Re: [tsvwg] Comments regarding draft-westerlund-tsvwg-sctp-crypto-chunk
tuexen@fh-muenster.de Thu, 27 July 2023 23:23 UTC
Return-Path: <tuexen@fh-muenster.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3477C151078 for <tsvwg@ietfa.amsl.com>; Thu, 27 Jul 2023 16:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aSQz_oV5p51x for <tsvwg@ietfa.amsl.com>; Thu, 27 Jul 2023 16:23:52 -0700 (PDT)
Received: from mx-out-01.fh-muenster.de (mx-out-01.fh-muenster.de [185.149.214.63]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FD42C15107B for <tsvwg@ietf.org>; Thu, 27 Jul 2023 16:23:49 -0700 (PDT)
Received: from mail-director-01.fh-muenster.de (mail-director-01.fh-muenster.de [185.149.215.227]) by mx-out-01.fh-muenster.de (Postfix) with ESMTPS id 0F3EA205F0; Fri, 28 Jul 2023 01:23:47 +0200 (CEST)
Received: from smtpclient.apple (dhcp-8c55.meeting.ietf.org [31.133.140.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: tuexen) by mail-director-01.fh-muenster.de (Postfix) with ESMTPSA id 612761A004B; Fri, 28 Jul 2023 01:23:46 +0200 (CEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_03250CCE-EE44-404D-BA5E-77D7ABD53242"; protocol="application/pkcs7-signature"; micalg="sha-256"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: tuexen@fh-muenster.de
In-Reply-To: <DU0PR07MB8970E6392918E1B48A1BA09C9501A@DU0PR07MB8970.eurprd07.prod.outlook.com>
Date: Thu, 27 Jul 2023 16:23:44 -0700
Cc: tsvwg IETF list <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <AD18D009-178E-4B4A-BF49-E46AFCD60F61@fh-muenster.de>
References: <C99AB203-643D-41BB-94C4-F9B2A643923B@fh-muenster.de> <DU0PR07MB8970C2269BFC6789A589E83E9501A@DU0PR07MB8970.eurprd07.prod.outlook.com> <965444D7-BBD4-41D8-B7C2-ED5600B11330@fh-muenster.de> <DU0PR07MB8970E6392918E1B48A1BA09C9501A@DU0PR07MB8970.eurprd07.prod.outlook.com>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/AiIdkb_LRmzKiGFF0h0MYG3CJGI>
Subject: Re: [tsvwg] Comments regarding draft-westerlund-tsvwg-sctp-crypto-chunk
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2023 23:23:55 -0000
> On 27. Jul 2023, at 16:08, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote: > > Hi, > See below. > On 2023-07-27, 09:15, "tuexen@fh-muenster.de" <tuexen@fh-muenster.de> wrote: > > On 27. Jul 2023, at 08:27, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote: > > > Hi Michael, > > On the major issue, as we talked here in San Francisco I think it is possible to do what you suggest. It impacts the extensibility in that any future protection engine would need to define a crypto chunk protection specification that is added as an algorithm used to protect. We definitely need algorithm agility at this layer independently so I think it is more a document structure thing. We will look into this in more detail to see if there are any issues, but it sounds possible to make this change. I will note that that this would likely mean that we define the crypto chunk such that it has two defined payload protection’s one being the DTLS 1.2 record layer, one being the DTLS 1.3 record layer. The API to this function would then > Why do we need to support DTLS 1.2 and DTLS 1.3? Wouldn't it be simpler to support only one version? > I would suggest to use DTLS 1.3 only... > MW: Yes, and we proposed before that we should go DTLS 1.3 only. There was push back on that, but I guess with the delay this might be more acceptable at this point. The issue is that so far there are limited availability of DTLS 1.3 stacks, and especially there none from OpenSSL which I think is a reason that makes many less happy. Cheers I'm not sure if using OpenSSL is possible at all, depending on the final solution and the IPR situation at that point. Best regards Michael > Magnus
- Re: [tsvwg] Comments regarding draft-westerlund-t… tuexen
- [tsvwg] Comments regarding draft-westerlund-tsvwg… tuexen
- Re: [tsvwg] Comments regarding draft-westerlund-t… Magnus Westerlund
- Re: [tsvwg] Comments regarding draft-westerlund-t… tuexen
- Re: [tsvwg] Comments regarding draft-westerlund-t… Magnus Westerlund
- Re: [tsvwg] Comments regarding draft-westerlund-t… Magnus Westerlund
- Re: [tsvwg] Comments regarding draft-westerlund-t… tuexen