Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)

ianswett <> Fri, 06 September 2019 21:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CDE38120DE8 for <>; Fri, 6 Sep 2019 14:19:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UsZnQVvEJ5v5 for <>; Fri, 6 Sep 2019 14:19:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1863D120868 for <>; Fri, 6 Sep 2019 14:19:56 -0700 (PDT)
Date: Fri, 06 Sep 2019 14:19:55 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1567804795; bh=8o4uiQOo1Ju0I36TT7mJSmqYZ/iDYOYJskBDKF+mcFs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=f620dqyToPRGivzVgGlTA1evWwlothy0XdQuCBU0nyc7UnnbEwKWh2WZMIB4inBtv 0aof4tbh9SbY3zSAMBDCzh56HlL/s8BYuTwPMCiKM5x4XrlQbNUJRqQRhlD9YEDkeI c6Ue146M5f7iiBeaRW3fWuvfQZenNd/sci7GVpjE=
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2878/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d72cd7b57773_4a3b3fcd65ecd96c56746"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Sep 2019 21:19:58 -0000

ianswett commented on this pull request.

> @@ -804,17 +803,14 @@ modifying the contents of packets from future versions.
 The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial
 packets even where the TLS versions offered do not include TLS 1.3.
+The secrets used for protecting Initial packets do not change during the
+connection, even after receiving a Retry.  A server that sends a Retry
+therefore needs to either remember Initial protection keys or save them

Good point, MT suggested some simplifications to the text and I added a sentence clarifying that this is not a new requirement, it just changes when the connection ID is used.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: