From 8aaf04454d2ece36f1a39d29c46fc970a914de3f Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 23 May 2018 15:17:42 +1000 Subject: [PATCH] Explain what packet protection means --- draft-ietf-quic-transport.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 25dc8bb0bc..e28c178443 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -673,12 +673,22 @@ CONNECTION_CLOSE frames if the handshake is unsuccessful. ## Protected Packets {#packet-protected} -All QUIC packets are protected. Packets that are protected with the static -handshake keys or the 0-RTT keys are sent with long headers; all packets +All QUIC packets use packet protection. Packets that are protected with the +static handshake keys or the 0-RTT keys are sent with long headers; all packets protected with 1-RTT keys are sent with short headers. The different packet types explicitly indicate the encryption level and therefore the keys that are used to remove packet protection. +Packets protected with handshake keys only use packet protection to ensure that +the sender of the packet is on the network path. This packet protection is not +effective confidentiality protection; any entity that receives the Initial +packet from a client can recover the keys necessary to remove packet protection +or to generate packets that will be successfully authenticated. + +Packets protected with 0-RTT and 1-RTT keys are expected to have confidentiality +and data origin authentication; the cryptographic handshake ensures that only +the communicating endpoints receive the corresponding keys. + Packets protected with 0-RTT keys use a type value of 0x7C. The connection ID fields for a 0-RTT packet MUST match the values used in the Initial packet ({{packet-initial}}).