Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8043758

JEP 219: Datagram Transport Layer Security (DTLS)

    Details

    • Author:
      Xue-Lei Fan
    • JEP Type:
      Feature
    • Exposure:
      Open
    • Subcomponent:
    • Scope:
      SE
    • Discussion:
      security dash dev at openjdk dot java dot net
    • Effort:
      L
    • Duration:
      L
    • Alert Status:
       Green
    • JEP Number:
      219

      Description

      Summary

      Define an API for Datagram Transport Layer Security (DTLS) version 1.0 (RFC 4347) and 1.2 (RFC 6347).

      Non-Goals

      1. It is not a goal to support transport-specific interfaces (for example, DTLS for DatagramSocket).

      2. It is not a goal to support PMTU discovery.

      Success Metrics

      The implementation, in both client and server modes, must interoperate successfully with at least two other DTLS implementations.

      Motivation

      It is important to support DTLS to satisfy secure-transport requirements for the increasing number of datagram-compatible applications. RFC 4347 lists a number of reasons why TLS is not sufficient for these types of applications:

      • "TLS is the most widely deployed protocol for securing network traffic. ... However, TLS must run over a reliable transport channel---typically TCP. It therefore cannot be used to secure unreliable datagram traffic."

      • "... an increasing number of application layer protocols have been designed that use UDP transport. In particular, protocols such as the Session Initiation Protocol (SIP) and electronic gaming protocols are increasingly popular."

      • "In many cases, the most desirable way to secure client/server applications would be to use TLS; However, the requirement for datagram semantics automatically prohibits use of TLS. Thus, a datagram-compatible variant of TLS is very desirable."

      Protocols that support DTLS include, but are not limited, to:

      • RFC 5238, Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)

      • RFC 6083, Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)

      • RFC 5764, Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)

      • RFC 7252, Constrained Application Protocol (CoAP)

      Google Chrome and Firefox now support DTLS-SRTP for Web Real-Time Communication (WebRTC). DTLS version 1.0 and 1.2 are supported by the major TLS vendors and implementations including OpenSSL, GnuTLS, and Microsoft SChannel.

      Description

      We expect the DTLS API and implementation to be fairly small. The new API should be transport-independent and similar to javax.net.ssl.SSLEngine. Further details on the API will be added here as the work progresses. Some initial design considerations are as follows:

      1. The DTLS API and implementation will not manage read timeouts. It will be the responsibility of the application to determine an appropriate timeout value and when and how to trigger the timeout event.

      2. A new API will likely be added to set the maximum application datagram size (PMTU minus the DTLS per-record overhead). If the size is not specified explicitly, however, then the DTLS implementation should adjust the size automatically. If a fragment is lost two or three times, the implementation may reduce the size of the maximum application datagram size until it is small enough.

      3. The DTLS implementation should consume or produce at most one TLS record for each unwrap or wrap operation, so that the record can be delivered in the datagram layer individually or can be reassembled more easily if the delivery is out of order.

      4. It is the application's responsibility to assemble the out-of-order application data accordingly if necessary. The DTLS API should provide access to the application data in each DTLS message.

        Issue Links

          Activity

          Hide
          bobv Bob Vandette added a comment - - edited
          Can you please confirm that the added DTLS support will only have module dependencies on the base module and nothing else?

          Will it be designed as an optional security component similar to sunec?

          Show
          bobv Bob Vandette added a comment - - edited Can you please confirm that the added DTLS support will only have module dependencies on the base module and nothing else? Will it be designed as an optional security component similar to sunec?
          Hide
          bobv Bob Vandette added a comment -
          Would it be possible to estimate the size of the additional functionality? I'm concerned with increasing the size
          of the base module. Depending on the size it may be necessary for it to be delivered as an optional component.
          Show
          bobv Bob Vandette added a comment - Would it be possible to estimate the size of the additional functionality? I'm concerned with increasing the size of the base module. Depending on the size it may be necessary for it to be delivered as an optional component.
          Hide
          xuelei Xue-Lei Fan added a comment - - edited
          The size impact should be limited. For this JEP, in public specification, we may only need to add 6 methods, and most of the implementation will use of existing code. Per the current scoping (JDK-8044255), the size impact on jsse.jar should be less than 10%, probably around 5%. DTLS can be regarded as a extension of TLS that need to handle packet lost and packet reordering. If we break DTLS and TLS into two components, we probably cannot reuse the TLS implementation code effectively.
          Show
          xuelei Xue-Lei Fan added a comment - - edited The size impact should be limited. For this JEP, in public specification, we may only need to add 6 methods, and most of the implementation will use of existing code. Per the current scoping (JDK-8044255), the size impact on jsse.jar should be less than 10%, probably around 5%. DTLS can be regarded as a extension of TLS that need to handle packet lost and packet reordering. If we break DTLS and TLS into two components, we probably cannot reuse the TLS implementation code effectively.
          Hide
          xuelei Xue-Lei Fan added a comment -
          Extend the plan for around 6 weeks?

          Here is the update of the plan:

          Development implementation plan:
          https://bugs.openjdk.java.net/browse/JDK-8063068
          Old dev due date: 2015-04-10
          New dev due date: 2015-05-22

          Testing and stabilization plan:
          https://bugs.openjdk.java.net/browse/JDK-8063069
          Old JEP due date: 2015-06-12
          New JEP due date: 2015-07-17

          BTW, the API change is stable now. Should no significant changes except
          a few more clarification:
             http://ccc.us.oracle.com/8043758

          Here is the webrev of the implementation (not yet complete, SQE has
          started a few basic test, still has some bugs and unimplemented mini
          features):
             http://javaweb.us.oracle.com/~xufan/bugbios/8043758/webrev.latest
          Show
          xuelei Xue-Lei Fan added a comment - Extend the plan for around 6 weeks? Here is the update of the plan: Development implementation plan: https://bugs.openjdk.java.net/browse/JDK-8063068 Old dev due date: 2015-04-10 New dev due date: 2015-05-22 Testing and stabilization plan: https://bugs.openjdk.java.net/browse/JDK-8063069 Old JEP due date: 2015-06-12 New JEP due date: 2015-07-17 BTW, the API change is stable now. Should no significant changes except a few more clarification:     http://ccc.us.oracle.com/8043758 Here is the webrev of the implementation (not yet complete, SQE has started a few basic test, still has some bugs and unimplemented mini features):     http://javaweb.us.oracle.com/~xufan/bugbios/8043758/webrev.latest
          Hide
          xuelei Xue-Lei Fan added a comment - - edited
          Show
          xuelei Xue-Lei Fan added a comment - - edited Integrated: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/6721ff11d592
          Hide
          xuelei Xue-Lei Fan added a comment -
          Need to extend the complete due-date for performance plan.
          Show
          xuelei Xue-Lei Fan added a comment - Need to extend the complete due-date for performance plan.
          Hide
          xuelei Xue-Lei Fan added a comment -
          Perf team is working on this JEP. Extend the due-date by 4 weeks.
          Show
          xuelei Xue-Lei Fan added a comment - Perf team is working on this JEP. Extend the due-date by 4 weeks.

            People

            • Assignee:
              xuelei Xue-Lei Fan
              Reporter:
              mullan Sean Mullan
              Owner:
              Xue-Lei Fan
              Reviewed By:
              Brian Goetz, Sean Mullan
              Endorsed By:
              Alan Bateman, Brian Goetz
            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Integration Due: