You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When DTLS/SCTP is used with DTLS 1.2 [RFC6347], the TLS Session Hash and Extended Master Secret Extension [RFC7627] MUST be used to prevent unknown key-share attacks where an attacker establishes the same key on several connections.
This sort of stuff is better addressed by RFC 7525bis. You can probably safely use the -bis rather than the original as it is much more mature than this document.
The text was updated successfully, but these errors were encountered:
Yes, we should probably refer to RFC7525bis, but maybe only to specific parts. We intentionally did not refer to RFC7525 as it was not describing "best practice" even when it was published. 3GPP did e.g., discuss RFC7525 but decided to not refer to it as many parts would decrease the security of 3GPP TLS usage rather than strengthening it. E.g allowing thing already forbidden by 3GPP since many years:
When using RSA, servers SHOULD authenticate using certificates with
at least a 2048-bit modulus for the public key. In addition, the use
of the SHA-256 hash algorithm is RECOMMENDED
Curves of less than 192 bits SHOULD NOT be used.
Regarding DTLS versions, it might make sense to just forbid DTLS 1.2 now that DTLS 1.3 is published and supported by several libraries. That would make the part about DTLS 1.2 configuration disappear.
I think it is good to reference RFC 7525bis but beofre doing any changes we should decide if we want to mandate support of RFC 9147. Mandating support of DTLS 1.3 would be equal to mandating use of DTLS 1.3 or higher meaning that everything DTLS 1.2 could be removed.
https://gloinul.github.io/draft-westerlund-tsvwg-dtls-over-sctp-bis/draft-ietf-tsvwg-dtls-over-sctp-bis.html#section-9.1-12 says (amongst other things):
This sort of stuff is better addressed by RFC 7525bis. You can probably safely use the -bis rather than the original as it is much more mature than this document.
The text was updated successfully, but these errors were encountered: