Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)

Mike Bishop <notifications@github.com> Mon, 09 September 2019 16:44 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0949120098 for <quic-issues@ietfa.amsl.com>; Mon, 9 Sep 2019 09:44:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-WZo4_q086D for <quic-issues@ietfa.amsl.com>; Mon, 9 Sep 2019 09:44:15 -0700 (PDT)
Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC8E112007A for <quic-issues@ietf.org>; Mon, 9 Sep 2019 09:44:14 -0700 (PDT)
Date: Mon, 09 Sep 2019 09:44:13 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1568047454; bh=6lp1og0CD56TC+B5FyxxF0esw9b58y7aaRHYsIhMzwE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=IzLuUre4kDGWTBZOfi88V5Wb9TtlK5zfvU6QrtJDFfU5hKagQT+sSO7SWxhOXiM2i B6Eqjyok+dcQKxbLc6/wAU4ld3oj/GCzvbW4I+D5CLGzmdUc1FDa6xw+e26tP3hEz2 Nyzgez1Xg2z4FfCmW8SnfBVwdBRIcqaJTDNAbmsc=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK767RSHZ4JLVFB7DS53QPA63EVBNHHBXP6EBY@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2878/review/285639503@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2878@github.com>
References: <quicwg/base-drafts/pull/2878@github.com>
Subject: Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d76815de929c_61ab3ff5ae4cd964201160"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/F9YmHuosOMaf86SxQRGwmUHF8x8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 16:44:17 -0000

MikeBishop commented on this pull request.



> @@ -805,10 +805,12 @@ The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial
 packets even where the TLS versions offered do not include TLS 1.3.
 
 The secrets used for protecting Initial packets do not change during the
-connection, even though the destination connection ID in client Initial packets
-changes after receiving a Retry.  A server that sends a Retry
-therefore needs to either remember the original connection ID
-or save the original connection ID in the Retry token.
+connection, even though the destination connection ID in client Initial
+packets changes after receiving a Retry.  A server that sends a Retry
+therefore needs to either remember the original connection ID or save
+the original connection ID in the Retry token.  Because the initial
+connection ID is included in the server's transport parameters, the only
+difference is when in the packet processing this connection ID is utilized.

At the time, we were trying to avoid confusion between the _original_ DCID, which generated the keys, and the DCID in the current Initial.  It was a useful distinction in the old design.  With this change, I think that distinction is no longer useful.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2878#discussion_r322343677