Re: [quicwg/base-drafts] Minor TLS draft editorial corrections (#2446)

martinduke <> Mon, 11 February 2019 04:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B600C130EE6 for <>; Sun, 10 Feb 2019 20:26:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lrhsQ2jccFqC for <>; Sun, 10 Feb 2019 20:26:53 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7F125130EE1 for <>; Sun, 10 Feb 2019 20:26:53 -0800 (PST)
Date: Sun, 10 Feb 2019 20:26:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1549859212; bh=3ZjaIIYgeQo9lhfDSDU4sdg+ZBQC0CKlma67L9ObuZI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Y56LBBn4Sj0kWpKLqRuW1vzf8DsYzMvZ8MjReYJ4Kq4j/uBU9tP9RKxnMjxijt9KV yzO/yfs5UpI5YnK1sHf270P3g9KZ7qQCsWmPN77TSRRRjC8LZMix6MCqEqRUBWjlTi AVar4qovimS924kfFGCY2VuJt7GL5WEsIlgRWWIo=
From: martinduke <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2446/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Minor TLS draft editorial corrections (#2446)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c60f98c2f1e2_72ae3fc65e8d45b4966e6"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Feb 2019 04:26:56 -0000

martinduke commented on this pull request.

>                       1-RTT --------------->
                                               Handshake Received
                                           Rekey rx to 1-RTT keys
-                                                   Get Handshake

 I would have said no, except for the bit about the NST. I might file another PR about that. The kind of ugly thing about this diagram is rekeying the rx from 0RTT to Handshake. There's no actual trigger for this; in practice we're actually keeping both keys, of course.

> @@ -216,10 +216,12 @@ Note that this omits the EndOfEarlyData message, which is not used in QUIC (see
 Data is protected using a number of encryption levels:
-- Plaintext
-- Early Data (0-RTT) Keys
-- Handshake Keys
-- Application Data (1-RTT) Keys
+- Initial Keys can be derived by any observer, and so they do not
+  provide cryptographic protection or authentication.
+- Early Data (0-RTT) Keys. These keys are not forward-secure and must protect
+  only idempotent data.
+- Handshake Keys do not authenticate either endpoint.
+- Application Data (1-RTT) Keys provide full authentication and encryption.

OK, this is going away, except for s/Plaintext/Initial

> @@ -269,7 +271,7 @@ At a high level, there are two main interactions between the TLS and QUIC
 * The TLS component sends and receives messages via the QUIC component, with
-  QUIC providing a reliable stream abstraction to TLS.
+  QUIC providing a reliable stream and record abstraction to TLS.

It's not the separate spaces, it's the crypto frame itself. We're stripping out the TLS record layer and replacing it with the frame. I'm not sure how you can compare the figures at the start of Sections 2 and 3 and come to a different conclusion.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: