Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use RFC 7525(bis) #155

Open
martinthomson opened this issue Aug 4, 2022 · 3 comments
Open

Use RFC 7525(bis) #155

martinthomson opened this issue Aug 4, 2022 · 3 comments
Assignees
@emanjon
Labels
Needs PR Needs a text proposal in a Pull Request Wait for DTLS 1.3 discussion

Comments

@martinthomson
Copy link

https://gloinul.github.io/draft-westerlund-tsvwg-dtls-over-sctp-bis/draft-ietf-tsvwg-dtls-over-sctp-bis.html#section-9.1-12 says (amongst other things):

When DTLS/SCTP is used with DTLS 1.2 [RFC6347], the TLS Session Hash and Extended Master Secret Extension [RFC7627] MUST be used to prevent unknown key-share attacks where an attacker establishes the same key on several connections.

This sort of stuff is better addressed by RFC 7525bis. You can probably safely use the -bis rather than the original as it is much more mature than this document.
@emanjon
Copy link
Collaborator

emanjon commented Sep 10, 2022

Yes, we should probably refer to RFC7525bis, but maybe only to specific parts. We intentionally did not refer to RFC7525 as it was not describing "best practice" even when it was published. 3GPP did e.g., discuss RFC7525 but decided to not refer to it as many parts would decrease the security of 3GPP TLS usage rather than strengthening it. E.g allowing thing already forbidden by 3GPP since many years:

   When using RSA, servers SHOULD authenticate using certificates with
   at least a 2048-bit modulus for the public key.  In addition, the use
   of the SHA-256 hash algorithm is RECOMMENDED

Curves of less than 192 bits SHOULD NOT be used.

Regarding DTLS versions, it might make sense to just forbid DTLS 1.2 now that DTLS 1.3 is published and supported by several libraries. That would make the part about DTLS 1.2 configuration disappear.

@emanjon
Copy link
Collaborator

emanjon commented Sep 15, 2022

I think it is good to reference RFC 7525bis but beofre doing any changes we should decide if we want to mandate support of RFC 9147. Mandating support of DTLS 1.3 would be equal to mandating use of DTLS 1.3 or higher meaning that everything DTLS 1.2 could be removed.

@gloinul gloinul added Needs PR Needs a text proposal in a Pull Request Need Discussion The Issue needs discussion to determine next step labels Sep 27, 2022
@gloinul gloinul removed the Need Discussion The Issue needs discussion to determine next step label Oct 12, 2022
@gloinul
Copy link
Owner

gloinul commented Oct 12, 2022

PR will wait until we have decided on issue #176

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emanjon emanjon

Labels
Needs PR Needs a text proposal in a Pull Request Wait for DTLS 1.3 discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@martinthomson @gloinul @emanjon