[tsvwg] New Liaison Statement, "Reply LS on SCTP-AUTH and DTLS"

Liaison Statement Management Tool <statements@ietf.org> Wed, 07 June 2023 17:32 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Liaison Statement Management Tool <statements@ietf.org>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Marten Seemann <martenseemann@gmail.com>
Cc: Charles Eckel <eckelcu@cisco.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Lionel Morand <lionel.morand@orange.com>, Marten Seemann <martenseemann@gmail.com>, Martin Duke <martin.h.duke@gmail.com>, Susanna Kooistra <3GPPLiaison@etsi.org>, Transport Area Working Group Discussion List <tsvwg@ietf.org>, Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>, liaison-coordination@iab.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <168615914773.33603.6174682492466355592@ietfa.amsl.com>
Date: Wed, 07 Jun 2023 10:32:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/n8pmqXwEwF6Uj3J78qxh4mPuBN0>
Subject: [tsvwg] New Liaison Statement, "Reply LS on SCTP-AUTH and DTLS"

Title: Reply LS on SCTP-AUTH and DTLS
Submission Date: 2023-06-07
URL of the IETF Web page: https://datatracker.ietf.org/liaison/1847/
Please reply by 2023-12-01
From: Charles Eckel <eckelcu@cisco.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>,Marten Seemann <martenseemann@gmail.com>
Cc: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>,Gorry Fairhurst <gorry@erg.abdn.ac.uk>,Marten Seemann <martenseemann@gmail.com>,Charles Eckel <eckelcu@cisco.com>,Transport Area Working Group Discussion List <tsvwg@ietf.org>,Martin Duke <martin.h.duke@gmail.com>
Response Contacts: Lionel Morand <lionel.morand@orange.com>,Susanna Kooistra <3GPPLiaison@etsi.org>
Technical Contacts: 
Purpose: For action

Referenced liaison: Updated LS to 3GPP regarding SCTP-AUTH and DTLS (https://datatracker.ietf.org/liaison/1806/)

Body: 1 Overall description

SA3 would like to thank IETF Transport Area Working Group (TSVWG) for notifying SA3 of the vulnerabilities related to SCTP-AUTH and DTLS over SCTP. 

SA3 agrees that the vulnerabilities are serious – they are affecting confidentiality, integrity, replay, and availability. Supporting DTLS over SCTP in N2, Xn, F1, and E1 interfaces has been made mandatory from Release 15 onwards. Therefore, SA3’s understanding is that it is important to solve all the security vulnerabilities, including the availability vulnerabilities. Since the problem is related to the use of DTLS with SCTP, SA3’s understanding is that the solution should be based on DTLS, and the solution should not rely on unsupported DTLS features

SA3 kindly asks TSVWG to work on and publish a solution as soon as possible.

2 Actions
To: IETF Transport Area Working Group (TSVWG)
ACTION: SA3 kindly asks IETF Transport Area Working Group (TSVWG) to take the above information into account and keep SA3 updated on TSVWG’s.

3 Dates of next TSG SA WG 3 meetings
SA3#112	14 - 18 August 2023	Goteborg, Sweden
SA3#113	6 - 10 November 2023	Chicago, USA
Attachments:

    S3-233355_revision_of_S3-233054_SCTP-AUTH and DTLS
    https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2023-06-07-3gpp-tsvwg-reply-ls-on-sctp-auth-and-dtls-attachment-1.docx

[tsvwg] New Liaison Statement, "Reply LS on SCTP-… Liaison Statement Management Tool