Roman Danyliw's No Objection on draft-ietf-quic-tls-33: (with COMMENT)

Roman Danyliw via Datatracker <> Tue, 05 January 2021 22:38 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 5ACA23A0AF8; Tue, 5 Jan 2021 14:38:55 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <>
To: The IESG <>
Subject: Roman Danyliw's No Objection on draft-ietf-quic-tls-33: (with COMMENT)
X-Test-IDTracker: no
X-IETF-IDTracker: 7.24.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <>
Message-ID: <>
Date: Tue, 05 Jan 2021 14:38:55 -0800
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Jan 2021 22:38:55 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-quic-tls-33: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Thank you to Radia Perlman for the SECDIR review and the ensuing discussion
about this review.

Two areas of recommended clarity:

** Section 4.  Recommend a bit more text up front describing the notion of
“encryption levels”.  This section first introduces the concept by noting that
“Those frames are packaged into QUIC packets and encrypted under the current
TLS encryption level”.  Later in Section 4.1.3, it is noted that “Four
encryption levels are used, producing keys for Initial, 0-RTT, Handshake, and
1-RTT packets” which makes these “levels” seem only like categories.  In
describing specific processing there is text such as “When TLS provides keys
for a higher encryption level …” which now describes a relatively ordering
perhaps with something have having or less.  I might be helpful to include an
early narrative on what “higher” and “lower” and encryption “levels” means and
how level changes occur (i.e., explicitly linking them to changes in the QUIC
state machine).

** Section 4.4.  Per the peer authentication text, should it be acknowledged
that due the general-purpose nature of the protocol, peer validation practices
may will need to be further defined by applications?