[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-phelan-dccp-dtls) 00 01 02 03 04 05 06 RFC 5238

INTERNET-DRAFT              DTLS over DCCP                    May 2007

   DTLS over DCCP
   Internet Draft                                             T. Phelan
   Document: draft-ietf-dccp-dtls-00.txt                 Sonus Networks
   Expires: November 2007                                      May 2007
   Intended status: Proposed Standard


        Datagram Transport Layer Security (DTLS) over the Datagram
                    Congestion Control Protocol (DCCP)


   Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 30, 2007.


   Abstract

   This document describes the use of Datagram Transport Layer Security
   (DTLS) over the Datagram Congestion Control Protocol (DCCP).











Phelan                 Expires - November 2007               [Page 1]

INTERNET-DRAFT              DTLS over DCCP                    May 2007


   Table of Contents

   1. Introduction...................................................3
   2. Terminology....................................................3
   3. DTLS over DCCP.................................................3
      3.1 DCCP and DTLS Sequence Numbers.............................3
      3.2 DCCP and DTLS Connection Handshakes........................4
      3.3 PMTU Discovery.............................................4
      3.4 DCCP Service Codes.........................................4
      3.5 New Versions of DTLS.......................................4
   4. Security Considerations........................................5
   5. IANA Considerations............................................5
   6. Normative References...........................................5
   7. Author's Address...............................................5





































Phelan                 Expires - November 2007               [Page 2]

INTERNET-DRAFT              DTLS over DCCP                    May 2007




1.        Introduction

   This document describes how to use Datagram Transport Layer Security
   (DTLS), as defined in [RFC4347], over the Datagram Congestion Control
   Protocol (DCCP), as defined in [RFC4340].

   DTLS is an extension of Transport Layer Security (TLS, [RFC4346])
   that modifies TLS for use with the unreliable transport protocol UDP.
   TLS is a protocol that allows client/server applications to
   communicate in a way that is designed to prevent eavesdropping,
   tampering and message forgery.  DTLS can be viewed as TLS-plus-
   adaptations-for-unreliability.

   DCCP provides an unreliable transport service, similar to UDP, but
   with adaptive congestion control, similar to TCP and SCTP.  DCCP can
   be viewed equally well as either UDP-plus-congestion-control or TCP-
   minus-reliability (although, unlike TCP, DCCP offers multiple
   congestion control algorithms).

   The combination of DTLS and DCCP will offer transport security
   capabilities to DCCP users similar to those available for TCP, UDP
   and SCTP.

2.        Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.        DTLS over DCCP

   The approach here is very straightforward -- DTLS records are
   transmitted in the Application Data fields of DCCP-Data and DCCP-
   DataAck packets.  Multiple DTLS records MAY be sent in one DCCP-Data
   packet, as long as the resulting packet is within the Path Maximum
   Transfer Unit (PMTU) currently in force (see section 3.3 for more
   information on PMTU Discovery).  A single DTLS record MUST be fully
   contained in a single DCCP packet; it MUST NOT be split over multiple
   packets.

3.1         DCCP and DTLS Sequence Numbers

   Both DCCP and DTLS use sequence numbers in their packets/records.
   These sequence numbers serve somewhat, but not completely,
   overlapping functions.  Consequently, there is no connection between
   the sequence number of a DCCP packet and the sequence number in a
   DTLS record contained in that packet.


Phelan                 Expires - November 2007               [Page 3]

INTERNET-DRAFT              DTLS over DCCP                    May 2007

3.2         DCCP and DTLS Connection Handshakes

   Unlike UDP, DCCP is connection-oriented, and has a connection
   handshake procedure that precedes the transmission of DCCP-Data
   packets.  DTLS is also connection-oriented, and has a handshake
   procedure of its own that must precede the transmission of actual
   application information.  Using the rule above of mapping DTLS
   records to DCCP-Data packets, the two handshakes must happen in
   series, with the DCCP handshake first, followed by the DTLS
   handshake.

   However, the DCCP handshake packets DCCP-Request and DCCP-Response
   have Application Data fields and can carry user data during the DCCP
   handshake.  DTLS implementations MAY choose to transmit the
   ClientHello message in DCCP-Request packets and the
   HelloVerifyRequest message DCCP-Response packets.

   Subsequent DTLS handshake messages, and retransmissions of the
   ClientHello message, if necessary, must wait for the completion of
   the DCCP handshake.

3.3         PMTU Discovery

   Each DTLS record must fit within a single DCCP-Data packet.  DCCP
   packets are normally transmitted with the DF (Don't Fragment) bit set
   for IPv4, and of course all IPv6 packets are unfragmentable.  Because
   of this, DCCP performs Path Maximum Transmission Unit (PMTU)
   Discovery.  In determining the maximum size for DTLS records, a DTLS
   over DCCP implementation SHOULD use the DCCP-managed value for PMTU.
   A DTLS over DCCP implementation MAY choose to use its own PMTU
   Discovery calculations, as described in [RFC4347], but MUST NOT use a
   value greater the value determined by DCCP.

3.4         DCCP Service Codes

   The DCCP connection handshake includes a field called Service Code
   that is intended to describe "the application-level service to which
   the client application wants to connect".  Further, "Service Codes
   are intended to provide information about which application protocol
   a connection intends to use, thus aiding middleboxes and reducing
   reliance on globally well-known ports" [RFC4340].  It is expected
   that many middleboxes will give different privileges to applications
   running DTLS over DCCP versus just DCCP.  Therefore, applications
   that use DTLS over DCCP sometimes and just DCCP other times MUST
   register and use different Service Codes for each mode of operation.

3.5         New Versions of DTLS

   As DTLS matures, revisions to and updates for [RFC4347] can be
   expected.  DTLS includes mechanisms for identifying the version in
   use and presumably future versions will either include backward

Phelan                 Expires - November 2007               [Page 4]

INTERNET-DRAFT              DTLS over DCCP                    May 2007

   compatibility modes or at least not allow connections between
   dissimilar versions.  Since DTLS over DCCP simply encapsulates the
   DTLS records transparently, these changes should not affect this
   document and the methods of this document should apply to future
   versions of DTLS.

   Therefore, in the absence of a revision to this document, it is
   assumed to apply to all future versions of DTLS.  This document will
   only be revised if a revision to DTLS makes a revision to the
   encapsulation necessary.

4.        Security Considerations

   Security considerations for DTLS are described in [RFC4347] and for
   DCCP in [RFC4340].  The combination of DTLS and DCCP introduces no
   new security considerations.

5.        IANA Considerations

   There are no IANA actions required for this document.

6.        Normative References

   [RFC4347]   Rescorla, E., "Datagram Transport Layer Security", RFC
               4347, April 2006.

   [RFC4340]   Kohler, E., Handley, M., Floyd, S., "Datagram Congestion
               Control Protocol (DCCP)", RFC 4340, March 2006.

   [RFC4346]   Dierks, T. and E. Rescorla, "The Transport Layer Security
               (TLS) Protocol Version 1.1", RFC 4346, April 2006.

   [RFC2119]   Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", RFC 2119, March 1997.

7.        Author's Address

   Tom Phelan
   Sonus Networks
   7 Technology Park Dr.
   Westford, MA USA 01886
   Phone: 978-614-8456
   Email: tphelan@sonusnet.com









Phelan                 Expires - November 2007               [Page 5]

INTERNET-DRAFT              DTLS over DCCP                    May 2007

   Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.


   Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


   Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.


   Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



Phelan                 Expires - November 2007               [Page 6]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/