< draft-ietf-tls-dtls-connection-id-05.txt   draft-ietf-tls-dtls-connection-id-06.txt >
TLS E. Rescorla, Ed. TLS E. Rescorla, Ed.
Internet-Draft RTFM, Inc. Internet-Draft RTFM, Inc.
Updates: 6347 (if approved) H. Tschofenig, Ed. Updates: 6347 (if approved) H. Tschofenig, Ed.
Intended status: Standards Track T. Fossati Intended status: Standards Track T. Fossati
Expires: November 7, 2019 Arm Limited Expires: January 9, 2020 Arm Limited
May 06, 2019 July 08, 2019
Connection Identifiers for DTLS 1.2 Connection Identifiers for DTLS 1.2
draft-ietf-tls-dtls-connection-id-05 draft-ietf-tls-dtls-connection-id-06
Abstract Abstract
This document specifies the Connection ID (CID) construct for the This document specifies the Connection ID (CID) construct for the
Datagram Transport Layer Security (DTLS) protocol version 1.2. Datagram Transport Layer Security (DTLS) protocol version 1.2.
A CID is an identifier carried in the record layer header that gives A CID is an identifier carried in the record layer header that gives
the recipient additional information for selecting the appropriate the recipient additional information for selecting the appropriate
security association. In "classical" DTLS, selecting a security security association. In "classical" DTLS, selecting a security
association of an incoming DTLS record is accomplished with the help association of an incoming DTLS record is accomplished with the help
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 7, 2019. This Internet-Draft will expire on January 9, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 36 skipping to change at page 2, line 36
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3
3. The "connection_id" Extension . . . . . . . . . . . . . . . . 3 3. The "connection_id" Extension . . . . . . . . . . . . . . . . 3
4. Record Layer Extensions . . . . . . . . . . . . . . . . . . . 5 4. Record Layer Extensions . . . . . . . . . . . . . . . . . . . 5
5. Record Payload Protection . . . . . . . . . . . . . . . . . . 7 5. Record Payload Protection . . . . . . . . . . . . . . . . . . 7
5.1. Block Ciphers . . . . . . . . . . . . . . . . . . . . . . 7 5.1. Block Ciphers . . . . . . . . . . . . . . . . . . . . . . 7
5.2. Block Ciphers with Encrypt-then-MAC processing . . . . . 7 5.2. Block Ciphers with Encrypt-then-MAC processing . . . . . 7
5.3. AEAD Ciphers . . . . . . . . . . . . . . . . . . . . . . 8 5.3. AEAD Ciphers . . . . . . . . . . . . . . . . . . . . . . 8
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7. Security and Privacy Considerations . . . . . . . . . . . . . 10 7. Security and Privacy Considerations . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 11
9.2. Informative References . . . . . . . . . . . . . . . . . 11 9.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. History . . . . . . . . . . . . . . . . . . . . . . 13 Appendix A. History . . . . . . . . . . . . . . . . . . . . . . 13
Appendix B. Working Group Information . . . . . . . . . . . . . 14 Appendix B. Working Group Information . . . . . . . . . . . . . 14
Appendix C. Contributors . . . . . . . . . . . . . . . . . . . . 14 Appendix C. Contributors . . . . . . . . . . . . . . . . . . . . 14
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 15 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
The Datagram Transport Layer Security (DTLS) protocol was designed The Datagram Transport Layer Security (DTLS) protocol was designed
for securing connection-less transports, like UDP. DTLS, like TLS, for securing connection-less transports, like UDP. DTLS, like TLS,
skipping to change at page 10, line 30 skipping to change at page 10, line 30
arbitrary values; implementations concerned about this SHOULD refuse arbitrary values; implementations concerned about this SHOULD refuse
to use connection ids. to use connection ids.
An on-path adversary, who is able to observe the DTLS protocol An on-path adversary, who is able to observe the DTLS protocol
exchanges between the DTLS client and the DTLS server, is able to exchanges between the DTLS client and the DTLS server, is able to
link the observed payloads to all subsequent payloads carrying the link the observed payloads to all subsequent payloads carrying the
same connection id pair (for bi-directional communication). Without same connection id pair (for bi-directional communication). Without
multi-homing or mobility, the use of the CID is not different to the multi-homing or mobility, the use of the CID is not different to the
use of the 5-tuple. use of the 5-tuple.
An on-path adversary can also black-hole traffic or create a
reflection attack against third parties because a DTLS peer has no
means to distinguish a genuine address update event (for example, due
to a NAT rebinding) from one that is malicious. This attack is of
concern when there is a large asymmetry of request/response message
sizes.
With multi-homing, an adversary is able to correlate the With multi-homing, an adversary is able to correlate the
communication interaction over the two paths, which adds further communication interaction over the two paths, which adds further
privacy concerns. The lack of a CID update mechanism makes this privacy concerns. The lack of a CID update mechanism makes this
extension unsuitable for mobility scenarios where correlation must be extension unsuitable for mobility scenarios where correlation must be
considered. considered.
Importantly, the sequence number makes it possible for a passive Importantly, the sequence number makes it possible for a passive
attacker to correlate packets across CID changes. Thus, even if a attacker to correlate packets across CID changes. Thus, even if a
client/server pair do a rehandshake to change CID, that does not client/server pair do a rehandshake to change CID, that does not
provide much privacy benefit. provide much privacy benefit.
skipping to change at page 10, line 51 skipping to change at page 11, line 11
The CID-enhanced record layer introduces record padding; a privacy The CID-enhanced record layer introduces record padding; a privacy
feature not available with the original DTLS 1.2 RFC. Padding allows feature not available with the original DTLS 1.2 RFC. Padding allows
to inflate the size of the ciphertext making traffic analysis more to inflate the size of the ciphertext making traffic analysis more
difficult. More details about the padding can be found in difficult. More details about the padding can be found in
Section 5.4 and Appendix E.3 of RFC 8446. Section 5.4 and Appendix E.3 of RFC 8446.
8. IANA Considerations 8. IANA Considerations
IANA is requested to allocate an entry to the existing TLS IANA is requested to allocate an entry to the existing TLS
"ExtensionType Values" registry, defined in [RFC5246], for "ExtensionType Values" registry, defined in [RFC5246], for
connection_id(TBD1) defined in this document. connection_id(TBD1) as described in the table below. IANA is
requested to add an extra column to the TLS ExtensionType Values
registry to indicate whether an extension is only applicable to DTLS.
Value Extension Name TLS 1.3 DTLS Only Recommended Reference
--------------------------------------------------------------------
TBD1 connection_id - Y N [[This doc]]
Note: The value "N" in the Recommended column is set because this
extension is intended only for specific use cases. This document
describes an extension for DTLS 1.2 only; it is not to TLS (1.3).
The DTLS 1.3 functionality is described in [I-D.ietf-tls-dtls13].
IANA is requested to allocate tls12_cid(TBD2) in the "TLS ContentType IANA is requested to allocate tls12_cid(TBD2) in the "TLS ContentType
Registry". Registry". The tls12_cid ContentType is only applicable to DTLS 1.2.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 13, line 9 skipping to change at page 13, line 9
[1] mailto:tls@ietf.org [1] mailto:tls@ietf.org
[2] https://www1.ietf.org/mailman/listinfo/tls [2] https://www1.ietf.org/mailman/listinfo/tls
[3] https://www.ietf.org/mail-archive/web/tls/current/index.html [3] https://www.ietf.org/mail-archive/web/tls/current/index.html
Appendix A. History Appendix A. History
RFC EDITOR: PLEASE REMOVE THE THIS SECTION RFC EDITOR: PLEASE REMOVE THE THIS SECTION
draft-ietf-tls-dtls-connection-id-06
- Updated IANA considerations
- Enhanced security consideration section to describe a potential
man-in-the-middle attack concerning address validation.
draft-ietf-tls-dtls-connection-id-05
- Restructed Section 5 "Record Payload Protection"
draft-ietf-tls-dtls-connection-id-04 draft-ietf-tls-dtls-connection-id-04
- Editorial simplifications to the 'Record Layer Extensions' and the - Editorial simplifications to the 'Record Layer Extensions' and the
'Record Payload Protection' sections. 'Record Payload Protection' sections.
- Added MAC calculations for block ciphers with and without Encrypt- - Added MAC calculations for block ciphers with and without Encrypt-
then-MAC processing. then-MAC processing.
draft-ietf-tls-dtls-connection-id-03 draft-ietf-tls-dtls-connection-id-03
 End of changes. 9 change blocks. 
8 lines changed or deleted 37 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/