Ian G <[EMAIL PROTECTED]> writes:
> This is what Guus was getting at:
> - We needed to tunnel data over UDP, with UDP semantics.
>   SSL requires a reliable stream. Therefore, we had to
>   use something other that SSL to tunnel data.

The version of SSL (which is officially called TLS) that does this is
called "DTLS". It has already existed for some time now.

> To put it in more fundamental terms, TLS assumes that what you want is
> a stream.  If you want packets, then TLS is a millstone around your
> neck.

That's why you use "Datagram TLS", aka "TLS if your app needs UDP
instead of TCP".

If you want to learn more about DTLS, this Wikipedia page:
points at the RFC, which is here:

OpenSSL has had DTLS support for a while, so there is unencumbered
code for you to roll into your app for the purpose any time you like.

> Advising TLS for a packet delivery requirement is simply "wrong."

DTLS is there for packet delivery.

Perry E. Metzger                [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to