Re: [quicwg/base-drafts] Add retry integrity tag (#3120)

Martin Thomson <> Thu, 31 October 2019 00:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C2318120018 for <>; Wed, 30 Oct 2019 17:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eaxxMxbUDS0L for <>; Wed, 30 Oct 2019 17:30:22 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 793EC12022C for <>; Wed, 30 Oct 2019 17:30:22 -0700 (PDT)
Date: Wed, 30 Oct 2019 17:30:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572481821; bh=1isZeEK5TJXpfedQEemBEmCQH8VOgU0B0nRqqcgRkNM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=PwHTI2aW6jYmje+mFmC7iF6tQQHc5sQObqMVQ3psCQOFFW9gvN2MaBqfhdUwzE+eG VoJuCA18NztN1MAYS9NpiNjAHwmjXljj3g5poyrAZ8uJqhMRKojSv4736v/kQ00Faw 7Ku7+GEPdFijsSAwRvLh4az6zvTH/DDCQ39K2ipE=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3120/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add retry integrity tag (#3120)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dba2b1d9c598_5a503fea3c0cd968785dc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 00:30:24 -0000

So though there is a simple and easy optimization, many implementations will have AES-GCM available, but won't have an independent GHASH on tap.  And getting the mask requires effort.  And client's can't predict how many bytes of mask they need, so they would have to get quite a few.  I'm speculating here, but I tend to think that this puts a thumb on the scale in the right way.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: