Re: [quicwg/base-drafts] Rewrite key update section (#3050)

Kazuho Oku <> Fri, 01 November 2019 07:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C31CA120108 for <>; Fri, 1 Nov 2019 00:34:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hTFwCV3WhTyM for <>; Fri, 1 Nov 2019 00:34:07 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DC02712002E for <>; Fri, 1 Nov 2019 00:34:06 -0700 (PDT)
Date: Fri, 01 Nov 2019 00:34:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572593646; bh=uaIKshZPdb/PKDgpN19ZHP8qgtLiUqAM7tsh6zBWqsY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Mbk9UzsIgyQxZ0SNLU93xc/QUvVQ72Vp9Iz256/0gyj5h2tRF4X+cHRMvRocT3782 tP1PJXHEhZOqjF2+u/GPLbnnhFcPHfcSn3XWhsLrBTIsJw/M8q2Z/fnCLLRAwSaNbb IhsAaytr9vOSKMdyT5WzTJw/Pwzu6USCPladhPU4=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3050/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Rewrite key update section (#3050)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dbbdfee3ee31_3ea83fc9258cd95c105787"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Nov 2019 07:34:09 -0000

kazuho requested changes on this pull request.

-The KEY_PHASE bit allows a recipient to detect a change in keying material
-without necessarily needing to receive the first packet that triggered the
-change.  An endpoint that notices a changed KEY_PHASE bit can update keys and
-decrypt the packet that contains the changed bit.
+The Key Phase bit indicates which packet protection keys are used to protect the
+packet.  The Key Phase bit is initially set to 0 for the first set of 1-RTT
+packets and toggled to signal each subsequent key update.

I think that this sentence, along with the sentence stating that "an endpoint MUST NOT initiate a key update prior to having received an acknowledgment for a packet that it sent protected with keys from the current key phase" is introducing a design change.

At the moment, we allow the first key update to be executed when the handshake is confirmed, while prohibiting subsequent key updates happening before receiving an ACK for the preceding key update. That has meant that if an endpoint were to send its first 1-RTT packet after the handshake has been confirmed could send the first 1-RTT packet with the Key Phase bit set to 1. The new text prohibits that.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: