Re: [quicwg/base-drafts] Discard Initial keys as soon as possible (#2045)

MikkelFJ <> Sat, 24 November 2018 21:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C294312D4EB for <>; Sat, 24 Nov 2018 13:29:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zai11so4QVYn for <>; Sat, 24 Nov 2018 13:29:12 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 31E65127332 for <>; Sat, 24 Nov 2018 13:29:12 -0800 (PST)
Date: Sat, 24 Nov 2018 13:29:11 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1543094951; bh=Pqm8XBYiet5eBgrP1D5Z6m+1YDbAusUWPBUui6TYrK8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=DtpTd3oql3wA7X5cnWtC2oq8icIdrXTsRHRrrlKToL5nO2yb9RKoYdtKc9b4W1EJp Km3nf0WQ2+gBg9T4QB3HLjQ4FA+Hg2YrDawAdZDMW2mI1hIKFyYXSykDEiBpi8IqRj T5hy2Q56YLC6DSqUEsCgql/3t9X1kZpW7dpN0pJA=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2045/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Discard Initial keys as soon as possible (#2045)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf9c2a7614c4_32073feae5ed45bc7867f6"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 24 Nov 2018 21:29:14 -0000

mikkelfj commented on this pull request.

> @@ -691,6 +692,24 @@ will be marked as lost before this, as they leave a gap in the sequence of
 packet numbers.
+## Discarding Initial Keys {#discard-initial}
+Packets protected with Initial secrets ({{initial-secrets}}) are not
+authenticated, meaning that an attacker could spoof packets with the intent to
+disrupt a connection.  To limit these attacks, Initial packet protection keys
+can be discarded more aggressively than other keys.
+The successful use of Handshake packets indicates that no more Initial packets
+need to be exchanged, as these keys can only be produced after receiving all
+CRYPTO frames from Initial packets.  Thus, a client MUST discard Initial keys
+when it first sends a Handshake packet and a server MUST discard Initial keys
+when it first successfully processes a Handshake packet.  Endpoints MUST NOT
+send Initial packets after this point.

Just for the perspective, attackers with observation powers are very very real. Aside from intelligence service taps, there is also infiltration. Even if you don't control the path, you migt sit on the same LAN because another machine was easier to infect.

This is a good read:

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: