Re: [quicwg/base-drafts] Output of the discard keys design team (#2673)

David Schinazi <> Wed, 08 May 2019 00:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2F3531201D1 for <>; Tue, 7 May 2019 17:14:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.393
X-Spam-Status: No, score=-6.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HUywAUXOmI26 for <>; Tue, 7 May 2019 17:14:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 812F412006E for <>; Tue, 7 May 2019 17:14:12 -0700 (PDT)
Date: Tue, 07 May 2019 17:14:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1557274451; bh=BsltGhaw/KqQSRZSLkP3ODHaTFl2mYzFvkkxiTWILfM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=kk8GZfusSe+/VLfGd+vkmStVttmil0/2GPb8Ks32c1Tvpb8FIk8z06GdUiiWIoWvm gBXgYWaAsnEjgjvdj1JlLpK80BRFJMIPFVAKNmqSlNh78Qe0yPdZ3U7Ss61EEKZGf2 VDiO6rP97+WsxPWxUkaK4fPe6+H0gCLrSBTxeeoc=
From: David Schinazi <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2673/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Output of the discard keys design team (#2673)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cd21f539af94_1f783fb0bf4cd95c1400c7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 May 2019 00:14:14 -0000

DavidSchinazi commented on this pull request.

> -Section 4.2.11 of {{!TLS13}}).  Verifying these values provides the server with
-an assurance that the ClientHello has not been modified.  Packets protected with
+Even though 1-RTT keys are available to a server after receiving the first
+handshake messages from a client, it is missing assurances on the state of the
+- The client is not authenticated (unless the server has chosen to use a
+pre-shared key and validated the client's pre-shared key binder (see
+Section 4.2.11 of [TLS13]).
+- The client has not demonstrated liveness.
+- Any received 0-RTT data that the server responds to might be due to a replay
+Therefore, the server's use of 1-RTT keys is limited before the handshake is
+complete.  A server MUST NOT process data from incoming 1-RTT
+protected packets before the TLS handshake is complete.  Note that, since


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: