Merge branch 'master' into pr2280

quicwg · Feb 5, 2019 · 8b53c94 · 8b53c94
2 parents d291c75 + 0d554c6
commit 8b53c94
Show file tree

Hide file tree

Showing 9 changed files with 983 additions and 749 deletions.
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,14 @@
+categories:
+  - title: Transport
+    label: -transport
+  - title: Recovery
+    label: -recovery
+  - title: TLS
+    label: -tls
+  - title: HTTP/3
+    label: -http
+change-template: - $TITLE (#$NUMBER)
+template: |
+  ## What’s Changed
+
+  $CHANGES
diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md
diff --git a/draft-ietf-quic-invariants.md b/draft-ietf-quic-invariants.md
@@ -16,7 +16,7 @@ author:
     ins: M. Thomson
     name: Martin Thomson
     org: Mozilla
-    email: martin.thomson@gmail.com
+    email: mt@lowentropy.net
 
 normative:
 

diff --git a/draft-ietf-quic-qpack.md b/draft-ietf-quic-qpack.md
diff --git a/draft-ietf-quic-recovery.md b/draft-ietf-quic-recovery.md
diff --git a/draft-ietf-quic-spin-exp.md b/draft-ietf-quic-spin-exp.md
@@ -130,31 +130,25 @@ version negotiation and connection establishment are completed.
 
 ## Proposed Short Header Format Including Spin Bit {#header}
 
-As of the current editor's version of {{QUIC-TRANSPORT}}, this proposal
-specifies using the sixth most significant bit (0x04) of the first byte in
-the short header for the spin bit.
-
-~~~~~
+{{QUIC-TRANSPORT}} specifies using the third most significant bit of the first
+byte in the short header for the spin bit (0x20, labeled S in
+{{fig-short-header}}). The Spin bit is set 0 or 1 depending on the stored spin
+value that is updated on packet reception as explained in {{spinbit}}.
 
+~~~
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+
-|0|K|1|1|0|S|R R|
+|0|1|S|R|R|K|P P|
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                Destination Connection ID (0..144)           ...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|                      Packet Number (8/16/32)                ...
+|                     Packet Number (8/16/24/32)              ...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                     Protected Payload (*)                   ...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
 ~~~~~
-{: #fig-short-header title="Short Header Format including proposed Spin Bit"}
-
-S: The Spin bit is set 0 or 1 depending on the stored spin value that is
-updated on packet reception as explained in {{spinbit}}.
-
-R: Two additional bits are reserved for experimentation in the short header.
+{: #fig-short-header title="Short Header Packet Format"}
 
 ## Setting the Spin Bit on Outgoing Packets {#spinbit}
 

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
@@ -16,7 +16,7 @@ author:
     ins: M. Thomson
     name: Martin Thomson
     org: Mozilla
-    email: martin.thomson@gmail.com
+    email: mt@lowentropy.net
     role: editor
   -
     ins: S. Turner
@@ -743,14 +743,14 @@ based on the client's initial Destination Connection ID, as described in
 
 The keys used for packet protection are computed from the TLS secrets using the
 KDF provided by TLS.  In TLS 1.3, the HKDF-Expand-Label function described in
-Section 7.1 of {{!TLS13}}) is used, using the hash function from the negotiated
+Section 7.1 of {{!TLS13}} is used, using the hash function from the negotiated
 cipher suite.  Other versions of TLS MUST provide a similar function in order to
 be used QUIC.
 
 The current encryption level secret and the label "quic key" are input to the
 KDF to produce the AEAD key; the label "quic iv" is used to derive the IV, see
 {{aead}}.  The header protection key uses the "quic hp" label, see
-{{header-protect}}).  Using these labels provides key separation between QUIC
+{{header-protect}}.  Using these labels provides key separation between QUIC
 and TLS, see {{key-diversity}}.
 
 The KDF used for initial secrets is always the HKDF-Expand-Label function from
@@ -818,8 +818,8 @@ packet protection, an endpoint first removes the header protection.
 
 All QUIC packets other than Version Negotiation and Retry packets are protected
 with an AEAD algorithm {{!AEAD}}. Prior to establishing a shared secret, packets
-are protected with AEAD_AES_128_GCM and a key derived from the destination
-connection ID in the client's first Initial packet (see {{initial-secrets}}).
+are protected with AEAD_AES_128_GCM and a key derived from the Destination
+Connection ID in the client's first Initial packet (see {{initial-secrets}}).
 This provides protection against off-path attackers and robustness against QUIC
 version unaware middleboxes, but not against on-path attackers.
 
@@ -1601,6 +1601,13 @@ cb54df7884
 Issue and pull request numbers are listed with a leading octothorp.
 
 
+## Since draft-ietf-quic-tls-17
+
+- Endpoints discard initial keys as soon as handshake keys are available (#1951,
+  #2045)
+- Use of ALPN or equivalent is mandatory (#2263, #2284)
+
+
 ## Since draft-ietf-quic-tls-14
 
 - Update the salt used for Initial secrets (#1970)