Skip to main content

Telechat Review of draft-ietf-tsvwg-sctp-zero-checksum-10

Request Review of draft-ietf-tsvwg-sctp-zero-checksum
Requested revision No specific revision (document currently at 11)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2024-06-11
Requested 2024-05-29
Authors Michael Tüxen , Victor Boivie , Florent Castelli , Randell Jesup
I-D last updated 2024-06-20
Completed reviews Genart Last Call review of -09 by Meral Shirazipour (diff)
Opsdir Last Call review of -11 by Victor Kuarsingh
Artart Last Call review of -09 by Dr. Bernard D. Aboba (diff)
Secdir Telechat review of -10 by Charlie Kaufman (diff)
Secdir Last Call review of -09 by Charlie Kaufman (diff)
Artart Telechat review of -10 by Dr. Bernard D. Aboba (diff)
Assignment Reviewer Charlie Kaufman
State Completed
Request Telechat review on draft-ietf-tsvwg-sctp-zero-checksum by Security Area Directorate Assigned
Posted at
Reviewed revision 10 (document currently at 11)
Result Ready
Completed 2024-06-14
Reviewer: Charlie Kaufman
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This document proposes a small extension to the SCTP protocol to allow saving
some computation by not computing a per-packet CRC32c checksum for each packet
where the protocol is run over some protocol that provides a stronger integrity
check than the CRC32c provides. The first case they have in mind is where SCTP
is running over DTLS.

I see no security issues with this document. It does not discuss when it is
appropriate to run the SCTP protocol over some cryptographically protected
tunnel. Such a discussion would have security significance. This document
simply prescribes a mechanism for skipping the creation and checking of the
non-security CRC32c checksums when such tunnelling is done.

I had some non-security concerns with an earlier draft of this document, but
they have all been addressed in this one.