Hi all, I'm trying to implement a DTLS1.3 library for embedded devices. But It seems something weird about retransmissions and ACKs.
In the section "5.2. DTLS Handshake Message Format": The first message each side transmits in each association always has message_seq = 0. Whenever a new message is generated, the message_seq value is incremented by one. When a message is retransmitted, the old *message_seq value is re-used*, i.e., not incremented. From the perspective of the DTLS record layer, the retransmission is a new record. This record will have a *new* * DTLSPlaintext.sequence_number* value. In the section "7. ACK Message", the ACK message use the record_numbers (corresponds to *DTLSPlaintext.sequence_number*). For my understanding, the "message_seq" belongs to "Handshake" and the "sequence_number" or "record_numbers" belongs to record layer. The retransmission detection is done by "Handshake" using "message_seq", but the "acknowledge" is done by "record layer" using "record_numbers". It is so weird. The retransmission, retransmission detection and acknowledge should be done in handshake process, but we need the record layer passing the record_numebrs to the handshake process. Since a new "sequence_number" is used for retransmission, we have to maintain a "record_numbers" to "message_seq" map with dynamic size. Each retransmission attempt creates a new relationship between a new "record_numbers" to an old "message_seq". Since ACK is only used with Handshake messages, is it possible that we use "message_seq" in ACK messages? Or we use *old* "sequence_number" for retransmission, so we do not need maintain the dynamic map. And if replay detection is implemented, the retransmitted record can be dropped by record layer (by replay detection), the "Handshake Protocol" do not need to do retransmission detection. Thanks Zhai Zhaoxuan
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
