dtls icon indicating copy to clipboard operation
dtls copied to clipboard

Published 20 hours ago verified publisher icon pion

Hybrid DTLS client: server goes down

Open igolaizola opened this issue 4 years ago • 0 comments

Summary

Hybrid DTLS client connection that acts also as a server. It can accept a client hello, perform a full handshake and override the previous DTLS state with the new negotiated one.

Motivation

DTLS doesn't have a way to detect that a connection went down on the other side. If a client goes down it can always start a new handshake against the server. However, if the server goes down it can do nothing to restart the connection.

The client must then implement an application level feature (such as a request/response timeout) to restart a new connection. This adds latency and/or complexity to the arquitecture.

This "hybrid client" approach allows the server part to restart the DTLS connection.

Describe alternatives you've considered

  • Application level timeouts
  • Application level ping/pong
  • Monitoring the underlying connection

Additional context

Some related issues: #151 #132

PoC implementation of the feature inclusing test cases: https://gist.github.com/igolaizola/98a39856c2413565f59371fe68fa8863

Questions

What do yo think of adding a feature like this to the library? Perhaps on a subpackage.

What security implications could have?

@Sean-Der @daenney @at-wat

igolaizola avatar Jun 16 '20 10:06 igolaizola