idnits 2.17.1 draft-phelan-dccp-dtls-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 17. -- Found old boilerplate from RFC 3978, Section 5.5 on line 230. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 207. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 214. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 220. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 2006) is 6402 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'RFC4347' on line 178 looks like a reference -- Missing reference section? 'RFC4340' on line 181 looks like a reference -- Missing reference section? 'RFC4346' on line 184 looks like a reference -- Missing reference section? 'RFC2119' on line 187 looks like a reference Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT DTLS over DCCP October 2006 4 DTLS over DCCP 5 Internet Draft T. Phelan 6 Document: draft-phelan-dccp-dtls-01.txt Sonus Networks 7 Expires: April 2006 October 2006 9 Datagram Transport Layer Security (DTLS) over the Datagram 10 Congestion Control Protocol (DCCP) 12 Status of this Memo 14 By submitting this Internet-Draft, each author represents that any 15 applicable patent or other IPR claims of which he or she is aware 16 have been or will be disclosed, and any of which he or she becomes 17 aware will be disclosed, in accordance with Section 6 of BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on December 19, 2006. 37 Copyright Notice 39 Copyright (C) The Internet Society (2006). 41 Abstract 43 This document describes the use of Datagram Transport Layer Security 44 (DTLS) over the Datagram Congestion Control Protocol (DCCP). 46 Table of Contents 48 1. Introduction...................................................3 49 2. Terminology....................................................3 50 3. DTLS over DCCP.................................................3 51 3.1 DCCP and DTLS Sequence Numbers.............................3 52 3.2 DCCP and DTLS Connection Handshakes........................4 53 3.3 PMTU Discovery.............................................4 54 3.4 DCCP Service Codes.........................................4 55 3.5 New Versions of DTLS.......................................4 56 4. Security Considerations........................................5 57 5. IANA Considerations............................................5 58 6. Normative References...........................................5 59 7. Author's Address...............................................5 60 1. Introduction 62 This document describes how to use Datagram Transport Layer Security 63 (DTLS), as defined in [RFC4347], over the Datagram Congestion Control 64 Protocol (DCCP), as defined in [RFC4340]. 66 DTLS is an extension of Transport Layer Security (TLS, [RFC4346]) 67 that modifies TLS for use with the unreliable transport protocol UDP. 68 TLS is a protocol that allows client/server applications to 69 communicate in a way that is designed to prevent eavesdropping, 70 tampering and message forgery. DTLS can be viewed as TLS-plus- 71 adaptations-for-unreliability. 73 DCCP provides an unreliable transport service, similar to UDP, but 74 with adaptive congestion control, similar to TCP and SCTP. DCCP can 75 be viewed equally well as either UDP-plus-congestion-control or TCP- 76 minus-reliability (although, unlike TCP, DCCP offers multiple 77 congestion control algorithms). 79 2. Terminology 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in [RFC2119]. 85 3. DTLS over DCCP 87 The approach here is very straightforward -- DTLS records are 88 transmitted in the Application Data fields of DCCP-Data packets. As 89 with any data from user applications, a DCCP implementation MAY 90 transparently choose to use DCCP-DataAck packets instead of DCCP-Data 91 packets. Multiple DTLS records MAY be sent in one DCCP-Data packet, 92 as long as the resulting packet is within the Path Maximum Transfer 93 Unit (PMTU) currently in force (see section 3.3 for more information 94 on PMTU Discovery). 96 3.1 DCCP and DTLS Sequence Numbers 98 Both DCCP and DTLS use sequence numbers in their packets/records. 99 These sequence numbers serve somewhat, but not completely, 100 overlapping functions. Consequently, there is no connection between 101 the sequence number of a DCCP packet and the sequence number in a 102 DTLS record contained in that packet. 104 3.2 DCCP and DTLS Connection Handshakes 106 Unlike UDP, DCCP is connection-oriented, and has a connection 107 handshake procedure that precedes the transmission of DCCP-Data 108 packets. DTLS is also connection-oriented, and has a handshake 109 procedure of its own that must precede the transmission of actual 110 application information. Using the rule above of mapping DTLS 111 records to DCCP-Data packets, the two handshakes must happen in 112 series, with the DCCP handshake first, followed by the DTLS 113 handshake. 115 However, the DCCP handshake packets DCCP-Request and DCCP-Response 116 have Application Data fields and can carry user data during the DCCP 117 handshake. DTLS implementations MAY choose to transmit the 118 ClientHello message in DCCP-Request packets and the 119 HelloVerifyRequest message DCCP-Response packets. 121 Subsequent DTLS handshake messages, and retransmissions of the 122 ClientHello message, if necessary, must wait for the completion of 123 the DCCP handshake. 125 3.3 PMTU Discovery 127 Each DTLS record must fit within a single DCCP-Data packet. DCCP 128 packets are normally transmitted with the DF (Don't Fragment) bit set 129 for IPv4, and of course all IPv6 packets are unfragmentable. Because 130 of this, DCCP performs Path Maximum Transmission Unit (PMTU) 131 Discovery. In determining the maximum size for DTLS records, a DTLS 132 over DCCP implementation SHOULD use the DCCP-managed value for PMTU. 133 A DTLS over DCCP implementation MAY choose to use its own PMTU 134 Discovery calculations, as described in [RFC4347], but MUST NOT use a 135 value greater the value determined by DCCP. 137 3.4 DCCP Service Codes 139 The DCCP connection handshake includes a field called Service Code 140 that is intended to describe "the application-level service to which 141 the client application wants to connect". Further, "Service Codes 142 are intended to provide information about which application protocol 143 a connection intends to use, thus aiding middleboxes and reducing 144 reliance on globally well-known ports" [RFC4340]. It is expected 145 that many middleboxes will give different privileges to applications 146 running DTLS over DCCP versus just DCCP. Therefore, applications 147 that use DTLS over DCCP sometimes and just DCCP other times MUST 148 register and use different Service Codes for each mode of operation. 150 3.5 New Versions of DTLS 152 As DTLS matures, revisions to and updates for [RFC4347] can be 153 expected. DTLS includes mechanisms for identifying the version in 154 use and presumably future versions will either include backward 155 compatibility modes or at least not allow connections between 156 dissimilar versions. Since DTLS over DCCP simply encapsulates the 157 DTLS records transparently, these changes should not affect this 158 document and the methods of this document should apply to future 159 versions of DTLS. 161 Therefore, in the absence of a revision to this document, it is 162 assumed to apply to all future versions of DTLS. This document will 163 only be revised if a revision to DTLS makes a revision to the 164 encapsulation necessary. 166 4. Security Considerations 168 Security considerations for DTLS are described in [RFC4347] and for 169 DCCP in [RFC4340]. The combination of DTLS and DCCP introduces no 170 new security considerations. 172 5. IANA Considerations 174 There are no IANA actions required for this document. 176 6. Normative References 178 [RFC4347] Rescorla, E., "Datagram Transport Layer Security", RFC 179 4347, April 2006. 181 [RFC4340] Kohler, E., Handley, M., Floyd, S., "Datagram Congestion 182 Control Protocol (DCCP)", RFC 4340, March 2006. 184 [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security 185 (TLS) Protocol Version 1.1", RFC 4346, April 2006. 187 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 188 Requirement Levels", RFC 2119, March 1997. 190 7. Author's Address 192 Tom Phelan 193 Sonus Networks 194 250 Apollo Dr. 195 Chelmsford, MA USA 01824 196 Phone: +1-978-614-8456 197 Email: tphelan@sonusnet.com 198 Intellectual Property Statement 200 The IETF takes no position regarding the validity or scope of any 201 Intellectual Property Rights or other rights that might be claimed to 202 pertain to the implementation or use of the technology described in 203 this document or the extent to which any license under such rights 204 might or might not be available; nor does it represent that it has 205 made any independent effort to identify any such rights. Information 206 on the procedures with respect to rights in RFC documents can be 207 found in BCP 78 and BCP 79. 209 Copies of IPR disclosures made to the IETF Secretariat and any 210 assurances of licenses to be made available, or the result of an 211 attempt made to obtain a general license or permission for the use of 212 such proprietary rights by implementers or users of this 213 specification can be obtained from the IETF on-line IPR repository at 214 http://www.ietf.org/ipr. 216 The IETF invites any interested party to bring to its attention any 217 copyrights, patents or patent applications, or other proprietary 218 rights that may cover technology that may be required to implement 219 this standard. Please address the information to the IETF at ietf- 220 ipr@ietf.org. 222 Disclaimer of Validity 224 This document and the information contained herein are provided on an 225 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 226 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 227 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 228 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 229 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 230 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 232 Copyright Statement 234 Copyright (C) The Internet Society (2006). This document is subject 235 to the rights, licenses and restrictions contained in BCP 78, and 236 except as set forth therein, the authors retain all their rights. 238 Acknowledgment 240 Funding for the RFC Editor function is currently provided by the 241 Internet Society.