> From: owner-openssl-...@openssl.org On Behalf Of David Woodhouse > Sent: Monday, 25 February, 2013 05:54
> On Sun, 2013-02-24 at 22:26 -0500, Dave Thompson wrote: > > TLS depends on TCP's reliable in-order transport. DTLS basically > > re-implements enough of TCP to make TLS functionality work. > > That isn't entirely true. Or at least it's misleadingly phrased. > > DTLS copes with packet loss and packet re-ordering. If your data are > transported over DTLS you'd best make sure your application > is expecting to cope with packet loss and re-ordering too. > > DTLS does its own retries of the handshake messages, and I suppose > strictly speaking that *is* "enough of TCP to make DTLS functionality > work". But you should be careful not to give the impression that DTLS > will magically give you an in-order, guaranteed-delivery data stream. > It won't; it's still a datagram protocol at heart. > You're right; I was thinking mostly of handshake, and also compressed too much. What I meant is (more like): DTLS/UDP uses techniques of sequence-numbering, sequence-checking, and retries similar to TCP -- and X.25 and SNA and other reliable-ish protocols -- to work nearly as well as TLS/TCP, for some value of nearly. While TLS/UDP wouldn't have any such capabilities, and work much worse. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
