Return-Path: X-Original-To: quic-issues@ietfa.amsl.com Delivered-To: quic-issues@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FADE120120 for ; Mon, 11 Nov 2019 21:03:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.999 X-Spam-Level: X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lsFEuax-_ev2 for ; Mon, 11 Nov 2019 21:03:32 -0800 (PST) Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAE5F120113 for ; Mon, 11 Nov 2019 21:03:32 -0800 (PST) Received: from github-lowworker-c53a806.ac4-iad.github.net (github-lowworker-c53a806.ac4-iad.github.net [10.52.23.45]) by smtp.github.com (Postfix) with ESMTP id 044FC661184 for ; Mon, 11 Nov 2019 21:03:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1573535012; bh=7H2yRL/1Fg82RfhLJOH/Hwn6x4j2YW8ua2iYkC5R/WE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=lqK5R7+DQWfFCQGOjlDXL+TBbWzgXLaLIrHJhTW+YxywqudltPwqPSqCDasUMK1BK rGnrrAlpOl4Np8mxhq+d1Rpy/e/kw8ycqdrcji+DKiTGyfuEf/CGrP0lOYjm/C22Q/ REn1kkk1l00qaayWxhSQWRUj52PEZxMkrojwJtyU= Date: Mon, 11 Nov 2019 21:03:31 -0800 From: Martin Thomson Reply-To: quicwg/base-drafts To: quicwg/base-drafts Cc: Subscribed Message-ID: In-Reply-To: References: Subject: Re: [quicwg/base-drafts] A day in the life (#3225) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5dca3d23e5fac_6a343ff3166cd95c7644b1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: martinthomson X-GitHub-Recipient: quic-issues X-GitHub-Reason: subscribed X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: quic-issues@ietf.org Archived-At: X-BeenThere: quic-issues@ietf.org X-Mailman-Version: 2.1.29 List-Id: Notification list for GitHub issues related to the QUIC WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Nov 2019 05:03:35 -0000 ----==_mimepart_5dca3d23e5fac_6a343ff3166cd95c7644b1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit martinthomson commented on this pull request. > +handshake phase. 0-RTT allows application messages to be sent by a client +before receiving any messages from the server. However, 0-RTT lacks certain key +security guarantees. In particular, there is no protection against replay +attacks in 0-RTT; see {{QUIC-TLS}}. Separately, a server can also send +application data to a client before it receives the final cryptographic +handshake messages that allow it to confirm the identity and liveness of the +client. These capabilities allow an application protocol to offer the option to +trade some security guarantees for improved latency. + +The use of connection IDs ({{connection-id}}) allows connections to migrate to a +new network path, both as a direct choice of an endpoint and when forced by a +change in a middlebox. {{migration}} describes how a migration can be performed +securely without adversely affecting privacy. + +For connections that are no longer needed or desired, there are several ways for +a client and server to agree to remove connection state ({{termination}}). Yeah, I had that in the first cut, but then removed it. The referenced section has enough information about closing. It's not super-important to duplicate all that text when it is so succinctly stated later. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/3225#discussion_r345018506 ----==_mimepart_5dca3d23e5fac_6a343ff3166cd95c7644b1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@martinthomson commented on this pull request.

In draft-ietf-quic-transport.md:

> +handshake phase.  0-RTT allows application messages to be sent by a client
+before receiving any messages from the server.  However, 0-RTT lacks certain key
+security guarantees. In particular, there is no protection against replay
+attacks in 0-RTT; see {{QUIC-TLS}}.  Separately, a server can also send
+application data to a client before it receives the final cryptographic
+handshake messages that allow it to confirm the identity and liveness of the
+client.  These capabilities allow an application protocol to offer the option to
+trade some security guarantees for improved latency.
+
+The use of connection IDs ({{connection-id}}) allows connections to migrate to a
+new network path, both as a direct choice of an endpoint and when forced by a
+change in a middlebox.  {{migration}} describes how a migration can be performed
+securely without adversely affecting privacy.
+
+For connections that are no longer needed or desired, there are several ways for
+a client and server to agree to remove connection state ({{termination}}).

Yeah, I had that in the first cut, but then removed it. The referenced section has enough information about closing. It's not super-important to duplicate all that text when it is so succinctly stated later.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

----==_mimepart_5dca3d23e5fac_6a343ff3166cd95c7644b1--