Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)

David Schinazi <> Sun, 21 July 2019 20:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AB3B81200B6 for <>; Sun, 21 Jul 2019 13:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wmc3BFVlWldb for <>; Sun, 21 Jul 2019 13:22:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EFB1012001B for <>; Sun, 21 Jul 2019 13:22:55 -0700 (PDT)
Date: Sun, 21 Jul 2019 13:22:55 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1563740575; bh=de3HULHxLO3Xb5qP6B/k4sT2GkxFaLu3dQPzIii545M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=cmngQR86xW4lW9EK9yDj11xNNgDrz1Jq2B52PZXsNi5mxpggB7lLqDA9tV3TgsX1P sqJDeGLquWBPvsTmPOpuUTHjrJiE3mhjAQ2H7wFAIp+zDlKknX+2KibOc08rH5436a cSpzz9KDVhbXClVuvKNkdSv6ixGzqV8RSJ52W9K0=
From: David Schinazi <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2878/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d34c99f2be45_28283fb22d2cd96c5386b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 21 Jul 2019 20:22:58 -0000

DavidSchinazi commented on this pull request.

> @@ -804,17 +803,14 @@ modifying the contents of packets from future versions.
 The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial
 packets even where the TLS versions offered do not include TLS 1.3.
+The secrets used for protecting Initial packets do not change during the
+connection, even after receiving a Retry.  A server that sends a Retry
+therefore needs to either remember Initial protection keys or save them

Shouldn't this just say that the server already needs to have access to the original destination CID because of the `original_connection_id` transport parameter? I don't think the server needs to remember/encode initial keys on top of that

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: