Why is DTLS-SRTP more efficient for RTP/RTCP than just DTLS 1.2?

Question

While I understand the differences between DTLS-SRTP and pure DTLS, I cannot find much information on why exactly is DTLS-SRTP really "optimized" over generic DTLS 1.2.

RFC 5764's Introduction makes an obvious statement but without specifics anywhere in that document:

Datagram Transport Layer Security (DTLS) [RFC4347] is a channel
security protocol that offers integrated key management, parameter
negotiation, and secure data transfer.  Because DTLS data transfer
protocol is generic, it is less highly optimized for use with RTP
than is SRTP, which has been specifically tuned for that purpose.

I can see that in DTLS-SRTP the RTP sequence number eliminates the need to maintain another sequence number which DTLS requires. And yes, there are certain aspects like key generation for RTP, RTCP which is provided by DTLS-SRTP but in such functionality I do not see any optimization, merely convenience.

Can someone direct me to some source to read further? I am also surprised that there is no separate tag for SRTP or even DTLS on this security-specific site. I cannot create one because of lack of points.

Answer 1

The overhead of DTLS-SRTP is smaller than the overhead of RTP transported with DTLS. This is because the payload in DTLS-SRTP is actually SRTP and only the non-payload information (key exchange etc) are done with DTLS.

Transporting RTP inside DTLS instead adds additional timestamp and sequence numbers, which are already in RTP but which are added by DTLS too. Additionally the DTLS record layer has several more fields (content type, protocol version and length) which are actually not needed in the context of RTP/SRTP. For more information compare the definition of the RTP packet when wrapped inside the DTLS record layer vs. the definition of SRTP packet which is the payload transport in plain SRTP and also DTLS-SRTP.

In other words: DTLS-SRTP combines the efficiency of SRTP with the flexibility regarding session setup of DTLS.