You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Figure 3 shows "TLS Alerts" as being carried over QUIC Transport, but
per §4.8 TLS alerts are translated into QUIC connection errors and are
not sent natively.
The TLS component provides a series of updates to the QUIC
component, including (a) new packet protection keys to install (b)
state changes such as handshake completion, the server
certificate, etc.
I think that if we're going to talk about passing the server certificate
between TLS and QUIC components, we should be very clear about where/how
certificate validation occurs. For example, it would be pretty
disasterous if TLS passed the certificate to QUIC expecting that QUIC
would do any validation of the peer identity, but QUIC assumed that TLS
would only provide a validated certificate. Perhaps in §4.1 when we
mention the potential for "additional functions [...] to configure TLS",
we might mention "including certificate validation", if appropriate?
The text was updated successfully, but these errors were encountered:
Should we split this bit out into a separate issue?
Figure 3 shows "TLS Alerts" as being carried over QUIC Transport, but
per §4.8 TLS alerts are translated into QUIC connection errors and are
not sent natively.
(The prose also says "TLS Handshake and Alert messages are carried
directly over the QUIC transport".)
@kaduk said:
The text was updated successfully, but these errors were encountered: