[tsvwg] [Technical Errata Reported] RFC6083 (5744)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 30 May 2019 14:27 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7953012012E for <tsvwg@ietfa.amsl.com>; Thu, 30 May 2019 07:27:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4SDUPZAWa6sE for <tsvwg@ietfa.amsl.com>; Thu, 30 May 2019 07:27:07 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39F1912011D for <tsvwg@ietf.org>; Thu, 30 May 2019 07:27:07 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 6BBE2B820F9; Thu, 30 May 2019 07:27:03 -0700 (PDT)
To: tuexen@fh-muenster.de, seggelmann@fh-muenster.de, ekr@networkresonance.com, ietf@kuehlewind.net, magnus.westerlund@ericsson.com, david.black@dell.com, gorry@erg.abdn.ac.uk, wes@mti-systems.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: sidhartha.pant@huawei.com, tsvwg@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20190530142703.6BBE2B820F9@rfc-editor.org>
Date: Thu, 30 May 2019 07:27:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/yC7KX6J-tfm7mRHzCuveHJEiO94>
Subject: [tsvwg] [Technical Errata Reported] RFC6083 (5744)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 14:27:08 -0000
The following errata report has been submitted for RFC6083, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5744 -------------------------------------- Type: Technical Reported by: Sidhartha Pant <sidhartha.pant@huawei.com> Section: 4.8 Original Text ------------- 4.8. Handling of Endpoint-Pair Shared Secrets The endpoint-pair shared secret for Shared Key Identifier 0 is empty and MUST be used when establishing a DTLS connection. Whenever the master key changes, a 64-byte shared secret is derived from every master secret and provided as a new endpoint-pair shared secret by using the exporter described in [RFC5705]. The exporter MUST use the label given in Section 5 and no context. The new Shared Key Identifier MUST be the old Shared Key Identifier incremented by 1. If the old one is 65535, the new one MUST be 1. Before sending the Finished message, the active SCTP-AUTH key MUST be switched to the new one. Once the corresponding Finished message from the peer has been received, the old SCTP-AUTH key SHOULD be removed. Corrected Text -------------- 4.8. Handling of Endpoint-Pair Shared Secrets The endpoint-pair shared secret for Shared Key Identifier 0 is empty and MUST be used when establishing a DTLS connection. Whenever the master key changes, a 64-byte shared secret is derived from every master secret and provided as a new endpoint-pair shared secret by using the exporter described in [RFC5705]. The exporter MUST use the label given in Section 5 and no context. The new Shared Key Identifier MUST be the old Shared Key Identifier incremented by 1. If the old one is 65535, the new one MUST be 1. Before sending the Finished message, the active SCTP-AUTH key SHOULD be switched to the new one. However if the ChangeCipherSpec and Finished messages are sent back to back, there may be a case if Finished message is sent with the new key might get dropped by peer, if the new key is not configured yet. Hence the sender MAY send the Finished message with Old Key which SHOULD be accepted by the peer. Once the corresponding Finished message from the peer has been received, the old SCTP-AUTH key SHOULD be removed. Notes ----- If the time gap between the ChangeCipherSpec and Finished messages is very less than either the peer may wait to configure the new key received in ChangeCipherSpec and then validate the Finished messges with new key. Alternatively the Sender may choose to send the Finished message with Old key to peer which should still be configured at the peer. Once the peer recevies the Finished message it should accept with Old key. Subsequently the Old key Should be removed. Hence during this switchover of Key , two keys can be used by both peer nodes. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6083 (draft-ietf-tsvwg-dtls-for-sctp-06) -------------------------------------- Title : Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP) Publication Date : January 2011 Author(s) : M. Tuexen, R. Seggelmann, E. Rescorla Category : PROPOSED STANDARD Source : Transport Area Working Group Area : Transport Stream : IETF Verifying Party : IESG
- [tsvwg] [Technical Errata Reported] RFC6083 (5744) RFC Errata System