rfc9653.original   rfc9653.txt 
Network Working Group M. Tüxen Internet Engineering Task Force (IETF) M. Tüxen
Internet-Draft Münster Univ. of Appl. Sciences Request for Comments: 9653 Münster Univ. of Appl. Sciences
Intended status: Standards Track V. Boivie Category: Standards Track V. Boivie
Expires: 20 December 2024 F. Castelli ISSN: 2070-1721 F. Castelli
Google Google
R. Jesup R. Jesup
Mozilla Mozilla
18 June 2024 September 2024
Zero Checksum for the Stream Control Transmission Protocol Zero Checksum for the Stream Control Transmission Protocol
draft-ietf-tsvwg-sctp-zero-checksum-11
Abstract Abstract
The Stream Control Transmission Protocol (SCTP) uses a 32-bit The Stream Control Transmission Protocol (SCTP) uses a 32-bit
checksum in the common header of each packet to provide some level of checksum in the common header of each packet to provide some level of
data integrity. If another method used by SCTP already provides the data integrity. If another method used by SCTP already provides the
same or a higher level of data integrity, computing this checksum same or a higher level of data integrity, computing this checksum
does not provide any additional protection, but does consume does not provide any additional protection but does consume computing
computing resources. resources.
This document provides a simple extension allowing SCTP to save these This document provides a simple extension allowing SCTP to save these
computing resources by using zero as the checksum in a backwards computing resources by using zero as the checksum in a backwards-
compatible way. It also defines how this feature can be used when compatible way. It also defines how this feature can be used when
SCTP packets are encapsulated in Datagram Transport Layer Security SCTP packets are encapsulated in Datagram Transport Layer Security
(DTLS) packets. (DTLS) packets.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 20 December 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9653.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions
3. Alternate Error Detection Methods . . . . . . . . . . . . . . 3 3. Alternate Error Detection Methods
4. A New Chunk Parameter . . . . . . . . . . . . . . . . . . . . 5 4. A New Chunk Parameter
5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Procedures
5.1. Declaration of Feature Support . . . . . . . . . . . . . 6 5.1. Declaration of Feature Support
5.2. Sender Side Considerations . . . . . . . . . . . . . . . 6 5.2. Sender-Side Considerations
5.3. Receiver Side Considerations . . . . . . . . . . . . . . 7 5.3. Receiver-Side Considerations
6. Error Detection via SCTP over DTLS . . . . . . . . . . . . . 8 6. Error Detection via SCTP over DTLS
7. Socket API Considerations . . . . . . . . . . . . . . . . . . 8 7. Socket API Considerations
7.1. Set Accepting a Zero Checksum 7.1. Set Accepting a Zero Checksum (SCTP_ACCEPT_ZERO_CHECKSUM)
(SCTP_ACCEPT_ZERO_CHECKSUM) . . . . . . . . . . . . . . . 8 8. IANA Considerations
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 9. Security Considerations
9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 10. References
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative References
10.1. Normative References . . . . . . . . . . . . . . . . . . 10 10.2. Informative References
10.2. Informative References . . . . . . . . . . . . . . . . . 11 Acknowledgments
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
SCTP as specified in [RFC9260] uses a CRC32c checksum to provide some SCTP as specified in [RFC9260] uses a CRC32c checksum to provide some
level of data integrity. When using, for example, Datagram Transport level of data integrity. When using, for example, Datagram Transport
Layer Security (DTLS) as the lower layer for SCTP as specified in Layer Security (DTLS) as the lower layer for SCTP as specified in
[RFC8261], using the CRC32c checksum does not provide any additional [RFC8261], using the CRC32c checksum does not provide any additional
protection over that already provided by DTLS. However, computing protection over that already provided by DTLS. However, computing
the CRC32c checksum at the sender and receiver side does consume the CRC32c checksum at the sender and receiver sides does consume
computational resources for no benefit. This is particularly computational resources for no benefit. This is particularly
important for endpoints that are computationally limited and use SCTP important for endpoints that are computationally limited and use SCTP
over DTLS. over DTLS.
The extension described in this document allows an SCTP endpoint to The extension described in this document allows an SCTP endpoint to
declare that it accepts SCTP packets with a checksum of zero when declare that it accepts SCTP packets with a checksum of zero when
using a specific alternate error detection method. This declaration using a specific alternate error detection method. This declaration
happens during the setup of the SCTP association and allows endpoints happens during the setup of the SCTP association and allows endpoints
supporting this extension to be interoperable with endpoints not that support this extension to be interoperable with endpoints that
supporting the extension described in this document. To provide this don't. To provide this backwards compatibility, endpoints using this
backwards compatibility, endpoints using this extension still need to extension still need to implement the CRC32c checksum algorithm.
implement the CRC32c checksum algorithm.
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Alternate Error Detection Methods 3. Alternate Error Detection Methods
SCTP uses a CRC32c checksum to provide some level of data integrity. SCTP uses a CRC32c checksum to provide some level of data integrity.
The CRC32c checksum is computed based on the SCTP common header and The CRC32c checksum is computed based on the SCTP common header and
the chunks contained in the packet. In particular, the computation the chunks contained in the packet. In particular, the computation
of the CRC32c checksum does not involve a pseudo header for IPv4 or of the CRC32c checksum does not involve a pseudo header for IPv4 or
IPv6 like the computation of the TCP checksum, as specified in IPv6 like the computation of the TCP checksum, as specified in
[RFC9293], or the UDP checksum, as specified in [RFC0768]. [RFC9293], or the UDP checksum, as specified in [RFC0768].
skipping to change at page 4, line 25 skipping to change at line 139
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Initiate Tag = 0xFCB75CCA | | Initiate Tag = 0xFCB75CCA |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Advertised Receiver Window Credit (a_rwnd) = 1500 | | Advertised Receiver Window Credit (a_rwnd) = 1500 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Number of Outbound Streams = 1 | Number of Inbound Streams = 1 | |Number of Outbound Streams = 1 | Number of Inbound Streams = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Initial TSN = 0 | | Initial TSN = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: SCTP Packet with a correct CRC32c checksum of zero Figure 1: SCTP Packet with a Correct CRC32c Checksum of Zero
Using SCTP in combination with other mechanisms or protocol Using SCTP in combination with other mechanisms or protocol
extensions might provide data integrity protection with an equal or extensions might provide data integrity protection with an equal or
lower probability of false negatives than the one provided by using lower probability of false negatives than the one provided by using
the CRC32c checksum algorithm. When using such alternate error the CRC32c checksum algorithm. When using such alternate error
detection methods, the SCTP common header containing the 32-bit detection methods, the SCTP common header containing the 32-bit
checksum field might or might not be visible to middleboxes on the checksum field might or might not be visible to middleboxes on the
paths between the two endpoints. paths between the two endpoints.
Alternate error detection methods have two requirements: Alternate error detection methods have two requirements:
1. An alternate error detection method MUST provide an equal or 1. An alternate error detection method MUST provide an equal or
lower probability of false negatives than the one provided by lower probability of false negatives than the one provided by
using the CRC32c checksum algorithm. This MAY only apply to using the CRC32c checksum algorithm. This MAY only apply to
packets satisfying some method specific constraints. packets satisfying some method-specific constraints.
2. Using an alternate error detection method MUST NOT result in a 2. Using an alternate error detection method MUST NOT result in a
path failure for more than two retransmission timeouts (RTO) due path failure for more than two retransmission timeouts (RTOs) due
to middleboxes on the path expecting correct CRC32c checksums. to middleboxes on the path expecting correct CRC32c checksums.
To fulfill the second requirement, alternate error detection methods To fulfill the second requirement, alternate error detection methods
could use a heuristic to detect the existence of such middleboxes and could use a heuristic to detect the existence of such middleboxes and
use correct CRC32c checksums on these affected paths. use correct CRC32c checksums on these affected paths.
One example fulfilling the first requirement is using DTLS as the Using DTLS as the lower layer of SCTP as specified in [RFC8261] is
lower layer of SCTP as specified in [RFC8261]. Another example is one example that fulfills the first requirement. Another example is
using SCTP Authentication as specified in [RFC4895]. Of course, this using SCTP Authentication as specified in [RFC4895]. Of course, this
only applies to all SCTP packets having an AUTH chunk as its first only applies to each SCTP packet having an AUTH chunk as its first
chunk. However, using SCTP Authentication without any heuristic does chunk. However, using SCTP Authentication without any heuristic does
not fulfill the second requirement. Since using DTLS as the lower not fulfill the second requirement. Since using DTLS as the lower
layer of SCTP as specified in [RFC8261] also fulfills the second layer of SCTP as specified in [RFC8261] also fulfills the second
requirement, it can be used as an alternate error detection method requirement, it can be used as an alternate error detection method
(see Section 6). (see Section 6).
If an alternate error detection method is used, the computation of If an alternate error detection method is used, the computation of
the CRC32c checksum consumes computational resources without the CRC32c checksum consumes computational resources without
providing any benefit. To avoid this, an SCTP endpoint could be providing any benefit. To avoid this, an SCTP endpoint could be
willing to accept SCTP packets with an incorrect CRC32c checksum willing to accept SCTP packets with an incorrect CRC32c checksum
skipping to change at page 5, line 34 skipping to change at line 197
irrelevant, since the receiver is fine with not using the CRC32c irrelevant, since the receiver is fine with not using the CRC32c
checksum to protect incoming packets. checksum to protect incoming packets.
4. A New Chunk Parameter 4. A New Chunk Parameter
The Zero Checksum Acceptable Chunk Parameter is defined by the The Zero Checksum Acceptable Chunk Parameter is defined by the
following figure. following figure.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x8001 (suggested) | Length = 8 | | Type = 0x8001 | Length = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Detection Method Identifier (EDMID) | | Error Detection Method Identifier (EDMID) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Zero Checksum Acceptable Chunk Parameter Figure 2: Zero Checksum Acceptable Chunk Parameter
Type: 16 bits (unsigned integer) Type: 16 bits (unsigned integer)
This field holds the IANA defined parameter type for the "Zero This field holds the IANA-defined parameter type for the "Zero
Checksum Acceptable" chunk parameter. IANA is requested to assign Checksum Acceptable" chunk parameter. IANA has assigned the value
the value 32769 (0x8001) (suggested) for this parameter type. 32769 (0x8001) for this parameter type.
Length: 16 bits (unsigned integer) Length: 16 bits (unsigned integer)
This field holds the length in bytes of the chunk parameter; the This field holds the length in bytes of the chunk parameter; the
value MUST be 8. value MUST be 8.
Error Detection Method Identifier (EDMID): 32 bits (unsigned Error Detection Method Identifier (EDMID): 32 bits (unsigned
integer) integer)
An IANA registered value specifying the alternate error detection An IANA-registered value specifying the alternate error detection
method the sender of this parameter is willing to use for received method the sender of this parameter is willing to use for received
packets. packets.
All transported integer numbers are in "network byte order" a.k.a., All transported integer numbers are in network byte order, a.k.a. big
Big Endian. endian.
The Zero Checksum Acceptable Chunk Parameter MAY appear in INIT and The Zero Checksum Acceptable Chunk Parameter MAY appear in INIT and
INIT ACK chunks and MUST NOT appear in any other chunk. The INIT ACK chunks and MUST NOT appear in any other chunk. The
Parameter MUST NOT appear more than once in any chunk. Parameter MUST NOT appear more than once in any chunk.
If an endpoint not supporting the extension described in this If an endpoint not supporting the extension described in this
document receives this parameter in an INIT or INIT ACK chunk, it is document receives this parameter in an INIT or INIT ACK chunk, it is
REQUIRED to skip this parameter and continue to process further REQUIRED to skip this parameter and continue to process further
parameters in the chunk. This behavior is specified by [RFC9260] parameters in the chunk. This behavior is specified by [RFC9260]
because the highest-order two bits of the Type are '10'. because the highest-order two bits of the Type are '10'.
skipping to change at page 6, line 35 skipping to change at line 246
An endpoint willing to accept SCTP packets with an incorrect checksum An endpoint willing to accept SCTP packets with an incorrect checksum
of zero MUST include the Zero Checksum Acceptable Chunk Parameter of zero MUST include the Zero Checksum Acceptable Chunk Parameter
indicating the alternate error detection method it is willing to use indicating the alternate error detection method it is willing to use
in the INIT or INIT ACK chunk it sends. in the INIT or INIT ACK chunk it sends.
An SCTP implementation MAY also require the upper layer to indicate An SCTP implementation MAY also require the upper layer to indicate
that it is fine to use a specific alternate error detection method that it is fine to use a specific alternate error detection method
before including the corresponding Zero Checksum Acceptable Chunk before including the corresponding Zero Checksum Acceptable Chunk
Parameter. Parameter.
5.2. Sender Side Considerations 5.2. Sender-Side Considerations
An SCTP endpoint cannot just use an incorrect CRC32c checksum value An SCTP endpoint cannot just use an incorrect CRC32c checksum value
of zero for all SCTP packets it sends. The following restrictions of zero for all SCTP packets it sends. The following restrictions
apply: apply:
1. If an endpoint has not received an INIT or INIT ACK chunk 1. If an endpoint has not received an INIT or INIT ACK chunk
containing a Zero Checksum Acceptable Chunk Parameter indicating containing a Zero Checksum Acceptable Chunk Parameter indicating
an alternate error detection method it supports from its peer an alternate error detection method it supports from its peer
during the association setup, it MUST use a correct CRC32c during the association setup, it MUST use a correct CRC32c
checksum. In particular, when an endpoint checksum. In particular, when an endpoint
skipping to change at page 7, line 17 skipping to change at line 274
2. When an endpoint sends a packet containing a COOKIE ECHO chunk, 2. When an endpoint sends a packet containing a COOKIE ECHO chunk,
it MUST include a correct CRC32c checksum in the packet it MUST include a correct CRC32c checksum in the packet
containing the COOKIE ECHO chunk. containing the COOKIE ECHO chunk.
3. When an endpoint supports the dynamic address reconfiguration 3. When an endpoint supports the dynamic address reconfiguration
specified in [RFC5061] and sends a packet containing an ASCONF specified in [RFC5061] and sends a packet containing an ASCONF
chunk, it MUST include a correct CRC32c checksum in the packet chunk, it MUST include a correct CRC32c checksum in the packet
containing the ASCONF chunk. containing the ASCONF chunk.
4. If an alternate error detection method has some method specific 4. If an alternate error detection method has some method-specific
constraints, the sender MUST include a correct CRC32c checksum in constraints, the sender MUST include a correct CRC32c checksum in
all packets not fulfilling these method specific constraints. all packets that don't fulfill these method-specific constraints.
The first restriction allows backwards compatibility. The second and The first restriction allows backwards compatibility. The second and
third restrictions allow a simpler implementation of the extension third restrictions allow a simpler implementation of the extension
defined in this document, because looking up the association for SCTP defined in this document, because looking up the association for SCTP
packets containing a COOKIE ECHO chunk or an ASCONF chunk might be packets containing a COOKIE ECHO chunk or an ASCONF chunk might be
more complex than for other packets. Finally, the last restriction more complex than for other packets. Finally, the last restriction
covers alternate error detection method specific constraints. covers constraints specific to the alternate error detection method.
An SCTP end point MAY require that the upper layer allowed the use of An SCTP endpoint MAY require that the upper layer allow the use of
the alternate error detection method that was announced by the peer the alternate error detection method that was announced by the peer
before sending packets with an incorrect checksum of zero. before sending packets with an incorrect checksum of zero.
If none of the above restrictions apply, an endpoint SHOULD use zero If none of the above restrictions apply, an endpoint SHOULD use zero
as the checksum when sending an SCTP packet. as the checksum when sending an SCTP packet.
5.3. Receiver Side Considerations 5.3. Receiver-Side Considerations
If an endpoint has sent the Zero Checksum Acceptable Chunk Parameter If an endpoint has sent the Zero Checksum Acceptable Chunk Parameter
indicating the support of an alternate error detection method in an indicating the support of an alternate error detection method in an
INIT or INIT ACK chunk, it MUST accept SCTP packets fulfilling the INIT or INIT ACK chunk, in addition to SCTP packets containing the
requirements of the announced alternate error detection method using correct CRC32c checksum value it MUST accept SCTP packets that have
an incorrect checksum value of zero in addition to SCTP packets an incorrect checksum value of zero and that fulfill the requirements
containing the correct CRC32c checksum value for this association. of the announced alternate error detection method used for this
Otherwise, the endpoint MUST drop all SCTP packets with an incorrect association. Otherwise, the endpoint MUST drop all SCTP packets with
CRC32c checksum. an incorrect CRC32c checksum.
In addition to processing OOTB packets with a correct CRC32c checksum In addition to processing OOTB packets with a correct CRC32c checksum
as specified in [RFC9260], an SCTP implementation MAY also process as specified in [RFC9260], an SCTP implementation MAY also process
OOTB packets having an incorrect zero checksum. Doing so might OOTB packets having an incorrect zero checksum. Doing so might
result in faster SCTP association failure detection. result in faster SCTP association failure detection.
6. Error Detection via SCTP over DTLS 6. Error Detection via SCTP over DTLS
Using SCTP over DTLS as specified in [RFC8261] provides a stronger Using SCTP over DTLS as specified in [RFC8261] provides a stronger
error detection method than using the CRC32c checksum algorithm. error detection method than using the CRC32c checksum algorithm.
Since middleboxes will not observe the unencrypted SCTP packet, there Since middleboxes will not observe the unencrypted SCTP packet, there
is no risk in interfering with using zero as an incorrect checksum. is no risk in interfering with using zero as an incorrect checksum.
There are no additional error detection method specific constraints There are no additional constraints (specific to the error detection
on packets when using DTLS encapsulation. method) on packets when using DTLS encapsulation.
7. Socket API Considerations 7. Socket API Considerations
This section describes how the socket API defined in [RFC6458] needs This section describes how the socket API defined in [RFC6458] needs
to be extended to provide a way for the application to control the to be extended to provide a way for the application to control the
acceptance of a zero checksum. acceptance of a zero checksum.
A 'Socket API Considerations' section is contained in all SCTP A 'Socket API Considerations' section is contained in all SCTP-
related specifications published after [RFC6458] describing an related specifications published after [RFC6458] describing an
extension for which implementations using the socket API as specified extension for which implementations using the socket API as specified
in [RFC6458] would require some extension of the socket API. Please in [RFC6458] would require some extension of the socket API. Please
note that this section is informational only. note that this section is informational only.
A socket API implementation based on [RFC6458] is extended by A socket API implementation based on [RFC6458] is extended by
supporting one new write-only IPPROTO_SCTP-level socket option. supporting one new write-only IPPROTO_SCTP-level socket option.
7.1. Set Accepting a Zero Checksum (SCTP_ACCEPT_ZERO_CHECKSUM) 7.1. Set Accepting a Zero Checksum (SCTP_ACCEPT_ZERO_CHECKSUM)
skipping to change at page 9, line 7 skipping to change at line 357
An implementation might only send packets with an incorrect checksum An implementation might only send packets with an incorrect checksum
of zero, if the alternate error detection method announced by the of zero, if the alternate error detection method announced by the
peer is also enabled locally via this socket option. peer is also enabled locally via this socket option.
The default for this socket option is that the use of alternate error The default for this socket option is that the use of alternate error
detection methods is disabled. detection methods is disabled.
8. IANA Considerations 8. IANA Considerations
[NOTE to RFC-Editor: "RFCXXXX" is to be replaced by the RFC number A new chunk parameter type has been assigned by IANA in the "Chunk
you assign this document.] Parameter Types" registry for SCTP:
[NOTE to RFC-Editor: The suggested value for the parameter type is
tentative and to be confirmed by IANA.]
This document (RFCXXXX) is the reference for the registration
described in this section.
A new chunk parameter type has to be assigned by IANA. This requires
an additional line in the "Chunk Parameter Types" registry for SCTP:
+===================+==========================+===========+ +==========+===================================+===========+
| ID Value | Chunk Parameter Type | Reference | | ID Value | Chunk Parameter Type | Reference |
+===================+==========================+===========+ +==========+===================================+===========+
| 32769 (suggested) | Zero Checksum Acceptable | [RFCXXXX] | | 32769 | Zero Checksum Acceptable (0x8001) | RFC 9653 |
| | (0x8001 (suggested)) | | +----------+-----------------------------------+-----------+
+-------------------+--------------------------+-----------+
Table 1: New entry in "Chunk Parameter Types" registry Table 1: New Entry in "Chunk Parameter Types" Registry
Furthermore, IANA is requested to establish a new "Error Detection Furthermore, IANA has established a new "Error Detection Method"
Method" registry for SCTP. The assignment of new error detection registry for SCTP. The assignment of new error detection methods is
methods is done through the Specification Required policy as defined done through the Specification Required policy as defined in
in [RFC8126]. Documentation for a new error detection method MUST [RFC8126]. Documentation for a new error detection method MUST
contain the following information: contain the following information:
1. A name of an alternate error detection method. 1. A name of an alternate error detection method.
2. A reference to a specification describing: 2. A reference to a specification describing:
(a) the alternate error detection method, (a) the alternate error detection method,
(b) why the alternate error detection method provides an equal (b) why the alternate error detection method provides an equal
or lower probability of false negatives than the one or lower probability of false negatives than the one
provided by using the CRC32c checksum, provided by using the CRC32c checksum,
(c) any alternate error detection method specific constraints (c) any constraints (specific to the alternate error detection
referred to in the fourth exception in Section 5.2, and method) that are referred to in the fourth exception in
Section 5.2, and
(d) why using the alternate error detection method does not (d) why using the alternate error detection method does not
result in path failures due to middleboxes expecting correct result in path failures due to middleboxes expecting correct
CRC32c checksums for more than two RTOs. In case the CRC32c checksums for more than two RTOs. In case the
alternate error detection method uses a heuristic for alternate error detection method uses a heuristic for
detecting such middleboxes, this heuristic needs to be detecting such middleboxes, this heuristic needs to be
described. described.
IANA is requested to use the following as the initial contents of the The initial contents of the registry are as follows:
registry:
+================+========================+===========+ +================+========================+===========+
| ID Value | Error Detection Method | Reference | | ID Value | Error Detection Method | Reference |
+================+========================+===========+ +================+========================+===========+
| 0 | Reserved | [RFCXXXX] | | 0 | Reserved | RFC 9653 |
+----------------+------------------------+-----------+ +----------------+------------------------+-----------+
| 1 | SCTP over DTLS | [RFCXXXX] | | 1 | SCTP over DTLS | RFC 9653 |
+----------------+------------------------+-----------+ +----------------+------------------------+-----------+
| 2 - 4294967295 | Unassigned | | | 2 - 4294967295 | Unassigned | |
+----------------+------------------------+-----------+ +----------------+------------------------+-----------+
Table 2: Initial Contents of the "Error Detection Table 2: Initial Contents of the "Error Detection
Method" registry Method" Registry
A Designated Expert (DE) is expected to ascertain the existence of A designated expert (DE) is expected to ascertain the existence of
suitable documentation (a specification) as described in [RFC8126] suitable documentation (a specification) as described in [RFC8126]
and to verify that the document is permanently and publicly and to verify that the document is permanently and publicly
available. Furthermore, the DE is expected to ensure that the above available. Furthermore, the DE is expected to ensure that the above
four points have been addressed appropriately. four points have been addressed appropriately.
9. Security Considerations 9. Security Considerations
This document does not change the considerations given in [RFC9260]. This document does not change the considerations given in [RFC9260].
Using an alternate error detection method provides an equal or better Due to the first requirement in Section 3, using an alternate error
level of data integrity than the one provided by using the CRC32c detection method provides an equal or better level of data integrity
checksum algorithm due to the first requirement of alternate error than the one provided by using the CRC32c checksum algorithm. The
detection methods. The second requirement of alternate error second requirement in Section 3 ensures that the existence of
detection methods ensures that the existence of middleboxes expecting middleboxes expecting correct CRC32c checksums does not result in
correct CRC32c checksums does not result in permanent path failures. permanent path failures.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
 End of changes. 42 change blocks. 
118 lines changed or deleted 103 lines changed or added

This html diff was produced by rfcdiff 1.48.