On Mar 22, 7:38am, xuelei....@oracle.com (Xuelei Fan) wrote: -- Subject: Re: Review Request of JDK Enhancement Proposal: DTLS
| Networking experts, any suggestion? I have not seen pmtu exposed at the application layer before. Has anyone else? christos | | Xuelei | | On 3/21/2014 8:28 AM, Matthew Hall wrote: | > On Fri, Mar 21, 2014 at 06:58:50AM +0800, Xuelei Fan wrote: | >> here. Although MTU is not PMTU, but it is normally "correct". | > | > I would state, not "normally correct", but "frequently correct". | > | > In case of IPSEC, SSL VPN, IPv6, GRE, etc. this will not be true. Many of | > these are used for Site-to-Site VPN, which will appear often in the context of | > RTP packets and SRTP packets, which happen to travel over VPNs. | > | >> It would be great if there is PMTU discovery API in Java, which can | >> simplify the implementation of DTLS. | > | > Without it, I think there will be a lot of odd bugs occurring. | > | > Matthew. | > | | | --------------090406030702020009070402 | Content-Type: message/rfc822; | name="Attached Message" | Content-Transfer-Encoding: 7bit | Content-Disposition: attachment; | filename="Attached Message" | | Message-ID: <532a3b53.6000...@oracle.com> | Date: Thu, 20 Mar 2014 08:50:27 +0800 | From: Xuelei Fan <xuelei....@oracle.com> | User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 | MIME-Version: 1.0 | To: Matthew Hall <mh...@mhcomputing.net> | CC: OpenJDK <security-...@openjdk.java.net> | Subject: Re: Review Request of JDK Enhancement Proposal: DTLS | References: <532a25ea.7040...@oracle.com> <20140320003158.ga5...@mhcomputing.net> | In-Reply-To: <20140320003158.ga5...@mhcomputing.net> | Content-Type: text/plain; charset=ISO-8859-1 | Content-Transfer-Encoding: 7bit | | PMTU is a key point of the design. I was wondering to expose this | application layer as a configurable parameter. If it is too big (or not | configured), DTLSEngine(let call it temporarily) will downgrade the size | automatically, just as the previous messages get lost. | | It's good point that need a separate spec to determine the PMTU. I will | see what we can do here. | | Thanks, | Xuelei | | On 3/20/2014 8:31 AM, Matthew Hall wrote: | > Xuelei, | > | > Is there an existing method for determining valid PMTU from inside of Java? If | > not then supplying correct segment size to whatever DTLSEngine (or however | > it's named) class would be non-trivial and could require native code. | > | > If there is not such support, then a separate spec would be needed to add that | > support, before it would be possible to get the new DTLS support to work very | > reliably. | > | > Matthew. | > | > On Thu, Mar 20, 2014 at 07:19:06AM +0800, Xuelei Fan wrote: | >> Hi, | >> | >> Please review the JDK Enhancement Proposal, Support Datagram Transport | >> Layer Security (DTLS) version 1.0 (RFC 4347) and 1.2 (RFC 6347) in the | >> JSSE API and the SunJSSE security provider. Detailed, please refer to | >> the draft JEP: | >> | >> http://cr.openjdk.java.net/~xuelei/7093601/jep-dtls-v00.txt | >> | >> Feel free to make comment and send your feedback to the alias. | >> | >> Thanks, | >> Xuelei | | | --------------090406030702020009070402-- -- End of excerpt from Xuelei Fan
