Re: Salt updates without version change
Matt Joras <matt.joras@gmail.com> Thu, 06 July 2023 19:27 UTC
Return-Path: <matt.joras@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED9FC137395 for <quic@ietfa.amsl.com>; Thu, 6 Jul 2023 12:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5kRV6kyU2L-5 for <quic@ietfa.amsl.com>; Thu, 6 Jul 2023 12:27:38 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F13A2C13738A for <quic@ietf.org>; Thu, 6 Jul 2023 12:27:37 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-992f6d7c7fbso137967366b.3; Thu, 06 Jul 2023 12:27:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688671656; x=1691263656; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CHf+l6xRH1emhWhHU/PPDYMy9f1dMHPF/5dQBOdyuuc=; b=PwYtXwsEtpMVyQmfzCxywzRcN5n9I4Pxpv82iVx7t5NUjQlUNsa9/HIhCqLGdZqJEg gGrP97ki4/Sh1bhLelSSKmWqdukxIqaKn51Aal3JMQBbk73Gh9au2+2DGyo5jfff7DKN BHLOQPx7CozOL4FsG+Gfg5AvNHJuNr7UQ/ca0Tke40gCN5CvDhAXBjwVHl4nQczK+zSq B2So53I5JD9wYWpQ6tYwZHrhFrS1po74Ke26yKXOyGszR+eGN70hBEjdGivoAXTRslPK JqbPXKRqKS+GtOfSrXUE1P8ff+UBZYo8AO0KMJKZGg9cM8hH+6qvLdQErnBv7StPmdfY ZRSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688671656; x=1691263656; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CHf+l6xRH1emhWhHU/PPDYMy9f1dMHPF/5dQBOdyuuc=; b=Aapb3wb5FDBA/29NbkWI0tXDz2ECDifAG9MK1htZmrpL1Q96LRLJCKsVuPAWykn2at jSIRF2O5g8Rf2o13GJkezkmEt6tkegOaNbBML6JziDMs075opfuHNtmp5PJljluvaWCr E6GxwATXBvv5ZfzNbV/rovoIhf3ll+Id60comLd/U4v5wKTKLWvflxviD0GKUqZRiJTe FzW6VjO7xwHhgNM7uunPpee86iZc9Op8pBGd3xoDT/K1ejy0p5rGcLZqer3xXYsIh/OY +f4N0ZLcxaeKUU+jkIxjcco6FUFs0iWzpWYytd8oMokT7+2lclEdoMSqTkt1SulhAW3A 4Fyw==
X-Gm-Message-State: ABy/qLbapuU9gPVtec5Dkm2a580iuMQ+gQ6rGk+DjyXtMYRiBZwyC69a Cvr4u9kkQXMlM6p3fyhZ2uf7IiDZKdl8nQUI2M8=
X-Google-Smtp-Source: APBJJlHRhpx7e2jHXBVDffhf+9tUBRtNb1zbpHbI68t/kJLkq1S1GOPX4qNLhcjZI7SN1hECM4inhJkD1x/O3h4mAZ8=
X-Received: by 2002:a17:906:4bd2:b0:98e:3cef:68ff with SMTP id x18-20020a1709064bd200b0098e3cef68ffmr1974106ejv.43.1688671655786; Thu, 06 Jul 2023 12:27:35 -0700 (PDT)
MIME-Version: 1.0
References: <CA+SyaVsq3wJprC8Kod=+EF1_Sy68i3sgQJ5acGc=KTYCnk-Srg@mail.gmail.com>
In-Reply-To: <CA+SyaVsq3wJprC8Kod=+EF1_Sy68i3sgQJ5acGc=KTYCnk-Srg@mail.gmail.com>
From: Matt Joras <matt.joras@gmail.com>
Date: Thu, 06 Jul 2023 12:27:23 -0700
Message-ID: <CADdTf+h+q4mN_=0Y6aTioKZP8x_zHqptOij65VFrTGxXdWREdQ@mail.gmail.com>
Subject: Re: Salt updates without version change
To: Kaushal Bhandankar <kaushalgoa@gmail.com>
Cc: quic@ietf.org, draft-ietf-quic-transport@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002f7ff105ffd68277"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/o-OY90CepSN785B_npu1c0UOiaI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2023 19:27:38 -0000
This sort of depends on what you mean by "possible". If you have a client and server that both agree to use the same salt across multiple versions, then it will work. The version is not used as an input to the key derivation. That said, in practice for all documented "standard" versions we would almost certainly always rotate the salt across versions. Matt Joras On Thu, Jul 6, 2023 at 12:23 PM Kaushal Bhandankar <kaushalgoa@gmail.com> wrote: > Hi, > I want to know if it is possible that the *initial_salt *is changed for a > version without changing the version field. > > From the data below, that is NOT the case and everytime the salt is > changed, the version is also changed. > > https://datatracker.ietf.org/doc/html/draft-ietf-quic-tls-29 > Version = 0xff00001d > initial_salt = 0xafbfec289993d24c9e9786f19c6111e04390a899 > > https://datatracker.ietf.org/doc/html/rfc9001 > Version = 0x00000001 > initial_salt = 0x38762cf7f55934b34d179ae6a4c80cadccbb7f0a > > https://datatracker.ietf.org/doc/draft-ietf-quic-v2/07/ > Version = 0x709a50c4 > initial_salt = 0xa707c203a59b47184a1d62ca570406ea7ae3e5d3 > > https://datatracker.ietf.org/doc/draft-ietf-quic-v2/08/ > Version = 0x6b3343cf > initial_salt = 0x0dede3def700a6db819381be6e269dcbf9bd2ed9 > > https://datatracker.ietf.org/doc/rfc9369/ > Version = 0x6b3343cf > initial_salt = 0x0dede3def700a6db819381be6e269dcbf9bd2ed9 > > > Regards, > Kaushal >
- Salt updates without version change Kaushal Bhandankar
- Re: Salt updates without version change Matt Joras