ITU-T H.235.10 PDF

The scope of this Recommendation is to provide procedures for the establishment of datagram transport layer security (DTLS) [IETF RFC 6347] connections for media streams. DTLS is an evolution of the widely implemented transport layer security (TLS) security protocol that allows the use of a security protocol over a datagram environment.

An important aspect of the establishment of a DTLS connection is that a fingerprint and hash is communicated via an out-of-band means and that the certificate exchange occurs within the established DTLS connection. The fingerprint is used to ensure the integrity of the certificates. DTLS also follows the TLS client-server model for establishment of the DTLS connection where one of the endpoints is responsible for the establishment of the connection. The roles (client or server) need to be negotiated between the endpoints.

In order for endpoints to communicate the fingerprint/hash and roles information, the information needs to be signalled to the peer endpoint. This Recommendation utilises [ITU-T H.245] to signal this information.

This Recommendation also provides DTLS support for the transmission of secure real-time transport protocol (SRTP) keys in order to establish media protected via SRTP. The indication of support for DTLS based SRTP key negotiation is signalled via [ITU-T H.245]. Once the DTLS connection is established endpoints use the procedures defined in [IETF RFC 5764] for SRTP key negotiation during handshake. This Recommendation provides an alternate method to [ITU-T H.235.7] and [ITU-T H.235.8] for SRTP keying.