Skip to main content

Last Call Review of draft-ietf-tsvwg-sctp-zero-checksum-09
review-ietf-tsvwg-sctp-zero-checksum-09-artart-lc-aboba-2024-05-02-00

Request Review of draft-ietf-tsvwg-sctp-zero-checksum
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team ART Area Review Team (artart)
Deadline 2024-05-16
Requested 2024-05-02
Authors Michael Tüxen , Victor Boivie , Florent Castelli , Randell Jesup
I-D last updated 2024-05-02
Completed reviews Genart Last Call review of -09 by Meral Shirazipour (diff)
Opsdir Last Call review of -11 by Victor Kuarsingh
Artart Last Call review of -09 by Dr. Bernard D. Aboba (diff)
Secdir Telechat review of -10 by Charlie Kaufman (diff)
Secdir Last Call review of -09 by Charlie Kaufman (diff)
Artart Telechat review of -10 by Dr. Bernard D. Aboba (diff)
Assignment Reviewer Dr. Bernard D. Aboba
State Completed
Request Last Call review on draft-ietf-tsvwg-sctp-zero-checksum by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/rEsuS3r0ixcPNP6XmTkng55yT-c
Reviewed revision 09 (document currently at 11)
Result Ready w/issues
Completed 2024-05-02
review-ietf-tsvwg-sctp-zero-checksum-09-artart-lc-aboba-2024-05-02-00
Reviewer: Bernard Aboba
Document: draft-ietf-tsvwg-sctp-zero-checksum
Status: Ready with (minor) Issues

The document is well written and allowing a zero checksum for SCTP over DTLS makes sense.
In order to allow for other potential protection mechanisms, the document sets up an
IANA registry and associated documentation requirements. However, I am not sure
that the registration criteria are clear enough. 

At present the document does not talk about implementation status, although I believe it
has been implemented in Pion, dcSCTP and perhaps other WebRTC data channel implementations. 
Have any issues arisen during implementation? 

NITs
----

3.  Alternate Error Detection Methods

   SCTP uses a CRC32c checksum to provide some level of data integrity.
   The CRC32c checksum is computed based on the SCTP common header and
   the chunks contained in the packet.  In particular, the computation
   of the CRC32c checksum does not involve a pseudo header for IPv4 or
   IPv6 like the computation of the TCP checksum, as specified in
   [RFC9293], or the UDP checksum, as specified in [RFC0768].

[BA] Would it be appropriate to advise against turning off the UDP checksum as well?

   Alternate error detection methods have two requirements:

   1.  An alternate error detection method MUST provide an equal or
       better level of data integrity than the one provided by using the
       CRC32c checksum algorithm.  This MAY only apply to packets
       satisfying some method specific constraints.

[BA] I think you may need to define the meaning of "equal or better" more
exactly.  For example, that the alternative provides the same coverage
as the CRC32c checksum, with a lower probability of a false negative.

   2.  Using an alternate error detection method MUST NOT result in a
       path failure for more than two retransmission timeouts (RTO) due
       to middleboxes on the path expecting correct CRC32c checksums.

[BA] This requirement depends on the behavior of middleboxes, so it's
not clear to me how adherence to the MUST NOT can be tested.

   To fulfill the second requirement, alternate error detection methods
   MAY use a heuristic to detect the existence of such middleboxes and
   use correct CRC32c checksums on these affected paths.

[BA] The "MAY" here seems to be somewhat in conflict with the much
stronger MUST NOT, particularly since we are talking about middlebox
detection. At present the document only allocates a code point for
DTLS, to which this requirement doesn't apply. 

   One example fulfilling the first requirement is using DTLS as the
   lower layer of SCTP as specified in [RFC8261].  Another example is
   using SCTP Authentication as specified in [RFC4895].  Of course, this
   only applies to all SCTP packets having an AUTH chunk as its first
   chunk.  However, using SCTP Authentication without any heuristic does
   not fulfill the second requirement.  Since using DTLS as the lower
   layer of SCTP as specified in [RFC8261] also fulfills the second
   requirement, it can be used as an alternate error detection method
   (see Section 6).

[BA] SCTP Authentication is not allocated a code point. So not sure
why this is mentioned as "another example" - is this just to indicate
why it is not acceptable (e.g. not meeting the second requirement)?

5.1.  Declaration of Feature Support

   An endpoint willing to accept SCTP packets with an incorrect checksum
   of zero MUST include the Zero Checksum Acceptable Chunk Parameter
   indicating the alternate error detection method it is willing to use
   in the INIT or INIT ACK chunk it sends.

   An SCTP implementation MAY also require the upper layer to indicate
   that it is fine to use a specific alternate error detection method
   before including the corresponding Zero Checksum Acceptable Chunk
   Parameter.

[BA] What if the alternate error detection method is not consistent
with what has been established? For example, SCTP over DTLS/UDP has
been established, but some other method (not yet allocated a code point)
is negotiated? 

Section 5.2

   4.  Alternate error detection methods might have some additional
       conditions requiring that the sender MUST include a correct
       CRC32c checksum in the packet.

[BA] The combination of "might" and MUST is an odd one. Is this normative language needed? 

   An SCTP end point MAY require that the upper layer allowed the use of
   the alternate error detection method that was announced by the peer
   before sending packets with an incorrect checksum of zero.

[BA] MAY? In the case of DTLS, the alternate error detection method
was setup prior to initiation of the SCTP association. So why would this
be optional?

Section 8 IANA Considerations

   2.  A reference to a specification describing:

       (a)  the alternate error detection method,

       (b)  why the alternate error detection method provides an equal
            or better level of data integrity protection than the one
            provided by using the CRC32c checksum,

[BA] It might help to sharpen the definition of "equal or better".