From 28e53ae73537003a58ccc504b680df777eb2e301 Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 30 May 2018 06:44:18 +0900
Subject: [PATCH] Key of AES-128 is 16 bytes, not 12 bytes.

---
 draft-ietf-quic-tls.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index 7dd47f1221..bc10bdef67 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -847,7 +847,7 @@ derived from 1-RTT secrets as follows:
 ~~~
 client_pp_key<i> = QHKDF-Expand(client_pp_secret<i>, "key", 16)
 client_pp_iv<i>  = QHKDF-Expand(client_pp_secret<i>, "iv", 12)
-client_pp_pn<i>  = QHKDF-Expand(client_pp_secret<i>, "pn", 12)
+client_pp_pn<i>  = QHKDF-Expand(client_pp_secret<i>, "pn", 16)
 ~~~
 
 The QUIC packet protection initially starts with keying material derived from