Re: [quicwg/base-drafts] use a HANDSHAKE_DONE frame to drive the handshake to confirmation (#3145)
Marten Seemann <notifications@github.com> Thu, 24 October 2019 08:47 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE554120074 for <quic-issues@ietfa.amsl.com>; Thu, 24 Oct 2019 01:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l3sYnzGW-iJz for <quic-issues@ietfa.amsl.com>; Thu, 24 Oct 2019 01:47:17 -0700 (PDT)
Received: from out-18.smtp.github.com (out-18.smtp.github.com [192.30.252.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4155912006B for <quic-issues@ietf.org>; Thu, 24 Oct 2019 01:47:17 -0700 (PDT)
Date: Thu, 24 Oct 2019 01:47:16 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1571906836; bh=54n76aFXTUmDd/5lbnogU2hQQ2biEJQ7NZvEftzVxzk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=MZg0UwQ5Z6FczsXGo5uK/oD9p/OyXib1l7muUAq0YImEJLGJoHB0ya77euCJoo1L5 mOLJkX7k0kBCjSHVdpDqT8nj80qZmvUDA0GGk38BTdMWVQ1iPpZpUt4qZXzjFZJY7W xyyW0boGeD2N8Wcj6/8bF7sSnihmWZWTJqmUcQkw=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK72J64DOYZEQKONKUV3X2S2JEVBNHHB475TUU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3145/review/306410563@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3145@github.com>
References: <quicwg/base-drafts/pull/3145@github.com>
Subject: Re: [quicwg/base-drafts] use a HANDSHAKE_DONE frame to drive the handshake to confirmation (#3145)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db16514596e0_1a2d3feac0acd95c78499"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/VHoFWg-0dxsLfzv4h8Djh7y-eiU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 08:47:19 -0000
marten-seemann commented on this pull request. > @@ -760,14 +756,12 @@ and ignoring any outstanding Initial packets. ### Discarding Handshake Keys -An endpoint MUST NOT discard its handshake keys until the TLS handshake is -confirmed ({{handshake-confirmed}}). An endpoint SHOULD discard its handshake -keys as soon as it has confirmed the handshake. Most application protocols -will send data after the handshake, resulting in acknowledgements that allow -both endpoints to discard their handshake keys promptly. Endpoints that do -not have reason to send immediately after completing the handshake MAY send -ack-eliciting frames, such as PING, which will cause the handshake to be -confirmed when they are acknowledged. +An endpoint MUST discard its handshake keys when the TLS handshake is confirmed I'm not opposed to making this change, but I noticed that in the previous paragraph, we specify the dropping of Initial keys: > Thus, a client MUST discard Initial keys when it first sends a Handshake packet and a server MUST discard Initial keys when it first successfully processes a Handshake packet. Endpoints MUST NOT send Initial packets after this point. Why do we use a MUST there, but not for Handshake keys? To prevent packet injections, it would be sufficient to say "MUST NOT process Initial packets". Should we make it consistent for both encryption levels? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/3145#discussion_r338452317
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… ianswett
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Kazuho Oku
- [quicwg/base-drafts] use a HANDSHAKE_DONE frame t… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Kazuho Oku
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… MikkelFJ
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Mike Bishop
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… MikkelFJ
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… ianswett
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Ryan Hamilton
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… David Schinazi
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Kazuho Oku
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Kazuho Oku
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… MikkelFJ
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… MikkelFJ
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… ianswett
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… David Schinazi
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… martinduke
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… martinduke
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… martinduke
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… ianswett
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… martinduke
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Kazuho Oku
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… David Schinazi
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… David Schinazi
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… David Schinazi
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… ianswett
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… martinduke
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Kazuho Oku
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Christian Huitema
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Ryan Hamilton
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Ryan Hamilton
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Mike Bishop
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Martin Thomson
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… ianswett
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Mike Bishop
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Marten Seemann
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Jana Iyengar
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… MikkelFJ
- Re: [quicwg/base-drafts] use a HANDSHAKE_DONE fra… Christian Huitema