Re: [quicwg/base-drafts] Minor TLS draft editorial corrections (#2446)

Martin Thomson <> Mon, 11 February 2019 00:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ACD35130E13 for <>; Sun, 10 Feb 2019 16:32:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4hZg60GMnQ9C for <>; Sun, 10 Feb 2019 16:32:12 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CB5AE130DD3 for <>; Sun, 10 Feb 2019 16:32:11 -0800 (PST)
Date: Sun, 10 Feb 2019 16:32:10 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1549845130; bh=jKm+PgAiZ8G4NFsaEBUkm1OZ1ZoTLh3ANL+YrCEhb7M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=jj6cZeXMlVr0n4lD3IEt0IIyZE8DmnwyJ0iux89pFTUuvhFuDiTo4H8z7whs8qUnM NdcuuS6Rw+AuUYoBaSYP61MA48VYoz1basx0aHMcmy8zBd4D0tal8GVNx4oBrmRUcq UaNUmjk2D5+sWCb5ah0JMtZXpUw7zBmTlA29A81g=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2446/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Minor TLS draft editorial corrections (#2446)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c60c28a8e119_132f3fa2800d45b44728a4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Feb 2019 00:32:14 -0000

martinthomson requested changes on this pull request.

> @@ -269,7 +271,7 @@ At a high level, there are two main interactions between the TLS and QUIC
 * The TLS component sends and receives messages via the QUIC component, with
-  QUIC providing a reliable stream abstraction to TLS.
+  QUIC providing a reliable stream and record abstraction to TLS.

The separation of CRYPTO into different spaces doesn't really result in a record-like abstraction.

>                       1-RTT --------------->
                                               Handshake Received
                                           Rekey rx to 1-RTT keys
-                                                   Get Handshake

This bit (and the next) need to remain for NewSessionTicket.

Do you think that it would help to identify which TLS messages are being sent and received here?

> @@ -216,10 +216,12 @@ Note that this omits the EndOfEarlyData message, which is not used in QUIC (see
 Data is protected using a number of encryption levels:
-- Plaintext
-- Early Data (0-RTT) Keys
-- Handshake Keys
-- Application Data (1-RTT) Keys
+- Initial Keys can be derived by any observer, and so they do not
+  provide cryptographic protection or authentication.
+- Early Data (0-RTT) Keys. These keys are not forward-secure and must protect
+  only idempotent data.
+- Handshake Keys do not authenticate either endpoint.
+- Application Data (1-RTT) Keys provide full authentication and encryption.

I tend to agree with @mikkelfj here.  The short names are easier to get at without the extra text.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: