Datagram Transport Layer Security
RFC 4347
Document | Type |
RFC - Historic
(April 2006; Errata)
Obsoleted by RFC 6347
Status changed by status-change-tls-oldversions-to-historic
Was draft-rescorla-dtls (individual in sec area)
|
|
---|---|---|---|
Authors | Eric Rescorla , Nagendra Modadugu | ||
Last updated | 2021-02-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4347 (Historic) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group E. Rescorla Request for Comments: 4347 RTFM, Inc. Category: Standards Track N. Modadugu Stanford University April 2006 Datagram Transport Layer Security Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document specifies Version 1.0 of the Datagram Transport Layer Security (DTLS) protocol. The DTLS protocol provides communications privacy for datagram protocols. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Datagram semantics of the underlying transport are preserved by the DTLS protocol. Table of Contents 1. Introduction ....................................................2 1.1. Requirements Terminology ...................................3 2. Usage Model .....................................................3 3. Overview of DTLS ................................................4 3.1. Loss-Insensitive Messaging .................................4 3.2. Providing Reliability for Handshake ........................4 3.2.1. Packet Loss .........................................5 3.2.2. Reordering ..........................................5 3.2.3. Message Size ........................................5 3.3. Replay Detection ...........................................6 4. Differences from TLS ............................................6 4.1. Record Layer ...............................................6 4.1.1. Transport Layer Mapping .............................7 Rescorla & Modadugu Standards Track [Page 1] RFC 4347 Datagram Transport Layer Security April 2006 4.1.1.1. PMTU Discovery .............................8 4.1.2. Record Payload Protection ...........................9 4.1.2.1. MAC ........................................9 4.1.2.2. Null or Standard Stream Cipher .............9 4.1.2.3. Block Cipher ..............................10 4.1.2.4. New Cipher Suites .........................10 4.1.2.5. Anti-replay ...............................10 4.2. The DTLS Handshake Protocol ...............................11 4.2.1. Denial of Service Countermeasures ..................11 4.2.2. Handshake Message Format ...........................13 4.2.3. Message Fragmentation and Reassembly ...............15 4.2.4. Timeout and Retransmission .........................15 4.2.4.1. Timer Values ..............................18 4.2.5. ChangeCipherSpec ...................................19 4.2.6. Finished Messages ..................................19 4.2.7. Alert Messages .....................................19 4.3. Summary of new syntax .....................................19 4.3.1. Record Layer .......................................20 4.3.2. Handshake Protocol .................................20 5. Security Considerations ........................................21 6. Acknowledgements ...............................................22 7. IANA Considerations ............................................22 8. References .....................................................22 8.1. Normative References ......................................22 8.2. Informative References ....................................23 1. Introduction TLS [TLS] is the most widely deployed protocol for securing network traffic. It is widely used for protecting Web traffic and for e-mail protocols such as IMAP [IMAP] and POP [POP]. The primary advantage of TLS is that it provides a transparent connection-oriented channel. Thus, it is easy to secure an application protocol by inserting TLS between the application layer and the transport layer. However, TLS must run over a reliable transport channel -- typically TCP [TCP]. It therefore cannot be used to secure unreliable datagram traffic. However, over the past few years an increasing number of applicationShow full document text