RFC 5764, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)", May 2010Source of RFC: avt (rai)
Errata ID: 3913
Status: Held for Document Update
Reported By: Martin Thomson
Date Reported: 2014-03-06
Held for Document Update by: Ben Campbell
Date Held: 2015-07-22
Section 5.1.2 says:
Arriving packets may be of types RTP, DTLS, or STUN [RFC5389]. ... | B < 2 -+--> forward to STUN ... If the value of this byte is 0 or 1, then the packet is STUN.
It should say:
Arriving packets may be of types RTP, DTLS, or STUN [RFC5389]. STUN messages with methods identifiers of 1280 or higher cannot be demultiplexed. ... | B < 20 -+--> forward to STUN ... If the value of this byte is less than 20, then the packet is STUN.
This is a tricky one. We can't distinguish all STUN message types,
because - at least in theory - new message types >= 1280 can be added
to STUN, which could collide with DTLS.
Please see Section 7 of RFC 7983 for the change that addresses this problem more
holistically and *differently* than above.