Comments (7)
- Might make sense to register some of SHA-384, SHA-512, SHAKE128, SHAKE256, but not required for RFC6083bis. SHA-384 is required for compliance with US CNSA suite.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
How to deal with this needs further discussion, even if the main part is a separate update of SCTP-AUTH to define those algorithms.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
Let see if we can conclude on this issue. I think what we say is the following.
RFC6083bis can mandate that one uses a SCTP-AUTH implementation that supports SHA-256 and that it prioritize that over SHA-1.
The socket API is lacking functionality to verify that SHA-256 was chosen to be used, but technically this specification can mandate that one verify that choice and if not abort the SCTP connection.
Outside of the scope of this document it would be desirable that the following happened.
SCTP-AUTH update (RFC4895bis) that implements the following:
- Updates the mandatory to implement algorithms and recommended priorities between them.
- Define additional algorithms e.g. SHA-384, SHA-512, SHAKE128, SHAKE256
SCTP Socket API update
- Improved functionality for prioritizing algorithms and control action or verify choice after handshake.
Does anyone see an issue with simply continue with the current method of simply mandating the algorithm support?
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
I agree with updating RFC 4895bis, but we currently have RFC 4960bis and the NAT document in TSVWG. My experience is, that TSVWG can handle one SCTP document at a time well. More are difficult. So it may take a while until we can work on 4895bis.
RFC 4895bis does specify SHA-256 and the Socket API can handle it. It can also handle priorities of different algorithms. So we just need to use a working that SHA-256 must be supported and negotiated. Right now, we can't avoid SHA-1 also to be listed as supported. So setting SHA-256 with higher priority is covered (and default in FreeBSD). We just need a way to check what SHA-256 will actually be used. I think we can add the required socket API stuff in this document. This is simple to do and I'm willing to propose the Socket API Considerations
section. Then we are completely covered without relying on other documents. OK?
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
Yes, I am fine with adding a SocketAPI consideration.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
"RFC6083bis can mandate that one uses a SCTP-AUTH implementation that supports SHA-256 and that it prioritize that over SHA-1.
The socket API is lacking functionality to verify that SHA-256 was chosen to be used, but technically this specification can mandate that one verify that choice and if not abort the SCTP connection."
Allowing negotiation of SHA-1 and then abort if it is chosen seems a bit werid. That is also what the current draft says.
Wouldn't it be better to say that when RFC6083bis is used, then SHA-1 shall not be in the HMAC-ALGO parameter?
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
"RFC6083bis can mandate that one uses a SCTP-AUTH implementation that supports SHA-256 and that it prioritize that over SHA-1.
The socket API is lacking functionality to verify that SHA-256 was chosen to be used, but technically this specification can mandate that one verify that choice and if not abort the SCTP connection."
Allowing negotiation of SHA-1 and then abort if it is chosen seems a bit werid. That is also what the current draft says.
Wouldn't it be better to say that when RFC6083bis is used, then SHA-1 shall not be in the HMAC-ALGO parameter?
To avoid interoperability problems, SHA-1 is a MUST to implement and offer. See RFC 4895 for the protocol and you can also not disabled it via the API as specified in RFC 6458. If you are not listing SCTP_AUTH_HMAC_ID_SHA1
, the IPPROTO_SCTP
level socket option SCTP_HMAC_IDENT
will fail to set the parameters.
So we need to do the negotiate with SCTP_AUTH_HMAC_ID_SHA1
dance and lateron check that we are only using SCTP_AUTH_HMAC_ID_SHA256
.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.
Related Issues (20)
- Define how the SCTP-AUTH keys are derived HOT 5
- Don't reuse the RFC 6803 exporter label HOT 1
- EC(DHE) -> (EC)DHE HOT 1
- Resumption performance HOT 3
- Cryptographic considerations is very long HOT 1
- How do you limit new connections HOT 1
- Mandatory mutual authentication HOT 3
- Use RFC 7525(bis) HOT 3
- Authenticating fallback to RFC 6083 HOT 6
- DTLS 1.3 Only
- Editorial alignment in style of the IANA sub sections needed HOT 1
- DTLS considerations need to be clear that AEAD limits MUST be handled by new connection
- Address new vulnerabilities found in SCTP-AUTH HOT 10
- DTLS Considerations for Handling of Endpoint Pair Shared Secrets HOT 5
- Clarify that COOKIE-ECHO and COOKIE-ACK are not authenticated
- Align terminology with RFC 9260 HOT 10
- Create DTLS/SCTP Control Message IANA registry
- Update solution properties description
- Add text on how SCTP restart works
- Overstated Security Properties
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from draft-westerlund-tsvwg-dtls-over-sctp-bis.