From e5e288842bda6d7275784762835880a96154f280 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Tue, 28 Aug 2018 09:42:37 +1000 Subject: [PATCH 1/2] Use 'encryption' less often --- draft-ietf-quic-transport.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index ae0b3bdc04..b11905cfa1 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -995,7 +995,7 @@ response to connection migration ({{migration}}). NEW_CONNECTION_ID frames ## Packet Numbers {#packet-numbers} The packet number is an integer in the range 0 to 2^62-1. The value is used in -determining the cryptographic nonce for packet encryption. Each endpoint +determining the cryptographic nonce for packet protection. Each endpoint maintains a separate packet number for sending and receiving. Packet numbers are divided into 3 spaces in QUIC: @@ -1005,18 +1005,17 @@ Packet numbers are divided into 3 spaces in QUIC: - Application data space: All 0-RTT and 1-RTT encrypted packets {{packet-protected}} are in this space. -As described in {{QUIC-TLS}}, each packet type uses different encryption keys. +As described in {{QUIC-TLS}}, each packet type uses different protection keys. -Conceptually, a packet number space is the encryption context in which -a packet can be processed and ACKed. Initial packets can only be sent -with Initial encryption keys and ACKed in packets which are also -Initial packets. Similarly, Handshake packets can only be sent and -acknowledged in Handshake packets. +Conceptually, a packet number space is the context in which a packet can be +processed and ACKed. Initial packets can only be sent with Initial encryption +keys and ACKed in packets which are also Initial packets. Similarly, Handshake +packets can only be sent and acknowledged in Handshake packets. -This enforces cryptographic separation between the data sent in the -different packet sequence number spaces. Each packet number space -starts at packet number 0. Subsequent packets sent in the -same packet number space MUST increase the packet number by at least one. +This enforces cryptographic separation between the data sent in the different +packet sequence number spaces. Each packet number space starts at packet number +0. Subsequent packets sent in the same packet number space MUST increase the +packet number by at least one. 0-RTT and 1-RTT data exist in the same packet number space to make loss recovery algorithms easier to implement between the two packet types. From d016a9697c2e5d58439f5563bf470a54b652dbc9 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 29 Aug 2018 08:22:01 +1000 Subject: [PATCH 2/2] Say things more clearly --- draft-ietf-quic-transport.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index b11905cfa1..dc110850bf 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1008,9 +1008,10 @@ Packet numbers are divided into 3 spaces in QUIC: As described in {{QUIC-TLS}}, each packet type uses different protection keys. Conceptually, a packet number space is the context in which a packet can be -processed and ACKed. Initial packets can only be sent with Initial encryption -keys and ACKed in packets which are also Initial packets. Similarly, Handshake -packets can only be sent and acknowledged in Handshake packets. +processed and acknowledged. Initial packets can only be sent with Initial +packet protection keys and acknowledged in packets which are also Initial +packets. Similarly, Handshake packets are sent at the Handshake encryption +level and can only be acknowledged in Handshake packets. This enforces cryptographic separation between the data sent in the different packet sequence number spaces. Each packet number space starts at packet number