Script updating gh-pages from 53dc234. [ci skip]

quicwg · May 14, 2020 · 992140d · 992140d
1 parent 3620cee
commit 992140d
Show file tree

Hide file tree

Showing 5 changed files with 2,346 additions and 2,260 deletions.
diff --git a/draft-ietf-quic-tls.html b/draft-ietf-quic-tls.html
@@ -1084,7 +1084,7 @@ <h2 id="name-copyright-notice">
             <p id="section-toc.1-1.7.1"><a href="#section-7" class="xref">7</a>.  <a href="#name-security-of-initial-message" class="xref">Security of Initial Messages</a><a href="#section-toc.1-1.7.1" class="pilcrow">¶</a></p>
 </li>
 <li class="toc ulEmpty" id="section-toc.1-1.8">
-            <p id="section-toc.1-1.8.1"><a href="#section-8" class="xref">8</a>.  <a href="#name-quic-specific-additions-to-" class="xref">QUIC-Specific Additions to the TLS Handshake</a><a href="#section-toc.1-1.8.1" class="pilcrow">¶</a></p>
+            <p id="section-toc.1-1.8.1"><a href="#section-8" class="xref">8</a>.  <a href="#name-quic-specific-adjustments-t" class="xref">QUIC-Specific Adjustments to the TLS Handshake</a><a href="#section-toc.1-1.8.1" class="pilcrow">¶</a></p>
 <ul class="toc ulEmpty">
 <li class="toc ulEmpty" id="section-toc.1-1.8.2.1">
                 <p id="section-toc.1-1.8.2.1.1"><a href="#section-8.1" class="xref">8.1</a>.  <a href="#name-protocol-negotiation" class="xref">Protocol Negotiation</a><a href="#section-toc.1-1.8.2.1.1" class="pilcrow">¶</a></p>
@@ -1095,6 +1095,9 @@ <h2 id="name-copyright-notice">
 <li class="toc ulEmpty" id="section-toc.1-1.8.2.3">
                 <p id="section-toc.1-1.8.2.3.1"><a href="#section-8.3" class="xref">8.3</a>.  <a href="#name-removing-the-endofearlydata" class="xref">Removing the EndOfEarlyData Message</a><a href="#section-toc.1-1.8.2.3.1" class="pilcrow">¶</a></p>
 </li>
+<li class="toc ulEmpty" id="section-toc.1-1.8.2.4">
+                <p id="section-toc.1-1.8.2.4.1"><a href="#section-8.4" class="xref">8.4</a>.  <a href="#name-prohibit-tls-middlebox-comp" class="xref">Prohibit TLS Middlebox Compatibility Mode</a><a href="#section-toc.1-1.8.2.4.1" class="pilcrow">¶</a></p>
+</li>
 </ul>
 </li>
 <li class="toc ulEmpty" id="section-toc.1-1.9">
@@ -1324,11 +1327,7 @@ <h3 id="name-tls-overview">
 self-contained trigger for any non-idempotent action.<a href="#section-2.1-9.2" class="pilcrow">¶</a>
 </li>
 </ul>
-<p id="section-2.1-10">A simplified TLS handshake with 0-RTT application data is shown in <a href="#tls-full" class="xref">Figure 2</a>.
-Note that this omits the EndOfEarlyData message, which is not used in QUIC (see
-<a href="#remove-eoed" class="xref">Section 8.3</a>).  Likewise, neither ChangeCipherSpec nor KeyUpdate messages are
-used by QUIC; ChangeCipherSpec is redundant in TLS 1.3 and QUIC has defined its
-own key update mechanism <a href="#key-update" class="xref">Section 6</a>.<a href="#section-2.1-10" class="pilcrow">¶</a></p>
+<p id="section-2.1-10">A simplified TLS handshake with 0-RTT application data is shown in <a href="#tls-full" class="xref">Figure 2</a>.<a href="#section-2.1-10" class="pilcrow">¶</a></p>
 <span id="name-tls-handshake-with-0-rtt"></span><div id="tls-full">
 <figure id="figure-2">
           <div class="artwork art-text alignLeft" id="section-2.1-11.1">
@@ -1355,23 +1354,27 @@ <h3 id="name-tls-overview">
 <a href="#name-tls-handshake-with-0-rtt" class="selfRef">TLS Handshake with 0-RTT</a>
           </figcaption></figure>
 </div>
-<p id="section-2.1-12">Data is protected using a number of encryption levels:<a href="#section-2.1-12" class="pilcrow">¶</a></p>
+<p id="section-2.1-12"><a href="#tls-full" class="xref">Figure 2</a> omits the EndOfEarlyData message, which is not used in QUIC; see
+<a href="#remove-eoed" class="xref">Section 8.3</a>. Likewise, neither ChangeCipherSpec nor KeyUpdate messages are
+used by QUIC. ChangeCipherSpec is redundant in TLS 1.3; see <a href="#compat-mode" class="xref">Section 8.4</a>.
+QUIC has its own key update mechanism; see <a href="#key-update" class="xref">Section 6</a>.<a href="#section-2.1-12" class="pilcrow">¶</a></p>
+<p id="section-2.1-13">Data is protected using a number of encryption levels:<a href="#section-2.1-13" class="pilcrow">¶</a></p>
 <ul>
-<li id="section-2.1-13.1">Initial Keys<a href="#section-2.1-13.1" class="pilcrow">¶</a>
+<li id="section-2.1-14.1">Initial Keys<a href="#section-2.1-14.1" class="pilcrow">¶</a>
 </li>
-<li id="section-2.1-13.2">Early Data (0-RTT) Keys<a href="#section-2.1-13.2" class="pilcrow">¶</a>
+<li id="section-2.1-14.2">Early Data (0-RTT) Keys<a href="#section-2.1-14.2" class="pilcrow">¶</a>
 </li>
-<li id="section-2.1-13.3">Handshake Keys<a href="#section-2.1-13.3" class="pilcrow">¶</a>
+<li id="section-2.1-14.3">Handshake Keys<a href="#section-2.1-14.3" class="pilcrow">¶</a>
 </li>
-<li id="section-2.1-13.4">Application Data (1-RTT) Keys<a href="#section-2.1-13.4" class="pilcrow">¶</a>
+<li id="section-2.1-14.4">Application Data (1-RTT) Keys<a href="#section-2.1-14.4" class="pilcrow">¶</a>
 </li>
 </ul>
-<p id="section-2.1-14">Application Data may appear only in the Early Data and Application Data
-levels. Handshake and Alert messages may appear in any level.<a href="#section-2.1-14" class="pilcrow">¶</a></p>
-<p id="section-2.1-15">The 0-RTT handshake is only possible if the client and server have previously
+<p id="section-2.1-15">Application Data may appear only in the Early Data and Application Data
+levels. Handshake and Alert messages may appear in any level.<a href="#section-2.1-15" class="pilcrow">¶</a></p>
+<p id="section-2.1-16">The 0-RTT handshake is only possible if the client and server have previously
 communicated.  In the 1-RTT handshake, the client is unable to send protected
 Application Data until it has received all of the Handshake messages sent by the
-server.<a href="#section-2.1-15" class="pilcrow">¶</a></p>
+server.<a href="#section-2.1-16" class="pilcrow">¶</a></p>
 </section>
 </div>
 </section>
@@ -2833,10 +2836,10 @@ <h2 id="name-security-of-initial-message">
 messages, that tampering will cause the TLS handshake to fail.<a href="#section-7-3" class="pilcrow">¶</a></p>
 </section>
 </div>
-<div id="quic-specific-additions-to-the-tls-handshake">
+<div id="quic-specific-adjustments-to-the-tls-handshake">
 <section id="section-8">
-      <h2 id="name-quic-specific-additions-to-">
-<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-quic-specific-additions-to-" class="section-name selfRef">QUIC-Specific Additions to the TLS Handshake</a>
+      <h2 id="name-quic-specific-adjustments-t">
+<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-quic-specific-adjustments-t" class="section-name selfRef">QUIC-Specific Adjustments to the TLS Handshake</a>
       </h2>
 <p id="section-8-1">QUIC uses the TLS handshake for more than just negotiation of cryptographic
 parameters.  The TLS handshake provides preliminary values for QUIC transport
@@ -2913,6 +2916,23 @@ <h3 id="name-removing-the-endofearlydata">
 <p id="section-8.3-3">As a result, EndOfEarlyData does not appear in the TLS handshake transcript.<a href="#section-8.3-3" class="pilcrow">¶</a></p>
 </section>
 </div>
+<div id="compat-mode">
+<section id="section-8.4">
+        <h3 id="name-prohibit-tls-middlebox-comp">
+<a href="#section-8.4" class="section-number selfRef">8.4. </a><a href="#name-prohibit-tls-middlebox-comp" class="section-name selfRef">Prohibit TLS Middlebox Compatibility Mode</a>
+        </h3>
+<p id="section-8.4-1">Appendix D.4 of <span>[<a href="#TLS13" class="xref">TLS13</a>]</span> describes an alteration to the TLS 1.3 handshake as
+a workaround for bugs in some middleboxes. The TLS 1.3 middlebox compatibility
+mode involves setting the legacy_session_id field to a 32-byte value in the
+ClientHello and ServerHello, then sending a change_cipher_spec record. Both
+field and record carry no semantic content and are ignored.<a href="#section-8.4-1" class="pilcrow">¶</a></p>
+<p id="section-8.4-2">This mode has no use in QUIC as it only applies to middleboxes that interfere
+with TLS over TCP. QUIC also provides no means to carry a change_cipher_spec
+record. A client MUST NOT request the use of the TLS 1.3 compatibility mode. A
+server SHOULD treat the receipt of a TLS ClientHello that with a non-empty
+legacy_session_id field as a connection error of type PROTOCOL_VIOLATION.<a href="#section-8.4-2" class="pilcrow">¶</a></p>
+</section>
+</div>
 </section>
 </div>
 <div id="security-considerations">