[tsvwg] On the proposal for 4895bis (SCTP-AUTH)
Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 26 July 2024 18:26 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF1BFC180B5A for <tsvwg@ietfa.amsl.com>; Fri, 26 Jul 2024 11:26:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1UJkL_dV5P_T for <tsvwg@ietfa.amsl.com>; Fri, 26 Jul 2024 11:26:32 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2074.outbound.protection.outlook.com [40.107.21.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 724CFC16941B for <tsvwg@ietf.org>; Fri, 26 Jul 2024 11:26:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PfbYPAjV83wgV1Z9mnAB8OLxyN6mb04B1OD10p2R57fO/2YwgdhAicti044UFZ8I0axJ8zh0w9XF0G0ZT/FcWGpvTz33pX8HPTWo6iVyuwQmNkILNacaPnh/ISv0Jpz9nFXEpsIAPKVXdcCkICF4B+br6kjsbIAVV9vUHaNRB+JoHxmN1nd8hzHC2WeDYON2Q8O5kdE0ziSJpxgCP+UHpKR5uFWI7rxA8EEf5JTyZ97kGgplaTG39vJSB8RZwZgoB0Fi98AP7s10mttOLuPU+U866MBX7uXWPtuwZFmq4hpUy61L0U5Jq8bPge4UGdoM2xBo6P1EK8ITkKsRNNLH7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dhrn93Xe/k6rolXuQZl7kvaZbCGxPNNEdTT0GQzLpmM=; b=QzUBsq0wNnrpeJ8bvPMwA/x5U7jp2/cMQjfFYTnZaWaaYeiut0RGmgAPlB/LPg4Tg2WTZrHShmG5oJS5ALcGm3l8j0s//eY0L3koD3U0EvPfcCeCuyWmBBLemxD/eS+MGxGNadV5ChWHqxCBqGB6uiGl9aJc6LOZaYgZP3qYW+da8pRE2x4HTHpDCFp2uH4di36aglqzs1wEEmZYSlOODa0iAKosf/3vtQIoSbGxrQnUSxx5UXRd35xwUEjuL/QcidTPdiaBE5ixFF+VEUHCeM3QS054xbXFJzfZPhTea+tG5XkrSMHQhAMj+El55XbSGiB62jZyEWLSAoyNZJPDBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dhrn93Xe/k6rolXuQZl7kvaZbCGxPNNEdTT0GQzLpmM=; b=S8oVfMeYDmIHFRTn/aJ2rBo9fRQD1q2C/mEX+6xU6iE25qOT4S5/vhwDE0cMY1dEfp1Jp4v27lfWXNpsHi/qdKDB0IjzzcV4nMbDmPknXVZzrJO0fqP1HHhb1iCGLlhazoEHeZ3bRlS4H4A4nAhm6oMgsmp3LIYMee6noN8+NJfr5OCVTzt4WNmtzt7fo7Scvqi3M3m1eSNlb9uOePqe4+Z+Qpc6jla/xXcWl3f8gcYI6za+0H1uF6Y8zZC74E2+/jf9rRD1gavmiPQ+mnAAJ/YqgIAjDUNYSgL7aBIE+Zd6Qcrr6IiAd0fRyQ3v78AR/SAuYegeXxrPKBEkwdeKCA==
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com (2603:10a6:20b:4f5::6) by VI1PR0701MB6862.eurprd07.prod.outlook.com (2603:10a6:800:194::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.16; Fri, 26 Jul 2024 18:26:28 +0000
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::5dc8:3768:1f55:6b14]) by AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::5dc8:3768:1f55:6b14%4]) with mapi id 15.20.7784.016; Fri, 26 Jul 2024 18:26:28 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: On the proposal for 4895bis (SCTP-AUTH)
Thread-Index: AQHa34MfEI+jSkJszk6KYN2l0hBwUw==
Date: Fri, 26 Jul 2024 18:26:28 +0000
Message-ID: <AS4PR07MB88745BED23B9BED6C502BD5F95B42@AS4PR07MB8874.eurprd07.prod.outlook.com>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS4PR07MB8874:EE_|VI1PR0701MB6862:EE_
x-ms-office365-filtering-correlation-id: 7eb6389c-37ee-4432-537a-08dcada07748
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018|3613699012;
x-microsoft-antispam-message-info: 2/Hwm4M1ze7AE1bRV8YpF7MJpyduIMJZ4b+EAuIU7lEPjm8JngxSwH5sjAC0fW1fXfFQpQeEaggv72SYAuBuBHEtJGp6POkHCXYsm8dFzCiiOBZdEzFKwGqL7ZcPNjxGG0sID96nwsPEXKpOSfZ+WcuB5kbUCzBx0mwOEdZqh1Fnv9QFQeln094vK8tytcVQ+aDmsxzQICg644I/9Quq01AmUnqrjs6F+mMfSpDP+9JBOnnmjvV6XBKttYYXphScCr1kE1HP7OBbPGK69iY2bsGEqIlMy7X6csQMLxi6vI4Ce0TcBpXu5rG8Xa6a8xfYgGcNVeMx9hakYrvOnibKQ8Z8q2QkNWcYzS9Z+piZnZ0RTd0T/NuSj4Lcc8lqPdeqlYlz5YidpQCMFnz8jJXQ1iTXEyaZn9HybStflp8TU1ar8rSyK6PwtuucFmwwSrwk99X3bsDjVRNUxefblMfkFPRhVw5Rfcewnuumao3oaQG4xX88STKMb59pOYhwFVjh1LuaHgCy/+U3lmuzsAvw2RVYywNKfiVpoeP2OQ1Lv4ab0Az9vDGyyIbsY8YOwcda85hMRwROk0+FrDUye1jrq99j2on1BJB/9FKrdEUzXXRJrrKDNGuSx+BaDV1KqLy4XXllDeUZx/dTDfcigQcnQRCuMng+DfnpwXhy4oJqIUEi+ROMbKs+8r4D8G6qOm7NpkEEJrCMbgOcn7AFBiDhiOzHziplEOvWRp7xl344r4eMM9f8ti+b2h/DWQweHj4CTtU4v9Nzn5Akx7oDjQWqmNZe4/yMVL3pRmwDnsjiStZhf1DAl5viIlCq+H0LQBDqaERpN4KPXujNMM1Y7u4LDAud9XaSOxs5UKxo3oTkcj5PI/m+rNj2Ql3v34xQ8T/jOdQ0S+Hrw8lmQKjvgS8co3vIeUENyR741DhpADTMu7XvxU5a+YKcNRB3wi/W8g2Ns8n+GPHNdtHsPiTIUDNcysQ5XLLK4LcoIMz/dUGYYtj5pfttLFLzbHtCDwyqFvTwhyc0L8U3mS2Kqe5rBmxb7It2VyXUaTvC0AXMv275UfK84keakdYgyuIIjkvtK4ejfcXpNoqmXnnHPWFRpuUWRFW1qu+giI3yb1a1Xei3io3/M8ubM5vYXjkwrNDYi4LKztAByzoEbDxbJtkTo4CYjLIdUSxLbLVdrqYFQD3J3DyLLaxt7FadEiw3hTwRGUrdXKmlGIBphNj8Y+cBZQ5SJTinC4J7j3GPPS4XDFkeJNDdrifCdI1j83jUZc8+3UUE9pwxRtWXi4GiLMua6E20dlhkx3mqwlsOwRePbBCJTzU4zmp9rylOfPvkl14M2EjaifISxRuEEegScq0hSaKtxvYaA26ebaODEd4V4Ta72gbW1cfWjCwOLw6Wdj4V29Td4BQ9LDkFi3IhLS0M50UiRFnEMwYuBA4pqRndYbSVzlXgH3iSLtpdq9Ye9dibm7sU
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR07MB8874.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018)(3613699012);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HiOUZJOFDVwR5b4sT+s/+rboNgcmbakSsMID9Zf4BUUJ0nUfwlXlNP84qWVzJFXHZoDwv9HD7/djpyblcgU4CGHHPpw37SbpBmf4m3cJ86b4T5LsxbOQUr11X//v2mJn37YiJOV79+ZLmvo/R7uFVwybc/qIqTvgB2Tu6tRvd736tPwBYYLvf43TEHQE5Q30bHAKMQfSPvjMWtSkz2D1vf3sl2ADvpDX8UZOAS3M/vvVxi5tvvFQeGRGhVclB26RpETYmjctZUriQ92zgMsReUTyVP/rdWeixopunUbkhZBzKYptO3TQAYWlYA1MLQxesQ51iy9c+HpN0ay7XX02f8zRuFC6qy4dij4XIr5l/uQS+T8UdlV+Pq3TM443GXHnKAeX8ZcNcMp3tzO13jdXXS7C/rBABWDNJNVSc1n229cYgFd58a4Rz9JIUH8N8mZjY7o1MUI8Ia/JR/C7jR9SVw1S6qPBcSs7EEJLQbVEspYludZCwL9s1PVYNg+Owg8FzY7cjNnIKwslqMv3+sn6hMTEwRh/MTIgWBRgSIDkhrnLfAxg+mAS3qa8CL0DwlNKDPDIeiOXdQS532UzHfAiBGCG217meOiJolQDFruWjDrHV4HrUY5ji/usLqHoDk7ug61/mEFmcxs/yAvkmTb2kWWYM2jv57Qq9OUZ+tFMQAimbPRQJbollu9H0aebR/gMPMgyiBk2zn9wLeXSTT6etMEUKXH4hkGS+17Pr2P+H7Hb8yd0avkE0W3qQstExDviPmZndZ3J6UhHAFA+UG5mEC1Xi+BdtJLzhheswSXD3scf0vN77xVGO5WAllmRRxllBZX346tV3Z0OQLlPUAOV5ww6MeidR5TzrkvJs8/wW6TzMa3CcA/AlXootU1QXwNjc7ONrvXzByv7qG4MVa++RnqtSA7pBVLZzdzfIYiDMLom+z/AlOpgKbshlic/RJQWxjWJy38yX/idF5BcCYMIux3iqoqly5D8HxZ3TewpAT3BNypNbdp8mtwVpARV+YycxhDC5w9JRJhdYEcNXM9/7wZxghZJX0gZZSEkokxjNQEfDXVWeM/PXIV3FRZsx0QrYid5yFghPVg9+1Lq7MvWj7wgj0ygF+uBkSncswTVwLMZegn5lctQf+tkXNOGUaGOw6m7EOEJpEp5u7eRccYAfRsIRwTdOuavAFprUCN1ajoIhT7PU5WU8JVNG2IgsiR33nC3sq1TyQI3wOccnr4tQRKwoxu3I6OlZYOvCwuXb+iS+yG9nxbLd7OFyvq+XaLOx2rP0VzGmnSHno/+D8ew2NP8FfwSg63JfOBR/L3KAH0kYj+GYxJWwXGvpLmZ6N15XDUkROLMjMyDWcu51yyRpF6UJFt29bnouCRqp8TgzZBc797YibJ1M7NLY1meH0pI3kcp3lSWQ0Zde7TISMXHV1kA166KAQuSeJmOBc7q6u/4foTxP5wmuWiibVjJ3XN0ZiS8cxnaeyx09ImitGAe9HfQVDEuZq6eOHIJ2xs3rS/6G4ut+JT/Nhzc1mx7ZPGpRh5PoiFoSbG4M3Ag6KSS3TdMxq5FrNodKR22qU0YlB5doc7IBo47/MiyBOdaj3PLKkfbnWSkdPCI9XBXKQwmMDqmyrhXa+TtMJh1J74MZNQ=
Content-Type: multipart/alternative; boundary="_000_AS4PR07MB88745BED23B9BED6C502BD5F95B42AS4PR07MB8874eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS4PR07MB8874.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7eb6389c-37ee-4432-537a-08dcada07748
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2024 18:26:28.6993 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G5jucu4Pg81M6huMNLFNk9jq5RFtWGqbCe0PiFi3/as2O1rPRfeu4Hxmobq9BrRf0ExlML5BklG+U3/UcuLl7Nk3PUpFjhOF6ZdGLqfzy6A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB6862
Message-ID-Hash: FFMOQLQJDCKU4DOR22F4T3KTVYOTE5IB
X-Message-ID-Hash: FFMOQLQJDCKU4DOR22F4T3KTVYOTE5IB
X-MailFrom: magnus.westerlund@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] On the proposal for 4895bis (SCTP-AUTH)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/--AKAxlKyJ_M2dkw4o1W1_9qLHQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
Hi, In regards to today’s presentation in TSVWG for draft-ietf-tsvwg-rfc4895-bis-03<https://datatracker.ietf.org/doc/draft-ietf-tsvwg-rfc4895-bis/> On Proposal number 1 on making an empty CHUNKS parameter have the meaning protect all chunks that can be protected. My concern which I tried to express is that as SCTP AUTH is dependent on multiple parameters to and that this proposal creates a dependency for CHUNKS on the HMAC Algo parameter. So the receiver needs to process HMAC-Algo before it can interpret CHUNKS parameter. That I think is a considerable change to prior. However, I do see the mitigating factor in this case that SCTP-AUTH will process all the three parameters to execute so this non-backwards compatible change in general behavior can be made to work. So I have a no strong opinion on its usage. A question in regards to this proposal. To my understanding there are 21 registered chunks. Where four can’t be included. So the current saving is at most 17 bytes. Even if we add a couple of more chunks, we are still only saving some 25 bytes. Is it worth that change for something that is only transmitted once in each direction. On Proposal 2: I strongly support addition of replay protection in the AUTH chunk. However, two considerations. First, it is not necessary to include all the 64-bit of the sequence number, instead it should be sufficient to include only the lower 32-bits and only include the full 64-bits extended sequence number in the authentication tag calculation. Secondly, the replay window needs to be large enough so that it covers the time period that corresponds to any latenecy differencies (including queuing delay) between different paths. Otherwise the heart beats being sent to verify the availability of alternative paths when multihoming. I think one can consider if one needs to have path specific sequence numbers. However, as there are no formal path identifiers in SCTP, the sender would have to enumerate its source-destination pairs and include that ID in the SCTP-AUTH chunk and include that in the data covered by the authentication tag. Cheers Magnus
- [tsvwg] On the proposal for 4895bis (SCTP-AUTH) Magnus Westerlund
- [tsvwg] Re: On the proposal for 4895bis (SCTP-AUT… Michael Tuexen