RFC6347DTLS1.2中英对照版_dtlsrfc资源-CSDN文库

网络

密码协议

需积分: 5 109 浏览量 2023-06-02 10:23:57 上传评论 1 收藏 837KB PDF 举报

资源推荐

资源详情

资源评论

2023/6/2

RFC6347 中文翻译中文RFC RFC文档 RFC翻译 RFC中文版

rfc2cn.com/rfc6347.html

1/42

RFC 6347: Datagram Transport Layer Security Version

1.2 中文翻译

标题 : RFC 6347

Internet Engineering Task Force (IETF) E. Rescorla

Request for Comments: 6347 RTFM, Inc.

Obsoletes: 4347 N. Modadugu

Category: Standards Track Google, Inc.

ISSN: 2070-1721 January 2012

Internet Engineering Task Force (IETF) E. Rescorla

Request for Comments: 6347 RTFM, Inc.

Obsoletes: 4347 N. Modadugu

Category: Standards Track Google, Inc.

ISSN: 2070-1721 January 2012

Datagram Transport Layer Security Version 1.2

数据报传输层安全版本1.2

Abstract

摘要

This document specifies version 1.2 of the Datagram Transport Layer Security (DTLS)

protocol. The DTLS protocol provides communications privacy for datagram protocols. The

protocol allows client/server applications to communicate in a way that is designed to

prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the

Transport Layer Security (TLS) protocol and provides equivalent security guarantees.

Datagram semantics of the underlying transport are preserved by the DTLS protocol. This

document updates DTLS 1.0 to work with TLS version 1.2.

本文件规定了数据报传输层安全（DTLS）协议的1.2版。DTLS协议为数据报协议提供通信隐私。该

协议允许客户机/服务器应用程序以防止窃听、篡改或消息伪造的方式进行通信。DTLS协议基于传

输层安全（TLS）协议，并提供等效的安全保证。DTLS协议保留了底层传输的数据报语义。本文档

更新了DTLS 1.0以与TLS 1.2版配合使用。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the

consensus of the IETF community. It has received public review and has been approved for

2023/6/2

RFC6347 中文翻译中文RFC RFC文档 RFC翻译 RFC中文版

rfc2cn.com/rfc6347.html

2/42

publication by the Internet Engineering Steering Group (IESG). Further information on

Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组（IETF）的产品。它代表了IETF社区的共识。它已经接受了公众审查，

并已被互联网工程指导小组（IESG）批准出版。有关互联网标准的更多信息，请参见RFC 5741第2

节。

Information about the current status of this document, any errata, and how to provide

feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6347.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息，请访问http://www.rfc-

editor.org/info/rfc6347.

版权公告

rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF

Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this

document. Please review these documents carefully, as they describe your rights and

restrictions with respect to this document. Code Components extracted from this

document must include Simplified BSD License text as described in Section 4.e of the Trust

Legal Provisions and are provided without warranty as described in the Simplified BSD

License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)

自本文件出版之日起生效。请仔细阅读这些文件，因为它们描述了您对本文件的权利和限制。从本

文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本，并提供简化

BSD许可证中所述的无担保。

This document may contain material from IETF Documents or IETF Contributions published

or made publicly available before November 10, 2008. The person(s) controlling the

modifications of such material outside the IETF Standards Process. Without obtaining an

adequate license from the person(s) controlling the copyright in such materials, this

document may not be modified outside the IETF Standards Process, and derivative works

of it may not be created outside the IETF Standards Process, except to format it for

publication as an RFC or to translate it into languages other than English.

本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料

版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材

料版权的人员处获得充分许可的情况下，不得在IETF标准流程之外修改本文件，也不得在IETF标准

流程之外创建其衍生作品，除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。

Table of Contents

2023/6/2

RFC6347 中文翻译中文RFC RFC文档 RFC翻译 RFC中文版

rfc2cn.com/rfc6347.html

3/42

1. Introduction ....................................................4

1.1. Requirements Terminology ...................................5

2. Usage Model .....................................................5

3. Overview of DTLS ................................................5

3.1. Loss-Insensitive Messaging .................................6

3.2. Providing Reliability for Handshake ........................6

3.2.1. Packet Loss .........................................6

3.2.2. Reordering ..........................................7

3.2.3. Message Size ........................................7

3.3. Replay Detection ...........................................7

4. Differences from TLS ............................................7

4.1. Record Layer ...............................................8

4.1.1. Transport Layer Mapping ............................10

4.1.1.1. PMTU Issues ...............................10

4.1.2. Record Payload Protection ..........................12

4.1.2.1. MAC .......................................12

4.1.2.2. Null or Standard Stream Cipher ............13

4.1.2.3. Block Cipher ..............................13

4.1.2.4. AEAD Ciphers ..............................13

4.1.2.5. New Cipher Suites .........................13

4.1.2.6. Anti-Replay ...............................13

4.1.2.7. Handling Invalid Records ..................14

4.2. The DTLS Handshake Protocol ...............................14

4.2.1. Denial-of-Service Countermeasures ..................15

4.2.2. Handshake Message Format ...........................18

4.2.3. Handshake Message Fragmentation and Reassembly .....19

4.2.4. Timeout and Retransmission .........................20

4.2.4.1. Timer Values ..............................24

4.2.5. ChangeCipherSpec ...................................25

4.2.6. CertificateVerify and Finished Messages ............25

4.2.7. Alert Messages .....................................25

4.2.8. Establishing New Associations with Existing

Parameters .........................................25

4.3. Summary of New Syntax .....................................26

4.3.1. Record Layer .......................................26

4.3.2. Handshake Protocol .................................27

5. Security Considerations ........................................27

6. Acknowledgments ................................................28

7. IANA Considerations ............................................28

8. Changes since DTLS 1.0 .........................................29

9. References .....................................................30

9.1. Normative References ......................................30

9.2. Informative References ....................................31