| < draft-ietf-isms-dtls-tm-13.txt | draft-ietf-isms-dtls-tm-14.txt > | |||
|---|---|---|---|---|
| ISMS W. Hardaker | ISMS W. Hardaker | |||
| Internet-Draft Sparta, Inc. | Internet-Draft Sparta, Inc. | |||
| Intended status: Standards Track May 7, 2010 | Intended status: Standards Track May 7, 2010 | |||
| Expires: November 8, 2010 | Expires: November 8, 2010 | |||
| Transport Layer Security (TLS) Transport Model for the Simple Network | Transport Layer Security (TLS) Transport Model for the Simple Network | |||
| Management Protocol (SNMP) | Management Protocol (SNMP) | |||
| draft-ietf-isms-dtls-tm-13.txt | draft-ietf-isms-dtls-tm-14.txt | |||
| Abstract | Abstract | |||
| This document describes a Transport Model for the Simple Network | This document describes a Transport Model for the Simple Network | |||
| Management Protocol (SNMP), that uses either the Transport Layer | Management Protocol (SNMP), that uses either the Transport Layer | |||
| Security protocol or the Datagram Transport Layer Security (DTLS) | Security protocol or the Datagram Transport Layer Security (DTLS) | |||
| protocol. The TLS and DTLS protocols provide authentication and | protocol. The TLS and DTLS protocols provide authentication and | |||
| privacy services for SNMP applications. This document describes how | privacy services for SNMP applications. This document describes how | |||
| the TLS Transport Model (TLSTM) implements the needed features of a | the TLS Transport Model (TLSTM) implements the needed features of a | |||
| SNMP Transport Subsystem to make this protection possible in an | SNMP Transport Subsystem to make this protection possible in an | |||
| skipping to change at page 22, line 7 ¶ | skipping to change at page 22, line 7 ¶ | |||
| multiple DTLS connections, which is specifically needed for DTLS over | multiple DTLS connections, which is specifically needed for DTLS over | |||
| UDP sessions. It is assumed that TLS protocol implementations | UDP sessions. It is assumed that TLS protocol implementations | |||
| already provide appropriate message demultiplexing. | already provide appropriate message demultiplexing. | |||
| Section 5.1.2 describes the transport processing required once the | Section 5.1.2 describes the transport processing required once the | |||
| (D)TLS processing has been completed. This will be needed for all | (D)TLS processing has been completed. This will be needed for all | |||
| (D)TLS-based connections. | (D)TLS-based connections. | |||
| 5.1.1. DTLS over UDP Processing for Incoming Messages | 5.1.1. DTLS over UDP Processing for Incoming Messages | |||
| For connection-oriented transport protocols, such as TCP, the | Demultiplexing of incoming packets into separate DTLS sessions MUST | |||
| transport protocol takes care of demultiplexing incoming packets to | be implemented. For connection-oriented transport protocols, such as | |||
| the right connection. Depending on the DTLS implementation, for DTLS | TCP, the transport protocol takes care of demultiplexing incoming | |||
| over UDP, this demultiplexing may need to be done by the TLSTM | packets to the right connection. Depending on the DTLS | |||
| implementation, for DTLS over UDP, this demultiplexing will either | ||||
| need to be done within the TLS implementation or by the TLSTM | ||||
| implementation. | implementation. | |||
| Like TCP, DTLS over UDP uses the four-tuple <source IP, destination | Like TCP, DTLS over UDP uses the four-tuple <source IP, destination | |||
| IP, source port, destination port> for identifying the connection | IP, source port, destination port> for identifying the connection | |||
| (and relevant DTLS connection state). This means that when | (and relevant DTLS connection state). This means that when | |||
| establishing a new session, implementations MUST use a different UDP | establishing a new session, implementations MUST use a different UDP | |||
| source port number for each active connection to a remote destination | source port number for each active connection to a remote destination | |||
| IP-address/port-number combination to ensure the remote entity can | IP-address/port-number combination to ensure the remote entity can | |||
| disambiguate between multiple connections. | disambiguate between multiple connections. | |||
| End of changes. 2 change blocks. | ||||
| 5 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||