Notes: All references have been changed from numeric format (e.g., [1]) to symbolic (e.g., [RFC0768). Section 1: ---------- OLD: [...] filtering aspects of NATs. Approaches using directly signaled control of middle boxes such as Midcom, UPnP, or in-path signaling are out of scope. UDP Relays are out-of-scope. [...] This document only covers the UDP Unicast aspects of NAT traversal and does not cover TCP, IPSEC, or other protocols. Since the document is for UDP only, packet inspection above the UDP layer (including RTP) is also out-of-scope. NEW: [...] filtering aspects of NATs which may resemble firewall operation. Approaches using directly signaled control of middle boxes are out of scope. UDP Relays (e.g., TURN [I-D.ietf-behave-turn]) are out-of-scope. [...] This document only covers aspects of NAT traversal related to Unicast UDP [RFC0768] over IP [RFC0791] and their dependencies on other protocols. Section 2: ---------- OLD: [...] describes a UNilateral Self-Address Translation (UNSAF) mechanism ^^^^^^^^^^^ [15]. UDP Relays have also been [...] forced to use UDP media relay. ^ ^^^^^ NEW: [...] describes a UNilateral Self-Address Fixing (UNSAF) mechanism [RFC3424]. Teredo [RFC4380] describes an ^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ UNSAF mechanism consisting of tunnelling IPv6 [RFC2460] over UDP/ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ IPv4. UDP relays have also [...] forced to use UDP relay. ^ ^ Delete OLD sentence entirely: The requirements represent what many vendors are already doing, and it is not expected that it should be any more difficult to build a NAT that meets these requirements or that these requirements should affect performance. Section 3: ---------- Add NEW paragraph right before existing last paragraph: This document uses IANA terminology for port ranges, i.e., "Well Known Ports" is 0-1023, "Registered" is 1024-49151, and "Dynamic and/or Private" is 49152-65535, as defined in . Section 4.1, p.7 in REQ-1: -------------------------- OLD: [...] met. Failure to meet REQ-1 will force the use of a Media Relay ^^^^^^^ NEW: [...] met. Failure to meet REQ-1 will force the use of a UDP relay ^^^^^ Section 4.2, page 10: --------------------- OLD: a) Certain applications expect the source UDP port to be in the well-known range. See RFC 2623 for an example. NEW: a) Certain applications expect the source UDP port to be in the well-known range. See the discussion of Network File System ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ port expectations in [RFC2623] for an example. ^^^^^^^^^^^^^^^^^^^^^ Section 4.2.3, second paragraph: -------------------------------- OLD: Furthermore, there is a glaring problem if many applications (or ^^^^^^^^ NEW: Furthermore, there is a problem with glare if many applications (or ^^^^^^^^^^^ Section 4.3: ------------ OLD REQ-5 a) a) A NAT MAY have UDP mapping timers that have much shorter timers, but only for specific ports in the well-known port range (i.e., ports 0-1023) where the IANA- registered protocol is strictly a request/response protocol, such as for example DNS over UDP/53. NEW REQ-5 a) a) For specific destination ports in the well-known port range (ports 0-1023), a NAT MAY have shorter UDP mapping timers that are specific to the IANA-registered application running over that specific destination port. OLD REQ-5 c) A default value of 5 minutes for the NAT UDP [...] NEW REQ-5 c) A default value of 5 minutes or more for the NAT UDP [...] ^^^^^^^^ page 12, justification for REQ-6: OLD: [...] application to keep [...] NEW: [...] external attacker or misbehaving application to keep [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Section 4.4: ------------ OLD REQ-7: [...] IP addresses do not numerically conflict with [...] ^^^^^^^ NEW REQ-7: [...] IP addresses numerically conflicts with [...] ^ Section 5, last paragraph: -------------------------- Change OLD "Media Relay" to NEW "UDP Relay" (2 instances). Section 6: ---------- Page 16, just before REQ-9: OLD: [...] internal or an external source IP address and port. [...] NEW: [...] internal (X1:x1) or an external (X1':x1') source IP address and port. [...] ^^^^^^^^ ^^^^^^^^^^ OLD Justification for REQ-9 a): a) Using the external IP address is necessary [...] NEW justification for REQ-9 a): a) Using the external source IP address is necessary [...] ^^^^^^ OLD: REQ-10: If a NAT includes ALGs that affect UDP, it is RECOMMENDED that all of those ALGs be disabled by default. NEW: REQ-10: To eliminate interference with UNSAF NAT traversal mechanisms and allow integrity protection of UDP communications, NAT ALGs for UDP-based protocols SHOULD be turned off. Future standards track specifications that define an ALG can update this to recommend that the ALGs they define default on. Section 10: ----------- OLD: REQ-13: If the packet received on an internal IP address has DF=1, the NAT SHOULD send back an ICMP message "fragmentation needed and ^^^^^^ DF set" message to the host as described in RFC 792 [2]. NEW: REQ-13: If the packet received on an internal IP address has DF=1, the NAT MUST send back an ICMP message "fragmentation needed and ^^^^ DF set" message to the host as described in [RFC0792]. Section 11, 3rd paragraph: -------------------------- OLD: [...] forwarding the individual packets [...] ^^^^^^^ NEW: [...] forwarding the individual fragments [...] ^^^^^^^^^ Section 12: ----------- Change REQ-5a), REQ-10 and REQ-13 as described above. Section 13: ----------- Change all occurences of OLD "This work" to NEW "This document". 3rd paragraph: change OLD "external IP only" to NEW "external IP address only". Section 16: ----------- OLD: [...] Takeda and Paul Hoffman for their contributions. ^^^ NEW: [...] Takeda, Paul Hoffman, Lisa Dusseault Pekka Savola and Jari Arkko ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ for their contributions. Section 17.1: ------------- Add NEW Refs: [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980. [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. Section 17.2: ------------- Add NEW Refs: [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC2623] Eisler, M., "NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5", RFC 2623, June 1999. [RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)", RFC 4380, February 2006. [I-D.ietf-behave-turn] Rosenberg, J., "Obtaining Relay Addresses from Simple Traversal of UDP Through NAT (STUN)", draft-ietf-behave-turn-00 (work in progress), March 2006.