Re: [quicwg/base-drafts] Rework Key Update (#2237)

Martin Thomson <> Wed, 20 March 2019 21:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 01B5112796D for <>; Wed, 20 Mar 2019 14:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.597
X-Spam-Status: No, score=-6.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AJw_PMpcwUP2 for <>; Wed, 20 Mar 2019 14:05:51 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 39941124BF6 for <>; Wed, 20 Mar 2019 14:05:51 -0700 (PDT)
Date: Wed, 20 Mar 2019 14:05:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1553115950; bh=cc9VCpeJQlHi/pLcndafNuXw/sID9FNR2MsIJcp2Kq4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=H2O8wowB3DjHr1MOSJV2yLuYULo6dLsQ5ocf4s/X61LAmFIxbrQuAc5FXX7pTJJFm uPw1nDiVxDaqs9SZ7haoh0Q9GRNUeSEg2v6oS0LlsqLylQM4TofxF3OfoDnUIGJekF ZriBCIGa8Z2u3+eicaRKC0Gn9iKTr3j87BMuDuIw=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2237/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Rework Key Update (#2237)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c92ab2e53bd3_11fe3f889f4d45c437968c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Mar 2019 21:05:53 -0000

It is true that we separate keys, and not secrets, but the change to the update label is a more pragmatic one.  You don't want to have a situation where TLS key updates and QUIC key updates end up mixed.  Yes, you can't trigger TLS key updates in QUIC, but how else would you get the TLS secrets to roll over.

Mostly, that change was to ensure that the process for updating secrets was documented.  When reading the current drafts, I challenge you to find where it says what to do.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: