[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: RE: Use TLS over UDP connection
From: "Dave Thompson" <dthompson () prinpay ! com>
Date: 2013-02-25 22:00:10
Message-ID: 53321B99C9E9497CB5643BF1EF96DC9E () prinpay ! com
[Download RAW message or body]
> From: owner-openssl-dev@openssl.org On Behalf Of David Woodhouse
> Sent: Monday, 25 February, 2013 05:54
> On Sun, 2013-02-24 at 22:26 -0500, Dave Thompson wrote:
> > TLS depends on TCP's reliable in-order transport. DTLS basically
> > re-implements enough of TCP to make TLS functionality work.
>
> That isn't entirely true. Or at least it's misleadingly phrased.
>
> DTLS copes with packet loss and packet re-ordering. If your data are
> transported over DTLS you'd best make sure your application
> is expecting to cope with packet loss and re-ordering too.
>
> DTLS does its own retries of the handshake messages, and I suppose
> strictly speaking that *is* "enough of TCP to make DTLS functionality
> work". But you should be careful not to give the impression that DTLS
> will magically give you an in-order, guaranteed-delivery data stream.
> It won't; it's still a datagram protocol at heart.
>
You're right; I was thinking mostly of handshake, and also compressed
too much. What I meant is (more like): DTLS/UDP uses techniques of
sequence-numbering, sequence-checking, and retries similar to TCP
-- and X.25 and SNA and other reliable-ish protocols -- to work
nearly as well as TLS/TCP, for some value of nearly. While TLS/UDP
wouldn't have any such capabilities, and work much worse.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic