5.1 Security Considerations for Implementers

The security considerations for this protocol are the same as described in [IETFDRAFT-TURN-08] section 10.

The long-term credentials, which are used for protocol client authentication with the TURN server, are valid for an extended period of time. Because the credentials are valid for this extended period, replay prevention is provided through the use of a digest challenge as described in section 3.1.12.

The long-term credential mechanism is also susceptible to offline dictionary attacks, so it is recommended that deployments use strong passwords.