View Issue Details

IDProjectCategoryView StatusLast Update
0000720LDMud 3.5Networkingpublic2010-01-30 09:30
Reporterzesstra Assigned To 
Status newResolutionopen 
Summary0000720: Support DTLS (Datagram Transport Layer Security)
DescriptionDatagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. It is based on the stream-oriented TLS protocol and is intended to provide similar security guarantees.
Since we support TLS for TCP connections, I think we should also support DTLS. This may also open up the possibility to encrypt Intermud traffic transparently at some point in the future.

Unfortunately, DTLS is not widely supported yet. OpenSSL has support for it, but no documentation at all. GnuTLS does not support it (yet?).
Until that changes or I have much more time to look into the code of OpenSSL (*shudder*), this issue serves just as reminder for the future...
Additional Information
TagsNo tags attached.



2010-01-30 09:30

administrator   ~0001710

FTR. Some problems to solve later:
a) we have to store a SSL session for each peer. Upon receiving a packet, we have to assign it to a specific peer / SSL session.
b) we have to expire sessions at some point.
c) what happens, if we expire a session but the peer thinks it is still valid and sends us encrypted data?
d) if we use the same port for encrypted and unencrypted traffic, we have to decide which packets are intentionally not encrypted and should not trigger a session handshake. (e.g. if there is no SSL session for a peer, the packet has to contain something like STARTTLS to start a DTLS session, otherwise we send it directly to the mudlib...)

Issue History

Date Modified Username Field Change
2010-01-29 15:33 zesstra New Issue
2010-01-30 09:30 zesstra Note Added: 0001710
2010-01-30 09:30 zesstra Additional Information Updated