[tsvwg] DTLS in SCTP solution
Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 16 February 2023 09:37 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149BDC15171F for <tsvwg@ietfa.amsl.com>; Thu, 16 Feb 2023 01:37:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ex_pTMdEQAci for <tsvwg@ietfa.amsl.com>; Thu, 16 Feb 2023 01:37:04 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20602.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::602]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FD77C14F749 for <tsvwg@ietf.org>; Thu, 16 Feb 2023 01:37:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=epeLqsWD/75ZTvUUHDbn4XNo1dv9EQnbJzABO3oR6+ODNbLwe3zzUdmSab6c9HlKVRLNPFUf2iy+VfQWp+nOvhJ4/MY2r0kP9K5KtNcyaUz03vH+MSmze3s1VhUTSnD0XRS8sA7Kje62imfxs701yyUhsCi8QeSlRaitaQtByAHqbe7Jwid6GcapQdWbhcX5aL1WGOQfWWhvs7qO12alWbWWpAOWQU/NiUwaIl7viphM67u2j1y43wojMYrUQ5G4ZSJurYLM9ACEjTP3jxyzg48JpujCX+WKaaQpYLSJd6sXodAovDHSipXTkRQEn0zONYzUxG/dnlYVl+yYub1xNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QJUfugQawVmfvR8EH2Z2mJ/UU4kp9tCCIweMYAkkV4U=; b=HsMjd2al8fjl8w8tpwCqtQDZZ1cPrONPdHE1fWCs83313FBgdHXVLeyNwkYJdV0SGDQXALQPxR6rI8RXGTXMP3odiTboTn2J51HV/nkdbC2+DVKD+um2ab5asRvmU8CX8ZflR+cCQ2BfqeoBK+JH1U5fBZ/wsIhpbIPoCXSHGeBYjMVUkFZkTUE7NSoo/ThSpw6ZR7FIKFgR/YxmwWPQfqH4LajsAdTXlhT/oohP6uh+UlSfC9fd8SaWGMcpz4xxfD6q23XcicsQlbORJcUK46CnK924iJ1uZjsOcSxMFtzOTM/nLuHK4HCS6W4zOAKoOC7Q/L1VEKfJ272lIGzX6w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QJUfugQawVmfvR8EH2Z2mJ/UU4kp9tCCIweMYAkkV4U=; b=UilUl8Uqjo9PieYCbkiUbtch6ygiT6jaX5vs9Ym3ZMYfYw88jLKz2YyJHyCARK/oVPPoRzaAk5Q/Ng/P39q4hEUQBh+f6hltaPAsk49mFUU4fr4wMrHL4BAymIaBX1/NE+TnC2+Z21WpDDlLJXjl9B8PEAp/+LPFyf3WDrb6dKw=
Received: from PA4PR07MB8414.eurprd07.prod.outlook.com (2603:10a6:102:2a2::6) by AM9PR07MB7970.eurprd07.prod.outlook.com (2603:10a6:20b:307::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.12; Thu, 16 Feb 2023 09:36:57 +0000
Received: from PA4PR07MB8414.eurprd07.prod.outlook.com ([fe80::7488:e0d7:95a4:606]) by PA4PR07MB8414.eurprd07.prod.outlook.com ([fe80::7488:e0d7:95a4:606%8]) with mapi id 15.20.6086.026; Thu, 16 Feb 2023 09:36:57 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: tsvwg IETF list <tsvwg@ietf.org>
CC: John Mattsson <john.mattsson@ericsson.com>, Claudio Porfiri <claudio.porfiri@ericsson.com>
Thread-Topic: DTLS in SCTP solution
Thread-Index: AQHZQeZiWO2APSZodUCmpCt91TORzg==
Date: Thu, 16 Feb 2023 09:36:57 +0000
Message-ID: <PA4PR07MB8414B23B0D6BF4F71CA52C5F95A09@PA4PR07MB8414.eurprd07.prod.outlook.com>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PA4PR07MB8414:EE_|AM9PR07MB7970:EE_
x-ms-office365-filtering-correlation-id: 510ed928-8a1f-4426-f3d8-08db100158d0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c31WHfFXhcQSdWThieqef+P0X6Ds+dIdFHQ3kfoKgJkM1/OdX3Ct9sPrMC0NofP4R4gsCo1g+poQBU++Dy/TQyL9ogHAL7YdXGf7PwQeePpWoYALBfjUdM9STw3JSw+idKSAg5VdVKHOY24iAv3VVb4N1YCYPr+1QPiBE3Kws4w3Faq7laRLOVeu1m29tEFeb9LTFO0ARoH3G4HJQCp7NlYnJLRp+vZp/5h5NRvlSWWFirxuCpIjBUrTuI/4rYy10lPnEHn2qsyTF52SHRtnqzchUYBiUaYrbfuYcFAUzBsIyHELkmQvGYCWzzW1BjXK3THELRewiMAVPHhkkbqAihQG5fi67aZbdHPETIkarnpjb2NcCWXk/KxUC+Rhw5+J7wZKEDZdjwuBbN3EsrQXWIGdoQftsd3+gwfYA3sCpgLvpmTn9u8f26kG20SA8BxVWJz2zAwFn9TN38WWpt0qiMKa+9gz8E9gOQwFxGRjMSiAzkn0gtkYsbtNdWs1rnH4LDU0Yx8Xpcxtj6eVlAqHsGsz4ib73iyMAZR0ZvAVCUMe4mqdo8ZP0Aowk1d4hbewnxFBYbJlKWKDwHamkFQsvPPKAaSvP9j07ErGzoMeaIBsxKXJR2N+rJF9pVdMLaQHd8qaZw8g77h3pXrEstT8qjgtolg66OTFLUbM0Q7J9Jtv/qjtG4k6JPFuz9JwB5r9pKSpRXpNlhoIfyTJVHejxnSWcVfZzjxiz7QKx/+4byg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR07MB8414.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(376002)(346002)(396003)(366004)(136003)(39860400002)(451199018)(6506007)(3480700007)(8936002)(26005)(5660300002)(186003)(9686003)(2906002)(52536014)(44832011)(122000001)(38100700002)(76116006)(55016003)(166002)(478600001)(41300700001)(966005)(83380400001)(7696005)(6916009)(66476007)(8676002)(4326008)(86362001)(66556008)(64756008)(38070700005)(107886003)(66446008)(54906003)(71200400001)(91956017)(82960400001)(33656002)(316002)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7Tw6pwPNY3HPd+VKaYAbFQpAX50gcbj1eUaOvxAeMhY+D2DV+DE9ojMP/7Op4v6TiM7IIBXMbqE1XRPRi/hWuiNkhJyNjX7P9N//Iy9LajBDCLfaqrpVTmrV7Lze9/sZ/2oOrRMPe650ZX+bqJI8qxAiWhU3yOQKdJy6avQCsJiWkirJ7zniC4PXeKve+vOEflJjP9ELMtnEXcL0zYoQbhzeBsdXMZh1DwZpncifUKYXWkT2XRCCx5TlwctKSdaJnk4qRHL40zEQ20KsW5KnMzZmwP9+MC/IPFLmujo5izCb/VbdlertYPYRrx5lggN1EZvFABmUaOuNRlXvUDqjzOvCbRtBalJPQf64vTYH2Xj6rQf+pCblI2k0W0yvmxiNAy1k2QzPG94VrNbSDnrqEeWYq2xrOkuswb/+cxMhpnvigM1sZuG1GvuW8+NydmZYrMUX/I9U50dj4aFS1oa2ICVKS2J1OagORonRIKVtpkCBYj2PlTG49JdPf09obKINQNZjj/Rgl4GQmww+9MB/bXItjeP/foJqzPs5eD+WDK4Ln3PksvnFblOMtuaTnZPjRIrWJImI4JLRoJhVN4kGqB0Xyh2dw1CqWl5jGUzw4706AQt+/92gC/X2SxROGpSTLuKYMNJFUOc7PCafghvwbIXVr1ASBaYOo6PJVcEcISNxJpx1qeyD0WDYxEb05BN+/zTqcECcfMlBzfyYHPc5VNKPiwMM70JiZw7o4I89CnfdyrCja6s2b+XHYpdnxafhC0Q6lPRWcFTWgaXJJF3SmlKdb3BkGX23firgn9KmNJtSy0RVT0bcx6PeajWQLgpvvPuvA1hVJuvowp9mAuV2lwyQthpyBuz7HCwUr6gYT5RNXBV1Zb1ofUsvhiMmaJ5DSIvrR4XSRi6SoDmcSHLKkMkHVg6MdQIRjgpW2csRHzureUK7EaIg0xSaddeR9+zJ5/x+Dkt12bRkzKMCJ7fhFr1LLVseYrqjhoTC7mk9FCH/4pO/Got22BnZHkjZhSugLq/FXAbbMESx3IjFggIz1Nf1ojtJCSfArEzrYgc0wz1bbnf+hn2k5gAxAa4ShkkKv9IS+7ar+TF8uo4AZsgPN74WDU1x4sOonvI063uTpdIFDkwUQlLnrobpt7zDLBYOwqDFEgGnC7ahOnd6l9Z32io5eHa+a1qFFhcezdTs/xB3OD6QOy+xz7ICjf+yxyUoIVAao6JNL8CYThyKqR9bnNFMgsOydL+sdGrz83o9lLfsMTAHV4hLV5UZUySHIRlvWroOUn787ECIXVhKDdUnoG3M8gCKKFkZm/nzpzdDkNNzNjE0O+GIIYGW86NKXfLN2r+DCu1MMovC/yt3CfkoJMd+Ng4/Eqls46zZ+v5ge1F8k/sIVsJ4eNIcx741GcDSiI8x7DqOp5BrE4BAiZtpxqal/QiWqq+2/aRw9/RisqmoQHedRyVluSmRRIyxxb9kkKT7ulz97SFcQJvW2KOzSSFNIFNMUMa8bpvLgzR5Z/tNSScSFhELo4MPCaDXcloisxtTuAW2oXJIse4+FujYAtTU8EIQgFLYd7huaa01ysA/XBQzU7dizCyDGDvLtUn1Co69cQ+Og/7i+1x2N2V2qwlF/HnGUnTM94LYfU0PGC8=
Content-Type: multipart/alternative; boundary="_000_PA4PR07MB8414B23B0D6BF4F71CA52C5F95A09PA4PR07MB8414eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PA4PR07MB8414.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 510ed928-8a1f-4426-f3d8-08db100158d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2023 09:36:57.3845 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yf4VFda42WxxZYb+gI2gulRXeSe41OyYfeeVhbvqOeYyHMb3whGpmEYTZRqRdwTzqkNmO3U2zf7OffRG2NWClbj3oADFnmdKHV0cASKmllQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR07MB7970
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/FHJOZR6GX9njShYoHhr3JgoYoPo>
Subject: [tsvwg] DTLS in SCTP solution
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2023 09:37:08 -0000
Hi, We authors of DTLS/SCTP https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/ have worked on two drafts that together forms what we consider a much better alternative for how to use DTLS to the current proposed solution that is based on SCTP. The first draft is a general crypto chunk that can be used to protect the rest of the SCTP packet using a negotiated protection engine. https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-crypto-chunk/ Then we have written a draft that defines how to use the above crypto chunk to integrate DTLS as the protection engine. Targeting the same goals as in DTLS/SCTP. Like mutual authentication, support for very long lived sessions. But in addition we get a lot of other benefits including a much lower bar on the DTLS implementation that is integrated. https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-crypto-dtls/ The benefits as we see it are listed here: https://www.ietf.org/archive/id/draft-westerlund-tsvwg-sctp-crypto-dtls-00.html#name-benefits-compared-to-dtls-s The main benefits we see are the following: * No dependency on SCTP-AUTH * Much lower requirements on DTLS implementations when it comes to support of functionality * Protection of the whole SCTP packet, preventing attacks on SCTP as well, not only on the user messages * Much robuster when rekeying * No limitation on user message size from this mechanism as it functions below SCTP’s DATA chunk message fragmentation mechanism. We are working on getting our IPR disclosures submitted on draft-westerlund-tsvwg-sctp-crypto-dtls. We authors are currently not aware of any IPR that would apply on draft-westerlund-tsvwg-sctp-crypto-chunk. We would like to ask the WG to consider this proposal as a replacement for DTLS/SCTP. Cheers Magnus, John and Claudio.
- [tsvwg] DTLS in SCTP solution Magnus Westerlund
- Re: [tsvwg] DTLS in SCTP solution Michael Tuexen
- Re: [tsvwg] DTLS in SCTP solution Magnus Westerlund
- Re: [tsvwg] DTLS in SCTP solution Michael Tuexen
- Re: [tsvwg] DTLS in SCTP solution Magnus Westerlund
- Re: [tsvwg] DTLS in SCTP solution Michael Tuexen
- Re: [tsvwg] DTLS in SCTP solution Magnus Westerlund
- Re: [tsvwg] DTLS in SCTP solution Michael Tuexen
- Re: [tsvwg] DTLS in SCTP solution Michael Tuexen