Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)

Martin Thomson <> Wed, 10 July 2019 07:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9E770120114 for <>; Wed, 10 Jul 2019 00:13:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9NEK6WbVJewe for <>; Wed, 10 Jul 2019 00:13:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D575E120100 for <>; Wed, 10 Jul 2019 00:13:32 -0700 (PDT)
Date: Wed, 10 Jul 2019 00:13:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1562742811; bh=sWw3HzQW41ycP+dTd2+75eqVMGDXsmy3p/zY9E3z9T4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=UvCTHL2ZBaOv9wDUK6svc2394oNbR73izebFv/OiYny6ZdG6E9PmpmJbHsUjVJm2N jfbi3245dVQgk9SLQithwWrjWzKv9U376lkpmaK1PxWc3DHJ5LAoVqHql7MtbhTgC3 Ihdqh0oUdqfG1iXwIH9kzWV7HtvmapeU4El6h2tg=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2878/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d25901b39dba_4a893ffd142cd96c13691f7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Jul 2019 07:13:36 -0000

martinthomson commented on this pull request.

> @@ -804,17 +803,12 @@ modifying the contents of packets from future versions.
 The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial
 packets even where the TLS versions offered do not include TLS 1.3.
+The secrets used for protecting Initial packets do not change during the
+connection, even after receiving a Retry.

Is it worth adding some advice on how to implement this?  It's not entirely obvious.

connection, even after receiving a Retry.  A server that sends a Retry
therefore needs to either remember Initial protection keys or
save them in the Retry token.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: