On Mon, Jun 10, 2013 at 4:43 AM, Sebastien Decugis <[email protected]> wrote: > Hi Nikos, >> Your understanding looks correct, having a method to disable the replay >> protection may seem reasonable then. How would malicious replays be >> detected in that case? Does the SCTP/DTLS protocol include it? > This is a very good question :) I have done some more research and it appears > that yes, when using DTLS over SCTP, the SCTP-AUTH extension must be used and > this extension provides the anti-replay detection at the SCTP layer. When the > extension is not used, there is a "light" protection in SCTP that is probably > not sufficient to protect against malicious attacks. > However, I realize that in order to use this SCTP-AUTH extension, more > interaction between GNU TLS and the SCTP stack is required, in particular: > - support for DTLS Keying Material Exporters as described in RFC5705 ( I did > not find in the documentation if this is supported in GNU TLS),
Check gnutls_prf(). That allows access to the key material exporter. > - ability to be notified *during* handshake so that the new derived key can > be set for SCTP-AUTH before the "Finished" message is sent. Currently hooks are allowed after client hello (post_client_hello) and when a certificate is received. Most probably a hook to intercept the handshake before or after any arbitrary handshake message would be useful here. I'll try to add such functionality to 3.2 releases (in addition with an API to disable the replay protection). > I am going to start implementing DTLS over SCTP without using the SCTP-AUTH > mechanism and without disabling the replay protection in a first step. Can > you tell me the characteristics of the anti-replay window in GNU TLS? If I > limit the number of streams I am using to this window, I should be able to > avoid the messages being dropped. The window size is 64 after gnutls 3.1.0 (may be 32 on 3.0.x). > If you are interested, I will send you the link to this implementation (open > source) so that you can use it for further tests. That would be nice. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
