idnits 2.17.1 draft-tuexen-tsvwg-tls-over-sctp-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-20) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC2960], [RFC2246]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 22, 2001) is 8338 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'SCTPEXT' ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 2246 (Obsoleted by RFC 4346) ** Obsolete normative reference: RFC 2960 (Obsoleted by RFC 4960) Summary: 8 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Tuexen 3 INTERNET DRAFT Siemens AG 4 A. Jungmaier 5 University of Essen 6 Expires December 22, 2001 June 22, 2001 8 TLS over SCTP 9 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with all 14 provisions of Section 10 of [RFC2026]. 16 Internet-Drafts are working documents of the Internet Engineering Task 17 Force (IETF), its areas, and its working groups. Note that other groups 18 may also distribute working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet Drafts as reference material 23 or to cite them other than as "work in progress." 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 Abstract 33 This document describes the usage of the Transport Layer Security (TLS) 34 protocol, as defined in [RFC2246], over the Stream Control Transmission 35 Protocol (SCTP), as defined in [RFC2960]. 37 The user of TLS can take advantage of the following features provided by 38 SCTP: 40 - Support of multiple streams to avoid head of line blocking. 42 - Support of multi-homing to provide network level fault 43 tolerance. 45 - Support of dynamic reconfiguration of IP-addresses. 47 1. Introduction 49 1.1. Overview 51 This document describes the usage of the Transport Layer Security (TLS) 52 protocol, as defined in [RFC2246], over the Stream Control Transmission 53 Protocol (SCTP), as defined in [RFC2960]. 55 TLS is designed to run on top of a byte-stream oriented transport 56 protocol providing a reliable, in-sequence delivery. Thus, TLS is 57 currently mainly being used on top of the Transmission Control Protocol 58 (TCP), as defined in [RFC793]. 60 Comparing TCP and SCTP, the latter provides additional features and this 61 document shows how TLS should be used with SCTP to provide some of these 62 additional features to the TLS user. 64 This document defines 66 - how to use the multiple streams feature of SCTP. 68 - how to handle the message oriented nature of SCTP. 70 It should be noted that the TLS user can take advantage of the multi- 71 homing support of SCTP. The dynamic reconfiguration of IP-addresses as 72 described in [SCTPEXT] can also be used with the described solution. 74 The method described in this document does not require any changes of 75 TLS or SCTP. It is only required that SCTP implementations support the 76 optional feature of fragmentation of SCTP user messages. 78 1.2. Terminology 80 This document uses the following terms: 82 Association: 83 A SCTP association. 85 Connection: 86 A TLS connection. 88 Session: 89 A TLS session. 91 Stream: 92 An unidirectional stream of a SCTP association. It is uniquely 93 identified by a stream identifier. 95 1.3. Abbreviations 97 MTU: Maximum Transmission Unit 99 SCTP: Stream Control Transmission Protocol 101 TCP: Transmission Control Protocol 103 TLS: Transport Layer Security 105 2. Conventions 107 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD. SHOULD 108 NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when they appear 109 in this document, are to be interpreted as described in [RFC2119]. 111 3. SCTP Requirements 113 3.1. Number of Inbound and Outbound Streams 115 When establishing associations used by TLS, the SCTP user MUST request 116 an identical number of inbound and outbound streams from the SCTP layer. 117 This rule makes sure that the association will have the same number of 118 streams in both directions. A pair consisting of two streams with the 119 same stream identifier is considered and used as one bi-directional 120 stream. 122 Thus an SCTP association can be considered as a set of bi-directional 123 streams. 125 3.2. Fragmentation of User Messages 127 To avoid the knowledge and handling of the MTU inside TLS, SCTP MUST 128 provide fragmentation of user messages, which is an optional feature of 129 [RFC2960]. Since SCTP is a message oriented protocol, it must be able 130 to transmit all TLS records as SCTP user messages. Thus the supported 131 maximum length of SCTP user messages MUST be at least 2^14 + 2048 + 5 = 132 18437 bytes, which is the maximum length of a TLSCiphertext, as defined 133 in [RFC2246]. 135 Therefore, SCTP takes care of fragmenting and reassembling the TLS 136 records in order to avoid IP-fragmentation. 138 4. Connections and Bi-directional Streams 140 TLS makes use of multiple bi-directional streams by establishing a 141 connection over each bi-directional stream. This means that the number 142 of connections for an association is limited by the number of bi- 143 directional streams. 145 The TLS handshake protocol is used on each bi-directional stream 146 separately. Each handshake can be 148 - a full handshake or 150 - an abbreviated handshake that resumes a TLS session with a 151 session id from another connection (on the same or another 152 association). 154 After completing the handshake for a connection, the bi-directional 155 stream can be used for TLS-based user data transmission. It should also 156 be noted that the handshakes for the different connections are 157 independent and can be delayed until the bi-directional stream is used 158 for user data transmission. 160 5. Examples 162 In these examples we consider the case of an association with two bi- 163 directional streams. 165 5.1. Two Bi-directional Streams with Full Handshake 167 Just after the association has been established the client sends two 168 ClientHello messages on the bi-directional streams 0 and 1. After a 169 full handshake has been completed on each bi-directional stream, TLS- 170 based user data transmission can take place. It is possible that on the 171 bi-directional stream 0 the handshake has been completed, and user data 172 transmission is ongoing, while on the bi-directional stream 1 the 173 handshake has not been completed, or vice versa. 175 5.2. Two Bi-directional Streams with an Abbreviated Handshake 177 After establishing the association, the client starts a full handshake 178 on the bi-directional stream 0. The server provides a session 179 identifier which allows session resumption. After the full handshake 180 has been completed, the client initiates an abbreviated handshake on the 181 bi-directional stream 1 using the session identifier from the handshake 182 on the bi-directional stream 0. User data can be transmitted on the bi- 183 directional stream 0, but not on the bi-directional stream stream 1 in 184 that state. After completion of the abbreviated handshake on the bi- 185 directional stream 1, user data can be transmitted on both streams. 187 Whether or not to use abbreviated handshakes during the setup phase of a 188 TLS connection over an SCTP association depends on several factors: 190 - the complexity and duration of the initial handshake 191 processing (also determined by the number of connections), 193 - the network performance (round-trip times, bandwidth). 195 Abbreviated handshakes can reduce computational complexity of the 196 handshake considerably, in case that this is a limiting resource. If a 197 large number of connections need to be established, it may be of 198 advantage to use the TLS session resumption feature. On the other hand, 199 before an abbreviated handshakes can take place, a full handshake needs 200 to have completed. In networks with large round-trip time delays, it may 201 be favorable to perform a number of full handshakes in parallel. 202 Therefore, both possibilities are allowed. 204 5.3. Two Bi-directional Streams with a Delayed Abbreviated Handshake 206 This example resembles the last one, but after the completion of the 207 full handshake on the bi-directional stream 0, the abbreviated handshake 208 on the bi-directional stream 1 is not started immediately. The bi- 209 directional stream 0 can be used for user data transmission. It is only 210 when the user also wants to transmit data on the bi-directional stream 1 211 that the abbreviated handshake for the bi-directional stream 1 is 212 initiated. 214 This allows the user of TLS to request a large number of bi-directional 215 streams without having to provide all the resources at association 216 start-up if not all bi-directional streams are used right from the 217 beginning. 219 5.4. Two Bi-directional Streams without Full Handshakes 221 This example is like the second or third one, but an abbreviated 222 handshake is used for both bi-directional streams. This requires the 223 existence of a valid session identifier from connections handled by 224 another association. 226 6. Security Considerations 228 Using TLS on top of SCTP does not provide any new security issues beside 229 the ones discussed in [RFC2246] and [RFC2960]. 231 7. Acknowledgements 233 The authors would like to thank P. Calhoun, E. Rescorla, J. Wood and 234 many others for their invaluable comments and suggestions. 236 8. References 238 [SCTPEXT] R. R. Stewart, Q. Xie, M. Tuexen, I. Rytina, "SCTP 239 Extensions for Dynamic Reconfiguration of IP Addresses and 240 Enforcement of Flow and Message Limits", , February 2001. 243 [RFC793] J. Postel (ed.), "Transmission Control Protocol", STP 7, RFC 244 793, September 1981. 246 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 247 Requirement Levels", BCP 14, RFC 2119, March 1997. 249 [RFC2026] S. Bradner, "The Internet Standards Process -- Revision 3", 250 RFC 2026, October 1996. 252 [RFC2246] T. Diercks, C. Allen, "The TLS Protocol Version 1.0", RFC 253 2246, January 1999. 255 [RFC2960] R. R. Stewart et al., "Stream Control Transmission 256 Protocol", RFC 2960, November 2000. 258 9. Authors' Addresses 260 Michael Tuexen Tel.: +49 89 722 47210 261 Siemens AG e-mail: Michael.Tuexen@icn.siemens.de 262 ICN WN CS SE 5 263 D-81359 Munich 264 Germany 266 Andreas Jungmaier Tel.: +49 201 1837636 267 University of Essen e-mail: ajung@exp-math.uni-essen.de 268 Networking Technology Group at the IEM 269 Ellernstrasse 29 270 D-45326 Essen 271 Germany 273 This Internet Draft expires December 22, 2001.