URI Scheme for Session Traversal Utilities for NAT (STUN) ProtocolCisco Systems170 West Tasman DriveSan JoseCA95134USsnandaku@cisco.comCisco Systems7200-12 Kit Creek RoadResearch Triangle ParkNC27709USgsalguei@cisco.comCisco Systems7025 Kit Creek RoadResearch Triangle ParkNC27709USpaulej@packetizer.comUnaffiliatedpetithug@acm.org
Real Time Applications and Infrastructure
RTCWEB
This document is the specification of the syntax and semantics of the Uniform Resource Identifier (URI) scheme for the Session Traversal Utilities for NAT (STUN) protocol.
This document specifies the syntax and semantics of the Uniform Resource Identifier (URI) scheme for the Session Traversal Utilities for NAT (STUN) protocol.
STUN is a protocol that serves as a tool for other protocols in dealing with
Network Address Translator (NAT) traversal. It can be used by an endpoint to
determine the IP address and port allocated to it by a NAT, to perform
connectivity checks between two endpoints, and used as a keepalive protocol
to maintain NAT bindings. RFC 5389 defines the
specifics of the STUN protocol.
The 'stun/stuns' URI scheme is used to designate a standalone STUN server or any Internet host performing the
operations of a STUN server in the context of STUN usages (Section 14 RFC 5389 ).
With the advent of standards such as WEBRTC , we anticipate a plethora of endpoints and
web applications to be able to identify and communicate with such a STUN server to carry out the STUN protocol.
This also implies those endpoints and/or applications to be provisioned with appropriate configuration required
to identify the STUN server. Having an inconsistent syntax has its drawbacks and can result in non-interoperable
solutions. It can result in solutions that are ambiguous and have implementation limitations on the different
aspects of the syntax and alike. The 'stun/stuns' URI scheme helps alleviate most of these issues by providing a consistent
way to describe, configure and exchange the information identifying a STUN server. This would also prevent the
shortcomings inherent with encoding similar information in non-uniform syntaxes such as the ones proposed in
the WEBRTC Standards , for example.
A reference implementation [REF-IMPL] is available.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .
"SHOULD", "SHOULD NOT", "RECOMMENDED", and "NOT RECOMMENDED" are appropriate when valid exceptions to a general requirement are known to exist or appear to exist, and it is infeasible or impractical to enumerate all of them.
However, they should not be interpreted as permitting implementors to fail to implement the general requirement when such failure would result in interoperability failure.
The "stun" URI takes the following form (the example below is non-normative):stun:<stun-host>:<stun-port>stuns:<stun-host>:<stun-port>Note that the <port> part and the preceding ":" (colon) character, is OPTIONAL.A STUN/STUNS URI has the following formal ABNF syntax :
<unreserved>, <sub-delims>, and <pct-encoded> are specified in .
The core rules <DIGIT> and <HEXDIGIT> are used as described in Appendix B of RFC 5234 .
The STUN protocol supports sending messages over UDP, TCP or TLS-over-TCP.
The "stuns" URI scheme SHALL be used when STUN is run over TLS-over-TCP (or in the future DTLS-over-UDP) and the "stun" scheme SHALL be used otherwise.
The required <stun-host> part of the "stun" URI denotes the STUN server host.
For the optional DNS Discovery procedure mentioned in the Section 9 of RFC5389, "stun" URI scheme implies UDP as the transport protocol
for SRV lookup and "stuns" URI scheme indicates TCP as the transport protocol.
The <stun-port> part, if present, denotes the port on which the STUN server is awaiting connection requests.
If it is absent, the default port is 3478 for both UDP and TCP and 5349 for STUN over TLS as per Section 9 of RFC 5389 .
The "stun" and "stuns" URI schemes do not introduce any specific security issues beyond the security considerations discussed in .This section contains the registration information for the "stun" and "stuns" URI Schemes (in accordance with ).URI scheme name: stunStatus: permanentURI scheme syntax: See .URI scheme semantics: See .Encoding considerations: There are no encoding considerations beyond those in .Applications/protocols that use this URI scheme name:The "stun" URI scheme is intended to be used by applications that might need access to a STUN server.Interoperability considerations: N/ASecurity considerations: See .Contact: Suhas Nandakumar <snandaku@cisco.com>Author/Change controller: The IESGReferences: RFC&rfc.number;[[NOTE TO RFC EDITOR: Please change &rfc.number; to the number assigned to this specification, and remove this paragraph on publication.]]URI scheme name: stunsStatus: permanentURI scheme syntax: See .URI scheme semantics: See .Encoding considerations: There are no encoding considerations beyond those in .Applications/protocols that use this URI scheme name:The "stuns" URI scheme is intended to be used by applications that might need access to a STUN server over a secure connection.Interoperability considerations: N/ASecurity considerations: See .Contact: Suhas Nandakumar <snandaku@cisco.com>Author/Change controller: The IESGReferences: RFC&rfc.number;[[NOTE TO RFC EDITOR: Please change &rfc.number; to the number assigned to this specification, and remove this paragraph on publication.]]Thanks to Margaret Wasserman, Magnus Westerlund, Juergen
Schoenwaelder, Sean Turner, Ted Hardie, Dave Thaler, Alfred E.
Heggestad, Eilon Yardeni, Dan Wing, Alfred Hoenes, and Jim Kleck for
their comments, suggestions and questions that helped to improve this
document.
Many thanks to Cullen Jennings for his detailed review and thoughtful comments on this document.This document was written with the xml2rfc tool described in .Key words for use in RFCs to Indicate Requirement LevelsHarvard University1350 Mass. Ave.CambridgeMA 02138- +1 617 495 3864sob@harvard.edu
General
keyword
In many standards track documents several words are used to signify
the requirements in the specification. These words are often
capitalized. This document defines these words as they should be
interpreted in IETF documents. Authors who follow these guidelines
should incorporate this phrase near the beginning of their document:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
RFC 2119.
Note that the force of these words is modified by the requirement
level of the document in which they are used.
Uniform Resource Identifier (URI): Generic SyntaxWorld Wide Web ConsortiumMassachusetts Institute of Technology77 Massachusetts AvenueCambridgeMA02139USA+1-617-253-5702+1-617-258-5999timbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Software5251 California Ave., Suite 110IrvineCA92617USA+1-949-679-2960+1-949-679-2972fielding@gbiv.comhttp://roy.gbiv.com/Adobe Systems Incorporated345 Park AveSan JoseCA95110USA+1-408-536-3024LMM@acm.orghttp://larry.masinter.net/
Applications
uniform resource identifierURIURLURNWWWresource
A Uniform Resource Identifier (URI) is a compact sequence of characters
that identifies an abstract or physical resource. This specification
defines the generic URI syntax and a process for resolving URI references
that might be in relative form, along with guidelines and security
considerations for the use of URIs on the Internet.
The URI syntax defines a grammar that is a superset of all valid URIs,
allowing an implementation to parse the common components of a URI
reference without knowing the scheme-specific requirements of every
possible identifier. This specification does not define a generative
grammar for URIs; that task is performed by the individual
specifications of each URI scheme.
Augmented BNF for Syntax Specifications: ABNFInternet technical specifications often need to define a formal syntax. Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications. The current specification documents ABNF. It balances compactness and simplicity with reasonable representational power. The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges. This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications. [STANDARDS-TRACK]Writing I-Ds and RFCs using XMLInvisible Worlds, Inc.660 York StreetSan FranciscoCA94110US+1 415 695 3975mrose@not.invisible.nethttp://invisible.net/
General
RFCRequest for CommentsI-DInternet-DraftXMLExtensible Markup LanguageThis memo presents a technique for using XML
(Extensible Markup Language)
as a source format for documents in the Internet-Drafts (I-Ds) and
Request for Comments (RFC) series.Guidelines and Registration Procedures for New URI SchemesThis document provides guidelines and recommendations for the definition of Uniform Resource Identifier (URI) schemes. It also updates the process and IANA registry for URI schemes. It obsoletes both RFC 2717 and RFC 2718. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Session Traversal Utilities for NAT (STUN)Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints, and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs, and does not require any special behavior from them.</t><t> STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This is an important change from the previous version of this specification (RFC 3489), which presented STUN as a complete solution.</t><t> This document obsoletes RFC 3489. [STANDARDS-TRACK]WebRTC 1.0: Real-time Communication Between Browsers.Reference Implementation of STUN URI parser. shows examples for 'stun/stuns'uri scheme.
For all these examples, the <host> component is populated with "example.org".
URIstun:example.orgstuns:example.orgstun:example.org:8000
One recurring comment was to stop using the suffix "s" on URI
scheme, and to move the secure option to a parameter (e.g.
";proto=tls"). We decided against this idea because the need of ";proto=" for
the STUN URI cannot be sufficiently explained and supporting it would render into an incomplete
specification. This would also result in loosing symmetry between the TURN and STUN URIs.
A more detailed account of the reasoning behind this is available at <http://blog.marc.petit-huguenin.org/2012/09/on-design-of-stun-and-turn-uri-formats.html>