File formats:

Status:

PROPOSED STANDARD

Updates:

RFC 6887

Authors:

M. Cullen
S. Hartman
D. Zhang
T. Reddy

Stream:

IETF

Source:

pcp (int)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  10.17487/RFC7652

Discuss this RFC: Send questions or comments to the mailing list [email protected]

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7652

Abstract

An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to flexibly manage the IP address-mapping and port-mapping information on Network Address Translators (NATs) or firewalls to facilitate communication with remote hosts. However, the uncontrolled generation or deletion of IP address mappings on such network devices may cause security risks and should be avoided. In some cases, the client may need to prove that it is authorized to modify, create, or delete PCP mappings. This document describes an in-band authentication mechanism for PCP that can be used in those cases. The Extensible Authentication Protocol (EAP) is used to perform authentication between PCP devices.

This document updates RFC 6887.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.