[TLS] RFC6083bis (DTLS/SCTP with DTLS 1.2 or 1.3)

John Mattsson <john.mattsson@ericsson.com> Mon, 22 February 2021 20:37 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7A103A1FAB for <tls@ietfa.amsl.com>; Mon, 22 Feb 2021 12:37:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmwPeotaKuGY for <tls@ietfa.amsl.com>; Mon, 22 Feb 2021 12:37:09 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2066.outbound.protection.outlook.com [40.107.22.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99FD33A1FAA for <TLS@ietf.org>; Mon, 22 Feb 2021 12:37:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DSdF47KAP7PVemWyajSPQmpYjtvP8mXO2Url3egOOOxe7Pucr/oCFldtSEsmDDW56ofUyOX1CZIuuU6c17jJZWeXzs0BybZswtRKC+8offheVreGfqrARiDj5Nz42Z8Xm4TfoMp43z8tChbbmxzh2y/flxsfYOEJnG+yB0P6ulU/LZ/va8mGkGK+c0DqdPfcchMpY8YrFXMf02aMFXFP6/2hMH6j3MGpp/u/gssnrXkJhAJmx04zyb/eRSaKy75ukTzOGl8K5PS8EnrzdmJ9FE4a0H7odE6T3ff+5Qq75JsC7L9ijTcZ9PynHx7KYSFi3MTR9ttc6nDUv5Un9MhV7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A6haR2y8RQD4vPsLoPwWN3yPezHVzxLeuHie+x5IBoU=; b=lMK70i3RuDeXfEkQR/BLMvUzY4QwaC9T2FiWFdd6KgeE4ThNOT7m7MFMrt2HNJD7hBLu1Vva9w9zV44fRv0rDoMW6kmza71qeNW63EKSFq2M0RAVwhfvYp6xBSwd/4TBcpZJ7GeV9w9HlvYxm3j03/PyHXnahRZUOZnsUfvzP9/hfwL/Ce3DcnUqptq5TOdvribYwetVOWLs0/IVk8PF7L5/Tn0QsUd1eqKBYzlwfPoqSQ6mbLObofqrUHpEyCSW/VPkwOTAzOy4IDoDBhzw+ZgAwHLMde8pOmP41Gpr1opDQfxe9ce0tk0SKHWE8rzMMPN7CUNypl94pekSKZOXhA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A6haR2y8RQD4vPsLoPwWN3yPezHVzxLeuHie+x5IBoU=; b=JM8ji/I2dZ18e6cQomhigARfoAu8HL3pmO2EPe2r8bdMttFguR4htMopek8TzIIfh6W9gEkFXYPkWWhQvWh+LSBciQVp5cH3tvkWiZ+KJnKhpL3n7EIyelJSetiI3/6EsP0pk0xlwDaNejZeNOKXiueAWhdKI/s0ewR6cNE5g1U=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.12; Mon, 22 Feb 2021 20:37:07 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268%11]) with mapi id 15.20.3868.032; Mon, 22 Feb 2021 20:37:07 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: RFC6083bis (DTLS/SCTP with DTLS 1.2 or 1.3)
Thread-Index: AQHXCVp8bngsFpuLokK1Y6kHfm060w==
Date: Mon, 22 Feb 2021 20:37:06 +0000
Message-ID: <F748E9AF-64ED-4C85-BBD7-37ED9985896C@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.46.21021202
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ee3bc4c7-b148-499b-456f-08d8d7719f04
x-ms-traffictypediagnostic: HE1PR0701MB3050:
x-microsoft-antispam-prvs: <HE1PR0701MB3050F4843A5C40F73E9F293389819@HE1PR0701MB3050.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BsNOA/hn5rY2zAq7E1wqr7yAt2vD3sZj7S2inBoubV5Xj6KOtNr0M/TcLct3zEIVo4Smhh5C96exsyV1c3PfcusLniV/ZvTb2vrV+mHlRCNXV4YQ+o3vRIuvsKP7VDtXSLJZqmBdc/pf4fjDBbUYNeDL0is6+cGZcJzmgJHtwzoZIsBItN7bR+xWtZ4VyJqHXsIf9XVp3HpECmhJFXVBxLA+TU6mVmrusxlJzaDEPwLggPcvctRjOsR1S0C4+XF9VQTjIBzsl4Nh6QwWbQEJFixMv6K8pQZrVW+vudxFidPk8NvxMW2RjKtns804HcP/oVvMzhQxHOp7DNuceg/7r+H4SA976QOrfppbmTyvCz7IZ/KR8lOG4iNCH8sgcgvsiuOK0IdGPjjk7orYP1IXoe9PRn3Xhkp1JhFXW6U9Ouu6yM4QQemASkAsLn+4S4GXO8NaSASCLDykMBuS6V1ePFU4GY9U5mnm1d+b3Z5kxYw8gAO0tbSH+UqFWzAPJ2QMnd5P6/U1cXE5fHNNRHj+yIFXhGuORihUrQWfZFElmtX6iWlltju+RVUzmcptDo3fZR6P9PKr0/yyBx5O3kz6Kkvmv9RYUfd2KdO82SvS7CVXA0SYZFHJovMGE1ZyOCnMrdcISuhkZIsHQ2wTAtfVGw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(136003)(366004)(396003)(376002)(83380400001)(2616005)(186003)(2906002)(6512007)(26005)(966005)(8936002)(8676002)(44832011)(33656002)(5660300002)(316002)(86362001)(36756003)(6916009)(66446008)(64756008)(478600001)(66556008)(66476007)(66946007)(76116006)(71200400001)(6506007)(6486002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?UU1PMDA4dUpYTXVCSnE2aHFjeVFvTHlsRmJCTHRSOVlvdXZzRG9pZlpXYmJI?= =?utf-8?B?N2xlWFB5dTY3aG4xZHdZZ3Z1QzJZbitRaitXVzV1anJiMjMvWlNLQ1plOVMv?= =?utf-8?B?a0IxNExKdWR5bmM4Qk5zM3dISW1MMjBVNnVMUzFoODFPS3JOSThqSGJkS1Zx?= =?utf-8?B?Z0hMVDNPb1ZCUXVscFg0WGZBb3FDQytGQ1plclFGZTg2R1hPR0RNUENyOUhE?= =?utf-8?B?L1Bic3FuTVJnSGtzdmpKWWpMd3JqNi9rSUd4TWhPcmRRRzYvNG4zNkljTi83?= =?utf-8?B?ZVRjRmVNdHVHbXJ0cStuVm9hc1NBZXE0MnZaVEZJWVYzN3lFUXAzRmdsaW9r?= =?utf-8?B?RUwyNnNHc0RYYmw0YXdsQjUxUjhqaWxiRFJQZXJodnRpcUNOb1RvV1hIUlhi?= =?utf-8?B?WitzQUhUTGs4dmFEYTZqekFNNFdEc0xEUktlZkhlbEwxMHpuTk44MlRRZk9Q?= =?utf-8?B?VHluclM4Yk50OFRRWVZSUUw2N0xXdEJ0c2hTQnE3Rjg4MW5HSEh4TkNVNW0v?= =?utf-8?B?WTBCMnpFcnozZTBhcVpuOGdKVkNCd0Fkd05RTXg4VHdtM1h5ZXRTTFVvWnJt?= =?utf-8?B?YTlkUHdhK0wyemcvWXdwNGswd0x2NHYxelFtdHc2ZHVvOTNPUEFnNDFuZ3dq?= =?utf-8?B?R2VUcGowWjJOekxuY2xrR0pCWCtkZ044TWk4L0hhODN4SG96cXpFbWxjT2E5?= =?utf-8?B?VHU2NVRDZjBXSGZTU0xOYXhVenVxUTdBQVNCNlJOUkJjRnFMQXJRanp4R0RT?= =?utf-8?B?VGNwa3BqcVhQM3M4aVNCNVhqVko5bG0vdms3bXFuMVdyY0MzSS9XZWZHYkFS?= =?utf-8?B?S01Sd01iMWhIZ1lENW1wN0Z0VDJ5T0FjRlpRays0MVU5YzYwRFJLbTI3aXE5?= =?utf-8?B?Njl3bW1nV3p6ZW12K3VldGpQOHYzRFRONWJnTHg5N3lxRDlTb3FUbXdxNllv?= =?utf-8?B?d3AwM3AwYWE3bDIxTThVTEtXSGI3anRTTjJYdE5sSEw2NEJCTDVmeS9xeExv?= =?utf-8?B?MnNTcjBsRmVTWVR2OUx5VjJYbmNyTlprMEJ0R1BkU2FMMVNkdUJ5NWdhaGtR?= =?utf-8?B?bWVrNGtBandpanc5dnBXTFhKUWdrQ0g2U2xNUURhTnh2VElhMkFyM01mdXJq?= =?utf-8?B?OGJjRE0rUVFKSXBNMU1JSm1PRi91N1haSHVHRE5IR28vMzEvY0gwVERWdG9s?= =?utf-8?B?MW4xQVRaUDVFUDY0R1JNU3hESjl2Y0FuVFlBbnRvRVUxcTV4Y2VmSXRudHZa?= =?utf-8?B?bi9YUUVobXVSR21vM1l2RjdrT2luQ3VqTVl2dkdvQnN6aDBON3BobzA3Vjhh?= =?utf-8?B?eTRvUFhxMnpMeGFFeDF2d2d3ZXdrcGlLVlZRRXhORCt0eGFscmIrejFBdUdP?= =?utf-8?B?KzQveG1GOFZFOVNaeWl6L0RZa1kvck03R3pkRStJNHR6OWdrSXRnRE85SWFZ?= =?utf-8?B?SjFxRTRrcTE4UkkxbVROeWZoMmtrU2tuQnQwOG8zeVNadHJJeFdRU05aK1Jx?= =?utf-8?B?MFFyNEExc250amhick9vN2JEdDF1TTI2Um1sVU5mVDkyU05hTlI0QjJsZzZs?= =?utf-8?B?MGlYS3RVWWN6Y2ZPVzY0VHZLTENnVDIrVjlzUDlZWEU1a1R0dmpRWkM5bGQx?= =?utf-8?B?LzNWVjgycWY4dVJ0RmttUzhWSXcxMGN3NThBTHZWNm9YWjF1RStCNmdPcmo5?= =?utf-8?B?RW05WHBLSHozcmpudjN5RWNzbThLa1h5WE1sWnpnM3N6Vk9jbDNDV0xaYzdp?= =?utf-8?Q?DWlSOwhsgUxzpBW+Ehm3cvFgvYQUIh26e/cyJgN?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <92AC9BC8E6714D4E945645C85187726E@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ee3bc4c7-b148-499b-456f-08d8d7719f04
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2021 20:37:07.0739 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yIZTjLX6oBxq7GDY+M3XaQsLT+tqxlAHjXr8XJVIkb4z042AF4rFxswQUSGbmnAS8KIrMmRHix+/4yCSESFfeFFVCXOHXly+JNxJaNhm1lo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3050
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bo-_9gbNqNAlyzs2Opv16hLwt2k>
Subject: [TLS] RFC6083bis (DTLS/SCTP with DTLS 1.2 or 1.3)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 20:37:12 -0000

Hi,

We are working on RFC6038bis (DTLS/SCTP) with the goal to remove the user message size limitation, mandate more modern DTLS versions (DTLS 1.2 or 1.3 only), and mandate SHA-256 or stronger in SCTP-AUTH.

https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-dtls-over-sctp-bis/

3GPP use cases for DTLS/SCPT are semipermanent connections lasting months or even years. Interruptions are not ok. We have noticed the following issues:

- TLS 1.2 suggests a Session ID lifetime of 24 hours. We note that the suggestion is not normative and has been removed in TLS 1.3.

- With very long connection lifetimes, it becomes important with frequently mutual authentication, and frequent rekeying of DTLS and SCTP-AUTH, preferably with (EC)DHE.

-- In DTLS 1.2, frequent mutual authentication and (EC)HDE-based rekeying of DTLS and SCTP-AUTH can be accomplished with frequent renegotiation followed by calling the exporter. Is mandating use of RFC 5745 and following the recommendations in RFC 7525 secure enough or is more profiling needed?
https://security.stackexchange.com/questions/24554/should-i-use-ssl-tls-renegotiation

-- In DTLS 1.3, renegotiation is gone and there is no real replacement: frequent client authentication can be achieved Post-Handshake but there is no Post-Handshake server authentication. Frequent symmetric rekeying can be achieved with KeyUpdate, but not frequent (EC)DHE. Furthermore, after rekeying with KeyUpdate, the exporter_secret does not change so to derive frequent keys for SCTP-AUTH, a sequence number or similar would have to be concatenated to the exporter label and even then SCTP-AUTH would not get forward secrecy.

How do we solve this issues? Or are they solved? If not, would the TLS WG be positive to work on solving them. Short term DTLS 1.2 will likely be used as DTLS 1.3 is not published yet. Long term DTLS 1.3 is the only solution.

Cheers,
John