IETF Logo Mail Archive

[tsvwg] Update on DTLS in SCTP: draft-westerlund-tsvwg-sctp-dtls-chunk-03 and draft-westerlund-tsvwg-sctp-dtls-handshake-03

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 30 October 2024 15:18 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678D4C1CAF2C for <tsvwg@ietfa.amsl.com>; Wed, 30 Oct 2024 08:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.253
X-Spam-Level:
X-Spam-Status: No, score=-2.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Qu9diOARBHU for <tsvwg@ietfa.amsl.com>; Wed, 30 Oct 2024 08:18:47 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2074.outbound.protection.outlook.com [40.107.21.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 023D5C18DB94 for <tsvwg@ietf.org>; Wed, 30 Oct 2024 08:18:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kB7pUVJLafvnXXrjz2xianAoRKiQKGS7M23mpnCfUyNed2OMOEiSr0sFiNVitNLFPWr43eY7pXppvY4QKxP3Vt+OnSCCFA0Yy9V7H9L6uR2Jjgao7E4LCFyqqua05Gdd67uRDEpKEa6kQxi5yfthBoHRehLytdzlGdIXXyiRq9Lxu8iOFZDS1+12beBXvJDQoHpqOILy35xkUvAEI2RAN6vB2sxwrhuV6gF4hdF4V8MQB/7EsJjyt+r5H57n7dzWQ13+2VQp3u5ChumJzzWZ4gtufeS21uiMsDZQtXBvH65ZAhiFUhTehG6+Euk0FiyRr3X8dc3p7l/pUDHHHOTYFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7OEhxldpCc++as/4TPnEY/69xFHo2Z8yKC5xQLSfm/g=; b=AcS2sWBf+j/PjC2qXhVmxEySZCNqc3/0vx+4asMmxh2zepYm4Yl8Woatrq3pdJmtuHHwMMllo5Yn6nbBEYTGm+iIJUAy7TIyi/w/ENr3E15DQl741oAzEFdm3tNIgR2fd8rZWUA2me9+MaIWSJ0nt041wd546Zlls/QitW4xmKGoahs85HdfxpKWjDPeQzfeRff782KdCzIEgQ585W6gxKJtGO4XU9zn0qiPsBoh5itIXm2NWVJzvugJXzJSSmPNAc/x2ve8L8rj0H/I5LHXPxdCHNpsDM/UhNxPmENIjCwWFNtgyrslrIfmDlQ7R9LVbXLoB6micLBK5mGCucWwNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7OEhxldpCc++as/4TPnEY/69xFHo2Z8yKC5xQLSfm/g=; b=jjRDBJlMdMEFptHU8VgGmgDLhXFb2k+47Kmf+S59/ivgFTRQIckCncxXkNfsW6/zCSqhAGBLV7QSpMfBu9uXJyCePWfbkZ7ny6UU4z0P05NidPHzkt4ZV49fknnokZfhzEGWnqwWhd0Wfhu60fyqNFP0Z6h/dgHwEitv9ru3KF8/ckVW6c9756yhycr4N+AKpOUzGSizBAGjXRbJRFzGEiabb3PrHGxgBw0Lv/yn4KO2UZkSJhLSeSBENYarVQTk1dMq1XkyI1EBiyBoKeOJIqBXJ9HRg7EjcR7khwWX0i2nxTgU7hjuvyassK388FixOtvnT+CNF84ZXlG/WVuFjw==
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com (2603:10a6:20b:4f5::6) by AS8PR07MB7352.eurprd07.prod.outlook.com (2603:10a6:20b:2a9::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8114.20; Wed, 30 Oct 2024 15:18:43 +0000
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::5dc8:3768:1f55:6b14]) by AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::5dc8:3768:1f55:6b14%5]) with mapi id 15.20.8093.027; Wed, 30 Oct 2024 15:18:43 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: Update on DTLS in SCTP: draft-westerlund-tsvwg-sctp-dtls-chunk-03 and draft-westerlund-tsvwg-sctp-dtls-handshake-03
Thread-Index: AQHbKt2Cmzpqz9JGc02sRojeUMTnWw==
Date: Wed, 30 Oct 2024 15:18:43 +0000
Message-ID: <AS4PR07MB8874C914F5277DDA10941A1E95542@AS4PR07MB8874.eurprd07.prod.outlook.com>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS4PR07MB8874:EE_|AS8PR07MB7352:EE_
x-ms-office365-filtering-correlation-id: 08fdfba4-30ff-4bd4-90f9-08dcf8f62466
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|8096899003|38070700018;
x-microsoft-antispam-message-info: em1DVEHbaJwpIeMFU76sC44vnxN9mmsPM77Qv8gQkFHpwUk04zZEH67ASL2ICje/tfnMmgZXgNrUUiWov2E6qOYApjU4MUnaGjq+wkvB/ERv86Dsq2RNvUMuBs3M9JRxmMe1rIeUVWMcvkbAZS3JAKZHPkqsfNLUKc+fd/s9gn2WF6oD8gpFsDHg1j4qurLd+QiKWzIjXLTp4aFsAIXSiyOu+WsRFHb5XZ6S1g8NISz5BDvZ038nAtEzHO32D+otRN89ZceRQsmKvBtKDGh+C02kiSZtxOOw7GnUx/e8kEpw6XcZCv77fJ9WlnZyZUuE4Pycbk6XmWs2TH/vAHiZgNJo9czs0KePqaHwLkwNTuRfSScsPCoOCKj+km0qqkXYY8mXwqk49bVf9NyHcsAIXV/IYFjD+CIjYMWHyRRQXEGfzeyXDkFs/7rZuIc3KIeP9si75L6uOsjeCPPWwaDGQ1/qpc2hQDHifgK46ljBbZ87yFZqy3I118bd6zmVcvhDqZVy8FW70NCr7Pq9laoae0zos/+UK643BWcO/zdt7J/zX3M/xj/nCtGv7EfHhu0N+IDX8dVWZIYqfu2wwnKDWVkrJ54BWtFE2iaDk4fMxb2Ha5+vPLcpgeWxrH1G0sivx/33KmNBOYpChaZQJExfbFRYwwvxmptuMPqubYDya69vrqHn7FoBwI9ydXRGolIAKcGxRVpF5nyO8575OVVodD4hUTdKZxorWaBvrB+4NogHKtbZ/szucS2ajME6ZRjbyFC+hwOewrjxLusAMGszn1P1RXDKFJfLAT6Iv81OyuTvDGbbHIIpZA53LZwZjWzLZN/UX7IwYszTEliR64F9TngLh8rsFBzWaYIsuG1NoyJ+NURepN7eYIvcBF4zIhPFgroLzGiFZcl/EjJscQbfdrk1xRjXCCHQuF62JizQMxoKLfU0y782OlyA6sCpOFIUz7cqWdysaojrCrF0xuGCgrxDBdrCxTg6+Lz448WMV8AExkwL5zPxJT2u6fH5rtMlbzPFus6tuVcCiisn9zsJ7HM9cabjnCyL7dUmM9PrShiRp8XQv8PKBuyoVqTMHSZWqYMYlxirJMAc7u3ijKrBAmS1zvbxWIrWiObeebt1jtR7TyRq8MBFgqLYpoGanaRbLfgos3wME31sKfkv5E5yYrm3Cg+Vijj6geOiX2xiW2pfWN8kR+Q8wuFyd0cXxcos7rXVSD0lAR8Mk/OtFDgcqUQrz+CL+k1M+Oe2ir5wdOP5R/PPgmLnYUhwKfikzonsz7aGm6fmRmdxNgokOmNJtvlvqXK9+VgIWs4MyMhiHW+vv5nChmd1K5qhhkBp4w++9pNAgCKOR5qFMY5PYPz2pL9DdakKH55sxnNA0A7zQEmEBFNxGcxF76ZlGWkt+MRw
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR07MB8874.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(8096899003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0AVrfui5t7hIKMh413EyzESvdDaRE3eauTZpj6DmnIQcoQQBBLot5I7K7OwTtbWkjxyHIUOIwarW4QmgryribU97eL8qs3wPzjqxe8dls5Ibao4ZPEpfGNr0o236rnvNVviddat3gQghUMXZLIn9px8oxDhRWTFAE4GR5Sj/vTMihN/hscVkdJdbbdWTebX7jbayBwW/2tYXoP095FeW/oeNa2x6qRXs+KwUtNeCXg2otwf4pTG5FJOO+uGBDjMxhiJc6ZpUj5tV7yAJdOJacSw1ANbpo0HHqVBm6/3jb1Tf6bT8ZQw1p5+5gK4wrDaopKNccFEOqNNVCJYZihAeXhx0AVrmd3OBxOcb+vnnbP7pcd8iw5j3YKInUXXIct0jC3r38Y84wwSQCAmTliugC8WaHBNZrN1UdoDRZUFc6ppsXuSq/OoDcQIROc++rSNe4qYzlHlGvmYlqRxZTDrrB4JEApPt+J5DoDWnBnsHXPKRZk7f/SNumL43eUxBjnpdhlDUiLB6/AiNFkEPSxu/kC15dkDk2GHO4mXB5+OgV8f1MOd+owmw1bJ3ycVYCYdT3W5cvXWwZtw3595fCidYNo0WiMX7xG+gnMnAhwNIZd7a+A2ptzc+4htJ4tB1ofoKF8m0gJ8TEwd8douEhT1kggbfarhIeq+YJZkYkLMUxEaMux+TaGM+maUpqRwyLOtbiBJS9EYkpIayAAdjoXNcbDPNmNfQNr6Y5cha0Xtt68t7fQA1dVhFWZlA4+zxkGH2/ctBB9KMcNTW5uBaPhXSWFWp43SRmtsm59rCTgh7SsBgxKBxuDbXvZ++qKJBLzXqO27hPMIkQbvlegD1PDDlNu/n2oEtia7Vu8Iol0oLjlWmCXYUtHAB7tmyYlI5n6Co+lMGCmIjj/QivS3hgk4RUcE8In0KSZrO36S3TKhmZ4GcgABRprTll+VkJ4/KFn65RyaJS/lyLoLbAntXkLe+VVyUd//MqHu1juunXCjTawFK40xcQy+XtV2hzpYJBWO+0+u7a0iMzgPulgMoVG+x98hICuEd2N9zhEkXtMDu7TogngFYAGT/3+9KAww6HRCCWJC5o3Bmoh1wY6XKK0AAKEyy66eYWT2FHGbQ0K5U63iGh9IupyT6QPaA4R6g9GvrMAeAjzYODEqJK9TkzsQXIQu8jP7wf848Oo91FsVHFB9nHDnqR38t7vX5CGxD+TwF2cAYsVWqgx9U1+6TEivzIpQRFE1DdvuOrQGNpyO7TLJkZzPho5ty6mc+BNtBhLqnjtVOlRMXeIyxGvBO2Vjyjo/hXvLqrfgGjRI0LmVzUiijcJmP4JPe1DY1/vAqRcjm/YOZoVnsKPaXMQ0m6TfniDsZFNsnmjNwCYJ/CLx+8CimJWl+M5q0F7WQcLuF+RwNiFNQyGrQmXVya3zVJl+KgPgyZfHl3aj5/OtNrnCcF3lYPXPbbftGcjsxK8sTGknppRh1PnzfLhIji2i1vYJNMnOqMXfWCQjuH4cfgSxboGJ+00I8AMU0gQhRncXDpv+sKKYyY/RW41y9U1xaEuwK5qia8nluTbIsaC2Ed2i5EJZacxZoVOJsoddjrIY/zDg3DWc4w4OZUugkFOmW0WplPw3DcF/3U+1j5ZrgqykEX6A=
Content-Type: multipart/alternative; boundary="_000_AS4PR07MB8874C914F5277DDA10941A1E95542AS4PR07MB8874eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS4PR07MB8874.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 08fdfba4-30ff-4bd4-90f9-08dcf8f62466
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2024 15:18:43.5492 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R21jTwbraByt/TPntGV3wQu0gvhoUGh1+vJqVSUz8RCHoIv5jaDCjYqdpxvqjbbXN2cwkEjDAkuAdMO+6KPafGcU8XkON/8BjILyUq88VRc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7352
Message-ID-Hash: 3DBXU6NYL4FSNNUVQPZTVNJYRFC2QG6Z
X-Message-ID-Hash: 3DBXU6NYL4FSNNUVQPZTVNJYRFC2QG6Z
X-MailFrom: magnus.westerlund@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tsvwg] Update on DTLS in SCTP: draft-westerlund-tsvwg-sctp-dtls-chunk-03 and draft-westerlund-tsvwg-sctp-dtls-handshake-03
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/wgJeEM2TG38sgUYtPvEh0ac7BiI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>

WG,

We updated our draft for the DTLS in SCTP solution:
https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-chunk/
https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-handshake/

The changes are to a large degree based on the implementation experience we got from implementing this solution in our product code base and performing some testing. The main changes are:


  *   We found a potential deadlock situation during the handshake and when entering validation state that has been resolved.
  *   We run into the issue that when one offer both this solution and RFC 6083 one need to consider all parameters and then select the solution most preferred. So that has been clarified.
  *   We also in this process realized that allowing PPID=4242 which carries the DTLS handshake to be sent without encryption and integrity verification opens up a security risk that an attacker can attempt to manipulate the receiver window by injecting data using this PPID. Thus we now require all traffic to be protected after having reached the protected state.

With these changes we think the documents are in good shape and could be progressed towards publication quite rapidly. From a readability perspective the handshake draft could benefit from an editorial pass, but we don’t have any technical issues at this point.

Cheers

Magnus

v2.29.0 | Report a Bug | By Email | System Status