[quicwg/base-drafts] Tickets/tokens MUST NOT carry application semantics, but carry settings (#3817)

Mike Bishop <notifications@github.com> Thu, 02 July 2020 19:24 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6C023A0486 for <quic-issues@ietfa.amsl.com>; Thu, 2 Jul 2020 12:24:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.555
X-Spam-Level:
X-Spam-Status: No, score=-1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUKJklm2lOTG for <quic-issues@ietfa.amsl.com>; Thu, 2 Jul 2020 12:24:46 -0700 (PDT)
Received: from out-27.smtp.github.com (out-27.smtp.github.com [192.30.252.210]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACD33A0745 for <quic-issues@ietf.org>; Thu, 2 Jul 2020 12:24:46 -0700 (PDT)
Received: from github-lowworker-edec459.ac4-iad.github.net (github-lowworker-edec459.ac4-iad.github.net [10.52.18.32]) by smtp.github.com (Postfix) with ESMTP id E9B85E048C for <quic-issues@ietf.org>; Thu, 2 Jul 2020 12:24:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1593717885; bh=VZ0LEhnhJLdTpB9giblNYtQuLHeiXK/gJ5RiAgEgsLY=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=XyGz5goNESf43tyI8TPmfDLAu3P3S2E/MICcUguTd3kKHmdPYynDdZYLUKbPm3+rs VGrU7wbbZeEfhOwltrNjE0fKXssB78Tte/QeDjH8E7D5EEqdE79OHUVywUWxdubmDs ZFEHw+829qxG2ckLtzUN9DG38oWmyP8Dg02j3A6A=
Date: Thu, 02 Jul 2020 12:24:45 -0700
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZEJ4HXTDUU46TL6355BIKX3EVBNHHCNQEVZQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3817@github.com>
Subject: [quicwg/base-drafts] Tickets/tokens MUST NOT carry application semantics, but carry settings (#3817)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5efe347ddb6fd_68c73f94318cd96c3426ec"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/OlYQzcmKJ0WgDPBLRWk9CGeallE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 19:24:49 -0000

There seems to be a conflict between this assertion in Section 9.2:

> TLS session tickets and address validation tokens are used to carry QUIC configuration information between connections.  These MUST NOT be used to carry application semantics.

...and the fact that 4.8 explicitly discusses how application protocols might need to have data embedded in the session ticket.  (Also, QUIC doesn't use TLS address validation tokens.)  I think this is actually trying to say that receipt of the session ticket MUST NOT cause side-effect beyond setting up the connection, but it's a broader prohibition than that.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3817