Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
Michael Tuexen <michael.tuexen@lurchi.franken.de> Mon, 18 March 2024 07:18 UTC
Return-Path: <michael.tuexen@lurchi.franken.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65AD0C14F5E4 for <tsvwg@ietfa.amsl.com>; Mon, 18 Mar 2024 00:18:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.607
X-Spam-Level:
X-Spam-Status: No, score=-2.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJPiFTFpGxnW for <tsvwg@ietfa.amsl.com>; Mon, 18 Mar 2024 00:18:19 -0700 (PDT)
Received: from drew.franken.de (mail-n.franken.de [193.175.24.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A911C151093 for <tsvwg@ietf.org>; Mon, 18 Mar 2024 00:18:13 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2a02:8109:1140:c3d:d4b8:45eb:11dc:42]) (Authenticated sender: lurchi) by mail-n.franken.de (Postfix) with ESMTPSA id 45B23721E2806; Mon, 18 Mar 2024 08:18:09 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
From: Michael Tuexen <michael.tuexen@lurchi.franken.de>
In-Reply-To: <AS4PR07MB887498E4AFC609054B074A40952E2@AS4PR07MB8874.eurprd07.prod.outlook.com>
Date: Mon, 18 Mar 2024 08:18:08 +0100
Cc: tsvwg IETF list <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DEB2D70D-C457-4D79-9BED-95582E993B2C@lurchi.franken.de>
References: <AS4PR07MB887498E4AFC609054B074A40952E2@AS4PR07MB8874.eurprd07.prod.outlook.com>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/eOj4VH_caEEWhYTjRuC6hjcQjrw>
Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 07:18:23 -0000
> On 18. Mar 2024, at 00:04, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote: > > Hi, > In the design team we have discussion around barriers to implement DTLS Chunk (https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-chunk/) as part of SCTP stacks that are in open source OS kernels. The discussion in the design team indicated that they could implement and release the functionality described in the above draft. What was raised as an issue was the testing of this code using the API that would exist to the upper layer implementation that would implement the DTLS handshakes and rekeying per: https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-handshake/. > Is there any reason why one cannot actually write code to test this API without implementing almost any of draft-westerlund-tsvwg-sctp-dtls-handshake? I would think the goal of the kernel parts is to show that the lower layer and its API works and can Hi Magnus, this is my personal opinion with respect to implementing this in FreeBSD. Of course, one can do what you suggest. When I would implement it, most likely I would add support for it in packetdrill to do some functional testing. I guess some fuzz testing with tools like syzkaller would also be done. But when I'm implementing something (functionality in the kernel and an API for it) which has mainly one use case, I would really prefer to be able to test this in this use case. This is my personal preference and nothing requires me to do this testing. But not testing it seem sub-optimal to me. Best regards Michael > be used by a higher layer application on top of the SCTP stack. In a test application one could use hard coded keys and have multiple sets to test rekeying and not run DTLS handshakes at all between the endpoints. > Cheers > Magnus
- [tsvwg] DTLS for SCTP: DTLS Chunk kernel part tes… Magnus Westerlund
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Magnus Westerlund
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Marcelo Ricardo Leitner
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Claudio Porfiri
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Michael Tuexen
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Claudio Porfiri
- Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part… Magnus Westerlund