Re: [quicwg/base-drafts] use key update for confirming the handshake (#3141)

Martin Thomson <> Thu, 24 October 2019 03:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3FF35120152 for <>; Wed, 23 Oct 2019 20:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6Ty7bk8UKULU for <>; Wed, 23 Oct 2019 20:38:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F54C12012A for <>; Wed, 23 Oct 2019 20:38:10 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7BDEB660B78 for <>; Wed, 23 Oct 2019 20:38:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1571888289; bh=8cEthA0yNt7SYUpNNGounMRyz0jUmk1AF4Fx4Xzciz4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=W784rSgzegG5hHEuJk8PHz4if2UjKhmGEheQEsY4WMJ7IzJvKqIPtxYzdNg0GMgvy 2u8ZDlWSqmbmpjIGnODUwGNWpnmncCk/Cz17EcM/rEXBFNM7pM04Rs2RCLmRIaMfxm RUB0maimPOZyYRM7APlGw/bB+HjNNDQgEwO83AyQ=
Date: Wed, 23 Oct 2019 20:38:09 -0700
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3141/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] use key update for confirming the handshake (#3141)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db11ca16d560_1a553fddf48cd964108654"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Oct 2019 03:38:12 -0000

martinthomson requested changes on this pull request.

This lacks motivating force.  You have to not only initiate a key update, but keep sending packets in order to drive this to completion.  When responding to a key update in this case, you also need to keep sending packets.

Having the initiator of the key update send an ack-eliciting packet might suffice to ensure that this process drives to completion.  But we still don't require a packet on PTO, so it would need to be even stronger than that.  If the initiator keeps sending ack-eliciting packets, it's peer will be forced to acknowledge them and this will eventually resolve itself, but without that this could hang like before.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: