Re: [quicwg/base-drafts] Rewrite key update section (#3050)

David Schinazi <> Thu, 31 October 2019 22:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0AF65120090 for <>; Thu, 31 Oct 2019 15:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Z_NRcZhGnjvA for <>; Thu, 31 Oct 2019 15:46:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A002412001E for <>; Thu, 31 Oct 2019 15:46:13 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B664BC602DE for <>; Thu, 31 Oct 2019 15:46:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572561972; bh=w3upiE1F838bbqohQo+Oijv/w5mjvGsRTU86TdWgJ4M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=bH75HHJU5cmvHcYSD/7QV2PcFvJa0ZxXTXYUehnKoWjWCNKSQoqzhzFAk4GnhN/jF 1sam3LWScwPZQQU6ilozisUGg4FUSvVB1EX0qxJ9yrTZ8hAhqPUugBLPXoaOq8gnhW rHvBu/BuKB6Bpq6t5imDxBpmSzeuSlbMyViAfo+0=
Date: Thu, 31 Oct 2019 15:46:12 -0700
From: David Schinazi <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3050/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Rewrite key update section (#3050)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dbb6434a7958_6163fcadc6cd9642268e6"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 22:46:15 -0000

DavidSchinazi approved this pull request.

Thanks for adding back the implementation text. I like the new text.

I would personally prefer to see all the timing side-channel text in its own subsection, because it makes the more important part of the spec harder to read, and I don't see this attack as important enough to warrant worrying about when trying to understand key updates.

> +An endpoint SHOULD retain old keys so that packets sent by its peer prior to
+receiving the key update can be processed.  Discarding old keys too early can
+cause delayed packets to be discarded.  Discarding packets will be interpreted
+as packet loss by the peer and could adversely affect performance.
+## Responding to a Key Update
+A peer is permitted to initiate a key update after receiving an acknowledgement
+of a packet in the current key phase.  If a packet is received with a key phase
+that differs from the value the endpoint used to protect the last packet it
+sent, the endpoint uses the next packet protection keys for reading and the
+corresponding key and IV; see {{receive-key-generation}} for considerations
+about generating these keys.
+An endpoint uses the same key derivation process as its peer uses to generate

I'm not parsing this sentence well. What does it mean?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: