[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    RE: Use TLS over UDP connection
From:       "Dave Thompson" <dthompson () prinpay ! com>
Date:       2013-02-25 22:00:10
Message-ID: 53321B99C9E9497CB5643BF1EF96DC9E () prinpay ! com
[Download RAW message or body]

> From: owner-openssl-dev@openssl.org On Behalf Of David Woodhouse
> Sent: Monday, 25 February, 2013 05:54

> On Sun, 2013-02-24 at 22:26 -0500, Dave Thompson wrote:
> > TLS depends on TCP's reliable in-order transport. DTLS basically 
> > re-implements enough of TCP to make TLS functionality work.
> 
> That isn't entirely true. Or at least it's misleadingly phrased.
> 
> DTLS copes with packet loss and packet re-ordering. If your data are
> transported over DTLS you'd best make sure your application 
> is expecting to cope with packet loss and re-ordering too.
> 
> DTLS does its own retries of the handshake messages, and I suppose
> strictly speaking that *is* "enough of TCP to make DTLS functionality
> work". But you should be careful not to give the impression that DTLS
> will magically give you an in-order, guaranteed-delivery data stream.
> It won't; it's still a datagram protocol at heart.
> 
You're right; I was thinking mostly of handshake, and also compressed 
too much. What I meant is (more like): DTLS/UDP uses techniques of 
sequence-numbering, sequence-checking, and retries similar to TCP 
-- and X.25 and SNA and other reliable-ish protocols -- to work 
nearly as well as TLS/TCP, for some value of nearly. While TLS/UDP 
wouldn't have any such capabilities, and work much worse.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]