2. Introduction to TLS and DTLS
TLS stands for “Transport Layer Security” and is the successor of SSL, the Secure Sockets
Layer protocol [12] designed by Netscape. TLS is an Internet protocol, defined by IETF
1
,
described in [10]. The protocol provides confidentiality, and authentication layers over any
reliable transport layer. The description, below, refers to TLS 1.0 but also applies to TLS
1.2 [10] and SSL 3.0, since the differences of these protocols are not major.
The DTLS protocol, or “Datagram TLS” [25] is a protocol with identical goals as TLS, but
can operate under unreliable transport layers, such as UDP. The discussions below apply to
this protocol as well, except when noted otherwise.
2.1. TLS layers
TLS is a layered protocol, and consists of the record protocol, the handshake protocol and the
alert protocol. The record protocol is to serve all other protocols and is above the transport
layer. The record protocol offers symmetric encryption, data authenticity, and optionally
compression. The alert protocol offers some signaling to the other protocols. It can help
informing the peer for the cause of failures and other error conditions. section 2.4, for more
information. The alert protocol is above the record protocol.
The handshake protocol is responsible for the security parameters’ negotiation, the initial key
exchange and authentication. section 2.5, for more information about the handshake protocol.
The protocol layering in TLS is shown in Figure 2.1.
2.2. The transport layer
TLS is not limited to any transport layer and can be used above any transport layer, as long as
it is a reliable one. DTLS can be used over reliable and unreliable transport layers. GnuTLS
supports TCP and UDP layers transparently using the Berkeley sockets API. However, any
transport layer can be used by providing callbacks for GnuTLS to access the transport layer
(for details see section 5.2).
1
IETF, or Internet Engineering Task Force, is a large open international community of network designers,
operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth
operation of the Internet. It is open to any interested individual.
7
我的内容管理
展开
