JEP 219: Datagram Transport Layer Security (DTLS)

OwnerXue-Lei Fan
Created2014/05/22 13:11
Updated2016/10/10 16:02
TypeFeature
StatusCompleted
Componentsecurity-libs / javax.net.ssl
ScopeSE
Discussionsecurity dash dev at openjdk dot java dot net
EffortL
DurationL
Priority1
Reviewed byBrian Goetz, Sean Mullan
Endorsed byAlan Bateman, Brian Goetz
Release9
Issue8043758

Summary

Define an API for Datagram Transport Layer Security (DTLS) version 1.0 (RFC 4347) and 1.2 (RFC 6347).

Non-Goals

  1. It is not a goal to support transport-specific interfaces (for example, DTLS for DatagramSocket).

  2. It is not a goal to support PMTU discovery.

Success Metrics

The implementation, in both client and server modes, must interoperate successfully with at least two other DTLS implementations.

Motivation

It is important to support DTLS to satisfy secure-transport requirements for the increasing number of datagram-compatible applications. RFC 4347 lists a number of reasons why TLS is not sufficient for these types of applications:

Protocols that support DTLS include, but are not limited, to:

Google Chrome and Firefox now support DTLS-SRTP for Web Real-Time Communication (WebRTC). DTLS version 1.0 and 1.2 are supported by the major TLS vendors and implementations including OpenSSL, GnuTLS, and Microsoft SChannel.

Description

We expect the DTLS API and implementation to be fairly small. The new API should be transport-independent and similar to javax.net.ssl.SSLEngine. Further details on the API will be added here as the work progresses. Some initial design considerations are as follows:

  1. The DTLS API and implementation will not manage read timeouts. It will be the responsibility of the application to determine an appropriate timeout value and when and how to trigger the timeout event.

  2. A new API will likely be added to set the maximum application datagram size (PMTU minus the DTLS per-record overhead). If the size is not specified explicitly, however, then the DTLS implementation should adjust the size automatically. If a fragment is lost two or three times, the implementation may reduce the size of the maximum application datagram size until it is small enough.

  3. The DTLS implementation should consume or produce at most one TLS record for each unwrap or wrap operation, so that the record can be delivered in the datagram layer individually or can be reassembled more easily if the delivery is out of order.

  4. It is the application's responsibility to assemble the out-of-order application data accordingly if necessary. The DTLS API should provide access to the application data in each DTLS message.