| draft-ietf-taps-transport-security-07.txt | draft-ietf-taps-transport-security-08.txt | |||
|---|---|---|---|---|
| Network Working Group C. Wood, Ed. | Network Working Group C. Wood, Ed. | |||
| Internet-Draft Apple Inc. | Internet-Draft Apple Inc. | |||
| Intended status: Informational T. Enghardt | Intended status: Informational T. Enghardt | |||
| Expires: January 25, 2020 TU Berlin | Expires: February 8, 2020 TU Berlin | |||
| T. Pauly | T. Pauly | |||
| Apple Inc. | Apple Inc. | |||
| C. Perkins | C. Perkins | |||
| University of Glasgow | University of Glasgow | |||
| K. Rose | K. Rose | |||
| Akamai Technologies, Inc. | Akamai Technologies, Inc. | |||
| July 24, 2019 | August 07, 2019 | |||
| A Survey of Transport Security Protocols | A Survey of Transport Security Protocols | |||
| draft-ietf-taps-transport-security-07 | draft-ietf-taps-transport-security-08 | |||
| Abstract | Abstract | |||
| This document provides a survey of commonly used or notable network | This document provides a survey of commonly used or notable network | |||
| security protocols, with a focus on how they interact and integrate | security protocols, with a focus on how they interact and integrate | |||
| with applications and transport protocols. Its goal is to supplement | with applications and transport protocols. Its goal is to supplement | |||
| efforts to define and catalog transport services by describing the | efforts to define and catalog transport services by describing the | |||
| interfaces required to add security protocols. This survey is not | interfaces required to add security protocols. This survey is not | |||
| limited to protocols developed within the scope or context of the | limited to protocols developed within the scope or context of the | |||
| IETF, and those included represent a superset of features a Transport | IETF, and those included represent a superset of features a Transport | |||
| Services system may need to support. | Services system may need to support. Moreover, this document defines | |||
| a minimal set of security features that a secure transport system | ||||
| should provide. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 25, 2020. | This Internet-Draft will expire on February 8, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 51 ¶ | skipping to change at page 3, line 51 ¶ | |||
| surveying commonly used and notable network security protocols, and | surveying commonly used and notable network security protocols, and | |||
| identifying the services and features a Transport Services system (a | identifying the services and features a Transport Services system (a | |||
| system that provides a transport API) needs to provide in order to | system that provides a transport API) needs to provide in order to | |||
| add transport security. It examines Transport Layer Security (TLS), | add transport security. It examines Transport Layer Security (TLS), | |||
| Datagram Transport Layer Security (DTLS), QUIC + TLS, tcpcrypt, | Datagram Transport Layer Security (DTLS), QUIC + TLS, tcpcrypt, | |||
| Internet Key Exchange with Encapsulating Security Protocol (IKEv2 + | Internet Key Exchange with Encapsulating Security Protocol (IKEv2 + | |||
| ESP), SRTP (with DTLS), WireGuard, CurveCP, and MinimalT. For each | ESP), SRTP (with DTLS), WireGuard, CurveCP, and MinimalT. For each | |||
| protocol, this document provides a brief description, the security | protocol, this document provides a brief description, the security | |||
| features it provides, and the dependencies it has on the underlying | features it provides, and the dependencies it has on the underlying | |||
| transport. This is followed by defining the set of transport | transport. This is followed by defining the set of transport | |||
| security features shared by these protocols. Finally, the document | security features shared by these protocols. The document groups | |||
| distills the application and transport interfaces provided by the | these security features into a minimal set of features, which every | |||
| transport security protocols. | secure transport system should provide in addition to the transport | |||
| features described in [I-D.ietf-taps-minset], and additional optional | ||||
| features, which may not be available in every secure transport | ||||
| system. Finally, the document distills the application and transport | ||||
| interfaces provided by the transport security protocols. | ||||
| Selected protocols represent a superset of functionality and features | Selected protocols represent a superset of functionality and features | |||
| a Transport Services system may need to support, both internally and | a Transport Services system may need to support, both internally and | |||
| externally (via an API) for applications [I-D.ietf-taps-arch]. | externally (via an API) for applications [I-D.ietf-taps-arch]. | |||
| Ubiquitous IETF protocols such as (D)TLS, as well as non-standard | Ubiquitous IETF protocols such as (D)TLS, as well as non-standard | |||
| protocols such as Google QUIC, are both included despite overlapping | protocols such as Google QUIC, are both included despite overlapping | |||
| features. As such, this survey is not limited to protocols developed | features. As such, this survey is not limited to protocols developed | |||
| within the scope or context of the IETF. Outside of this candidate | within the scope or context of the IETF. Outside of this candidate | |||
| set, protocols that do not offer new features are omitted. For | set, protocols that do not offer new features are omitted. For | |||
| example, newer protocols such as WireGuard make unique design choices | example, newer protocols such as WireGuard make unique design choices | |||
| skipping to change at page 32, line 33 ¶ | skipping to change at page 32, line 33 ¶ | |||
| Transport Services", draft-ietf-taps-arch-04 (work in | Transport Services", draft-ietf-taps-arch-04 (work in | |||
| progress), July 2019. | progress), July 2019. | |||
| [I-D.ietf-taps-interface] | [I-D.ietf-taps-interface] | |||
| Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G., | Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G., | |||
| Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T. | Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T. | |||
| Pauly, "An Abstract Application Layer Interface to | Pauly, "An Abstract Application Layer Interface to | |||
| Transport Services", draft-ietf-taps-interface-04 (work in | Transport Services", draft-ietf-taps-interface-04 (work in | |||
| progress), July 2019. | progress), July 2019. | |||
| [I-D.ietf-taps-minset] | ||||
| Welzl, M. and S. Gjessing, "A Minimal Set of Transport | ||||
| Services for End Systems", draft-ietf-taps-minset-11 (work | ||||
| in progress), September 2018. | ||||
| [I-D.ietf-tls-dtls-connection-id] | [I-D.ietf-tls-dtls-connection-id] | |||
| Rescorla, E., Tschofenig, H., and T. Fossati, "Connection | Rescorla, E., Tschofenig, H., and T. Fossati, "Connection | |||
| Identifiers for DTLS 1.2", draft-ietf-tls-dtls-connection- | Identifiers for DTLS 1.2", draft-ietf-tls-dtls-connection- | |||
| id-06 (work in progress), July 2019. | id-06 (work in progress), July 2019. | |||
| [MinimalT] | [MinimalT] | |||
| "MinimaLT -- Minimal-latency Networking Through Better | "MinimaLT -- Minimal-latency Networking Through Better | |||
| Security", n.d.. | Security", n.d.. | |||
| [Noise] "The Noise Protocol Framework", n.d.. | [Noise] "The Noise Protocol Framework", n.d.. | |||
| End of changes. 7 change blocks. | ||||
| 8 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||