Re: [quicwg/base-drafts] The server shouldn't use a token for much (#1647)
MikkelFJ <notifications@github.com> Fri, 10 August 2018 07:29 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EBE1130F26 for <quic-issues@ietfa.amsl.com>; Fri, 10 Aug 2018 00:29:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crh5aLLjXYbk for <quic-issues@ietfa.amsl.com>; Fri, 10 Aug 2018 00:29:42 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B631E127AC2 for <quic-issues@ietf.org>; Fri, 10 Aug 2018 00:29:42 -0700 (PDT)
Date: Fri, 10 Aug 2018 00:29:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1533886181; bh=TDoUaGK6iUihObZnpavJj38F0mh9QL/OwBkqcJK7RqI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ToqETBvd1A/vA/SCqn2LQtNDtCVgGPUtD6K4Kmiwk9fDTGMmZ/1/uRX8z34fPJmyU Xv63WzWVpNe+YPQuQfZ0t2TBNm2Tvd7CoFXeaPFHA8WS+3gjCA+dbv05El2tXBPCQI L9seP7rcJXC1BrFU6GaEWHJV15aHSaOk0zPL43jY=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab767c5c353c839779c84e181a18c1635702b74bde92cf00000001178500e592a169ce14d297d6@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1647/412000360@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1647@github.com>
References: <quicwg/base-drafts/issues/1647@github.com>
Subject: Re: [quicwg/base-drafts] The server shouldn't use a token for much (#1647)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b6d3ee5d9814_13383ff1f68d45b4959b4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ELBGeSpdNwfIEWTPOd6xJmKZo4s>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2018 07:29:44 -0000
If adding such advice, please be specific about encryption is not authentication. Although QUIC implementers would or should now, it could easily be missed by infrastructure operators. Merely stating AEAD or MAC can easily be misread as golang.encrypt(x) should be fine. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1647#issuecomment-412000360
- [quicwg/base-drafts] The server shouldn't use a t… Martin Thomson
- Re: [quicwg/base-drafts] The server shouldn't use… MikkelFJ
- Re: [quicwg/base-drafts] The server shouldn't use… Martin Thomson