IETF Logo Mail Archive

[tsvwg] 3GPP SA3 reply LS on SCTP-AUTH and DTLS

John Mattsson <john.mattsson@ericsson.com> Tue, 30 May 2023 15:54 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76E63C14CF1D for <tsvwg@ietfa.amsl.com>; Tue, 30 May 2023 08:54:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t6WwE07KGNht for <tsvwg@ietfa.amsl.com>; Tue, 30 May 2023 08:54:47 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0611.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::611]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17476C1516EA for <tsvwg@ietf.org>; Tue, 30 May 2023 08:54:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kpZiqc5G62Me3lVeUzc9d9VMGUWbXXD5fRzgMrwLkHbpgTz9JIsCPLgMCARpWP9MEQ0RJU2rGj5U3pZaFX/1Pior9rpQwo57rp6Kamwx03FllMeu+TKgBC27OyBTDQZp+qcNZNe4LKFUAyEFPlQR6bmWE5YO+w8xPXyXP5jr3BG+Rl0vMZPA8sA6PcdBT1Ypm5k26yjdf6iYlx6wV/seOP5Cey2t6ZluAozQK4Cq8uxcN5Pzu8KAUDCQ07GQIe82WQhxBpe7s1bFPon2cf6SCS2kwwyZa7CwSFXZkwmx95YuBNGTj35zheEM3PopqDQjzpPddbUjsjk6lszZ+leDHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ai9kwOf91FNzwnjIpfyZKl9dcFApIDtOSRTJrYIuCV4=; b=Yau78NacsEDHgpQsOkX+z93IvYPsbQkPWVsqHAzlahAwxV8jXJaKe0mwfPoINAE1AHdFwHwbjRN7IYITWNEF6z36dW/1mrwfTKM1hW8ggZ/Kx2YsuchVzPwFOZ6IsR5uubbBUptwMNbB33GABYa8HeER6FbnDKNAuJ1Zj/rP8HQwDJXkCLBiaZy2BHHeLc5ux0h4YuGrL4kdW07QfQ8Q0bRGlKbFuOGgd52+f5ttPKLnOluZ4BsNbZVgrRSM3BSEfRAM9+UJ2C6jEoRhkxqBDGYn5srTgqeDT5ugKNI5ODLGb9ugLBiWI0S6HymgcMNrhTG3HK9dJgJVbu6vE4Qbog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ai9kwOf91FNzwnjIpfyZKl9dcFApIDtOSRTJrYIuCV4=; b=XyoNllJzWy/9qnPPc+vCp6v33GVAm2CyfbaDO+6IXPXzpUFltN18o6eU2RHKEdzdyYk/lS29yR8bW0DI484Mi0waCDVuFuCoVEn7FrbrPiUW++0K7l9m2NLteKw5QeZSyQM+TJ9IMmkDE4OhxjrVKieqREc5INk22WvMX1Kn4VE=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PA4PR07MB7232.eurprd07.prod.outlook.com (2603:10a6:102:fb::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.23; Tue, 30 May 2023 15:54:41 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957%7]) with mapi id 15.20.6433.022; Tue, 30 May 2023 15:54:41 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: 3GPP SA3 reply LS on SCTP-AUTH and DTLS
Thread-Index: AQHZkw5jR0QbklvOlk+K88oKMsRinQ==
Date: Tue, 30 May 2023 15:54:41 +0000
Message-ID: <GVXPR07MB9678ED9FBCCF537C2BF27E71894B9@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PA4PR07MB7232:EE_
x-ms-office365-filtering-correlation-id: 10492202-0386-487c-b6bf-08db61262e30
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3P3tfDFMNrFf2nUMNf2TiBydySbiUWP8LeGx++83/43ndGIzUc5+Xu1RZWJhOFoEjS/H0yRYf5VFcqXW2Wz3XdC8ShFWiJryRkftCGfXLbK1ke5DcnFtD5PIQQkDmXPBUTIhDwESWo6sdLS9cmtrCjyJoKUsncnx6a/vP8iPQ0NEcjCr00eq3NXME5gI/BnmJOHZjBZvcoL3mKrLc6n9Mv1xNtGrGmlhsvWSurxFk5dpN+hscpxCMN845+5Z7us3KYQzriWLQiPEGSg9c5t6hzNYS2bRFlxSR3348U19HBDW8sYY5Yvrvsd9DIn7DhD+TPu4eKirawHIoZlJVdUGHzd/B5+Y+uJOPGMVADOhdVLFv7Pka2I44PnO5+6vRSclyMF+yN8OMlnPLOOjWS4ItrrL4QUhetR0OXHkapmoSOn6zA6Z4nTxTcBk2KqI7abt7irMW+Tc+2FMatflfIAHvyfQ6MTOhdWF0y+Qa4ZoZXCOMTFh2e5PGow0ZTWN1/1IjILf0eoCe2Z0kJz5u/ECG9qTyCcBwfpAt/7tiN9IqJ10KIwVtnb5ntWbew2oMmp6Nz7f9cE3jHScRjgYQ/tFBgy7g/SS9nJN/KlYnMacHZ0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(346002)(136003)(39860400002)(376002)(396003)(366004)(451199021)(966005)(186003)(38100700002)(41300700001)(83380400001)(6506007)(9686003)(26005)(7696005)(478600001)(71200400001)(66476007)(66556008)(66446008)(82960400001)(66946007)(76116006)(122000001)(64756008)(6916009)(166002)(55016003)(316002)(52536014)(8936002)(8676002)(5660300002)(44832011)(2906002)(33656002)(38070700005)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X1toeziCns8lYJt9ndOCP+vOCiPN2BdFdtaj1TV/Szpumt9ilj8kgOMR82JG4osNozlSaqocn2QzsjnQBEL0HFVOHTD93HjCV7a3hI4P3Q1g45YmZSRFwfmZo8cSj5I3bXV2bvj1pdb9dZvyfBEtYEdh15ak3ADSUQNmuCNLT+fsVJ5QWCtNRj8xUAsPCcWz9guObMn5tvm8x0PYANx0CXLZMio7vshFKJ4OCpouh8w8wzForgtgGXdHzW2fe5hIwSb/9zTL6WYEi60e+kbbYmRb+p9cAAbeZ/s1bE19TiA03w9pmAi9V3R1IHbyR0RsBF1fEPP6j5/oDThaj/B6kyf441BcqECwhCzscJWOG3X30l5Q/VXqyiT47ICT5QUg6tXFfq8rxVFulHSR2JPuQE4zbV8m2GHA65xDzbs5ImJUuLX4qsfhgxc8lu5rV+tID6g3ukcLTAdAR4LK5B7ebtsnw2hICWI7aPVtZnhM/2qMK5IxIYeOY/nDIBsZs/niQam5M+3SU8nM4zwg1cAnQvlpc0ipJwsvOPoNslU+0pJ1/uThXT8eiqUXNwbCxIZ6VmK0vKLaFEEXurM86L2kjjhOktA97BixwkaJsHyd/iDorM+UUoYUQXAxeyGaueb+Xmk80kzKVRXHbdDwS73Q+SVDsQfnlM4hUedlhQPF7rYwPLKOTFD2wjgCFYEBwr7EEexO/PzT3/WBATQ5QPHmVcXZq1m65toXmwaWmwY5c1fWx1f4i3xqObQl6JZ8nHS4dnDmRUvVkgMsYx+TYwScF3HMI51WO+QgI4AvXOxDU80QvOZIKlgBFA3L0vBIKtQzerIIFEbTOo6KhWIyVBE06MSHW2md0tBnM1aCer8yeUEiph4oxmKS5Pyqh2DOW7t5EjxyMIvDBz4Sv9i1cBeqDnQKiGt0yXcaulbtay6cdJEZksZC0UTD56H3AR+/zx+2Mw2UurHF8imUWVZc26zL62gzn486QY3AxSLuy5BNWLauG4jWbkVVyMaMjFaSZS5jUaQE5evy571ySOiLHdb5RlByOhZrGHsu1Lm0mWZ1t3JJYN3+4NPO3WqdusF7O/lmuRCHkFo9+mBgba1Pd/2Objf+4MPRkNYUBQFq9FK27l0rqD/tG8qRakAqQ/0jcanDl5mBzVK4f5FytevcXDznLnGHZtUYzljb6c1cKfXK4ZLtuZuHEYDHRdIj3j7m6qXIEuKG+6xT03Yf2/pYDVJLnhWuJe7ar9mjXUhiOhed2a7OsBL5IPEkR4faj4O6MICGXddXp6oxtJDatGLn9zJ9psYu72VInPHEdA/6tmImHuC1iGoPD97J5uCeDa+HUvAqgkFEjM1rIw8Otc9HqkP2fanWADwizLbt+mIbKXKCYFNA8g6OQU5sWoDwiKtg6aK73hnVsJQ7qczVo/zrHDIJce17930AzDiezgHZpFwnpqaCiv5CJaO2h6IbprGamK/gRy4YNVOWd4MLC9+eXGVxMBHXfhv139W/sDlX8DPCK9/IyIG9SNo4lrcTkUiKCyUzNJXCy84cPIZesNhvGpqhk6pq6MkmAEqwm+e6ZOhRiFqPrIoLA7t9xuXnO1CB3pyO1l7KjuZmx8lVbufRn4bu2zcpDhZsHBRhMzBs+W593eY=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678ED9FBCCF537C2BF27E71894B9GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 10492202-0386-487c-b6bf-08db61262e30
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2023 15:54:41.4609 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D9835WAu1FZoW5hDLJxc4Q8XeXAcogDHteNOpYksMn7ot/4d2lQAfWX5hghTQpzwnGiAP6Ci4B+fwiuFY9Tg4LcmM4/v9zUObfWTAN7TUoo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB7232
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/MvqYoHOrBI1flRvoDlQlz3DgXM4>
Subject: [tsvwg] 3GPP SA3 reply LS on SCTP-AUTH and DTLS
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2023 15:54:51 -0000

Hi,

3GPP SA3 (Security) had a meeting last week and sent a Reply LS to TSVWG regarding SCTP-AUTH and DTLS. The LS will appear in the IETF LS tracker at a later date when the 3GPP and IETF secretariats has processed the LS.

https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_111_Berlin/Docs/S3-233355.zip

SA3 discussed the discovered vulnerabilities, DTLS over SCTP, DTLS in SCTP, the importance of this work, and agreed on the following text:

"SA3 would like to thank IETF Transport Area Working Group (TSVWG) for notifying SA3 of the vulnerabilities related to SCTP-AUTH and DTLS over SCTP.

SA3 agrees that the vulnerabilities are serious – they are affecting confidentiality, integrity, replay, and availability. Supporting DTLS over SCTP in N2, Xn, F1, and E1 interfaces has been made mandatory from Release 15 onwards. Therefore, SA3’s understanding is that it is important to solve all the security vulnerabilities, including the availability vulnerabilities. Since the problem is related to the use of DTLS with SCTP, SA3’s understanding is that the solution should be based on DTLS, and the solution should not rely on unsupported DTLS features.

SA3 kindly asks TSVWG to work on and publish a solution as soon as possible."

We need to progress the work in TSVWG fulfilling 3GPP requirements of fixing the availability vulnerabilities, not relying on unsupported DTLS features, and to publish a solution as soon as possible. DTLS in SCTP seems like the only solution as it solves the availability vulnerabilities and do not rely on unsupported DTLS features.

Cheers,

John

v2.23.0 | Report a Bug | By Email