Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
RFC 5238
| Document | Type |
RFC - Proposed Standard
(May 2008; No errata)
Was draft-ietf-dccp-dtls (dccp WG)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Replaces | draft-phelan-dccp-dtls | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 5238 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Lars Eggert | ||
| Send notices to | (None) | ||
Network Working Group T. Phelan
Request for Comments: 5238 Sonus Networks
Category: Standards Track May 2008
Datagram Transport Layer Security (DTLS) over the Datagram
Congestion Control Protocol (DCCP)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document specifies the use of Datagram Transport Layer Security
(DTLS) over the Datagram Congestion Control Protocol (DCCP). DTLS
provides communications privacy for applications that use datagram
transport protocols and allows client/server applications to
communicate in a way that is designed to prevent eavesdropping and
detect tampering or message forgery. DCCP is a transport protocol
that provides a congestion-controlled unreliable datagram service.
Table of Contents
1. Introduction ....................................................2
2. Terminology .....................................................2
3. DTLS over DCCP ..................................................2
3.1. DCCP and DTLS Sequence Numbers .............................3
3.2. DCCP and DTLS Connection Handshakes ........................3
3.3. Effects of DCCP Congestion Control .........................4
3.4. Relationships between DTLS Sessions/Connections and DCCP
Connections ................................................5
3.5. PMTU Discovery .............................................6
3.6. DCCP Service Codes .........................................7
3.7. New Versions of DTLS .......................................8
4. Security Considerations .........................................8
5. Acknowledgments .................................................8
6. References ......................................................9
6.1. Normative References .......................................9
6.2. Informative References .....................................9
Phelan Standards Track [Page 1]
RFC 5238 DTLS over DCCP May 2008
1. Introduction
This document specifies how to carry application payloads with
Datagram Transport Layer Security (DTLS), as specified in [RFC4347],
in the Datagram Congestion Control Protocol (DCCP), as specified in
[RFC4340].
DTLS is an adaptation of Transport Layer Security (TLS, [RFC4346])
that modifies TLS for use with the unreliable transport protocol UDP.
TLS is a protocol that allows client/server applications to
communicate in a way that is designed to prevent eavesdropping and
detect tampering and message forgery. DTLS can be viewed as
TLS-plus-adaptations-for-unreliability.
DCCP provides an unreliable transport service, similar to UDP, but
with adaptive congestion control, similar to TCP and Stream Control
Transmission Protocol (SCTP). DCCP can be viewed equally well as
either UDP-plus-congestion-control or TCP-minus-reliability
(although, unlike TCP, DCCP offers multiple congestion control
algorithms).
The combination of DTLS and DCCP will offer transport security
capabilities to applications using DCCP similar to those available
for TCP, UDP, and SCTP.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. DTLS over DCCP
The approach here is very straightforward -- DTLS records are
transmitted in the Application Data fields of DCCP-Data and
DCCP-DataAck packets (in the rest of the document assume that
"DCCP-Data packet" means "DCCP-Data or DCCP-DataAck packet").
Multiple DTLS records MAY be sent in one DCCP-Data packet, as long as
the resulting packet is within the Path Maximum Transfer Unit (PMTU)
currently in force for normal data packets, if fragmentation is not
allowed (the Don't Fragment (DF) bit is set for IPv4 or no
fragmentation extension headers are being used for IPv6), or within
the current DCCP maximum packet size if fragmentation is allowed (see
Section 3.5 for more information on PMTU Discovery). A single DTLS
Show full document text