Re: [quicwg/base-drafts] Rework Key Update (#2237)
hardie <notifications@github.com> Wed, 09 January 2019 22:25 UTC
Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8A1212D84C for <quic-issues@ietfa.amsl.com>; Wed, 9 Jan 2019 14:25:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.553
X-Spam-Level:
X-Spam-Status: No, score=-7.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvDrwC4Zz2I8 for <quic-issues@ietfa.amsl.com>; Wed, 9 Jan 2019 14:25:13 -0800 (PST)
Received: from o11.sgmail.github.com (o11.sgmail.github.com [167.89.101.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02762124D68 for <quic-issues@ietf.org>; Wed, 9 Jan 2019 14:25:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4UTD7g1MJT27Jade9W2my56GOJ4=; b=IrMKSUrNrsYp+Jau WFvsPBdtBb+5DAJjSptbCb45/jahfdLVf6t5wY8X7xRDSLd96ua98kd/EtXHzXSb zx1eZgmRsonggPnEokGKWg1we1jJydCIFzE7+3mz9e1O1+HJZp7NavDyx5AyJYE1 ZRPGqr/ZvvRPEPrmFHyCLzwBDsE=
Received: by filter0218p1iad2.sendgrid.net with SMTP id filter0218p1iad2-26326-5C3674C7-1F 2019-01-09 22:25:11.815593802 +0000 UTC m=+154074.127422045
Received: from github-lowworker-89d05ac.cp1-iad.github.net (unknown [192.30.252.35]) by ismtpd0014p1iad2.sendgrid.net (SG) with ESMTP id UJMY672cTC-GoEPl_0ajlw for <quic-issues@ietf.org>; Wed, 09 Jan 2019 22:25:11.720 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-89d05ac.cp1-iad.github.net (Postfix) with ESMTP id ADAD1AE0324 for <quic-issues@ietf.org>; Wed, 9 Jan 2019 14:25:11 -0800 (PST)
Date: Wed, 09 Jan 2019 22:25:11 +0000
From: hardie <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba1231a691f126ed79d984819ee233538303bceb292cf00000001184e36c792a169ce1770e975@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2237/review/190968792@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2237@github.com>
References: <quicwg/base-drafts/pull/2237@github.com>
Subject: Re: [quicwg/base-drafts] Rework Key Update (#2237)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c3674c7ab960_4a823f95bb0d45b8686915"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: hardie
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1QOeAxQ5nyKe1BHAAs7vqxPdxnLd+Noj+2Y4 I+Hqpp8IKdxlba82l1owyR1VIBbNv4pGGxqst0D9UU5W2u1hd5yeM15VRN3JaqIsgVMFy/uMxd766m L3Y/y1KP2xgnexrgHpNluJVIm8a+e4J8AowaSnJRSpC8BFeWMLkoo5BOqw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/hlfFf4k8SC1VjIy8o9BpxX67opU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2019 22:25:15 -0000
hardie commented on this pull request. > -The KEY_PHASE bit allows a recipient to detect a change in keying material -without necessarily needing to receive the first packet that triggered the -change. An endpoint that notices a changed KEY_PHASE bit can update keys and -decrypt the packet that contains the changed bit. +The low bit of the Key Update field (0x04) is the Key Phase bit. The Key Phase +is used to indicate which packet protection keys are used to protect the packet. +The Key Phase bit is initially set to 0 for the first set of 1-RTT packets. The +Key Phase is toggled to signal each key update. + +The Key Phase bit allows a recipient to detect a change in keying material +without needing to receive the first packet that triggered the change. An +endpoint that notices a changed Key Phase updates keys and decrypts the packet +that contains the changed value. + +The high bit of the Key Update field (0x08) is the Key Update Permitted bit. +Endpoints set this value to 0 until they successfully process a packet with keys As written, this seems to imply that Endpoints must set the value to 1 when they successfully process a packet. I agree with Ian that there will be cases where this is set to 0 and never changed (e.g. when the expected flow size is short). Perhaps this would work instead: "The high bit of the Key Update field (0x08) is the Key Update Permitted bit. Endpoints may set this value to 0 for any reason, forbidding Key Updates. Endpoint MUST NOT set this value to 1 until they successfully process a packet the largest received packet number with keys from the same key phase as they are using. They MAY set it to 1 to indicate key update is permitted at any time after that." -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2237#pullrequestreview-190968792
- [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) ekr
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Marten Seemann
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) hardie
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Nick Banks
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Jana Iyengar
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Kazuho Oku
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Christian Huitema
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Nick Banks
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Nick Banks
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Nick Banks
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Mike Bishop
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Mike Bishop
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Christian Huitema
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Jana Iyengar
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Mike Bishop
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) martinduke
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) martinduke
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson
- Re: [quicwg/base-drafts] Rework Key Update (#2237) Martin Thomson