Skip to main content

The Datagram Transport Layer Security (DTLS) Connection Identifier

Document Type Replaced Internet-Draft (tls WG)
Expired & archived
Authors Eric Rescorla , Hannes Tschofenig , Thomas Fossati , Tobias Gondrom
Last updated 2017-12-13 (Latest revision 2017-11-14)
Replaced by draft-ietf-tls-dtls-connection-id
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-tls-dtls-connection-id
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specifies the "Connection ID" concept for the Datagram Transport Layer Security (DTLS) protocol, version 1.2 and version 1.3. A Connection ID is an identifier carried in the record layer header that gives the recipient additional information for selecting the appropriate security association. In "classical" DTLS, selecting a security association of an incoming DTLS record is accomplished with the help of the 5-tuple. If the source IP address and/or source port changes during the lifetime of an ongoing DTLS session then the receiver will be unable to locate the correct security context.


Eric Rescorla
Hannes Tschofenig
Thomas Fossati
Tobias Gondrom

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)