Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)
RFC 6083
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2019-06-01
|
06 | (System) | Received changes through RFC Editor sync (added Errata tag) |
|
2018-12-20
|
06 | (System) | Received changes through RFC Editor sync (changed abstract to 'This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream … Received changes through RFC Editor sync (changed abstract to 'This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP). DTLS over SCTP provides communications privacy for applications that use SCTP as their transport protocol and allows client/server applications to communicate in a way that is designed to prevent eavesdropping and detect tampering or message forgery. Applications using DTLS over SCTP can use almost all transport features provided by SCTP and its extensions. [STANDARDS-TRACK]') |
|
2015-10-14
|
06 | (System) | Notify list changed from tsvwg-chairs@ietf.org, draft-ietf-tsvwg-dtls-for-sctp@ietf.org to (None) |
|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Sean Turner |
|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Lars Eggert |
|
2011-01-20
|
06 | Cindy Morgan | State changed to RFC Published from RFC Ed Queue. |
|
2011-01-20
|
06 | Cindy Morgan | [Note]: changed to 'RFC 6083' |
|
2011-01-20
|
06 | (System) | RFC published |
|
2010-09-15
|
06 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
|
2010-09-15
|
06 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
|
2010-09-15
|
06 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
|
2010-09-14
|
06 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
|
2010-09-14
|
06 | (System) | IANA Action state changed to In Progress |
|
2010-09-14
|
06 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
|
2010-09-14
|
06 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2010-09-14
|
06 | Amy Vezza | IESG has approved the document |
|
2010-09-14
|
06 | Amy Vezza | Closed "Approve" ballot |
|
2010-09-13
|
06 | David Harrington | State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup by David Harrington |
|
2010-09-02
|
06 | Lars Eggert | [Ballot Position Update] Position for Lars Eggert has been changed to No Objection from Discuss by Lars Eggert |
|
2010-09-01
|
06 | Sean Turner | [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss by Sean Turner |
|
2010-09-01
|
06 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
|
2010-09-01
|
06 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-06.txt |
|
2010-08-26
|
06 | Cindy Morgan | State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan |
|
2010-08-26
|
06 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
|
2010-08-26
|
06 | Tim Polk | [Ballot comment] I support Lars discuss on section 3.1 I support Sean's discuss issue #1 (restrict the DTLS cipher suites to ones that provide the … [Ballot comment] I support Lars discuss on section 3.1 I support Sean's discuss issue #1 (restrict the DTLS cipher suites to ones that provide the required security services). |
|
2010-08-26
|
06 | Ron Bonica | [Ballot comment] Support Lars' discuss |
|
2010-08-26
|
06 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
|
2010-08-25
|
06 | Dan Romascanu | [Ballot comment] I support Lars's DISCUSS on section 3.1 |
|
2010-08-25
|
06 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
|
2010-08-25
|
06 | Sean Turner | [Ballot comment] #1 - Agree with Lars DISCUSS. A nice attempt at future proofing, but I don't think it'll fly ;) #2 - Sec 4.6: … [Ballot comment] #1 - Agree with Lars DISCUSS. A nice attempt at future proofing, but I don't think it'll fly ;) #2 - Sec 4.6: Before sending a ChangeCipherSpec message all outstanding SCTP user messages MUST have been acknowledged by the SCTP peer and MUST NOT be revoked anymore by the SCTP peer. anymore? Should it just be "revoked by"? #3 - In the security considerations, the I-D notes that "It is possible to authenticate DTLS endpoints based on IP-addresses in certificates." I went and looked in SCTP and didn't find anything about limiting endpoints with IP-address in certificates. It'd be nice to have a reference for this? |
|
2010-08-25
|
06 | Sean Turner | [Ballot discuss] #1 - DTLS indicates that in the absence of an application specific profile that the TLS_RSA_WITH_AES_128_CBC_SHA is the mandatory to implement cipher suite. … [Ballot discuss] #1 - DTLS indicates that in the absence of an application specific profile that the TLS_RSA_WITH_AES_128_CBC_SHA is the mandatory to implement cipher suite. Assuming that's the only cipher suite you use you can get the services you noted: authentication, message integrity and privacy of user messages. DTLS allows other cipher suites to be negotiated that would not provide these services. Please indicate the cipher suite you'd like support to support (or say that the default is used) and any restrictions on the choice of other cipher suites to ensure you get all three services. #2 - Any chance we can get a why on the MUST NOT in 3.3-3.5? DTLS says applications SHOULD support Anti-Replay and PMTU Discovery. #3 - Need to specify whether you support renegotiation. The following was used in draft-ietf-nsis-ntlp-sctp (feel free to tweak): DTLS renegotiation [7] may cause problems for applications such that connection security parameters can change without the application knowing it. Hence, it is RECOMMENDED that renegotiation be disabled for GIST over DTLS. |
|
2010-08-25
|
06 | Sean Turner | [Ballot Position Update] New position, Discuss, has been recorded by Sean Turner |
|
2010-08-25
|
06 | Tim Polk | [Ballot comment] I support Lars discuss on section 3.1 |
|
2010-08-25
|
06 | Tim Polk | [Ballot comment] I support Lars discus on section 3.1 |
|
2010-08-25
|
06 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
|
2010-08-25
|
06 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel |
|
2010-08-24
|
06 | Jari Arkko | [Ballot comment] Review by Ari Keränen: 3.1. Future Versions of DTLS This document is based on [RFC4347]. If a new RFC … [Ballot comment] Review by Ari Keränen: 3.1. Future Versions of DTLS This document is based on [RFC4347]. If a new RFC updates or obsoletes [RFC4347], this documents also applies to the newer document defining DTLS unless this document also gets updated or revised. How do you know whether the "new DTLS" is compatible with this spec? |
|
2010-08-24
|
06 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
|
2010-08-24
|
06 | Robert Sparks | [Ballot comment] I also found section 3.1 awkward |
|
2010-08-24
|
06 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks |
|
2010-08-24
|
06 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
|
2010-08-24
|
06 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant |
|
2010-08-23
|
06 | Lars Eggert | [Ballot comment] Section 1.1., paragraph 2: > Security features provided by DTLS over SCTP include authentication, > message integrity and privacy of user … [Ballot comment] Section 1.1., paragraph 2: > Security features provided by DTLS over SCTP include authentication, > message integrity and privacy of user messages. Applications using > DTLS over SCTP can use almost all transport features provided by SCTP > and its extensions. Which ones can they not use? (Also, nit, I'm not a big fan of 1:1 repetition of the abstract in the introduction.) Section 3.2., paragraph 1: > DTLS limits the DTLS user message size to the current Path MTU minus > the header sizes. This limit SHOULD be increased to 2^14 Bytes for > DTLS over SCTP. The wording here is odd. You don't actually want to increase a limit of the base DTLS spec (because otherwise you'd need to Update it.) You probably want to say "for the purposes of running over SCTP, the DTLS path MTU SHOULD be considered to be 2^14." (And should this not be a MUST?) Section 4.3., paragraph 1: > Application protocols running over DTLS over SCTP SHOULD register and > use a separate payload protocol identifier (PPID) and SHOULD NOT > reuse the PPID that they registered for running directly over SCTP. Shouldn't these be MUSTs? Section 4.4., paragraph 2: > All DTLS messages of the ApplicationData protocol MAY be transported > over stream 0, but users SHOULD use other streams to avoid possible > performance problems due to head of line blocking. Suggest to change the sentence logic to "SHOULD use other streams, MAY use 0 if <condition>" and therefore say when it is OK to go against the SHOULD. Section 1.1., paragraph 17: > o The DTLS user can not perform the SCTP-AUTH key management, Nit: s/can not/cannot/ Section 4.5., paragraph 1: > This makes sure that an attacker can not modify the stream in which a Nit: s/can not/cannot/ |
|
2010-08-23
|
06 | Lars Eggert | [Ballot discuss] Section 3.1., paragraph 1: > This document is based on [RFC4347]. If a new RFC updates or > obsoletes … [Ballot discuss] Section 3.1., paragraph 1: > This document is based on [RFC4347]. If a new RFC updates or > obsoletes [RFC4347], this documents also applies to the newer > document defining DTLS unless this document also gets updated or > revised. DISCUSS: This section is in the wrong document. It will need to be in the DTLS bis document, because only when we have that will we know whether the hypothetical new version of DTLS cann support this spec or not. If it can, the DTLS bis will Update this document and indicate this, and if not, it will need to move this document to Historic. In other words, I believe this section should be removed. |
|
2010-08-23
|
06 | Lars Eggert | [Ballot Position Update] New position, Discuss, has been recorded by Lars Eggert |
|
2010-08-15
|
06 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov |
|
2010-08-10
|
06 | Cindy Morgan | Telechat date has been changed to 2010-08-26 from None by Cindy Morgan |
|
2010-08-04
|
06 | David Harrington | State changed to IESG Evaluation from Waiting for AD Go-Ahead by David Harrington |
|
2010-08-04
|
06 | David Harrington | Placed on agenda for telechat - 2010-08-26 by David Harrington |
|
2010-08-04
|
06 | David Harrington | [Ballot Position Update] New position, Yes, has been recorded for David Harrington |
|
2010-08-04
|
06 | David Harrington | Ballot has been issued by David Harrington |
|
2010-08-04
|
06 | David Harrington | Created "Approve" ballot |
|
2010-06-23
|
06 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
|
2010-06-15
|
06 | Amanda Baber | IANA comments: Upon approval of this document, IANA will make the following assignment in the "Transport Layer Security (TLS) Parameters" registry located at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml sub-registry … IANA comments: Upon approval of this document, IANA will make the following assignment in the "Transport Layer Security (TLS) Parameters" registry located at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml sub-registry "TLS Exporter Label Registry" Value Reference Note ---- --------- ---- EXPORTER_DTLS_OVER_SCTP [RFC-tsvwg-dtls-for-sctp-05] We understand the above to be the only IANA Action for this document. |
|
2010-06-09
|
06 | Samuel Weiler | Request for Early review by SECDIR Completed. Reviewer: Catherine Meadows. |
|
2010-06-09
|
06 | Cindy Morgan | Last call sent |
|
2010-06-09
|
06 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
|
2010-06-09
|
06 | David Harrington | Last Call was requested by David Harrington |
|
2010-06-09
|
06 | (System) | Ballot writeup text was added |
|
2010-06-09
|
06 | (System) | Last call text was added |
|
2010-06-09
|
06 | (System) | Ballot approval text was added |
|
2010-06-09
|
06 | David Harrington | State Changes to Last Call Requested from Publication Requested by David Harrington |
|
2010-05-06
|
06 | Cindy Morgan | [Note]: 'Gorry Fairhurst (gorry@erg.abdn.ac.uk ) is the document shepherd.' added by Cindy Morgan |
|
2010-05-06
|
06 | Cindy Morgan | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? Gorry Fairhurst, TSVWG Chair (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? Yes. This document has been presented in TSVWG, and received comments and feedback. One author (E. Rescorla) did not participate in the WGLC review, and as, yet, has not responded to follow-up emails. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? This needs SecDir review, since adds a security mechanism to DTLS (RFC 4347). A Secdir review was requested during WGLC, but none emerged. It is expected that appropriate security reviews will be sought by the AD. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. No. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There was consensus to progress this work, and to support for this particular work item. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See the Internet-Drafts Checklist and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? OK. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. Yes. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? This memo includes request to IANA. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? Not applicable. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP). Security features provided by DTLS over SCTP include authentication, message integrity and privacy of user messages. Applications using DTLS over SCTP can use almost all transport features provided by SCTP and its extensions. Working Group Summary The WG contributed to this work and participated in review of this document. It has the support of the TSVWG. Document Quality There are no implementation reports for this specification, but there is an OpenSSL implementation. The WG review considered related work on RFC 5238, and this resulted in some changes to the final specification to align the two methods. The document is now thought to be ready to publish as a Standards Track RFC. |
|
2010-05-06
|
06 | Cindy Morgan | Draft Added by Cindy Morgan in state Publication Requested |
|
2010-05-04
|
06 | Samuel Weiler | Request for Early review by SECDIR is assigned to Tobias Gondrom |
|
2010-05-04
|
06 | Samuel Weiler | Request for Early review by SECDIR is assigned to Tobias Gondrom |
|
2010-04-01
|
06 | Samuel Weiler | Request for Early review by SECDIR is assigned to Catherine Meadows |
|
2010-04-01
|
06 | Samuel Weiler | Request for Early review by SECDIR is assigned to Catherine Meadows |
|
2010-03-22
|
05 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-05.txt |
|
2010-02-17
|
04 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-04.txt |
|
2010-02-16
|
03 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-03.txt |
|
2009-10-25
|
02 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-02.txt |
|
2009-07-08
|
01 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-01.txt |
|
2009-04-25
|
06 | (System) | Document has expired |
|
2008-10-23
|
00 | (System) | New version available: draft-ietf-tsvwg-dtls-for-sctp-00.txt |