File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Updates:

RFC 6347

Authors:

E. Rescorla, Ed.
H. Tschofenig, Ed.
T. Fossati
A. Kraus

Stream:

IETF

Source:

tls (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9146

Discuss this RFC: Send questions or comments to the mailing list tls@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9146

Abstract

This document specifies the Connection ID (CID) construct for the Datagram Transport Layer Security (DTLS) protocol version 1.2.

A CID is an identifier carried in the record layer header that gives the recipient additional information for selecting the appropriate security association. In "classical" DTLS, selecting a security association of an incoming DTLS record is accomplished with the help of the 5-tuple. If the source IP address and/or source port changes during the lifetime of an ongoing DTLS session, then the receiver will be unable to locate the correct security context.

The new ciphertext record format with the CID also provides content type encryption and record layer padding.

This document updates RFC 6347.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.