Re: [quicwg/base-drafts] Add retry integrity tag (#3120)

ekr <> Wed, 20 November 2019 02:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62C27120B3B for <>; Tue, 19 Nov 2019 18:55:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fM03az4TE6lk for <>; Tue, 19 Nov 2019 18:55:56 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D3B2B120AEE for <>; Tue, 19 Nov 2019 18:55:54 -0800 (PST)
Date: Tue, 19 Nov 2019 18:55:54 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1574218554; bh=tdQQFxY1etCo4SHIbAOsl6jZkKkTTIRrcyEvEsjQkOs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=fkmJGgnJLj2ZN1aZ5PltTW4gf/pPV8N8SclJSKFAkKkPy4zNp8AvumnNuFOBlFDtI v4w+Ks+L+UulsbSQ6/c1RSgYlCGQs5zrswAOssuCkBTQhN6TE7PoVa4umh8zrC3Aa1 tVLFtwwq04i3SN+uiFoVeYVgpUUOHu3I7eGc7z00=
From: ekr <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3120/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add retry integrity tag (#3120)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dd4ab3a261e3_79683fb9558cd964165b5"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Nov 2019 02:56:02 -0000

To recap my proposal from this morning.

1. We should have a separate fixed key derived by HKDF-ing the salt. This is just good key separation practice and we can publish the fixed value in the spec if we want. I think there was consensus on this and I can send text for this. @DavidSchinazi ?

2. We should encrypt the token using that fixed key and use the top min(12,dcid_len) bytes of the DCID. This will provide some obfuscation at the cost of just the AES operation but not the KDF.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: