Re: [quicwg/base-drafts] TLS MUST NOT deliver server 1RTT Rx keys until getting Finished (#3173)

Martin Thomson <> Wed, 30 October 2019 23:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9769120168 for <>; Wed, 30 Oct 2019 16:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bstplyUW8kTs for <>; Wed, 30 Oct 2019 16:18:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 49331120018 for <>; Wed, 30 Oct 2019 16:18:36 -0700 (PDT)
Date: Wed, 30 Oct 2019 16:18:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572477515; bh=8fx+E7/sSmA6u00FNGGNYhZa/tI4ejCG6dYWv5Il/mU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=L3wQKvArNy9w2e3Z6EuN3KygoKsrMd9R2BLH9ap/dag5AuAIiQPTob4iAxawPav9B Ucu7+ZZcfOo0m4oSJyPul+ol3V5vLU4K2C3IFGGWZnpD5pA8LuJJmGJYFPrhb7dkxW XTehqLGTOegowXkkJueuQESA68Hiq0/J6QbGpBwU=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3173/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] TLS MUST NOT deliver server 1RTT Rx keys until getting Finished (#3173)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dba1a4b67be5_2e353ff7eaacd95c22025b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 23:18:38 -0000

I like that this class of problem is naturally assumed to require some sort of protocol change.  As I said on #3159, maybe those implementations can fix their bug.

#3174 is a pragmatic sort of fix that would make this an editorial issue.  I'd like that, but it sounds like there is a strong desire to go all nuclear on this.  We should discuss that, or its spectre will haunt us.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: