draft-ietf-tsvwg-dtls-for-sctp-03.txt   draft-ietf-tsvwg-dtls-for-sctp-04.txt 
Network Working Group M. Tuexen Network Working Group M. Tuexen
Internet-Draft R. Seggelmann Internet-Draft R. Seggelmann
Intended status: Standards Track Muenster Univ. of Applied Sciences Intended status: Standards Track Muenster Univ. of Applied Sciences
Expires: August 20, 2010 E. Rescorla Expires: August 21, 2010 E. Rescorla
RTFM, Inc. RTFM, Inc.
February 16, 2010 February 17, 2010
Datagram Transport Layer Security for Stream Control Transmission Datagram Transport Layer Security for Stream Control Transmission
Protocol Protocol
draft-ietf-tsvwg-dtls-for-sctp-03.txt draft-ietf-tsvwg-dtls-for-sctp-04.txt
Abstract Abstract
This document describes the usage of the Datagram Transport Layer This document describes the usage of the Datagram Transport Layer
Security (DTLS) protocol over the Stream Control Transmission Security (DTLS) protocol over the Stream Control Transmission
Protocol (SCTP). Protocol (SCTP).
Security features provided by DTLS over SCTP include authentication, Security features provided by DTLS over SCTP include authentication,
message integrity and privacy of user messages. Applications using message integrity and privacy of user messages. Applications using
DTLS over SCTP can use almost all transport features provided by SCTP DTLS over SCTP can use almost all transport features provided by SCTP
skipping to change at page 1, line 46 skipping to change at page 1, line 46
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 20, 2010. This Internet-Draft will expire on August 21, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 6, line 50 skipping to change at page 6, line 50
Prior to processing a received ChangeCipherSpec all other received Prior to processing a received ChangeCipherSpec all other received
SCTP user messages which are buffered in the SCTP layer MUST be read SCTP user messages which are buffered in the SCTP layer MUST be read
and processed by DTLS. and processed by DTLS.
User messages arriving between ChangeCipherSpec and Finished using User messages arriving between ChangeCipherSpec and Finished using
the new epoch have probably passed the Finished and MUST be buffered the new epoch have probably passed the Finished and MUST be buffered
by DTLS until the Finished is read. by DTLS until the Finished is read.
4.7. Handling of Endpoint-pair Shared Secrets 4.7. Handling of Endpoint-pair Shared Secrets
The endpoint-pair shared secret for Shared Key Identifier 0 is empty. The endpoint-pair shared secret for Shared Key Identifier 0 is empty
Whenever the master key changes, a 64 byte shared secret is derived and MUST be used when establishing a DTLS connection. Whenever the
from every master secret and provided as a new end-point pair shared master key changes, a 64 byte shared secret is derived from every
secret by using the algorithm described in [I-D.ietf-tls-extractor]. master secret and provided as a new end-point pair shared secret by
using the exporter described in [I-D.ietf-tls-extractor]. The
exporter MUST use the label given in Section 5 and an empty context.
The new Shared Key Identifier MUST be the old Shared Key Identifier The new Shared Key Identifier MUST be the old Shared Key Identifier
incremented by 1. If the old one is 65535, the new one MUST be 1. incremented by 1. If the old one is 65535, the new one MUST be 1.
Before sending the Finished message the active SCTP-AUTH key MUST be Before sending the Finished message the active SCTP-AUTH key MUST be
switched to the new one. switched to the new one.
Once the corresponding Finished message from the peer has been Once the corresponding Finished message from the peer has been
received the old SCTP-AUTH key SHOULD be removed. received the old SCTP-AUTH key SHOULD be removed.
4.8. Shutdown 4.8. Shutdown
 End of changes. 5 change blocks. 
8 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/