Zero Checksum for the Stream Control Transmission Protocol
draft-ietf-tsvwg-sctp-zero-checksum-02
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Authors | Michael Tüxen , Victor Boivie , Florent Castelli , Randell Jesup | ||
| Last updated | 2023-07-27 (Latest revision 2023-07-10) | ||
| Replaces | draft-tuexen-tsvwg-sctp-zero-checksum | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-tsvwg-sctp-zero-checksum-02
Network Working Group M. Tüxen
Internet-Draft Münster Univ. of Appl. Sciences
Intended status: Standards Track V. Boivie
Expires: 28 January 2024 F. Castelli
Google
R. Jesup
Mozilla
27 July 2023
Zero Checksum for the Stream Control Transmission Protocol
draft-ietf-tsvwg-sctp-zero-checksum-02
Abstract
The Stream Control Transmission Protocol (SCTP) uses a 32-bit
checksum in the common header of each packet to provide some level of
data integrity. When some method used by SCTP provides already the
same or a higher level of data integrity, computing this checksum
does not provide any additional protection, but does require
computing resources. This document provides a simple extension to
SCTP allowing to save these computing resources by using the constant
0 as a checksum in a backwards compatible way.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 28 January 2024.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
Tüxen, et al. Expires 28 January 2024 [Page 1]
Internet-Draft Zero Checksum for SCTP July 2023
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. A New Chunk Parameter . . . . . . . . . . . . . . . . . . . . 3
4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. Declaration of Feature Support . . . . . . . . . . . . . 4
4.2. Sender Side Considerations . . . . . . . . . . . . . . . 5
4.3. Receiver Side Considerations . . . . . . . . . . . . . . 5
5. Error Detection via SCTP over DTLS . . . . . . . . . . . . . 6
6. Socket API Considerations . . . . . . . . . . . . . . . . . . 6
6.1. Set Accepting a Zero Checksum
(SCTP_ACCEPT_ZERO_CHECKSUM) . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 9
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
SCTP as specified in [RFC9260] uses a CRC32c to provide some level of
data integrity. When using, for example, Datagram Transport Layer
Security (DTLS) as the lower layer for SCTP as specified in
[RFC8261], using the CRC32c does not provide any additional
protection over the one already provided by DTLS. However, computing
the CRC32c at the sender and receiver side does require
computationally resources for no benefit. This is in particular
important for computational limited end points using SCTP
encapsulated in DTLS.
Tüxen, et al. Expires 28 January 2024 [Page 2]
Internet-Draft Zero Checksum for SCTP July 2023
The extension described in this document allows an SCTP end point to
declare that it accepts SCTP packets with a checksum of zero when
using a specified alternate error detection method. This declaration
happens during the setup of the SCTP association and allows end
points supporting this extension to be interoperable with end points
not supporting the extension described in this document. To provide
this backwards compatibility, end points using this extension still
need to implement the CRC32c checksum algorithm.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. A New Chunk Parameter
The Zero Checksum Acceptable Chunk Parameter is defined by the
following figure.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x8001 (suggested) | Length = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Detection Method Identifier (EDMID) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Zero Checksum Acceptable Chunk Parameter
Type: 16 bits (unsigned integer)
This field holds the IANA defined parameter type for the "Zero
Checksum Acceptable" chunk parameter. IANA is requested to assign
the value 32769 (0x8001) (suggested) for this parameter type.
Length: 16 bits (unsigned integer)
This field holds the length in bytes of the chunk parameter; the
value MUST be 8.
Error Detection Method Identifier (EDMID): 32 bits (unsigned
integer)
An IANA registered value specifying the alternate error detection
method the sender of this parameter is willing to use for received
packets.
All transported integer numbers are in "network byte order" a.k.a.,
Big Endian.
Tüxen, et al. Expires 28 January 2024 [Page 3]
Internet-Draft Zero Checksum for SCTP July 2023
The Zero Checksum Acceptable Chunk Parameter MAY appear in INIT and
INIT ACK chunks. It MUST NOT appear more than once in INIT and INIT
ACK chunks and it MUST NOT appear in any other chunk.
If an end point not supporting the extension described in this
document receives this parameter in an INIT or INIT ACK chunk, it
skips this parameter and continues to process further parameters in
the chunk. This behavior is REQUIRED by [RFC9260] because the
highest-order two bits of the Type are '10'.
4. Procedures
4.1. Declaration of Feature Support
If some alternate error detection method provides an equal or better
level of data integrity protection than the one provided by using the
CRC32c algorithm, the computation of the CRC32c checksum requires
computational resources without providing any benefit. To avoid
this, an SCTP end point MAY be willing to accept SCTP packets with an
incorrect CRC32c checksum value of zero in addition to SCTP packets
with correct CRC32c checksum values. An SCTP endpoint MUST NOT be
willing to accept SCTP packets with an incorrect CRC32c checksum
value of zero, if the alternate error detection method does not
provide at least the level of data integrity the CRC32c checksum
algorithm provides.
One example of an alternate error detection method is the use of SCTP
over DTLS as described in [RFC8261] (as used in the WebRTC context).
A counter example is the use of SCTP over UDP as specified in
[RFC6951].
If middle boxes expecting correct CRC32c checksums in SCTP packets
might impact the communication, an incorrect zero checksum MUST NOT
be used.
An SCTP implementation MAY also require the upper layer to indicate
that it is fine to use a specific alternate error detection method
for accepting SCTP packets with an incorrect CRC32c value of zero.
An end point willing to accept SCTP packets with an incorrect
checksum of zero MUST include the Zero Checksum Acceptable Chunk
Parameter indicating the alternate error detection method in the INIT
or INIT ACK chunk it sends.
Tüxen, et al. Expires 28 January 2024 [Page 4]
Internet-Draft Zero Checksum for SCTP July 2023
4.2. Sender Side Considerations
If an end point has received an INIT or INIT ACK chunk containing a
Zero Checksum Acceptable Chunk Parameter indicating an alternate
error detection method it supports from its peer during the
association setup, it SHOULD use zero as the checksum for all packets
sent in this association with the following four exceptions:
* When an end point sends a packet containing an INIT chunk, it MUST
include a correct CRC32c checksum in the packet containing the
INIT chunk.
* When an end point sends a packet containing a COOKIE ECHO chunk,
it MUST include a correct CRC32c checksum in the packet containing
the COOKIE ECHO chunk.
* When an end point supports the dynamic address reconfiguration
specified in [RFC5061] and sends a packet containing an ASCONF
chunk, it MUST include a correct CRC32c checksum in the packet
containing the ASCONF chunk.
* Alternate error detection methods might have some additional
conditions requiring that the sender MUST include a correct CRC32c
checksum in the packet.
The first exception allows backwards compatibility and the second and
third exception allow a simpler implementation of the extension
defined in this document. The last condition covers alternate error
detection method specific constraints.
When an end point responds to an "Out of the Blue" (OOTB) SCTP
packet, it MUST include a correct CRC32c checksum in the response
packet.
An SCTP end point MAY only send packets with an incorrect checksum of
zero, if the upper layer allowed the use of the alternate error
detection method that was announced by the peer.
4.3. Receiver Side Considerations
Zero is a valid result of the CRC32c algorithm. Therefore, a
receiver of an SCTP packet fulfilling the constraints of the
alternate error detection method and containing a checksum value of
zero cannot determine whether the sender included an incorrect CRC32c
of zero to reduce the CPU cost or the result of the CRC32c
computation was actually zero. However, if the receiver has sent the
Zero Checksum Acceptable Chunk Parameter during the handshake, this
ambiguity is irrelevant, since the receiver is fine with not using
Tüxen, et al. Expires 28 January 2024 [Page 5]
Internet-Draft Zero Checksum for SCTP July 2023
the CRC32c to protect incoming packets fulfilling the constraints of
the alternate error detection method.
If an end point has sent the Zero Checksum Acceptable Chunk Parameter
indicating the support of an alternate error detection method in an
INIT or INIT ACK chunk, it MUST accept SCTP packets fulfilling the
requirements of the announced alternate error detection method using
an incorrect checksum value of zero in addition to SCTP packets
containing the correct CRC32c checksum value for this association.
An SCTP implementation MAY process OOTB SCTP packets having an
incorrect zero checksum in addition to OOTB packets with a correct
CRC32c checksum.
5. Error Detection via SCTP over DTLS
Using SCTP over DTLS as specified in [RFC8261] provides a better
error detection method than using the CRC32c. Since middle boxes
will not observe the unencrypted SCTP packet, there is no risk in
interferring with using zero as an incorrect checksum. There are no
additional error detection specific constraints on packets when using
DTLS encapsulation.
IANA is requested to assign the Error Detection Method Identifier of
1 for this method.
6. Socket API Considerations
This section describes how the socket API defined in [RFC6458] needs
to be extended to provide a way for the application to control the
acceptance of a zero checksum.
Please note that this section is informational only.
A socket API implementation based on [RFC6458] is extended by
supporting one new write-only IPPROTO_SCTP-level socket option.
6.1. Set Accepting a Zero Checksum (SCTP_ACCEPT_ZERO_CHECKSUM)
This IPPROTO_SCTP-level socket option with name
SCTP_ACCEPT_ZERO_CHECKSUM can be used to control the acceptance of a
zero checksum. It is a write-only socket option and applies only to
future SCTP associations on the socket.
This option expects an unsigned integer. Possible values include:
SCTP_EDMID_NONE: Disable the use of alternate error detection
Tüxen, et al. Expires 28 January 2024 [Page 6]
Internet-Draft Zero Checksum for SCTP July 2023
method. This means that all SCTP packets being sent have a
correct CRC32c.
SCTP_EDMID_LOWER_LAYER_DTLS: Use the alternate error detection
method described in Section 5.
An implementation might only send packets with an incorrect checksum
of zero, if the alternate error detection method announced by the
peer is also enabled locally via this socket option.
The default for this socket option is that the use of alternate error
detection methods is disabled.
7. IANA Considerations
[NOTE to RFC-Editor: "RFCXXXX" is to be replaced by the RFC number
you assign this document.]
[NOTE to RFC-Editor: The suggested value for the parameter type is
tentative and to be confirmed by IANA.]
This document (RFCXXXX) is the reference for the registration
described in this section.
A new chunk parameter type has to be assigned by IANA. This requires
an additional line in the "Chunk Parameter Types" registry for SCTP:
+===================+==========================+===========+
| ID Value | Chunk Parameter Type | Reference |
+===================+==========================+===========+
| 32769 (suggested) | Zero Checksum Acceptable | [RFCXXXX] |
| | (0x8001 (suggested)) | |
+-------------------+--------------------------+-----------+
Table 1: New entry in "Chunk Parameter Types" registry
Furthermore, IANA is requested to establish a new "Error Detection
Method" registry for SCTP. The assignment of new error detection
methods is done through a First Come First Served policy as defined
in [RFC8126]. Documentation for a new error detection method MUST
contain the following information:
1. A name of an alternate error detection method.
2. A reference describing the alternate error detection method, in
particular any method specific constraints.
Tüxen, et al. Expires 28 January 2024 [Page 7]
Internet-Draft Zero Checksum for SCTP July 2023
IANA is requested to use the following as the initial contents of the
registry:
+================+========================+===========+
| ID Value | Error Detection Method | Reference |
+================+========================+===========+
| 0 | Reserved | [RFCXXXX] |
+----------------+------------------------+-----------+
| 1 | SCTP over DTLS | [RFCXXXX] |
+----------------+------------------------+-----------+
| 2 - 4294967295 | Unassigned | |
+----------------+------------------------+-----------+
Table 2: Initial Contents of the "Error Detection
Method" registry
8. Security Considerations
This document does not change the considerations given in [RFC9260].
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M.
Kozuka, "Stream Control Transmission Protocol (SCTP)
Dynamic Address Reconfiguration", RFC 5061,
DOI 10.17487/RFC5061, September 2007,
<https://www.rfc-editor.org/info/rfc5061>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8261] Tuexen, M., Stewart, R., Jesup, R., and S. Loreto,
"Datagram Transport Layer Security (DTLS) Encapsulation of
SCTP Packets", RFC 8261, DOI 10.17487/RFC8261, November
2017, <https://www.rfc-editor.org/info/rfc8261>.
Tüxen, et al. Expires 28 January 2024 [Page 8]
Internet-Draft Zero Checksum for SCTP July 2023
[RFC9260] Stewart, R., Tüxen, M., and K. Nielsen, "Stream Control
Transmission Protocol", RFC 9260, DOI 10.17487/RFC9260,
June 2022, <https://www.rfc-editor.org/info/rfc9260>.
9.2. Informative References
[RFC6458] Stewart, R., Tuexen, M., Poon, K., Lei, P., and V.
Yasevich, "Sockets API Extensions for the Stream Control
Transmission Protocol (SCTP)", RFC 6458,
DOI 10.17487/RFC6458, December 2011,
<https://www.rfc-editor.org/info/rfc6458>.
[RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream
Control Transmission Protocol (SCTP) Packets for End-Host
to End-Host Communication", RFC 6951,
DOI 10.17487/RFC6951, May 2013,
<https://www.rfc-editor.org/info/rfc6951>.
Acknowledgments
The authors wish to thank Gorry Fairhurst, Mike Heard, Peter Lei,
Nils Ohlmeier, Claudio Porfiri, and Magnus Westerlund for their
invaluable comments.
Authors' Addresses
Michael Tüxen
Münster University of Applied Sciences
Stegerwaldstrasse 39
48565 Steinfurt
Germany
Email: tuexen@fh-muenster.de
Victor Boivie
Google
Kungsbron 2
SE-11122 Stockholm
Sweden
Email: boivie@google.com
Florent Castelli
Google
Kungsbron 2
SE-11122 Stockholm
Sweden
Email: orphis@google.com
Tüxen, et al. Expires 28 January 2024 [Page 9]
Internet-Draft Zero Checksum for SCTP July 2023
Randell Jesup
Mozilla Corporation
1835 Horse Shoe Trl
Malvern, PA 19355
United States of America
Email: randell-ietf@jesup.org
Tüxen, et al. Expires 28 January 2024 [Page 10]