Skip to main content

Liaison statement
Reply LS on DTLS for SCTP

Additional information about IETF liaison relationships is available on the IETF webpage and the Internet Architecture Board liaison webpage.
State Posted
Submitted Date 2023-08-21
From Group 3GPP-TSGSA-SA3
From Contact Susanna Kooistra
To Group tsvwg
To Contacts Gorry Fairhurst <>
Marten Seemann <>
Cc Martin Duke <>
Zaheduzzaman Sarker <>
Gorry Fairhurst <>
Marten Seemann <>
Transport Area Working Group Discussion List <>
Response Contact Peter Schmitt <>
Susanna Kooistra <>
Purpose For information
Attachments S3-234160_Reply_LS_to_IETF_TSVWG_On_SCTP_and_DTLS
Liaisons referred by this one DTLS for SCTP next steps and request for input
1 Overall description

SA3 would like to thank IETF Transport Area Working Group (TSVWG) for notifying
SA3 of the current situation at IETF TSVWG about resolving the vulnerabilities
related to SCTP-AUTH and DTLS over SCTP. The LS, sent by IETF TSVWG to SA3, has
listed the architectural and security requirements that IETF TSVWG has taken
into consideration towards developing a solution. The LS says IETF TSVWG is
trying to choose a solution from two candidate solutions: (i) DTLS on SCTP and
relying on an updated version of SCTP-AUTH (ii) using DTLS to protect the
payload of SCTP packets in an encryption chunk.

SA3 has extracted the questions that IETF TSVWG has asked SA3. In the
following, SA3 articulates the questions and provides answers.

Question 1: Is the IETF TSVWG’s interpretation of the architectural and
security requirements correct?

Answer 1: From SA3’s perspective,TSVWG’s interpretation of all the security
requirements is correct – they are generic best-practice properties of a
security protocol.

Regarding the architecture requirement of supported message size, RAN3 is the
right authority to respond. According to the RAN3 LS [1], supporting longer
message lengths seems to be an important requirement. However, from the SA3
perspective, maintaining SCTP capability for longer message sizes is important
to avoid future limitations if the application protocols using SCTP need to be

Question 2: Does SA3 have any additional concerns with the implementation of
either of the candidate solutions?

Answer 2: Solution (i) requires changes in the existing SCTP, SCTP-AUTH
standards, implementation, and DTLS library. Therefore, Solution (i)’s
implementation effort appears to be higher than Solution (ii).

Question 3: Which of the two candidate solutions is preferable to SA3?
Answer 3: SA3 prefers Solution (ii) due to the answer to the previous question.

[1] R3-211274, "Remove the user message size limitation for DTLS over SCTP"

2 Actions

To IETF Transport Area Working Group (TSVWG)
ACTION: SA3 kindly asks IETF Transport Area Working Group (TSVWG) to take the
above information into account and expedite the decision process so that a
solution is ready by the envisioned time.

3 Dates of next TSG SA WG 3 meetings

SA3#113 6 -10 November 2023     Chicago, US
SA3#114 22 -26 January 2024     EU (TBD)