Skip to main content

Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)
RFC 6083

Revision differences

Document history

Date Rev. By Action
2019-06-01
06 (System) Received changes through RFC Editor sync (added Errata tag)
2018-12-20
06 (System)
Received changes through RFC Editor sync (changed abstract to 'This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream …
Received changes through RFC Editor sync (changed abstract to 'This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP).

DTLS over SCTP provides communications privacy for applications that use SCTP as their transport protocol and allows client/server applications to communicate in a way that is designed to prevent eavesdropping and detect tampering or message forgery.

Applications using DTLS over SCTP can use almost all transport features provided by SCTP and its extensions. [STANDARDS-TRACK]')
2015-10-14
06 (System) Notify list changed from tsvwg-chairs@ietf.org, draft-ietf-tsvwg-dtls-for-sctp@ietf.org to (None)
2012-08-22
06 (System) post-migration administrative database adjustment to the No Objection position for Sean Turner
2012-08-22
06 (System) post-migration administrative database adjustment to the No Objection position for Lars Eggert
2011-01-20
06 Cindy Morgan State changed to RFC Published from RFC Ed Queue.
2011-01-20
06 Cindy Morgan [Note]: changed to 'RFC 6083'
2011-01-20
06 (System) RFC published
2010-09-15
06 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2010-09-15
06 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2010-09-15
06 (System) IANA Action state changed to In Progress from Waiting on Authors
2010-09-14
06 (System) IANA Action state changed to Waiting on Authors from In Progress
2010-09-14
06 (System) IANA Action state changed to In Progress
2010-09-14
06 Cindy Morgan State changed to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2010-09-14
06 Amy Vezza IESG state changed to Approved-announcement sent
2010-09-14
06 Amy Vezza IESG has approved the document
2010-09-14
06 Amy Vezza Closed "Approve" ballot
2010-09-13
06 David Harrington State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup by David Harrington
2010-09-02
06 Lars Eggert [Ballot Position Update] Position for Lars Eggert has been changed to No Objection from Discuss by Lars Eggert
2010-09-01
06 Sean Turner [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss by Sean Turner
2010-09-01
06 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-09-01
06 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-06.txt
2010-08-26
06 Cindy Morgan State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan
2010-08-26
06 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms
2010-08-26
06 Tim Polk
[Ballot comment]
I support Lars discuss on section 3.1

I support Sean's discuss issue #1 (restrict the DTLS cipher suites to ones that provide the …
[Ballot comment]
I support Lars discuss on section 3.1

I support Sean's discuss issue #1 (restrict the DTLS cipher suites to ones that provide the required security services).
2010-08-26
06 Ron Bonica [Ballot comment]
Support Lars' discuss
2010-08-26
06 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2010-08-25
06 Dan Romascanu [Ballot comment]
I support Lars's DISCUSS on section 3.1
2010-08-25
06 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2010-08-25
06 Sean Turner
[Ballot comment]
#1 - Agree with Lars DISCUSS.  A nice attempt at future proofing, but I don't think it'll fly ;)

#2 - Sec 4.6: …
[Ballot comment]
#1 - Agree with Lars DISCUSS.  A nice attempt at future proofing, but I don't think it'll fly ;)

#2 - Sec 4.6:

  Before sending a ChangeCipherSpec message all outstanding SCTP user
  messages MUST have been acknowledged by the SCTP peer and MUST NOT be
  revoked anymore by the SCTP peer.

anymore?  Should it just be "revoked by"?

#3 - In the security considerations, the I-D notes that  "It is possible to authenticate DTLS endpoints based on IP-addresses in certificates."  I went and looked in SCTP and didn't find anything about limiting endpoints with IP-address in certificates.  It'd be nice to have a reference for this?
2010-08-25
06 Sean Turner
[Ballot discuss]
#1 - DTLS indicates that in the absence of an application specific profile that the TLS_RSA_WITH_AES_128_CBC_SHA is the mandatory to implement cipher suite.  …
[Ballot discuss]
#1 - DTLS indicates that in the absence of an application specific profile that the TLS_RSA_WITH_AES_128_CBC_SHA is the mandatory to implement cipher suite.  Assuming that's the only cipher suite you use you can get the services you noted: authentication, message integrity and privacy of user messages.  DTLS allows other cipher suites to be negotiated that would not provide these services.  Please indicate the cipher suite you'd like support to support (or say that the default is used) and any restrictions on the choice of other cipher suites to ensure you get all three services.

#2 - Any chance we can get a why on the MUST NOT in 3.3-3.5?  DTLS says applications SHOULD support Anti-Replay and PMTU Discovery.

#3 - Need to specify whether you support renegotiation.  The following was used in draft-ietf-nsis-ntlp-sctp (feel free to tweak):

DTLS renegotiation [7] may cause problems for applications such that connection security parameters can change without the application knowing it.  Hence, it is RECOMMENDED that renegotiation be disabled for GIST over DTLS.
2010-08-25
06 Sean Turner [Ballot Position Update] New position, Discuss, has been recorded by Sean Turner
2010-08-25
06 Tim Polk [Ballot comment]
I support Lars discuss on section 3.1
2010-08-25
06 Tim Polk [Ballot comment]
I support Lars discus on section 3.1
2010-08-25
06 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk
2010-08-25
06 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel
2010-08-24
06 Jari Arkko
[Ballot comment]
Review by Ari Keränen:

3.1. Future Versions of DTLS

    This document is based on [RFC4347].  If a new RFC …
[Ballot comment]
Review by Ari Keränen:

3.1. Future Versions of DTLS

    This document is based on [RFC4347].  If a new RFC updates or
    obsoletes [RFC4347], this documents also applies to the newer
    document defining DTLS unless this document also gets updated or
    revised.

How do you know whether the "new DTLS" is compatible with this spec?
2010-08-24
06 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2010-08-24
06 Robert Sparks [Ballot comment]
I also found section 3.1 awkward
2010-08-24
06 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks
2010-08-24
06 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2010-08-24
06 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant
2010-08-23
06 Lars Eggert
[Ballot comment]
Section 1.1., paragraph 2:
>    Security features provided by DTLS over SCTP include authentication,
>    message integrity and privacy of user …
[Ballot comment]
Section 1.1., paragraph 2:
>    Security features provided by DTLS over SCTP include authentication,
>    message integrity and privacy of user messages.  Applications using
>    DTLS over SCTP can use almost all transport features provided by SCTP
>    and its extensions.

  Which ones can they not use? (Also, nit, I'm not a big fan of 1:1
  repetition of the abstract in the introduction.)


Section 3.2., paragraph 1:
>    DTLS limits the DTLS user message size to the current Path MTU minus
>    the header sizes.  This limit SHOULD be increased to 2^14 Bytes for
>    DTLS over SCTP.

  The wording here is odd. You don't actually want to increase a limit
  of the base DTLS spec (because otherwise you'd need to Update it.) You
  probably want to say "for the purposes of running over SCTP, the DTLS
  path MTU SHOULD be considered to be 2^14." (And should this not be a
  MUST?)


Section 4.3., paragraph 1:
>    Application protocols running over DTLS over SCTP SHOULD register and
>    use a separate payload protocol identifier (PPID) and SHOULD NOT
>    reuse the PPID that they registered for running directly over SCTP.

  Shouldn't these be MUSTs?


Section 4.4., paragraph 2:
>    All DTLS messages of the ApplicationData protocol MAY be transported
>    over stream 0, but users SHOULD use other streams to avoid possible
>    performance problems due to head of line blocking.

  Suggest to change the sentence logic to "SHOULD use other streams, MAY
  use 0 if <condition>" and therefore say when it is OK to go against
  the SHOULD.


Section 1.1., paragraph 17:
>    o  The DTLS user can not perform the SCTP-AUTH key management,

  Nit: s/can not/cannot/


Section 4.5., paragraph 1:
>    This makes sure that an attacker can not modify the stream in which a

  Nit: s/can not/cannot/
2010-08-23
06 Lars Eggert
[Ballot discuss]
Section 3.1., paragraph 1:
>    This document is based on [RFC4347].  If a new RFC updates or
>    obsoletes …
[Ballot discuss]
Section 3.1., paragraph 1:
>    This document is based on [RFC4347].  If a new RFC updates or
>    obsoletes [RFC4347], this documents also applies to the newer
>    document defining DTLS unless this document also gets updated or
>    revised.

  DISCUSS: This section is in the wrong document. It will need to be in
  the DTLS bis document, because only when we have that will we know
  whether the hypothetical new version of DTLS cann support this spec or
  not. If it can, the DTLS bis will Update this document and indicate
  this, and if not, it will need to move this document to Historic. In
  other words, I believe this section should be removed.
2010-08-23
06 Lars Eggert [Ballot Position Update] New position, Discuss, has been recorded by Lars Eggert
2010-08-15
06 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov
2010-08-10
06 Cindy Morgan Telechat date has been changed to 2010-08-26 from None by Cindy Morgan
2010-08-04
06 David Harrington State changed to IESG Evaluation from Waiting for AD Go-Ahead by David Harrington
2010-08-04
06 David Harrington Placed on agenda for telechat - 2010-08-26 by David Harrington
2010-08-04
06 David Harrington [Ballot Position Update] New position, Yes, has been recorded for David Harrington
2010-08-04
06 David Harrington Ballot has been issued by David Harrington
2010-08-04
06 David Harrington Created "Approve" ballot
2010-06-23
06 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2010-06-15
06 Amanda Baber
IANA comments:

Upon approval of this document, IANA will make the following assignment
in the "Transport Layer Security (TLS) Parameters" registry located at
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
sub-registry …
IANA comments:

Upon approval of this document, IANA will make the following assignment
in the "Transport Layer Security (TLS) Parameters" registry located at
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
sub-registry "TLS Exporter Label Registry"

Value Reference Note
---- --------- ----
EXPORTER_DTLS_OVER_SCTP [RFC-tsvwg-dtls-for-sctp-05]

We understand the above to be the only IANA Action for this document.
2010-06-09
06 Samuel Weiler Request for Early review by SECDIR Completed. Reviewer: Catherine Meadows.
2010-06-09
06 Cindy Morgan Last call sent
2010-06-09
06 Cindy Morgan State Changes to In Last Call from Last Call Requested by Cindy Morgan
2010-06-09
06 David Harrington Last Call was requested by David Harrington
2010-06-09
06 (System) Ballot writeup text was added
2010-06-09
06 (System) Last call text was added
2010-06-09
06 (System) Ballot approval text was added
2010-06-09
06 David Harrington State Changes to Last Call Requested from Publication Requested by David Harrington
2010-05-06
06 Cindy Morgan [Note]: 'Gorry Fairhurst (gorry@erg.abdn.ac.uk ) is the document shepherd.' added by Cindy Morgan
2010-05-06
06 Cindy Morgan
(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he …
(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Gorry Fairhurst, TSVWG Chair

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

Yes. This document has been presented in TSVWG, and received comments
and feedback.

One author (E. Rescorla) did not participate in the WGLC review, and as,
yet, has not responded to follow-up emails.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

This needs SecDir review, since adds a security mechanism to DTLS (RFC
4347
). A Secdir review was requested during WGLC, but none emerged. It
is expected that appropriate security reviews will be sought by the AD.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

No.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

There was consensus to progress this work, and to support for this
particular work item.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

No.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See the Internet-Drafts
Checklist and http://tools.ietf.org/tools/idnits/).
Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

OK.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

Yes.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

This memo includes request to IANA.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

Not applicable.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

This document describes the usage of the Datagram Transport Layer
Security (DTLS) protocol over the Stream Control Transmission Protocol
(SCTP). Security features provided by DTLS over SCTP include
authentication, message integrity and privacy of user messages.
Applications using DTLS over SCTP can use almost all transport features
provided by SCTP and its extensions.

Working Group Summary

The WG contributed to this work and participated in review of this
document. It has the support of the TSVWG.

Document Quality

There are no implementation reports for this specification, but there is
an OpenSSL implementation. The WG review considered related work on RFC
5238
, and this resulted in some changes to the final specification to
align the two methods. The document is now thought to be ready to
publish as a Standards Track RFC.
2010-05-06
06 Cindy Morgan Draft Added by Cindy Morgan in state Publication Requested
2010-05-04
06 Samuel Weiler Request for Early review by SECDIR is assigned to Tobias Gondrom
2010-05-04
06 Samuel Weiler Request for Early review by SECDIR is assigned to Tobias Gondrom
2010-04-01
06 Samuel Weiler Request for Early review by SECDIR is assigned to Catherine Meadows
2010-04-01
06 Samuel Weiler Request for Early review by SECDIR is assigned to Catherine Meadows
2010-03-22
05 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-05.txt
2010-02-17
04 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-04.txt
2010-02-16
03 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-03.txt
2009-10-25
02 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-02.txt
2009-07-08
01 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-01.txt
2009-04-25
06 (System) Document has expired
2008-10-23
00 (System) New version available: draft-ietf-tsvwg-dtls-for-sctp-00.txt