On Sep 27, 2009, at 12:15 PM, jc <[email protected]> wrote:
On Sep 27, 2009, at 11:48 AM, Eric Rescorla wrote:
On Sun, Sep 27, 2009 at 11:41 AM, jc <[email protected]> wrote:
On Sep 27, 2009, at 7:44 AM, Eric Rescorla wrote:
How does it break RFC 5389 compliance?
There is no section describing TLS over UDP(DTLS).
"7.2.1. Sending over UDP ...................................13"
"7.2.2. Sending over TCP or TLS-over-TCP ...................14"
and rfc5389 clearly states:
"Note that only "tcp" is defined with "stuns" at this time."
and:
"In addition, IANA has assigned port number 5349 for the "stuns"
service,
defined over TCP and UDP. The UDP port is not currently defined;
however, it
is reserved for future use."
How is RELOAD compliant with rfc5389?
STUN isn't being used over TLS (or DTLS) in RELOAD. Rather, it's
being
used in the context of ICE for the purposes of connectivity checks.
As
far as I know, there's no issue here.
Every time you perform an Attach in RELOAD it uses either DTLS or
TLS with STUN to perform ICE connectivity checks(done by TLS/DTLS
hand-hake in ice-lite) towards the remote candidates. Is this fact
or fiction?
It's fact but you're confusing two meanings of the word "with". In
this case tls/dtls is multiplexed with stun over tcp/udp, therefore
there is no need to define stun over dtls. The stun over tls you are
pointing to is not used with ice, but rather for other stun-using
applications such as turn
Ekr
Julian
-Ekr
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
