Datagram Transport Layer Security (DTLS) Encapsulation of SCTP Packets
draft-ietf-tsvwg-sctp-dtls-encaps-09

[Ballot comment]
The DTLS implementation MUST support DTLS 1.0 [RFC4347] and SHOULD
  support the most recently published version of DTLS, which is DTLS
  1.2 [RFC6347] as of December 2014.

December 2014 is wrong.

[Ballot comment]

- I had a discuss on DTLS1.0 as the MTI. I'm told that
was decided by the WG last Nov in consultation with
WebRTC and TLS WG chairs, so while I'd prefer to
see DTLS1.2 as the MTI, I've cleared the DISCUSS.

- Figure 1: Couldn't ICE/UDP be somewhat confusing for
someone unaware that ICE is more of an algorithm than a
wire protocol? Might be nice to clarify that here in
the intro. (If you want to be nice, if you don't that's
ok too and can be the right decision.)

- section 3: Isn't "complete SCTP packet" a teeny bit
ambiguous? It could mean including the IP and other
lower headers but I guess you do not. But that's a nit
since it's probably clear enough that you don't put an
IP or layer 2 header into the DTLS payload:-)

- Given heartbleed, and the use here of RFC6520 I think
some note of that famous implementation bug would be
wise. Just to a pointer to how to not have that
problem. But it's not a protocol bug so I'm not trying
to insist, i.e. no need for us to argue the toss on
this:-)

- I'm also wondering if the text here on 6520 is
sufficiently clear given this week's discussion of that
on the rtcweb list. (I'm not on tsvwg@ so would
appreciate an update on how the thread [1] pans out on
the tsvwg list before we approve this.)

  [1] https://www.ietf.org/mail-archive/web/rtcweb/current/msg14069.html

[Ballot comment]
I agree that Stephen's DISCUSS needs to be sorted out.

I've a couple of minor comments on a paragraph in Section 1:

  This encapsulation of SCTP over DTLS over or UDP or ICE/UDP (see
  [RFC5245]) can provide a NAT traversal solution together with
  confidentiality, source authentication, and integrity protected
  transfers.

Is there a protocol missing before the first "or", or does the first "or" need to be deleted (the latter, I think)?

The phrase "together with" implies that something else is needed (as in "X, together with Y, provides Z").  Does the sentence mean to say that  can provide [a NAT traversal solution that includes confidentiality, source authentication, and integrity-protected transfers]?  Or does it mean to say that  can provide a NAT traversal solution, as well as confidentiality, source authentication, and integrity-protected transfers]?  I think it's one of those.

[Ballot discuss]

I'll clear once we've checked on this. Section 5 says
DTLS1.0 (from 2006) is MTI and DTLS1.2 (2012) is a
SHOULD. I could imagine that being reasonable when
DTLS1.2 was newish, say when this work was getting
started 2 years ago, but now a couple of years have
passed, it might well be just fine to require DTLS1.2 -
a lot has happened since and TLS1.2 deployment is now
far ahead of where it was in 2012, and most specs have
tended to include text like this because some
implementers only had the older TLS version. So the
DISCUSS is - is the 9 year old RFC still needed as MTI
- can we not just say to use 1.2 now?  (Note: since
this is sort-of a WebRTC spec, I think it's worth
quickly re-visiting this question now to be sure we're
taking the right approach, as the answer we pick here
is quite likely to be followed by other WebRTC docs
over the next year or so. I think this is the first
relevant WebRTC protocol spec with this bit of text
isn't it?  Apologies to the authors of this one for
landing the discuss on them:-)

[Ballot comment]


- Figure 1: Couldn't ICE/UDP be somewhat confusing for
someone unaware that ICE is more of an algorithm than a
wire protocol? Might be nice to clarify that here in
the intro. (If you want to be nice, if you don't that's
ok too and can be the right decision.)

- section 3: Isn't "complete SCTP packet" a teeny bit
ambiguous? It could mean including the IP and other
lower headers but I guess you do not. But that's a nit
since it's probably clear enough that you don't put an
IP or layer 2 header into the DTLS payload:-)

- Given heartbleed, and the use here of RFC6520 I think
some note of that famous implementation bug would be
wise. Just to a pointer to how to not have that
problem. But it's not a protocol bug so I'm not trying
to insist, i.e. no need for us to argue the toss on
this:-)

- I'm also wondering if the text here on 6520 is
sufficiently clear given this week's discussion of that
on the rtcweb list. (I'm not on tsvwg@ so would
appreciate an update on how the thread [1] pans out on
the tsvwg list before we approve this.)

  [1] https://www.ietf.org/mail-archive/web/rtcweb/current/msg14069.html

IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-tsvwg-sctp-dtls-encaps-07, which is currently in Last Call, and has the following comments:

We understand that, upon approval of this document, there are no IANA Actions that need completion.

While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object.

If this assessment is not accurate, please respond as soon as possible.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (DTLS Encapsulation of SCTP Packets) to Proposed Standard


The IESG has received a request from the Transport Area Working Group WG
(tsvwg) to consider the following document:
- 'DTLS Encapsulation of SCTP Packets'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-12-24. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The Stream Control Transmission Protocol (SCTP) is a transport
  protocol originally defined to run on top of the network protocols
  IPv4 or IPv6.  This document specifies how SCTP can be used on top of
  the Datagram Transport Layer Security (DTLS) protocol.  Using the
  encapsulation method described in this document, SCTP is agnostic
  about the protocols being used below DTLS, explicit IP addresses can
  not be used in the SCTP control chunks.  As a consequence, the SCTP
  associations are single homed.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-dtls-encaps/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-dtls-encaps/ballot/


No IPR declarations have been submitted directly on this I-D.

As required by RFC4858, this is the current template for the Document Shepherd Write-Up.
Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

PS

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:
The Stream Control Transmission Protocol (SCTP) is a transport protocol originally defined to run on top of the network protocols IPv4 or IPv6. This document specifies how SCTP can be used on top of the Datagram Transport Layer Security (DTLS) protocol. Using encapsulation method described in this document, SCTP is agnostic about the protocols being used below DTLS, explicit IP addresses can not be used in the SCTP control chunks.

Working Group Summary:
This document is being prepared at the request of the RTCweb/webRTC activity.

Document Quality:
The document is thought ready to publish. As far as the authors know, this this is implemented in the Chrome, Firefox and Opera browser. PMTUD is not yet implemented.

Personnel:

Who is the Document Shepherd?
G Fairhurst (TSVWG Co-Chair)

Who is the Responsible Area Director?
Spencer Dawkins (TSV AD)

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of
the document is not ready for publication, please explain why the document is being forwarded to the IESG.

The document was reviewed against related documents and is thought ready to proceed. Security expertise was requested (Ekr) to help identify requirements for using DTLS and  to recommend the appropriate version of DTLS.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

No

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

It should be reviewed by security experts.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

M. Tuexen- Confirmed.
R. Stewart - Confirmed.
R. Jesup  - Confirmed.
S. Loreto - Confirmed.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

None known.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

The document received support from 5 people within TSVWG plus the WG chair. The work replayed to RTCweb requirements. Feedback was received from RTCweb implementors during document development. A WGLC ended 28th February 2014, with some reviews that resulted in an updated document. Since then discussion has focussed on which version of DTLS to mandate. This conclude in November 2014.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

None

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

None

(13) Have all references within this document been identified as either normative or informative?

Yes

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

OK

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

No

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.
No

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).
This document requires no actions from IANA

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

None

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

None

As required by RFC4858, this is the current template for the Document Shepherd Write-Up.
Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

PS

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:
The Stream Control Transmission Protocol (SCTP) is a transport protocol originally defined to run on top of the network protocols IPv4 or IPv6. This document specifies how SCTP can be used on top of the Datagram Transport Layer Security (DTLS) protocol. Using encapsulation method described in this document, SCTP is agnostic about the protocols being used below DTLS, explicit IP addresses can not be used in the SCTP control chunks.

Working Group Summary:
This document is being prepared at the request of the RTCweb/webRTC activity.

Document Quality:
The document is thought ready to publish. As far as the authors know, this this is implemented in the Chrome, Firefox and Opera browser. PMTUD is not yet implemented.

Personnel:

Who is the Document Shepherd?
G Fairhurst (TSVWG Co-Chair)

Who is the Responsible Area Director?
Spencer Dawkins (TSV AD)

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of
the document is not ready for publication, please explain why the document is being forwarded to the IESG.

The document was reviewed against related documents and is thought ready to proceed. Security expertise was requested (Ekr) to help identify requirements for using DTLS and  to recommend the appropriate version of DTLS.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

No

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

It should be reviewed by security experts.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

M. Tuexen- Confirmed.
R. Stewart - Confirmed.
R. Jesup  - Confirmed.
S. Loreto - Confirmed.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

None known.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

The document received support from 5 people within TSVWG plus the WG chair. The work replayed to RTCweb requirements. Feedback was received from RTCweb implementors during document development. A WGLC ended 28th February 2014, with some reviews that resulted in an updated document. Since then discussion has focussed on which version of DTLS to mandate. This conclude in November 2014.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

None

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

None

(13) Have all references within this document been identified as either normative or informative?

Yes

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

OK

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

No

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.
No

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).
This document requires no actions from IANA

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

None

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

None