Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)

ianswett <> Thu, 27 September 2018 19:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 82A5E13105F for <>; Thu, 27 Sep 2018 12:39:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ez63rxrdAPZT for <>; Thu, 27 Sep 2018 12:39:26 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8B04D1310A2 for <>; Thu, 27 Sep 2018 12:39:26 -0700 (PDT)
Date: Thu, 27 Sep 2018 12:39:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1538077165; bh=9kTR6ZHYXSjSC/SeN5rVnca8rVLQhV0b9acf+pYq5Zw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=RRq4gLC+at7WhFe/YBlXnIgFImsHFCtkkkizmI2vVKSDio2O5OzciefBqPBqajKyw KVSHxABc9LPzPNbX719+QLpxWI9R8K5VN+uUMUF08nwtldicHc/m8iwAy2tJKF3R5m tMAoFLa32hKvFkQR3k3Vld6TG7MfcVULh7bwUuaQ=
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/1786/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bad31eb8e36c_5a3f3fda2d4d45bc1479ce"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Sep 2018 19:39:29 -0000

I think Ryan's right.  If I'm processing a packet at an encryption level, then there are many ways to close the connection, including an invalid frame in an encryption level, etc.

So I think we're stuck with "Send CONNECITION_CLOSE with the highest keys you know the peer can decrypt."  And try to drop the Initial keys as soon as possible.  Unfortunately, that's currently not that fast at the moment.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: