[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question on reliable transports
Glen Zorn wrote:
> I don't understand. Why would random access(whatever that means in this
> context) matter?
Many common TLS cipher suites depend on cipher block chaining, or CBC.
This means that receiving out of order packets is impossible, because
you need packets 0..N in order to decrypt packet N+1.
A stream cipher with random access means that if you miss out on
packet N, you can "seek" to a position that lets you decode packet N+1.
Other encryption methods allow similar behavior without using stream
ciphers.
I've taken a look at other DTLS drafts, and none mention required
cipher suites. I've looked at DTLS packet traces, but Wireshark doesn't
decode DTLS packets (yet).
Looking at the OpenSSL source code, the only cipher suite it forbids
for DTLS is RC4. Which makes me wonder if CBC mode maybe does work...
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>