Re: [quicwg/base-drafts] Output of the discard keys design team (#2673)

David Schinazi <> Thu, 09 May 2019 20:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5CB6E120145 for <>; Thu, 9 May 2019 13:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.606
X-Spam-Status: No, score=-1.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J6Xu4rHDFCBM for <>; Thu, 9 May 2019 13:46:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5C9771200E3 for <>; Thu, 9 May 2019 13:46:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=vxTqU/empIwxY6302Xq/U1pMKFk=; b=sJH6hyhqAjlTMmpy HKvHdjm4NLh3cnvMfNuZATz3p5h9VxoJN/DRrvPGNz3PKj8dEpz6RvwYgj/FrIn6 DqIqu1HdIG24g3/KBKgdB+aBVIwmQsV6QGvlFQ540wM6ii1Qy0MyCYPxHwi0q0J2 REsCH0RQozantqx4yl9w7rUHVvo=
Received: by with SMTP id filter1762p1mdw1-3526-5CD491B4-10 2019-05-09 20:46:44.218034332 +0000 UTC m=+85597.197729986
Received: from (unknown []) by (SG) with ESMTP id uaxFAgoeQheqvsrXTFGnew for <>; Thu, 09 May 2019 20:46:44.127 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTP id 128CA380089 for <>; Thu, 9 May 2019 13:46:44 -0700 (PDT)
Date: Thu, 09 May 2019 20:46:44 +0000
From: David Schinazi <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2673/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Output of the discard keys design team (#2673)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cd491b41124b_408e3ff1c90cd960172641"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2xUFLKEanvjNTjoMGXF9xl8e/UnPhduJ/MzU EatrcvmHMbp+uWqoahjtBf1aUk108fZ/S/mrjg+PJOMpKiaWIkhisDCfTuFCm3/IQ7NuLh+rEOhDNE iSbP3l7ln5QxE+uTAEGu7x9r2H9KgvVLm8A/bZUxzkrWu3PPcKgfU7wco1ENlbxJhrttHfzCSat6Xl c=
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 May 2019 20:46:47 -0000

DavidSchinazi commented on this pull request.

> @@ -1116,9 +1145,21 @@ TLS KeyUpdate message.  Endpoints MUST treat the receipt of a TLS KeyUpdate
 message as a connection error of type 0x10a, equivalent to a fatal TLS alert of
 unexpected_message (see {{tls-errors}}).
-An endpoint MUST NOT initiate more than one key update at a time.  A new key
-cannot be used until the endpoint has received and successfully decrypted a
-packet with a matching KEY_PHASE.
+An endpoint MUST NOT initiate the first key update until the handshake is
+confirmed ({{handshake-confirmed}}). An endpoint MUST NOT initiate a subsequent
+key update until it has received an acknowledgment for a packet sent at the
+current KEY_PHASE.  This can be implemented by tracking the lowest packet
+number sent with each KEY_PHASE, and the highest acknowledged packet number
+in the 1-RTT space: once the latter is higher than or equal to the former,
+another key update can be initiated.
+Endpoints MAY limit the number of sets of keys they retain to two sets for
+removing packet protection and one set for protecting packets.  Older keys
+can be discarded.  Updating keys multiple times rapidly can cause
+packets to be effectively lost if packets are significantly delayed.


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: