Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
RFC 5238
Document | Type |
RFC - Proposed Standard
(May 2008; No errata)
Was draft-ietf-dccp-dtls (dccp WG)
|
|
---|---|---|---|
Author | Thomas Phelan | ||
Last updated | 2015-10-14 | ||
Replaces | draft-phelan-dccp-dtls | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5238 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Lars Eggert | ||
Send notices to | (None) |
Network Working Group T. Phelan Request for Comments: 5238 Sonus Networks Category: Standards Track May 2008 Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document specifies the use of Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP). DTLS provides communications privacy for applications that use datagram transport protocols and allows client/server applications to communicate in a way that is designed to prevent eavesdropping and detect tampering or message forgery. DCCP is a transport protocol that provides a congestion-controlled unreliable datagram service. Table of Contents 1. Introduction ....................................................2 2. Terminology .....................................................2 3. DTLS over DCCP ..................................................2 3.1. DCCP and DTLS Sequence Numbers .............................3 3.2. DCCP and DTLS Connection Handshakes ........................3 3.3. Effects of DCCP Congestion Control .........................4 3.4. Relationships between DTLS Sessions/Connections and DCCP Connections ................................................5 3.5. PMTU Discovery .............................................6 3.6. DCCP Service Codes .........................................7 3.7. New Versions of DTLS .......................................8 4. Security Considerations .........................................8 5. Acknowledgments .................................................8 6. References ......................................................9 6.1. Normative References .......................................9 6.2. Informative References .....................................9 Phelan Standards Track [Page 1] RFC 5238 DTLS over DCCP May 2008 1. Introduction This document specifies how to carry application payloads with Datagram Transport Layer Security (DTLS), as specified in [RFC4347], in the Datagram Congestion Control Protocol (DCCP), as specified in [RFC4340]. DTLS is an adaptation of Transport Layer Security (TLS, [RFC4346]) that modifies TLS for use with the unreliable transport protocol UDP. TLS is a protocol that allows client/server applications to communicate in a way that is designed to prevent eavesdropping and detect tampering and message forgery. DTLS can be viewed as TLS-plus-adaptations-for-unreliability. DCCP provides an unreliable transport service, similar to UDP, but with adaptive congestion control, similar to TCP and Stream Control Transmission Protocol (SCTP). DCCP can be viewed equally well as either UDP-plus-congestion-control or TCP-minus-reliability (although, unlike TCP, DCCP offers multiple congestion control algorithms). The combination of DTLS and DCCP will offer transport security capabilities to applications using DCCP similar to those available for TCP, UDP, and SCTP. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. DTLS over DCCP The approach here is very straightforward -- DTLS records are transmitted in the Application Data fields of DCCP-Data and DCCP-DataAck packets (in the rest of the document assume that "DCCP-Data packet" means "DCCP-Data or DCCP-DataAck packet"). Multiple DTLS records MAY be sent in one DCCP-Data packet, as long as the resulting packet is within the Path Maximum Transfer Unit (PMTU) currently in force for normal data packets, if fragmentation is not allowed (the Don't Fragment (DF) bit is set for IPv4 or no fragmentation extension headers are being used for IPv6), or within the current DCCP maximum packet size if fragmentation is allowed (see Section 3.5 for more information on PMTU Discovery). A single DTLS record MUST be fully contained in a single DCCP-Data packet; it MUST NOT be split over multiple packets. Phelan Standards Track [Page 2] RFC 5238 DTLS over DCCP May 2008 3.1. DCCP and DTLS Sequence Numbers Both DCCP and DTLS use sequence numbers in their packets/records.Show full document text