Re: Close-read of DTLS - questions on latest revision.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Phelan, Tom wrote:

Hi Gorry,

See inline (this is getting long, but be sure to get to the end, that's
where the controversy is :-))...

Tom P.


<snip>


DCCP normally restricts packets to be less than the Maximum Packet

Size
[Tom P.]                                ^^^^^^^^^ well, less than or
equal

(MPS) (e.g. determined by Path MTU Discovery). The Congestion Control

[Tom P.]                    ^^^^^^^^^^^^^^^^^^ not always

MPS (CCMPS) [RFC4340] specifies the largest MPS that may be used with

a

specific congestion control ID (CCID). This may be fixed for a
Congestion Control ID, or could vary as a function of the current
congestion control state.

A DCCP implementation may permit applications to send datagrams larger
than the current MPS (permitting fragmentation), but smaller than the

[Tom P.]   ^^^^^^^^^^^ current PMTU

CCMPS. When this is allowed, DTLS implementations SHOULD control the

use

of the DF bit by DCCP in concert with the application's indications.
When the DF bit is not set, and DCCP packets can be fragmented, the
CCMPS may be less than the 65,535 bytes normally used in UDP.

DTLS over DCCP implementations MUST NOT use a DTLS record size that is
greater than the DCCP MPS currently in force."


[Tom P.] I'll think about this a bit, but I feel we're going down the
path of trying to improve the clarity of the DCCP specification, and I
don't think that's the correct thing to do here.  For example, as far as
I can tell from searching CCID2 and 3, they don't specify what the CCMPS
is, and DCCP doesn't specify what it is when the CCID hasn't stepped up.
I don't think we should fix that here.

I think the important points to make for DTLS over DCCP are:

1) As with UDP, it's possible to send DTLS records that are bigger than
the PMTU (by not setting the DF bit, although DCCP implementations are
not required to support this).

2) When you do this, don't blindly assume that the maximum record size
is 64K-1 or any other fixed value.

3)  Under no circumstances can the DTLS record size be bigger than the
DCCP MPS.

& MPS can change, so DTLS needs to check this using the DCCP API.


<snip>

These seem like the right conclusions to me,

Gorry
[Index of Archives]     [Linux Kernel Development]     [Linux DCCP]     [IETF Annouce]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [DDR & Rambus]

  Powered by Linux