| Internet-Draft | SCTP-DTLS Requirements | October 2023 |
| Tüxen | Expires 25 April 2024 | [Page] |
The current specification of DTLS over SCTP is outdated and does not fulfill the requirements of 3GPP. This Internet Draft documents the requirements of 3GPP for securing SCTP based communications using DTLS. It is a result of a design team in TSVWG and reflects the current of its work. Therefore, this document is expected to change over time.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 25 April 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document reflects the current status of a design team in TSVWG working on the requirements of securing SCTP based traffic using DTLS.¶
The following people were participating the design team: Marcelo Ricardo Leitner, Xin Long, John Mattsson Claudio Porfiri, Tirumaleswar Reddy.K, Zahed Sarker, Hannes Tschofenig Michael Tüxen, and Magnus Westerlund.¶
An SCTP implementation must support at least two streams used for reliable and in-sequence delivery.¶
Message size of at least 1 GB must be supported. It is known that currently user message size of 0.5 MB are in use. Liaison statement from 3GPP RAN3 [LS-RAN3] stated "RAN3 would like to confirm our previous LS: we do not expect to limit the maximum message size of application protocols. For this reason, any solution with a limit on message size will not meet RAN3 requirements."¶
Multihoming must be supported. However, support or dynamic address reconfiguration as specified in [RFC5061] is not required.¶
The restart procedure must be supported.¶
Protocol mechanisms should not limit the availability of the communication (like the draining procedure in [RFC6083]).¶
Mutual authentication must be used with periodic re-authentication allowing a certificate update.¶
It must the possible to run DH once per hour or every 100GB.¶
Privacy and integrity is required for user data.¶
An on-path attacker being able to drop packets might be able to drop the association.¶
An on-path attacker being able to replay messages, insert messages, or modify messages must not be able to affect the availability of the association or change user data.¶
In particular, the SCTP restart procedure must not allow to take over an SCTP association by an attacker.¶
No actions from IANA required.¶
TBD.¶