Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)

Martin Thomson <notifications@github.com> Mon, 09 September 2019 01:19 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 645F4120089 for <quic-issues@ietfa.amsl.com>; Sun, 8 Sep 2019 18:19:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lKqq2D5lRkJJ for <quic-issues@ietfa.amsl.com>; Sun, 8 Sep 2019 18:19:54 -0700 (PDT)
Received: from out-17.smtp.github.com (out-17.smtp.github.com [192.30.252.200]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B4B12004D for <quic-issues@ietf.org>; Sun, 8 Sep 2019 18:19:54 -0700 (PDT)
Date: Sun, 08 Sep 2019 18:19:53 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1567991993; bh=LJywORYMaoz9757YWtyHWpG2WMrsmIGn+baGpu+nW/8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=kuGNyDr9sqmQ3pa66eEUJD3GnwXLKMecn9WqyVwLjZ4nXrbYB1WYjU6PINRzMEdJx Vm7BMIEDgxOOV8FcV0iuTdviLjJlPba/deAYvmJitFWN4zaX4lVwFA8+5Yotc/zKyW V26IUl8f/IoFVJ5+GGw8qjw1iOoSg1VJvcGj01mQ=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK2W4UGPFBAONWFIV7F3QLGSTEVBNHHBXP6EBY@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2878/review/285248757@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2878@github.com>
References: <quicwg/base-drafts/pull/2878@github.com>
Subject: Re: [quicwg/base-drafts] Initial secrets do not change after Retry (#2878)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d75a8b985fbe_3ef3fd1caccd96438158a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/pBMCwbv0TcjI4wb1Zg0H0N1x4rE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 01:19:56 -0000

martinthomson commented on this pull request.



> @@ -805,10 +805,12 @@ The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial
 packets even where the TLS versions offered do not include TLS 1.3.
 
 The secrets used for protecting Initial packets do not change during the
-connection, even though the destination connection ID in client Initial packets
-changes after receiving a Retry.  A server that sends a Retry
-therefore needs to either remember the original connection ID
-or save the original connection ID in the Retry token.
+connection, even though the destination connection ID in client Initial
+packets changes after receiving a Retry.  A server that sends a Retry
+therefore needs to either remember the original connection ID or save
+the original connection ID in the Retry token.  Because the initial
+connection ID is included in the server's transport parameters, the only
+difference is when in the packet processing this connection ID is utilized.

This reads like justification for a change, rather than static text.  How about:

> The initial connection ID is needed by a server to reconstruct packet protection keys and so that it can produce the correct value for the original_connection_id transport parameter.

And are we using "initial" or "original" here?  I went with original on the basis that it distinguished this from Initial packets, but it's not clear to be that that distinction is necessary, or even a good idea.  After all, this connection ID is what is driving packet protection for those packets; the linkage might be useful.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2878#pullrequestreview-285248757