The IESG has approved the following document: - 'Authenticated Chunks for Stream Control Transmission Protocol (SCTP) ' <draft-ietf-tsvwg-sctp-auth-08.txt> as a Proposed Standard This document is the product of the Transport Area Working Group Working Group. The IESG contact persons are Magnus Westerlund and Lars Eggert. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-sctp-auth-08.txt Technical Summary This document describes a new chunk type, several parameters and procedures for SCTP. This new chunk type can be used to authenticate SCTP chunks by using shared keys between the sender and receiver. The new parameters are used to establish the shared keys. Using TLS as defined in RFC3436 (TLS over SCTP) does not help with this requirement because it only secures SCTP user data. Therefore an SCTP extension is created by this document which provides a mechanism for deriving shared keys for each association. These association shared keys are derived from endpoint pair shared keys, which are configured and might be empty, and data which is exchanged during the SCTP association setup. The extension presented in this document allows an SCTP sender to sign chunks using shared keys between the sender and receiver. The receiver can then verify that the chunks are sent from the sender and not from a malicious attacker as long as the attacker does not know an association shared key. Working Group Summary There is strong consensus in the WG to publish this document. It has been reviewed by several people in the WG last call. Comments raised has been addressed. Protocol Quality This document extends the Stream Control Transmission Protocol (SCTP), and has had many comments, all of which have been reviewed within the TSVWG to the WG's satisfaction. Personel The responsible AD is Magnus Westerlund. The WG shepherd is James Polk. _______________________________________________ IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
