Re: [tsvwg] sanity checking DTLS ICMP errors

[Michael Tuexen <Michael.Tuexen@lurchi.franken.de>]

> On 19 Jan 2015, at 20:43, 🔓Dan Wing <dwing@cisco.com> wrote:
> 
> To reduce the attack surface, TCP implementations have been validating ICMP error messages to be in-window (RFC5927).
> 
> On a thread over on RTCWEB with Michael Tüxen, it seems DTLS-encrypted packets might benefit from a similar validation.  
Just to add some information:
Dan was asking why we couldn't just process incoming ICMP packets indicating that a packet
sent was too big by SCTP when running over DTLS. My point was that we can't the validation
of the verification tag as we do normally for SCTP. That is why we use PMTUD as described
in RFC4821 for
http://tools.ietf.org/html/draft-ietf-tsvwg-sctp-dtls-encaps-08
> There are some fields early in the packet that might be useful for such validation,
> 
>      struct {
>        ContentType type;
>        ProtocolVersion version;
>        uint16 epoch;                                     // New field
>        uint48 sequence_number;                           // New field
>        uint16 length;
>        select (CipherSpec.cipher_type) {
>          case block:  GenericBlockCipher;
>        } fragment;
>      } DTLSCiphertext;
> 
> however, both the Epoch and Sequence Number start at zero (unlike TCP's initial sequence number which has been random for nearly 20 years).  
One difference is that the TCP initial sequence number is negotiated during the TCP handshake.
DTLS doesn't do this.
> 
> 
> Do we want to validate ICMP error messages for DTLS packets?  If so, can DTLS have a randomized initial sequence number?
At least you need to change the specification. So it is something one might consider when working on DTLS 1.3, I guess.

Best regards
Michael
> 
> -d
> 
>