Rather than pointing to the blog entry, which only gives an overview, I propose that the spec links directly to the paper on which the NAT traversal technique is based. E.g. Change:
IntoFor more information about NAT traversal, see Passive Mode C-C Connections and NAT Traversal.
Then, I think it's good to define how the ports work, exactly. Insert this before the "BASE RCM updates". I'm using the same terminology as the paper to avoid confusion.This specification is based on the TCP hole punching algorithm described in [1].
1. B. Ford, P. Srisuresh, and D. Kegel. "Peer-to-Peer Communication Across Network Address Translators". In USENIX Technical Conference, pages 179–192, 2005. Online version: http://www.brynosaurus.com/pub/net/p2pnat/
I propose that every instance of "outbound port" is replaced with "private endpoint", for the same reason.The "private endpoint" refers to the outbound port to the connected hub, as seen by the client. Each client must listen for incoming connections on this port. Note that this protocol extension uses only this port for the TCP hole punching, the use of the "public endpoint" as specified in [1] is not supported.