Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

TLS Brainstorm TLS, DTLS and QUIC



  • Hallo community,

    why is DTLS so little used? Or is it because UDP is generally disliked?

    And my second question is:
    Why is Google creating QUIC which is using UDP despite the fact that there is DTLS?

    And my Third Brainstorm question:

    wouldn't it be the same result if you just encrypt the content via private/public Key system and send it over unencrypted socket instead of using SSL?



  • @QtCoder87 said in TLS Brainstorm TLS, DTLS and QUIC:

    wouldn't it be the same result if you just encrypt the content via private/public Key system and send it over unencrypted socket instead of using SSL

    Please be aware that asymmetric encryption (private/public keys) is more resource intensive that symmetric encryption (one shared key).

    And "SSL" (TLS these days) it's an hybrid process. It starts using private/public keys, but then a shared key is negotiated to carry on all encryption as symmetric encryption.

    This is an interesting video describing the handshake of a TLS connection.



  • @Pablo-J-Rogina

    Thank you for the reply regarding pub/priv Key.
    Probably OpenVPN and Softether are handling it this way with Certification Authentification.

    The Video is stating that the Certificate is also authentificating the Host/IP.

    But How do you use Certificates with Participants with dynamic IP ? In Germany the ISPs are changing the IPv6 for private consumers too after a period of time. I think this is an "inofficial" agreement with data protectors. since a static ip could make tracing too easy.

    How to authentificate two peers which may not have a static host/IP?



  • @QtCoder87 said in TLS Brainstorm TLS, DTLS and QUIC:

    But How do you use Certificates with Participants with dynamic IP ?

    And don't you think that the issue is already addressed?
    Think about Google or Facebook having fixed IPs? What about load balancing...
    The certificate can be issued for both IP address(es) or domain name(s) see for instance the details of the certificate for this forum.
    alt text



  • I was thinking about private users.

    If you want to build an application to chat with your employees or friends. you have all private Internet access with dynamic IP assignment with Certificates.

    How assign Certificates to them?


Log in to reply