2. Conventions and Terminology
2. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The following terms are used:
client: The endpoint initiating the DTLS connection.
association: Shared state between two endpoints established with a DTLS handshake.
connection: Synonym for association.
endpoint: Either the client or server of the connection.
epoch: One set of cryptographic keys used for encryption and decryption.
handshake: An initial negotiation between client and server that establishes the parameters of the connection.
peer: An endpoint. When discussing a particular endpoint, "peer" refers to the endpoint that is remote to the primary subject of discussion.
receiver: An endpoint that is receiving records.
sender: An endpoint that is transmitting records.
server: The endpoint that did not initiate the DTLS connection.
CID: Connection ID.
MSL: Maximum Segment Lifetime.
The reader is assumed to be familiar with [TLS13]. As in TLS 1.3, the HelloRetryRequest has the same format as a ServerHello message, but for convenience we use the term HelloRetryRequest throughout this document as if it were a distinct message.
DTLS 1.3 uses network byte order (big-endian) format for encoding messages based on the encoding format defined in [TLS13] and earlier (D)TLS specifications.
The reader is also assumed to be familiar with [RFC9146], as this document applies the CID functionality to DTLS 1.3.
Figures in this document illustrate various combinations of the DTLS protocol exchanges, and the symbols have the following meaning:
+indicates noteworthy extensions sent in the previously noted message.*indicates optional or situation-dependent messages/extensions that are not always sent.{}indicates messages protected using keys derived from a[sender]_handshake_traffic_secret.[]indicates messages protected using keys derived fromtraffic_secret_N.