Re: [quicwg/base-drafts] Document request forgery (#3996)

Martin Thomson <> Mon, 24 August 2020 02:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C15853A093C for <>; Sun, 23 Aug 2020 19:10:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.153
X-Spam-Status: No, score=-0.153 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_16=1.048, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jpN7Btx2jTgE for <>; Sun, 23 Aug 2020 19:10:41 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2C1433A093B for <>; Sun, 23 Aug 2020 19:10:41 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 76EEF840069 for <>; Sun, 23 Aug 2020 19:10:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1598235040; bh=aR87SMujWJ/DwuHZ28OfylnA1Ind8/UDmRA0Bis5/5c=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=nA5u7BQYudKQ+h3bw8InRpTagmdSJJJjNDfWFtiEk/hC7cePFYYJ3aNKcRomt/cwk PNUdrvIqhvZGHhOdB48rRMkDxT7O3FYRdSHnamh/TZ/AcwvWaSw7TqtJ23+bUk05eH yj4/sivA8RenWNrb2FucuKWdviU4MkIUkw8YBDYg=
Date: Sun, 23 Aug 2020 19:10:40 -0700
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3996/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Document request forgery (#3996)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f4321a066759_5129196422043"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Aug 2020 02:10:43 -0000

A server might be able to control 0-RTT content, but it can't control 0-RTT keys because those are derived from the ClientHello, which includes a nonce value the server can't predict (ClientHello.random).  I note here that this is true for our TLS integration, but might not be true for other cryptographic handshakes.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: