Initial and Handshake keys are discarded early

quicwg · Jan 8, 2021 · 747f2df · 747f2df
1 parent 27828ea
commit 747f2df
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/draft-ietf-quic-recovery.md b/draft-ietf-quic-recovery.md
@@ -785,10 +785,10 @@ If a server accepts 0-RTT, but does not buffer 0-RTT packets that arrive
 before Initial packets, early 0-RTT packets will be declared lost, but that
 is expected to be infrequent.
 
-It is expected that keys are discarded after all packets encrypted with them would
-be acknowledged or declared lost.  However, Initial secrets are discarded as
-soon as handshake keys are proven to be available to both client and server;
-see Section 4.9.1 of {{QUIC-TLS}}.
+It is expected that keys are discarded after packets encrypted with them would
+be acknowledged or declared lost.  However, Initial and Handshake secrets are
+discarded as soon as handshake and 1-RTT keys are proven to be available to both
+client and server; see Section 4.9.1 of {{QUIC-TLS}}.
 
 # Congestion Control {#congestion-control}