[gnutls-dev] Re: Intent to implement DTLS

Simon Josefsson jas at extundo.com
Mon May 9 12:43:03 CEST 2005

Guus Sliepen <guus at sliepen.eu.org> writes:

> Implementing it will be a bit harder than I thought at first sight. The
> problem is that internally, GNUTLS has no clear seperation between the
> layers involved in TLS, and it is heavily biased towards TCP. This
> combination is a disaster for me :). I see two ways to proceed.


> 1) Create copies of all handshake, record and transport layer functions
> and modify them to do DTLS instead of TLS. This means lots of code
> duplication, but at least it won't mess with the existing code.
> 2) "Fix" the current code by (re)introducing a clean separation between
> the handshake, record and transport layer, and remove the bias towards
> TCP. This means adding DTLS on top of it will be painless and there
> won't be lots of code duplication.  However it will touch a lot of
> existing code.
> I strongly favour the second way, but if that means the chances of
> having it merged are nihil, I'll go with the first way.

I would not want to have the 1) situation.  Duplicated code is painful
to maintain.  I don't know how deep the modifications 2) would be, but
I'd vote for going that route too, even if it mean more work
initially.  Perhaps Nikos has more input.


More information about the Gnutls-devel mailing list