RFC 9147 - The Datagram Transport Layer Security (DTLS) Protocol Version 1.3

Metadata

• RFC Number: 9147
• Title: The Datagram Transport Layer Security (DTLS) Protocol Version 1.3
• Authors: E. Rescorla (Mozilla), H. Tschofenig (Arm Limited), N. Modadugu (Google, Inc.)
• Date: April 2022
• Status: Standards Track
• Obsoletes: RFC 6347
• Updates: -
• More Info: https://www.rfc-editor.org/info/rfc9147

Abstract

This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.

The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.

This document obsoletes RFC 6347.

Contents

• 1. Introduction
• 2. Conventions and Terminology
• 3. DTLS Design Rationale and Overview
  • 3.1. Packet Loss
  • 3.2. Reordering
  • 3.3. Fragmentation
  • 3.4. Replay Detection
• 4. The DTLS Record Layer
  • 4.1. Demultiplexing DTLS Records
  • 4.2. Sequence Number and Epoch
  • 4.3. Transport Layer Mapping
  • 4.4. PMTU Issues
  • 4.5. Record Payload Protection
• 5. The DTLS Handshake Protocol
  • 5.1. Denial-of-Service Countermeasures
  • 5.2. DTLS Handshake Message Format
  • 5.3. ClientHello Message
  • 5.4. ServerHello Message
  • 5.5. Handshake Message Fragmentation and Reassembly
  • 5.6. EndOfEarlyData Message
  • 5.7. DTLS Handshake Flights
  • 5.8. Timeout and Retransmission
  • 5.9. Cryptographic Label Prefix
  • 5.10. Alert Messages
  • 5.11. Establishing New Associations with Existing Parameters
• 6. Example of Handshake with Timeout and Retransmission
  • 6.1. Epoch Values and Rekeying
• 7. ACK Message
  • 7.1. Sending ACKs
  • 7.2. Receiving ACKs
  • 7.3. Design Rationale
• 8. Key Updates
• 9. Connection ID Updates
  • 9.1. Connection ID Example
• 10. Application Data Protocol
• 11. Security Considerations
• 12. Changes since DTLS 1.2
• 13. Updates Affecting DTLS 1.2
• 14. IANA Considerations
• 15. References
  • 15.1. Normative References
  • 15.2. Informative References
• Appendix A. Protocol Data Structures and Constant Values
  • A.1. Record Layer
  • A.2. Handshake Protocol
  • A.3. ACKs
  • A.4. Connection ID Management
• Appendix B. Analysis of Limits on CCM Usage
  • B.1. Confidentiality Limits
  • B.2. Integrity Limits
  • B.3. Limits for AEAD_AES_128_CCM_8
• Appendix C. Implementation Pitfalls
• Contributors
• Authors' Addresses

Copyright Notice

Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.