Packet protection or not? #3887
Labels
-tls
-transport
editorial
An issue that does not affect the design of the protocol; does not require consensus.
Comments
MikeBishop
added
editorial
|
ekr suggested that we limit the use of "integrity protection" (and I presume "confidentiality protection") to those cases where the protection is real, and not based on fixed keys or trivially-acquired keys. I think that might be the best answer here, even if that takes more effort to get right. |
|
@martinthomson : That sounds good like a good way forward. |
martinthomson
added a commit
that referenced
this issue
Jul 14, 2020
This breaks down some of the packet protection text in favour of more specific language about the protections provided. By preference, this talks about integrity protection and confidentiality protection as it relates to those packets that are protected using keys derived from TLS. For Initial packets this means avoid use of "packet protection" as much as possible (I'm sure that I have missed some of these). The same for Retry. This required some additional framing, but it wasn't too intrusive. Most of the changes are cosmetic. Closes #3887.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Transport, we say:
However, in TLS we have a section named "Packet Protection" (Section 5) with subsections describing how to protect Initial (5.2) and Retry (5.8) packets which talk about Initial, at least, as using packet protection. I think it would be clearer to describe the lack of security properties that this limited form of protection provides, rather than say they're not protected at all.
Alternatively, we could rework the language in TLS, but that feels like a bigger terminology change.
The text was updated successfully, but these errors were encountered: