Yes, you have addressed well all the issues I raised, thank you. (In passing you may have seen a post to the TLS list last week about servers sending 29kbyte CertificateRequest messages). Two further queries. Is any comment needed on MAC failures? With TLS over TCP, they terminate the connection; with DTLS over UDP, it is up to the implementation. Do you have a view on this? And, linked at least in my thinking, Alerts; is there any need for anything specific for DTLS/DCCP in the handling of Alerts? Tom Petch ----- Original Message ----- From: "Phelan, Tom" <tphelan@xxxxxxxxxxxx> To: <dccp@xxxxxxxx> Sent: Friday, November 16, 2007 7:00 PM Subject: New version of DTLS over DCCP (-03) submitted Hi All, I've submitted a draft-ietf-dccp-dtls-03.txt. It's currently available at http://www.phelan-4.com/dccp/draft-ietf-dccp-dtls-03.txt and a version with diffs from -02 is at http://www.phelan-4.com/dccp/draft-ietf-dccp-dtls-03-diffs.pdf. The changes are to address the last call comments received. Reviewers please check to see that your comments have been addressed to your satisfaction. Comments fell into the following groups: Sending DTLS handshake messages in DCCP-Request/Response packets unclear/not complete -- I've added a fair amount of explanatory text here, plus a few additional requirements. Coping with congestion control -- I've added a new section (3.3) on this with explanatory text and one requirement. Relationship between DTLS sessions and DCCP connections -- I've added a new section on this (3.4) with explanatory text and no requirements. PMTU issues -- I've added new requirements and reworded some old requirements to be in line with Pasi's comments. Pasi, I haven't addressed all of the issues you raised. I felt that some of them were with DTLS, not DTLS over DCCP and therefore shouldn't be dealt with here. Idnits -- it passes idnits. Service code for app that starts clear then switches to DTLS -- added requirement to section 3.6 for this. Optimizing DTLS anti-replay and DCCP synchronization -- I have not included this. I think that this would require sharing sequence numbers between DTLS and DCCP, and I think it's much better to keep them separate. That level of integration would really merge the two stacks -- more like DTLS plus DCCP than DTLS over DCCP. For example, to merge/optimize the two, I think you'd need to do DTLS anti-replay first, or at least short-circuit the rest of the DCCP stack when a bad sequence number came in. I'm open to anyone who has better ideas about how it could be done, but at this point I don't see it. I didn't make any mention of this in the draft. It didn't seem worthwhile to go through a long discussion and then do nothing. Colin, please let me know if you want anything added. Thanks to Colin, Pasi, Lars, Magnus and Tom Petch for the comments :-). Tom P(helan)
