Re: [quicwg/base-drafts] Remove handshake confirmed test for KeyUpdate (#3212)

Martin Thomson <> Thu, 28 November 2019 01:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 941C3120B24 for <>; Wed, 27 Nov 2019 17:23:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AWoC2obxtELM for <>; Wed, 27 Nov 2019 17:23:08 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D0DE6120B20 for <>; Wed, 27 Nov 2019 17:23:07 -0800 (PST)
Date: Wed, 27 Nov 2019 17:23:06 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1574904186; bh=3rqV0tRIz6TUKJEa9duAR8H3yJDmlDoKrM2JXvhLUhU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=kKpxPBJDya6eRdnVhwUNMEFdzY5oUU2950YKmcLRgNVbltEL9k/Zn300MNPDXJZVp M1HQRiUVqkVQIa3UfEaDouneSaJcc4sVYi8Nxrm921ITTZNDwqNzAncCfLOGmrv1AE gR0dn4doKOFSKCJbXxCb2VMuSCBbaILi0TvCq4MQ=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3212/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Remove handshake confirmed test for KeyUpdate (#3212)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ddf217aca09d_114a3fbe680cd968690128"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Nov 2019 01:23:09 -0000

@ekr, I took another look at this and reviewed [the minutes](  I think that the outcome is no change.

> An endpoint MUST NOT initiate a key update prior to having confirmed
the handshake (Section 4.1.2). An endpoint MUST NOT initiate a
subsequent key update prior unless it has received an acknowledgment
for a packet that was sent protected with keys from the current key

The first sentence talks about the first key update.  While we all agree that this is a stricter restriction than absolutely necessary, the definition we agreed for "confirmed" (with `HANDSHAKE_DONE`) is now distinct enough to warrant the special text in that case.  As long as we are OK with that outcome, I don't think that this needs to change (@kazuho certainly argued for some way to hold the first key update back, which I think was derived from not wanting too many keys active at the same time).

If we wanted to allow more aggressive updates, then I would propose the most aggressive option:

> An endpoint MAY initiate the first key update immediately after 1-RTT keys are available.  For the first key update, as a receiver has no difficulty distinguishing between the first two sets of 1-RTT packet protection keys, endpoints can trigger a key update with the first 1-RTT packets they send.

The second sentence uses the word "subsequent" and so applies to all other key updates.  That doesn't need to change.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: