Re: [quicwg/base-drafts] Minor TLS draft editorial corrections (#2446)

MikkelFJ <> Sat, 09 February 2019 07:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 29BE2131182 for <>; Fri, 8 Feb 2019 23:57:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5pEtiNNwRCU8 for <>; Fri, 8 Feb 2019 23:57:07 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8EE7F130F2F for <>; Fri, 8 Feb 2019 23:57:07 -0800 (PST)
Date: Fri, 08 Feb 2019 23:57:06 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1549699026; bh=paQ+XGnTha6jE+8o18QwW0FRweHRi/cuD6ZNN8x2i18=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OvFh28JuU7b4aauE0/vP9S0gKW64oXmjFE8RKgY25rmEo3xo4VtWmMauVHA5OTQxg AH1hCx2qLiglAmGAUQRFxBebptOx1SVDK+mdcLLtJcS+4ARBGO2Sq1lWl7GOOj0liB Jov6NQWNHPxY6HJtJttY7+0Tm17LCA69JnWqA6/s=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2446/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Minor TLS draft editorial corrections (#2446)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5e87d2248ce_8613fd1ebcd45b81383ac"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 09 Feb 2019 07:57:10 -0000

mikkelfj commented on this pull request.

> @@ -216,10 +216,12 @@ Note that this omits the EndOfEarlyData message, which is not used in QUIC (see
 Data is protected using a number of encryption levels:
-- Plaintext
-- Early Data (0-RTT) Keys
-- Handshake Keys
-- Application Data (1-RTT) Keys
+- Initial Keys can be derived by any observer, and so they do not
+  provide cryptographic protection or authentication.
+- Early Data (0-RTT) Keys. These keys are not forward-secure and must protect
+  only idempotent data.
+- Handshake Keys do not authenticate either endpoint.
+- Application Data (1-RTT) Keys provide full authentication and encryption.

I think this looses to overview of what levels exist. This bullet list now replaces an overview with an explanation. Perhaps keep the original list, and add an explanation below.

> @@ -269,7 +271,7 @@ At a high level, there are two main interactions between the TLS and QUIC
 * The TLS component sends and receives messages via the QUIC component, with
-  QUIC providing a reliable stream abstraction to TLS.
+  QUIC providing a reliable stream and record abstraction to TLS.

I'm not sure QUIC provides the record abstraction, at least not entirely, it only handles the record protection. TLS still does its own internal record framing as I understand it, but don't take my word for it.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: