idnits 2.17.00 (12 Aug 2021) /tmp/idnits49793/draft-ietf-tram-alpn-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 25, 2014) is 2727 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRAM P. Patil 3 Internet-Draft T. Reddy 4 Intended status: Informational G. Salgueiro 5 Expires: May 29, 2015 Cisco 6 M. Petit-Huguenin 7 Impedance Mismatch 8 November 25, 2014 10 Application Layer Protocol Negotiation (ALPN) Labels for Session 11 Traversal Utilities for NAT (STUN) Usages 12 draft-ietf-tram-alpn-08 14 Abstract 16 Application Layer Protocol Negotiation (ALPN) labels for Session 17 Traversal Utilities for NAT (STUN) usages, such as Traversal Using 18 Relays around NAT (TURN) and NAT discovery, are defined in this 19 document to allow an application layer to negotiate STUN usages 20 within the Transport Layer Security (TLS) connection. ALPN protocol 21 identifiers defined in this document apply to both TLS and Datagram 22 Transport Layer Security (DTLS). 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on May 29, 2015. 41 Copyright Notice 43 Copyright (c) 2014 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 60 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 61 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3 62 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 5.1. Normative References . . . . . . . . . . . . . . . . . . 4 64 5.2. Informative References . . . . . . . . . . . . . . . . . 4 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 67 1. Introduction 69 STUN can be securely transported using TLS-over-TCP (referred to as 70 TLS [RFC5246]), as specified in [RFC5389], or TLS-over-UDP (referred 71 to as DTLS [RFC6347]), as specified in [RFC7350]. 73 ALPN [RFC7301] enables an endpoint to positively identify an 74 application protocol in TLS/DTLS and distinguish it from other TLS/ 75 DTLS protocols. With ALPN, the client sends the list of supported 76 application protocols as part of the TLS/DTLS ClientHello message. 77 The server chooses a protocol and sends the selected protocol as part 78 of the TLS/DTLS ServerHello message. Application protocol 79 negotiation can thus be accomplished within the TLS/DTLS handshake, 80 without adding network round-trips. 82 STUN protocol usages, such as TURN [RFC5766], can be used to identify 83 the purpose of a flow without initiating a session. 85 This document proposes the following ALPN labels to identify STUN 86 protocol [RFC5389] usages. 88 'stun.turn': Label to identify the specific use of STUN over (D)TLS 89 for TURN (Section 4.6 of [RFC7350]). 91 'stun.nat-discovery': Label to identify the specific use of STUN 92 over (D)TLS for NAT discovery (Section 4.1 of [RFC7350]). 94 2. IANA Considerations 96 The following entries are to be added to the "Application Layer 97 Protocol Negotiation (ALPN) Protocol IDs" registry established by 98 [RFC7301]. 100 The "stun.turn" label identifies the use of TURN usage (D)TLS: 102 Protocol: Traversal Using Relays around NAT (TURN) 104 Identification Sequence: 0x73 0x74 0x75 0x6E 0x2E 0x74 0x75 0x72 105 0x6E ("stun.turn") 107 Specification: This document (RFCXXXX) 109 The "stun.nat-discovery" label identifies the use of STUN for the 110 purposes of NAT discovery over (D)TLS: 112 Protocol: NAT discovery using Session Traversal Utilities for NAT 113 (STUN) 115 Identification Sequence: 0x73 0x74 0x75 0x6E 0x2E 0x6e 0x61 0x74 116 0x2d 0x64 0x69 0x73 0x63 0x6f 0x76 0x65 0x72 0x79 ("stun.nat- 117 discovery") 119 Specification: This document (RFCXXXX) 121 3. Security Considerations 123 The ALPN STUN protocol identifier does not introduce any specific 124 security considerations beyond those detailed in the TLS ALPN 125 Extension specification [RFC7301]. It also does not impact security 126 of TLS/DTLS session establishment nor application data exchange. 128 4. Acknowledgements 130 This work benefited from the discussions and invaluable input by the 131 various members of the TRAM working group. These include Simon 132 Perrault, Paul Kyzivat, Brandon Williams and Andrew Hutton. Special 133 thanks to Martin Thomson and Oleg Moskalenko for their constructive 134 comments, suggestions, and early reviews that were critical to the 135 formulation and refinement of this document. 137 Barry Leiba, Stephen Farrell, Adrian Farrel and Richard Barnes 138 provided useful feedback during IESG review. Thanks to Russ Housley 139 for his Gen-ART review and Adam Langley for his IETF LC review 140 comments as TLS expert. 142 The authors would also like to express their gratitude to the TRAM WG 143 chairs Gonzalo Camarillo and especially Simon Perrault, who also 144 acted as document shepherd. Lastly, we also want to thank Transport 145 Area Director Spencer Dawkins for his support and careful reviews. 147 5. References 149 5.1. Normative References 151 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 152 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 154 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 155 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 156 October 2008. 158 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 159 Security Version 1.2", RFC 6347, January 2012. 161 [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, 162 "Transport Layer Security (TLS) Application-Layer Protocol 163 Negotiation Extension", RFC 7301, July 2014. 165 [RFC7350] Petit-Huguenin, M. and G. Salgueiro, "Datagram Transport 166 Layer Security (DTLS) as Transport for Session Traversal 167 Utilities for NAT (STUN)", RFC 7350, August 2014. 169 5.2. Informative References 171 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 172 Relays around NAT (TURN): Relay Extensions to Session 173 Traversal Utilities for NAT (STUN)", RFC 5766, April 2010. 175 Authors' Addresses 177 Prashanth Patil 178 Cisco Systems, Inc. 179 Bangalore 180 India 182 Email: praspati@cisco.com 183 Tirumaleswar Reddy 184 Cisco Systems, Inc. 185 Cessna Business Park, Varthur Hobli 186 Sarjapur Marathalli Outer Ring Road 187 Bangalore, Karnataka 560103 188 India 190 Email: tireddy@cisco.com 192 Gonzalo Salgueiro 193 Cisco Systems, Inc. 194 7200-12 Kit Creek Road 195 Research Triangle Park, NC 27709 196 US 198 Email: gsalguei@cisco.com 200 Marc Petit-Huguenin 201 Impedance Mismatch 202 USA 204 Email: marc@petit-huguenin.org