RFC Errata
RFC 7635, "Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization", August 2015
Source of RFC: tram (tsv)
Errata ID: 4826
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Mihály Mészáros
Date Reported: 2016-10-10
Held for Document Update by: Magnus Westerlund
Date Held: 2021-01-14
Section 8. says:
8. STUN Client Behavior
o The client looks for the MESSAGE-INTEGRITY attribute in the
response. If MESSAGE-INTEGRITY is absent or the value computed
for message integrity using mac_key does not match the contents of
the MESSAGE-INTEGRITY attribute, then the response MUST be
discarded.
o If the access token expires, then the client MUST obtain a new
token from the authorization server and use it for new STUN
requests.
It should say:
8. STUN Client Behavior
o The client looks for the MESSAGE-INTEGRITY attribute in the
response. If MESSAGE-INTEGRITY is absent or the value computed
for message integrity using mac_key does not match the contents of
the MESSAGE-INTEGRITY attribute, then the response MUST be
discarded.
9. Application (OAuth Client) Behavior
o If the access token expires, then the Application (OAuth client)
MUST obtain a new token from the authorization server, and update
STUN client to use it for new STUN requests.
o Application SHOULD pass only a subset of the received OAuth
parameters to the STUN client. Only parameters SHOULD be passed
that will be really needed and used by the STUN Client.
In this way, only the kid, the mac_key, and the access_token
parameters SHOULD be passed to the STUN client.
...
Renumber the sections
...
Notes:
1. Remove from STUN client behaviour the access_token renewal function,
and move this function up to application level.
2. Pass to STUN only that subset of the OAuth parameters, that will be really used by STUN Client.