Diff: draft-ietf-tsvwg-dtls-for-sctp-03.txt - draft-ietf-tsvwg-dtls-for-sctp-04.txt

	draft-ietf-tsvwg-dtls-for-sctp-03.txt	draft-ietf-tsvwg-dtls-for-sctp-04.txt

	Network Working Group M. Tuexen	Network Working Group M. Tuexen
	Internet-Draft R. Seggelmann	Internet-Draft R. Seggelmann
	Intended status: Standards Track Muenster Univ. of Applied Sciences	Intended status: Standards Track Muenster Univ. of Applied Sciences

	Expires: August 20, 2010 E. Rescorla	Expires: August 21, 2010 E. Rescorla
	RTFM, Inc.	RTFM, Inc.

	February 16, 2010	February 17, 2010

	Datagram Transport Layer Security for Stream Control Transmission	Datagram Transport Layer Security for Stream Control Transmission
	Protocol	Protocol

	draft-ietf-tsvwg-dtls-for-sctp-03.txt	draft-ietf-tsvwg-dtls-for-sctp-04.txt

	Abstract	Abstract

	This document describes the usage of the Datagram Transport Layer	This document describes the usage of the Datagram Transport Layer
	Security (DTLS) protocol over the Stream Control Transmission	Security (DTLS) protocol over the Stream Control Transmission
	Protocol (SCTP).	Protocol (SCTP).

	Security features provided by DTLS over SCTP include authentication,	Security features provided by DTLS over SCTP include authentication,
	message integrity and privacy of user messages. Applications using	message integrity and privacy of user messages. Applications using
	DTLS over SCTP can use almost all transport features provided by SCTP	DTLS over SCTP can use almost all transport features provided by SCTP

	skipping to change at page 1, line 46	skipping to change at page 1, line 46
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."

	The list of current Internet-Drafts can be accessed at	The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt.	http://www.ietf.org/ietf/1id-abstracts.txt.

	The list of Internet-Draft Shadow Directories can be accessed at	The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html.	http://www.ietf.org/shadow.html.


	This Internet-Draft will expire on August 20, 2010.	This Internet-Draft will expire on August 21, 2010.

	Copyright Notice	Copyright Notice
	Copyright (c) 2010 IETF Trust and the persons identified as the	Copyright (c) 2010 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect

	skipping to change at page 6, line 50	skipping to change at page 6, line 50
	Prior to processing a received ChangeCipherSpec all other received	Prior to processing a received ChangeCipherSpec all other received
	SCTP user messages which are buffered in the SCTP layer MUST be read	SCTP user messages which are buffered in the SCTP layer MUST be read
	and processed by DTLS.	and processed by DTLS.

	User messages arriving between ChangeCipherSpec and Finished using	User messages arriving between ChangeCipherSpec and Finished using
	the new epoch have probably passed the Finished and MUST be buffered	the new epoch have probably passed the Finished and MUST be buffered
	by DTLS until the Finished is read.	by DTLS until the Finished is read.

	4.7. Handling of Endpoint-pair Shared Secrets	4.7. Handling of Endpoint-pair Shared Secrets


	The endpoint-pair shared secret for Shared Key Identifier 0 is empty.	The endpoint-pair shared secret for Shared Key Identifier 0 is empty
	Whenever the master key changes, a 64 byte shared secret is derived	and MUST be used when establishing a DTLS connection. Whenever the
	from every master secret and provided as a new end-point pair shared	master key changes, a 64 byte shared secret is derived from every
	secret by using the algorithm described in [I-D.ietf-tls-extractor].	master secret and provided as a new end-point pair shared secret by
		using the exporter described in [I-D.ietf-tls-extractor]. The
		exporter MUST use the label given in Section 5 and an empty context.
	The new Shared Key Identifier MUST be the old Shared Key Identifier	The new Shared Key Identifier MUST be the old Shared Key Identifier
	incremented by 1. If the old one is 65535, the new one MUST be 1.	incremented by 1. If the old one is 65535, the new one MUST be 1.

	Before sending the Finished message the active SCTP-AUTH key MUST be	Before sending the Finished message the active SCTP-AUTH key MUST be
	switched to the new one.	switched to the new one.

	Once the corresponding Finished message from the peer has been	Once the corresponding Finished message from the peer has been
	received the old SCTP-AUTH key SHOULD be removed.	received the old SCTP-AUTH key SHOULD be removed.

	4.8. Shutdown	4.8. Shutdown

End of changes. 5 change blocks.
	8 lines changed or deleted	10 lines changed or added
This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/