Network Working Group A. Jungmaier Request for Comments: 3436 University of Essen Category: Standards Track E. Rescorla RTFM Inc. M. Tuexen Siemens AG December 2002
Network Working Group A. Jungmaier Request for Comments: 3436 University of Essen Category: Standards Track E. Rescorla RTFM Inc. M. Tuexen Siemens AG December 2002
Transport Layer Security over Stream Control Transmission Protocol
基于流控制传输协议的传输层安全
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
Abstract
摘要
This document describes the usage of the Transport Layer Security (TLS) protocol, as defined in RFC 2246, over the Stream Control Transmission Protocol (SCTP), as defined in RFC 2960 and RFC 3309.
本文档描述了RFC 2246中定义的传输层安全(TLS)协议在RFC 2960和RFC 3309中定义的流控制传输协议(SCTP)上的使用。
The user of TLS can take advantage of the features provided by SCTP, namely the support of multiple streams to avoid head of line blocking and the support of multi-homing to provide network level fault tolerance.
TLS的用户可以利用SCTP提供的功能,即支持多个流以避免线端阻塞,以及支持多归属以提供网络级容错。
Additionally, discussions of extensions of SCTP are also supported, meaning especially the support of dynamic reconfiguration of IP-addresses.
此外,还支持对SCTP扩展的讨论,特别是对IP地址动态重新配置的支持。
This document describes the usage of the Transport Layer Security (TLS) protocol, as defined in [RFC2246], over the Stream Control Transmission Protocol (SCTP), as defined in [RFC2960] and [RFC3309].
本文件描述了[RFC2246]中定义的传输层安全(TLS)协议在[RFC2960]和[RFC3309]中定义的流控制传输协议(SCTP)上的使用。
TLS is designed to run on top of a byte-stream oriented transport protocol providing a reliable, in-sequence delivery. Thus, TLS is currently mainly being used on top of the Transmission Control Protocol (TCP), as defined in [RFC793].
TLS设计为运行在面向字节流的传输协议之上,提供可靠的顺序传递。因此,TLS目前主要用于[RFC793]中定义的传输控制协议(TCP)之上。
Comparing TCP and SCTP, the latter provides additional features and this document shows how TLS should be used with SCTP to provide some of these additional features to the TLS user.
通过比较TCP和SCTP,后者提供了附加功能,本文档说明了TLS应如何与SCTP一起使用,以向TLS用户提供这些附加功能。
This document defines:
本文件规定:
- how to use the multiple streams feature of SCTP.
- 如何使用SCTP的多流功能。
- how to handle the message oriented nature of SCTP.
- 如何处理SCTP面向消息的特性。
It should be noted that the TLS user can take advantage of the multi-homing support of SCTP. The dynamic reconfiguration of IP-addresses, as currently being discussed, can also be used with the described solution.
应该注意的是,TLS用户可以利用SCTP的多主支持。目前正在讨论的IP地址的动态重新配置也可与所述解决方案一起使用。
The method described in this document does not require any changes of TLS or SCTP. It is only required that SCTP implementations support the optional feature of fragmentation of SCTP user messages.
本文件中描述的方法不需要更改TLS或SCTP。仅要求SCTP实现支持SCTP用户消息分段的可选功能。
This document uses the following terms:
本文件使用以下术语:
Association: An SCTP association.
协会:SCTP协会。
Connection: A TLS connection.
连接:TLS连接。
Session: A TLS session.
会话:TLS会话。
Stream: A unidirectional stream of an SCTP association. It is uniquely identified by a stream identifier.
流:SCTP关联的单向流。它由流标识符唯一标识。
MTU: Maximum Transmission Unit
最大传输单位
SCTP: Stream Control Transmission Protocol
SCTP:流控制传输协议
TCP: Transmission Control Protocol
传输控制协议
TLS: Transport Layer Security
传输层安全
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL", in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”应按照BCP 14、RFC 2119[RFC2119]中的描述进行解释。
An association between the endpoints A and Z provides n streams from A to Z and m streams from Z to A.
端点A和Z之间的关联提供了从A到Z的n个流和从Z到A的m个流。
A pair consisting of two streams with the same stream identifier is considered and used as one bi-directional stream.
考虑由具有相同流标识符的两个流组成的一对,并将其用作一个双向流。
Thus an SCTP association can be considered as a set of min(n,m) bi-directional streams and (max(n,m) - min(n,m)) uni-directional streams.
因此,SCTP关联可以被视为一组最小(n,m)双向流和(max(n,m)-min(n,m))单向流。
To avoid the knowledge and handling of the MTU inside TLS, SCTP MUST provide fragmentation of user messages, which is an optional feature of [RFC2960]. Since SCTP is a message oriented protocol, it must be able to transmit all TLS records as SCTP user messages. Thus the supported maximum length of SCTP user messages MUST be at least 2^14 + 2048 + 5 = 18437 bytes, which is the maximum length of a TLSCiphertext, as defined in [RFC2246].
为了避免了解和处理TLS内部的MTU,SCTP必须提供用户消息的分段,这是[RFC2960]的可选功能。由于SCTP是一种面向消息的协议,它必须能够将所有TLS记录作为SCTP用户消息传输。因此,支持的SCTP用户消息的最大长度必须至少为2^14+2048+5=18437字节,这是[RFC2246]中定义的TLSCiphertext的最大长度。
Please note that an SCTP implementation might need to support the partial delivery API to be able to support the transport of user messages of this size.
请注意,SCTP实现可能需要支持部分传递API才能支持这种大小的用户消息的传输。
Therefore, SCTP takes care of fragmenting and reassembling the TLS records in order to avoid IP-fragmentation.
因此,SCTP负责对TLS记录进行碎片化和重新组装,以避免IP碎片化。
A TLS implementation for TLS over SCTP MUST support at least the ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA as defined in [RFC3268].
SCTP上TLS的TLS实现必须至少支持[RFC3268]中定义的加密套件TLS\u RSA\u和\u AES\u 128\u CBC\u SHA。
TLS makes use of a bi-directional stream by establishing a connection over it. This means that the number of connections for an association is limited by the number of bi-directional streams.
TLS通过在双向流上建立连接来利用双向流。这意味着关联的连接数量受双向流数量的限制。
The TLS handshake protocol is used on each bi-directional stream separately. Each handshake can be:
TLS握手协议分别用于每个双向流。每次握手可以是:
- a full handshake or
- 完全的握手或握手
- an abbreviated handshake that resumes a TLS session with a session id from another connection (on the same or another association).
- 从另一个连接(在同一个或另一个关联上)使用会话id恢复TLS会话的缩写握手。
After completing the handshake for a connection, the bi-directional stream can be used for TLS-based user data transmission. It should also be noted that the handshakes for the different connections are independent and can be delayed until the bi-directional stream is used for user data transmission.
在完成连接的握手之后,双向流可用于基于TLS的用户数据传输。还应当注意,不同连接的握手是独立的,并且可以延迟,直到双向流用于用户数据传输为止。
It is not required that all bi-directional streams are used for TLS-based user data transmission. If TLS is not used, it is called SCTP-based user data transmission.
不要求所有双向流都用于基于TLS的用户数据传输。如果不使用TLS,则称为基于SCTP的用户数据传输。
If a bi-directional stream is not used for TLS-based communication there are no restrictions on the features provided by SCTP for SCTP-based user data transmission.
如果双向流不用于基于TLS的通信,则SCTP为基于SCTP的用户数据传输提供的功能没有限制。
In general, the bi-directional stream will be used for TLS-based user data transmission and it SHOULD NOT be used for SCTP-based user data transmission. The exception to this rule is for protocols which contain upgrade-to-TLS mechanisms, such as those of HTTP upgrade [RFC2817] and SMTP over TLS [RFC3207].
通常,双向流将用于基于TLS的用户数据传输,而不应用于基于SCTP的用户数据传输。此规则的例外情况适用于包含TLS升级机制的协议,例如HTTP升级[RFC2817]和通过TLS的SMTP[RFC3207]的协议。
TLS requires that the underlying transport delivers TLS records in strict sequence. Thus, the 'unordered delivery' feature of SCTP MUST NOT be used on streams which are used for TLS based user data transmission. For the same reason, TLS records delivered to SCTP for transmission MUST NOT have limited lifetimes.
TLS要求底层传输严格按照顺序传递TLS记录。因此,SCTP的“无序交付”功能不得用于用于基于TLS的用户数据传输的流。出于同样的原因,交付给SCTP进行传输的TLS记录不得具有有限的生存期。
The uni-directional streams can not be used for TLS-based user data transmission. Nevertheless, they can be used without any restrictions for SCTP-based communication.
单向流不能用于基于TLS的用户数据传输。然而,它们可以不受任何限制地用于基于SCTP的通信。
In these examples we consider the case of an association with two bi-directional streams.
在这些例子中,我们考虑与两个双向流关联的情况。
Just after the association has been established, the client sends two ClientHello messages on the bi-directional streams 0 and 1. After a full handshake has been completed on each bi-directional stream, TLS-based user data transmission can take place on that stream. It is possible that on the bi-directional stream 0, the handshake has been completed, and user data transmission is ongoing, while on the bi-directional stream 1, the handshake has not been completed, or vice versa.
就在建立关联之后,客户端在双向流0和1上发送两条ClientHello消息。在每个双向流上完成完全握手后,可以在该流上进行基于TLS的用户数据传输。可能在双向流0上,握手已经完成,并且用户数据传输正在进行,而在双向流1上,握手尚未完成,反之亦然。
After establishing the association, the client starts a full handshake on the bi-directional stream 0. The server provides a session identifier which allows session resumption. After the full handshake has been completed, the client initiates an abbreviated handshake on the bi-directional stream 1, using the session identifier from the handshake on the bi-directional stream 0. User data can be transmitted on the bi-directional stream 0, but not on the bi-directional stream stream 1 in that state. After completion of the abbreviated handshake on the bi-directional stream 1, user data can be transmitted on both streams.
建立关联后,客户端在双向流0上开始完全握手。服务器提供允许会话恢复的会话标识符。在完成完全握手之后,客户端使用来自双向流0上的握手的会话标识符在双向流1上发起简短握手。用户数据可以在双向流0上传输,但不能在处于该状态的双向流1上传输。在双向流1上完成缩短握手之后,可以在两个流上传输用户数据。
Whether or not to use abbreviated handshakes during the setup phase of a TLS connection over an SCTP association depends on several factors:
在通过SCTP关联的TLS连接的设置阶段,是否使用缩写握手取决于几个因素:
- the complexity and duration of the initial handshake processing (also determined by the number of connections),
- 初始握手处理的复杂性和持续时间(也由连接数决定),
- the network performance (round-trip times, bandwidth).
- 网络性能(往返时间、带宽)。
Abbreviated handshakes can reduce computational complexity of the handshake considerably, in case this is a limiting resource. If a large number of connections need to be established, it may be advantageous to use the TLS session resumption feature. On the other hand, before an abbreviated handshake can take place, a full handshake needs to have been completed. In networks with large round-trip time delays, it may be favorable to perform a number of full handshakes in parallel. Therefore, both possibilities are allowed.
在资源有限的情况下,缩短握手可以大大降低握手的计算复杂度。如果需要建立大量连接,则使用TLS会话恢复功能可能是有利的。另一方面,在进行简短握手之前,需要完成完整握手。在具有较大往返时间延迟的网络中,并行执行大量完整握手可能是有利的。因此,这两种可能性都是允许的。
This example resembles the last one, but after the completion of the full handshake on the bi-directional stream 0, the abbreviated handshake on the bi-directional stream 1 is not started immediately. The bi-directional stream 0 can be used for user data transmission. It is only when the user also wants to transmit data on the bi-directional stream 1 that the abbreviated handshake for the bi-directional stream 1 is initiated.
该示例类似于上一个示例,但在双向流0上的完全握手完成后,不会立即开始双向流1上的缩短握手。双向流0可用于用户数据传输。仅当用户还希望在双向流1上传输数据时,才启动双向流1的简化握手。
This allows the user of TLS to request a large number of bi-directional streams without having to provide all the resources at association start-up if not all bi-directional streams are used right from the beginning.
这允许TLS的用户请求大量的双向流,而不必在关联启动时提供所有资源,如果不是从一开始就使用所有的双向流。
This example is like the second and third one, but an abbreviated handshake is used for both bi-directional streams. This requires the existence of a valid session identifier from connections handled by another association.
此示例与第二个和第三个示例类似,但两个双向流都使用了缩写握手。这需要存在来自另一个关联处理的连接的有效会话标识符。
Using TLS on top of SCTP does not provide any new security issues beside the ones discussed in [RFC2246] and [RFC2960].
除了[RFC2246]和[RFC2960]中讨论的安全问题外,在SCTP之上使用TLS不会提供任何新的安全问题。
It is possible to authenticate TLS endpoints based on IP-addresses in certificates. Unlike TCP, SCTP associations can use multiple addresses per SCTP endpoint. Therefore it is possible that TLS records will be sent from a different IP-address than that originally authenticated. This is not a problem provided that no security decisions are made based on that IP-address. This is a special case of a general rule: all decisions should be based on the peer's authenticated identity, not on its transport layer identity.
可以根据证书中的IP地址对TLS端点进行身份验证。与TCP不同,SCTP关联可以为每个SCTP端点使用多个地址。因此,TLS记录可能会从不同于最初经过身份验证的IP地址发送。这不是一个问题,前提是没有基于该IP地址做出安全决策。这是一般规则的一个特例:所有决策都应该基于对等方的已验证身份,而不是其传输层身份。
The authors would like to thank P. Calhoun, J. Wood, and many others for their invaluable comments and suggestions.
作者要感谢P.Calhoun、J.Wood和许多其他人的宝贵意见和建议。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2246] Diercks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.
[RFC2246]Diercks,T.和C.Allen,“TLS协议版本1.0”,RFC2246,1999年1月。
[RFC2960] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., Zhang, L. and V. Paxon, "Stream Control Transmission Protocol", RFC 2960, October 2000.
[RFC2960]Stewart,R.,Xie,Q.,Morneault,K.,Sharp,C.,Schwarzbauer,H.,Taylor,T.,Rytina,I.,Kalla,M.,Zhang,L.和V.Paxon,“流控制传输协议”,RFC 29602000年10月。
[RFC3268] Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)", RFC 3268, June 2002.
[RFC3268]Chown,P.,“用于传输层安全(TLS)的高级加密标准(AES)密码套件”,RFC 3268,2002年6月。
[RFC3309] Stone, J., Stewart, R., Otis, D., "Stream Control Transmission Protocol (SCTP) Checksum Change", RFC 3309, September 2002.
[RFC3309]Stone,J.,Stewart,R.,Otis,D.,“流控制传输协议(SCTP)校验和更改”,RFC 33092002年9月。
[RFC793] Postel, J. (ed.), "Transmission Control Protocol", STD 7, RFC 793, September 1981.
[RFC793]Postel,J.(编辑),“传输控制协议”,标准7,RFC793,1981年9月。
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996.
[RFC2026]Bradner,S.,“互联网标准过程——第3版”,BCP 9,RFC 2026,1996年10月。
[RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within HTTP/1.1", RFC 2817, May 2000.
[RFC2817]Khare,R.和S.Lawrence,“在HTTP/1.1中升级到TLS”,RFC 28172000年5月。
[RFC3207] Hoffman, P., "SMTP Service Extension for Secure SMTP over TLS", RFC 3207, February 2002.
[RFC3207]Hoffman,P.,“TLS上安全SMTP的SMTP服务扩展”,RFC 3207,2002年2月。
Andreas Jungmaier University of Essen Networking Technology Group at the IEM Ellernstrasse 29 D-45326 Essen Germany
安德烈亚斯JungMayar大学埃森网络技术组IEM ErrnStaseSE 29 D-4326埃森德国
Phone: +49 201 1837667 EMail: ajung@exp-math.uni-essen.de
Phone: +49 201 1837667 EMail: ajung@exp-math.uni-essen.de
Eric Rescorla RTFM, Inc. 2064 Edgewood Drive Palo Alto, CA 94303 USA
Eric Rescorla RTFM,Inc.美国加利福尼亚州帕洛阿尔托埃奇伍德大道2064号,邮编94303
Phone: +1 650-320-8549 EMail: ekr@rtfm.com
Phone: +1 650-320-8549 EMail: ekr@rtfm.com
Michael Tuexen Siemens AG D-81359 Munich Germany
德国慕尼黑D-81359西门子公司
Phone: +49 89 722 47210 EMail: Michael.Tuexen@siemens.com
Phone: +49 89 722 47210 EMail: Michael.Tuexen@siemens.com
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。