DTLS (Datagram Transport Layer Security)
協定A security protocol that provides privacy and data integrity for UDP-based applications.
What is DTLS?
Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications (like those running on UDP). It is based on the Transport Layer Security (TLS) protocol—the same protocol used to secure HTTPS websites—but adapted for unreliable transport connections.
Why UDP Needs Special Security
Standard TLS requires a reliable stream of data (TCP). If a packet is lost, TLS stops and waits for retransmission. This causes unacceptable delays for real-time video.
DTLS solves this by allowing for packet loss and reordering. It doesn't break the handshake or encryption context just because a few packets go missing, making it perfect for real-time media.
Role in WebRTC
In WebRTC, DTLS is mandatory. It serves two main purposes:
- Key Exchange (SRTP): DTLS performs a handshake to securely exchange the encryption keys used by SRTP (Secure Real-time Transport Protocol). Once the keys are exchanged, the actual video/audio data is sent via SRTP.
- Data Channels: For non-media data (like chat messages or file transfers sent via SCTP), the data is encapsulated directly inside DTLS packets.
Security Features
DTLS prevents eavesdropping (privacy), tampering (message integrity), and message forgery. It ensures that you are communicating with who you think you are, and that no one in the middle can read or modify the stream.