Internet Engineering Task Force (IETF)                          P. Patil
Request for Comments: 7443                                      T. Reddy
Category: Informational                                     G. Salgueiro
ISSN: 2070-1721                                                    Cisco
                                                       M. Petit-Huguenin
                                                      Impedance Mismatch
                                                            January 2015
        
Internet Engineering Task Force (IETF)                          P. Patil
Request for Comments: 7443                                      T. Reddy
Category: Informational                                     G. Salgueiro
ISSN: 2070-1721                                                    Cisco
                                                       M. Petit-Huguenin
                                                      Impedance Mismatch
                                                            January 2015
        

Application-Layer Protocol Negotiation (ALPN) Labels for Session Traversal Utilities for NAT (STUN) Usages

NAT(STUN)使用的会话遍历实用程序的应用层协议协商(ALPN)标签

Abstract

摘要

Application-Layer Protocol Negotiation (ALPN) labels for Session Traversal Utilities for NAT (STUN) usages, such as Traversal Using Relays around NAT (TURN) and NAT discovery, are defined in this document to allow an application layer to negotiate STUN usages within the Transport Layer Security (TLS) connection. ALPN protocol identifiers defined in this document apply to both TLS and Datagram Transport Layer Security (DTLS).

本文档中定义了NAT(STUN)使用的会话遍历实用程序的应用层协议协商(ALPN)标签,例如使用NAT(TURN)和NAT发现周围的中继进行遍历,以允许应用层在传输层安全(TLS)连接内协商STUN使用。本文件中定义的ALPN协议标识符适用于TLS和数据报传输层安全性(DTLS)。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7443.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7443.

Copyright Notice

版权公告

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     4.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     4.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5
        
1. Introduction
1. 介绍

STUN can be securely transported using TLS-over-TCP (referred to as TLS [RFC5246]), as specified in [RFC5389], or TLS-over-UDP (referred to as DTLS [RFC6347]), as specified in [RFC7350].

可以使用[RFC5389]中规定的TCP上的TLS(称为TLS[RFC5246])或[RFC7350]中规定的UDP上的TLS(称为DTLS[RFC6347])安全地传输STUN。

ALPN [RFC7301] enables an endpoint to positively identify an application protocol in TLS/DTLS and distinguish it from other TLS/ DTLS protocols. With ALPN, the client sends the list of supported application protocols as part of the TLS/DTLS ClientHello message. The server chooses a protocol and sends the selected protocol as part of the TLS/DTLS ServerHello message. Application protocol negotiation can thus be accomplished within the TLS/DTLS handshake, without adding network round-trips.

ALPN[RFC7301]使端点能够明确识别TLS/DTLS中的应用程序协议,并将其与其他TLS/DTLS协议区分开来。使用ALPN,客户端将支持的应用程序协议列表作为TLS/DTLS ClientHello消息的一部分发送。服务器选择一个协议并将所选协议作为TLS/DTLS ServerHello消息的一部分发送。因此,应用程序协议协商可以在TLS/DTLS握手中完成,而无需添加网络往返。

STUN protocol usages, such as TURN [RFC5766], can be used to identify the purpose of a flow without initiating a session.

STUN协议的使用,如TURN[RFC5766],可用于在不启动会话的情况下识别流的目的。

This document proposes the following ALPN labels to identify STUN protocol [RFC5389] usages.

本文件建议使用以下ALPN标签来识别STUN协议[RFC5389]的使用。

'stun.turn': Label to identify the specific use of STUN over (D)TLS for TURN (Section 4.6 of [RFC7350]).

“眩晕转弯”:标识转弯时眩晕(D)TLS的具体用途的标签(RFC7350第4.6节)。

'stun.nat-discovery': Label to identify the specific use of STUN over (D)TLS for NAT discovery (Section 4.1 of [RFC7350]).

“stun.nat发现”:标识用于nat发现的(D)TLS上stun的具体用途的标签(RFC7350第4.1节)。

2. IANA Considerations
2. IANA考虑

The following entries have been added to the "Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry established by [RFC7301].

以下条目已添加到[RFC7301]建立的“应用层协议协商(ALPN)协议ID”注册表中。

The "stun.turn" label identifies the use of TURN usage (D)TLS:

“眩晕转弯”标签标识转弯使用(D)TLS的使用:

Protocol: Traversal Using Relays around NAT (TURN)

协议:使用NAT周围的中继进行遍历(TURN)

Identification Sequence: 0x73 0x74 0x75 0x6E 0x2E 0x74 0x75 0x72 0x6E ("stun.turn")

标识顺序:0x73 0x74 0x75 0x6E 0x2E 0x74 0x75 0x72 0x6E(“眩晕旋转”)

Specification: This document (RFC 7443)

规范:本文件(RFC 7443)

The "stun.nat-discovery" label identifies the use of STUN for the purposes of NAT discovery over (D)TLS:

“stun.nat发现”标签标识了在(D)个TLS上使用stun进行nat发现:

Protocol: NAT discovery using Session Traversal Utilities for NAT (STUN)

协议:使用NAT会话遍历实用程序进行NAT发现(STUN)

Identification Sequence: 0x73 0x74 0x75 0x6E 0x2E 0x6e 0x61 0x74 0x2d 0x64 0x69 0x73 0x63 0x6f 0x76 0x65 0x72 0x79 ("stun.nat-discovery")

标识序列:0x73 0x74 0x75 0x6E 0x2E 0x6E 0x61 0x74 0x2d 0x64 0x69 0x73 0x63 0x6f 0x76 0x65 0x72 0x79(“眩晕.nat发现”)

Specification: This document (RFC 7443)

规范:本文件(RFC 7443)

3. Security Considerations
3. 安全考虑

The ALPN STUN protocol identifier does not introduce any specific security considerations beyond those detailed in the TLS ALPN Extension specification [RFC7301]. It also does not impact the security of TLS/DTLS session establishment or application data exchange.

除TLS ALPN扩展规范[RFC7301]中详述的安全注意事项外,ALPN STUN协议标识符未引入任何特定的安全注意事项。它也不会影响TLS/DTLS会话建立或应用程序数据交换的安全性。

4. References
4. 工具书类
4.1. Normative References
4.1. 规范性引用文件

[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008, <http://www.rfc-editor.org/info/rfc5246>.

[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月<http://www.rfc-editor.org/info/rfc5246>.

[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, October 2008, <http://www.rfc-editor.org/info/rfc5389>.

[RFC5389]Rosenberg,J.,Mahy,R.,Matthews,P.,和D.Wing,“NAT(STUN)的会话遍历实用程序”,RFC 5389,2008年10月<http://www.rfc-editor.org/info/rfc5389>.

[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, January 2012, <http://www.rfc-editor.org/info/rfc6347>.

[RFC6347]Rescorla,E.和N.Modadugu,“数据报传输层安全版本1.2”,RFC 6347,2012年1月<http://www.rfc-editor.org/info/rfc6347>.

[RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension", RFC 7301, July 2014, <http://www.rfc-editor.org/info/rfc7301>.

[RFC7301]Friedl,S.,Popov,A.,Langley,A.,和E.Stephan,“传输层安全(TLS)应用层协议协商扩展”,RFC 7301,2014年7月<http://www.rfc-editor.org/info/rfc7301>.

[RFC7350] Petit-Huguenin, M. and G. Salgueiro, "Datagram Transport Layer Security (DTLS) as Transport for Session Traversal Utilities for NAT (STUN)", RFC 7350, August 2014, <http://www.rfc-editor.org/info/rfc7350>.

[RFC7350]Petit Huguenin,M.和G.Salgueiro,“数据报传输层安全性(DTLS)作为NAT(STUN)会话遍历实用程序的传输”,RFC 7350,2014年8月<http://www.rfc-editor.org/info/rfc7350>.

4.2. Informative References
4.2. 资料性引用

[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, April 2010, <http://www.rfc-editor.org/info/rfc5766>.

[RFC5766]Mahy,R.,Matthews,P.,和J.Rosenberg,“使用NAT周围的中继进行遍历(TURN):NAT(STUN)会话遍历实用程序的中继扩展”,RFC 5766,2010年4月<http://www.rfc-editor.org/info/rfc5766>.

Acknowledgements

致谢

This work benefited from the discussions and invaluable input by the various members of the TRAM working group. These include Simon Perrault, Paul Kyzivat, Brandon Williams, and Andrew Hutton. Special thanks to Martin Thomson and Oleg Moskalenko for their constructive comments, suggestions, and early reviews that were critical to the formulation and refinement of this document.

这项工作得益于电车工作组各成员的讨论和宝贵投入。其中包括西蒙·佩罗特、保罗·基齐瓦特、布兰登·威廉姆斯和安德鲁·赫顿。特别感谢Martin Thomson和Oleg Moskalenko提出的建设性意见、建议以及对本文件的制定和完善至关重要的早期审查。

Barry Leiba, Stephen Farrell, Adrian Farrel, and Richard Barnes provided useful feedback during IESG review. Thanks to Russ Housley for his Gen-ART review and Adam Langley for his IETF LC review comments as TLS expert.

Barry Leiba、Stephen Farrell、Adrian Farrel和Richard Barnes在IESG审查期间提供了有用的反馈。感谢Russ Housley作为TLS专家所作的Gen ART评论和Adam Langley作为TLS专家所作的IETF LC评论。

The authors would also like to express their gratitude to the TRAM WG chairs Gonzalo Camarillo and especially Simon Perrault, who also acted as document shepherd. Lastly, we also want to thank the Transport Area Director Spencer Dawkins for his support and careful reviews.

作者还想向TRAM工作组主席冈萨洛·卡马里洛表示感谢,特别是西蒙·佩罗特,他也担任了文件管理员。最后,我们还要感谢运输部门主管斯宾塞·道金斯(Spencer Dawkins)的支持和仔细审查。

Authors' Addresses

作者地址

Prashanth Patil Cisco Systems, Inc. Bangalore India

印度班加罗尔Prashanth Patil思科系统公司

   EMail: praspati@cisco.com
        
   EMail: praspati@cisco.com
        

Tirumaleswar Reddy Cisco Systems, Inc. Cessna Business Park, Varthur Hobli Sarjapur Marathalli Outer Ring Road Bangalore, Karnataka 560103 India

Tirumaleswar Reddy Cisco Systems,Inc.印度卡纳塔克邦班加罗尔外环路瓦图尔霍布里萨贾普尔马拉塔利塞斯纳商业园560103

   EMail: tireddy@cisco.com
        
   EMail: tireddy@cisco.com
        

Gonzalo Salgueiro Cisco Systems, Inc. 7200-12 Kit Creek Road Research Triangle Park, NC 27709 United States

Gonzalo Salgueiro Cisco Systems,Inc.美国北卡罗来纳州Kit Creek Road研究三角公园7200-12号,邮编:27709

   EMail: gsalguei@cisco.com
        
   EMail: gsalguei@cisco.com
        

Marc Petit-Huguenin Impedance Mismatch United States

Marc Petit Huguenin阻抗失配美国

   EMail: marc@petit-huguenin.org
        
   EMail: marc@petit-huguenin.org