Re: [quicwg/base-drafts] Receiver's behavior on key update (#2791)

Kazuho Oku <> Mon, 17 June 2019 06:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D4F5A1200E6 for <>; Sun, 16 Jun 2019 23:09:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.008
X-Spam-Status: No, score=-8.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PjjSeQOUXXn7 for <>; Sun, 16 Jun 2019 23:09:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D38C31200D6 for <>; Sun, 16 Jun 2019 23:09:53 -0700 (PDT)
Date: Sun, 16 Jun 2019 23:09:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1560751792; bh=d1nX+y8OD8t32hMX5Kj612bs2BlVf4EVSCUX3s+TN4I=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=r+e4eLvwQitLPXYDWalg8HCnKAjgp8iAgPv7aEQLJ06gmbj0TLSKwQ99XF5zpF+Wq jaVsn+vk3QahoKxwgmmmtcYVsFbV2DcJPaY/TFP+8p/Bfyd2LGcrCX+BcDXhhGt6qN iIf6WVvSPHFqSMAC8/6BZP46/3c+N/J9C/7J6WtM=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2791/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Receiver's behavior on key update (#2791)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d072eb0c4728_2a583f93518cd95c23538a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 17 Jun 2019 06:09:56 -0000

@DavidSchinazi Thank you for the comments.

> Perhaps we should keep `and one set for protecting packets`

I've updated the text to clarify that only one send keys is needed at a time (it's a fact, not something we need to enforce or encourage), and have changed "MAY limit to two" to "SHOULD retain at least two receive keys." Technically this changes the RFC 2119 keyword, but I think that the intent of the text is better clarified with the change.

> and add details about what `the endpoint installs the updated keys` means - I think you mean the endpoint installs the updated receive keys and if the packet decrypts successfully also updates sending keys.

I've changed the text to "the endpoint installs the updated _receive_ keys." What needs to be done when the receive key is updated is clarified later on, in the paragraph that starts with "If the packet can be decrypted and authenticated using the updated key and IV...". I think that the text flows better now.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: