[tsvwg] STARTTLS and RFC6083bis
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 19 April 2021 09:34 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93EC23A2A43 for <tsvwg@ietfa.amsl.com>; Mon, 19 Apr 2021 02:34:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWFTGfZxtP8U for <tsvwg@ietfa.amsl.com>; Mon, 19 Apr 2021 02:34:16 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20069.outbound.protection.outlook.com [40.107.2.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 700FE3A2A41 for <tsvwg@ietf.org>; Mon, 19 Apr 2021 02:34:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QgBxEY7TYT+ghu+zeNUTR4/9bl4PtIesDfC5evP67PMn6TfaZp87wuC2RotrhlC545R+wOiP2gx3nSX0azPZLsFqa+L64HdIM7cAEU+BgCuUNYKqPxj0vMVwqanVVVMmsyhNVgNgcRtDwPAw301D0tZaaVK7qgxrm7+SqsKd+DK9w22L9VMfb9+A3C/xfTROz4X3Gzy4C/yFgmWNKlQM7fATP4oxclOyIqf/rechkInJldnmEK6OiZmoViBa1dyHCsyLGVC/1x3x0w+OceegnwPCuFEciUNDQ4UKeQM1wW56CtQBJDPjPAZFYuGYcbWhyA6HLoV0BKyuOaa1wLShrw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oKvIZZxQ+BpRH1opSG7EYFibNULXd4+qi2PGMYjGSBk=; b=bSTnzuewIorgxbSToQO+8hJfeENn322mnZ9peszGuLRiOn2QahhkSo74q5WBG6yojD7mY3oi/53yiUuHNU2JU3y1FR8k5RMaB+WLzDiWuQefojctlRNco7ezJMsAhwSpS88WJ8zwEu/7hmbkwMiTrCSp7JKt85c4dPLdCYI1bcZ8hnk8Qo1mDKOj+FWD/U3oZglv0lPptCjECwA41EzmAV2HFR2AD6B2YAKEWMwQIngJbBZYYJZbv9MPAQYRAR8MHxqatVuP4FemImF6H/7f+KC6tYJc6LRsW3DileRGLnNiFbjlrtGi+4b6LikO/Jv4hsb75RhZT8vKrVDFxiE16g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oKvIZZxQ+BpRH1opSG7EYFibNULXd4+qi2PGMYjGSBk=; b=dDrIQCefIbvj0rvd68hIH/GDH2bQuoAOuYUtUypxjOxdKO8kaPRweGBZJiuCSazMA2MW6SIjjBJTt8MiZGuyBIerG7KU385pM0HlIWBjjhVTdRLJ/bonhqUDSWsIx5jpIMW3DD5vYyHNIDqBa4kcxUnhVOHNMvuhQAaW+qPMQFI=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0702MB3628.eurprd07.prod.outlook.com (2603:10a6:7:83::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.7; Mon, 19 Apr 2021 09:34:13 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::b08d:f37:b77b:2c8]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::b08d:f37:b77b:2c8%6]) with mapi id 15.20.4065.015; Mon, 19 Apr 2021 09:34:13 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: STARTTLS and RFC6083bis
Thread-Index: Adc0/E/+98UI2kcaQiS3e/SSEEOCvg==
Date: Mon, 19 Apr 2021 09:34:13 +0000
Message-ID: <HE1PR0702MB3772726BC4F726CB595DE0AC95499@HE1PR0702MB3772.eurprd07.prod.outlook.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.116.149]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: af026cca-15a8-4c2b-132c-08d903164b33
x-ms-traffictypediagnostic: HE1PR0702MB3628:
x-microsoft-antispam-prvs: <HE1PR0702MB3628DA5B72B00E7BD31D160D95499@HE1PR0702MB3628.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qX9eu6YeYmZtclPV2964//hwcZbXhivV7+vSZzNsWPqOp1ZgYmsoguWRHWIvowwHb+b2xsTfjWV4K1bVNrvLp3cMK+I1f8J/XLlj1gToGNBf6I5HFft7yPKqs5SJg4h4zk8cuYNyPP1EkQDBN3v82C2qxKuCjN9yETmo6accox/VhTXE/l1NlfmE2E/58DffwQXmyI+7mWrvcXmcpY+G56QSN2In2FQK4MTRJ61Ke9oiJkOHxzcfrIu6H4q5699MCQgDOwjv3/Nn33UaNKynZoWSn8gm5xOFXdMJZ5IMbDuva/73s7ZVXEkiXmVs22HPYbmPQguysaXmNfZhf+Ggx/b8VMgwQvxiGC17tP27Mo4jhtsec/tk4mEa6EMfau9eNEIPpIcwBs6ANDWfdFnKCYQXOl3mytnaVvxPt9EcixLlF2uSPzuL56WBQL9OmhiSP2zWgPYPAuqrr2uDVMRqxowEVIDFkPkaVsQf+500wlDSAusrYXCpRYmKFdObhXthSeAL2qVOxCvkZMS3Y8JaLn09rPd1f2eeWUPrNoFIf92fFtupIIOjyEx1jGUCt4f54NdREmJTidlGg2bZ44nqkQfhbCcWrlATYiLhT9g+yspwbrcuQZgC7HDLyGY/TInTGDEc49oey/H93Lwg0xh/pjFpalIlySte0EDEpXvJHsSqJznN/0uQTzeKFRV20hCQ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(366004)(376002)(396003)(346002)(26005)(7116003)(186003)(33656002)(122000001)(478600001)(6506007)(316002)(8936002)(86362001)(2906002)(8676002)(4743002)(55016002)(38100700002)(7696005)(9686003)(966005)(66616009)(66556008)(52536014)(5660300002)(99936003)(166002)(71200400001)(44832011)(83380400001)(6916009)(76116006)(66946007)(66446008)(66476007)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: /vRaFanwP5AuV5oq7N19zVe0yMKJPH3oOQlG+/U/VRnhASQdD6GXYdT64SqNYC3D6lVeEqKSvNgmpgVIC/aCZTL9WGm1FN/ys2TeDBNfk0rw9s831gRmxSYvmY6m8LXHVpLZWlvcwdQJI+2fz+h73+Lp/wXXqOFNDh/s+2jZekROwKgT+iVqblPGoEIELofQtqZForOHIlJZ+2cV0pzHjvUzfW0JWDJoVJ9DdPVqCyjucg6HV1p7eV0b0/Fi2D6QWXZfFSF2diXXLvXD78ZoowrAWni+TJSLNPlf9nIOpLPolJ/3istzOFLDTIKYPTfGkm7HCnCYO1c6xx9oHL413hSY0A8/ECW66Kkt8pmoxl4kOTWlWm92PaRl6iFqcXezcWVcr9WfVNxrc7SWyXjZJhH9LA3FFi8FpFHm0bC2N67Rwn1A7Cse49BxKdR3nsLCUDsHHAHZUbKuHic1w6WKJjYHbMBSsqEpiGVzv+J72kfvS/0Mh84U/ObvGFScuuir5w/vYLHiNy/4htiLc/igG4hbiP2eH8lW+GFjxVScCCPT807mAhaQHb/O0uhULJws7+HzfQgsysAcuAiJ8xkj2y8f9u0Gqxo04eNHyL+C7G5lChTiu27aOqOAF0VuyA+MYFxcTm3oJtDeFly/XoZHo4ImagBuaSCgSOQge75UhcsiHKOlUBFT2V6d5FOtCjUytCGGmfww50SwKGOWi53IxKjGtOq0ZkjhXK5Mkj36KawzLOMbnO+hREofmXAVT3ja3n56zKkEVwt62w9bD6Hs+ScKeJa1ge/LH0oKckPXkMZ2hp2RU+INoVYDkmyhaWPlMUFmOHk7pdT2wymQJ51AnLsWI7SNu0mldbJCb2IQ9e1d+x/B6sqyG9MiNLp4lKisCjURmyJAcmlL0FnJNLHcgRaXSitKdbG0lvTgTZXcHKdhTbu8QKqEvxNxgvct2OCAn0q+0yrnU/wZHyb8VhZBWSajD9busArPRCi+E//5ChX8CR/jIBoOAsqmghS1yGzYWx3ZD6/3xK775kzkn53T3N6qQnslkK5oreoODHsdO5X4MfIOGjGAlFDMMuvO1jp2KRF44bTdX1TrDN4HklKps0sXgQigVKbqlWaTgxxSP+vrSBMECyGJxfKZ+R0wxdwaBftrBEsWDw40YnKsf9Q6LEji3TFnjweHoJLbOVsEeCKBxW2ReVBQlbTLoorAb11mfIiSTDDcL6kpF8tJVzp2awcA8l6JEr1P0sResFZZmW07JhoWoEmD288Dd34C55plKuM3HIncmioT/VJKcdmySgVI+MeYoxZDrMn/HbGaJIyCZJoqlBVFddDX84asrqYi
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0027_01D7350F.EACEEC50"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af026cca-15a8-4c2b-132c-08d903164b33
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2021 09:34:13.3948 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jlM13NPQMAGg2iUyDwu3oKetrhwaUtEP2MMiZx9eZF/gdJZY7xM5JjRobAA+PRpEK00ktoolfhi0epzJJvycJnKg5LGEUFK9wTt+tUFC9ns=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3628
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/VtcC-Dx7sZg4b7S7TTGMM08Syls>
Subject: [tsvwg] STARTTLS and RFC6083bis
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2021 09:34:22 -0000
Hi, In the replacement of RFC 6083 proposal we are have made changes that makes STARTTLS non-viable. The reason is to remove the unclarity if a user message is protected or not. With parallel streams during the establishment phase supporting behavior requires additional functionality and API to deal with it. There was also the very important aspect that DTLS requires SCTP-AUTH. And SCTP-AUTH key management is using DTLS. Thus, STARTTLS can actually leave the SCTP-AUTH unkeyed which is not good, or require another keying solution, and another switch over issue. Thus, to simplify things we initiate DTLS immediately and requires that for the SCTP association. So from my perspective it appears simpler to have a process that if DTLS is to used that one opens a new SCTP association with SCTP-AUTH and DTLS. The only STARTTLS defined usage we do know about is RFC 3788 (SIGTRAN) but we don't know if that is actually deployed. Thus, anyone see an issue with this change? The github issue for this topic: https://github.com/gloinul/draft-westerlund-tsvwg-dtls-over-sctp-bis/issues/ 35 Cheers Magnus Westerlund
- [tsvwg] STARTTLS and RFC6083bis Magnus Westerlund