IETF Logo Mail Archive

Re: [TLS] DTLS and large messages

Michael Tüxen <Michael.Tuexen@lurchi.franken.de> Wed, 16 June 2010 11:32 UTC

Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2244828C14E for <tls@core3.amsl.com>; Wed, 16 Jun 2010 04:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.296
X-Spam-Level: **
X-Spam-Status: No, score=2.296 tagged_above=-999 required=5 tests=[AWL=-1.231, BAYES_05=-1.11, HOST_EQ_DIP_TDIAL=2.144, HOST_MISMATCH_NET=0.311, MIME_8BIT_HEADER=0.3, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2OoNCx8VFV0D for <tls@core3.amsl.com>; Wed, 16 Jun 2010 04:32:35 -0700 (PDT)
Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by core3.amsl.com (Postfix) with ESMTP id E30FB28C133 for <tls@ietf.org>; Wed, 16 Jun 2010 04:32:24 -0700 (PDT)
Received: from [192.168.1.190] (p508FDB8C.dip.t-dialin.net [80.143.219.140]) by mail-n.franken.de (Postfix) with ESMTP id 08D251C0C0BEA; Wed, 16 Jun 2010 13:32:24 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="iso-8859-1"
From: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <808FD6E27AD4884E94820BC333B2DB775BC2160AF9@NOK-EUMSG-01.mgdnok.nokia.com>
Date: Wed, 16 Jun 2010 13:33:18 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <CEA344C9-018F-4C7F-B2B7-06F4E678FA1F@lurchi.franken.de>
References: <E1ONiI8-0001C6-Ln@wintermute02.cs.auckland.ac.nz><4C149556.7040008@gnutls.org> <03826B11-ABC0-4F5B-A636-A07DECDF428C@iki.fi><AANLkTimYxYX8KqZ09bC-aglGU6D6W3JGH4gSlpmP4QCG@mail.gmail.com> <516FD065-D91B-4281-8448-5C79FADDD69A@ll.mit.edu> <00f301cb0c5b$f98cc2a0$4001a8c0@gateway.2wire.net> <4C1742A6.1050807@iki.fi> <772A444B-116B-4CC2-A63D-A2D15565E20F@lurchi.franken.de> <808FD6E27AD4884E94820BC333B2DB775BC2160AF9@NOK-EUMSG-01.mgdnok.nokia.com>
To: Pasi.Eronen@nokia.com
X-Mailer: Apple Mail (2.1078)
Cc: tls@ietf.org
Subject: Re: [TLS] DTLS and large messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2010 11:32:36 -0000

On Jun 16, 2010, at 1:07 PM, <Pasi.Eronen@nokia.com> <Pasi.Eronen@nokia.com> wrote:

> Michael Tüxen wrote:
> 
>> DTLS will not fragment any user data. So the application is limited
>> by the path mtu.  When running DTLS/SCTP, SCTP announces a MTU of
>> 2**14 and uses its own fragmentation, but for UDP this is not
>> possible.  To use user messages larger than 2^14, you need a link
>> layer with an MTU of 2^14 or higher. Do you?
> 
> No, you can also use IP layer fragmentation (although that's not such
> a great idea performance-wise if you're running over general
> Internet -- instead of, say, inside a data center).
I think IP fragmentation should be avoided, that is why RFC 4347 states

   If the application
   attempts to send a record larger than the MTU, the DTLS
   implementation SHOULD generate an error, thus avoiding sending a
   packet which will be fragmented.

If you really need to send user messages larger then the MTU you should
use TCP or SCTP as a transport protocol.

Best regards
Michael
> 
> Best regards,
> Pasi
>

v2.23.0 | Report a Bug | By Email