Re: [quicwg/base-drafts] Add retry integrity tag (#3120)

David Schinazi <> Wed, 20 November 2019 03:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CB11E1201E0 for <>; Tue, 19 Nov 2019 19:17:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LK0JlGwjBhBc for <>; Tue, 19 Nov 2019 19:17:12 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 54F1512002E for <>; Tue, 19 Nov 2019 19:17:12 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id AE9036E1272 for <>; Tue, 19 Nov 2019 19:17:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1574219831; bh=WV9DgmnyFYoeHLzw7JHY+ZGRceOJ3LlucQ44Nd5blaw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HqO8igUOd4T3gm74YfVWarnjWZetszfwcljlNrISfx910/sxgqE7vbyVbAnHZ0mrS mOyHbKSk53TOKYMicaV7XeeDu+Ehn2mKAO0xqOMZ3jwaqigL2vN3GUxhp0RR8pvdMw nSz9mWWv9bfTZxMjVlWpt1tVaJlTMFi1k55Lz0LI=
Date: Tue, 19 Nov 2019 19:17:11 -0800
From: David Schinazi <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3120/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add retry integrity tag (#3120)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dd4b0379fa22_4c033f87adecd9603247d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Nov 2019 03:17:14 -0000

I've made this a separate random key to avoid the HKDF. @ekr I hope this addresses point (1).

Regarding point (2) I don't care either way but if we were to use a connection ID as the nonce I would use the original destination connection ID since that's not sent over the wire but required to be known by endpoints.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: