Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)

Kazuho Oku <> Wed, 30 October 2019 03:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C8E69120052 for <>; Tue, 29 Oct 2019 20:47:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aXT3s7RjAwTc for <>; Tue, 29 Oct 2019 20:47:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 04DF8120273 for <>; Tue, 29 Oct 2019 20:47:10 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B7F3E960393 for <>; Tue, 29 Oct 2019 20:47:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572407228; bh=EihUGSrEGZDyfo+ca7oZ2mSbseehuMoiTHZnMakOGMc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Nw9laqt5kBi87dbEbwEXxpYBKrS4MoWQ3veXAawsFSOaeDXOjxXeEfjaUGxAan8xq DyOf02bteTS75RZaBp9uPSnPl+mqC8FggFAtSXlb6LJK+3pKt9hdzlcUnLxCjT0LWO Q/ae6yxhgApvHJ9SaRNLKfOPgNO3+E06rjUqq0Fs=
Date: Tue, 29 Oct 2019 20:47:08 -0700
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3166/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db907bca8f40_7ea83ff44dccd964839d5"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Oct 2019 03:47:12 -0000

kazuho commented on this pull request.

> +  0-RTT, and Retry packets. This XOR is applied after the packets are encrypted
+  and before they are decrypted.
+* Alternative initial salt; a 16-byte binary blob that is to be used in place of
+  the initial salt defined in section 5.2 of {{QUIC-TLS}}.
+A server advertises these values using a NEW_TOKEN frame {{frame-new-token}}.
+The token MUST include or associated with the alternative version number with
+which it can be used.
+Typically, a server would pre-allocate a set of unused version numbers as the
+alternative version numbers, associating each of those version numbers with a
+packet type modifier chosen at random.  Then, when issuing a token using a
+NEW_TOKEN frame, the server generates the alternative initial salt by calling a
+pseudo-random function, embeds that initial salt into the token which is then
+encrypted, and sends a NEW_TOKEN frame that comprises of the generated token and

Applied in 6158bd9.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: