Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)

Kazuho Oku <> Tue, 29 October 2019 06:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 17BC7120048 for <>; Mon, 28 Oct 2019 23:53:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id g4r5gy2ZAzw1 for <>; Mon, 28 Oct 2019 23:53:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 49060120020 for <>; Mon, 28 Oct 2019 23:53:28 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7BDE4960617 for <>; Mon, 28 Oct 2019 23:53:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572332007; bh=k/CeDAr/v7S727g7Q79bffUuzw0y8tFBDsaVlY7Q8ms=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=n843741VPzjcna2a2GK6T+BOigwHujyNYDMi2KvM43Ojf98GOTPjrHpnb64WmthxK 3p84Itv9e10+r6USXpsxFptcjYE2jb9FYaC4l/LOHKVPecxMlcM8TAdUmZfWzPf8cS wFSGMuULYMUwC7A8Q02t1ng1kRFMB9+ylew8iCms=
Date: Mon, 28 Oct 2019 23:53:27 -0700
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3166/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db7e1e76ca59_7c663fb5e8ecd960240196"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 Oct 2019 06:53:30 -0000

@marten-seemann I'm not sure if that actually works.

Because how a token is embedded in an Initial packet depends on the actual version of the QUIC packet that the server is processing. Therefore, I think that the server needs to first consult the version number on the wire, then use that to determine where the token is to decrypt the initial salt contained in the token.

Or are you suggesting something different?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: