Internet-Draft | DTN UDPCL | February 2021 |
Sipos | Expires 11 August 2021 | [Page] |
This document describes a UDP-based convergence layer (UDPCL) for Delay-Tolerant Networking (DTN). This version of the UDPCL protocol clarifies requirements of RFC7122, adds discussion of multicast addressing, and updates to the Bundle Protocol (BP) contents, encodings, and convergence layer requirements in BP Version 7. Specifically, the UDPCL uses CBOR-encoded BPv7 bundles as its service data unit being transported and provides a reliable transport of such bundles. This version of UDPCL also includes security and extensibility mechanisms.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 11 August 2021.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
This document describes the UDP-based convergence-layer protocol for Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to-end architecture providing communications in and/or through highly stressed environments, including those with intermittent connectivity, long and/or variable delays, and high bit error rates. More detailed descriptions of the rationale and capabilities of these networks can be found in "Delay-Tolerant Network Architecture" [RFC4838].¶
An important goal of the DTN architecture is to accommodate a wide range of networking technologies and environments. The protocol used for DTN communications is the Bundle Protocol Version 7 (BPv7) [I-D.ietf-dtn-bpbis], an application-layer protocol that is used to construct a store-and-forward overlay network. BPv7 requires the services of a "convergence-layer adapter" (CLA) to send and receive bundles using the service of some "native" link, network, or Internet protocol. This document describes one such convergence-layer adapter that uses the well-known User Datagram Protocol (UDP). This convergence layer is referred to as UDP Convergence Layer (UDPCL). For the remainder of this document, the abbreviation "BP" without the version suffix refers to BPv7.¶
The locations of the UDPCL and the BP in the Internet model protocol stack (described in [RFC1122]) are shown in Figure 1. In particular, when BP is using UDP as its bearer with UDPCL as its convergence layer, both BP and UDPCL reside at the application layer of the Internet model.¶
+-------------------------+ | DTN Application | -\ +-------------------------| | | Bundle Protocol (BP) | -> Application Layer +-------------------------+ | | UDP Conv. Layer (UDPCL) | | +-------------------------+ | | DTLS (optional) | -/ +-------------------------+ | UDP | ---> Transport Layer +-------------------------+ | IPv4/IPv6 | ---> Network Layer +-------------------------+ | Link-Layer Protocol | ---> Link Layer +-------------------------+
This document describes the format of the protocol data units passed between entities participating in UDPCL communications. This document does not address:¶
Any UDPCL implementation requires a BP agent to perform those above listed functions in order to perform end-to-end bundle delivery.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This section contains definitions specific to the UDPCL protocol.¶
This is the notional UDPCL application that initiates UDPCL transfers. This design, implementation, configuration, and specific behavior of such an entity is outside of the scope of this document. However, the concept of an entity has utility within the scope of this document as the container and initiator of transfers. The relationship between a UDPCL entity and UDPCL sessions is defined as follows:¶
These relationships are illustrated in Figure 2. For the remainder of this document, the term "entity" without the prefix "UDPCL" refers to a UDPCL entity.¶
+----------------------------------------+ | UDPCL Entity | | | +----------------+ | +--------------------------------+ | | |-+ | | Actively Initiated Transfer #1 +--------->| Other | | | +--------------------------------+ | | UDPCL Entity's | | | ... | | Passive | | | +--------------------------------+ | | Listener | | | | Actively Initiated Transfer #n +--------->| | | | +--------------------------------+ | +----------------+ | | | +-----------------+ | +---------------------------+ | | | +---------------------------+ | +----------------+ | | | Optional Passive | | | |-+ | +-| Listener(s) +<---------+ Other | | | +---------------------------+ | | UDPCL Entity's | | | ^ | | Active | | | | | | Initiator(s) | | | +-------------| | | +----------------------------------------+ +----------------+ | +-----------------+
The service of this protocol is the transmission of DTN bundles via the User Datagram Protocol (UDP). This document specifies the optional fragmentation of bundles, procedures for DTLS setup and teardown, and a set of messages and entity requirements. The general operation of the protocol is as follows.¶
Fundamentally, the UDPCL is a (logically) unidirectional "transmit and forget" protocol which itself maintains no long-term state and provides no feedback to the transmitter. The only long-term state related to UDPCL is used by DTLS in its session keeping (which is bound to a UDP conversation). An entity receiving a bundle from a particular source address-and-port does not imply that the transmitter is willing to accept bundle transfers on that same address-and-port. It is the obligation of a BP agent and its routing schemes to determine a bundle return path.¶
This version of the UDPCL provides the following services to support the over-laying Bundle Protocol agent. In all cases, this is not an API definition but a logical description of how the CL can interact with the BP agent. Each of these interactions can be associated with any number of additional metadata items as necessary to support the operation of the CL or BP agent.¶
This specification gives requirements about how to use PKIX certificates issued by a Certificate Authority (CA), but does not define any mechanisms for how those certificates come to be. The UDPCL uses the exact same mechanisms and makes the same assumptions as TCPCL in Section 3.4 of [I-D.ietf-dtn-tcpclv4].¶
It is a implementation matter for a sending entity to determine the path maximum transmit unit (MTU) to be used as a target upper-bound UDP datagram size. Some mechanisms to perform MTU discovery are defined in [RFC8899]. All IP packets sent by a UDPCL entity SHOULD have the "don't fragment" bit set to allow detection of path MTU issues.¶
The priority order of fragmentation is the following:¶
A UDPCL entity SHOULD NOT proactively drop an outgoing transfer due to datagram size. If intermediate network nodes drop IP packets it is an implementation matter to receive network feedback.¶
The core Bundle Protocol specification assumes that bundles are transferring over an erasure channel, i.e., a channel that either delivers packets correctly or not at all.¶
A UDP transmitter SHALL NOT disable UDP checksums. A UDP receiver SHALL NOT disable the checking of received UDP checksums.¶
Even when UDP checksums are enabled, a small probability of UDP packet corruption remains. In some environments, it may be acceptable for a BP agent to occasionally receive corrupted input. In general, however, a UDPCL entity SHOULD insure the a bundle's blocks are either covered by a CRC or a BPSec integrity check.¶
The applications using UDPCL for bundle transport SHALL conform to the congestion control requirements of Section 3.1 of [RFC8085]. The application SHALL either perform active congestion control of bundles or behave as the Low Data-Volume application as defined in Section 3.1.3 of [RFC8085].¶
When nodes have bidirectional transfer capability, the bundle deletion reason code "traffic pared" can be used by a receiving agent to signal to the bundle source application that throttling of bundles along that path SHOULD occur.¶
This section defines the UDPCL protocol and its interactions with under-layers (IP and UDP) and over-layers (BP). The section is organized from the network layer up toward the BP layer.¶
The earlier UDPCL specification in [RFC7122] did not include guidance on IP addressing and potential use of multicast, though the architecture of [RFC4838] explicitly includes multicast and anycast as expected network modes.¶
The BP agent determines the mapping from destination EID to next-hop CL parameters, including transfer destination address. Some EIDs represent unicast destinations and others non-unicast destinations as defined in Section 4.2.5.1 of [I-D.ietf-dtn-bpbis]. The unicast-ness of an EID does not necessarily correspond with the unicast-ness, as some bundle routing schemes involve attempting multiple parallel paths to a unicast endpoint.¶
For unicast transfers to a single node, the destination address SHALL be a unicast IPv4 or IPv6 address. When performing unicast transfers, a UDPCL entity SHOULD restrict the network to one protected by IPsec or some other under-layer security mechanism (e.g., a virtual private network).¶
For multicast transfers to one or more nodes, the destination address SHALL be a multicast IPv4 [IANA-IPv4-MCAST] or IPv6 [IANA-IPv6-MCAST] address.¶
To perform UDPCL messaging, the active entity SHALL transmit a UDP datagram to a listening passive entity in accordance with [RFC0768], typically by using the services provided by the operating system. Destination port number 4556 has been assigned by IANA as the Registered Port number for the UDP convergence layer and SHALL be used as a default. Other destination port numbers MAY be used per local configuration. Determining a passive entity's destination port number (if different from the registered UDPCL port number) is up to the implementation. Any source port number MAY be used for UDPCL transfers. Typically an operating system assigned number in the UDP Ephemeral range (49152-65535) is used.¶
The lower layer of UDPCL communication is individual-datagram messaging. For backward compatibility with [RFC7122], UDPCL has no explicit message type identifier. The message type is inferred by the inspecting the data contents according to the following rules:¶
The message type is inferred by the inspecting the data contents according to the following rules:¶
Bundles can be transmitted outside of a (fragmented or not) Transfer item. This provides backward compatibility with [RFC7122] and a allows a trivial use of UDPCL which is just embedding an encoded bundle in a UDP datagram. The encoded bundle is one of the following:¶
All encoded BP version 7 bundles begin with a CBOR array head in accordance with [I-D.ietf-dtn-bpbis]. Data with a leading octet value indicating CBOR array (major type 4) SHALL be treated as a BPv7 bundle.¶
BPv7 bundles transmitted via UDPCL SHALL NOT include any leading CBOR tag. If the BP agent provides bundles with such tags the UDPCL entity SHALL remove them.¶
In addition to the UDPCL specific messaging, immediately after a DTLS Initiation (see Section 3.4.1) the DTLS handshake sequence will begin. Data with a leading octet value of 0x16 SHALL be treated as a DTLS handshake record in accordance with Section 4.1 of [RFC6347].¶
If the datagram with the DTLS Initiation extension is not received by an entity, the entity SHOULD still detect the DTLS handshake records and start the handshake sequence at that point. Data with a leading octet value of 0x17--0x19 SHALL be treated as a DTLS sequencing failure; DTLS non-handshake records should never be seen by the UDPCL messaging layer.¶
A summary of how a receiving UDPCL entity can interpret the first octet of a datagram is listed in Table 1. When inspecting using CBOR major types, the range of values is caused by the CBOR head encoding of [RFC8949].¶
Octet Value | Message Content |
---|---|
0x00 | Keepalive |
0x06 | BPv6 Bundle |
0x16--0x19 | DTLS Record |
0x80--0x9F | BPv7 Bundle (CBOR array) |
0xA0--0xBF | Extension Map (CBOR map) |
others | unused |
Extensions to UDPCL are encoded per-datagram in a single CBOR map as defined in Section 3.3. Each UDPCL extension item SHALL be identified by a unique integer (the Extension ID) used as a key in the Extension Map. Extension ID assignments are listed in Section 6.2.¶
Unless prohibited by particular extension type requirements, a single Extension Map MAY contain any combination of extension items. Receivers SHALL ignore extension items with unknown Extension ID and continue to process known extension items.¶
The following subsections define the initial UDPCL extension types.¶
This extension item indicates that the transmitter is about to begin a DTLS handshake sequence in accordance with Section 3.5.¶
The DTLS Initiation value SHALL be an untagged null value. There are no DTLS parameters actually transmitted as part of this extension, it only serves to indicate to the recipient that the next datagram will be a DTLS ClientHello. Although the datagram containing this extension is not retransmitted, the DTLS handshake itself will retransmit ClientHello messages until confirmation is received.¶
The Extension Map containing a DTLS Initiation item SHALL NOT contain any other items. A DTLS Initiation item SHALL NOT be present in any message transmitted within a DTLS session. A receiver of a DTLS Initiation item within a DTLS session SHALL ignore it.¶
If the entity is configured to enable exchanging messages according to DTLS 1.2 [RFC6347] or any successors which are compatible with that DTLS ClientHello, the first message in any sequence to a unicast recipient SHALL be an Extension Map with the DTLS Initiation item. The RECOMMENDED policy is to enable DTLS for all unicast recipients, even if security policy does not allow or require authentication. This follows the opportunistic security model of [RFC7435], though an active attacker could interfere with the exchange in such cases (see Section 5.3).¶
This extension item allows CL-layer fragmentation of bundle transfers. It also allows a bundle transfer to be transmitted along with extension items, which the unframed bundle data does not.¶
The Transfer value SHALL be an untagged CBOR array of four items. The items are defined in the following order:¶
Each Transfer item contains a Transfer ID which is used to correlate messages for a single bundle transfer. A Transfer ID does not attempt to address uniqueness of the bundle data itself and has no relation to concepts such as bundle fragmentation. Each invocation of UDPCL by the BP agent, requesting transmission of a bundle (fragmentary or otherwise), results in the initiation of a single UDPCL transfer.¶
Because UDPCL operation is connectionless, Transfer IDs from each entity SHALL be unique for the operating duration of the entity. In practice, the ID needs only be unique for the longest receiver reassembly time window; but because that information is not part of the protocol there is no way for an entity to When there are bidirectional bundle transfers between UDPCL entities, an entity SHOULD NOT rely on any relation between Transfer IDs originating from each side of the conversation.¶
Although there is not a strict requirement for Transfer ID initial values or ordering (see Section 5.11), in the absence of any other mechanism for generating Transfer IDs an entity SHALL use the following algorithm: the initial Transfer ID from each entity is zero; subsequent Transfer ID values are incremented from the prior Transfer ID value by one; upon exhaustion of the entire 64-bit Transfer ID space, the subsequent Transfer ID value is zero.¶
The full data content of a transfer SHALL be either a BPv6 or BPv7 Bundle as defined in Section 3.3. A receiving entity SHALL discard any reassembled transfer which does not properly contain a bundle.¶
A transmitting entity MAY produce a Transfer with a single fragment (i.e., a Fragment Data size identical to the Total Length). A transmitting entity SHALL NOT produce Transfer fragments with overlapping span. A transmitting entity SHOULD transmit Transfer fragments in order of Fragment Offset; this makes the behavior deterministic.¶
Because of the nature of UDP transport, there is no guaranteed order or timing of received Transfer items. A receiving entity SHALL consider a transport as finished when Fragment Data has been received which fully covers the Total Length of the transfer.¶
A receiving entity SHALL discard any Transfer item containing different CBOR types than defined in this document. A receiving entity SHALL discard any Transfer item containing a fragment with an overlapping span. Because there is no feedback indication at the UDPCL layer, a transmitter has no indication when a transfer is discarded by the receiver.¶
A receiving entity SHOULD discard unfinished transfer state after an implementation-defined timeout since the last received fragment. Entities SHOULD choose a transfer timeout interval no longer than one minute (60 seconds). Discarding an unfinished transfer causes no indication to the transmitting entity, but does indicate this to the BP agent.¶
This version of the UDPCL supports establishing a DTLS session within an existing UDP conversation. When DTLS is used within the UDPCL it affects the entire conversation.¶
Once established, the lifetime of a DTLS session SHALL be bound by the DTLS session ticket lifetime or either peer sending a Closure Alert record.¶
Subsequent DTLS session attempts to the same passive entity MAY attempt to use the DTLS session resumption feature. There is no guarantee that the passive entity will accept the request to resume a DTLS session, and the active entity cannot assume any resumption outcome.¶
The signaling for TLS Initiation is described in Section 3.4.1. After sending or receiving an Extension Map containing a DTLS Initiation item, an entity SHALL begin the handshake procedure of Section 4.2 of [RFC6347]. By convention, this protocol uses the entity which sent the DTLS Initiation (the active peer) as the "client" role of the TLS handshake request.¶
Upon receiving an unexpected ClientHello record outside of a DTLS session, an entity SHALL begin the DTLS handshake procedure as if a DTLS Initiation had been received. This allows recovering from a dropped packet containing DTLS Initiation.¶
The function and mechanism of DTLS authentication for UDPCL is exactly the same as that defined for TCPCL in Section 4.4.4 of [I-D.ietf-dtn-tcpclv4].¶
This section is to be removed before publishing as an RFC.¶
[NOTE to the RFC Editor: please remove this section before publication, as well as the reference to [RFC7942], [github-dtn-demo-agent], and [github-dtn-wireshark].]¶
This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations can exist.¶
An example implementation of the this draft of UDPCL has been created as a GitHub project [github-dtn-demo-agent] and is intended to use as a proof-of-concept and as a possible source of interoperability testing. This example implementation uses D-Bus as the CL-BP Agent interface, so it only runs on hosts which provide the Python "dbus" library.¶
A wireshark dissector for UDPCL has been created as a GitHub project [github-dtn-wireshark] and has been kept in-sync with the latest encoding of this specification.¶
This section separates security considerations into threat categories based on guidance of BCP 72 [RFC3552].¶
When used without DTLS security, the UDPCL can expose the Node ID and other configuration data to passive eavesdroppers. This can occur even if no bundle transfers are transmitted. This can be avoided by always using DTLS, even if authentication is not available (see Section 5.10).¶
UDPCL can be used to provide point-to-point unicast transport security, but does not provide multicast security, security of data-at-rest, and does not guarantee end-to-end bundle security. In those cases the bundle security mechanisms defined in [I-D.ietf-dtn-bpsec] are to be used instead.¶
When used without DTLS security, the UDPCL exposes all bundle data to passive eavesdroppers. This can be avoided by always using DTLS for unicast messaging, even if authentication is not available (see Section 5.10).¶
When security policy allows non-DTLS messaging, UDPCL does not protect against active network attackers. It is possible for a on-path attacker to drop or alter packets containing Extension Map and/or DTLS handshake records, which will cause the receiver to not negotiate a DTLS session. This leads to the "SSL Stripping" attack described in [RFC7457].¶
When DTLS is available on an entity, it is strongly encouraged that the security policy disallow non-DTLS messaging for unicast purposes. This requires that the DTLS handshake occurs before any other UDPCL messaging, regardless of the policy-driven parameters of the handshake and policy-driven handling of the handshake outcome.¶
One mechanism to mitigate the possibility of DTLS stripping is the use of DNS-based Authentication of Named Entities (DANE) [RFC6698] toward the passive peer. This mechanism relies on DNS and is unidirectional, so it doesn't help with applying policy toward the active peer, but it can be useful in an environment using opportunistic security. The configuration and use of DANE are outside of the scope of this document.¶
The negotiated use of DTLS is identical behavior to STARTTLS use in [RFC2595], [RFC4511], and others.¶
Even when using DTLS to secure the UDPCL session, the actual ciphersuite negotiated between the DTLS peers can be insecure. Recommendations for ciphersuite use are included in BCP 195 [RFC7525]. It is up to security policies within each UDPCL entity to ensure that the negotiated DTLS ciphersuite meets transport security requirements.¶
The profile in Section 3.5.2 uses end-entity certificates chained up to a trusted root CA. During DTLS handshake, either entity can send a certificate set which does not contain the full chain, possibly excluding intermediate or root CAs. In an environment where peers are known to already contain needed root and intermediate CAs there is no need to include those CAs, but this has a risk of an entity not actually having one of the needed CAs.¶
Even when DTLS itself is operating properly an attacker can attempt to exploit vulnerabilities within certificate check algorithms or configuration to establish a secure DTLS session using an invalid certificate. An invalid certificate exploit could lead to bundle data leaking and/or denial of service to the Node ID being impersonated.¶
There are many reasons, described in [RFC5280] and [RFC6125], why a certificate can fail to validate, including using the certificate outside of its valid time interval, using purposes for which it was not authorized, or using it after it has been revoked by its CA. Validating a certificate is a complex task and can require network connectivity outside of the primary UDPCL network path(s) if a mechanism such as OCSP [RFC6960] is used by the CA. The configuration and use of particular certificate validation methods are outside of the scope of this document.¶
The UDPCL does not provide any guarantees of or binding to the source of transferred bundles.¶
One mitigation is to use the block integrity mechanisms defined in [I-D.ietf-dtn-bpsec] with a security context which provides node identity binding.¶
The behaviors described in this section all amount to a potential denial-of-service to a UDPCL entity. The denial-of-service could be limited to an individual UDPCL entity, or could affect all entities on a host or network segment.¶
An entity can send a large amount of data to a UDPCL entity, requiring the receiving entity to handle the data. The victim entity can block UDP packets from network peers which are thought to be incorrectly behaving within network.¶
An entity can also send only one fragment of a seemingly valid transfer and never send the remaining fragments, which will cause resources on the receiver to be wasted on transfer reassembly state. The victim entity can either block packets from network peers or intentionally keep a short unfinished transfer timeout (see Section 3.4.2.2).¶
The keepalive mechanism can be abused to waste throughput within a network link which would otherwise be usable for bundle transmissions.¶
Following IETF best current practice, DTLS is mandatory to implement for all UDPCL implementations but DTLS is optional to use for a any given transfer. The recommended configuration of Section 3.4.1 is to always attempt DTLS, but entities are permitted to disable DTLS based on local configuration. The configuration to enable or disable DTLS for an entity or a session is outside of the scope of this document. The configuration to disable DTLS is different from the threat of DTLS stripping described in Section 5.3.¶
This specification makes use of PKIX certificate validation and authentication within DTLS. There are alternate uses of DTLS which are not necessarily incompatible with the security goals of this specification, but are outside of the scope of this document. The following subsections give examples of alternate DTLS uses.¶
In environments where PKI is available but there are restrictions on the issuance of certificates (including the contents of certificates), it may be possible to make use of DTLS in a way which authenticates only the passive entity of a UDPCL transfer or which does not authenticate either entity. Using DTLS in a way which does not successfully authenticate some claim of both peer entities of a UDPCL transfer is outside of the scope of this document but does have similar properties to the opportunistic security model of [RFC7435].¶
In environments where PKI is unavailable, alternate uses of DTLS which do not require certificates such as pre-shared key (PSK) authentication [RFC5489] and the use of raw public keys [RFC7250] are available and can be used to ensure confidentiality within UDPCL. Using non-PKI node authentication methods is outside of the scope of this document.¶
The only requirement on Transfer IDs is that they are unique from the transmitting peer only. The trivial algorithm of the first transfer starting at zero and later transfers incrementing by one causes absolutely predictable Transfer IDs. Even when UDPCL is not DTLS secured and there is a on-path attacker altering UDPCL messages, there is no UDPCL feedback mechanism to interrupt or refuse a transfer so there is no benefit in having unpredictable Transfer IDs.¶
Registration procedures referred to in this section are defined in [RFC8126].¶
Within the port registry of [IANA-PORTS], UDP port number 4556 has been previously assigned as the default port for the UDP convergence layer in [RFC7122]. This assignment to UDPCL is unchanged, but the assignment reference is updated to this specification. There is no UDPCL version indication on-the-wire but this specification is a superset of [RFC7122] and is fully backward compatible. The related assignment for DCCP port 4556 (registered by [RFC7122]) is unchanged.¶
Parameter | Value |
---|---|
Service Name: | dtn-bundle |
Transport Protocol(s): | UDP |
Assignee: | IESG <iesg@ietf.org> |
Contact: | IESG <iesg@ietf.org> |
Description: | DTN Bundle UDP CL Protocol |
Reference: | This specification. |
Port Number: | 4556 |
EDITOR NOTE: sub-registry to-be-created upon publication of this specification.¶
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], a sub-registry titled "Bundle Protocol UDP Convergence-Layer Extension Types" and initialize it with the contents of Table 3. For positive code points the registration procedure is Specification Required. Negative code points are reserved for use on private networks for functions not published to the IANA.¶
Specifications of new extension types need to define the CBOR item structure of the extension data as well as the purpose and relationship of the new extension to existing session/transfer state within the baseline UDPCL sequencing. Receiving entities will ignore items with unknown Extension ID, and that behavior needs to be considered by new extension types.¶
Expert(s) are encouraged to be biased towards approving registrations unless they are abusive, frivolous, or actively harmful (not merely aesthetically displeasing, or architecturally dubious).¶
Extension ID | Name | Item Type | References |
---|---|---|---|
negative | Private/Experimental Use | any | This specification. |
0 | Reserved | This specification. | |
2 | Transfer | array | Section 3.4.2 of this specification. |
5 | DTLS Initiation (STARTTLS) | null | Section 3.4.1 of this specification. |
TBD¶
The areas in which changes from [RFC7122] have been made to existing requirements:¶
The areas in which extensions from [RFC7122] have been made as new behaviors are:¶