{"draft":"draft-ietf-pcp-authentication-14","doc_id":"RFC7652","title":"Port Control Protocol (PCP) Authentication Mechanism","authors":["M. Cullen","S. Hartman","D. Zhang","T. Reddy"],"format":["ASCII","HTML"],"page_count":"34","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Port Control Protocol","abstract":"An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to\r\nflexibly manage the IP address-mapping and port-mapping information\r\non Network Address Translators (NATs) or firewalls to facilitate\r\ncommunication with remote hosts.  However, the uncontrolled\r\ngeneration or deletion of IP address mappings on such network devices\r\nmay cause security risks and should be avoided.  In some cases, the\r\nclient may need to prove that it is authorized to modify, create, or\r\ndelete PCP mappings.  This document describes an in-band\r\nauthentication mechanism for PCP that can be used in those cases.\r\nThe Extensible Authentication Protocol (EAP) is used to perform\r\nauthentication between PCP devices.\r\n\r\nThis document updates RFC 6887.","pub_date":"September 2015","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":["RFC6887"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7652","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7652"}