Technical Summary
The Stream Control Transmission Protocol defined in RFC 2960
is a multi-homed transport protocol. As such, unique
security threats exists that are addressed in various ways
within the protocol itself. This document attempts to detail
the known security threats and their countermeasures as
detailed in the current version of the SCTP Implementers
guide RFC 4460.
Working Group Summary
There is strong consensus in the WG to publish this
document. It has been reviewed by several people in the WG
last call. Comments raised has been addressed.
Protocol Quality
This is not a protocol document, therefore there are no
implementations of what this document offers.
Personnel
James Polk (jmpolk@cisco.com) is the document Shepherd. Lars
Eggert (lars.eggert@nokia.com) is the responsible Area
Director.
Note to RFC Editor
Note: This document assumes that draft-ietf-tsvwg-2960bis
will be assigned the RFC number 4960 that has been reserved
for it. If that for some reason won't happen, parts of the text
need to be adjusted.
Section 1., paragraph 1:
OLD:
using techniques from the SCTP Specification Errata and Issues memo
([RFC4460]). These techniques are included in
^^^^^^^^^^^
NEW:
using techniques from the SCTP Specification Errata and Issues memo
[RFC4460]. These techniques are included in
^^^^^^^^^
Section 1., paragraph 2:
OLD:
This work and some of the changes that went into the [RFC4460] and
^^^
[I-D.ietf-tsvwg-2960bis] are much indebted to the paper on potential
SCTP security risks Effects [effects] by Aura, Nikander and
^^^^^^^^^^^^^^^^^
NEW:
This work and some of the changes that went into [RFC4460] and
^
[I-D.ietf-tsvwg-2960bis] are much indebted to the paper on potential
SCTP security risks [EFFECTS] by Aura, Nikander and
^^^^^^^^^
Section 1., paragraph 3:
OLD:
that were illustrated in Effects [effects] and detail what
^^^^^^^^^^^^^^^^^
NEW:
that were illustrated in [EFFECTS] and detail what
^^^^^^^^^
Section 2.2., paragraph 1:
OLD:
were made in the BSD implementation that are now present in the
^^^
[I-D.ietf-tsvwg-2960bis]. In close examination, this attack depends
NEW:
were made in the BSD implementation that are now present in
^
[I-D.ietf-tsvwg-2960bis]. In close examination, this attack depends
Section 3., paragraph 1:
OLD:
However with the addition of the [I-D.ietf-tsvwg-addip-sctp]
extension to SCTP an endpoint that is NOT a man-in-the-middle may be
able to assume another endpoints association.
NEW:
However, with the addition of the SCTP extension specified in
[I-D.ietf-tsvwg-addip-sctp], an endpoint that is NOT a
man-in-the-middle may be able to assume another endpoints association.
Section 3.2., paragraph 2:
OLD:
1) Both endpoints must support the [I-D.ietf-tsvwg-addip-sctp]
extension.
NEW:
1) Both endpoints must support the SCTP extension specified in
[I-D.ietf-tsvwg-addip-sctp].
Section 3.2., paragraph 3:
OLD:
2) One of the endpoints must be using the [I-D.ietf-tsvwg-addip-sctp]
extension for mobility.
NEW:
2) One of the endpoints must be using the SCTP extension for mobility
specified in [I-D.ietf-tsvwg-addip-sctp].
Section 3.3., paragraph 1:
OLD:
this attack. Furthermore the use of the [I-D.ietf-tsvwg-addip-sctp]
extensions requires the use of the authentication mechanism defined
in [I-D.ietf-tsvwg-sctp-auth].
NEW:
this attack. Furthermore, use of the SCTP extension specified in
[I-D.ietf-tsvwg-addip-sctp] requires the use of the authentication
mechanism defined in [I-D.ietf-tsvwg-sctp-auth].
Section 13.2., paragraph 1:
OLD:
[effects] Aura, T., Nikander, P., and G. Camarillo, "Effects of
^^^^^^^^^
NEW:
[EFFECTS] Aura, T., Nikander, P., and G. Camarillo, "Effects of
^^^^^^^^^