draft-ietf-tsvwg-sctp-dtls-encaps-06.txt   draft-ietf-tsvwg-sctp-dtls-encaps-07.txt 
Network Working Group M. Tuexen Network Working Group M. Tuexen
Internet-Draft Muenster Univ. of Appl. Sciences Internet-Draft Muenster Univ. of Appl. Sciences
Intended status: Standards Track R. Stewart Intended status: Standards Track R. Stewart
Expires: May 15, 2015 Netflix, Inc. Expires: June 13, 2015 Netflix, Inc.
R. Jesup R. Jesup
WorldGate Communications WorldGate Communications
S. Loreto S. Loreto
Ericsson Ericsson
November 11, 2014 December 10, 2014
DTLS Encapsulation of SCTP Packets DTLS Encapsulation of SCTP Packets
draft-ietf-tsvwg-sctp-dtls-encaps-06.txt draft-ietf-tsvwg-sctp-dtls-encaps-07.txt
Abstract Abstract
The Stream Control Transmission Protocol (SCTP) is a transport The Stream Control Transmission Protocol (SCTP) is a transport
protocol originally defined to run on top of the network protocols protocol originally defined to run on top of the network protocols
IPv4 or IPv6. This document specifies how SCTP can be used on top of IPv4 or IPv6. This document specifies how SCTP can be used on top of
the Datagram Transport Layer Security (DTLS) protocol. Using the the Datagram Transport Layer Security (DTLS) protocol. Using the
encapsulation method described in this document, SCTP is agnostic encapsulation method described in this document, SCTP is agnostic
about the protocols being used below DTLS, explicit IP addresses can about the protocols being used below DTLS, explicit IP addresses can
not be used in the SCTP control chunks. As a consequence, the SCTP not be used in the SCTP control chunks. As a consequence, the SCTP
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 15, 2015. This Internet-Draft will expire on June 13, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Encapsulation and Decapsulation Procedure . . . . . . . . . . 3 3. Encapsulation and Decapsulation Procedure . . . . . . . . . . 3
4. General Considerations . . . . . . . . . . . . . . . . . . . 3 4. General Considerations . . . . . . . . . . . . . . . . . . . 3
5. DTLS Considerations . . . . . . . . . . . . . . . . . . . . . 3 5. DTLS Considerations . . . . . . . . . . . . . . . . . . . . . 3
6. SCTP Considerations . . . . . . . . . . . . . . . . . . . . . 4 6. SCTP Considerations . . . . . . . . . . . . . . . . . . . . . 4
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
Appendix A. NOTE to the RFC-Editor . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Overview 1. Overview
The Stream Control Transmission Protocol (SCTP) as defined in The Stream Control Transmission Protocol (SCTP) as defined in
[RFC4960] is a transport protocol running on top of the network [RFC4960] is a transport protocol running on top of the network
protocols IPv4 [RFC0791] or IPv6 [RFC2460]. This document specifies protocols IPv4 [RFC0791] or IPv6 [RFC2460]. This document specifies
how SCTP is used on top of the Datagram Transport Layer Security how SCTP is used on top of the Datagram Transport Layer Security
(DTLS) protocol defined in [RFC4347]. This encapsulation is used for (DTLS) protocol. DTLS 1.0 is defined in [RFC4347] and the present
example within the WebRTC protocol suite (see latest version, DTLS 1.2, is defined in [RFC6347]. This
[I-D.ietf-rtcweb-overview] for an overview) for transporting non-SRTP encapsulation is used for example within the WebRTC protocol suite
data between browsers. The architecture of this stack is described (see [I-D.ietf-rtcweb-overview] for an overview) for transporting
in [I-D.ietf-rtcweb-data-channel]. non-SRTP data between browsers. The architecture of this stack is
described in [I-D.ietf-rtcweb-data-channel].
Please note that the procedures defined in [RFC6951] for dealing with Please note that the procedures defined in [RFC6951] for dealing with
the UDP port numbers do not apply here. When using the encapsulation the UDP port numbers do not apply here. When using the encapsulation
defined in this document, SCTP is agnostic about the protocols used defined in this document, SCTP is agnostic about the protocols used
below DTLS. below DTLS.
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Encapsulation and Decapsulation Procedure 3. Encapsulation and Decapsulation Procedure
When an SCTP packet is provided to the DTLS layer, the complete SCTP When an SCTP packet is provided to the DTLS layer, the complete SCTP
packet, consisting of the SCTP common header and a number of SCTP packet, consisting of the SCTP common header and a number of SCTP
chunks, MUST be handled as the payload of the application layer chunks, is handled as the payload of the application layer protocol
protocol of DTLS. When the DTLS layer has processed a DTLS record of DTLS. When the DTLS layer has processed a DTLS record containing
containing a message of the application layer protocol, the payload a message of the application layer protocol, the payload is passed to
MUST be given up to the SCTP layer. The SCTP layer expects an SCTP the SCTP layer. The SCTP layer expects an SCTP common header
common header followed by a number of SCTP chunks. followed by a number of SCTP chunks.
4. General Considerations 4. General Considerations
An implementation of SCTP over DTLS MUST implement and use a path An implementation of SCTP over DTLS MUST implement and use a path
maximum transmission unit (MTU) discovery method that functions maximum transmission unit (MTU) discovery method that functions
without ICMP to provide SCTP/DTLS with an MTU estimate. An without ICMP to provide SCTP/DTLS with an MTU estimate. An
implementation of "Packetization Layer Path MTU Discovery" [RFC4821] implementation of "Packetization Layer Path MTU Discovery" [RFC4821]
either in SCTP or DTLS is RECOMMENDED. either in SCTP or DTLS is RECOMMENDED.
5. DTLS Considerations 5. DTLS Considerations
The DTLS implementation MUST support DTLS 1.0 [RFC4347] and SHOULD The DTLS implementation MUST support DTLS 1.0 [RFC4347] and SHOULD
support the most recently published version of DTLS, which is DTLS support the most recently published version of DTLS, which is DTLS
1.2 [RFC6347] as of November 2014. In the absence of a revision to 1.2 [RFC6347] as of December 2014. In the absence of a revision to
this document, the latter requirement applies to all future versions this document, the latter requirement applies to all future versions
of DTLS when they are published as RFCs. This document will only be of DTLS when they are published as RFCs. This document will only be
revised if a revision to DTLS or SCTP makes a revision to the revised if a revision to DTLS or SCTP makes a revision to the
encapsulation necessary. encapsulation necessary.
SCTP performs segmentation and reassembly based on the path MTU. SCTP performs segmentation and reassembly based on the path MTU.
Therefore the DTLS layer MUST NOT use any compression algorithm. Therefore the DTLS layer MUST NOT use any compression algorithm.
The DTLS MUST support sending messages larger than the current path The DTLS MUST support sending messages larger than the current path
MTU. This might result in sending IP level fragmented messages. MTU. This might result in sending IP level fragmented messages.
skipping to change at page 3, line 49 skipping to change at page 3, line 49
If path MTU discovery is performed by the DTLS layer, the method If path MTU discovery is performed by the DTLS layer, the method
described in [RFC4821] MUST be used. For probe packets, the described in [RFC4821] MUST be used. For probe packets, the
extension defined in [RFC6520] MUST be used. extension defined in [RFC6520] MUST be used.
If path MTU discovery is performed by the SCTP layer and IPv4 is used If path MTU discovery is performed by the SCTP layer and IPv4 is used
as the network layer protocol, the DTLS implementation SHOULD allow as the network layer protocol, the DTLS implementation SHOULD allow
the DTLS user to enforce that the corresponding IPv4 packet is sent the DTLS user to enforce that the corresponding IPv4 packet is sent
with the Don't Fragment (DF) bit set. If controlling the DF bit is with the Don't Fragment (DF) bit set. If controlling the DF bit is
not possible, for example due to implementation restrictions, a safe not possible, for example due to implementation restrictions, a safe
value for the path MTU has to be used by the SCTP stack. It is value for the path MTU has to be used by the SCTP stack. It is
RECOMMENDED that the save value does not exceed 1200 bytes. Please RECOMMENDED that the safe value does not exceed 1200 bytes. Please
note that [RFC1122] only requires end hosts to be able to reassemble note that [RFC1122] only requires end hosts to be able to reassemble
fragmented IP packets of reassembled size of 576 bytes. fragmented IP packets up to 576 bytes in length.
The DTLS implementation SHOULD allow the DTLS user to set the The DTLS implementation SHOULD allow the DTLS user to set the
Differentiated services code point (DSCP) used for IP packets being Differentiated services code point (DSCP) used for IP packets being
sent (see [RFC2474]). This requires the DTLS implementation to pass sent (see [RFC2474]). This requires the DTLS implementation to pass
the value through and the lower layer to allow setting this value. the value through and the lower layer to allow setting this value.
If the lower layer does not support setting the DSCP, then the DTLS If the lower layer does not support setting the DSCP, then the DTLS
user will end up with the default value used by protocol stack. user will end up with the default value used by protocol stack.
Please note that only a single DSCP value can be used for all packets Please note that only a single DSCP value can be used for all packets
belonging to the same SCTP association. belonging to the same SCTP association.
skipping to change at page 5, line 31 skipping to change at page 5, line 31
6.4. SCTP Authentication Extension 6.4. SCTP Authentication Extension
The SCTP authentication extension defined in [RFC4895] can be used The SCTP authentication extension defined in [RFC4895] can be used
with DTLS encapsulation, but does not provide any additional benefit. with DTLS encapsulation, but does not provide any additional benefit.
6.5. Partial Reliability Extension 6.5. Partial Reliability Extension
Partial reliability as defined in [RFC3758] can be used in Partial reliability as defined in [RFC3758] can be used in
combination with DTLS encapsulation. It is also possible to use combination with DTLS encapsulation. It is also possible to use
additional PR-SCTP policies. additional PR-SCTP policies, for example the ones defined in
[I-D.ietf-tsvwg-sctp-prpolicies].
6.6. Stream Reset Extension 6.6. Stream Reset Extension
The SCTP stream reset extension defined in [RFC6525] can be used with The SCTP stream reset extension defined in [RFC6525] can be used with
DTLS encapsulation. It is used to reset SCTP streams and add SCTP DTLS encapsulation. It is used to reset SCTP streams and add SCTP
streams during the lifetime of the SCTP association. streams during the lifetime of the SCTP association.
6.7. Interleaving of Large User Messages 6.7. Interleaving of Large User Messages
SCTP as defined in [RFC4960] does not support the interleaving of SCTP as defined in [RFC4960] does not support the interleaving of
skipping to change at page 6, line 23 skipping to change at page 6, line 23
It should be noted that the inability to process ICMP or ICMPv6 It should be noted that the inability to process ICMP or ICMPv6
messages does not add any security issue. The processing of these messages does not add any security issue. The processing of these
messages for SCTP carried over a connection-less lower layer like IP, messages for SCTP carried over a connection-less lower layer like IP,
IPv6 or UDP is required to protect nodes not supporting SCTP. Since IPv6 or UDP is required to protect nodes not supporting SCTP. Since
DTLS provides a connection-oriented lower layer, this kind of DTLS provides a connection-oriented lower layer, this kind of
protection is not necessary. protection is not necessary.
9. Acknowledgments 9. Acknowledgments
The authors wish to thank David Black, Gorry Fairhurst, Christer The authors wish to thank David Black, Spencer Dawkins, Gorry
Holmberg, Eric Rescorla, Joe Touch and Magnus Westerlund for their Fairhurst, Christer Holmberg, Eric Rescorla, Joe Touch and Magnus
invaluable comments. Westerlund for their invaluable comments.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC1122] Braden, R., "Requirements for Internet Hosts - [RFC1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, October 1989. Communication Layers", STD 3, RFC 1122, October 1989.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 7, line 49 skipping to change at page 7, line 49
[RFC6525] Stewart, R., Tuexen, M., and P. Lei, "Stream Control [RFC6525] Stewart, R., Tuexen, M., and P. Lei, "Stream Control
Transmission Protocol (SCTP) Stream Reconfiguration", RFC Transmission Protocol (SCTP) Stream Reconfiguration", RFC
6525, February 2012. 6525, February 2012.
[RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream [RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream
Control Transmission Protocol (SCTP) Packets for End-Host Control Transmission Protocol (SCTP) Packets for End-Host
to End-Host Communication", RFC 6951, May 2013. to End-Host Communication", RFC 6951, May 2013.
[I-D.ietf-rtcweb-overview] [I-D.ietf-rtcweb-overview]
Alvestrand, H., "Overview: Real Time Protocols for Alvestrand, H., "Overview: Real Time Protocols for
Browser-based Applications", draft-ietf-rtcweb-overview-12 Browser-based Applications", draft-ietf-rtcweb-overview-13
(work in progress), October 2014. (work in progress), November 2014.
[I-D.ietf-rtcweb-data-channel] [I-D.ietf-rtcweb-data-channel]
Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data Jesup, R., Loreto, S., and M. Tuexen, "WebRTC Data
Channels", draft-ietf-rtcweb-data-channel-12 (work in Channels", draft-ietf-rtcweb-data-channel-12 (work in
progress), September 2014. progress), September 2014.
[I-D.ietf-tsvwg-sctp-prpolicies]
Tuexen, M., Seggelmann, R., Stewart, R., and S. Loreto,
"Additional Policies for the Partial Reliability Extension
of the Stream Control Transmission Protocol", draft-ietf-
tsvwg-sctp-prpolicies-05 (work in progress), November
2014.
[I-D.ietf-tsvwg-sctp-ndata] [I-D.ietf-tsvwg-sctp-ndata]
Stewart, R., Tuexen, M., Loreto, S., and R. Seggelmann, Stewart, R., Tuexen, M., Loreto, S., and R. Seggelmann,
"Stream Schedulers and a New Data Chunk for the Stream "Stream Schedulers and a New Data Chunk for the Stream
Control Transmission Protocol", draft-ietf-tsvwg-sctp- Control Transmission Protocol", draft-ietf-tsvwg-sctp-
ndata-01 (work in progress), July 2014. ndata-01 (work in progress), July 2014.
Appendix A. NOTE to the RFC-Editor
Although the references to [I-D.ietf-tsvwg-sctp-prpolicies] and
[I-D.ietf-tsvwg-sctp-ndata] are informative, put this document in
REF-HOLD until these two references have been approved and update
these references to the corresponding RFCs.
Authors' Addresses Authors' Addresses
Michael Tuexen Michael Tuexen
Muenster University of Applied Sciences Muenster University of Applied Sciences
Stegerwaldstrasse 39 Stegerwaldstrasse 39
48565 Steinfurt 48565 Steinfurt
DE DE
Email: tuexen@fh-muenster.de Email: tuexen@fh-muenster.de
 End of changes. 15 change blocks. 
23 lines changed or deleted 40 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/