Re: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-04.txt

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 23 June 2022 12:09 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0AEC184E6A for <tsvwg@ietfa.amsl.com>; Thu, 23 Jun 2022 05:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.755
X-Spam-Level:
X-Spam-Status: No, score=-2.755 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9Co9BURF9oi for <tsvwg@ietfa.amsl.com>; Thu, 23 Jun 2022 05:09:00 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60069.outbound.protection.outlook.com [40.107.6.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E0B2C14F6EB for <tsvwg@ietf.org>; Thu, 23 Jun 2022 05:08:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cw+uIdjw4DWOcM+s7oBlFWnbsQDz1u3FYCn4aHBbfG/8wWG1652JhTbaYUiNR++pZyVkSi6qY2ysDc7aDHRu9V9pNIheWT7exRH7AIZAYkAD7qZn799XPVR/lig7qwgWINeCn6NXyuf6fdNbjqcLyQLHoNhDYZhp9dtEnsOQap+8hY5IjcyqYfUN7NXO91jb4+kdNlcbjUOuowlllqzD015zUEoYfsHTl0FEAoIL6GHUc0s0SLUpLUJMDrrDB70Jk5We4JyU8TIe1s14XF2WyLkXogwv58bdZzX/XUh7xnxqZMud890UjLZ+miov/jwsjX6143cZTccclLpvFfGbbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kHcGhjFG1gKQamDXhFRLlf7tJGPx1lNgd9aTUX8OGlI=; b=ImJuhoCmkA/rrmIOyUA8OHBEZ7+0pRGebWFkUy1BcVInEadceYasJ2ORusUnUMl6ijXSY5yvJPgD+IGPU3I+6GhsKfHOHXozNzcAogG0NRxObKh63lq160wxB6ybcGf6XeXQobKp2WHYmSyRnYhztcXkzf0+mTOENcaTPeN3+5ni2/aXjM8Zas2YsBe1uARe98TVl9qinsdIEhMXB0/Nd16izI/SKsdPfWndk4sjCKyWVTIcdbfN+Ztpvbc0e3AmVf4oq2QL/MYETZT0nZeHL/fDIEiu8MdpUzD3k+uzLnVb+WwrcMoAh8i7ACEdbHaRti/Wato0e4eqWgxapLNCaw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kHcGhjFG1gKQamDXhFRLlf7tJGPx1lNgd9aTUX8OGlI=; b=ANePFhJglwMyRp5xgdLGFddw7V7KOKT+2A4FAj8uQTC8nM+6Gk/PNJwjSKcw4ccmR1dpbSx4Q5XcDOIho5X82QeQhwVB7V2DifJabJYEicDwo8u9NodQmLacS2mS8TEpc72nY+bx9d3M4CwXFEvF60xhOFka8p/5ZY60iMVTguU=
Received: from PA4PR07MB8414.eurprd07.prod.outlook.com (2603:10a6:102:2a2::6) by DB9PR07MB8562.eurprd07.prod.outlook.com (2603:10a6:10:302::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.15; Thu, 23 Jun 2022 12:08:55 +0000
Received: from PA4PR07MB8414.eurprd07.prod.outlook.com ([fe80::25e3:a4bf:4273:a21d]) by PA4PR07MB8414.eurprd07.prod.outlook.com ([fe80::25e3:a4bf:4273:a21d%9]) with mapi id 15.20.5373.012; Thu, 23 Jun 2022 12:08:55 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-04.txt
Thread-Index: AQHYhviD65VEudr5oEOMthBo5jJaGK1c4yAx
Date: Thu, 23 Jun 2022 12:08:55 +0000
Message-ID: <PA4PR07MB84140B8B13EEA46743087D8D95B59@PA4PR07MB8414.eurprd07.prod.outlook.com>
References: <165598546876.34491.14665317473508113530@ietfa.amsl.com>
In-Reply-To: <165598546876.34491.14665317473508113530@ietfa.amsl.com>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5947e0aa-19bd-4c45-78bc-08da55112572
x-ms-traffictypediagnostic: DB9PR07MB8562:EE_
x-microsoft-antispam-prvs: <DB9PR07MB8562D58452FE62CB923FEF8E95B59@DB9PR07MB8562.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: A/xbX+iN9Uj6CXvn7ibGFACJrFPpv/o2+c7q4Ifg6oVE2PMOZePfxxtgRe0wdaIKozYX5MK4lVm3w6a0ubKc8XwQe6lkUWT9lzx9clC5YXH7xEeklueYolrAKp4vc4buUO1Plgn7SFzdAwkpakBeeJRH+4Zy0L2w56pBnzyBz2rVxi49UvvqZN7MKCyszBbRWjxSiot77Qpx29BfN2VRR8THz2H/huHT4jKhtjrGUrsmrpTbmm5IIrses6dNDzPkh+FjIq1/8CZZcXQ28CXifkjqPpBZvoeegXr2skztA0yg7Rw4MrIJ0nJwNCH9pB48utm9vr4VdMppKEVY2urpj6c6p+RfjjTJWWLv9DvjHNeT5obJ2b0ab4ohJqX6nsphkX+96XSbGoEeqUuOqzrFnmvWFMyc1JiZtgR2l7ZbkGtgQ9At9+raV0Z4Lbm1HzXfdwuJvD5ZNte14qPEEFcXYnBLvi7JLlGoc3msP2WtFuXyy8zejm31LqKVTEW0KQNAqIRoCDkQbKaPSQ3qQ+M/Mw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR07MB8414.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(136003)(366004)(346002)(376002)(396003)(71200400001)(2906002)(66476007)(122000001)(38070700005)(33656002)(44832011)(4270600006)(6506007)(7696005)(6916009)(76116006)(9686003)(8676002)(55016003)(8936002)(66946007)(26005)(66446008)(66556008)(64756008)(91956017)(316002)(478600001)(52536014)(38100700002)(82960400001)(41300700001)(621065003)(99936003)(186003)(73894004)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?uO4sojzar3GNO4OfSgeda/DN8A/7rCCiK5XUKd6EQPMpBNOCReiQJgUqIeFR?= =?us-ascii?Q?kLuDC0m0hLbwk3foCcIyeSu3CEeljY7pnxoL26fxOkVKuQwz3JkLLJQ12iI6?= =?us-ascii?Q?rymhi9IthftBdjvL0Ti3hnnSLB3oNDYU9F2pYfnuVno72RS6H/+gDSoyhAwX?= =?us-ascii?Q?o6UI5DR4spJgXOvl6bE7uXKlEi1Jx1y4tD0rIvruHUzQO1Ns1GJFXGqEOEV0?= =?us-ascii?Q?s1ayNiUVu3lorX/UvKw5UAzzmDfkUE9OqFPxE+AARPaEQke7sxLSwhlCfCY5?= =?us-ascii?Q?vbTWxy5HulD2qqj+CPxy3vHhUA8IxthJizbljokQliWez3PUuo4mnm/z/oSU?= =?us-ascii?Q?hfNj0Udvu8gfCtYSzB46YqxG3uFg9u903w4Ix5IcMheBwpIqyxY9WMlcew1j?= =?us-ascii?Q?QlaQ5wHA1WGpzTVUssWbFjxAWhh/HYNW0QiSUuPqSKXzfnF1kHpdwfgegour?= =?us-ascii?Q?ezKTZTccLCEs2mYn3f5Cs9ASvNQLfH/4y8PWyq5ey0KGurzGE5X/a6ecvni6?= =?us-ascii?Q?9zZ4l4T22e2EVklQKfQIRmCil2a8zhqa+vTSCLCte1sItnJypeO3dEvvk2kD?= =?us-ascii?Q?25mOFYE/3hwt2fHGbK+hShn80nT715AV+ssVVVt+8+N+Mbr7aefAsFRN7yiP?= =?us-ascii?Q?cAsp8uKPJfCZswMRCM1JTt+sWuGOECGtCPhfUYmHGAJpijl4/wvbw2zDwUIE?= =?us-ascii?Q?t02OOVSw8K93E45H2OeGEY9MdyyfIC9MvJO2k5QzCB/GZHj/TMu1wn24Aqh8?= =?us-ascii?Q?CMYRrr7mZiKWUsfteD5iIZpOWKcoeNy5kQI92Fm47h5t34SL598nySkIAYBJ?= =?us-ascii?Q?Vv/lXysjyvuKOPb2/qPTejhpVvUCR0XGWA/Qf5qEBHivLPmbz1KjFhv+oHEz?= =?us-ascii?Q?RTKyQob/Oc9YCxcfdt6+yUclpRukXCsj58vARfkU+flM7cziLxmrZF2WV+S0?= =?us-ascii?Q?ms1zHlyNbjGIbIdl8Lj+RYVARU2Ktc5bCbrZPdWz/aE15WK9C5bL7lPlppIp?= =?us-ascii?Q?PcoSPJ12TmMyAAj7MlCngPxukNPwafu+oZSPtDlU1cxgXpOv6RA6Ki4c3o/8?= =?us-ascii?Q?JurP+tk2OEqt1+z0KD6x/LI4WMLDE7Z5p1TpRlYwPuok93u9v6QqjoLuI/i8?= =?us-ascii?Q?Okc+2KReCkeqHLi9PlVAu83dV9PTpuA9gu2mXQmxvwcRHfObpEyUZKU9Yhn7?= =?us-ascii?Q?QAq1YVru281snrSHdkn5c1crPM4jYvFO+UgwAWB1uAQXWwTQvgaL096Hg17M?= =?us-ascii?Q?bGXFezvtPRXYnBrssbF6yh95nod9EnimI/J9xAhOuHS94B7X7qDq+Aoh1p6O?= =?us-ascii?Q?GUG0nYIIXfjESZr4t0F/QK8it5DvOocgyI21B7e6kEX19HtGOChYEKwAlXrP?= =?us-ascii?Q?mQF2cGQTpgHZVcOee45vcRujZaosCQhiGehmA/bxWM6AqNYxfAEBo0PFTFx4?= =?us-ascii?Q?8sErfCI4Euw28TF8FDtTLrKVyjNGm7Wn+4vBEIhptS1SV5Iib5njfXIEjeZk?= =?us-ascii?Q?LRBjyjmxyzk9Uwxlzk+nb8K7JW0JFVXSUKayT7TXc6ux29aVUu3MnA2KCdVe?= =?us-ascii?Q?a1UBusWwFBwHjjhfakzoQc12E1I59kivI3sinG2hSOZ1kEG6WxtKlZMzMFiS?= =?us-ascii?Q?GrZq4zHJnbg8/1WBIJnDWVMD+VpWvY4/XNqRGXzc2ZhL7TRD8HWsibT2Mq9n?= =?us-ascii?Q?BPX1ltpJUCqr7OAEAo0PeInyrlcIzBSzv1ltktMtBu6MDLIp+zI4uFWpkizj?= =?us-ascii?Q?bmqD2Pf47z/u/RI/oezoQlFhf1v+KFfM2UcZB07hZu0PAoFqdfmm?=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_F5B90F40-251A-5648-91F5-E3F3099979FF_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PA4PR07MB8414.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5947e0aa-19bd-4c45-78bc-08da55112572
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2022 12:08:55.6941 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SPNOh29VfeWHkbBJs13dTkdxlOjZgIM8YL4NajTdjGDdRRTYaohXzt/b8kkf7l8GJjkVjLXxfiz9HwtiIodI5/0G0WYKGA1QvzPmfoFatqY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB8562
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/-BEDhF5vfSfMg4pGW2f_Vw7rdgE>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-04.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2022 12:09:04 -0000

WG,

 

We have now updated the draft to address the last known issues we had regarding how to handle the difference in behavior for close_notify alerts in DTLS 1.2 and 1.3. To resolve this issue we have created a small protocol that register its own PPID and which the DTLS/SCTP layer will be the recipient and consume. That way the first peer that want to indicate a shutdown or that during rekeying that the old DTLS connection can be closed is done using a protocol message.

 

This version is also only an alternative to RFC 6083 and not a replacement. It also removes the SCTP socket API extension it previously contained. These changes are not specific to DTLS nor complete to address the API requirements for this document. Thus, as discussed it would make more sense to have them included in another document which are more relevant. For example an SCTP-Auth (RFC4895) update.  

 

This version has also a number of changes to address minor points, improved clarity and update of references.

 

Please review

 

Cheers

 

Magnus Westerlund

 

 

From: tsvwg <tsvwg-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Thursday, 23 June 2022 at 13:58
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: tsvwg@ietf.org <tsvwg@ietf.org>
Subject: [tsvwg] I-D Action: draft-ietf-tsvwg-dtls-over-sctp-bis-04.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Area Working Group WG of the IETF.

        Title           : Datagram Transport Layer Security (DTLS) over Stream Control Transmission Protocol (SCTP)
        Authors         : Magnus Westerlund
                          John Preuß Mattsson
                          Claudio Porfiri
        Filename        : draft-ietf-tsvwg-dtls-over-sctp-bis-04.txt
        Pages           : 36
        Date            : 2022-06-23

Abstract:
   This document describes the usage of the Datagram Transport Layer
   Security (DTLS) protocol to protect user messages sent over the
   Stream Control Transmission Protocol (SCTP).  It is an improved
   alternative to the existing rfc6083.

   DTLS over SCTP provides mutual authentication, confidentiality,
   integrity protection, and replay protection for applications that use
   SCTP as their transport protocol and allows client/server
   applications to communicate in a way that is designed to give
   communications privacy and to prevent eavesdropping and detect
   tampering or message forgery.

   Applications using DTLS over SCTP can use almost all transport
   features provided by SCTP and its extensions.  This document is an
   improved alternative to RFC 6083 and removes the 16 kB limitation on
   protected user message size by defining a secure user message
   fragmentation so that multiple DTLS records can be used to protect a
   single user message.  It further updates the DTLS versions to use, as
   well as the HMAC algorithms for SCTP-AUTH, and simplifies secure
   implementation by some stricter requirements on the establishment
   procedures.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/" rel="nofollow">https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-tsvwg-dtls-over-sctp-bis-04.html" rel="nofollow">https://www.ietf.org/archive/id/draft-ietf-tsvwg-dtls-over-sctp-bis-04.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-dtls-over-sctp-bis-04" rel="nofollow">https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-dtls-over-sctp-bis-04


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts