Re: [quicwg/base-drafts] TLS MUST NOT deliver server 1RTT Rx keys until getting Finished (#3173)

martinduke <> Thu, 31 October 2019 17:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BEFD4120886 for <>; Thu, 31 Oct 2019 10:12:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.382
X-Spam-Status: No, score=-1.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 36X_1_Q1HsTM for <>; Thu, 31 Oct 2019 10:12:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B9CF5120873 for <>; Thu, 31 Oct 2019 10:12:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=l6iTEstww+E1gHmPEVHQ9uNIIt7FnE+UWJG59q1aXAc=; b= HeC/aSIIrOs44UIBcU7ShAlYWA7XTmVfq2QtmVBMaaEYFBfoF55dXKAywU/dRZW6 ZOg8ULyX6eKYEe50UiwJo7vTB+R6NGuWQfLAnCYXujeM+omswnxqbNT6T/u1T4cA JEFB8DF0KI9BC1hUjZfXSG/VGE+/F0bKNpqx6TTh0X4=
Received: by with SMTP id filter0097p1iad2-32442-5DBB15E9-74 2019-10-31 17:12:09.860959779 +0000 UTC m=+65473.864169621
Received: from (unknown []) by (SG) with ESMTP id JdJj8jc6R1iw887YhDTgnw for <>; Thu, 31 Oct 2019 17:12:09.868 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTP id CA4BF30C087B for <>; Thu, 31 Oct 2019 10:12:09 -0700 (PDT)
Date: Thu, 31 Oct 2019 17:12:09 +0000
From: martinduke <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3173/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] TLS MUST NOT deliver server 1RTT Rx keys until getting Finished (#3173)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dbb15e9c8fa8_19323f85ef0cd960204953"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1dO1aPJdLVEXvKsATkNS40PdJpbL5Z2wfohn IdqMu6D+5Ff5sAEANN6xCiGiBW9pNkOFml8R21sOk4d0nxD9OahCKyJ5I8h0F9p4QLZRd37iXoIfIs cCAmAzpkyQB1hA1y5qyjykgVPexGau35LYTSxbAtw6SnEe2gNroUF3LbF38M4Hz3T4AXayuduyVkJd M=
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 17:12:22 -0000

@kazuho I understand that the key applicability is a general property of TLS1.3; however QUIC is the only one where the secret is actually consumed outside of TLS. quic-tls defines this interface and we have the right to impose constraints on it.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: