Re: [tsvwg] SSL connections with SCTP
Caitlin Bestler <cait@asomi.com> Thu, 09 May 2019 18:56 UTC
Return-Path: <cait@asomi.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB091120131 for <tsvwg@ietfa.amsl.com>; Thu, 9 May 2019 11:56:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft3309700.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykMvFh89HfOE for <tsvwg@ietfa.amsl.com>; Thu, 9 May 2019 11:56:41 -0700 (PDT)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720139.outbound.protection.outlook.com [40.107.72.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B12F120110 for <tsvwg@ietf.org>; Thu, 9 May 2019 11:56:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT3309700.onmicrosoft.com; s=selector1-asomi-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4wPbLiDKF4EkXaccgUnc/5UJdm7v6mNlPZwPPYb+q0Y=; b=rjTiOlY+WCzfnvI9gstUw3FTAo0/9wNiOg0uFHrnsf3eVnTE6K4+s3L/cnBT+YePA6U1zCuPD9MQjB0CeXI5PbidHuc+UzzatVH7tufyEKQxuKruKP8QlPUXyDK9Icf8OOh27swHGYS2aMz6atKr+fR6A+bl/5z9OIv7kIh9E1A=
Received: from DM6PR11MB3435.namprd11.prod.outlook.com (20.177.220.28) by DM6PR11MB2538.namprd11.prod.outlook.com (20.176.98.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.10; Thu, 9 May 2019 18:56:39 +0000
Received: from DM6PR11MB3435.namprd11.prod.outlook.com ([fe80::c52b:73e1:4211:5ec7]) by DM6PR11MB3435.namprd11.prod.outlook.com ([fe80::c52b:73e1:4211:5ec7%3]) with mapi id 15.20.1878.019; Thu, 9 May 2019 18:56:39 +0000
From: Caitlin Bestler <cait@asomi.com>
To: Michael Tuexen <michael.tuexen@lurchi.franken.de>, Elmar Stellnberger <estellnb@elstel.org>
CC: tsvwg <tsvwg@ietf.org>
Thread-Topic: [tsvwg] SSL connections with SCTP
Thread-Index: AQHVBdfwsgF035Kgc0ikYLIvbn98y6Zhqu2AgAF6t7A=
Date: Thu, 09 May 2019 18:56:39 +0000
Message-ID: <DM6PR11MB343506E5F2B9435D36084121D3330@DM6PR11MB3435.namprd11.prod.outlook.com>
References: <1d70503b-62cd-fe9a-118f-4ea36f148d1e@elstel.org>, <DA242CAC-05C7-4317-A15A-F95983F96192@lurchi.franken.de>
In-Reply-To: <DA242CAC-05C7-4317-A15A-F95983F96192@lurchi.franken.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cait@asomi.com;
x-originating-ip: [2600:8803:400:74f:e9cd:7a4f:4a8b:cdbf]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 23039261-58fc-4535-a6aa-08d6d4b011c6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DM6PR11MB2538;
x-ms-traffictypediagnostic: DM6PR11MB2538:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <DM6PR11MB25386CF64C530AC53CC52B30D3330@DM6PR11MB2538.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 003245E729
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(366004)(136003)(396003)(346002)(376002)(199004)(189003)(66446008)(52536014)(64756008)(8936002)(236005)(99286004)(1015004)(81166006)(81156014)(8676002)(2906002)(14454004)(4326008)(33656002)(256004)(733005)(55016002)(54896002)(6306002)(9686003)(6606003)(74316002)(966005)(316002)(110136005)(229853002)(11346002)(476003)(71200400001)(6246003)(7696005)(25786009)(446003)(486006)(66946007)(76176011)(53936002)(73956011)(606006)(53546011)(6506007)(102836004)(5660300002)(66476007)(66556008)(68736007)(508600001)(6436002)(7736002)(86362001)(76116006)(46003)(19627405001)(186003)(71190400001)(6116002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR11MB2538; H:DM6PR11MB3435.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: asomi.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 5TjlTnqsL7uXMXP6M2lKJVgdKRcW56M99OKTukVsAcrIX5fxcDPC51il7Z/ilmzaMoGAFGGi1vHPkTbaj3GIvQMVq198B466ykRoR/h3J2JoT/J4drCoCJ4QoMks3vDwSQg+PGclS1v9KXI1g1l5ISO5Fxl4n/q/cx0+bqMlJy9J3wIcv6fEpEiF0uL4PLxWnerjNe08uRIzDfN7HW09j3V8j9amQU32bke5S80t/i5WfbI55THVmDTkBT9jmkXKMegz8qcVoR2H4inPYLF9DmBs1xtoZ+e0IGm9TcPDUmy76+kzzJnRjhD4L47PnnxIhumTw8V0PwFw0zAhB9cKRnBbtn8LDUpmp3GKEpIh/3NsZ6syfrpnHGwnGEcn+ITprKToT34IKeIRr3phAthbcGRcAw21GnPpEdNma4fHado=
Content-Type: multipart/alternative; boundary="_000_DM6PR11MB343506E5F2B9435D36084121D3330DM6PR11MB3435namp_"
MIME-Version: 1.0
X-OriginatorOrg: asomi.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 23039261-58fc-4535-a6aa-08d6d4b011c6
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2019 18:56:39.6717 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a90e44c6-9570-49f9-9cdb-dff096fd98a3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2538
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/BnF0j6odbhy4u2-4Tw7iqxS72c8>
Subject: Re: [tsvwg] SSL connections with SCTP
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 18:56:44 -0000
Who is supplying the identity information? If it is the host then you want to secure the SCTP association. If it is the specific application then it would make so to do so on a per-Stream basis. What would make no sense isto have the host apply a host-wide policy on a per-stream basis. ________________________________ From: tsvwg <tsvwg-bounces@ietf.org> on behalf of Michael Tuexen <michael.tuexen@lurchi.franken.de> Sent: Wednesday, May 8, 2019 1:19 PM To: Elmar Stellnberger Cc: tsvwg Subject: Re: [tsvwg] SSL connections with SCTP > On 8. May 2019, at 17:03, Elmar Stellnberger <estellnb@elstel.org> wrote: > > I am planning to write a proxy for localhost which relays incoming tcp connections via an SCTP connection to a remote host. That way it should be possible to overcome lacking SCTP support for browsers. Now my question is how to best use SSL with SCTP. If I have established an open SSL SCTP connection and want to fork a new flow for the same connection do I have to repeat the SSL cipher negotiation or may I simply fork an existing SSL SCTP flow? > I would suggest to use DTLS/SCTP. This is supported by OpenSSL and you can find some examples at https://github.com/nplab/DTLS-Examples. [https://avatars0.githubusercontent.com/u/12073177?s=400&v=4]<https://github.com/nplab/DTLS-Examples> GitHub - nplab/DTLS-Examples: DTLS Examples for OpenSSL<https://github.com/nplab/DTLS-Examples> github.com DTLS Examples for OpenSSL. This repository contains examples for DTLS via SCTP and UDP. Each application in src can be used as client or server.. Our examples are developed against the OpenSSL 1.1.x API. Best regards Michael
- [tsvwg] SSL connections with SCTP Elmar Stellnberger
- Re: [tsvwg] SSL connections with SCTP Michael Tuexen
- Re: [tsvwg] SSL connections with SCTP Caitlin Bestler