IETF Logo Mail Archive

[tsvwg] Query regarding random parameter in SCTP-AUTH RFC 4895

Shweta r <shweta.k.r@huawei.com> Tue, 05 June 2018 06:35 UTC

Return-Path: <shweta.k.r@huawei.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A701130EE0 for <tsvwg@ietfa.amsl.com>; Mon, 4 Jun 2018 23:35:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fll24pZcqwJu for <tsvwg@ietfa.amsl.com>; Mon, 4 Jun 2018 23:35:40 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE38C130EDE for <tsvwg@ietf.org>; Mon, 4 Jun 2018 23:35:39 -0700 (PDT)
Received: from lhreml703-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 7D933224F068E for <tsvwg@ietf.org>; Tue, 5 Jun 2018 07:35:32 +0100 (IST)
Received: from DGGEMI404-HUB.china.huawei.com (10.3.17.142) by lhreml703-cah.china.huawei.com (10.201.108.44) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 5 Jun 2018 07:35:33 +0100
Received: from DGGEMI506-MBS.china.huawei.com ([169.254.3.92]) by dggemi404-hub.china.huawei.com ([10.3.17.142]) with mapi id 14.03.0382.000; Tue, 5 Jun 2018 14:35:20 +0800
From: Shweta r <shweta.k.r@huawei.com>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
CC: Ashutosh prakash <ashutosh.prakash@huawei.com>, Sharath Chandra B <sharathcb@huawei.com>, Sidhartha pant <sidhartha.pant@huawei.com>
Thread-Topic: Query regarding random parameter in SCTP-AUTH RFC 4895
Thread-Index: AdP8l1xvzHW+uN9dTO+47C2gCum3/A==
Date: Tue, 05 Jun 2018 06:35:20 +0000
Message-ID: <421CE35A2FDF994790546C7F50F875455E9601DB@dggemi506-mbs.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.18.208.102]
Content-Type: multipart/related; boundary="_004_421CE35A2FDF994790546C7F50F875455E9601DBdggemi506mbschi_"; type="multipart/alternative"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/oAJ7Yy6lksEi0WWfny_EGEsAC6M>
Subject: [tsvwg] Query regarding random parameter in SCTP-AUTH RFC 4895
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 06:35:43 -0000

Hi Group,

Greetings. I have a doubt regarding SCTP RFC 4895.


1)      section "3.1.  Random Parameter (RANDOM)".


      Random Number: n bytes (unsigned integer)
      This value represents an arbitrary Random Number in network byte order.

     Section 6.1.  Establishment of an Association Shared Key

    An SCTP endpoint willing to receive or send authenticated chunks MUST
    send one RANDOM parameter in its INIT or INIT-ACK chunk.  The RANDOM
    parameter MUST contain a 32-byte Random Number.

----> The random of size 32 bytes should be in network byte order means 32bytes is divided into 4 bytes partition (totally 8 partitions) and then ntohl is done for each partition ?


2)      Peer has asked for HB authentication.

In the scenario of sending HB to unconfirmed address, is it correct to bundle AUTH+HB and send to unconfirmed address ?

My doubt here is can AUTH be sent to unconfirmed address ?



3)      In 4985, it is given,



[cid:image001.png@01D3FB80.AFFCEAD0]



Local (auth support)                                                      Peer (Auth not support)



Send INIT with auth para and chunklist(DATA) -->

                                                                        <-----  sends INIT-ACK without auth parameters  (as per above section,  Peer ignore auth parameter received in INIT and sends INIT-ACK)

Cookie echo                                                   --->

                                                                      <----     cookie ack



                                               Association established.

                                                                     <----   sends DATA without AUTH chunk



Local should send SACK or discard the DATA as it does not have AUTH ?



4)      6.1.  Establishment of an Association Shared Key


    The concatenation is performed on byte vectors, and all numerical
   comparisons use network byte order to convert the key vectors to a number.

---->Can you please explain about how to convert key vector to a number and what should be the size of this number.


5)      What should be the length of  Association Shared Key ?  (As per RFC 2104 , the key can be of any length upto 64 bytes)


6)      For client SHA-1 most preferable

For server SHA-256 most preferable





       SCTP Client                                             SCTP Server

INIT send with (SHA-1, SHA-256)  ---->

                                                     <----   INIT Ack ( SHA-256, SHA-1)

Cookie                                         --->

                                                    <---  cookie ack



                                                    <--- sends DATA with  AUTH chunk HMAC Identifier= SHA-1


      Send SACK with AUTH chunk hmac id = SHA-256 ---->

         DATA & SACK processing should be success , this is my understanding.

        What is your opinion?




________________________________

Regards,
Shweta K R
Tester - VPP, 2012 LAB

Huawei Technologies India Pvt. Ltd.
Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield
Bengaluru, Karnataka - 560066
Tel: + 91-80-49160700 Ext 71553 II Mob: 9986601255|| Email: shwetakr@huawei.com

v2.23.0 | Report a Bug | By Email