IETF Logo Mail Archive

Re: [tsvwg] Comments regarding draft-westerlund-tsvwg-sctp-crypto-chunk

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 27 July 2023 23:09 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B931BC15108A for <tsvwg@ietfa.amsl.com>; Thu, 27 Jul 2023 16:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nzrm7voHUFTD for <tsvwg@ietfa.amsl.com>; Thu, 27 Jul 2023 16:09:00 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2066.outbound.protection.outlook.com [40.107.6.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC019C151060 for <tsvwg@ietf.org>; Thu, 27 Jul 2023 16:08:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Al+1G2gkg8iC2yQ2UlXg7zr1cEfOHGh3oqfS076wBWNWeu7t/0ZR+CiZR4zV+WXAHW3R/JWE2moxLac0BF/IT9H7pdjUOjfOLIq0BFR06IhirHwuZwIBwz0PG2K1bE+47vAS4h+rzXdpWxga6ELRki9+QlxG62mG6ByIjYxLcbJIwOzeu5I+JRtprD02ziIfxnsKYO4qz7Qh5TPQUkrcovFYHbC8PL0R4MHHaiL1wrTdgUrAcg1PSz8S7Fjz1V5Dncka3ZQb04/MkfGHCmdoEhytrGjge+ALxJLxFUqLqUEyhx4Trgv+0h61yBb3gISnb7ROCiPKHjIpXq3F0zomWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RSi7OH/BDpGdxvfRMpFtcy4kUsoaOUA6/xy6XeEKWO4=; b=gyLpLO0Nb3jH6AO48gyTj7ANHEMshkrNEVOD/F1T/X+INHIjwtCUEbmtq1yRlZJQIaP9pd/pQ+8k4uIQhxZ4Y08AVD929hzpL7aUtpAj4Ax7zgo+gzim/WIx/rHcKDIDgz/4DH29onvKd7XIZ2YetBefoZwnfiCXQGoeTsfCUv99Li+YDisrk3KuitbFc1LqB1OsPwuscYqiyYg0k+SvtkrJYBX8Jlw0dQBqRrPRUTX9ygvgce1JXjtIE6Wl9vAWVQ7co3VUmgRLdFGpCQuA1fhvop3cuvhpz7M2/PHOcqJ1AEDRLDf3VPlpWfxzQiFbIGcXAcxSuY3Br5hZhgjleQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RSi7OH/BDpGdxvfRMpFtcy4kUsoaOUA6/xy6XeEKWO4=; b=GIMF/djP4k6E9kPy4J4L+rpZCI7niiINSiEGFKHTbl2aR71pSKJwrOQ6K9UBbNWSLCCX2XXEAjDHV5GuiuHgKq04cryEVz6XZZzWthU1l8ef49+37ugqohwYUROHNNndohhEINPHsTyPQrw6Icgf8iXQVtApMN1uE/TEeKXGTh4=
Received: from DU0PR07MB8970.eurprd07.prod.outlook.com (2603:10a6:10:40e::17) by VI1PR07MB9573.eurprd07.prod.outlook.com (2603:10a6:800:1cb::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.29; Thu, 27 Jul 2023 23:08:56 +0000
Received: from DU0PR07MB8970.eurprd07.prod.outlook.com ([fe80::f42d:c1c8:7d3:f559]) by DU0PR07MB8970.eurprd07.prod.outlook.com ([fe80::f42d:c1c8:7d3:f559%7]) with mapi id 15.20.6631.026; Thu, 27 Jul 2023 23:08:56 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "tuexen@fh-muenster.de" <tuexen@fh-muenster.de>
CC: tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: [tsvwg] Comments regarding draft-westerlund-tsvwg-sctp-crypto-chunk
Thread-Index: AQHZwAIpDiISJ7SzxUq2WAzDZ8jwYa/M2IM0gADyRwCAAHLwcg==
Date: Thu, 27 Jul 2023 23:08:56 +0000
Message-ID: <DU0PR07MB8970E6392918E1B48A1BA09C9501A@DU0PR07MB8970.eurprd07.prod.outlook.com>
References: <C99AB203-643D-41BB-94C4-F9B2A643923B@fh-muenster.de> <DU0PR07MB8970C2269BFC6789A589E83E9501A@DU0PR07MB8970.eurprd07.prod.outlook.com> <965444D7-BBD4-41D8-B7C2-ED5600B11330@fh-muenster.de>
In-Reply-To: <965444D7-BBD4-41D8-B7C2-ED5600B11330@fh-muenster.de>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0PR07MB8970:EE_|VI1PR07MB9573:EE_
x-ms-office365-filtering-correlation-id: bc64aef6-7de2-43c8-85ab-08db8ef67453
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /PFKA25Va5CMHoBxix53njIzWKaJl1/FpdV8pbsamFj38E9t9SKYuY5ND3vxx56vu2BTyrzbFb6AG882ab4YXqmlGUywDm28gt2AYuQUJ2usRzn3dqyleMYC8gqtYtbjnkYsDrxAnE9Rm2ED6ZJbtf7rOTSeIcHaomreuUmRsG7HGC5fkqwdI/pJTfZa+P8oVze4Lzu5UNErKULb3kISDSIkGjO/LsSsgl26Vf1mijbvR4jnapd7cS4h90qwJuIMU1E1rUXR7+YF2IYbWr0HMy5NW7FzX2YZfXvklrDYaq+vH0RwHr8y4GfTF8dZAzrtgloYBYA3OIAdoMObM3dlYPT/RjrlR8mseBCZg1Yk3JNkPiWHZNut9bqO1r5AxZ8FKs6hqCLN2ejv9Iia6p343v87gOa9QK4h0QI5S3mn5X/9dF7J+ZqypACNqVtyr2ihxcmmz0TsDdVmA0ssohVpH5kF4DPw/rQQWgj+ajsE/8ybba6RsslP+25gNve7z4sg128Y7LLlLkuDYu6VRKa392hOrozFTpSTYheYg+tOtXqzCYhG6xlSpmN5R25nkUIoLdYnGmlRgN1gooTSFMrrtkjHnjoVjl0nRlaMYuV+8uQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR07MB8970.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(396003)(376002)(346002)(366004)(39860400002)(451199021)(5660300002)(8936002)(8676002)(52536014)(316002)(33656002)(53546011)(6506007)(86362001)(26005)(186003)(4326008)(76116006)(7696005)(6916009)(44832011)(71200400001)(66446008)(66556008)(66946007)(9686003)(66476007)(64756008)(38070700005)(122000001)(83380400001)(41300700001)(99936003)(2906002)(478600001)(55016003)(82960400001)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EO0CBwGO6VFspMvEixWkQxhJZeD/gHX684Zxrz24O7Q+/g0MqFlZhlcUqjFDwRr/y0MfitDu+alItWIFGT1nny/+ggKQJxcoJkylSk9TVqqnwq6glweGoOBzyuplhzg4UHrr5g6ylbg5jbmXMUdkrxidCjMVDyYDlLXZ50xDcDi3yAb2tNP1ZJM10g6H62PH+Yd5i6Wx8Gbl7BOI+aeS+6zNrwSqQmYX0+OksSpiY/iatKTdz1aj1YYvH2dFLAY/tBXDHBJmwv91J+EhFCNyiMGlNOb7Fd4a3QL4qCsbHH68I48yYANLX4fLBJgswvxZw5qLy/Q4g7BSLKhex9HN4vcQkNBCPDB6egHYp0zJbw58ItM5FQk3ee9kTcuED07WvPs6xo03rI533WJnQs5TzPvJLdISx7OTGoY6ngOR9H33C2tf7+navJUmyDQIo2BmzAtOkPf3rSN2UunGtYUccMQF2YODB3h/RwyiLj/ue0IFD6mjDjw5vtBtbZn+TplVZHFqrNwKPLaNCROwouYLKDxJLcXRfBYZAAq4vwT4TxfV05hpWIzmgEGs4QajkIyuJCqycRazzKF444MGpQWbjXL+q/2FU0u2KvQQnC2F0JT9SiUmVkagE6UfV7iJZaPsPXcOU3mOsrUJZXPZiXhIKdlasXJV5HEt3xWpWcqerFFupGsC/ZINW6b28JsS0BsiEJJwPrVljMj6WvGAIHPJMXKyRigiWYvTGoe9++5JQg19ayItREcVzAAVFDmevX2Nq+uNgA2LNB/FdBwdkADuN7E57vQECeHsJiLgLHf6nw4fvoFw04w7PHQzaa2lkIJRpgVupun1QmnmrAFyLdvCVVs/3U1wANLk5ZdiCXcuwVrjQhHbdV8b/N/5HdWg9KGQCcO5qQAW8AZvxTfsaxfVt8Tdm6FL+r8DbDD8kS/7PLURqV1LUEswM82YoXbDMpnECefPDrAhpJm5ij06TAeL8v8TrPToC0rJi5/rYin8GeSDswqLt/9qg/a/fayEjPXpNLb4g/2/TFoCMgwYc3fG1aSAcj0Xe4695V8u0NdHrWoXNT5+BZkI0+COUJX6IZQC+uLpIiEhLFQWe3XfwWaQ8opVAmT/NzGiOei/tpzL+9E/GOps2EPVcT/3WmlhizR7ywYhRVmOBRIqbOdedWjwC0qeY7S+8CkuBw0MFqX4q03z4sIiaMYXzWrw1kitsggCBf5ImjwCPaR5g0UnVPKULk9fuLYx9WeLVjbaiPWxUmUjY5cmn+/AnRpfh8VLn/GxNMlE+pQb/tjVcU0Lr+6C7b8Lr9JJeq8RxinRm/NZEl1My6t0cB0OVg5LDSPqqgb8zEo0qY76JpUJ/7gJGTLaJ+7xBA7nb/4rcj2bdVOAxnq25ef9pa66GNOn8zOdkZZT7Vebtuy5l2surnSz5nVaHwZnDWcjy9axx9VHa0ymhioqBfoX36fbwF7a5TYY8jhZJTIuw92TyYKPFsMDC3aq9j9x9fmg41fONWLQmOlsUT9eSpbnlFHkUlnml0Dq39/mrZWDjPdWu0vvI5g3C2N5FF7AGKaPQvQWqSbDlG1eUKBSdKbykjud4njSNU3m1grUjpsiqd0Pg2yl5lQtOYkgvlhWqBnFn+WVrW9oO+LMYmk=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_D75CF41F-AC9B-4341-B80C-C1A9D06213BA_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR07MB8970.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc64aef6-7de2-43c8-85ab-08db8ef67453
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2023 23:08:56.7645 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wAd0r+yrAJtYN/C8jpr+n61H+wLxMGov0QCDqWzdYfSQ5v+lsmtcrOZ2fvy1dQTkkds3VymfyTGWDpDtPKCrGnfSjvCSQB2/FifaPutp9so=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB9573
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/j31tHq-Mqmvhh1yq6Ozf2-fbKHs>
Subject: Re: [tsvwg] Comments regarding draft-westerlund-tsvwg-sctp-crypto-chunk
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2023 23:09:04 -0000

Hi, 

See below. 

On 2023-07-27, 09:15, "tuexen@fh-muenster.de" <tuexen@fh-muenster.de> wrote: 
> On 27. Jul 2023, at 08:27, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org <mailto:40ericsson.com@dmarc.ietf.org>> wrote: 

> 

> Hi Michael, 

> On the major issue, as we talked here in San Francisco I think it is possible to do what you suggest. It impacts the extensibility in that any future protection engine would need to define a crypto chunk protection specification that is added as an algorithm used to protect. We definitely need algorithm agility at this layer independently so I think it is more a document structure thing. We will look into this in more detail to see if there are any issues, but it sounds possible to make this change. I will note that that this would likely mean that we define the crypto chunk such that it has two defined payload protection’s one being the DTLS 1.2 record layer, one being the DTLS 1.3 record layer. The API to this function would then 


Why do we need to support DTLS 1.2 and DTLS 1.3? Wouldn't it be simpler to support only one version? 

I would suggest to use DTLS 1.3 only... 



MW: Yes, and we proposed before that we should go DTLS 1.3 only. There was push back on that, but I guess with the delay this might be more acceptable at this point. The issue is that so far there are limited availability of DTLS 1.3 stacks, and especially there none from OpenSSL which I think is a reason that makes many less happy. 

Cheers 

Magnus

v2.40.4 | Report a Bug | By Email | System Status