Re: [quicwg/base-drafts] Add application parameters to QUIC handshake and use it for H3 SETTINGS (#3086)

MikkelFJ <> Fri, 11 October 2019 05:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AB3D112004C for <>; Thu, 10 Oct 2019 22:45:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iTw8cClO5liH for <>; Thu, 10 Oct 2019 22:45:48 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3CC3E12003E for <>; Thu, 10 Oct 2019 22:45:48 -0700 (PDT)
Date: Thu, 10 Oct 2019 22:45:47 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1570772747; bh=k+cMKb4V6hEf+KgO5jw5Ck+eCgBFob3J9BfS4dgbINs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=kWhxLEFysrpkZ+2aBtPJG/mTAlvSsZCP0oF9E/KgWAaYX61XToJJVwjg3+31IvnHA wz8o/ItOE7iG3bXdSHG0AsC0lsNHcJ69NPSF2QCgY+QTeQG+77XdJFAiIsBGudpai+ yPlrs4AFrE0YjkIP0JeBkMbdLzh8yOyQpGYcPk8c=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3086/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Add application parameters to QUIC handshake and use it for H3 SETTINGS (#3086)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5da0170b4f04b_189a3f85332cd95c33697b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 11 Oct 2019 05:45:50 -0000

@nharper I believe you forgot to mention that early settings are not protected which can lead to privacy concerns both in terms of fingerprinting (but it has been argued that this is no worse than what already is), and in terms of actually reading the data. The last part is a concern because we already have problems with host names not being protected properly in the current form. You could encrypt early parameters with a symmetric key that is only learned post handshake, but I'm not sure if you can do this without introducing delays.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: