[gnutls-dev] Re: Intent to implement DTLS

Simon Josefsson jas at extundo.com
Sat May 7 16:54:12 CEST 2005


Guus Sliepen <guus at sliepen.eu.org> writes:

> Hello developers,
>
> Unless others are already working on it, I intend to implement Datagram
> TLS, as specified in draft-rescorla-dtls-04.txt, in GNUTLS. DTLS
> slightly changes the handshake protocol and the record layer to allow
> TLS to run over UDP (or other datagram protocols). Some applications
> need the UDP semantics (unreliable, out-of-order packet delivery) in
> order to function well. These include multimedia applications and VPNs.
> Once GNUTLS supports DTLS, tinc (http://www.tinc-vpn.org/) will use it
> to securely transmit network packets over the Internet.
>
> OpenSSL has recently merged a patch for DTLS support in its CVS
> repository. DTLS support will be included in version 0.9.8. Thus
> it will be possible to do interoperability tests.

Hi Guus, and welcome.  DTLS sounds like a lovely contribution.

> I would welcome CVS write access, but otherwise I'll send patches.

I think that can be arranged, but it might be simpler to wait until
you have something that sort of work.  It would have to be added to a
branch anyway initially, so you could copy our CVS tree and set up a
local CVS mirror to play with meanwhile.

> If you have suggestions about how to proceed, please tell me.

I'd suggest a high-level approach like this:

1. Implement it grossly, possibly modifying existing functions, until
   it interoperate with OpenSSL.

2. Building on what you've learned doing 1, write up a suggestion of
   what you think a clean API would be and post it here.  Try not to
   think about how you would actually implement that API, but rather
   how it would be used.  Perhaps some discussion at this point.

3. Change the code to implement the clean API.

Just my $.2.

> Also, I will be working on this in spare time, help is appreciated.

I'll cheer you on, and will try to assist with testing etc, but will
probably have little time to code.  The last might change, I have
mentioned DTLS support as a useful project to some people.

Regards,
Simon



More information about the Gnutls-dev mailing list