Re: [quicwg/base-drafts] Be clearer about protections (#3900)
ianswett <notifications@github.com> Fri, 17 July 2020 13:33 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D79143A08CD for <quic-issues@ietfa.amsl.com>; Fri, 17 Jul 2020 06:33:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.483
X-Spam-Level:
X-Spam-Status: No, score=-1.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5aPvV0YNKjAS for <quic-issues@ietfa.amsl.com>; Fri, 17 Jul 2020 06:33:54 -0700 (PDT)
Received: from out-28.smtp.github.com (out-28.smtp.github.com [192.30.252.211]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8725A3A08CB for <quic-issues@ietf.org>; Fri, 17 Jul 2020 06:33:54 -0700 (PDT)
Received: from github-lowworker-ca235ff.ash1-iad.github.net (github-lowworker-ca235ff.ash1-iad.github.net [10.56.110.15]) by smtp.github.com (Postfix) with ESMTP id 5B9038C1275 for <quic-issues@ietf.org>; Fri, 17 Jul 2020 06:33:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1594992833; bh=Hcrkfr4hLl79iqCjMwI7a8RH1Mtu1En0bOQh9VIWq0k=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wiHihnOCi1X5XfpVGeb5gH6ATatUjLBQy6F7tR0yFUfilQ51PdgLJPy2bPiLlhQGG fzW5eH2A5MaYMeNUQ1pYkCw6yo+dNd/eFSSJ2bY0fWuGuLTb7qRm4gZ2Ork91ZBCgq j8Xx1lscfTXf/bdnc9fAaBwQk9QiggAme+JV2YA4=
Date: Fri, 17 Jul 2020 06:33:53 -0700
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZBKH4SBGBA5P6QNU55DWE4DEVBNHHCOH2M5A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3900/review/450660493@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3900@github.com>
References: <quicwg/base-drafts/pull/3900@github.com>
Subject: Re: [quicwg/base-drafts] Be clearer about protections (#3900)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f11a8c14c43b_2b2c3f85256cd95c180117"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/M93rNcqmnxez3bn8BdJVcNhqgu0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 13:33:56 -0000
@ianswett commented on this pull request.
> +
+* Version Negotiation packets have no cryptographic protection.
+
+* Retry packets use AEAD_AES_128_GCM to provide protection against accidental
+ modification or insertion by off-path adversaries; see
+ {{retry-integrity}}.
+
+* Initial packets use AEAD_AES_128_GCM with keys derived from the Destination
+ Connection ID field of the first Initial packet sent by the client; see
+ {{initial-secrets}}.
+
+* All other packets have strong cryptographic protections for confidentiality
+ and integrity, using keys and algorithms negotiated by TLS.
+
+This section describes how packet protection is applied to Handshake packets,
+0-RTT packets, and packets with short headers. The same packet protection
Fair, but it seems odd to me to talk about the header length and not mention the keys being used.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3900#discussion_r456444805
- [quicwg/base-drafts] Be clearer about protections… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Mike Bishop
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… ianswett
- Re: [quicwg/base-drafts] Be clearer about protect… Jana Iyengar
- Re: [quicwg/base-drafts] Be clearer about protect… Kazuho Oku
- Re: [quicwg/base-drafts] Be clearer about protect… Marten Seemann
- Re: [quicwg/base-drafts] Be clearer about protect… ianswett
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Kazuho Oku
- Re: [quicwg/base-drafts] Be clearer about protect… Jana Iyengar
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson
- Re: [quicwg/base-drafts] Be clearer about protect… Martin Thomson