IETF Logo Mail Archive

Re: [tsvwg] DTLS 1.3 over SCTP

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 17 July 2023 09:33 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E94CC1522CB for <tsvwg@ietfa.amsl.com>; Mon, 17 Jul 2023 02:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BhatBOKG5r6x for <tsvwg@ietfa.amsl.com>; Mon, 17 Jul 2023 02:33:32 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2064.outbound.protection.outlook.com [40.107.20.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9E0BC151AE5 for <tsvwg@ietf.org>; Mon, 17 Jul 2023 02:33:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OUWlZI2RLtJcE/vgnzlefAjtr7oIMXtjepvsLIlwVoZ9pIuIH5suYYupQiRRqirfletAw5l6+oJQW6NGts0cqoWNaTy8wjRKMPWmd4PHFpWe5WxZ4QsbP4QZuH81lPhnRFxwvRhgvZ3ZKkwmqU5H71Vk9ngVLUVyOaJtqyEOOcijP1tgSmJlP2B6Qua2c9HhQ4wb9ESnTHc9yTs0Nrx9PicgXYKvoIRJK8b5zZkIZMBcYcGGtJFz9zmNDAT2xGdwmVdS9WgQWkOgb9tYdbvKSrVFQzlRnFiw2bJL3ohGmMWPSrVVuerF07wwPOSHqjLK67+m4gWEmLrKZpltlIN53A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kIloKmaaiNsqDlr2ODnjrBJNQUGb6+pq60lUHHovnOA=; b=nzLBhTUdPCFZDv/TcuCJ4K+HN2WQnv6iclvx8nRlFADXg5Elw9TvwmjOIQ0V68NX5VaxBaLWHaPAXU3l1gY6Mc0X4VzRkW1o3iuroED1Fj7MtHbdbvP5n34XkN2Sr6DLL96Q17+WqFbIpNvTK1pdCq/ZysaFxYlxtVa8amUMXPAQeNiKTKa9ur3W7HI23ArT9BSD8czQ/j1h9zOk5GKZym7E1qRfW41V07GtUP6MhzcEbvMJp3agMMXbbiza/CpoBqxgKMDtZOz70e5J0UDlKS6SFFEcJ/5jEaIJ0vptTIrDq48fDJHEIASUa/WMozwCtzxfIt0khmEy4OX4jP92SQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kIloKmaaiNsqDlr2ODnjrBJNQUGb6+pq60lUHHovnOA=; b=gytr10yOuSyIMFtr+2iq7BeOrKD59FQmh3lwWv2QM6D4TbDFuE22yoiUBA9s9GWUW8lG4o0qfSNd/sdrWwYnQFN9oE7DUEQ/TI8D+raqyJSfkoypSXot3sCEIrrhaHWnjo2Rkn0tCaqBivTJoAMyOFi31vMhAOJO/nJyTfY3YuM=
Received: from DU0PR07MB8970.eurprd07.prod.outlook.com (2603:10a6:10:40e::17) by PA4PR07MB7326.eurprd07.prod.outlook.com (2603:10a6:102:d7::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6588.31; Mon, 17 Jul 2023 09:33:29 +0000
Received: from DU0PR07MB8970.eurprd07.prod.outlook.com ([fe80::f42d:c1c8:7d3:f559]) by DU0PR07MB8970.eurprd07.prod.outlook.com ([fe80::f42d:c1c8:7d3:f559%7]) with mapi id 15.20.6588.031; Mon, 17 Jul 2023 09:33:29 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Michael Tuexen <michael.tuexen@lurchi.franken.de>
CC: tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: [tsvwg] DTLS 1.3 over SCTP
Thread-Index: AQHZtZdYZRa9TnJdh0CQUleZ9o+qW6+5J6wRgAOJhoCAAQMdFA==
Date: Mon, 17 Jul 2023 09:33:29 +0000
Message-ID: <DU0PR07MB897089C304314A47B606EB82953BA@DU0PR07MB8970.eurprd07.prod.outlook.com>
References: <0C990143-D450-4288-9390-E06D3469FF1D@lurchi.franken.de> <DU0PR07MB8970107616BF8A5E9D05AF939534A@DU0PR07MB8970.eurprd07.prod.outlook.com> <25FD6896-90BA-4298-A5BE-DDD869A71C37@lurchi.franken.de>
In-Reply-To: <25FD6896-90BA-4298-A5BE-DDD869A71C37@lurchi.franken.de>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0PR07MB8970:EE_|PA4PR07MB7326:EE_
x-ms-office365-filtering-correlation-id: baf1c92c-a151-43e7-6eab-08db86a8e123
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P1n0BNgTOIUS0PTBes5/YETfWW86dfmmdfH+5adWqhszeolg1DU31lPv9t3k3wWB5VyhnuZ0/5pXoyeQKfenQHdDJ77K+/r/OmzIKgHy3nZhUsLX3LERlk88sJkOJ7ue/df5biA3Nf8qYX4Wznq75myIsEUC9bky5Tdic0caG1pyeZUgfbg1D4TWwjjMFpbbxFUI5r6pfc8zMXYsb1/+ayBEQjCTsZYZiqVUNZhE8yyDtA26490luJtZP77JtHdP7GEg9YhFRnI4NlJjNZSHyWeeOU7QqvZGekHEnHSTRW8zBpLGlfdTPN1gxIMsFxkD9698cXMHCNpqWkXDHPD4akItLIN+dnxPX5tlKc8g88JMH+7GMGOBU+7ViUE7g4ce4wcvKCHJ+NFKeK7Wo48bJZgvU/FPgOP8Uo2GrpKqSQJiwItUAVC6i8+pNPI3QXZmVx3zjsCQ3tweGwxwzJ0gbf3dbuN4OW19udwWktgBUkBsYfJl/heU0gPhOMaju820DqdV0PxzpPMiUpamCifY++u1t8eTiS0KtF/Jtu1B8ZKzLLw8uaqIOtGePjjqNgK9rcgZHRlhx72ApHzww9au+SpR7ii/3glONuefr26OBwNSWm8jiJm2Ur5GXnCx4MmM/pOhROA82nv+IVj+AeWAmA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR07MB8970.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(366004)(346002)(376002)(396003)(136003)(451199021)(86362001)(2906002)(33656002)(38070700005)(21615005)(44832011)(55016003)(966005)(186003)(83380400001)(9686003)(53546011)(6506007)(26005)(38100700002)(82960400001)(166002)(7696005)(122000001)(71200400001)(91956017)(316002)(66946007)(66556008)(66476007)(76116006)(6916009)(66446008)(64756008)(4326008)(478600001)(41300700001)(5660300002)(8676002)(8936002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KuLHi6txAKjY43o0PPK29LEk34RqH8LkUTAmJxibMUX2JiMEcIl3bA2V3BBA2UTSSvKejJvyszjVIPV5oRDs7gtEfJ1OUVQxksP2pXEyxtgt1y6PJGnlpvABRUbF1LG28GO1vyp8cv8MRoQs6ZuWManRGsl/gwDFRwMC5Q2bSSwyY7WLqVh5qQmzRwkS79EfB8xmaNhGkyb34kaWMDOm+ZZm66FUNx7ulQ2MtlypWzSX45eVm5g0++k1qvR5gz+K5n69leEdWtGKv9uib/HYb1YgEtUvwmg5QbP9cepgRgZXS+0dYIVFXklzuFxbAi23iD8UvwN0cfK2SsAgDQKFDjy3/NbQtBc4nAvhDI+yYegSkYCDMwBhiKTjHoxTEOMb/anMmtPnRFrPU2imDTjsg7u9HHf4dWnqVePcbpP/y37Mz5sv41dI/IsnKDrd+MhXxZsiZNsTsaDM+bkT+0JN0tDmPMw1j6moRsO9ZcH1/z9OPm/q4Zs30GlkI92gNBArVKqO6yT9nzeSCZpJTzZ6ReGZs3s+zJ8e30ecdyPyrBgKl3vCuf98Zz1SqRFr5jzz8RGzGwN0FgXWI/EHJ2i1eRmDEUncyGGbrQmiR4eyaZR3AV6bFZM+ll7i2iLMJhv0Dd/cQhL92vMTJ7Y+HV+B5R9Du4aYDCCM234r8qEZmB1jNt/DnXgPPza2otXcelU84An0eHc0+qaYm6XSm/9knbfrFkjJi7Hf4MBhJR0G8ybRikrAlhTPk2vO8l4UcZqIz5t/hBqLce+wyVjatf3UkENm+uo8pfhKr32ewb7SlyvEpDWatHpJ0yAt3jrd8wXMuIWvj1J7uYojX1S7sGJCUSWUL7EnD1D3WCIMUZ0M1wfU5Kgfh+Kx13Q00vNkCojn5Uow1BhJdlUrKdYeYKAJZRtv4q99dDwTaKOa7zxfgj51MmI4jvu5GUdOgW+E4mXUp8PS7V53q3Qs1/R/rF8+TyN0LIleNufoS1BHbiRbQX5mRC/dHp2EA0cbwwfhWWvoWzK7uOMPoGAvsB3ssAY3/Ob7Q6NnFKTEImO7avnxZus9IbF7gS7o6RB0MYHScpM97ZY+7UALHDt3Ej+BytlyyIKWEIqen6ryK/Kldv4+u7CwXjHm/JvvQwpR/I0bcPUuxzC4fjm8IW4qf8nxUSN5DXbcm7vg4KaX45aSda4vxjK2DsGnbnbkk6Ie6WhCxxnR2vpXQ44+/k6LBmNG8p8hINRC8mfaOWVR8fCg9hOQq+66GMRIRn7sC3pZT2CGILqqBord8hLiYkwuEC8sJii7TzHwD1AAOV7YDxYc5tc8/WrHd8MCvrkfrnXuaVG0QWQXiFPpEIF/WdvkWIovO26P2QN9wYI6zSiqnGANe6aNrsxaOg1NaqqyDMjdHpD9ILJefXAvQdEe3ZjrCybKkAfOP5HL6oK4+tXZTDKzdhUh/rYG4kP5AjinEtWJibMmfsuWvpIckTBJX2OCk8cMgqE/iaYqvEJ7umc7u6SVGgdqG92UCyxkwrv8ZdzxinwVReTfcy3JwUobCHcUjeLNdeDICLiWOw58opNlKc5MSu8OWeFJlqp2vTKvZe4WkTySrIJuJDQJqZa+Iy6899vWUYwwRakIcgte+psTkkjRWiKLodo=
Content-Type: multipart/alternative; boundary="_000_DU0PR07MB897089C304314A47B606EB82953BADU0PR07MB8970eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR07MB8970.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: baf1c92c-a151-43e7-6eab-08db86a8e123
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jul 2023 09:33:29.2306 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kuujD8VjWjkMj3eXck3ZonFbpUghrCU5xDocPHNapNOK2m+KmRdJBrvbSFvbXUy86bRgsFlkBsVrrcFAbU98eb4h3sxGHvw2RNoQaPJ/g7M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB7326
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/xN3x6S8l8XTaIGZuSw7TO7MNN3w>
Subject: Re: [tsvwg] DTLS 1.3 over SCTP
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2023 09:33:36 -0000

Hi,

Please see inline.

From: Michael Tuexen <michael.tuexen@lurchi.franken.de>
Date: Sunday, 16 July 2023 at 19:52
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Cc: tsvwg IETF list <tsvwg@ietf.org>
Subject: Re: [tsvwg] DTLS 1.3 over SCTP
> On 14. Jul 2023, at 14:12, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote:
>
> Hi Michael,
>  A question I don’t understand on what basis you managed to extend the TLS record size from from 2^14 to 2^16 bytes?
>  When I read RFC 8449 it does not change the TLS underlying protocol limit which is 2^14 and depending on version what you need to account for in that limit.
>  What I can see the following text from RFC 8449 applies:
>     An endpoint that supports all record sizes can include any limit up
>    to the protocol-defined limit for maximum record size.  For TLS 1.2
>    and earlier, that limit is 2^14 octets.  TLS 1.3 uses a limit of
>    2^14+1 octets.  Higher values are currently reserved for future
>    versions of the protocol that may allow larger records; an endpoint
>    MUST NOT send a value higher than the protocol-defined maximum record
>    size unless explicitly allowed by such a future version or extension.
Hi Magnus,

the idea is to make use of "unless explicitly allowed by such a future version or extension".
The extension would be a flags extension that indicates that the value is raised.
See https://www.ietf.org/archive/id/draft-ietf-tls-tlsflags-11.html
Yes, I understand that the signaling is straight forward, and that TLS flag draft appears to be just an efficient way of not having to use full parameters when establishing the DTLS connection.

>  Are you attempting to define a (D)TLS extension here in TSVWG that changes the TLS record size to 2^16? I would think that would require some security analysis to determine that the usage of larger record doesn’t weaken the security due to the larger record sizes. I would think such changes should go through TLS WG and then be used by TSVWG.
I'm open to that. We can do it from within the 6083-bis document in TSVWG or
in the TLS WG in a separate document. I contacted Eric Rescorla, Martin Thomson,
Hannes Tschofenig and a couple of other people. They agreed that bumping that
limit should be possible. Actually, I could not figure out, why the limit of
2^14 exists at all.
MW: It might be possible to raise without issues, however it would need analysis. What I think might be the large work here is to determine what ciphers can be used without security failures or to reduced security. Someone will have to do analysis to raise this limit. My opinion is that this work really needs to happen in TLS.

>  Otherwise, I think it is good that RFC 6083 are being fixed for its security issues unless completely replaces by a more capable solution. However, this draft it does not address all the requirements to our understanding that 3GPP has on a DTLS based security solution. The short-commings are the following:
>
>     • Do not support sufficiently large protected message sizes. As discussed in this thread the theoretical maximum message sizes for some of 3GPP application protocols are above 144 kb and even as large as 500 kb.
>     • Periodic re-authentication of the peer
>     • Forward secrecy rekeying, like re-running differ-hellman exchange, which is not done by the DTLS 1.3 keyupdate mechanism.

Any idea how that last two goals are achieved by using TLS 1.3 or DTLS 1.3? Or were these
features just dropped when getting rid of re-negotiation?
MW: TLS 1.3 dropped these capabilities when re-negotiation was removed. I think the main reason is that no one was there and pushing for long lived use cases. In the web world there are rarely any real issue with dropping the connection and forcing the client to reconnect if one runs into these needs. SCTP application clearly has other expectations, especially the applications 3GPP have for it.
So those two later issues and the lack for any solution in DTLS 1.3 is why we defined the parallel DTLS Connection procedure.

>  Thus, I don’t see this draft as any replacement for the DTLS over SCTP work that 3GPP has requested. But it can ensure that we don’t have in non-deprecated that have known security issues.  Cheers
I have a hard time to parse the last sentence.

MW: Sorry, the point being that doing a RFC6083bis without large message support is replacing the clearly broken RFC 6083 which would be good from an general perspective that we should not leave clearly broken things as standard tracks document.
Cheers
Magnus

v2.23.0 | Report a Bug | By Email