Re: [quicwg/base-drafts] Add retry integrity tag (#3120)

Kazuho Oku <> Wed, 30 October 2019 23:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 476DF120986 for <>; Wed, 30 Oct 2019 16:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TtJJF12r-Rbv for <>; Wed, 30 Oct 2019 16:33:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D94C31209F5 for <>; Wed, 30 Oct 2019 16:33:02 -0700 (PDT)
Date: Wed, 30 Oct 2019 16:33:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572478382; bh=iouT1R4TF8W0hNirBz06CDGwtqjnU3hRWaGA/T1jIzA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=QVUvVxk0sSnssYFuHLsEqi3wC9EVj9+ITbgCWTYgJPfBxiMNvNpY2GezoO5ccxN+e VO2HEyo9knKLZYCamPDFkQ9BBXd7bh95BZ8ZvAUtBtiZH56PyTKFmIiXLIne3LhScV 6KBEJVmOzGoafJxDvECbjeGloFPhAfabbQgVPWcw=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3120/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add retry integrity tag (#3120)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dba1dae34e2b_117d3f817f0cd95c574119"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 23:33:07 -0000

> encrypting using AES-GCM with an all-zero key and all-zero nonce is just a XOR operation between a known string and the cleartext so the performance cost is very low.

Oh I see what you mean. That's a keen observation. Though, I think that observation also shows the reason some of us thought use of encryption to be beneficial to be pointless.

IIUC, suggested using encryption, because it would prevent implementations from using the token without checking the tag. The assumption behind is that AEAD-decryption is going to be an atomic operation.

But as you point out, in this particular case, there is a interesting optimization where endpoints can have a pre-built XOR vector, and just do GCM.

Doesn't that reduce the motivation to use encryption, as it is a complexity to apply XOR?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: