Comments (6)
First for clarity it is RFC 6083 that defines the previous version of DTLS/SCTP.
Thanks for the idea, this actually looks practically doable which is hard when you are lacking the hooks in the earlier versions. Will discuss with @emanjon about this.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
This seems like an excellent idea. Defining a new TLS extension seems like an easy and clean approach. A suitable solution is probably that the extention does not contain any data and that that presence of the extentions mean support of draft-ietf-tsvwg-dtls-over-sctp-bis. Reusing SCSV seems messy. Regarding DTLS versions, it might make sense to just forbid DTLS 1.2 now that DTLS 1.3 is published and supported by several libraries.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
@gloinul below is a explanation of how the downgrade protection in TLS 1.3 works
https://blog.gypsyengineer.com/en/security/how-does-tls-1-3-protect-against-downgrade-attacks.html
DTLS 1.3 work the same
random: Same as for TLS 1.3, except that the downgrade sentinels
described in Section 4.1.3 of [TLS13] when TLS 1.2 and TLS 1.1 and
below are negotiated apply to DTLS 1.2 and DTLS 1.0, respectively.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
I think the next step is to define the fallback extention. We could define that the intiator using RFC 6083 but supporting draft-ietf-tsvwg-dtls-over-sctp-bis use the extension but it is likely simpler that a initiator supporting draft-ietf-tsvwg-dtls-over-sctp-bis always use the extension. The responder abort if RFC 6083 is used, the responder supports draft-ietf-tsvwg-dtls-over-sctp-bis, and the draft-ietf-tsvwg-dtls-over-sctp-bis extension was present.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
Does this extention mean that the document updates RFC 6083 after all?
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
I made a PR. This is theoretically nice, but is it worth it practically? This requires 3GPP changing the DTLS implementation. I think I will change the PR so that the extension is only send in RFC6083. My understanding is that 3GPP will just forbid fallback. It would then be bad to force more updates to DTLS libraries.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
Related Issues (20)
- Define how the SCTP-AUTH keys are derived HOT 5
- Don't reuse the RFC 6803 exporter label HOT 1
- EC(DHE) -> (EC)DHE HOT 1
- Resumption performance HOT 3
- Cryptographic considerations is very long HOT 1
- How do you limit new connections HOT 1
- Mandatory mutual authentication HOT 3
- Use RFC 7525(bis) HOT 3
- DTLS 1.3 Only
- Editorial alignment in style of the IANA sub sections needed HOT 1
- DTLS considerations need to be clear that AEAD limits MUST be handled by new connection
- Address new vulnerabilities found in SCTP-AUTH HOT 10
- DTLS Considerations for Handling of Endpoint Pair Shared Secrets HOT 5
- Clarify that COOKIE-ECHO and COOKIE-ACK are not authenticated
- Align terminology with RFC 9260 HOT 10
- Create DTLS/SCTP Control Message IANA registry
- Update solution properties description
- Add text on how SCTP restart works
- Overstated Security Properties
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.