DTLS

DTLS is often reduced to “TLS running over UDP”. That catches the family resemblance, but it does not explain why it needs to exist as its own thing. TLS assumes an ordered, reliable, connection-oriented byte stream. UDP assumes the opposite: packets may be lost, reordered, duplicated, and no connection state is maintained for you. If you move TLS over unchanged, many of its assumptions stop working immediately.

So the real problem DTLS solves is not “how do I put a different shell around TLS headers?” It is “how do I preserve TLS-like security semantics on a datagram network while accepting the real costs of reordering, loss, and amplification attacks?” That is why it is often discussed together with CoAP, SIP, WebRTC media channels, and IoT devices.