DTLS Encapsulation of SCTP Packets
draft-ietf-tsvwg-sctp-dtls-encaps-01
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 8261.
|
|
|---|---|---|---|
| Authors | Randell Jesup , Salvatore Loreto , Randall R. Stewart , Michael Tüxen | ||
| Last updated | 2013-07-15 | ||
| Replaces | draft-tuexen-tsvwg-sctp-dtls-encaps | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Became RFC 8261 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Spencer Dawkins | ||
| Send notices to | (None) |
draft-ietf-tsvwg-sctp-dtls-encaps-01
Network Working Group R. Jesup
Internet-Draft WorldGate Communications
Intended status: Standards Track S. Loreto
Expires: January 16, 2014 Ericsson
R. Stewart
Adara Networks
M. Tuexen
Muenster Univ. of Appl. Sciences
July 15, 2013
DTLS Encapsulation of SCTP Packets
draft-ietf-tsvwg-sctp-dtls-encaps-01.txt
Abstract
The Stream Control Transmission Protocol (SCTP) is a transport
protocol originally defined to run on top of the network protocols
IPv4 or IPv6. This document specifies how SCTP can be used on top of
the Datagram Transport Layer Security (DTLS) protocol.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 16, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Jesup, et al. Expires January 16, 2014 [Page 1]
Internet-Draft SCTP over DTLS July 2013
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Encapsulation and Decapsulation Procedure . . . . . . . . . . 3
4. DTLS Considerations . . . . . . . . . . . . . . . . . . . . . 3
5. SCTP Considerations . . . . . . . . . . . . . . . . . . . . . 3
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 5
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
1.1. Overview
The Stream Control Transmission Protocol (SCTP) as defined in
[RFC4960] is a transport protocol running on top of the network
protocols IPv4 or IPv6. This document specifies how SCTP is used on
top of the Datagram Transport Layer Security (DTLS) protocol. This
encapsulation is used for example within the RTCWeb protocol suite
(see [I-D.ietf-rtcweb-overview] for an overview) for transporting
non-media data between browsers. The architecture of this stack is
described in [I-D.ietf-rtcweb-data-channel].
1.2. Terminology
This document uses the following terms:
Association: An SCTP association.
Stream: A unidirectional stream of an SCTP association. It is
uniquely identified by a stream identifier.
1.3. Abbreviations
DTLS: Datagram Transport Layer Security.
MTU: Maximum Transmission Unit.
PPID: Payload Protocol Identifier.
Jesup, et al. Expires January 16, 2014 [Page 2]
Internet-Draft SCTP over DTLS July 2013
SCTP: Stream Control Transmission Protocol.
TCP: Transmission Control Protocol.
TLS: Transport Layer Security.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Encapsulation and Decapsulation Procedure
When an SCTP packet is sent down to the DTLS layer, the complete SCTP
packet, consisting of the SCTP common header and a number of SCTP
chunks, MUST be handled as the payload of the application layer
protocol of DTLS. When the DTLS layer has processed a DTLS record
containing a message of the application layer protocol, the payload
MUST be given up to the SCTP layer. The SCTP layer expects an SCTP
common header followed by a number of SCTP chunks.
4. DTLS Considerations
The DTLS implementation MUST be based on [RFC6347].
If path MTU discovery is performed by the DTLS layer, the method
described in [RFC4821] MUST be used. For probe packets, the
extension defined in [RFC6520] MUST be used.
If path MTU discovery is performed by the SCTP layer and IPv4 is used
as the network layer protocol, the DTLS implementation MUST allow the
DTLS user to enforce that the corresponding IPv4 packet is sent with
the DF bit set.
SCTP performs segmentation and reassembly based on the path MTU.
Therefore the DTLS layer MUST NOT use any compression algorithm.
5. SCTP Considerations
5.1. Base Protocol
SCTP as specified in [RFC4960] is used. However, the following
restrictions are necessary to reflect that the lower layer is the
connection oriented protocol DTLS instead of the connection less
protocol IPv4 and IPv6:
Jesup, et al. Expires January 16, 2014 [Page 3]
Internet-Draft SCTP over DTLS July 2013
o A DTLS connection MUST be established before an SCTP association
can be set up.
o All associations MUST be single-homed.
o The INIT and INIT-ACK chunk MUST NOT contain any IPv4 Address or
IPv6 Address parameters. The INIT chunk MUST NOT contain the
Supported Address Types parameter.
o The implementation MUST NOT rely on processing ICMP or ICMPv6
packets. This applies in particular to path MTU discovery when
performed by SCTP.
5.2. Padding Extension
The padding extension defined in [RFC4820] MUST be supported and used
for probe packets when performing path MTU discovery as specified in
[RFC4821].
5.3. Dynamic Address Reconfiguration Extension
If the dynamic address reconfiguration extension defined in [RFC5061]
is used, only wildcard addresses MUST be used in ASCONF chunks.
5.4. SCTP Authentication Extension
The SCTP authentication extension defined in [RFC4895] can be used
with DTLS encapsulation, but does not require any additional benefit.
5.5. Partial Reliability Extension
Partial reliability as defined in [RFC3758] can be used in
combination with DTLS encapsulation. It is also possible to use
additional PR-SCTP policies.
5.6. Stream Reset Extension
The SCTP stream reset extension defined in [RFC6525] can be used with
DTLS encapsulation. It is used to reset streams and add streams
during the lifetime of the SCTP association.
5.7. Interleaving of Large User Message
SCTP as defined in [RFC4960] does not support the interleaving of
large user messages that need to be fragmented and reassembled by the
SCTP layer. The protocol extension defined in
[I-D.stewart-tsvwg-sctp-ndata] overcomes this limitation can can be
used with DTLS encapsulation.
Jesup, et al. Expires January 16, 2014 [Page 4]
Internet-Draft SCTP over DTLS July 2013
6. IANA Considerations
This document requires no actions from IANA.
7. Security Considerations
Security considerations for DTLS are specified in [RFC6347] and for
SCTP in [RFC4960], [RFC3758], and [RFC6525]. The combination of SCTP
and DTLS introduces no new security considerations.
8. Acknowledgments
The authors wish to thank Gorry Fairhurst for his invaluable
comments.
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P.
Conrad, "Stream Control Transmission Protocol (SCTP)
Partial Reliability Extension", RFC 3758, May 2004.
[RFC4820] Tuexen, M., Stewart, R., and P. Lei, "Padding Chunk and
Parameter for the Stream Control Transmission Protocol
(SCTP)", RFC 4820, March 2007.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, March 2007.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC
4960, September 2007.
[RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M.
Kozuka, "Stream Control Transmission Protocol (SCTP)
Dynamic Address Reconfiguration", RFC 5061, September
2007.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, January 2012.
[RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport
Layer Security (TLS) and Datagram Transport Layer Security
(DTLS) Heartbeat Extension", RFC 6520, February 2012.
Jesup, et al. Expires January 16, 2014 [Page 5]
Internet-Draft SCTP over DTLS July 2013
[RFC6525] Stewart, R., Tuexen, M., and P. Lei, "Stream Control
Transmission Protocol (SCTP) Stream Reconfiguration", RFC
6525, February 2012.
[I-D.stewart-tsvwg-sctp-ndata]
Stewart, R., Tuexen, M., and S. Loreto, "A New Data Chunk
for Stream Control Transmission Protocol", draft-stewart-
tsvwg-sctp-ndata-01 (work in progress), February 2013.
9.2. Informative References
[RFC4895] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla,
"Authenticated Chunks for the Stream Control Transmission
Protocol (SCTP)", RFC 4895, August 2007.
[I-D.ietf-rtcweb-overview]
Alvestrand, H., "Overview: Real Time Protocols for Brower-
based Applications", draft-ietf-rtcweb-overview-06 (work
in progress), February 2013.
[I-D.ietf-rtcweb-data-channel]
Jesup, R., Loreto, S., and M. Tuexen, "RTCWeb Data
Channels", draft-ietf-rtcweb-data-channel-04 (work in
progress), February 2013.
Authors' Addresses
Randell Jesup
WorldGate Communications
3800 Horizon Blvd, Suite #103
Trevose, PA 19053-4947
US
Phone: +1-215-354-5166
Email: randell_ietf@jesup.org
Salvatore Loreto
Ericsson
Hirsalantie 11
Jorvas 02420
FI
Email: Salvatore.Loreto@ericsson.com
Jesup, et al. Expires January 16, 2014 [Page 6]
Internet-Draft SCTP over DTLS July 2013
Randall R. Stewart
Adara Networks
Chapin, SC 29036
US
Email: randall@lakerest.net
Michael Tuexen
Muenster University of Applied Sciences
Stegerwaldstrasse 39
48565 Steinfurt
DE
Email: tuexen@fh-muenster.de
Jesup, et al. Expires January 16, 2014 [Page 7]