Section 6. on TLS usage notes that SIGTRAN protocols use the same
port number and payload protocol identifier when run over TLS, and
that a session upgrade procedure has to be used to initiate the TLS
based
communication. There are, however, no pointers to a specification for
this (even an example). I think _something_ is required here, because
the consequences of doing an upgrade here may not be obvious.
RFC 3436 notes in section 6.2, for example:
TLS requires that the underlying transport delivers TLS records in
strict sequence. Thus, the 'unordered delivery' feature of SCTP MUST
NOT be used on streams which are used for TLS based user data
transmission. For the same reason, TLS records delivered to SCTP for
transmission MUST NOT have limited lifetimes.
If you UPGRADE, in other words, there are consequences to how you use
SCTP that you may need to take into account. If these don't apply to
SIGTRAN, great, but a worked example or additional text on the
UPGRADE scenario would really help.
Note:
Section 3., "Security in Telephone Networks" seems to report things
like "the trusted network principle" without any comment on how
valid these principles are. Purely as a personal note, I would find
some more cynicism here comforting. This does not, of course,
change the specification in any substantive way.