[114446] in cryptography@c2.net mail archive
Re: Gutmann Soundwave Therapy
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Feb 1 15:00:47 2008
To: Ian G <iang@systemics.com>
Cc: Cryptography <cryptography@metzdowd.com>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 01 Feb 2008 14:52:44 -0500
In-Reply-To: <47A33A0C.5000201@systemics.com> (Ian G.'s message of "Fri\, 01 Feb 2008 16\:26\:04 +0100")
Ian G <iang@systemics.com> writes:
> This is what Guus was getting at:
>
>
> - We needed to tunnel data over UDP, with UDP semantics.
> SSL requires a reliable stream. Therefore, we had to
> use something other that SSL to tunnel data.
The version of SSL (which is officially called TLS) that does this is
called "DTLS". It has already existed for some time now.
> To put it in more fundamental terms, TLS assumes that what you want is
> a stream. If you want packets, then TLS is a millstone around your
> neck.
That's why you use "Datagram TLS", aka "TLS if your app needs UDP
instead of TCP".
If you want to learn more about DTLS, this Wikipedia page:
http://en.wikipedia.org/wiki/DTLS
points at the RFC, which is here:
http://tools.ietf.org/html/rfc4347
OpenSSL has had DTLS support for a while, so there is unencumbered
code for you to roll into your app for the purpose any time you like.
> Advising TLS for a packet delivery requirement is simply "wrong."
DTLS is there for packet delivery.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
