Re: [quicwg/base-drafts] TLS MUST NOT deliver server 1RTT Rx keys until getting Finished (#3173)

Kazuho Oku <> Thu, 31 October 2019 14:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9DD2812006F for <>; Thu, 31 Oct 2019 07:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MQ_fyoBdPX44 for <>; Thu, 31 Oct 2019 07:10:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E81BA12006B for <>; Thu, 31 Oct 2019 07:10:44 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 339361C0597 for <>; Thu, 31 Oct 2019 07:10:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572531044; bh=s0D4SNTvdWUGNnS9n1/fD1hPI8FeE21QwIeNejOrYxU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=bEuWmajg6VCQELrEbpEcmubYU7HNYyrdssAsAvKeTAhK2rLsQB0Ig8oMXA9PEkJSg IVMglEN3udxt1KCDD+U6VwlkYvovsgRXIslMdqpVwcfgCtEIYaHGG5jX6kCNAex+sO /5zObstBGWeLGPc7k4jvuTc/kne8A6Y8h+cmenjQ=
Date: Thu, 31 Oct 2019 07:10:44 -0700
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3173/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] TLS MUST NOT deliver server 1RTT Rx keys until getting Finished (#3173)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dbaeb641fe4a_33cf3ff7c82cd96861754"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 14:10:47 -0000

@ghedo Regardless of if we should use the normative language in QUIC-TLS, I think that RFC 8446, Section 4.4.4 clarifies what the requirements are, i.e.:
* do not use the 1-RTT keys until the Finished is received
* with the exception of 0-RTT
* and also with the exception of 0.5-RTT, while keeping in mind that the peer's identity or liveness has not been asserted.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: