLS with the currently standardized STUN Usages. It also use DTLS with the currently standardized STUN Usages. It also
specifies modifications to the STUN URIs and TURN URIs and to the specifies modifications to the STUN URIs and TURN URIs and to the
TURN resolution mechanism to facilitate the resolution of STUN URIs TURN resolution mechanism to facilitate the resolution of STUN URIs
and TURN URIs into the IP address and port of STUN and TURN servers and TURN URIs into the IP address and port of STUN and TURN servers
supporting DTLS as a transport protocol. supporting DTLS as a transport protocol. This document updates RFC
5389 and RFC 5928.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 25, 2014. This Internet-Draft will expire on December 29, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 34 skipping to change at page 2, line 35
4.6.2. Resolution Mechanism for TURN over DTLS . . . . . . . 7 4.6.2. Resolution Mechanism for TURN over DTLS . . . . . . . 7
5. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 8
5.1. turnuri . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.1. turnuri . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.2. rfc5766-turn-server . . . . . . . . . . . . . . . . . . . 9 5.2. rfc5766-turn-server . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
7.1. S-NAPTR application protocol tag . . . . . . . . . . . . 10 7.1. S-NAPTR application protocol tag . . . . . . . . . . . . 10
7.2. Service Name and Transport Protocol Port Number . . . . . 10 7.2. Service Name and Transport Protocol Port Number . . . . . 10
7.2.1. The stuns Service Name . . . . . . . . . . . . . . . 10 7.2.1. The stuns Service Name . . . . . . . . . . . . . . . 10
7.2.2. The turns Service Name . . . . . . . . . . . . . . . 11 7.2.2. The turns Service Name . . . . . . . . . . . . . . . 11
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 12
9.2. Informative References . . . . . . . . . . . . . . . . . 13 9.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 13 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 14
Appendix B. Release notes . . . . . . . . . . . . . . . . . . . 14 Appendix B. Release notes . . . . . . . . . . . . . . . . . . . 15
B.1. Modifications between ietf-tram-stun-dtls-03 and ietf- B.1. Modifications between ietf-tram-stun-dtls-04 and ietf-
tram-stun-dtls-04 . . . . . . . . . . . . . . . . . . . . 14 tram-stun-dtls-05 . . . . . . . . . . . . . . . . . . . . 15
B.2. Modifications between ietf-tram-stun-dtls-02 and ietf- B.2. Modifications between ietf-tram-stun-dtls-03 and ietf-
tram-stun-dtls-03 . . . . . . . . . . . . . . . . . . . . 15 tram-stun-dtls-04 . . . . . . . . . . . . . . . . . . . . 16
B.3. Modifications between ietf-tram-stun-dtls-01 and ietf- B.3. Modifications between ietf-tram-stun-dtls-02 and ietf-
tram-stun-dtls-02 . . . . . . . . . . . . . . . . . . . . 15 tram-stun-dtls-03 . . . . . . . . . . . . . . . . . . . . 16
B.4. Modifications between ietf-tram-stun-dtls-00 and ietf- B.4. Modifications between ietf-tram-stun-dtls-01 and ietf-
tram-stun-dtls-01 . . . . . . . . . . . . . . . . . . . . 16 tram-stun-dtls-02 . . . . . . . . . . . . . . . . . . . . 17
B.5. Modifications between petithuguenin-tram-stun-dtls-00 and B.5. Modifications between ietf-tram-stun-dtls-00 and ietf-
ietf-tram-stun-dtls-00 . . . . . . . . . . . . . . . . . 16 tram-stun-dtls-01 . . . . . . . . . . . . . . . . . . . . 17
B.6. Modifications between petithuguenin-tram-turn-dtls-00 and B.6. Modifications between petithuguenin-tram-stun-dtls-00 and
petithuguenin-tram-stun-dtls-00 . . . . . . . . . . . . . 16 ietf-tram-stun-dtls-00 . . . . . . . . . . . . . . . . . 17
B.7. Modifications between petithuguenin-tram-turn-dtls-00 and
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 petithuguenin-tram-stun-dtls-00 . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
STUN [RFC5389] defines Transport Layer Security (TLS) over TCP STUN [RFC5389] defines Transport Layer Security (TLS) over TCP
(simply referred to as TLS [RFC5246]) as the transport for STUN due (simply referred to as TLS [RFC5246]) as the transport for STUN due
to additional security advantages it offers over plain UDP or TCP to additional security advantages it offers over plain UDP or TCP
transport. But TLS-over-TCP is not an optimal transport when STUN is transport. But TCP (and thus TLS-over-TCP) is not an optimal
used for its originally intended purpose, which is to support transport when STUN is used for its originally intended purpose,
multimedia sessions. This sub-optimality primarily stems from the which is to support multimedia sessions. This is a well documented
added latency incurred by the TCP-based head-of-line (HOL) blocking and understood transport limitation for real-time communications.
problem coupled with additional TLS buffering (for integrity checks).
This is a well documented and understood transport limitation for
secure real-time communications.
DTLS-over-UDP (referred to in this document as simply DTLS [RFC6347]) DTLS-over-UDP (referred to in this document as simply DTLS [RFC6347])
offers the same security advantages as TLS-over-TCP, but without the offers the same security advantages as TLS-over-TCP, but without the
undesirable latency concerns. undesirable concerns.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "MAY", and "OPTIONAL" The key words "MUST", "MUST NOT", "REQUIRED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in [RFC2119] when in this document are to be interpreted as described in [RFC2119] when
they appear in ALL CAPS. When these words are not in ALL CAPS (such they appear in ALL CAPS. When these words are not in ALL CAPS (such
as "must" or "Must"), they have their usual English meanings, and are as "must" or "Must"), they have their usual English meanings, and are
not to be interpreted as RFC 2119 key words. not to be interpreted as RFC 2119 key words.
3. DTLS as Transport for STUN 3. DTLS as Transport for STUN
skipping to change at page 4, line 8 skipping to change at page 4, line 8
preferred over non-PFS cipher suites. Cipher suites with known preferred over non-PFS cipher suites. Cipher suites with known
weaknesses, such as those based on (single) DES and RC4, MUST NOT be weaknesses, such as those based on (single) DES and RC4, MUST NOT be
used. Implementations MUST disable TLS-level compression. The same used. Implementations MUST disable TLS-level compression. The same
rules established in Section 7.2.2 of [RFC5389] for keeping open and rules established in Section 7.2.2 of [RFC5389] for keeping open and
closing TCP/TLS connections MUST be used as well for DTLS closing TCP/TLS connections MUST be used as well for DTLS
associations. associations.
In addition to the path MTU rules described in Section 7.1 of In addition to the path MTU rules described in Section 7.1 of
[RFC5389], if the path MTU is unknown, the actual STUN message needs [RFC5389], if the path MTU is unknown, the actual STUN message needs
to be adjusted to take into account the size of the (13-byte) DTLS to be adjusted to take into account the size of the (13-byte) DTLS
Record header, the MAC size, the padding size and the eventual Record header, the MAC size, and the padding size.
compression applied to the payload.
By default, STUN over DTLS MUST use port 5349, the same port number By default, STUN over DTLS MUST use port 5349, the same port number
as STUN over TLS. However, the SRV procedures can be implemented to as STUN over TLS. However, the SRV procedures can be implemented to
use a different port (as described in Section 9 of [RFC5389]). When use a different port (as described in Section 9 of [RFC5389]). When
using SRV records, the service name MUST be set to "stuns" and the using SRV records, the service name MUST be set to "stuns" and the
protocol name to "udp". protocol name to "udp".
Classic STUN [RFC3489] defines only UDP as a transport and DTLS MUST Classic STUN [RFC3489] defines only UDP as a transport and DTLS MUST
NOT be used. Any STUN request or indication without the magic cookie NOT be used. Any STUN request or indication without the magic cookie
over DTLS MUST always result in an error. (see Section 6 of [RFC5389]) over DTLS MUST always result in an
error.
4. STUN Usages 4. STUN Usages
[RFC5389] Section 7.2 states that STUN usages must specify which [RFC5389] Section 7.2 states that STUN usages must specify which
transport protocol is used. The following sections discuss if and transport protocol is used. The following sections discuss if and
how the existing STUN usages are used with DTLS as the transport. how the existing STUN usages are used with DTLS as the transport.
Future STUN usages MUST take into account DTLS as a transport and Future STUN usages MUST take into account DTLS as a transport and
discuss its applicability. In all cases, new STUN usages MUST discuss its applicability. In all cases, new STUN usages MUST
explicitly state if implementing the denial-of-service counter- explicitly state if implementing the denial-of-service counter-
measure described in Section 4.2.1 of [RFC6347] is mandatory. measure described in Section 4.2.1 of [RFC6347] is mandatory.
skipping to change at page 5, line 18 skipping to change at page 5, line 18
4.1.1. DTLS Support in STUN URIs 4.1.1. DTLS Support in STUN URIs
This document does not make any changes to the syntax of a STUN URI This document does not make any changes to the syntax of a STUN URI
[RFC7064]. As indicated in Section 3.2 of [RFC7064], secure [RFC7064]. As indicated in Section 3.2 of [RFC7064], secure
transports like STUN over TLS, and now STUN over DTLS, MUST use the transports like STUN over TLS, and now STUN over DTLS, MUST use the
"stuns" URI scheme. "stuns" URI scheme.
The <host> value MUST be used when using the rules in Section 7.2.2 The <host> value MUST be used when using the rules in Section 7.2.2
of [RFC5389] to verify the server identity. A STUN URI containing an of [RFC5389] to verify the server identity. A STUN URI containing an
IP address MUST be rejected, unless the domain is provided by the IP address MUST be rejected, unless the domain name is provided by
same mechanism that provided the STUN URI, and that this domain name the same mechanism that provided the STUN URI, and that this domain
can be passed to the verification code. name can be passed to the verification code.
4.2. Connectivity Check Usage 4.2. Connectivity Check Usage
Using DTLS would hide the USERNAME, PRIORITY, USE-CANDIDATE, ICE- Using DTLS would hide the USERNAME, PRIORITY, USE-CANDIDATE, ICE-
CONTROLLED and ICE-CONTROLLING attributes. But because MESSAGE- CONTROLLED and ICE-CONTROLLING attributes. But because MESSAGE-
INTEGRITY protects the entire STUN response using a password that is INTEGRITY protects the entire STUN response using a password that is
known only by looking at the SDP exchanged, it is not possible for an known only by looking at the SDP exchanged, it is not possible for an
attacker to inject an incorrect XOR-MAPPED-ADDRESS, which would attacker that does not have access to this SDP to inject an incorrect
subsequently be used as a peer reflexive candidate. XOR-MAPPED-ADDRESS, XOR-MAPPED-ADDRESS which would subsequently be
used as a peer reflexive candidate.
Adding DTLS on top of the connectivity check would delay, and Adding DTLS on top of the connectivity check would delay, and
consequently impair, the ICE process. There is, in fact, a proposal consequently impair, the ICE process. Adding additional round-trips
to ICE is undesirable, so much that there is a proposal
([I-D.thomson-rtcweb-ice-dtls]) to use the DTLS handshake used by the ([I-D.thomson-rtcweb-ice-dtls]) to use the DTLS handshake used by the
WebRTC SRTP streams as a replacement for the connectivity checks, WebRTC SRTP streams as a replacement for the connectivity checks.
proving that adding additional round-trips to ICE is undesirable.
STUN URIs are not used with this usage. STUN URIs are not used with this usage.
4.3. Media Keep-Alive Usage 4.3. Media Keep-Alive Usage
When STUN Binding Indications are being used for media keep-alive When STUN Binding Indications are being used for media keep-alive
(described in Section 10 of xref target="RFC5245" />), it runs (described in Section 10 of [RFC5245]), it runs alongside an RTP or
alongside an RTP or RTCP session. It is possible to send these media RTCP session. It is possible to send these media keep-alive packets
keep-alive packets inside a separately negotiated non-SRTP DTLS inside a separately negotiated non-SRTP DTLS session if DTLS-SRTP
session if DTLS-SRTP [RFC5764] is used, but that would add overhead, [RFC5764] is used, but that would add overhead, with minimal security
with minimal security benefit. benefit.
STUN URIs are not used with this usage. STUN URIs are not used with this usage.
4.4. SIP Keep-Alive Usage 4.4. SIP Keep-Alive Usage
The SIP keep-alive (described in [RFC5626]) runs inside a SIP flow. The SIP keep-alive (described in [RFC5626]) runs inside a SIP flow.
This flow would be protected if a SIP over DTLS transport mechanism This flow would be protected if a SIP over DTLS transport mechanism
is implemented (such as described in [I-D.jennings-sip-dtls]). is implemented (such as described in [I-D.jennings-sip-dtls]).
STUN URIs are not used with this usage. STUN URIs are not used with this usage.
skipping to change at page 10, line 50 skipping to change at page 10, line 50
7.2. Service Name and Transport Protocol Port Number 7.2. Service Name and Transport Protocol Port Number
This specification contains the registration information for two This specification contains the registration information for two
Service Name and Transport Protocol Port Numbers in the "Service Service Name and Transport Protocol Port Numbers in the "Service
Names and Transport Protocol Port Numbers/Service Name and Transport Names and Transport Protocol Port Numbers/Service Name and Transport
Protocol Port Number" registry (in accordance with [RFC6335]). Protocol Port Number" registry (in accordance with [RFC6335]).
7.2.1. The stuns Service Name 7.2.1. The stuns Service Name
IANA is requested to modify the following entry in the registry
"Service Names and Transport Protocol Port Numbers/Service Name and
Transport Protocol Port Number":
Service Name: stuns
Transport Protocol(s): UDP
Assignee:
Contact:
Description: Reserved for a future enhancement of STUN
Reference: RFC5389
Port Number: 5349
Such as it contains the following:
Service Name: stuns Service Name: stuns
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG Assignee: IESG
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: STUN over DTLS Description: STUN over DTLS
Reference: This document Reference: RFC-to-be
Port Number: 5349 Port Number: 5349
Assignment Notes: This service name was initially created by RFC
5389
7.2.2. The turns Service Name 7.2.2. The turns Service Name
IANA is requested to modify the following entry in the registry
"Service Names and Transport Protocol Port Numbers/Service Name and
Transport Protocol Port Number":
Service Name: turns
Transport Protocol(s): UDP
Assignee:
Contact:
Description: Reserved for a future enhancement of TURN
Reference: RFC5766
Port Number: 5349
Such as it contains the following:
Service Name: turns Service Name: turns
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG Assignee: IESG
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: TURN over DTLS Description: TURN over DTLS
Reference: This document Reference: RFC-to-be
Port Number: 5349 Port Number: 5349
Assignment Notes: This service name was initially created by RFC
5766
8. Acknowledgements 8. Acknowledgements
Thanks to Alan Johnston, Oleg Moskalenko, Simon Perreault, Thomas Thanks to Alan Johnston, Oleg Moskalenko, Simon Perreault, Thomas
Stach, Simon Josefsson, and Roni Even for the comments, suggestions, Stach, Simon Josefsson, Roni Even, Kathleen Moriarty, Benoit Claise,
and questions that helped improve this document. Martin Stiemerling, Jari Arkko, and Stephen Farrell for the comments,
suggestions, and questions that helped improve this document.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3489] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy, [RFC3489] Rosenberg, J., Weinberger, J., Huitema, C., and R. Mahy,
"STUN - Simple Traversal of User Datagram Protocol (UDP) "STUN - Simple Traversal of User Datagram Protocol (UDP)
skipping to change at page 14, line 11 skipping to change at page 15, line 11
{DTLS, TLS, TCP, UDP}, the resolution algorithm will convert the TURN {DTLS, TLS, TCP, UDP}, the resolution algorithm will convert the TURN
URI "turns:example.net" to the ordered list of IP address, port, and URI "turns:example.net" to the ordered list of IP address, port, and
protocol tuples in Table 2. protocol tuples in Table 2.
example.net. example.net.
IN NAPTR 100 10 "" RELAY:turn.udp:turn.dtls "" datagram.example.net. IN NAPTR 100 10 "" RELAY:turn.udp:turn.dtls "" datagram.example.net.
IN NAPTR 200 10 "" RELAY:turn.tcp:turn.tls "" stream.example.net. IN NAPTR 200 10 "" RELAY:turn.tcp:turn.tls "" stream.example.net.
datagram.example.net. datagram.example.net.
IN NAPTR 100 10 S RELAY:turn.udp "" _turn._udp.example.net. IN NAPTR 100 10 S RELAY:turn.udp "" _turn._udp.example.net.
IN NAPTR 100 10 S RELAY:turn.dtls "" _turns._udp.example.net. IN NAPTR 200 10 S RELAY:turn.dtls "" _turns._udp.example.net.
stream.example.net. stream.example.net.
IN NAPTR 100 10 S RELAY:turn.tcp "" _turn._tcp.example.net. IN NAPTR 100 10 S RELAY:turn.tcp "" _turn._tcp.example.net.
IN NAPTR 200 10 A RELAY:turn.tls "" a.example.net. IN NAPTR 200 10 A RELAY:turn.tls "" a.example.net.
_turn._udp.example.net. _turn._udp.example.net.
IN SRV 0 0 3478 a.example.net. IN SRV 0 0 3478 a.example.net.
_turn._tcp.example.net. _turn._tcp.example.net.
IN SRV 0 0 5000 a.example.net. IN SRV 0 0 5000 a.example.net.
skipping to change at page 14, line 44 skipping to change at page 15, line 44
| 1 | DTLS | 192.0.2.1 | 5349 | | 1 | DTLS | 192.0.2.1 | 5349 |
| 2 | TLS | 192.0.2.1 | 5349 | | 2 | TLS | 192.0.2.1 | 5349 |
+-------+----------+------------+------+ +-------+----------+------------+------+
Table 2 Table 2
Appendix B. Release notes Appendix B. Release notes
This section must be removed before publication as an RFC. This section must be removed before publication as an RFC.
B.1. Modifications between ietf-tram-stun-dtls-03 and ietf-tram-stun- B.1. Modifications between ietf-tram-stun-dtls-04 and ietf-tram-stun-
dtls-05
o Resolve nits: Updates RFC in abstract.
o Update short title to reflect long title
o Simplify the introduction to simply states that TCP is not optimal
for realtime communications.
o Add refereence to RFC 5389 section 6 for the magic cookie.
o s/domain/domain name/
o Make clear that knowledge of the SDP is needed to be able to
inject a false XOR-MAPPED-ADDRESS.
o Invert the sentence about ICE round-trips to make clear that the
cited draft is just an evidence, not an advice.
o Rewrite of the IANA templates for Port numbers.
o Remove compression from the list of element to take in accoutn to
adjust the PMTU size, as it is now forbidden.
B.2. Modifications between ietf-tram-stun-dtls-03 and ietf-tram-stun-
dtls-04 dtls-04
o Add text to disable TLS compression. o Add text to disable TLS compression.
o Add text to require usage of the DTLS cookie for NAT discovery and o Add text to require usage of the DTLS cookie for NAT discovery and
NAT behavior discovery. NAT behavior discovery.
o Add text to so new usages talk about cookie usage. o Add text to so new usages talk about cookie usage.
o Change TLS-over-UDP to DTLS-over-UDP and use DTLS as alias for o Change TLS-over-UDP to DTLS-over-UDP and use DTLS as alias for
skipping to change at page 15, line 21 skipping to change at page 16, line 46
o s/application name/protocol name/ o s/application name/protocol name/
o Make clear that section 4.3 is only about the STUN Indication o Make clear that section 4.3 is only about the STUN Indication
method of media keep-alive. method of media keep-alive.
o Changed contact information to IETF Chair in Port number template. o Changed contact information to IETF Chair in Port number template.
o Added email addresses in IANA templates. o Added email addresses in IANA templates.
B.2. Modifications between ietf-tram-stun-dtls-02 and ietf-tram-stun- B.3. Modifications between ietf-tram-stun-dtls-02 and ietf-tram-stun-
dtls-03 dtls-03
o Make it clear that both cipher suites are mandatory. o Make it clear that both cipher suites are mandatory.
o Clarify that the ciphers suites listed are replacing the TLS o Clarify that the ciphers suites listed are replacing the TLS
cipher suites. cipher suites.
o Change text so "mandatory" is not understood as compliance. o Change text so "mandatory" is not understood as compliance.
o Clarify that STUN URI are not to be used with some usages. o Clarify that STUN URI are not to be used with some usages.
skipping to change at page 15, line 43 skipping to change at page 17, line 19
o Fix incorrect interpretation of ICE media keep-alive (and fixed o Fix incorrect interpretation of ICE media keep-alive (and fixed
section #). section #).
o Explain that sending media keep-alive inside DTLS is possible if o Explain that sending media keep-alive inside DTLS is possible if
RFC 5764 is used. RFC 5764 is used.
o Added title/subtitle of IANA registries. o Added title/subtitle of IANA registries.
o Change to normatively update RFC 5389 and RFC 5928. o Change to normatively update RFC 5389 and RFC 5928.
B.3. Modifications between ietf-tram-stun-dtls-01 and ietf-tram-stun- B.4. Modifications between ietf-tram-stun-dtls-01 and ietf-tram-stun-
dtls-02 dtls-02
o Add text saying that PFS is preferred over non-PFS, to be in sync o Add text saying that PFS is preferred over non-PFS, to be in sync
with the decision in the rtcweb session in London. with the decision in the rtcweb session in London.
o Add text about IP address in STUN/TURN URIs. o Add text about IP address in STUN/TURN URIs.
o Nits o Nits
B.4. Modifications between ietf-tram-stun-dtls-00 and ietf-tram-stun- B.5. Modifications between ietf-tram-stun-dtls-00 and ietf-tram-stun-
dtls-01 dtls-01
o Update the mandatory cipher suites. o Update the mandatory cipher suites.
o Add a new open item to determine if we want to specify favoring o Add a new open item to determine if we want to specify favoring
cipher suites which support PFS over non-PFS cipher suites. cipher suites which support PFS over non-PFS cipher suites.
o Close remaining opening items from previous draft. o Close remaining opening items from previous draft.
B.5. Modifications between petithuguenin-tram-stun-dtls-00 and ietf- B.6. Modifications between petithuguenin-tram-stun-dtls-00 and ietf-
tram-stun-dtls-00 tram-stun-dtls-00
o Draft renamed after WG adoption. o Draft renamed after WG adoption.
B.6. Modifications between petithuguenin-tram-turn-dtls-00 and B.7. Modifications between petithuguenin-tram-turn-dtls-00 and
petithuguenin-tram-stun-dtls-00 petithuguenin-tram-stun-dtls-00
o Add RFC 6982 information for rfc5766-turn-server project. o Add RFC 6982 information for rfc5766-turn-server project.
o Rename the draft as TURN is now just one of the usages. o Rename the draft as TURN is now just one of the usages.
o Remove the references in the abstract to make idnits happy. o Remove the references in the abstract to make idnits happy.
o No longer updates other standard drafts. o No longer updates other standard drafts.
 End of changes. 29 change blocks. 
59 lines changed or deleted 132 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/