Re: Question on reliable transports

[Alan DeKok <aland@deployingradius.com>]

Glen Zorn wrote:
> I'm just trying to figure out what the "reliable transport offered by
> DTLS" might be.  AFAICT, RFC 4347 defines a kind of pseudo-reliability
> (including retransmission timers, buffering of out-of-order messages,
> etc.) for the DTLS handshake but not for records (which is presumably
> where the actual RADIUS messages would reside).

  Hmm... going back and reading it again, it's pretty obvious.  No
reliable transport.  It even says that.

  OK.  Looking at RFC 4279 (TLS PSK), the RC4 methods are forbidden by
RFC 4347.  The other methods CBC, which means that they can't be
randomly accessed.  So the PSK methods appear to be unsuitable for DTLS.
 RFC 4785 defines PSK with NULL encryption methods, which isn't good for
our purposes.  The following draft proposes a Galois Counter Mode for
PSK: draft-ietf-tls-psk-new-mac-aes-gcm-03.txt

  The description of the GCM method says that the results can be
calculated in parallel, which would seem to mean it's suitable for
random access.  But I'm not a crypto expert, and I don't know for sure.

  The DTLS-SRTP draft (draft-ietf-avt-dtls-srtp-05.txt) defines it's own
encryption methods.

  Maybe Hannes has some comments here?

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>