Re: [quicwg/base-drafts] NEW_TOKEN token and encryption (#2543)

Dmitri Tikhonov <notifications@github.com> Thu, 21 March 2019 21:03 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EECF0124BA8 for <quic-issues@ietfa.amsl.com>; Thu, 21 Mar 2019 14:03:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFHpcfefD9KU for <quic-issues@ietfa.amsl.com>; Thu, 21 Mar 2019 14:03:16 -0700 (PDT)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D62812008F for <quic-issues@ietf.org>; Thu, 21 Mar 2019 14:03:16 -0700 (PDT)
Date: Thu, 21 Mar 2019 14:03:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1553202195; bh=PKlBHyJyu2rRSl/EAcckRQwT6ZxoEjgLEhIv3CHaRQ8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=FPcJnGNdEJ0v9DknRoNDprIPXPK6gJw8u5rZNX8KbIuUzf9eESSEFFNq/b+jh8p72 EDQdexAyCarSEWfa9MWtvqrRDDG6YcFiRSb3wPtY2VLITuVuTuFP5lapjx3zFYITTA xxT0gOs9fEGXXb5ndW2jCaloT6TPMyzMoSP4mA9U=
From: Dmitri Tikhonov <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab25da027bf380f0bec03e2d8d8f143861414d8add92cf0000000118abbe1392a169ce1944c3bc@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2543/475401325@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2543@github.com>
References: <quicwg/base-drafts/issues/2543@github.com>
Subject: Re: [quicwg/base-drafts] NEW_TOKEN token and encryption (#2543)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c93fc133799f_7dff3f92ef2d45bc376f9"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: dtikhonov
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ADa7iGHF8HfxKHhNNn_AoOckENc>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 21:03:18 -0000

I think the current text is fine:

```
   Unlike the token that is created for a Retry packet, there might be
   some time between when the token is created and when the token is
   subsequently used.  Thus, a token SHOULD include an expiration time.
   The server MAY include either an explicit expiration time or an
   issued timestamp and dynamically calculate the expiration time.  It
   is also unlikely that the client port number is the same on two
   different connections; validating the port is therefore unlikely to
   be successful.
```

"include" translates to "put into the token and encrypt" in my mind.  Reading that a token is "associated" with an expiration time would give me pause.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2543#issuecomment-475401325