Internet DRAFT - draft-tuexen-tsvwg-sctp-zero-checksum

draft-tuexen-tsvwg-sctp-zero-checksum







Network Working Group                                           M. Tüxen
Internet-Draft                           Münster Univ. of Appl. Sciences
Intended status: Standards Track                               V. Boivie
Expires: 11 November 2023                                    F. Castelli
                                                                  Google
                                                                R. Jesup
                                                                 Mozilla
                                                             10 May 2023


       Zero Checksum for the Stream Control Transmission Protocol
                draft-tuexen-tsvwg-sctp-zero-checksum-03

Abstract

   The Stream Control Transmission Protocol (SCTP) uses a 32-bit
   checksum in the common header of each packet to provide some level of
   data integrity.  When the lower layer used by SCTP provides already
   the same or a higher level of data integrity, computing this checksum
   does not provide any additional protection, but does require
   computing resources.  This document provides a simple extension to
   SCTP allowing to save these computing resources by using the constant
   0 as the checksum in a backwards compatible way.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 11 November 2023.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.






Tüxen, et al.           Expires 11 November 2023                [Page 1]

Internet-Draft           Zero Checksum for SCTP                 May 2023


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  A New Chunk Parameter . . . . . . . . . . . . . . . . . . . .   3
   4.  Procedures  . . . . . . . . . . . . . . . . . . . . . . . . .   3
     4.1.  Declaration of Feature Support  . . . . . . . . . . . . .   4
     4.2.  Sender Side Considerations  . . . . . . . . . . . . . . .   4
     4.3.  Receiver Side Considerations  . . . . . . . . . . . . . .   5
   5.  Socket API Considerations . . . . . . . . . . . . . . . . . .   5
     5.1.  Set Accepting a Zero Checksum
           (SCTP_ACCEPT_ZERO_CHECKSUM) . . . . . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   SCTP as specified in [RFC9260] uses a CRC32c to provide some level of
   data integrity.  When using, for example, Datagram Transport Layer
   Security (DTLS) as the lower layer for SCTP as specified in
   [RFC8261], using the CRC32c does not provide any additional
   protection over the one already provided by DTLS.  However, computing
   the CRC32c at the sender and receiver side does require
   computationally resources for no benefit.  This is in particular
   important for computational limited end points using SCTP
   encapsulated in DTLS.

   The extension described in this document allows an SCTP end point to
   declare that it accepts SCTP packets with a checksum of zero.  This
   declaration happens during the setup of the SCTP association and
   allows end points supporting this extension to be interoperable with
   end points not supporting the extension described in this document.
   To provide this backwards compatibility, end points using this
   extension still need to implement the CRC32c checksum algorithm.



Tüxen, et al.           Expires 11 November 2023                [Page 2]

Internet-Draft           Zero Checksum for SCTP                 May 2023


2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  A New Chunk Parameter

   The Zero Checksum Acceptable Chunk Parameter is defined by the
   following figure.

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type = 0x8001 (suggested)   |          Length = 4           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

             Figure 1: Zero Checksum Acceptable Chunk Parameter

   Type: 16 bits (unsigned integer)
      This field holds the IANA defined parameter type for the "Zero
      Checksum Acceptable" chunk parameter.  IANA is requested to assign
      the value 32769 (0x8001) (suggested) for this parameter type.

   Length: 16 bits (unsigned integer)
      This field holds the length in bytes of the chunk parameter; the
      value MUST be 4.

   All transported integer numbers are in "network byte order" a.k.a.,
   Big Endian.

   The Zero Checksum Acceptable Chunk Parameter MAY appear in INIT and
   INIT ACK chunks.  It MUST NOT appear in any other chunk.

   If an end point not supporting the extension described in this
   document receives this parameter in an INIT or INIT ACK chunk, it
   skips this parameter and continues to process further parameters in
   the chunk.  This behavior is REQUIRED by [RFC9260] because the
   highest-order two bits of the Type are '10'.

4.  Procedures









Tüxen, et al.           Expires 11 November 2023                [Page 3]

Internet-Draft           Zero Checksum for SCTP                 May 2023


4.1.  Declaration of Feature Support

   If the lower layer of SCTP provides an equal or better level of data
   integrity protection than the one provided by using the CRC32c
   algorithm, the computation of the CRC32c checksum requires
   computational resources without providing any benefit.  To avoid
   this, an SCTP end point MAY be willing to accept SCTP packets with an
   incorrect CRC32c checksum value of zero in addition to SCTP packets
   with correct CRC32c checksum values.  An SCTP endpoint SHOULD NOT be
   willing to accept SCTP packets with an incorrect CRC32c checksum
   value of zero, if the lower layer does not provide at least the level
   of data integrity the CRC32c checksum algorithm provides.

   One example of such a lower layer is the use of SCTP over DTLS as
   described in [RFC8261] (as used in the WebRTC context).  Counter
   examples include:

   *  SCTP over IPv4 or IPv6 as specified in [RFC9260].

   *  SCTP over UDP as specified in [RFC6951].

   *  The use of SCTP Authentication as specified in [RFC4895].

   Therefore using an incorrect zero checksum, in particular when using
   SCTP over DTLS, will not result in problems with the middle boxes
   expecting correct CRC32c checksums in SCTP packets.

   An SCTP implementation MAY also require the upper layer to indicate
   that it is fine to accept SCTP packets with an incorrect CRC32c value
   of zero.

   An end point willing to accept SCTP packets with a checksum of zero
   MUST include the Zero Checksum Acceptable Chunk Parameter in the INIT
   or INIT ACK chunk it sends.

4.2.  Sender Side Considerations

   If an end point has received an INIT or INIT ACK chunk containing a
   Zero Checksum Acceptable Chunk Parameter from its peer during the
   association setup, it SHOULD use zero as the checksum for all packets
   sent in this association with the following three exceptions:

   *  When an end point sends a packet containing an INIT chunk, it MUST
      include a correct CRC32c checksum in the packet containing the
      INIT chunk.






Tüxen, et al.           Expires 11 November 2023                [Page 4]

Internet-Draft           Zero Checksum for SCTP                 May 2023


   *  When an end point sends a packet containing a COOKIE ECHO chunk,
      it MUST include a correct CRC32c checksum in the packet containing
      the COOKIE ECHO chunk.

   *  When an end point supports the dynamic address reconfiguration
      specified in [RFC5061] and sends a packet containing an ASCONF
      chunk, it MUST include a correct CRC32c checksum in the packet
      containing the ASCONF chunk.

   The first exception allows backwards compatibility and the second and
   third exception allow a simpler implementation of the extension
   defined in this document.

   When an end point responds to an "Out of the Blue" (OOTB) SCTP
   packet, it MUST include a correct CRC32c checksum in the response
   packet.

   An SCTP end point MAY only send packets with an incorrect checksum of
   zero, if the upper layer allowed the reception of SCTP packets with
   an incorrect zero checksum.

4.3.  Receiver Side Considerations

   Zero is a valid result of the CRC32c algorithm.  Therefore, a
   receiver of an SCTP packet containing a checksum value of zero cannot
   determine whether the sender included an incorrect CRC32c of zero to
   reduce the CPU cost or the result of the CRC32c computation was
   actually zero.  However, if the receiver has sent the Zero Checksum
   Acceptable Chunk Parameter during the handshake, this ambiguity is
   irrelevant, since the receiver is fine with not using the CRC32c to
   protect incoming packets.

   If an end point has sent the Zero Checksum Acceptable Chunk Parameter
   in an INIT or INIT ACK chunk, it MUST accept SCTP packets using an
   incorrect checksum value of zero in addition to SCTP packets
   containing the correct CRC32c checksum value for this association.

   An SCTP implementation MAY process OOTB SCTP packets having an
   incorrect zero checksum in addition to OOTB packets with a correct
   CRC32c checksum.

5.  Socket API Considerations

   This section describes how the socket API defined in [RFC6458] needs
   to be extended to provide a way for the application to control the
   acceptance of a zero checksum.

   Please note that this section is informational only.



Tüxen, et al.           Expires 11 November 2023                [Page 5]

Internet-Draft           Zero Checksum for SCTP                 May 2023


   A socket API implementation based on [RFC6458] is extended by
   supporting one new write-only IPPROTO_SCTP-level socket option.

5.1.  Set Accepting a Zero Checksum (SCTP_ACCEPT_ZERO_CHECKSUM)

   This socket option can be used to control the acceptance of a zero
   checksum.  It is a write-only socket option and applies only to
   future SCTP associations on the socket.

   This option expects an integer boolean flag, where a non-zero value
   enables the option, and a zero value disables the option.  An
   implementation might only send packets with an incorrect checksum of
   zero, if this option is enabled.

   This option is disabled by default.

6.  IANA Considerations

   [NOTE to RFC-Editor: "RFCXXXX" is to be replaced by the RFC number
   you assign this document.]

   [NOTE to RFC-Editor: The suggested value for the parameter type is
   tentative and to be confirmed by IANA.]

   This document (RFCXXXX) is the reference for the registration
   described in this section.

   A new chunk parameter type has to be assigned by IANA.  This requires
   an additional line in the "Chunk Parameter Types" registry for SCTP:

       +===================+==========================+===========+
       | ID Value          | Chunk Parameter Type     | Reference |
       +===================+==========================+===========+
       | 32769 (suggested) | Zero Checksum Acceptable | [RFCXXXX] |
       |                   | (0x8001 (suggested))     |           |
       +-------------------+--------------------------+-----------+

          Table 1: New entry in "Chunk Parameter Types" registry

7.  Security Considerations

   This document does not change the considerations given in [RFC9260].

8.  References

8.1.  Normative References





Tüxen, et al.           Expires 11 November 2023                [Page 6]

Internet-Draft           Zero Checksum for SCTP                 May 2023


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC5061]  Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and M.
              Kozuka, "Stream Control Transmission Protocol (SCTP)
              Dynamic Address Reconfiguration", RFC 5061,
              DOI 10.17487/RFC5061, September 2007,
              <https://www.rfc-editor.org/info/rfc5061>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8261]  Tuexen, M., Stewart, R., Jesup, R., and S. Loreto,
              "Datagram Transport Layer Security (DTLS) Encapsulation of
              SCTP Packets", RFC 8261, DOI 10.17487/RFC8261, November
              2017, <https://www.rfc-editor.org/info/rfc8261>.

   [RFC9260]  Stewart, R., Tüxen, M., and K. Nielsen, "Stream Control
              Transmission Protocol", RFC 9260, DOI 10.17487/RFC9260,
              June 2022, <https://www.rfc-editor.org/info/rfc9260>.

8.2.  Informative References

   [RFC4895]  Tuexen, M., Stewart, R., Lei, P., and E. Rescorla,
              "Authenticated Chunks for the Stream Control Transmission
              Protocol (SCTP)", RFC 4895, DOI 10.17487/RFC4895, August
              2007, <https://www.rfc-editor.org/info/rfc4895>.

   [RFC6458]  Stewart, R., Tuexen, M., Poon, K., Lei, P., and V.
              Yasevich, "Sockets API Extensions for the Stream Control
              Transmission Protocol (SCTP)", RFC 6458,
              DOI 10.17487/RFC6458, December 2011,
              <https://www.rfc-editor.org/info/rfc6458>.

   [RFC6951]  Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream
              Control Transmission Protocol (SCTP) Packets for End-Host
              to End-Host Communication", RFC 6951,
              DOI 10.17487/RFC6951, May 2013,
              <https://www.rfc-editor.org/info/rfc6951>.

Acknowledgments

   The authors wish to thank Gorry Fairhurst, Mike Heard, Nils Ohlmeier,
   Claudio Porfiri, and Magnus Westerlund for their invaluable comments.




Tüxen, et al.           Expires 11 November 2023                [Page 7]

Internet-Draft           Zero Checksum for SCTP                 May 2023


Authors' Addresses

   Michael Tüxen
   Münster University of Applied Sciences
   Stegerwaldstrasse 39
   48565 Steinfurt
   Germany
   Email: tuexen@fh-muenster.de


   Victor Boivie
   Google
   Kungsbron 2
   SE-11122 Stockholm
   Sweden
   Email: boivie@google.com


   Florent Castelli
   Google
   Kungsbron 2
   SE-11122 Stockholm
   Sweden
   Email: orphis@google.com


   Randell Jesup
   Mozilla Corporation
   1835 Horse Shoe Trl
   Malvern, PA 19355
   United States of America
   Email: randell-ietf@jesup.org



















Tüxen, et al.           Expires 11 November 2023                [Page 8]