Re: [tsvwg] Errata for SCTP over DTLS
Martin Duke <martin.h.duke@gmail.com> Tue, 21 April 2020 16:28 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DCBA3A0E45 for <tsvwg@ietfa.amsl.com>; Tue, 21 Apr 2020 09:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oquKTqhVLPR9 for <tsvwg@ietfa.amsl.com>; Tue, 21 Apr 2020 09:28:02 -0700 (PDT)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACE633A1279 for <tsvwg@ietf.org>; Tue, 21 Apr 2020 09:23:46 -0700 (PDT)
Received: by mail-il1-x12b.google.com with SMTP id i16so9095915ils.12 for <tsvwg@ietf.org>; Tue, 21 Apr 2020 09:23:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z8Sn8yZRoSG0huzUDIrOLoIxVrf1wdi07unuB1SeWcs=; b=UpDHiErARVYcbl3JK4rjHNbXgSZOL7zN/Jiodkl7IPod8vMm61khPdypgTkLCIRA14 MO6FwI6GSxvDLWyE8I8xx5bDQIk3wFTE7nxoEPmZ+g3ysGSoW39cvHKZXojeHxsBq0lN rp8u3Fw4ucMIGl35JbGb2GAuZgBBvXGodubzFWQh+zF8Uu5gcblDqvrqnl8p2Bxr81IG CjcnBdaGwaSvE4Rp//gk+0pR8mEXXYP0ZRmn8zHTsbU2TYFIbgChwsirQqs6auVUqqvv N1EC/gwGGjcg/C1X/57Y2LpPbHbdufWXctH3vqiyCe+SeGk40AcOodU6PTBXKiJwXuDu 51yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z8Sn8yZRoSG0huzUDIrOLoIxVrf1wdi07unuB1SeWcs=; b=h3EcZ66wVWK7e3G3asCyD7irmQZCXjdA8vcpZc8bbo+VuPnJxu0GOXhdNdqs8Qp4WH z/211+yaFuSWP3ffgAdshj7Y/HleKpw0LaXgsicyWwYqBIkCtxZkejIqTwR/ot6YRdaJ qKnBChEcEqN4CaySwXOw9/4Fm084/GYcPptbu+ts3l+KkRZVhO2NT0yEM+scy1lmGbEA pPsYb8eXs1Xa9PepUrvz1SNGUjjohtxMmAskXXJcQYsVEbm8Vu//tetuza5A1bFvqbdP oTEcRB+1SHyqKnUXdDNT5iNkgyjP+z8yulWYO4+WwTCeu/VKVKJ9SZR5sO0pjz776lKz hxSw==
X-Gm-Message-State: AGi0Pua5Vmd/g1P3eNtO/z/vtCazkWGKkGGajOeAJ3N4eVMbjAKq7FdN ocNXUNlVZvvq68rq8Ck+qkh6b1GJq38cQfSJuuTeaw==
X-Google-Smtp-Source: APiQypI8QJs/TrCqsFKNMIx7y3nUOxKQH27D+wI0OQK3euz+y1AvB8zYPTWhzoSpdSJWhI4bXTx6UDfOJBjAr+Ohuxk=
X-Received: by 2002:a92:ba87:: with SMTP id t7mr21940131ill.287.1587486223500; Tue, 21 Apr 2020 09:23:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxSYQEE8QWFB72adcAhU5ZRm8J8GSvBu92Y39hacjJw9Og@mail.gmail.com> <8ED921F2-4856-4A08-A533-65361F713D39@lurchi.franken.de> <162e0727ba5a4bcea01d1930016d7d71@mera.com>
In-Reply-To: <162e0727ba5a4bcea01d1930016d7d71@mera.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Tue, 21 Apr 2020 09:23:32 -0700
Message-ID: <CAM4esxRa=gCMNqGdAM2ZuQmHKeSgh-ZMtDC04865LR8dQOL3HA@mail.gmail.com>
To: Maksim Proshin <maksim.proshin@mera.com>
Cc: Michael Tuexen <michael.tuexen@lurchi.franken.de>, tsvwg <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000070094b05a3cf7076"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hm3nzANw6KmKKwU-7DvRju0cIXo>
Subject: Re: [tsvwg] Errata for SCTP over DTLS
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 16:28:05 -0000
Thanks, I marked this "held for document update" On Tue, Apr 21, 2020 at 5:42 AM Maksim Proshin <maksim.proshin@mera.com> wrote: > Hi, > > We also met such behavior with the Finished message and I think b) is ok, > and yes, OpenSSL does that. However, the Finished message is usually used > to check that both ends can successfully decode messages after keys > exchange so it would be good to note that in such case real data will be > used for the check. > > BR, Maxim > > -----Original Message----- > From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Michael Tuexen > Sent: Monday, April 20, 2020 8:43 PM > To: Martin Duke <martin.h.duke@gmail.com> > Cc: tsvwg <tsvwg@ietf.org> > Subject: Re: [tsvwg] Errata for SCTP over DTLS > > > On 20. Apr 2020, at 18:06, Martin Duke <martin.h.duke@gmail.com> wrote: > > > > Hello tsvwg, > > > > I'm seeking to verify this erratum: > https://www.rfc-editor.org/errata/eid5744 but am definitely not an expert > on SCTP over DTLS. > > > > Is this is a simple oversight in the document? A flaw in the design that > should be fixed the next time around? Or just an incorrect report? > Hi Martin, > > when sending the ChangeCiperSpec message you use the old SCTP-AUTH key, > then you make the new active and then you send the Finished message. > The time between the two messages might be short. They can't be in one > packet. > > On the receiver side of these messages, the question is whether the new > SCTP-AUTH key is already configured by the DTLS layer, when the second > message is processed by the SCTP stack. > > Part of the answer depends on the interface between the SCTP stack and the > DTLS stack and how the SCTP stack behaves of it receives a packet with an > AUTH chunk using an unknown key. It could buffer it, for example, that is > not specified. > > If you look at SCTP kernel implementations and DTLS userland > implementations using the socket API, what sometimes (it is a race) happens > is that the Finished message is processed by the SCTP stack before the DTLS > configures the new key. > Therefore that packet is dropped by the implementation. A timer based > retransmission will fix that, but that is a performance impact. > > Ways to mitigate this are: > > (a) the sender waits some time between sending the ChangeCipherSpec and the > Finished. This is more a workaround, and since you don't know how long > to wait pretty hacky. > (b) allow the Finished message to be sent with the old key. That avoids the > problem. > > If I remember it correctly, the OpenSSL implementation of DTLS/SCTP does > (b). > > So I think it can be approved. > > Best regards > Michael > > > > Thanks, > > Martin > >
- [tsvwg] Errata for SCTP over DTLS Martin Duke
- Re: [tsvwg] Errata for SCTP over DTLS Michael Tuexen
- Re: [tsvwg] Errata for SCTP over DTLS Maksim Proshin
- Re: [tsvwg] Errata for SCTP over DTLS Martin Duke