Re: [quicwg/base-drafts] Retry integrity protection should not add new requirements to TLS API (#3366)

Martin Thomson <> Mon, 20 January 2020 06:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 83F20120043 for <>; Sun, 19 Jan 2020 22:31:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.682
X-Spam-Status: No, score=-3.682 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id i5RztYMxETd9 for <>; Sun, 19 Jan 2020 22:31:15 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ABAA3120025 for <>; Sun, 19 Jan 2020 22:31:15 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 157F48C0F25 for <>; Sun, 19 Jan 2020 22:31:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1579501875; bh=dRaw1LaHVadNlTex/Lfy0cCA70APW8JvdJOFfJBTcXE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=qJJXE9AVOsVhIhnbdlqhFvXGaq7e5JKDw1s8iutLrQtG4XW3liDBCcZ/UvQMswz6Y FzNV+GFSBRCFeycpR4MYXKRWHmIRrM8dspWjPXpIpeZSmAmvdlkfKJS30P7Z8t+5+B 5rJRIAb+7xt0bKpN1Fs9V9t/+Tx121x4QuXrre4U=
Date: Sun, 19 Jan 2020 22:31:15 -0800
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3366/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Retry integrity protection should not add new requirements to TLS API (#3366)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e2549335992_16513fb0d38cd96c3194e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Jan 2020 06:31:17 -0000

It would be easier for me to do as @kazuho suggested, but the overall effort is small.  I can live with either answer.  Note that the additional indirection can be hard-coded out if people find they want to prime their AES directly.  Of course, you don't need to run AES at all if you want to go that far.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: