Behave Muthu A M. Perumal
Internet-Draft D. Wing
Intended status: Standards Track Ram Mohan. Ravindranath
Expires: August 29, 2013 Cisco Systems
H. Kaplan
Acme Packet
February 25, 2013
STUN Usage for Consent Freshness
draft-muthu-behave-consent-freshness-03
Abstract
Verification of peer consent before sending traffic is necessary in
WebRTC deployments to ensure that a malicious JavaScript cannot use
the browser as a platform for launching attacks. A related problem
is session liveness. WebRTC applications may want to detect
connection failure and take appropriate actions. This document
describes a STUN usage that enables a WebRTC browser to perform the
following on a candidate pair ICE is using for a media component
after session establishment:
1. Verify the peer consent for continuing to send traffic.
2. Dectect connection failure and notify the JavaScript.
This also serves the purpose of refreshing NAT bindings.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 29, 2013.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
Perumal, et al. Expires August 29, 2013 [Page 1]
Internet-Draft STUN Usage for Consent Freshness February 2013
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Design Considerations . . . . . . . . . . . . . . . . . . . . . 4
5. Solution Overview . . . . . . . . . . . . . . . . . . . . . . . 4
6. W3C API Implications . . . . . . . . . . . . . . . . . . . . . 5
7. Interaction with Keepalives used for Refreshing NAT
Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 6
11. Normative References . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6
Perumal, et al. Expires August 29, 2013 [Page 2]
Internet-Draft STUN Usage for Consent Freshness February 2013
1. Introduction
WebRTC implementations obtain the peer consent before sending traffic
on candidate media transport addresses. This has two parts:
1. Obtaining peer consent for sending traffic at session
establishment.
2. Obtaining peer consent for continuing to send traffic after
session establishment.
WebRTC implements are required to perform STUN connectivity checks at
session establishment as part of ICE procedures [RFC5245]. This
takes care of the first part of the consent verification described
above.
After session establishment ICE requires STUN Binding indications to
be used for refreshing NAT bindings for a candidate pair ICE is using
for a media component. Since a STUN Binding indication does not
datatracker.ietf.org