Re: [quicwg/base-drafts] Separate key/secret availability from usage (#1654)

Martin Thomson <notifications@github.com> Tue, 14 August 2018 00:19 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A64F7131100 for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 17:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVe--CaDXrK5 for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 17:19:16 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 270FE128CF2 for <quic-issues@ietf.org>; Mon, 13 Aug 2018 17:19:16 -0700 (PDT)
Date: Mon, 13 Aug 2018 17:19:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1534205955; bh=b4d3xF7djnmdWlq+NpAm4jrYnNVZQiNOkuhVTt8brH0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=k9jF5hDRWhcKl8TT716RwXqsmJvJKOjaeI415dkniM31IOLPZMeDvbVAAmxtb1RrD 5GL1mQIFo37PB/3ZXWuBFcNZrm3JjvFbmU2voDWTvjMC3iCi5qpsrK1pNqwXnBf5Xz oIhLxxyriElmN4Z2f2SArSJptQAKaR3kL6XxNfE8=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab6fd8896452e9a783fb1e1152aa3f8589c7463e2492cf000000011789e20392a169ce14db09b1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1654/review/145881546@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1654@github.com>
References: <quicwg/base-drafts/pull/1654@github.com>
Subject: Re: [quicwg/base-drafts] Separate key/secret availability from usage (#1654)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b7220034551a_43503ff1c10be62086696"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/zFCvOygOmqoAxoFXUZbCH9Jjd10>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2018 00:19:19 -0000

martinthomson commented on this pull request.



> -CRYPTO frame in Handshake encryption) may send STREAM data (in 1-RTT
-encryption). However, if the Finished is lost, the client would have to
-retransmit the Finished, in which case it would use Handshake encryption.
-
+Although TLS only uses one encryption level at a time, QUIC may use more than
+one level. For instance, after sending its Finished message (using a CRYPTO
+frame at the Handshake encryption level) an endpoint can send STREAM data (in
+1-RTT encryption). If the Finished message is lost, the endpoint uses the
+Handshake encryption level to retransmit the lost message.
+
+In particular, server implementations need to be able to read packets at the
+Handshake encryption level before the final TLS handshake message at the 0-RTT
+encryption level (EndOfEarlyData) is available.  Though the content of CRYPTO
+frames at the Handshake encryption level cannot be forwarded to TLS before
+EndOfEarlyData is processed, the client could send ACK frames that the server
+needs to process in order to detect lost Handshake packets.
 

Encryption levels are strictly ordered, so isn't it possible that QUIC can guarantee ordering in what it delivers to TLS?

The point you are making is well taken though; packets might arrive out of order and QUIC is responsible for ensuring that they are delivered to TLS in the correct order.

Take a look at the text I've added.  I think that hammers the point home hard enough.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1654#discussion_r209797878