--- 1/draft-ietf-rtcweb-stun-consent-freshness-12.txt 2015-05-13 20:15:00.360139770 -0700 +++ 2/draft-ietf-rtcweb-stun-consent-freshness-13.txt 2015-05-13 20:15:00.380140253 -0700 @@ -1,23 +1,23 @@ RTCWEB M. Perumal Internet-Draft Ericsson Intended status: Standards Track D. Wing -Expires: November 5, 2015 R. Ravindranath +Expires: November 14, 2015 R. Ravindranath T. Reddy Cisco Systems M. Thomson Mozilla - May 4, 2015 + May 13, 2015 STUN Usage for Consent Freshness - draft-ietf-rtcweb-stun-consent-freshness-12 + draft-ietf-rtcweb-stun-consent-freshness-13 Abstract To prevent sending excessive traffic to an endpoint, periodic consent needs to be obtained from that remote endpoint. This document describes a consent mechanism using a new Session Traversal Utilities for NAT (STUN) usage. Status of This Memo @@ -28,21 +28,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 5, 2015. + This Internet-Draft will expire on November 14, 2015. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -196,25 +196,26 @@ While TCP affords some protection from off-path attackers ([RFC5961], [RFC4953]), there is still a risk an attacker could cause a TCP sender to send forever by spoofing ACKs. To prevent such an attack, consent checks MUST be performed over all transport connections, including TCP. In this way, an off-path attacker spoofing TCP segments can not cause a TCP sender to send once the consent timer expires (30 seconds). An endpoint that is not sending any application data does not need to - maintain consent. However, failure to send could cause any NAT or - firewall mappings for the flow to expire. Furthermore, having one - peer unable to send is detrimental to many protocols. Absent better - information about the network, an endpoint SHOULD maintain consent if - there is any possibility that a flow might be needed again. + maintain consent. However, not sending any traffic could cause NAT + or firewall mappings to expire. Furthermore, having one peer unable + to send is detrimental to many protocols. Absent better information + about the network, if an endpoint needs to ensure its NAT or firewall + mappings do not expire, it can be done using keepalive or other + techniques (see Section 10 of [RFC5245] and see [RFC6263]). After consent is lost for any reason, the same ICE credentials MUST NOT be used on the affected 5-tuple again. That means that a new session, or an ICE restart, is needed to obtain consent to send. 4.2. Immediate Revocation of Consent In some cases it is useful to signal that consent is terminated rather than relying on a timeout.