draft-ietf-taps-transport-security-07.txt   draft-ietf-taps-transport-security-08.txt 
Network Working Group C. Wood, Ed. Network Working Group C. Wood, Ed.
Internet-Draft Apple Inc. Internet-Draft Apple Inc.
Intended status: Informational T. Enghardt Intended status: Informational T. Enghardt
Expires: January 25, 2020 TU Berlin Expires: February 8, 2020 TU Berlin
T. Pauly T. Pauly
Apple Inc. Apple Inc.
C. Perkins C. Perkins
University of Glasgow University of Glasgow
K. Rose K. Rose
Akamai Technologies, Inc. Akamai Technologies, Inc.
July 24, 2019 August 07, 2019
A Survey of Transport Security Protocols A Survey of Transport Security Protocols
draft-ietf-taps-transport-security-07 draft-ietf-taps-transport-security-08
Abstract Abstract
This document provides a survey of commonly used or notable network This document provides a survey of commonly used or notable network
security protocols, with a focus on how they interact and integrate security protocols, with a focus on how they interact and integrate
with applications and transport protocols. Its goal is to supplement with applications and transport protocols. Its goal is to supplement
efforts to define and catalog transport services by describing the efforts to define and catalog transport services by describing the
interfaces required to add security protocols. This survey is not interfaces required to add security protocols. This survey is not
limited to protocols developed within the scope or context of the limited to protocols developed within the scope or context of the
IETF, and those included represent a superset of features a Transport IETF, and those included represent a superset of features a Transport
Services system may need to support. Services system may need to support. Moreover, this document defines
a minimal set of security features that a secure transport system
should provide.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 25, 2020. This Internet-Draft will expire on February 8, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 51 skipping to change at page 3, line 51
surveying commonly used and notable network security protocols, and surveying commonly used and notable network security protocols, and
identifying the services and features a Transport Services system (a identifying the services and features a Transport Services system (a
system that provides a transport API) needs to provide in order to system that provides a transport API) needs to provide in order to
add transport security. It examines Transport Layer Security (TLS), add transport security. It examines Transport Layer Security (TLS),
Datagram Transport Layer Security (DTLS), QUIC + TLS, tcpcrypt, Datagram Transport Layer Security (DTLS), QUIC + TLS, tcpcrypt,
Internet Key Exchange with Encapsulating Security Protocol (IKEv2 + Internet Key Exchange with Encapsulating Security Protocol (IKEv2 +
ESP), SRTP (with DTLS), WireGuard, CurveCP, and MinimalT. For each ESP), SRTP (with DTLS), WireGuard, CurveCP, and MinimalT. For each
protocol, this document provides a brief description, the security protocol, this document provides a brief description, the security
features it provides, and the dependencies it has on the underlying features it provides, and the dependencies it has on the underlying
transport. This is followed by defining the set of transport transport. This is followed by defining the set of transport
security features shared by these protocols. Finally, the document security features shared by these protocols. The document groups
distills the application and transport interfaces provided by the these security features into a minimal set of features, which every
transport security protocols. secure transport system should provide in addition to the transport
features described in [I-D.ietf-taps-minset], and additional optional
features, which may not be available in every secure transport
system. Finally, the document distills the application and transport
interfaces provided by the transport security protocols.
Selected protocols represent a superset of functionality and features Selected protocols represent a superset of functionality and features
a Transport Services system may need to support, both internally and a Transport Services system may need to support, both internally and
externally (via an API) for applications [I-D.ietf-taps-arch]. externally (via an API) for applications [I-D.ietf-taps-arch].
Ubiquitous IETF protocols such as (D)TLS, as well as non-standard Ubiquitous IETF protocols such as (D)TLS, as well as non-standard
protocols such as Google QUIC, are both included despite overlapping protocols such as Google QUIC, are both included despite overlapping
features. As such, this survey is not limited to protocols developed features. As such, this survey is not limited to protocols developed
within the scope or context of the IETF. Outside of this candidate within the scope or context of the IETF. Outside of this candidate
set, protocols that do not offer new features are omitted. For set, protocols that do not offer new features are omitted. For
example, newer protocols such as WireGuard make unique design choices example, newer protocols such as WireGuard make unique design choices
skipping to change at page 32, line 33 skipping to change at page 32, line 33
Transport Services", draft-ietf-taps-arch-04 (work in Transport Services", draft-ietf-taps-arch-04 (work in
progress), July 2019. progress), July 2019.
[I-D.ietf-taps-interface] [I-D.ietf-taps-interface]
Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G., Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G.,
Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T. Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T.
Pauly, "An Abstract Application Layer Interface to Pauly, "An Abstract Application Layer Interface to
Transport Services", draft-ietf-taps-interface-04 (work in Transport Services", draft-ietf-taps-interface-04 (work in
progress), July 2019. progress), July 2019.
[I-D.ietf-taps-minset]
Welzl, M. and S. Gjessing, "A Minimal Set of Transport
Services for End Systems", draft-ietf-taps-minset-11 (work
in progress), September 2018.
[I-D.ietf-tls-dtls-connection-id] [I-D.ietf-tls-dtls-connection-id]
Rescorla, E., Tschofenig, H., and T. Fossati, "Connection Rescorla, E., Tschofenig, H., and T. Fossati, "Connection
Identifiers for DTLS 1.2", draft-ietf-tls-dtls-connection- Identifiers for DTLS 1.2", draft-ietf-tls-dtls-connection-
id-06 (work in progress), July 2019. id-06 (work in progress), July 2019.
[MinimalT] [MinimalT]
"MinimaLT -- Minimal-latency Networking Through Better "MinimaLT -- Minimal-latency Networking Through Better
Security", n.d.. Security", n.d..
[Noise] "The Noise Protocol Framework", n.d.. [Noise] "The Noise Protocol Framework", n.d..
 End of changes. 7 change blocks. 
8 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/