Re: [quicwg/base-drafts] for Retry integrity protection, use values that can be derived from AEAD API (#3365)

Martin Thomson <> Mon, 20 January 2020 06:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0DDB7120025 for <>; Sun, 19 Jan 2020 22:33:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xy3q673MbXCh for <>; Sun, 19 Jan 2020 22:33:06 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3113B120043 for <>; Sun, 19 Jan 2020 22:33:06 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 8C9F66E041D for <>; Sun, 19 Jan 2020 22:33:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1579501985; bh=c7rmZztbD7S3hQdZLwDiOXOerqTxc5ga9Uffu8DdUco=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=EuUlSWZIFsRywvkRlNxK23uJKTwwtlrjmOOZbrUXZdq/R7+UCkBLVsoTT5fZg8RJb x3ogzeicey8EWDChPxh1zVY7/KdgFq/godTvTtDI5zYHbyzsNf+s89EncDx7ZwAIWG p83suGTteilUL1UshnymGFZonF+eUfqDeeg0JQ2g=
Date: Sun, 19 Jan 2020 22:33:05 -0800
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3365/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] for Retry integrity protection, use values that can be derived from AEAD API (#3365)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e2549a17d685_3b703fb9598cd96028429e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Jan 2020 06:33:08 -0000

martinthomson approved this pull request.

If this is the outcome, then this seems fine.

>  - The plaintext, P, is empty.
 - The associated data, A, is the contents of the Retry Pseudo-Packet, as
   illustrated in {{retry-pseudo}}:
+The secret key and the nonce are values derived by calling HKDF-Expand-Label
+using 0x656e61e336ae9417f7f0edd8d78d461e2aa7084aba7a14c1e9f726d55709169a as the
+secret, with labels being "quic key" and "quic iv".

I would cite the section where we describe how to use HKDF-Expand-Label in QUIC.  Otherwise people will be inclined to ask things like "What is L?", when that is more clearly described in that section.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: