Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)

Mike Bishop <> Wed, 30 October 2019 19:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 27D9312013C for <>; Wed, 30 Oct 2019 12:43:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U7c9mJmhxSFD for <>; Wed, 30 Oct 2019 12:43:37 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 50C50120886 for <>; Wed, 30 Oct 2019 12:43:37 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7499952050C for <>; Wed, 30 Oct 2019 12:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572464616; bh=6EAwIeDNOrlrUZKJdI8d4xm2pxvbFy9VruVsyW6ezNE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=euQDhtnzTFjqYbFfSFLK6yMsYgHymDCWjKoPPfvDuNUL3k7XfSqGEvMJuidEcXJoz z0xpIpIQRYZ9w1HdIDysZjOrC5jNm+CEUYD5snR9nGSD3dvnZsLkW/AzOlEl3OU8l5 T9wmFkp+OKnKVsWySfe8NOTYB2Zbe1/HkkhFU2KM=
Date: Wed, 30 Oct 2019 12:43:36 -0700
From: Mike Bishop <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3166/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db9e7e865df9_57493fcdea0cd968122686"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 19:43:39 -0000

MikeBishop commented on this pull request.

> @@ -2740,8 +2740,10 @@ which is comprised of:
   the initial salt defined in section 5.2 of {{QUIC-TLS}}.
 A server advertises these values using a NEW_TOKEN frame {{frame-new-token}}.
-The token MUST include or associated with the alternative version number with
-which it can be used.
+The token MUST permit the server to recover at least the alternative version
+number being associated to the token.  This property can be achieved for example

It MUST be able to recover the salt as well, I think.  It's possible that version number maps directly to salt -- but then, that's one implementation of being able to recover it.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: