Datagram Transport Layer Security

Not to be confused with TDLS.

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed[1][2][3] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP it avoids the TCP meltdown problem[4][5] when being used to create a VPN tunnel.

  1. ^ E. Rescorla; N. Modadugu (April 2006). Datagram Transport Layer Security. Network Working Group. doi:10.17487/RFC4347. RFC 4347. Obsolete. Obsoleted by RFC 6347. Updated by RFC 5746 and 7507.
  2. ^ E. Rescorla; N. Modadugu (January 2012). Datagram Transport Layer Security Version 1.2. Internet Engineering Task Force (IETF). doi:10.17487/RFC6347. ISSN 2070-1721. RFC 6347. Obsolete. Obsoleted by RFC 9147. Updated by RFC 7507, 7905, 8996 and 9146. Obsoletes RFC 4347.
  3. ^ E. Rescorla; H. Tschofenig; N. Modadugu (April 2022). The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. IETF TLS workgroup. doi:10.17487/RFC9147. RFC 9147. Proposed Standard. Obsoletes RFC 6347
  4. ^ Titz, Olaf (2001-04-23). "Why TCP Over TCP Is A Bad Idea". Archived from the original on 2023-03-10. Retrieved 2015-10-17.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  5. ^ Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi (October 2005). "Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency". In Atiquzzaman, Mohammed; Balandin, Sergey I (eds.). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III. Vol. 6011. Bibcode:2005SPIE.6011..138H. CiteSeerX 10.1.1.78.5815. doi:10.1117/12.630496. S2CID 8945952.