Re: [quicwg/base-drafts] Server should not accept 1-RTT traffic before handshake completion (#3159)

Marten Seemann <> Wed, 30 October 2019 05:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3E4551200E3 for <>; Tue, 29 Oct 2019 22:13:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id baNgXY25HwdX for <>; Tue, 29 Oct 2019 22:12:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 564A012003E for <>; Tue, 29 Oct 2019 22:12:58 -0700 (PDT)
Date: Tue, 29 Oct 2019 22:12:57 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572412377; bh=lP4jfHjBWmjdeQinoEh5cTqD4yf0iis1LffeJx55GPQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wzJH36RBG2/eqp+9BrJQEv+wwaRyTl9uOqO2niWJ69bHfIz5xBKQP++QiZhyX3MIb xNuIrdsAjyGGrTM4OmjiJJ6X7hMiWtqtcjiPIkUZvOFJjQuWgq7WLJ2SWLwuRuTQLL zhfqnHkUC1PsrCSbY5eTI002axiZsiBeZvlkQkVE=
From: Marten Seemann <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3159/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Server should not accept 1-RTT traffic before handshake completion (#3159)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db91bd972f64_6ef3ff89a2cd968134958"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 05:13:00 -0000

Is it disruptive because we'd all have to update our implementations (I imagine it would just be one more HKDF call a QUIC stack would perform when the TLS stacks hands it the 1-RTT keys, wouldn't it?), or are there any cryptographic reasons not to do this?

I'm just trying to understand the issue here better, not advocating for one way or the other at this point.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: