[Docs] [txt|pdf] [Tracker] [WG] [Email] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 RFC 4895

Network Working Group                                          M. Tuexen
Internet-Draft                        Muenster Univ. of Applied Sciences
Expires: December 14, 2005                                    R. Stewart
                                                                  P. Lei
                                                     Cisco Systems, Inc.
                                                             E. Rescorla
                                                              RTFM, Inc.
                                                           June 12, 2005


  Authenticated Chunks for Stream Control Transmission Protocol (SCTP)
                   draft-ietf-tsvwg-sctp-auth-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on December 14, 2005.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes a new chunk type, several parameters and
   procedures for SCTP.  This new chunk type can be used to authenticate
   SCTP chunks by using a shared key between the sender and receiver.
   The new parameters are used to establish the shared key.



Tuexen, et al.          Expires December 14, 2005               [Page 1]

Internet-Draft          SCTP authentication chunk              June 2005


Table of Contents

   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.   Conventions  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.   New Parameter Types  . . . . . . . . . . . . . . . . . . . .   3
     3.1  Random Parameter (RANDOM)  . . . . . . . . . . . . . . . .   4
     3.2  Chunk List Parameter (CHUNKS)  . . . . . . . . . . . . . .   4
     3.3  Requested HMAC Algorithm Parameter (HMAC-ALGO) . . . . . .   5
   4.   New Error Cause  . . . . . . . . . . . . . . . . . . . . . .   6
     4.1  Unsupported HMAC Identifier error cause  . . . . . . . . .   7
   5.   New Chunk Type . . . . . . . . . . . . . . . . . . . . . . .   7
     5.1  Authentication Chunk (AUTH)  . . . . . . . . . . . . . . .   8
   6.   Procedures . . . . . . . . . . . . . . . . . . . . . . . . .   8
     6.1  Establishment of an association shared key . . . . . . . .   8
     6.2  Sending authenticated chunks . . . . . . . . . . . . . . .   9
     6.3  Receiving authenticated chunks . . . . . . . . . . . . . .  10
   7.   Examples . . . . . . . . . . . . . . . . . . . . . . . . . .  10
   8.   IANA Considerations  . . . . . . . . . . . . . . . . . . . .  11
   9.   Security Considerations  . . . . . . . . . . . . . . . . . .  11
   10.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . .  12
   11.  References . . . . . . . . . . . . . . . . . . . . . . . . .  12
     11.1   Normative References . . . . . . . . . . . . . . . . . .  12
     11.2   Informative References . . . . . . . . . . . . . . . . .  13
        Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  13
        Intellectual Property and Copyright Statements . . . . . . .  14


























Tuexen, et al.          Expires December 14, 2005               [Page 2]

Internet-Draft          SCTP authentication chunk              June 2005


1.  Introduction

   SCTP uses 32 bit verification tags to protect itself against blind
   attackers.  These values are not changed during the lifetime of an
   SCTP association.

   Looking at new SCTP extensions there is the need to have a method of
   proving that an SCTP chunk(s) was really sent by the original peer
   that started the association and not by a malicious attacker.

   Using TLS as defined in RFC3436 [6] does not help here because it
   only secures SCTP user data.

   Therefore an SCTP extension is presented in this document which
   allows an SCTP sender to sign chunks using a shared key between the
   sender and receiver.  The receiver can then verify, that the chunks
   are sent from the sender and not from a malicious attacker.

   This extension also provides a mechanism for deriving a shared key
   for each association.  This association shared key is derived from a
   endpoint pair shared key, which is  preconfigured and might be empty.

2.  Conventions

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when
   they appear in this document, are to be interpreted as described in
   RFC2119 [4].

3.  New Parameter Types

   This section defines the new parameter types that will be used to
   negotiate the authentication during association setup.  Figure 1
   illustrates the new parameter types.

   Parameter Type  Parameter Name
   --------------------------------------------------------------
   0x8002          Random Parameter (RANDOM)
   0x8003          Chunk List Parameter (CHUNKS)
   0x8004          Requested HMAC Algorithm Parameter (HMAC-ALGO)

                                 Figure 1

   It should be noted that the parameter format requires the receiver to
   ignore the parameter and continue processing if it is not understood.
   This is accomplished as described in RFC2960 [5] section 3.2.1. by
   the use of the upper bit of the parameter type.




Tuexen, et al.          Expires December 14, 2005               [Page 3]

Internet-Draft          SCTP authentication chunk              June 2005


3.1  Random Parameter (RANDOM)

   This parameter is used to carry an arbitrary length random number.


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Parameter Type = 0x8002   |       Parameter Length        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   \                          Random Number                        /
   /                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 2

   Parameter Type: 2 bytes (unsigned integer) This value MUST be set to
      0x8002.

   Parameter Length: 2 bytes (unsigned integer) This value is the length
      of the Random Number plus 4.

   Random Number: n bytes (unsigned integer) This value represents an
      arbitrary Random Number in network byte order.

   The RANDOM parameter MUST be included once in the INIT or INIT-ACK
   chunk if the sender wants to send or receive authenticated chunks.

3.2  Chunk List Parameter (CHUNKS)

   This parameter is used to specify which chunk types are required to
   be sent authenticated by the peer.


















Tuexen, et al.          Expires December 14, 2005               [Page 4]

Internet-Draft          SCTP authentication chunk              June 2005


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Parameter Type = 0x8003   |       Parameter Length        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Chunk Type 1  | Chunk Type 2  | Chunk Type 4  | Chunk Type 4  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   \                              ...                              \
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Chunk Type n  |                   Padding                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 3

   Parameter Type: 2 bytes (unsigned integer) This value MUST be set to
      0x8003.

   Parameter Length: 2 bytes (unsigned integer) This value is the number
      of listed Chunk Types plus 4.

   Chunk Type n: 1 byte (unsigned integer) Each Chunk Type listed is
      required to be authenticated when sent by the peer.

   The CHUNKS parameter MUST be included once in the INIT or INIT-ACK
   chunk if the sender wants to receive authenticated chunks.  Its
   maximum length is 260 bytes.

   The chunk types for INIT, INIT-ACK, COOKIE-ECHO, COOKIE-ACK,
   SHUTDOWN-COMPLETE and AUTH chunks MUST not be listed in the CHUNKS
   parameter.  However, if a CHUNKS parameter is received then the types
   for INIT, INIT-ACK, COOKIE-ECHO, COOKIE-ACK, SHUTDOWN-COMPLETE and
   AUTH chunks MUST be ignored.

3.3  Requested HMAC Algorithm Parameter (HMAC-ALGO)

   This parameter is used to list the HMAC identifiers the peer has to
   use.












Tuexen, et al.          Expires December 14, 2005               [Page 5]

Internet-Draft          SCTP authentication chunk              June 2005


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Parameter Type = 0x8004   |       Parameter Length        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       HMAC Identifier 1                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       HMAC Identifier 2                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   \                              ...                              \
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       HMAC Identifier n                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 4

   Parameter Type: 2 bytes (unsigned integer) This value MUST be set to
      0x8004.

   Parameter Length: 2 bytes (unsigned integer) This value is the length
      of the number of HMAC identifiers times 4 plus 4.

   HMAC Identifier n: 4 bytes (unsigned integer) The values is a a
      requested HMAC Identifier.

   The HMAC-ALGO parameter MUST be included once in the INIT or INIT-ACK
   chunk if the sender wants to send or receive authenticated chunks.

   The following Figure 5 shows the currently defined values for HMAC
   identifiers.

   HMAC Identifier  Message Digest Algorithm
   ---------------------------------------------------------------
   0                Reserved
   1                SHA-1 defined in [10]
   2                MD-5 defined in [1]

                                 Figure 5

   Every endpoint supporting SCTP chunk authentication MUST support the
   HMAC based on the SHA-1 algorithm.

4.  New Error Cause

   This section defines a new error cause that will be sent if an AUTH
   chunk is received with an unsupported HMAC identifier.  Figure 6



Tuexen, et al.          Expires December 14, 2005               [Page 6]

Internet-Draft          SCTP authentication chunk              June 2005


   illustrates the new error cause.

   Cause Code      Error Cause Name
   --------------------------------------------------------------
   0x0105          Unsupported HMAC Identifier

                                 Figure 6


4.1  Unsupported HMAC Identifier error cause

   This error cause is used to indicate that an AUTH chunk was received
   with an unsupported HMAC Identifier.


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Cause Code = 0x0105      |       Cause Length = 8        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        HMAC Identifier                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 7

   Cause Code: 2 bytes (unsigned integer) This value MUST be set to
      0x0105.

   Cause Length: 2 bytes (unsigned integer) This value MUST be set to 8.

   HMAC Identifier: 4 bytes (unsigned integer) This value is the HMAC
      Identifier which is not supported.


5.  New Chunk Type

   This section defines the new chunk type that will be used to
   authenticate chunks.  Figure 8 illustrates the new chunk type.

   Chunk Type  Chunk Name
   --------------------------------------------------------------
   0x83        Authentication Chunk (AUTH)

                                 Figure 8

   It should be noted that the AUTH-chunk format requires the receiver
   to ignore the chunk if it is not understood and silently discard all
   chunks that follow.  This is accomplished as described in RFC2960 [5]



Tuexen, et al.          Expires December 14, 2005               [Page 7]

Internet-Draft          SCTP authentication chunk              June 2005


   section 3.2. by the use of the upper bit of the chunk type.

5.1  Authentication Chunk (AUTH)

   This chunk is used to hold the result of the HMAC calculation.


    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type = 0x83   |   Flags=0     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       HMAC Identifier                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   \                             HMAC                              /
   /                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 9

   Type: 1 byte (unsigned integer) This value MUST be set to 0x83 for
      all AUTH-chunks.

   Flags: 1 byte (unsigned integer) Set to zero on transmit and ignored
      on receipt.

   Length: 2 bytes (unsigned integer) This value holds the length of the
      HMAC plus 8.

   HMAC Identifier: 4 bytes (unsigned integer) This value describes
      which message digest is being used.  Figure 5 shows the currently
      defined values.

   HMAC: n bytes (unsigned integer) This hold the result of the HMAC
      calculation.

   The control chunk AUTH can appear at most once in an SCTP packet.
   All control and data chunks which are placed after the AUTH chunk in
   the packet are sent in an authenticated way.  Those chunks placed in
   a packet before the AUTH chunk are not authenticated.

6.  Procedures

6.1  Establishment of an association shared key

   An SCTP endpoint willing to receive or send authenticated chunks has
   to send one RANDOM parameter in its INIT or INIT-ACK chunk.  The



Tuexen, et al.          Expires December 14, 2005               [Page 8]

Internet-Draft          SCTP authentication chunk              June 2005


   RANDOM parameter SHOULD contain a 32 byte random number.  This random
   number is handled like the verification tag in case of INIT
   collisions.  Therefore each endpoint knows its own random number and
   the peers random number after the association has been established.

   An SCTP endpoint has a list of chunks it only accepts if they are
   received in an authenticated way.  This list is included in the INIT
   and INIT-ACK and MAY be omitted if it is empty.  Since this list is
   for an endpoint there is no problem in case of INIT collision.

   Each SCTP endpoint MUST include in the INIT and INIT-ACK a HMAC-ALGO
   parameter containing a list of HMAC Identifiers it requests the peer
   to use.  The receiver of a HMAC-ALGO parameter SHOULD use the first
   listed algorithm it supports.  The HMAC algorithm based on SHA-1 MUST
   be supported and included in the HMAC-ALGO parameter.  An SCTP
   endpoint MUST not change the parameters listed in the HMAC-ALGO
   parameter during the lifetime of the endpoint.

   Both enpoints of an association have an endpoint pair shared key
   which is a byte vector and preconfigured or established by another
   mechanism.  If it is not preconfigured or established by another
   mechanism it is set to the empty byte vector.

   From this endpoint pair shared key the association shared key is
   computed by concatenating the endpoint pair shared key with the
   random numbers exchanged in the INIT and INIT-ACK.  This is performed
   by selecting the smaller random number and concatenating it to the
   endpoint pair shared key.  Then concatenating the larger of the
   random numbers to that.  If both random numbers are equal they may be
   concatenated to the endpoint pair key in any order.  The
   concatenation is performed on byte vectors representing all numbers
   in network byte order.  The result is the association shared key.

6.2  Sending authenticated chunks

   Chunks can only be authenticated when the SCTP association is in the
   ESTABLISHED state.  Both endpoints MUST send all those chunks
   authenticated where this has been requested by the peer.  The other
   chunks MAY be sent authenticated.

   To send chunks in an authenticated way, the sender has to include
   these chunks after an AUTH chunk.  This means that a sender MUST
   bundle chunks in order to authenticate them.

   The sender MUST calculate the MAC using the hash function H as
   described by the MAC Identifier and the shared association key K. The
   'data' used for the computation of the AUTH-chunk is given by
   Figure 10 and all chunks that are placed after the AUTH chunk in the



Tuexen, et al.          Expires December 14, 2005               [Page 9]

Internet-Draft          SCTP authentication chunk              June 2005


   SCTP packet.  RFC2104 [3] can be used as a guideline for generating
   the MAC.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type = 0x83   |   Flags=0     |         Chunk Length          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        HMAC Identifier                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   \                               0                               /
   /                                                               \
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                                 Figure 10

   Please note that all fields are in network byte order and that the
   field which will contain the complete HMAC is filled with zeroes.
   The length of the field shown as 0 is the length of the HMAC
   described by the HMAC Identifier.

   The sender fills the HMAC into the HMAC field and sends the packet.

6.3  Receiving authenticated chunks

   The receiver has a list of chunk types which it expects to be
   received only after an AUTH-chunk.  This list has been sent to the
   peer during the association setup.  It MUST silently discard these
   chunks if they are not placed after an AUTH chunk in the packet.

   The receiver MUST use the HMAC algorithm indicated in the HMAC
   Identifier field.  If this algorithm is not known the AUTH chunk and
   all chunks after it MUST be discarded and an ERROR chunk SHOULD be
   sent with the error cause defined in Section 4.1.

   The receiver now performs the same calculation as described for the
   sender based on Figure 10.  If the result of the calculation is the
   same as given in the HMAC field, all chunks following the AUTH chunk
   are processed.  If the field does not match the result of the
   calculation all these chunks MUST be silently discarded.

   It should be noted that if the receiver wants to tear down an
   association in an authenticated way only, the handling of malformed
   packets should be in tune with this.

7.  Examples

   This section gives examples of message exchanges for association
   setup.



Tuexen, et al.          Expires December 14, 2005              [Page 10]

Internet-Draft          SCTP authentication chunk              June 2005


   The simplest way of using the extension described in this document is
   given by the following message exchange.

       ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
       <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
       -------------------- COOKIE-ECHO -------------------->
       <-------------------- COOKIE-ACK ---------------------

   Please note that the CHUNKS parameter is optional in the INIT and
   INIT-ACK.

   If the server wants to receive DATA chunks in an authenticated way,
   the following message exchange is possible:

       ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
       <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
       --------------- COOKIE-ECHO; AUTH; DATA ------------->
       <----------------- COOKIE-ACK; SACK ------------------

   Please note that if the endpoint pair shared key depends on the
   client and the server and that it is only known by the upper layer
   this message exchange requires an upper layer intervention between
   the processing of the COOKIE-ECHO chunk (COMMUNICATION-UP
   notification followed by the presentation of the endpoint pair shared
   key by the upper layer to the SCTP stack) and the processing of the
   AUTH and DATA chunk.  If this intervention is not possible due to
   limitations of the API the server might discard the AUTH and DATA
   chunk making a retransmission of the DATA chunk necessary.  If the
   same endpoint pair shared key is used for multiple endpoints and does
   not depend on the client this intervention might not be necessary.

8.  IANA Considerations

   A chunk type for the AUTH chunk has to be assigned by IANA.  It is
   suggested to use the value given above.

   Parameter types have to be assigned for the RANDOM, CHUNKS, and HMAC-
   ALGO parameter by IANA.  It is suggested to use the values given
   above.

   HMAC Identifiers have to be maintained by IANA.  Three initial values
   should be assigned by IANA as described above.

9.  Security Considerations

   This section is still incomplete.

   If no endpoint pair shared key is used an attacker which captures the



Tuexen, et al.          Expires December 14, 2005              [Page 11]

Internet-Draft          SCTP authentication chunk              June 2005


   association setup message exchange can later insert arbitrary packets
   in an authenticated way.  However, if the attacker did not capture
   this initial message exchange he can not successfully inject chunks
   which are required to be authenticated.

   If an enpoint pair shared key is used even a true man in the middle
   can not inject chunks which are required to be authenticated even if
   he intercepts the initial message exchange.

   Because SCTP has already a mechanism built-in that handles the
   reception of duplicated chunks the presented solution makes use of
   this functionality and does not provide a method to avoid replay
   attacks by itself.  Of course, this only works within each SCTP
   association.  Therefore a separate shared key is used for each SCTP
   association to handle replay attacks covering multiple SCTP
   associations.

10.  Acknowledgments

   The authors wish to thank Sascha Grau for his invaluable comments.

11.  References

11.1  Normative References

   [1]  Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
        April 1992.

   [2]  Bradner, S., "The Internet Standards Process -- Revision 3",
        BCP 9, RFC 2026, October 1996.

   [3]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing
        for Message Authentication", RFC 2104, February 1997.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [5]  Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer,
        H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., and V. Paxson,
        "Stream Control Transmission Protocol", RFC 2960, October 2000.

   [6]  Jungmaier, A., Rescorla, E., and M. Tuexen, "Transport Layer
        Security over Stream Control Transmission Protocol", RFC 3436,
        December 2002.

   [7]  National Institute of Standards and Technology, "Secure Hash
        Standard", FIPS PUB 180-1, April 1995,
        <http://www.itl.nist.gov/fipspubs/fip180-1.htm>.



Tuexen, et al.          Expires December 14, 2005              [Page 12]

Internet-Draft          SCTP authentication chunk              June 2005


11.2  Informative References

   [8]  Stewart, R., "Stream Control Transmission Protocol (SCTP)
        Dynamic Address  Reconfiguration",
        draft-ietf-tsvwg-addip-sctp-12 (work in progress), June 2005.


Authors' Addresses

   Michael Tuexen
   Muenster Univ. of Applied Sciences
   Stegerwaldstr. 39
   48565 Steinfurt
   Germany

   Email: tuexen@fh-muenster.de


   Randall R. Stewart
   Cisco Systems, Inc.
   4875 Forest Drive
   Suite 200
   Columbia, SC  29206
   USA

   Email: rrs@cisco.com


   Peter Lei
   Cisco Systems, Inc.
   8735 West Higgins Road
   Suite 300
   Chicago, IL  60631
   USA

   Phone:
   Email: peterlei@cisco.com


   Eric Rescorla
   RTFM, Inc.
   2064 Edgewood Drive
   Palo Alto, CA 94303
   USA

   Phone: +1 650-320-8549
   Email: ekr@rtfm.com




Tuexen, et al.          Expires December 14, 2005              [Page 13]

Internet-Draft          SCTP authentication chunk              June 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Tuexen, et al.          Expires December 14, 2005              [Page 14]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/