On 20.12.2010, at 15.15, Pekka Savola wrote:
3.2.3. Message Size
TLS and DTLS handshake messages can be quite large (in theory up to
2^24-1 bytes, in practice many kilobytes). By contrast, UDP
datagrams are often limited to <1500 bytes if fragmentation is not
desired. In order to compensate for this limitation, each DTLS
handshake message may be fragmented over several DTLS records. Each
DTLS handshake message contains both a fragment offset and a fragment
length.
4.1.1. Transport Layer Mapping
Each DTLS record MUST fit within a single datagram. In order to
avoid fragmentation, clients of the DTLS record layer SHOULD attempt
to size records so that they fit within any PMTU estimates obtained
from the record layer.
... these seem somewhat contradictory. Maybe I'm missing something. The
latter seems to be saying that DTLS implementations should try to avoid IP
fragmentation, but the former seems to imply that it's de-facto mode of
operation.
These are not contradictory. If a handshake message size and record header
don't fit inside single datagram, it should be fragmented into several small
handshake messages and each of these is put into a separate DTLS record. The
resulting DTLS record after encryption should not exceed the maximum UDP (or
DCCP or whatever) datagram size and therefore doesn't need IP level
fragmentation.
I think what you "missed" was simply the difference of IP level fragmentation
and DTLS handshake protocol level fragmentation.
Juho
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf