Re: [quicwg/base-drafts] Server should not accept 1-RTT traffic before handshake completion (#3159)

Christian Huitema <> Wed, 06 November 2019 00:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E0E211200E9 for <>; Tue, 5 Nov 2019 16:23:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id d1Jg2LMCAgyY for <>; Tue, 5 Nov 2019 16:23:35 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 814CD1200C3 for <>; Tue, 5 Nov 2019 16:23:35 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id A28E01C1601 for <>; Tue, 5 Nov 2019 16:23:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572999814; bh=kRDrdjsJBFlTUlerQ5yQUB2CzapB/29K5n8RBqYb+ig=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZdOX1Od5dOu5T84Yji6/AqswWBakcsqtt6iH3hMCLQwkte98gPVPt/1HDT0Qwy+Pz UQZqIllGgJ+EbEQni4mlgEbruZVbWptcULamWqsPXFgnwv+eDSOMTWJivgyFphDawV 0BNdFS/YdHBUkpzCE6YlW+dV/bXqNskUR3Qvr4qA=
Date: Tue, 05 Nov 2019 16:23:34 -0800
From: Christian Huitema <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3159/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Server should not accept 1-RTT traffic before handshake completion (#3159)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dc2128693ac8_4db73fb709ecd95c2995b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Nov 2019 00:23:37 -0000

This feels like a great idea for Quic V2. Instead of just having 0-RTT and 1-RTT packets, also define 0.5-RTT packets that the sender can emit before the handshake is complete. (Or maybe call them sender side 0-RTT.) Use different key derivations for 0.5-RTT and for 1-RTT, and make the 1RTT key dependent on some nonce carried with the client finished message. Add parameters somewhere (TLS or Quic TP) explaining whether the client will accept 0.5RTT packets or discard them. 

But no, not today please, not when we are finishing V1. For V1, we should just stick with the spec we have.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: