Re: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-01.txt
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 12 July 2021 18:09 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D08473A080B for <tsvwg@ietfa.amsl.com>; Mon, 12 Jul 2021 11:09:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.653
X-Spam-Level:
X-Spam-Status: No, score=-0.653 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWbMLiu2AnFL for <tsvwg@ietfa.amsl.com>; Mon, 12 Jul 2021 11:08:58 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2082.outbound.protection.outlook.com [40.107.22.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 819AD3A07C7 for <tsvwg@ietf.org>; Mon, 12 Jul 2021 11:08:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KRpAy8kVaDhxd/7mKSKHBkLEYpwuCXu9a5eep1CIQqIgTpmXExIlCytPx5pB9QwcdXn3NyTR5jrRYxkUkmJDoVNLI4EBiPNCZKBelkqBh5xB8CqU5Le1+7EHwe90fRHN+1s0vbszLx3aF3/t3bMKB9duJlAviFC1HCsYQdd59RJ6xC5LzfR6rz0E7YH7gLLQJffkbg5S/91on/Zgpd4nALQVsOkBL/DgK7ub+WPbmjnbhQ9aMLxfxZG7crCESIOgxm8cxlMu6npd4fc4WJe03TYNCYLx0tUISjh46m/VUTGysffyGqcZ/l+50pOYK969Xctx7sp373G4E68zIvEVqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pG+7x6LQ5hp1Sjr+Jm+2+Y/f4BpAn2pAqGEXVxDs+6E=; b=S9SrR/vSdeuSvK2Pm8b33vGzor7Q2TV9ikl3opEt9yqd6kqdw58nZcokAm7SKF13h3b6Lzkl/29ngIp/f5L4uaQTuNOnM+jBSGuHCUwZoEfcYwSBbpe/SWmuZqy2sLfm+ykfrtd0kqQlrFkJg+DFE0qcvxoflYYzRvWXSHIs2GQkTOkRPZS+3vvgUVxRDBcvot9BZSKRTPd024ljcaU5ewtR6sztE6nKgKufDgeWS5p7O8gk9uW+dwkWLTGKpwv5q6Weo+dbAHCJ/zh/RYkhuLCkamwTYqsn+9xz7Sj9ZpPUiTvTDZGBk/TzNMzQQjzsj0nE33Sz7BWhysXiC9KOFA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pG+7x6LQ5hp1Sjr+Jm+2+Y/f4BpAn2pAqGEXVxDs+6E=; b=hec/5+6ZkcBF4JZ1pYn4h5Sn02dEuaNjwXHciyvH3zvthxAhrs3RJQhEA645Ou2Tf7YJ8oupKuLjX3ikz1rR0H0Qe/gC4DXJ4jsD6EhRhWq9+cb5CoQLWj8gknbouhlaFTbuROi9NFv+Z9qu38imE7neiSCDAVhql9M/cZBUMt4=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0701MB3001.eurprd07.prod.outlook.com (2603:10a6:3:52::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.14; Mon, 12 Jul 2021 18:08:06 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043%3]) with mapi id 15.20.4331.018; Mon, 12 Jul 2021 18:08:01 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-01.txt
Thread-Index: AQHXd0aCp5KkvL5CxEmjPDhDA09sC6s/oSGA
Date: Mon, 12 Jul 2021 18:07:58 +0000
Message-ID: <HE1PR0702MB377220322518B2FDEC7E5C8895159@HE1PR0702MB3772.eurprd07.prod.outlook.com>
References: <162611221378.14688.5394879617080274084@ietfa.amsl.com>
In-Reply-To: <162611221378.14688.5394879617080274084@ietfa.amsl.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: de8260ad-2f91-45d0-fa36-08d9455ffc82
x-ms-traffictypediagnostic: HE1PR0701MB3001:
x-microsoft-antispam-prvs: <HE1PR0701MB3001FC95B30039C54CF6369B95159@HE1PR0701MB3001.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vaae6W4b0nepJF911ti6KAZ3fBXs2hQNrjKmqHC4+lR5qZE9TdHviPfJ/5xdaMDEpGiA0vYwfF31KzOontSRbnp50aA2u+4mstFAdJU9AmcdJYKRoJydmCNBdF9sa5I3/3PVXUUrXqlmni6iGil6gxsVEDqC+RzgtxhOySOpA0aqA2MDHLDvYvKeeHaHcnWviY1swva00CE1XqcFgSU1CdR4c5fPlEH0nGYSpNCL0ZoTEDGP5CElvrngW3VSPRhB/I4UwmDUWHfHc2Pbn2sYRIvakMNIqOHDOIoOkTQ/loXOj9GR97YfAafhYvwLdzJzPauF+LqkGpIBbv/+IDcUCM2aPHVD7x/q4ZoUTTOG8giVfh5IPZD9/kuVRjV8LG+swXdSo1M9jWn8Lwm0DhKNOEF77Bqsp2A+9SZNPWZE8R7hr4YEhRXZWw9B++2PYj4LxLPEoEDbz4hIU9ReZtSfW4Y6JrlvesRdrmO3XjFw1+HEZXEb849Atb4nvORpnhmN/uyKGw3lRJbGvgOfEIc2mJ/oE/6DnALF8oDM4iDdSkDo7lw8wsTU0s2bUNEZP8IcUZo2AA42+z8Pr2z/06BOHgd6Ytrjad+Xn8SUMr2wsZhw5zC7oMngRjYzlyBd6cL2zVhC+wlQBhmSpNqkUT8OgwhX1q5lkpV1C8bn/LT6jduVcwQCTqsPFNH5JNUVscqyAwhi4sS0wD0EOxkREwkU4aRZjuaqZfbfKMXCoRG8EJoKJ7+voVEk787ukbCfYE68uImogyeeaM76Q8BJaOgNmg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(346002)(136003)(39860400002)(376002)(9686003)(66946007)(6666004)(71200400001)(6506007)(55016002)(5660300002)(8936002)(76116006)(478600001)(66574015)(316002)(186003)(99936003)(86362001)(122000001)(8676002)(83380400001)(33656002)(7696005)(966005)(66476007)(66556008)(66446008)(52536014)(64756008)(26005)(53546011)(38100700002)(44832011)(6916009)(2906002)(66616009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2NUthvSCQDr7xogZK3KanyuyV1UNb8Q9gT7RETygFXi1axW955eh7VhJjGEnyq5MEUQDQZ7rHDbwHIeBKMBaMxA7KrjmU/C5CasXdfGac2ivNTG1zScnVpVbwb1LsF4coin3V/kcmRsn7HvU6dRWXtUZEXQNujMpyUz6J5Zr6TCV8NuXyOEmzIpyPjryDrOHf2AK3m+c4VTEhRrJPUhRUF0tyj5vt4e27PoktdEbElr7J/eWAX2DK1GmXGBh02fVZgMxaljcEi1Ndplnqf5QI5qhD6QhCnc9yqIpDnveJOSPWZlCZQDsFEHlcwdLjeAaAUJTY6wmWvkZOdWjiMrasF7tig1hHydJ0MiERVBv+pkdetD6T1SaRQ3HyKYsJKFfYBh1UMUXIbrWPQtljzxuqOdBFrKa0WXdu2km+4f0weJiwPGd9BvtKS4CNc7n5fNJGYOWpqYL7yG4TK4kVcGr588LYznnsjuESxOnpuBJh7lWft5Wt0oFtsqzxJMhi4R/Y/qklgXtod39+5erbeDxlYc2vdx2FJDYju8Xf2zjyTUrsQpbHYG3jiGYV8QKbuSM+263nYpXqQjLVDTCLnpDzaHfCiioPkIUEcW6PA66ul7XWidE+xRw/yx3HIQ30vvsRgq04t3llj2U84qmihjq03//RTgoo7fyBcqdJtyo3z3xW8MRuOZoHXlqAmb9Ayy1b62UGmDTJDIliruBVOzqc9cpKRNNkgH61fm3bmStJ4xsAd6lcxDtcbRKhHrYPwg8Q/kQ4Gdnw0e8C8m4njx5iPW6ONUAKoyA5tDqcwoP1mmNv0wE0gfjNpTOFvsBRZFDRAsZsCoI2T8Lp1fqCr/S+qPJ+A6vmBYAeM4f4tB9/q4L/YrmKpNs4bHfn9+VCXG5+Ajd8CCSvL2lAZgj+m9TacJXRwW5ZDY+InQv/CgEENonYhuJC+qa+bqaVnQPBJBDyMlwhB6bgPXM8adGem83h4MVfJJn/RLxrwRRZPIU6xbqH1jUCNsPwNX0uXKFWGAybZRmeTEPrTM1R2xaoECFAI9bhG+ZgeRWrgIhrwpYFfyqsS1qogMk1nMi6mosOo1JHaC1duU/vrUAwWRSU988hLDLeOfOlOsZfAotWNpfpViaYtK/L0jaoM3LvVX+u7poGJ6/ktaPj2gq4WL6tuIIoPfylKUkPoQ1iYW0ydVv1IY1swdC6zboy6z1EF1jRTx89nHFsHE3nyS6zXgfqysC0z5WgQYkiK0XLcSAMuE/E1mroiG5cPBjDYT+NNu1JQHFUFEYmyr6fRlKoKYsG3NOu2kojcm7dSUmlNGr0Ka00cgyfF/9PamEFnY9h926ZSBW
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0011_01D77759.9BB3DE50"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: de8260ad-2f91-45d0-fa36-08d9455ffc82
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2021 18:07:58.9889 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ydq/wlUrItJ1w0YxGtp47IKemgLw8zxknRYzeDewl9IQf5h0oyJh4dauEsg3DISB8fWbKkVTdkSbh7SMfl1sqRl2VpqK9V96Bze2cLN23ec=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3001
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/8HQ288ox3qbV-hPf-lbEXEuraXU>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-01.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 18:09:03 -0000
WG, There are a lot of changes in this version improving the document substantially. However, we have a significant unsolved issue that we will come back with more details on so that it can be discussed. The issue is related to DTLS key epochs and the multi-stream user message properties of SCTP and how to know and ensure that all DTLS records using one key have been delivered so that one can remove the key at key changes in a way that don't require one to stop sending new user messages until all old ones have been delivered (draining). Cheers Magnus Westerlund on behalf of the co-authors > -----Original Message----- > From: I-D-Announce <i-d-announce-bounces@ietf.org> On Behalf Of > internet-drafts@ietf.org > Sent: den 12 juli 2021 19:50 > To: i-d-announce@ietf.org > Cc: tsvwg@ietf.org > Subject: I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-01.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Transport Area Working Group WG of the > IETF. > > Title : Datagram Transport Layer Security (DTLS) over Stream Control > Transmission Protocol (SCTP) > Authors : Magnus Westerlund > John Preuß Mattsson > Claudio Porfiri > Michael Tüxen > Filename : draft-ietf-tsvwg-dtls-over-sctp-bis-01.txt > Pages : 22 > Date : 2021-07-12 > > Abstract: > This document describes a proposed update for the usage of the > Datagram Transport Layer Security (DTLS) protocol to protect user > messages sent over the Stream Control Transmission Protocol (SCTP). > > DTLS over SCTP provides mutual authentication, confidentiality, > integrity protection, and replay protection for applications that use > SCTP as their transport protocol and allows client/server > applications to communicate in a way that is designed to give > communications privacy and to prevent eavesdropping and detect > tampering or message forgery. > > Applications using DTLS over SCTP can use almost all transport > features provided by SCTP and its extensions. This document intends > to obsolete RFC 6083 and removes the 16 kB limitation on user message > size by defining a secure user message fragmentation so that multiple > DTLS records can be used to protect a single user message. It > further updates the DTLS versions to use, as well as the HMAC > algorithms for SCTP-AUTH, and simplifies secure implementation by > some stricter requirements on the establishment procedures. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-tsvwg-dtls-over-sctp-bis-01.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-dtls-over-sctp-bis-01 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html or > ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sc… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-ove… Magnus Westerlund