Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 18 March 2024 07:58 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63F45C14F6BC for <tsvwg@ietfa.amsl.com>; Mon, 18 Mar 2024 00:58:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JX2OQ-YgWb3w for <tsvwg@ietfa.amsl.com>; Mon, 18 Mar 2024 00:58:27 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2133.outbound.protection.outlook.com [40.107.22.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9A5BC151098 for <tsvwg@ietf.org>; Mon, 18 Mar 2024 00:58:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ETcMfnRLSmAsx358YTz2YGmu1/Uhm9R70yyH/V6a0hw04ZEeJJq70bLmNCXh/qROvS44u+8lOlUg5unjYVou8KQO6JWwSZimOSBeJx3+wN0R8uH4Stn5H9/3X3FdNu1A+25v3Gh7oj12RYjliTOI7zEG369I2LZsrm/nmhAZh4a4c6qN8mv+Ql3FHVp8qZR8gqa7Nq6NFBDES46/FsWsAg6H4dutZ3dxNnWF4nklLwwl/lzV2swVaPmW3F8Y3lE0IFndj27sdr0DNGU8Ehrn829rGqRzWO5IsgowFZtyxIvpgC3G2KZl2zQbVRxrSjFBqs/SGHzm93BvACq81ai8pA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c5cjLHDOWBA5eqi/U+HsIXvAZih27cjbW3LsJnroMHs=; b=iAaYww0qX+o2Be42H73E7ovn6E3A0HuDnhRCDBIksmekhLQeyDlDKjxTJdF0GYl+zahdkNOIXnHLtfaYoN+xZ9QBsyvJRirj50Zw8U2MergNC9trQloGw30h+jrUPxlG6Fy3IMNtKqRgw3Mbn2qNBNsadHRgdU5w2+K+a3pJcZnijbtfHbWu3gbuVxxvLsulA+PyvnoAkAOMft4ti9zWyU7/qFWduGlxUnwk2ex624vxva4GdHa/YU1TnpDP7E9S7m1gQ40SQNY8nA1VZTy1ix/t3Dn3+2j+a9qicFq7Y5rAJrNAL2z+FZRgDIv2LeVubqSLaa83sp+9kvMBJMYMfw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c5cjLHDOWBA5eqi/U+HsIXvAZih27cjbW3LsJnroMHs=; b=JCUC73LZu9JybGWG3GCBVGs/AUuBLjlerYH7IxxudUVW5KcjBGIU2dJ+TLaS8cArxlJ35RCZgs2oS9ElC4zyleImgGCHuVSVQhwYbC1fBJFLfJoh85PixJ2yDkKvgtzgb1lpBuPbq260eiREjBDCAcSYH6PtSrCl202lni08vy0SloYHdqM0D658haiVYEdYCjH9TTRLzm9twauYfWU2CtTc1HoHwvBRMpN34sfrL+YiUz4KXRjBlY7NE9tZpGcFVXr/76KocSFbTBkVyAG2rHNED2Laf09GaPly1HsJ9m75HKIr1/dWeB/bkf+KC1G+zqSkMNsA8boqbPm2ZYJYdw==
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com (2603:10a6:20b:4f5::6) by PAXPR07MB8724.eurprd07.prod.outlook.com (2603:10a6:102:246::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Mon, 18 Mar 2024 07:58:00 +0000
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::c104:41bd:ac71:7b13]) by AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::c104:41bd:ac71:7b13%4]) with mapi id 15.20.7386.025; Mon, 18 Mar 2024 07:58:00 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Michael Tuexen <michael.tuexen@lurchi.franken.de>
CC: tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
Thread-Index: AQHaeLt22oirLS45zEmJOmpSGUSmNrE9F2MAgAAJB8M=
Date: Mon, 18 Mar 2024 07:58:00 +0000
Message-ID: <AS4PR07MB88744D44D4FC22A4A364EA5D952D2@AS4PR07MB8874.eurprd07.prod.outlook.com>
References: <AS4PR07MB887498E4AFC609054B074A40952E2@AS4PR07MB8874.eurprd07.prod.outlook.com> <DEB2D70D-C457-4D79-9BED-95582E993B2C@lurchi.franken.de>
In-Reply-To: <DEB2D70D-C457-4D79-9BED-95582E993B2C@lurchi.franken.de>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS4PR07MB8874:EE_|PAXPR07MB8724:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: z/Mr5jL0QLFQqLxHM8CnbOWO9hlWDgIlfcq0R3x8oGHqasVsdP3iamQcyhIjoIcZetE9+lH3v7evm30w9roUVLpzhtms+szZYJWGHRwNlA0chMsooWkhcxcdvxCkEih5NZpxsbnDE6VtszoOMBl8feXpmOKWlLCuJIqanYGSx5dj8nLKVp03X+CsjfZmrZ5vN5yw5IwOlMHFuL7mQ8Dxtz0KDDNMLvA6W9OWEZpxwZxLVuwYeRHgy1Yaoih+J8TMdGE4IgBZI8pqGKnVwyvg3Z//CI9K8KYW9w/DdFKT9O0Wx7Rjak13PySgwad0a5XNT1NmANPyarGAFZ9dYOBg/LRqiiglQwdXcR0wDM7WE0gODzrwwPE2ojYjgfqumuLP3k1Tu+qg6ezEP68S79YjDgYsNUY/UTTfuhTC/vsJiqREi3dxhm55vD9ZETsKZGmRBL2w7fJTzOlQuVB0CzoEIXz1n+VW7ccst24bOS5g9bg11+U3lxnSlHMk1cNayl6bBjAbaVAxCJYpOpZoeUXmBTO4Ws+5/D7OA2/EbonQmebL2tjTxebU3sUgB97jUZ/wyRG8/2OJIs8QdRmwUey+fB2UdvvzP4/zLMdJnIYzkFY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS4PR07MB8874.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: cuv98oh0wafPpJ/c2qMR+pIl9nk/St7Uoz4Cu1jHC1vKhIk2ziAbm9hQSqARLKwenUkQ1DmtBNWAesGUG+Rx35fFb/cOcTB0HWFmEUa/1kEuW7OJf/UNTLQ48ME4DhjD/9D4+yIGXHRnfjkR/R/LHgMO5NBMVNOT5p0mpkEvqwAKm5iPH2ULp7uZmFAvcf3FMNPv6DLabIJGanJXwdW9ZJvqAKjS2bjM9Jl7Nn2mr3F85dSTgFg/+4yx09DnrsYZ7THiUJpsD84PXRMUA76UZkLUbOfnsrK+bXS4Pq2cxehcX/w/4ZtYAJrUm+HGJlLz3KWW28lNSaMRgNyn5Je7yeXX8662Xn/OVxd+cJncdwVQAabBVbR7AkTLk7eMl2TUHtjVgkVxUL/rm913rwTWI9SAY4+5l0sjJAKmH1NjY+jeaojoLbRrkLVfKQySFf/NIeT92UODwhg2o0srNpFVJgwbrOUEp/J46zv26MzxJYsbJIBgyRsNVC9ArhVSGvgdFbY5sIOcfB+H9mnVo3lAajimL/D48U8go0TThCoDaPkbITrxqTvE+9gXqgYCLypgMnrIACELM5055npwyTYGMEkvZ7CmCNpD6Pud4daneSwk84ZM6YpEpxi7fE8lqgdvlaEbbE33/3aqv9sFKth58/vXuBG1qk30XjMt5Sj3RXEjrcz55RL82WIvWBfRuhhLBbfY0jaRhTq4sJNdD7v67Pl6kUAm0g8PJvu8a7DIZ/3PBibVGicw2NxTLVhxK7WceUDOeXGdPFowmtPoL+HU/B94hajBFG4b7mCb2Lix5Na8DsNqmoC6oWhBr7mkx5lr6+foEThncTjFg7+iaWk6U2H0l75ss1KxJ4zHKyvzdr7iF7l5Ih9H3Wisw8JCsQ3nRl1zoO/EIfDCcsb1VZvH1j556HYmeIYuD+ApEyJGbaFt2wIev9y64/QmY/tvQFX0yB1xYVj7yV7Gt+iuzzhGU5KVYF3SjaW3wAWwwTuurBId7aaoIJdZVcJA79xKmIJOrBoSl8AY1tX1GJKAjoXkub3o6ikaowq+G/e/iTPHX4oge5i/obOFD6WrlQg1P9Dz/AfguECVtJ26bZXrkgoARX8NHI1VAEp0cfWSuCKuCHZ30zM89qzSjeEOT6jQNnikgP2ovj/b9QBLfy51W3iV0D5n//ndTMRrnY7OdkuvzravlALlAxGmXsPdL7Zc5nMDjyHElyiVAp4PoYgZ1xjP3XcOt89P0Uwev0r6nRNIyXZJccOcIB4D4caVWdbv55Lrcm4iGzSeHoMwxK2IG3q1YF6DYVk7jFGrdTqAPmpBy5C0dubsh+4S7e0tlXYzW1ku/3N36MnrZsdt19JRp4nq81tczAZkGNM32lkacb1LmmnSHdWE5KW5wyLsN1M2Mi4cqab5i0dXtY44jkIlyNC7kg11uucYHoNdaeL/mcaFjXVeO+0VH6D2C6nzb9jBRdqc229bSRpX39d9HpyuuVocvr3C3QXyw1N8/ee7b+aUfppJFGSbmUuhDY3fbEDYZ1coj9CBP/Cf3BHPkojV/lx83O35n453c/lU3sOJp6W+knr78uzuX+a7f7wkORKfdKtZBL8X3f2kpbkwu8+gbgRXux4AQsBBXZLCBNfLZLKCGbA=
Content-Type: multipart/alternative; boundary="_000_AS4PR07MB88744D44D4FC22A4A364EA5D952D2AS4PR07MB8874eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS4PR07MB8874.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb66b2c7-1b44-4bda-833c-08dc47212172
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2024 07:58:00.0203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6+pnMLos2NOV52fgbkDBz6/E6LFc7a373co8X5/4e4MCUjYA1Yj2s0KyDcGjx+G3sDaqbHSfp0xjnkeOfb/RZasGfj4xtwhW2Iw194O+8+E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR07MB8724
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/CxlRBKYYWaJ3kbRK90wcZCPIC2A>
Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 07:58:31 -0000
Thanks Michael, I think your answer below makes it clear that it is possible to get DTLS chunk parties implemented in an open source operating system. I do understand the personal angle. I hope when the patent application becomes public before June the WG members will be able to analyze what the claimed IPR covers and what can be done without requiring any licensing and when such is needed in relation to different use cases where DTLS in SCTP would be useful security mechanism. Cheers Magnus From: Michael Tuexen <michael.tuexen@lurchi.franken.de> Date: Monday, 18 March 2024 at 17:18 To: Magnus Westerlund <magnus.westerlund@ericsson.com> Cc: tsvwg IETF list <tsvwg@ietf.org> Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing > On 18. Mar 2024, at 00:04, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote: > > Hi, > In the design team we have discussion around barriers to implement DTLS Chunk (https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-westerlund-tsvwg-sctp-dtls-chunk%2F&data=05%7C02%7Cmagnus.westerlund%40ericsson.com%7Ca4a855b754f64854b5a108dc471b9922%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638463431055544643%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2BKABYn4u4Xl77PKqWt8aN4r3fFchD0MSfXG8Qv1v0Kc%3D&reserved=0<https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-chunk/>) as part of SCTP stacks that are in open source OS kernels. The discussion in the design team indicated that they could implement and release the functionality described in the above draft. What was raised as an issue was the testing of this code using the API that would exist to the upper layer implementation that would implement the DTLS handshakes and rekeying per: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-westerlund-tsvwg-sctp-dtls-handshake%2F&data=05%7C02%7Cmagnus.westerlund%40ericsson.com%7Ca4a855b754f64854b5a108dc471b9922%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638463431055553156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=uaZ2mnJRe3DvzYkS7xqgIFKWErFdmoY0ioBtrvPjrOg%3D&reserved=0<https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-handshake/>. > Is there any reason why one cannot actually write code to test this API without implementing almost any of draft-westerlund-tsvwg-sctp-dtls-handshake? I would think the goal of the kernel parts is to show that the lower layer and its API works and can Hi Magnus, this is my personal opinion with respect to implementing this in FreeBSD. Of course, one can do what you suggest. When I would implement it, most likely I would add support for it in packetdrill to do some functional testing. I guess some fuzz testing with tools like syzkaller would also be done. But when I'm implementing something (functionality in the kernel and an API for it) which has mainly one use case, I would really prefer to be able to test this in this use case. This is my personal preference and nothing requires me to do this testing. But not testing it seem sub-optimal to me. Best regards Michael > be used by a higher layer application on top of the SCTP stack. In a test application one could use hard coded keys and have multiple sets to test rekeying and not run DTLS handshakes at all between the endpoints. > Cheers > Magnus
- [tsvwg] DTLS for SCTP: DTLS Chunk kernel part tes… Magnus Westerlund
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Magnus Westerlund
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Marcelo Ricardo Leitner
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Claudio Porfiri
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Claudio Porfiri
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Magnus Westerlund