Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)

Kazuho Oku <> Wed, 30 October 2019 03:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B04F3120288 for <>; Tue, 29 Oct 2019 20:45:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dFn6wvoZG30F for <>; Tue, 29 Oct 2019 20:45:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C54E6120821 for <>; Tue, 29 Oct 2019 20:45:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 378D1120105 for <>; Tue, 29 Oct 2019 20:45:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572407154; bh=oY0LR+1ObgSqahvUe0vCTzjl9KvWi8S29jaFZTBc590=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OaZ4AMXgDD6JI2Q/0xJzhqpnz9+R/FSW/fv2loiH4jXUGkQzUezmgLRp0+CEj6L20 iVbf7h1AQSx3jbFdpp87x6AyJNCFrB09RqSwAye9nRYuteHXU8Z4k1oZZJccF5wK+W XPVWL/7hMUGvCKgx1zLYohqXOofe8D3cAU4aiM2Y=
Date: Tue, 29 Oct 2019 20:45:53 -0700
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3166/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db90771e708c_7d0a3fec888cd96c3697"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 03:45:57 -0000

kazuho commented on this pull request.

> +  0-RTT, and Retry packets. This XOR is applied after the packets are encrypted
+  and before they are decrypted.
+* Alternative initial salt; a 16-byte binary blob that is to be used in place of
+  the initial salt defined in section 5.2 of {{QUIC-TLS}}.
+A server advertises these values using a NEW_TOKEN frame {{frame-new-token}}.
+The token MUST include or associated with the alternative version number with
+which it can be used.
+Typically, a server would pre-allocate a set of unused version numbers as the
+alternative version numbers, associating each of those version numbers with a
+packet type modifier chosen at random.  Then, when issuing a token using a
+NEW_TOKEN frame, the server generates the alternative initial salt by calling a
+pseudo-random function, embeds that initial salt into the token which is then
+encrypted, and sends a NEW_TOKEN frame that comprises of the generated token and

Thanks. Makes sense. Adopted in d16700d.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: