IETF Logo Mail Archive

Re: [quicwg/base-drafts] Improve KEY_PHASE description (#43)

Martin Thomson <notifications@github.com> Wed, 30 November 2016 01:26 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 843A6129D25 for <quic-issues@ietfa.amsl.com>; Tue, 29 Nov 2016 17:26:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.797
X-Spam-Level:
X-Spam-Status: No, score=-5.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBXE4mfts7DG for <quic-issues@ietfa.amsl.com>; Tue, 29 Nov 2016 17:26:29 -0800 (PST)
Received: from o4.sgmail.github.com (o4.sgmail.github.com [192.254.112.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCDF3129D19 for <quic-issues@ietf.org>; Tue, 29 Nov 2016 17:26:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=github.com; h=from:reply-to:to:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=6gLVqnCsdT4nl2S6PlOIO7pjq68=; b=F/3juWJHSlSF72tb r0Vj0voO+tcYUIeA8ijRbUnbpCl3BQuHIuLv3ieqK2Ce/22A9ZHICpa7R31E8lcX OxoS8GWbkl3t53AT/41F2VO7uTxtnf9QvMlS3/4JxlJ56RuxB593KDT8/EW0ySLy s/3olGMe2c4GSQVNy2cMlIZv16s=
Received: by filter1129p1mdw1.sendgrid.net with SMTP id filter1129p1mdw1-14927-583E2AC4-4A 2016-11-30 01:26:28.781280592 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0006p1iad1.sendgrid.net (SG) with ESMTP id KtmQ-59eTful13mWNI9vcA for <quic-issues@ietf.org>; Wed, 30 Nov 2016 01:26:28.756 +0000 (UTC)
Date: Tue, 29 Nov 2016 17:26:28 -0800
From: Martin Thomson <notifications@github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/43/review/10676460@github.com>
In-Reply-To: <quicwg/base-drafts/pull/43@github.com>
References: <quicwg/base-drafts/pull/43@github.com>
Subject: Re: [quicwg/base-drafts] Improve KEY_PHASE description (#43)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_583e2ac4a5e7f_67a43fab93cc5140480a3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0H20InA4yWZydL2onC+rX2Kb3b7sT+G4zAcC t7Yf0Msm/ttOkrioVB+d6WnVICDF6HYV3ZLaKkznUsrvOY3F7Pi7GIiG03iDmr1FX5pCspDaiBkg8/ 8WJvpNKjV9zfp2uMfzsYgcWix+k1MoTx2EFR5tjkDcm+vrZnwm63QYPYfc3vEB8ULab+US0RjcqIHY Q=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/0R63Jg7zgVIgClfYJjrdDDI4gzA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: quicwg/base-drafts <reply+0166e4ab116c62bb541311126ca46bf9fd20ebb76677532d92cf000000011455ecc492a169ce0b74c956@reply.github.com>
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 01:26:31 -0000

martinthomson commented on this pull request.



> +The KEY_PHASE bit on the public flags is the most significant bit (0x80).
+{{key-phase-table}} summarizes the different values for the KEY_PHASE bit.
+
+| Scenario | Client (No 0-RTT) | Client (0-RTT) | Server |
+|:-|-:|-:|-:|
+| Handshake | 0 | 0 |  0 |
+| 0-RTT Data | - | 1 | - |
+| 1-RTT Data | 1 | 0 | 1 |
+| 1st Key Update | 0 | 1 | 0 |
+| 2nd Key Update | 1 | 0 | 1 |
+{: #key-phase-table title="Summary of KEY_PHASE Values"}
+
+{{key-phase-table}} shows that a client marks 1-RTT with a different KEY_PHASE
+bit depending on whether 0-RTT is attempted.  Attempting 0-RTT therefore results
+in fully protected data having different KEY_PHASE values.  This is true even if
+0-RTT data is rejected and ignored by the server.

I think that we might want to use the version bit for disambiguation.

0-RTT going missing isn't a big deal.  A server that receives 1-RTT encrypted data must have 1-RTT keys AND it doesn't need to receive any more cleartext handshake messages (it must have read the ClientHello in order to have responded to it).  Thus, the only catch is with unprotected ACK frames that arrive late.  I go into this in more detail further down.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/43

v2.38.3 | Report a Bug | By Email | System Status