Re: [quicwg/base-drafts] Add retry integrity tag (#3120)

Kazuho Oku <> Sun, 19 January 2020 02:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4A14E12003E for <>; Sat, 18 Jan 2020 18:20:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6Zps1dl2lC-3 for <>; Sat, 18 Jan 2020 18:20:00 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C9706120025 for <>; Sat, 18 Jan 2020 18:19:59 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E30F72C0E98 for <>; Sat, 18 Jan 2020 18:19:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1579400398; bh=cNjTyizedbVfuGNY5W43fPG0Y/VL1QOtasEqBs7Yadw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=eQ0IUffbaq6ggScjMg66jhCZqE03Ut/aA7VIf3nafNsDiiTgf5w1cQjcmzrPlWlkB I0w7OH3G9mFwdGqlBwmy92G7bDtDxm/XG7iFdV3QwyjEh0bUKEYR7NMJPpSHpHySNY 4wBntN1dGTlW46GUnYRjxuz3ttfOs/heqWp2J0Wo=
Date: Sat, 18 Jan 2020 18:19:58 -0800
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3120/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add retry integrity tag (#3120)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e23bcced238b_1ee3fca856cd95c2463e7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 19 Jan 2020 02:20:02 -0000

PS. Though I understand your concern that not every TLS stack exposes direct access to AES-GCM.

If it is the case that the API we can assume our TLS stack to provide is a function that takes (AEAD algorithm, hash algorithm, secret, label prefix) as the input, then we should better specify those rather than specifying the AES key and IV directly.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: