Re: Datagram TLS

[Scott Fluhrer <sfluhrer@cisco.com>]

On Fri, 30 Jan 2004, Scott Fluhrer wrote:

>
>
> On Fri, 30 Jan 2004, Eric Rescorla wrote:
>
> > This seems relevant to these working groups.
> >
> > Although TLS is quite useful as a generic security layer protocol for
> > lots of applications, it is limited by its reliance on datagram
> > transport. It seems like it would be useful to deploy TLS-style security
> > for datagram apps. To this end, Nagendra Modadugu and I have designed a
> > variant on TLS which works properly over datagram transport but is
> > otherwise intended to be as similar to TLS as possible.
> >
> > http://www.ietf.org/internet-drafts/draft-rescorla-dtls-00.txt
> >
> > Comments welcome...
>
> One obvious question is how you handle the switchover if one of the sides
> decides to rekey.  In this case, a packet encrypted with the old key
> might be slow, and arrive at the destination after the rekey
> negotiation has completed.  TLS handles this because it can assume strict
> message ordering.  IPSec handles this with the SPI value.  How does DTLS
> prevent a packet being decrypted with the wrong key?

Never mind...  While writing this, I came across the epoch flag, that
handles precisely this.  I went to cancel the email and accidentally hit
Send... :-(

-- 
scott