| 1 | Changes in the STUN specification from rfc3489bis-06 to rfc3489bis-10: |
| 2 | - STUN transaction timeout is no longer hardcoded to 1600ms, but rather 16*RTO |
| 3 | - Changes in MESSAGE-INTEGRITY calculation, with regard to the message length value. Previously in bis-06, the length was set to the actual/final length of the message. Now the length is the message length after M-I is added, but before any other attributes past M-I (such as FINGERPRINT) is added. |
| 4 | - Similarly for FINGERPRINT calculation |
| 5 | - HMAC padding for MESSAGE-INTEGRITY is no longer necessary |
| 6 | - Some STUN status codes related to client error were removed: |
| 7 | - 430 Stale Credentials |
| 8 | - 431 Integrity Check Failure |
| 9 | - 432 Missing Username |
| 10 | - 433 Use TLS |
| 11 | - 434 Missing Realm |
| 12 | - 435 Missing Nonce |
| 13 | - 436 Unknown Username |
| 14 | - 437 No Binding |
| 15 | - Subsequently since some status codes were removed, response codes for authentication were changed |
| 16 | - Now non-FINGERPRINT attributes are allowed to exist after M-I. Endpoint MUST ignore these attributes, for now. |
| 17 | - added more STUN test vectors in STUN test program |
| 18 | |
| 19 | '''Note that these changes are NOT backward compatible with rfc3489bis-06, meaning new ICE software based on new PJNATH will not be able to negotiate with ICE from previous PJNATH.''' |