draft-ietf-babel-dtls-05.txt   draft-ietf-babel-dtls-06.txt 
Network Working Group A. Decimo Network Working Group A. Decimo
Internet-Draft IRIF, University of Paris-Diderot Internet-Draft IRIF, University of Paris-Diderot
Intended status: Standards Track D. Schinazi Intended status: Standards Track D. Schinazi
Expires: December 8, 2019 Google LLC Expires: January 3, 2020 Google LLC
J. Chroboczek J. Chroboczek
IRIF, University of Paris-Diderot IRIF, University of Paris-Diderot
June 6, 2019 July 2, 2019
Babel Routing Protocol over Datagram Transport Layer Security Babel Routing Protocol over Datagram Transport Layer Security
draft-ietf-babel-dtls-05 draft-ietf-babel-dtls-06
Abstract Abstract
The Babel Routing Protocol does not contain any means to authenticate The Babel Routing Protocol does not contain any means to authenticate
neighbours or protect messages sent between them. This document neighbours or protect messages sent between them. This document
specifies a mechanism to ensure these properties, using Datagram specifies a mechanism to ensure these properties, using Datagram
Transport Layer Security (DTLS). Transport Layer Security (DTLS).
Status of This Memo Status of This Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 8, 2019. This Internet-Draft will expire on January 3, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 35 skipping to change at page 3, line 35
destinations. destinations.
2.1. DTLS Connection Initiation 2.1. DTLS Connection Initiation
Babel over DTLS operates on a different port than unencrypted Babel. Babel over DTLS operates on a different port than unencrypted Babel.
All Babel over DTLS nodes MUST act as DTLS servers on a given UDP All Babel over DTLS nodes MUST act as DTLS servers on a given UDP
port, and MUST listen for unencrypted Babel traffic on another UDP port, and MUST listen for unencrypted Babel traffic on another UDP
port, which MUST be distinct from the first one. The default port port, which MUST be distinct from the first one. The default port
for Babel over DTLS is registered with IANA as the "babel-dtls" port for Babel over DTLS is registered with IANA as the "babel-dtls" port
(UDP port TBD, see Section 4), and the port exchanging unencrypted (UDP port TBD, see Section 4), and the port exchanging unencrypted
Babel traffic is registered as the "babel" port (UDP port 6696). Babel traffic is registered as the "babel" port (UDP port 6696, see
Section 5 of [RFC6126bis]).
When a Babel node discovers a new neighbour (generally by receiving When a Babel node discovers a new neighbour (generally by receiving
an unencrypted multicast Babel packet), it compares the neighbour's an unencrypted multicast Babel packet), it compares the neighbour's
IPv6 link-local address with its own, using network byte ordering. IPv6 link-local address with its own, using network byte ordering.
If a node's address is lower than the recently discovered neighbour's If a node's address is lower than the recently discovered neighbour's
address, it acts as a client and connects to the neighbour. In other address, it acts as a client and connects to the neighbour. In other
words, the node with the lowest address is the DTLS client for this words, the node with the lowest address is the DTLS client for this
pairwise relationship. As an example, fe80::1:2 is considered lower pairwise relationship. As an example, fe80::1:2 is considered lower
than fe80::2:1. than fe80::2:1.
skipping to change at page 7, line 31 skipping to change at page 7, line 31
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC6126bis] [RFC6126bis]
Chroboczek, J. and D. Schinazi, "The Babel Routing Chroboczek, J. and D. Schinazi, "The Babel Routing
Protocol", Internet Draft draft-ietf-babel-rfc6126bis-09, Protocol", Internet Draft draft-ietf-babel-rfc6126bis-11,
November 2018. June 2019.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>. January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
6.2. Informative References 6.2. Informative References
[BABEL-HMAC] [BABEL-HMAC]
Do, C., Kolodziejak, W., and J. Chroboczek, "Babel Do, C., Kolodziejak, W., and J. Chroboczek, "Babel
Cryptographic Authentication", Internet Draft draft-ietf- Cryptographic Authentication", Internet Draft draft-ietf-
babel-hmac-04, November 2018. babel-hmac-07, June 2019.
[DTLS-CID] [DTLS-CID]
Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom,
"Connection Identifiers for DTLS 1.2", Internet Draft "Connection Identifiers for DTLS 1.2", Internet Draft
draft-ietf-tls-dtls-connection-id-05, October 2018. draft-ietf-tls-dtls-connection-id-05, October 2018.
[RFC7250] Wouters, P., Ed., Tschofenig, H., Ed., Gilmore, J., [RFC7250] Wouters, P., Ed., Tschofenig, H., Ed., Gilmore, J.,
Weiler, S., and T. Kivinen, "Using Raw Public Keys in Weiler, S., and T. Kivinen, "Using Raw Public Keys in
Transport Layer Security (TLS) and Datagram Transport Transport Layer Security (TLS) and Datagram Transport
Layer Security (DTLS)", RFC 7250, DOI 10.17487/RFC7250, Layer Security (DTLS)", RFC 7250, DOI 10.17487/RFC7250,
skipping to change at page 8, line 47 skipping to change at page 8, line 47
or the Cached Information Extension [RFC7924]. The Cached or the Cached Information Extension [RFC7924]. The Cached
Information Extension avoids transmitting the server's certificate Information Extension avoids transmitting the server's certificate
and certificate chain if the client has cached that information from and certificate chain if the client has cached that information from
a previous TLS handshake. TLS False Start [RFC7918] can reduce round a previous TLS handshake. TLS False Start [RFC7918] can reduce round
trips by allowing the TLS second flight of messages trips by allowing the TLS second flight of messages
(ChangeCipherSpec) to also contain the (encrypted) Babel packet. (ChangeCipherSpec) to also contain the (encrypted) Babel packet.
Appendix B. Acknowledgments Appendix B. Acknowledgments
The authors would like to thank Donald Eastlake, Thomas Fossati, The authors would like to thank Donald Eastlake, Thomas Fossati,
Gabriel Kerneis, Antoni Przygienda, Barbara Stark, Markus Stenberg, Gabriel Kerneis, Antoni Przygienda, Dan Romascanu, Barbara Stark,
Dave Taht, Martin Thomson, Sean Turner and Martin Vigoureux for their Markus Stenberg, Dave Taht, Martin Thomson, Sean Turner and Martin
input and contributions. The performance considerations in this Vigoureux for their input and contributions. The performance
document were inspired from the ones for DNS over DTLS [RFC8094]. considerations in this document were inspired from the ones for DNS
over DTLS [RFC8094].
Authors' Addresses Authors' Addresses
Antonin Decimo Antonin Decimo
IRIF, University of Paris-Diderot IRIF, University of Paris-Diderot
Paris Paris
France France
Email: antonin.decimo@gmail.com Email: antonin.decimo@gmail.com
 End of changes. 8 change blocks. 
12 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/