Strange sentence about draft-westerlund-tsvwg-dtls-over-sctp-bis HOT 4 CLOSED

Yes, that needs to be addressed. So in difference with RFC 6083, if one intended to use DTLS, no unprotected user messages should be sent. So what can arrive are either protected user messages or DTLS handshake messages on Stream 0. So stating that any data that has been sent will be ignored is not really protection against anything other than preventing misuse. But, it really ends up a question what the DTLS layer does with things that aren't DTLS records.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

How do you handle a starttls like setup used for example in RFC 3788? I think the point is that once an SCTP association is handled by an DTLS implementation, the DTLS implementation should terminate the SCTP association if it can't parse the record.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

I will review RFC 3788. From a layering perspective, I do agree that it is DTLS that needs to terminate the SCTP association. So maybe the way forward here is to state that once the DTLS over SCTP adapation layer interaction have gone both ways, we can mandate that all SCPT user messages will pass the DTLS layer, and thus it needs to be either DTLS messages (one stream 0) or protected user messages in DTLS records. If the DTLS stack receives anything else it can terminate the association.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.

Closing this issue after having created #35 and #37 to address two remaining aspects of the changes done in the PR #36.

from draft-westerlund-tsvwg-dtls-over-sctp-bis.