[secdir] Review of draft-ietf-tsvwg-dtls-for-sctp-05

Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 03 June 2010 22:11 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id F37F93A68ED; Thu, 3 Jun 2010 15:11:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.091
X-Spam-Status: No, score=-0.091 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id Fas0XZMn4pc2; Thu, 3 Jun 2010 15:11:22 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil []) by core3.amsl.com (Postfix) with ESMTP id F215B28C122; Thu, 3 Jun 2010 15:11:21 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net []) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id o53MAvaA022308; Thu, 3 Jun 2010 18:10:57 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 []) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id o53MAt3S026217; Thu, 3 Jun 2010 18:10:55 -0400 (EDT)
Received: from siduri.fw5540.net ([]) by chacs.nrl.navy.mil (SMSSMTP with SMTP id M2010060318105417144 ; Thu, 03 Jun 2010 18:10:54 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary=Apple-Mail-7-943336534
Date: Thu, 3 Jun 2010 18:14:39 -0400
Message-Id: <4C4B3C19-EC89-460B-A248-B90BBC5D5BB8@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, gorry@erg.abdn.ac.uk, tuexen@fh-muenster.de, seggelmann@fh-muenster.de, ekr@networkresonance.com
Mime-Version: 1.0 (Apple Message framework v1078)
X-Mailer: Apple Mail (2.1078)
Subject: [secdir] Review of draft-ietf-tsvwg-dtls-for-sctp-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2010 22:11:24 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP).
Most of the document deals with the different DTLS features, that must, must not, may, or should be used in this case.  

I don't see any security issues other than the one the authors have already noted, that is, that certain information is unavoidably sent in the clear because
it is in the header, and security decisions should not be made when certificates based on IP-addresses are used, since SCTP associations use multiple addresses
per SCTP endpoint.  Thus, I have no further comments to make.

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil