IETF Logo Mail Archive

Re: [tsvwg] WGLC for draft-ietf-tsvwg-sctp-dtls-encaps: To End 28th February 2014

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 27 February 2014 08:14 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52FB81A005A for <tsvwg@ietfa.amsl.com>; Thu, 27 Feb 2014 00:14:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3yVk5kIqiX7J for <tsvwg@ietfa.amsl.com>; Thu, 27 Feb 2014 00:14:22 -0800 (PST)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id 759E21A00CF for <tsvwg@ietf.org>; Thu, 27 Feb 2014 00:14:21 -0800 (PST)
X-AuditID: c1b4fb38-b7f418e000001099-2f-530ef3db226b
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id D2.0E.04249.BD3FE035; Thu, 27 Feb 2014 09:14:19 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.56) with Microsoft SMTP Server id 14.2.347.0; Thu, 27 Feb 2014 09:14:19 +0100
Message-ID: <530EF3DB.9020303@ericsson.com>
Date: Thu, 27 Feb 2014 09:14:19 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: tsvwg WG <tsvwg@ietf.org>
References: <52F51569.8020501@erg.abdn.ac.uk>
In-Reply-To: <52F51569.8020501@erg.abdn.ac.uk>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFJMWRmVeSWpSXmKPExsUyM+Jvje7tz3zBBhemKloce3OXzYHRY8mS n0wBjFFcNimpOZllqUX6dglcGR19X9gL3mpUrH61mrWBcaNCFyMHh4SAicS+3fJdjJxAppjE hXvr2boYuTiEBI4wSkw7fJ8FwlnOKHHs8QFGkCpeAW2J3+8/sYDYLAKqEkfnXmUHsdkELCRu /mhkA7FFBYIldh74DVUvKHFy5hOwehEBWYnOcy1gtrBAjMTeSa+YQWwhAV2Jq+2/wXo5BfQk zr6cwAxxnLhET2MQSJgZKDzlagsjhC0v0bx1NlSrtkRDUwfrBEbBWUi2zULSMgtJywJG5lWM HMWpxUm56UYGmxiB4Xdwy2+LHYyX/9ocYpTmYFES5/341jlISCA9sSQ1OzW1ILUovqg0J7X4 ECMTB6dUA+OWM5cVdK5JmEzu2O7Itu/Z3p3l/vKcczU1506dUhzN8Tv4qvozo6anKlf9DtzY Xbh40bMDV8S6VtjwJi62375EM+/Q/gVpB8IXb92ufbUxkM2utOr8d2mpY786ayYuk3yxXe1M mrz4jqe3Yh/fTmY035vz/tl8Nv2Loj4/jm0p2Xj+x4nYC8E8SizFGYmGWsxFxYkAkFvXqg0C AAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/tsvwg/c8ZHiiULnpHSwJXKUMu2hkR4eFA
Subject: Re: [tsvwg] WGLC for draft-ietf-tsvwg-sctp-dtls-encaps: To End 28th February 2014
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 08:14:24 -0000

On 2014-02-07 18:18, Gorry Fairhurst wrote:
> This email announces the start of a working group last call
> of draft-ietf-tsvwg-sctp-dtls-encaps-03,
> "DTLS Encapsulation of SCTP Packets". This document was
> discussed at the WG meeting in Vancouver and was thought at that
> meeting to be ready for WG review, this email starts this process by
> requesting review comments.
> 
> Please send any comments, notes of support, or concerns to the TSVWG list.
> 
> The draft is available at:
> http://tools.ietf.org/html/draft-ietf-tsvwg-sctp-dtls-encaps
> 
> The last call will run for TWO weeks, ending 28th February 2014.
> 
> James, David, and Gorry
> (TSVWG Chairs)
> tsvwg-chairs@ietf.org
> 

WG,

I have review the draft and think it is mostly ready but there are some
issue I would like to bring to your attention for discussion.

1) Section 1.1

   The Stream Control Transmission Protocol (SCTP) as defined in
   [RFC4960] is a transport protocol running on top of the network
   protocols IPv4 or IPv6.  This document specifies how SCTP is used on
   top of the Datagram Transport Layer Security (DTLS) protocol defined
   in [RFC6347].  This encapsulation is used for example within the
   RTCWeb protocol suite (see [I-D.ietf-rtcweb-overview] for an
   overview) for transporting non-media data between browsers.  The
   architecture of this stack is described in
   [I-D.ietf-rtcweb-data-channel].

I would like to rewrite this to:

   The Stream Control Transmission Protocol (SCTP) as defined in
   [RFC4960] is a transport protocol running on top of the network
   protocols IPv4 [RFC0791] or IPv6 [RFC2460].  This document specifies
   how SCTP is used on top of the Datagram Transport Layer Security
   (DTLS) protocol defined in [RFC6347].  This encapsulation is used
   for example within the WebRTC protocol suite (see [I-D.ietf-rtcweb-
   overview] for an overview) for transporting non-RTP [RFC3550] data
   between browsers.  The architecture of this stack is described in
   [I-D.ietf-rtcweb-data-channel].

Changes are:
- References for IP
- RTCWEB -> WebRTC
- non-media to non-RTP data

2) Section 1.3:

I think there are a need for some terms not yet mentioned to have
references to where they are defined. The terms I consider needing
references are:
- PPID
- TCP
- TLS

MTU would be good also.

3) Section 4:

   The DTLS implementation MUST be based on [RFC6347].

What happens when RFC 6347 is obsoleted? And that obsoletion can be
based on two cases, either the whole DTLS version is being replaced or
the RFC just updated for the same DTLS version. The later case I
definitely should be less locked in. For the DTLS version it is a
question of interoperability. Thus I think one probably should word this as:

   The DTLS implementation MUST be based on DTLS 1.2 [RFC6347].

Then one could add supporting future versions of DTLS is RECOMMENDED if
defined.

4) Section 4:

   If path MTU discovery is performed by the DTLS layer, the method
   described in [RFC4821] MUST be used.  For probe packets, the
   extension defined in [RFC6520] MUST be used.

   If path MTU discovery is performed by the SCTP layer and IPv4 is used
   as the network layer protocol, the DTLS implementation MUST allow the
   DTLS user to enforce that the corresponding IPv4 packet is sent with
   the DF bit set.

Although this is stated, there are no requirement that I find in the
specification that says that you MUST implement a PMTUD method. My
understanding is that IP/UDP/DTLS/SCTP is going to have a misserable
time working if one ends up with IP fragments in other cases than for
PMTUD probing packets. Thus, I think there needs to be a requirement on
implementing some type of PMTUD method that works in this setting.

I propose:

   An implementation of SCTP over DTLS MUST implement and use a path
   MTU discovery method that functions without ICMP to provide SCTP
   with a MTU estimate. An implementation of "Packetization Layer Path
   MTU Discovery" [RFC4821] either in SCTP or DTLS is RECOMMENDED.

I do note that this text is not suitable in any of the existing
sections. Maybe a new section between 3 and 4 for general considerations.

5) Section 7.

It is not obvious that this do not create new security issues. To me an
obvious candidate for causing potential issues is the requirement on
SCTP to be able to function without ICMP. Are there behaviors introduced
that are a result of not receiving ICMP because they are not provided to
SCTP, which compared to SCTP over IP would not exist. At the same time I
do realize that it protects the SCTP stack from some attack vectors
through ICMP.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email