Re: [tsvwg] draft-tuexen-tsvwg-sctp-zero-checksum-02 adoption Wed, 31 May 2023 15:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0F892C15108C for <>; Wed, 31 May 2023 08:11:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id flacKL_Eb4AQ for <>; Wed, 31 May 2023 08:11:00 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 766D4C3B2BE4 for <>; Wed, 31 May 2023 08:10:11 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPS id 466BEE0EB3; Wed, 31 May 2023 17:10:08 +0200 (CEST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: tuexen) by (Postfix) with ESMTPSA id 0692A1A004D; Wed, 31 May 2023 17:10:07 +0200 (CEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_C607FA75-7072-4B1D-AE01-09C5A5FF2AC7"; protocol="application/pkcs7-signature"; micalg="sha-256"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
In-Reply-To: <>
Date: Wed, 31 May 2023 17:10:07 +0200
Cc: "" <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <>
To: Magnus Westerlund <>
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <>
Subject: Re: [tsvwg] draft-tuexen-tsvwg-sctp-zero-checksum-02 adoption
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 31 May 2023 15:11:05 -0000

> On 29. May 2023, at 10:56, Magnus Westerlund <> wrote:
> Hi Michael,
>  Sorry for the delay in answering.  So if I understand the issue is the dependency on the protection mechanism being in place to enable zero checksum. So I think your proposal for including a list of entries representing offered protection mechanism that would allow zero checksum work, and each of them define the criteria for when in the handshaking zero checksum can be enabled would work. You would be able to add SCTP-
Hi Magnus,

yes, I think it works. I'm just wondering if we actually need this complexity.
> AUTH immediately.
I'm not sure here. Claudio indicated that there are middleboxes that verify the checksum
of SCTP. I do no understand why NATs would do this, but it might make sense for firewalls
validating the packet format (I know that packet validation exists in products, but I'm
not sure if this includes checksum validation).
So the protection is OK for all packets where the first chunk is an AUTH chunk.
But the middlebox issue is still there. So we would require UDP encapsulation
in addition (which is per path and can change over time). But we would assume
that for UDP encapsulated packets, the SCTP would not be validated.
> I do wonder a bit if DTLS encapsulation is a method requiring to be listed. If it is encapsulation of the whole SCTP packet
> that provides a stronger integrity to the packet, then does it need to be specified? It will be in place from the start, and thus the initiator 
How does the sender know which packets the receiver is willing to accept. This depends on the mechanism
being used instead of CRC32c. For example, using AUTH, the packet containing an INIT ACK chunk would
need to have a valid checksum, but for DTLS encapsulation the ckecksum could be zero.
> might not need to do more than to indicate that it will rely on the used encapsulation?  In regards to middleboxes doing deep inspection, and calculating the CRC32c of an UDP encapsulated SCTP packet and then react to it being wrong. I would be quite surprised to find a middlebox that 
Why would it be wrong for SCTP over UDP over IP, but OK for SCTP over IP? I do not see the difference.

If you have a firewall which does some SCTP level protection and you deploy SCTP over UDP, you
would like the firewall to do the same of SCTP over UDP over IP. Why would you not want the
same level of protection depending on UDP encapsulation or not?
> does this fairly deep layer violation. Only if one are running on the registered UDP port for SCTP encapsulation a general middlebox know that this is likely SCTP in the payload. I am not expecting this to be a real issue for this solution. Especially not where we would consider deploying a zero checksum solution where the set of middleboxes would be deployed by the same entity that deploys the endpoints.
What about other middleboxes which might be deployed?

Best regards
>  Cheers
>  Magnus
>    On 2023-05-10, 22:54, "" <> wrote:
> > On 27. Apr 2023, at 09:31, Magnus Westerlund <> wrote:
> > > Hi,
> >  Yes proposed change would address my issue.  Thanks
> Hi Magnus,
> I wanted to address this issue before submitting version -03 of the individual
> draft, followed up by the -00 version of the WG document.
>  However, when drafting the text, I realized that this is more complex than
> I initially thought.
>  Your suggestion is to allow zero checksum when using SCTP AUTH or CRYPTO.
>  One issue the related to the middleboxes and one could argue that when using
> SCTP over UDP, middleboxes might not interfere with zero checksum. OK, we
> can write that without make things more complex.
>  When using DTLS, all packets are protected. Requiring that packets containing
> an INIT chunk is for backwards compatibility and is not specific to SCTP/DTLS
> and would require to all other cases. The same applies to packets containing
> an COOKIE ECHO or ASCONF chunk. This is for keeping implementations simple.
>  But there is a difference between SCTP/DTLS and AUTH or CRYPTO:
> * For CRYPTO (as I understand it right now) does not protect packets handled
>   in the front states.
> * For AUTH, it protects only packets for which the AUTH chunk is the first one.
>  This means that the packets having an alternative protection depends on the
> alternative method. How does the receiver know? How to specify it in a generic
> way that it includes CRYPTO, for example, without referring to it?
>  One possibility would be to extend the Zero Checksum Parameter to contain an
> uint32_t, which is an IANA registered value indicating the alternative method.
> The document could define one for SCTP over DTLS, and one for using AUTH.
> Then the CRYTO document could register another one for CRYPTO and provide
> the rules.
> However, I'm still contemplating whether this is worth doing. If middleboxes
> check the CRC32c (which would kill zero checksum for AUTH and CRYPTO for
> SCTP/IPv46), why shouldn't they do the same when SCTP is UDP encapsulated?
> Assuming that they don't do it now, because SCTP over UDP is not used a lot
> right now, does not extrapolate to the case where some specifications exist,
> which require SCTP (with CRYPTO or AUTH) over UDP.
>  What do you think?
>  I submitted -03 of the individual document and the -00 of the WG document,
> because I did not want to hold them up any longer. Once we have come
> to a conclusion on the above discussion, I'll update the document accordingly.
>  Best regards
> Michael
>   >  Magnus
> >  On 2023-04-27, 00:13, "tsvwg" <> wrote:
> > > On 18. Apr 2023, at 11:06, Magnus Westerlund <> wrote:
> > > > Hi Michael,
> > >  I am slightly confused by your exclusion of UDP for the zero checksum. I would expect that IP/UDP/SCTP per RFC 6951 would actually make it across a network unless a firewall was present that actually checked the CRC on SCTP level with that encapsulation. Which would in fact be a bit surprising as the UDP payload can be a bit of anything unless the UDP port reveals the service and special rules exists.  
> > Hi Magnus,
> >  there is an IANA assigned UDP port number. So firewalls could use this. However, I don't know if
> > any product does now or will do in the future.
> > >  Thus, I would expect that SCTP zero checksum should be possible to deploy when RFC 6951 encapsulation occurs and the SCTP stack would be using SCTP-AUTH or CRYPTO chunk as alternative strong integrity verification.  So I think the zero checksum could actually be allowed for UDP encapsulated SCTP when using a strong integrity mechanism. Just want to ensure that the document doesn’t include unnecessary scoping which doesn’t have technical merit.
> > I agree. Possibly we should be more precise:
> >  * We should not talk about lower layers providing a protection at least as good as CRC32c, but talk about other
> >   protocol mechanisms instead. These protocol mechanisms include lower layers like DTLS, but also AUTH or CRYTO.
> > * We should consider two conditions, where the use of the feature is not appropriate:
> >   (1) There is no other protocol mechanism to protect a packet at least as good as CRC32c.
> >   (2) Middleboxes will interfere with SCTP packets containing an incorrect checksum of zero.
> >  Then:
> > * SCTP over DTLS is OK, since (1) and (2) are both not true.
> > * SCTP over IP is not OK, since (1) and (2) is true.
> > * SCTP using AUTH for all chunks over IP is not OK, since (2) is true.
> > * SCTP over UDP over IP is not OK, since (1) is true. Whether (2) is true is not known to me.
> > * SCTP using AUTH for all chunks over UDP over IP  might be OK, if (2) is not true.
> > * SCTP using CRYTO is not OK, since (2) is true.
> > * SCTP using CRPTO might be OK, if (2) is not true.
> >  Would such a change address your issue?
> >  Best regards
> > Michael
> > >  Cheers
> > >  Magnus
> > >    On 2023-04-12, 14:21, "tsvwg" <> wrote:
> > > > On 11. Apr 2023, at 19:15, Nils Ohlmeier <> wrote:
> > > > > Hello,
> > > > > I’m supporting adoption of draft draft-tuexen-tsvwg-sctp-zero-checksum-02, because it is going to be useful for all WebRTC endpoints out there to have the option to skip the checksum step.
> > > > > I also reviewed the draft. The only concern I found is this sentence:
> > > > > "Since the lower layer of SCTP can not be IPv4 or IPv6 as specified in [RFC9260] or UDP as specified in [RFC6951], no problems with middle boxes expecting correct CRC32c checksums in the SCTP packets are expected.”
> > > > > Which confuses me, because it sounds to me like this is trying to say that SCTP over IPv4 or IPv6 can not be done. Which obviously doesn’t make any sense. But I honestly fail to parse what this sentence is suppose to tell me (besides no problems with middle boxes is expected).
> > > Would using
> > >  One example of such a lower layer is the use of SCTP over DTLS as
> > > described in [RFC8261] (as used in the WebRTC context). Counter
> > > examples include:
> > >  * SCTP over IPv4 or IPv6 as specified in [RFC9260].
> > >  * SCTP over UDP as specified in [RFC6951].
> > >  * The use of SCTP Authentication as specified in [RFC4895].
> > >  Therefore using an incorrect zero checksum will not result in
> > > problems with middle boxes expecting correct CRC32c checksums in SCTP
> > > packets.
> > >  be clearer?
> > >  Best regards
> > > Michael
> > > > > Best
> > > >  Nils Ohlmeier