1.1 Glossary

This document uses the following terms:

agent: A device that is connected to a computer network. Also referred to as an endpoint.

Aggressive Nomination: The process of selecting a valid candidate pair for media flow by sending Simple Traversal of UDP through NAT (STUN) binding requests that include the flag for every STUN binding request such that the first candidate pair that is validated is used for media flow.

answer: A message that is sent in response to an offer that is received from an offerer.

authentication: The act of proving an identity to a server while providing key material that binds the identity to subsequent communications.

base: The base of a host candidate is the host candidate itself. The base of server reflexive candidates and peer reflexive candidates is the host candidate from which they are derived. The base of a relayed candidate is the relayed candidate itself.

callee: An endpoint to which a call is initiated by a caller.

caller: An endpoint that initiates a call to establish a media session.

candidate: A set of transport addresses that form an atomic unit for use with a media session. For example, in the case of Real-Time Transport Protocol (RTP) there are two transport addresses for each candidate, one for RTP and another for the Real-Time Transport Control Protocol (RTCP). A candidate has properties such as type, priority, foundation, and base.

candidate pair: A set of candidates that is formed from a local candidate and a remote candidate.

Check List: An ordered list of candidate pairs that determines the order in which connectivity checks are performed for those candidate pairs.

component: A representation of a constituent transport address if a candidate consists of a set of transport addresses. For example, media streams that are based on the Real-Time Transfer Protocol (RTP) have two components, one for RTP and another for the Real-Time Transfer Control Protocol (RTCP).

connectivity check: A Simple Traversal of UDP through NAT (STUN) binding request that is sent to validate connectivity between the local and remote candidates in a candidate pair.

controlled agent: An Interactive Connectivity Establishment (ICE) agent that waits for the controlling agent to select the final candidate pairs to be used.

controlling agent: An Interactive Connectivity Establishment (ICE) agent that is responsible for selecting and signaling the final candidate pair that is selected by connectivity checks. The controlling agent signals the final candidates in a Simple Traversal of UDP through NAT (STUN) binding request and an updated offer. In a session, one of the agents is a controlling agent and the other agent is a controlled agent.

cyclic redundancy check (CRC): An algorithm used to produce a checksum (a small, fixed number of bits) against a block of data, such as a packet of network traffic or a block of a computer file. The CRC is a broad class of functions used to detect errors after transmission or storage. A CRC is designed to catch random errors, as opposed to intentional errors. If errors might be introduced by a motivated and intelligent adversary, a cryptographic hash function has to be used instead.

default candidate: A candidate that is designated for streaming media before connectivity checks can be finished. The candidate that is most likely to stream media to the remote endpoint successfully is designated as the default candidate.

default candidate pair: A candidate pair that consists of the caller's default candidate and the callee's default candidate.

endpoint: A device that is connected to a computer network.

final offer: An offer that is sent by a caller at the end of connectivity checks and carries the local candidate and the remote candidate that were selected for media flow.

foundation: A string that is a property associated with a candidate. The string is the same for candidates that are of the same type, protocol, and base IP addresses, and are obtained from the same STUN/TURN server for relayed and server reflexive candidates.

full: An Interactive Connectivity Establishment (ICE) implementation that adheres to the complete set of functionality described in [MS-ICE2].

Hash-based Message Authentication Code (HMAC): A mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function (for example, MD5 and SHA-1) in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function.

HMAC-SHA1: See SHA-1.

Host Candidate: A candidate that is obtained by binding to ports on the local interfaces of the host computer. The local interfaces include both physical interfaces and logical interfaces such as Virtual Private Networks (VPNs).

ICE keep-alive message: A message that is sent periodically to keep active the NAT bindings at intermediate NATs and allocations on the TURN server.

initial offer: An offer that is sent by a caller and with the caller's local candidates when the caller initiates a media session with a callee.

Internet Protocol version 4 (IPv4): An Internet protocol that has 32-bit source and destination addresses. IPv4 is the predecessor of IPv6.

Internet Protocol version 6 (IPv6): A revised version of the Internet Protocol (IP) designed to address growth on the Internet. Improvements include a 128-bit IP address size, expanded routing capabilities, and support for authentication and privacy.

INVITE: A Session Initiation Protocol (SIP) method that is used to invite a user or a service to participate in a session.

Lite: An implementation that supports a minimal subset of Interactive Connectivity Establishment (ICE) functionality, as described in [MS-ICE2], to work with a Full ICE implementation. A Lite implementation responds to but does not send connectivity checks.

local candidate: A candidate whose transport addresses are local transport addresses.

local transport address: A transport address that is obtained by binding to a specific port from an IP address on the host computer. The IP address can be from physical interfaces or from logical interfaces such as Virtual Private Networks (VPNs).

NAT binding: The string representation of the protocol sequence, NetworkAddress, and optionally the endpoint. Also referred to as "string binding." For more information, see [C706] section "String Bindings."

network address translation (NAT): The process of converting between IP addresses used within an intranet, or other private network, and Internet IP addresses.

nominated: A candidate pair for which the nominated flag is set.

offer: A message that is sent by an offerer.

Ordinary Check: A connectivity check that is generated periodically by an endpoint based on the timers for connectivity checks.

peer: An additional endpoint that is associated with an endpoint in a session. An example of a peer is the callee endpoint for a caller endpoint.

peer-derived candidate: A candidate whose transport addresses are new mapping addresses, typically allocated by NATs, that are discovered during connectivity checks.

provisional answer: An optional message that carries local candidates for a callee and can be sent by the callee in response to a caller's initial offer.

Real-Time Transport Control Protocol (RTCP): A network transport protocol that enables monitoring of Real-Time Transport Protocol (RTP) data delivery and provides minimal control and identification functionality, as described in [RFC3550].

Real-Time Transport Protocol (RTP): A network transport protocol that provides end-to-end transport functions that are suitable for applications that transmit real-time data, such as audio and video, as described in [RFC3550].

Regular Nomination: The process of selecting a valid candidate pair for media flow by validating the candidate pairs with Simple Traversal of UDP through NAT (STUN) binding requests, and then selecting a valid candidate pair by sending STUN binding requests with a flag indicating that the candidate pair was nominated.

Relayed Candidate: A candidate that is allocated on the Traversal Using Relay NAT (TURN) server by sending an Allocate Request to the TURN server.

remote candidate: A candidate that belongs to a remote endpoint in a session.

remote endpoint: See peer.

RTCP packet: A control packet consisting of a fixed header part similar to that of RTP packets, followed by structured elements that vary depending upon the RTCP packet type. Typically, multiple RTCP packets are sent together as a compound RTCP packet in a single packet of the underlying protocol; this is enabled by the length field in the fixed header of each RTCP packet. See [RFC3550] section 3.

salt: An additional random quantity, specified as input to an encryption function that is used to increase the strength of the encryption.

SDP offer: A Session Description Protocol (SDP) message that is sent by an offerer.

Server Reflexive Candidate: A candidate whose transport addresses is a network address translation (NAT) binding that is allocated on a NAT when an endpoint sends a packet through the NAT to the server. A Server Reflexive Candidate can be discovered by sending an allocate request to the TURN server or by sending a binding request to a Simple Traversal of UDP through NAT (STUN) server.

Session Description Protocol (SDP): A protocol that is used for session announcement, session invitation, and other forms of multimedia session initiation. For more information see [MS-SDP] and [RFC3264].

Session Initiation Protocol (SIP): An application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. SIP is defined in [RFC3261].

SHA-1 hash: A hashing algorithm as specified in [FIPS180-2] that was developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).

Simple Traversal of UDP through NAT (STUN): A protocol that enables applications to discover the presence of and types of network address translations (NATs) and firewalls that exist between those applications and the Internet.

STUN candidate: A candidate whose transport addresses are STUN-derived transport addresses. See also Simple Traversal of UDP through NAT (STUN).

Transmission Control Protocol (TCP): A protocol used with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. TCP handles keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet.

transport address: A 3-tuple that consists of a port, an IPv4 or IPV6 address, and a transport protocol of User Datagram Protocol (UDP) or Transmission Control Protocol (TCP).

Traversal Using Relay NAT (TURN): A protocol that is used to allocate a public IP address and port on a globally reachable server for the purpose of relaying media from one endpoint to another endpoint.

triggered check: A connectivity check that is generated in response to a connectivity check packet that is received from a peer.

TURN candidate: A candidate whose transport addresses are TURN-derived transport addresses. See also Traversal Using Relay NAT (TURN).

TURN server: An endpoint that receives Traversal Using Relay NAT (TURN) request messages and sends TURN response messages. The protocol server acts as a data relay, receiving data on the public address that is allocated to a protocol client and forwarding that data to the client.

User Datagram Protocol (UDP): The connectionless protocol within TCP/IP that corresponds to the transport layer in the ISO/OSI reference model.

Valid List: A list of candidate pairs that have been validated by connectivity checks.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.