Re: [quicwg/base-drafts] Separate key/secret availability from usage (#1654)
Nick Banks <notifications@github.com> Tue, 14 August 2018 01:44 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3FB6130E50 for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 18:44:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6gp0ScyEIuXH for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 18:44:42 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9180312D949 for <quic-issues@ietf.org>; Mon, 13 Aug 2018 18:44:42 -0700 (PDT)
Date: Mon, 13 Aug 2018 18:44:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1534211081; bh=TuS0D8QhCbJ6eORb6rU/fGavsDm6woFGRiqBOPgZeVM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=003CPSm0Ndy10fDhlel3gNhSCPPLBlfz/Yycr7yUK/p2bCf7Gm6SkhgV+G5Mb31HC MIC5VSZsQHGAAEwFE2zLuGKqwq7FPENADi0+6wmMc509rnzjgkuciJyZVjhp3PyT45 wlQZugWozb1vYXlPQU/MTU0B646/1eTxu3mzH2WA=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab8b876cc70015581873acf5da9d2405eaeb70237a92cf000000011789f60992a169ce14db09b1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1654/review/145893223@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1654@github.com>
References: <quicwg/base-drafts/pull/1654@github.com>
Subject: Re: [quicwg/base-drafts] Separate key/secret availability from usage (#1654)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b723409bb089_52093fc0942be6186039f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/_Alo8hm-hHkWmHAzjWdppoWrEME>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2018 01:44:44 -0000
nibanks commented on this pull request. > -CRYPTO frame in Handshake encryption) may send STREAM data (in 1-RTT -encryption). However, if the Finished is lost, the client would have to -retransmit the Finished, in which case it would use Handshake encryption. - +Although TLS only uses one encryption level at a time, QUIC may use more than +one level. For instance, after sending its Finished message (using a CRYPTO +frame at the Handshake encryption level) an endpoint can send STREAM data (in +1-RTT encryption). If the Finished message is lost, the endpoint uses the +Handshake encryption level to retransmit the lost message. + +In particular, server implementations need to be able to read packets at the +Handshake encryption level before the final TLS handshake message at the 0-RTT +encryption level (EndOfEarlyData) is available. Though the content of CRYPTO +frames at the Handshake encryption level cannot be forwarded to TLS before +EndOfEarlyData is processed, the client could send ACK frames that the server +needs to process in order to detect lost Handshake packets. One of the reasons I opened #1592 was to make it easier to know when one part of the CRYPTO stream ended and another started. It also ordering easier and more explicit, IMO. But everyone seemed to disagree at the time. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/1654#discussion_r209808215
- [quicwg/base-drafts] Separate key/secret availabi… Martin Thomson
- Re: [quicwg/base-drafts] Separate key/secret avai… MikkelFJ
- Re: [quicwg/base-drafts] Separate key/secret avai… Christian Huitema
- Re: [quicwg/base-drafts] Separate key/secret avai… Martin Thomson
- Re: [quicwg/base-drafts] Separate key/secret avai… Martin Thomson
- Re: [quicwg/base-drafts] Separate key/secret avai… Christian Huitema
- Re: [quicwg/base-drafts] Separate key/secret avai… Kazuho Oku
- Re: [quicwg/base-drafts] Separate key/secret avai… Christian Huitema
- Re: [quicwg/base-drafts] Separate key/secret avai… Nick Banks
- Re: [quicwg/base-drafts] Separate key/secret avai… Kazuho Oku
- Re: [quicwg/base-drafts] Separate key/secret avai… Mike Bishop
- Re: [quicwg/base-drafts] Separate key/secret avai… Martin Thomson
- Re: [quicwg/base-drafts] Separate key/secret avai… Martin Thomson
- Re: [quicwg/base-drafts] Separate key/secret avai… Mike Bishop
- Re: [quicwg/base-drafts] Separate key/secret avai… Kazuho Oku
- Re: [quicwg/base-drafts] Separate key/secret avai… MikkelFJ