Re: [quicwg/base-drafts] Forbid TLS-level KeyUpdate in draft-ietf-quic-tls (#1833)

David Benjamin <> Thu, 04 October 2018 23:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7E3EF129385 for <>; Thu, 4 Oct 2018 16:21:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T_ZnQqftdN6V for <>; Thu, 4 Oct 2018 16:21:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CEEBC130DC4 for <>; Thu, 4 Oct 2018 16:21:48 -0700 (PDT)
Date: Thu, 04 Oct 2018 16:21:47 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1538695307; bh=wW4E/lZBsskyZnE61DcQHH6H9eE3H2eAbmg7K9QA5+E=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=FohP1asnEIVMq4JuSXjdrVZWVB3LZux7xEkVapnUOXxgYkbKI0J+NAzGzrUYv8YpY IQADsLYMxMjckvqWkqpfZ85iqnsuXSmjTab+YGRUOZ0zUxhG7pGFTFldlxLFt3fOXr 3rnIPhkWBk7qVSL+ztoRJxoh4nE3hbrAYIIzlT0k=
From: David Benjamin <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/1833/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Forbid TLS-level KeyUpdate in draft-ietf-quic-tls (#1833)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bb6a08bca8db_760f3fa543cd45c4106299"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: davidben
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Oct 2018 23:21:51 -0000

Right. Thus "[s]ince QUIC uses its own mechanism". :-)

Either way, the KeyUpdate message should be discussed in that text somewhere. If QUIC replaces it with its own mechanism, the spec text should forbid it. If QUIC makes TLS-level KeyUpdate somehow meaningful, it's got to actually specify what it does. QUIC handles record encryption and isn't ordered like TCP. The existing TLS KeyUpdate behavior doesn't apply.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: