datatracker.ietf.org
Sign in
Version 5.9.0, 2014-12-18
Report a bug

Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
RFC 5238

Document type: RFC - Proposed Standard (May 2008; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5238 (Proposed Standard)
Responsible AD: Lars Eggert
Send notices to: dccp-chairs@tools.ietf.org, draft-ietf-dccp-dtls@tools.ietf.org

Network Working Group                                         T. Phelan
Request for Comments: 5238                               Sonus Networks
Category: Standards Track                                      May 2008

       Datagram Transport Layer Security (DTLS) over the Datagram
                   Congestion Control Protocol (DCCP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document specifies the use of Datagram Transport Layer Security
   (DTLS) over the Datagram Congestion Control Protocol (DCCP).  DTLS
   provides communications privacy for applications that use datagram
   transport protocols and allows client/server applications to
   communicate in a way that is designed to prevent eavesdropping and
   detect tampering or message forgery.  DCCP is a transport protocol
   that provides a congestion-controlled unreliable datagram service.

Table of Contents

   1. Introduction ....................................................2
   2. Terminology .....................................................2
   3. DTLS over DCCP ..................................................2
      3.1. DCCP and DTLS Sequence Numbers .............................3
      3.2. DCCP and DTLS Connection Handshakes ........................3
      3.3. Effects of DCCP Congestion Control .........................4
      3.4. Relationships between DTLS Sessions/Connections and DCCP
           Connections ................................................5
      3.5. PMTU Discovery .............................................6
      3.6. DCCP Service Codes .........................................7
      3.7. New Versions of DTLS .......................................8
   4. Security Considerations .........................................8
   5. Acknowledgments .................................................8
   6. References ......................................................9
      6.1. Normative References .......................................9
      6.2. Informative References .....................................9

Phelan                      Standards Track                     [Page 1]
RFC 5238                     DTLS over DCCP                     May 2008

1.  Introduction

   This document specifies how to carry application payloads with
   Datagram Transport Layer Security (DTLS), as specified in [RFC4347],
   in the Datagram Congestion Control Protocol (DCCP), as specified in
   [RFC4340].

   DTLS is an adaptation of Transport Layer Security (TLS, [RFC4346])
   that modifies TLS for use with the unreliable transport protocol UDP.
   TLS is a protocol that allows client/server applications to
   communicate in a way that is designed to prevent eavesdropping and
   detect tampering and message forgery.  DTLS can be viewed as
   TLS-plus-adaptations-for-unreliability.

   DCCP provides an unreliable transport service, similar to UDP, but
   with adaptive congestion control, similar to TCP and Stream Control
   Transmission Protocol (SCTP).  DCCP can be viewed equally well as
   either UDP-plus-congestion-control or TCP-minus-reliability
   (although, unlike TCP, DCCP offers multiple congestion control
   algorithms).

   The combination of DTLS and DCCP will offer transport security
   capabilities to applications using DCCP similar to those available
   for TCP, UDP, and SCTP.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  DTLS over DCCP

   The approach here is very straightforward -- DTLS records are
   transmitted in the Application Data fields of DCCP-Data and
   DCCP-DataAck packets (in the rest of the document assume that
   "DCCP-Data packet" means "DCCP-Data or DCCP-DataAck packet").
   Multiple DTLS records MAY be sent in one DCCP-Data packet, as long as
   the resulting packet is within the Path Maximum Transfer Unit (PMTU)
   currently in force for normal data packets, if fragmentation is not
   allowed (the Don't Fragment (DF) bit is set for IPv4 or no
   fragmentation extension headers are being used for IPv6), or within
   the current DCCP maximum packet size if fragmentation is allowed (see
   Section 3.5 for more information on PMTU Discovery).  A single DTLS

[include full document text]