An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to
flexibly manage the IP address and port mapping information on
Network Address Translators (NATs) or firewalls, to facilitate
communications with remote hosts. However, the un-controlled
generation or deletion of IP address mappings on such network devices
may cause security risks and should be avoided. In some cases the
client may need to prove that it is authorized to modify, create or
delete PCP mappings. This document proposes an in-band
authentication mechanism for PCP that can be used in those cases.
The Extensible Authentication Protocol (EAP) is used to perform
authentication between PCP devices.