Coder Social home page Coder Social logo

Comments (6)

gloinul avatar gloinul commented on July 18, 2024

First for clarity it is RFC 6083 that defines the previous version of DTLS/SCTP.

Thanks for the idea, this actually looks practically doable which is hard when you are lacking the hooks in the earlier versions. Will discuss with @emanjon about this.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

emanjon avatar emanjon commented on July 18, 2024

This seems like an excellent idea. Defining a new TLS extension seems like an easy and clean approach. A suitable solution is probably that the extention does not contain any data and that that presence of the extentions mean support of draft-ietf-tsvwg-dtls-over-sctp-bis. Reusing SCSV seems messy. Regarding DTLS versions, it might make sense to just forbid DTLS 1.2 now that DTLS 1.3 is published and supported by several libraries.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

emanjon avatar emanjon commented on July 18, 2024

@gloinul below is a explanation of how the downgrade protection in TLS 1.3 works

https://blog.gypsyengineer.com/en/security/how-does-tls-1-3-protect-against-downgrade-attacks.html

DTLS 1.3 work the same

  random:  Same as for TLS 1.3, except that the downgrade sentinels
      described in Section 4.1.3 of [TLS13] when TLS 1.2 and TLS 1.1 and
      below are negotiated apply to DTLS 1.2 and DTLS 1.0, respectively.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

emanjon avatar emanjon commented on July 18, 2024

I think the next step is to define the fallback extention. We could define that the intiator using RFC 6083 but supporting draft-ietf-tsvwg-dtls-over-sctp-bis use the extension but it is likely simpler that a initiator supporting draft-ietf-tsvwg-dtls-over-sctp-bis always use the extension. The responder abort if RFC 6083 is used, the responder supports draft-ietf-tsvwg-dtls-over-sctp-bis, and the draft-ietf-tsvwg-dtls-over-sctp-bis extension was present.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

emanjon avatar emanjon commented on July 18, 2024

Does this extention mean that the document updates RFC 6083 after all?

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

emanjon avatar emanjon commented on July 18, 2024

I made a PR. This is theoretically nice, but is it worth it practically? This requires 3GPP changing the DTLS implementation. I think I will change the PR so that the extension is only send in RFC6083. My understanding is that 3GPP will just forbid fallback. It would then be bad to force more updates to DTLS libraries.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.