Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
RFC 5238

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    dccp mailing list <dccp@ietf.org>, 
    dccp chair <dccp-chairs@tools.ietf.org>
Subject: Protocol Action: 'Datagram Transport Layer Security 
         (DTLS) over the Datagram Congestion Control Protocol (DCCP)' to 
         Proposed Standard 

The IESG has approved the following document:

- 'Datagram Transport Layer Security (DTLS) over the Datagram Congestion 
   Control Protocol (DCCP) '
   <draft-ietf-dccp-dtls-07.txt> as a Proposed Standard

This document is the product of the Datagram Congestion Control Protocol 
Working Group. 

The IESG contact persons are Lars Eggert and Magnus Westerlund.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dccp-dtls-07.txt

Technical Summary

This document specifies the use of Datagram Transport Layer Security
(DTLS) over the Datagram Congestion Control Protocol (DCCP).  DTLS
provides communications privacy for datagram protocols and allows
client/server applications to communicate in a way that is designed
to prevent eavesdropping, tampering, or message forgery.  DCCP is a
transport protocol that provides a congestion-controlled unreliable
datagram service.


Working Group Summary

This document is a product of the DCCP working group. The document is
expected to apply to the use of current and future versions of DTLS
over the DCCP transport service.


Document Quality

The DCCP WG has reached consensus that this document is ready for
publication, and recommends publication on the IETF Standards Track.


Personnel

Gorry Fairhurst (gorry@erg.abdn.ac.uk) was the Document Shepherd. Lars
Eggert (lars.eggert@nokia.com) has reviewed this document for the IESG.


RFC Editor Note

Change in the abstract:

OLD TEXT:   
   This document specifies the use of Datagram Transport Layer
   Security (DTLS) over the Datagram Congestion Control
   Protocol (DCCP).  DTLS provides communications privacy for
   datagram protocols and allows client/server applications to
   communicate in a way that is designed to prevent
   eavesdropping and detect tampering or message forgery.  DCCP
   is a transport protocol that provides a
   congestion-controlled unreliable datagram service.
   
NEW TEXT:
   This document specifies the use of Datagram Transport Layer
   Security (DTLS) over the Datagram Congestion Control
   Protocol (DCCP).  DTLS provides communications privacy for
   applications that use datagram transport protocols and
   allows client/server applications to communicate in a way
   that is designed to prevent eavesdropping and detect
   tampering or message forgery.  DCCP is a transport protocol
   that provides a congestion-controlled unreliable datagram
   service.
   
Change in Section 1, first paragraph:
   
OLD TEXT:
   This document specifies how to use Datagram Transport Layer
   Security (DTLS), as specified in [RFC4347], over the
   Datagram Congestion Control Protocol (DCCP), as specified in
   [RFC4340].
   
NEW TEXT:
   This document specifies how to carry application payloads
   with Datagram Transport Layer Security (DTLS), as specified
   in [RFC4347], in the Datagram Congestion Control Protocol
   (DCCP), as specified in [RFC4340].
   
Change in Section 1, last paragraph:
   
OLD TEXT:
   The combination of DTLS and DCCP will offer transport
   security capabilities to DCCP users similar to those
   available for TCP, UDP and SCTP.
   
NEW TEXT:
   The combination of DTLS and DCCP will offer transport
   security capabilities to applications using DCCP similar to
   those available for TCP, UDP and SCTP.

Replace one paragraph of text in Section 3 as follows:

OLD TEXT:
   The approach here is very straightforward -- DTLS records
   are transmitted in the Application Data fields of DCCP-Data
   and DCCP-DataAck packets (in the rest of the document assume
   that "DCCP-Data packet" means "DCCP-Data or DCCP-DataAck
   packet").  Multiple DTLS records MAY be sent in one
   DCCP-Data packet, as long as the resulting packet is within
   the Path Maximum Transfer Unit (PMTU) currently in force for
   normal data packets, if the Don't Fragment (DF) bit is being
   used, or within the current DCCP maximum packet size if the
   DF bit is not being used (see section 3.5 for more
   information on PMTU Discovery).  A single DTLS record MUST
   be fully contained in a single DCCP-Data packet; it MUST NOT
   be split over multiple packets.

NEW TEXT:
   The approach here is very straightforward -- DTLS records
   are transmitted in the Application Data fields of DCCP-Data
   and DCCP-DataAck packets (in the rest of the document assume
   that "DCCP-Data packet" means "DCCP-Data or DCCP-DataAck
   packet").  Multiple DTLS records MAY be sent in one
   DCCP-Data packet, as long as the resulting packet is within
   the Path Maximum Transfer Unit (PMTU) currently in force for
   normal data packets, if fragmentation is not allowed (the
   Don't Fragment (DF) bit is set for IPv4 or no fragmentation
   extension headers are being used for IPv6), or within the
   current DCCP maximum packet size if fragmentation is allowed
   (see Section 3.5 for more information on PMTU Discovery).  A
   single DTLS record MUST be fully contained in a single
   DCCP-Data packet; it MUST NOT be split over multiple
   packets.