| < draft-ietf-tls-dtls-rrc-01.txt | draft-ietf-tls-dtls-rrc-02.txt > | |||
|---|---|---|---|---|
| TLS H. Tschofenig, Ed. | TLS H. Tschofenig, Ed. | |||
| Internet-Draft T. Fossati | Internet-Draft T. Fossati | |||
| Updates: 6347 (if approved) Arm Limited | Updates: 6347 (if approved) Arm Limited | |||
| Intended status: Standards Track 25 October 2021 | Intended status: Standards Track 26 November 2021 | |||
| Expires: 28 April 2022 | Expires: 30 May 2022 | |||
| Return Routability Check for DTLS 1.2 and DTLS 1.3 | Return Routability Check for DTLS 1.2 and DTLS 1.3 | |||
| draft-ietf-tls-dtls-rrc-01 | draft-ietf-tls-dtls-rrc-02 | |||
| Abstract | Abstract | |||
| This document specifies a return routability check for use in context | This document specifies a return routability check for use in context | |||
| of the Connection ID (CID) construct for the Datagram Transport Layer | of the Connection ID (CID) construct for the Datagram Transport Layer | |||
| Security (DTLS) protocol versions 1.2 and 1.3. | Security (DTLS) protocol versions 1.2 and 1.3. | |||
| Discussion Venues | Discussion Venues | |||
| This note is to be removed before publishing as an RFC. | This note is to be removed before publishing as an RFC. | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 28 April 2022. | This Internet-Draft will expire on 30 May 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Simplified BSD License text | extracted from this document must include Revised BSD License text as | |||
| as described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Simplified BSD License. | provided without warranty as described in the Revised BSD License. | |||
| This document may contain material from IETF Documents or IETF | This document may contain material from IETF Documents or IETF | |||
| Contributions published or made publicly available before November | Contributions published or made publicly available before November | |||
| 10, 2008. The person(s) controlling the copyright in some of this | 10, 2008. The person(s) controlling the copyright in some of this | |||
| material may not have granted the IETF Trust the right to allow | material may not have granted the IETF Trust the right to allow | |||
| modifications of such material outside the IETF Standards Process. | modifications of such material outside the IETF Standards Process. | |||
| Without obtaining an adequate license from the person(s) controlling | Without obtaining an adequate license from the person(s) controlling | |||
| the copyright in such materials, this document may not be modified | the copyright in such materials, this document may not be modified | |||
| outside the IETF Standards Process, and derivative works of it may | outside the IETF Standards Process, and derivative works of it may | |||
| not be created outside the IETF Standards Process, except to format | not be created outside the IETF Standards Process, except to format | |||
| skipping to change at page 3, line 46 ¶ | skipping to change at page 3, line 46 ¶ | |||
| BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| This document assumes familiarity with the CID format and protocol | This document assumes familiarity with the CID format and protocol | |||
| defined for DTLS 1.2 [I-D.ietf-tls-dtls-connection-id] and for DTLS | defined for DTLS 1.2 [I-D.ietf-tls-dtls-connection-id] and for DTLS | |||
| 1.3 [I-D.ietf-tls-dtls13]. The presentation language used in this | 1.3 [I-D.ietf-tls-dtls13]. The presentation language used in this | |||
| document is described in Section 4 of [RFC8446]. | document is described in Section 4 of [RFC8446]. | |||
| 3. RRC Extension | 3. RRC Extension | |||
| This specification uses the tls_flags extension defined in | The use of RRC is negotiated via the rrc DTLS-only extension. On | |||
| [I-D.ietf-tls-tlsflags] to allow a client and a server to negotiate | connecting, the client includes the rrc extension in its ClientHello | |||
| support for this extension. | if it wishes to use RRC. If the server is capable of meeting this | |||
| requirement, it responds with a rrc extension in its ServerHello. | ||||
| The extension_type value for this extension is TBD1 and the | ||||
| extension_data field of this extension is empty. The client and | ||||
| server MUST NOT use RRC unless both sides have successfully exchanged | ||||
| rrc extensions. | ||||
| The RRC flag is assigned the value (TBD1) and is used in the | Note that the RRC extension applies to both DTLS 1.2 and DTLS 1.3. | |||
| ClientHello (CH) and the ServerHello (SH). | ||||
| 4. The Return Routability Check Message | 4. The Return Routability Check Message | |||
| When a record with CID is received that has the source address of the | When a record with CID is received that has the source address of the | |||
| enclosing UDP datagram different from the one previously associated | enclosing UDP datagram different from the one previously associated | |||
| with that CID, the receiver MUST NOT update its view of the peer's IP | with that CID, the receiver MUST NOT update its view of the peer's IP | |||
| address and port number with the source specified in the UDP datagram | address and port number with the source specified in the UDP datagram | |||
| before cryptographically validating the enclosed record(s) but | before cryptographically validating the enclosed record(s) but | |||
| instead perform a return routability check. | instead perform a return routability check. | |||
| enum { | enum { | |||
| invalid(0), | invalid(0), | |||
| change_cipher_spec(20), | change_cipher_spec(20), | |||
| alert(21), | alert(21), | |||
| handshake(22), | handshake(22), | |||
| application_data(23), | application_data(23), | |||
| heartbeat(24), /* RFC 6520 */ | heartbeat(24), /* RFC 6520 */ | |||
| return_routability_check(TBD), /* NEW */ | return_routability_check(TBD2), /* NEW */ | |||
| (255) | (255) | |||
| } ContentType; | } ContentType; | |||
| uint64 Cookie; | uint64 Cookie; | |||
| enum { | enum { | |||
| path_challenge(0), | path_challenge(0), | |||
| path_response(1), | path_response(1), | |||
| reserved(2..255) | reserved(2..255) | |||
| } rrc_msg_type; | } rrc_msg_type; | |||
| skipping to change at page 6, line 10 ¶ | skipping to change at page 6, line 10 ¶ | |||
| 5. Example | 5. Example | |||
| The example TLS 1.3 handshake shown in Figure 1 shows a client and a | The example TLS 1.3 handshake shown in Figure 1 shows a client and a | |||
| server negotiating the support for CID and for the RRC extension. | server negotiating the support for CID and for the RRC extension. | |||
| Client Server | Client Server | |||
| Key ^ ClientHello | Key ^ ClientHello | |||
| Exch | + key_share | Exch | + key_share | |||
| | + signature_algorithms | | + signature_algorithms | |||
| | + tls_flags (RRC) | | + rrc | |||
| v + connection_id=empty | v + connection_id=empty | |||
| --------> | --------> | |||
| ServerHello ^ Key | ServerHello ^ Key | |||
| + key_share | Exch | + key_share | Exch | |||
| + connection_id=100 | | + connection_id=100 | | |||
| + tls_flags (RRC) v | + rrc v | |||
| {EncryptedExtensions} ^ Server | {EncryptedExtensions} ^ Server | |||
| {CertificateRequest} v Params | {CertificateRequest} v Params | |||
| {Certificate} ^ | {Certificate} ^ | |||
| {CertificateVerify} | Auth | {CertificateVerify} | Auth | |||
| <-------- {Finished} v | <-------- {Finished} v | |||
| ^ {Certificate} | ^ {Certificate} | |||
| Auth | {CertificateVerify} | Auth | {CertificateVerify} | |||
| v {Finished} --------> | v {Finished} --------> | |||
| [Application Data] <-------> [Application Data] | [Application Data] <-------> [Application Data] | |||
| skipping to change at page 8, line 15 ¶ | skipping to change at page 8, line 15 ¶ | |||
| 6. Security and Privacy Considerations | 6. Security and Privacy Considerations | |||
| Note that the return routability checks do not protect against | Note that the return routability checks do not protect against | |||
| flooding of third-parties if the attacker is on-path, as the attacker | flooding of third-parties if the attacker is on-path, as the attacker | |||
| can redirect the return routability checks to the real peer (even if | can redirect the return routability checks to the real peer (even if | |||
| those datagrams are cryptographically authenticated). On-path | those datagrams are cryptographically authenticated). On-path | |||
| adversaries can, in general, pose a harm to connectivity. | adversaries can, in general, pose a harm to connectivity. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| IANA is requested to allocate an entry to the TLS "ContentType" | IANA is requested to allocate an entry to the TLS ContentType | |||
| registry, for the return_routability_check(TBD) defined in this | registry, for the return_routability_check(TBD2) defined in this | |||
| document. | document. The return_routability_check content type is only | |||
| applicable to DTLS 1.2 and 1.3. | ||||
| IANA is requested to allocate an entry to the TLS Flags registry in | ||||
| the tls_flags type: | ||||
| * Value: [[IANA please assign a value from the 32-63 value range.]] | ||||
| * Flag Name: RRC | ||||
| * Message: CH,SH | IANA is requested to allocate the extension code point (TBD1) for the | |||
| rrc extension to the TLS ExtensionType Values registry as described | ||||
| in Table 1. | ||||
| * Recommended: Y | +=======+===========+=====+===========+=============+===========+ | |||
| | Value | Extension | TLS | DTLS-Only | Recommended | Reference | | ||||
| | | Name | 1.3 | | | | | ||||
| +=======+===========+=====+===========+=============+===========+ | ||||
| | TBD1 | rrc | CH, | Y | N | RFC-THIS | | ||||
| | | | SH | | | | | ||||
| +-------+-----------+-----+-----------+-------------+-----------+ | ||||
| * Reference: [[This document]] | Table 1: rrc entry in the TLS ExtensionType Values registry | |||
| 8. Open Issues | 8. Open Issues | |||
| Issues against this document are tracked at https://github.com/tlswg/ | Issues against this document are tracked at https://github.com/tlswg/ | |||
| dtls-rrc/issues | dtls-rrc/issues | |||
| 9. Acknowledgments | 9. Acknowledgments | |||
| We would like to thank Achim Kraus, Hanno Becker, Hanno Boeck, Manuel | We would like to thank Achim Kraus, Hanno Becker, Hanno Boeck, Manuel | |||
| Pegourie-Gonnard, Mohit Sahni and Rich Salz for their input to this | Pegourie-Gonnard, Mohit Sahni and Rich Salz for their input to this | |||
| skipping to change at page 9, line 13 ¶ | skipping to change at page 9, line 13 ¶ | |||
| ietf-tls-dtls-connection-id-13>. | ietf-tls-dtls-connection-id-13>. | |||
| [I-D.ietf-tls-dtls13] | [I-D.ietf-tls-dtls13] | |||
| Rescorla, E., Tschofenig, H., and N. Modadugu, "The | Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
| Datagram Transport Layer Security (DTLS) Protocol Version | Datagram Transport Layer Security (DTLS) Protocol Version | |||
| 1.3", Work in Progress, Internet-Draft, draft-ietf-tls- | 1.3", Work in Progress, Internet-Draft, draft-ietf-tls- | |||
| dtls13-43, 30 April 2021, | dtls13-43, 30 April 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-tls- | <https://datatracker.ietf.org/doc/html/draft-ietf-tls- | |||
| dtls13-43>. | dtls13-43>. | |||
| [I-D.ietf-tls-tlsflags] | ||||
| Nir, Y., "A Flags Extension for TLS 1.3", Work in | ||||
| Progress, Internet-Draft, draft-ietf-tls-tlsflags-06, 13 | ||||
| July 2021, <https://datatracker.ietf.org/doc/html/draft- | ||||
| ietf-tls-tlsflags-06>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/rfc/rfc2119>. | <https://www.rfc-editor.org/rfc/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. | May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8446>. | <https://www.rfc-editor.org/rfc/rfc8446>. | |||
| Appendix A. History | Appendix A. History | |||
| RFC EDITOR: PLEASE REMOVE THE THIS SECTION | // RFC EDITOR: PLEASE REMOVE THIS SECTION | |||
| draft-ietf-tls-dtls-rrc-02 | ||||
| * Undo the TLS flags extension for negotiating RRC, use a new | ||||
| extension type | ||||
| draft-ietf-tls-dtls-rrc-01 | draft-ietf-tls-dtls-rrc-01 | |||
| * Use the TLS flags extension for negotiating RRC | * Use the TLS flags extension for negotiating RRC | |||
| * Enhanced IANA consideration section | * Enhanced IANA consideration section | |||
| * Expanded example section | * Expanded example section | |||
| * Revamp message layout: | * Revamp message layout: | |||
| End of changes. 15 change blocks. | ||||
| 35 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||