Re: [tsvwg] DTLS in SCTP solution

Michael Tuexen <> Sun, 14 May 2023 21:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 75945C15152B for <>; Sun, 14 May 2023 14:15:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9CGu1Aig6RcG for <>; Sun, 14 May 2023 14:15:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6A1ADC15106B for <>; Sun, 14 May 2023 14:15:12 -0700 (PDT)
Received: from (unknown [IPv6:2a02:8109:1140:c3d:b522:5535:34ac:fda0]) (Authenticated sender: lurchi) by (Postfix) with ESMTPSA id CF087773FF402; Sun, 14 May 2023 23:15:06 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\))
From: Michael Tuexen <>
In-Reply-To: <>
Date: Sun, 14 May 2023 23:15:06 +0200
Cc: tsvwg IETF list <>, John Mattsson <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Magnus Westerlund <>
X-Mailer: Apple Mail (2.3731.500.231)
Archived-At: <>
Subject: Re: [tsvwg] DTLS in SCTP solution
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 14 May 2023 21:15:17 -0000

> On 16. Feb 2023, at 10:36, Magnus Westerlund <> wrote:
> Hi,
>  We authors of DTLS/SCTP have worked on two drafts that together forms what we consider a much better alternative for how to use DTLS to the current proposed solution that is based on SCTP.
>  The first draft is a general crypto chunk that can be used to protect the rest of the SCTP packet using a negotiated protection engine.
>  Then we have written a draft that defines how to use the above crypto chunk to integrate DTLS as the protection engine. Targeting the same goals as in DTLS/SCTP. Like mutual authentication, support for very long lived sessions. But in addition we get a lot of other benefits including a much lower bar on the DTLS implementation that is integrated.
>  The benefits as we see it are listed here:
Hi Magnus,

I'm still trying to understand which approach might be better.
> The main benefits we see are the following:
>     • No dependency on SCTP-AUTH
While that is true, fixing the issues with AUTH requires some
code changes in the SCTP stack, but
* they are observable via the API. So the DTLS implementation can check
  if the SCTP is uses has them.
* the required code changes to the SCTP stack are smaller then the ones
  for the CRYPTO chunk.
>     • Much lower requirements on DTLS implementations when it comes to support of functionality
Which is the other way around at the SCTP level.
>     • Protection of the whole SCTP packet, preventing attacks on SCTP as well, not only on the user messages
I would like to understand this point. What attacks do you have in mind? What is the threat model you are using?
>     • Much robuster when rekeying
>     • No limitation on user message size from this mechanism as it functions below SCTP’s DATA chunk message fragmentation mechanism.
Isn't the user message handling almost the same for both solutions?

Since we are doing this work for 3GPP. I would like to understand if the intended
SCTP stack
* only needs to be run in kernel land
* only needs to be run in user land
* should run in kernel land or user land, depending on the use case.

I would also be interested if there is any expectation regarding support
of open source stacks. I have only a limited view in the stacks being used,
but, correct me if I'm wrong, right now open source kernel stacks are being
used. Is it expected by 3GPP that this is also possible in the future?

Best regards
>  We are working on getting our IPR disclosures submitted on draft-westerlund-tsvwg-sctp-crypto-dtls. We authors are currently not aware of any IPR that would apply on draft-westerlund-tsvwg-sctp-crypto-chunk.
>  We would like to ask the WG to consider this proposal as a replacement for DTLS/SCTP.
>  Cheers
>  Magnus, John and Claudio.