From 4bf24681eee5235af5311fc939126195b16f6e40 Mon Sep 17 00:00:00 2001 From: martinduke Date: Fri, 8 Feb 2019 17:50:02 -0800 Subject: [PATCH 1/4] quic-tls nits I suspect these are uncontroversial. --- draft-ietf-quic-tls.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 936d1bc00d..9a7c3cc049 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -745,7 +745,7 @@ The keys used for packet protection are computed from the TLS secrets using the KDF provided by TLS. In TLS 1.3, the HKDF-Expand-Label function described in Section 7.1 of {{!TLS13}} is used, using the hash function from the negotiated cipher suite. Other versions of TLS MUST provide a similar function in order to -be used QUIC. +be used with QUIC. The current encryption level secret and the label "quic key" are input to the KDF to produce the AEAD key; the label "quic iv" is used to derive the IV, see @@ -788,7 +788,7 @@ The value of initial_salt is a 20 byte sequence shown in the figure in hexadecimal notation. Future versions of QUIC SHOULD generate a new salt value, thus ensuring that the keys are different for each version of QUIC. This prevents a middlebox that only recognizes one version of QUIC from seeing or -modifying the contents of handshake packets from future versions. +modifying the contents of Initial packets from future versions. The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial packets even where the TLS versions offered do not include TLS 1.3. @@ -1242,8 +1242,8 @@ protection for these values. The `extension_data` field of the quic_transport_parameters extension contains a value that is defined by the version of QUIC that is in use. The -quic_transport_parameters extension carries a TransportParameters when the -version of QUIC defined in {{QUIC-TRANSPORT}} is used. +quic_transport_parameters extension carries a TransportParameters struct when +the version of QUIC defined in {{QUIC-TRANSPORT}} is used. The quic_transport_parameters extension is carried in the ClientHello and the EncryptedExtensions messages during the handshake. From 325d2cbdab441cfb15c570aa084472dac88c09f1 Mon Sep 17 00:00:00 2001 From: martinduke Date: Fri, 8 Feb 2019 18:02:24 -0800 Subject: [PATCH 2/4] One more --- draft-ietf-quic-tls.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 9a7c3cc049..ad4f9b567d 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -14,7 +14,7 @@ pi: [toc, sortrefs, symrefs, docmapping] author: - ins: M. Thomson - name: Martin Thomson + name: Martin Thomsonf org: Mozilla email: mt@lowentropy.net role: editor @@ -216,7 +216,7 @@ Note that this omits the EndOfEarlyData message, which is not used in QUIC (see Data is protected using a number of encryption levels: -- Plaintext +- Initial Keys - Early Data (0-RTT) Keys - Handshake Keys - Application Data (1-RTT) Keys From 5bb4241cf1d9f48798abd48450087e2188ae372b Mon Sep 17 00:00:00 2001 From: martinduke Date: Fri, 8 Feb 2019 18:02:52 -0800 Subject: [PATCH 3/4] argh stray character --- draft-ietf-quic-tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index ad4f9b567d..e7ff01a4af 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -14,7 +14,7 @@ pi: [toc, sortrefs, symrefs, docmapping] author: - ins: M. Thomson - name: Martin Thomsonf + name: Martin Thomson org: Mozilla email: mt@lowentropy.net role: editor From 4d2821c5e79c741355ae8a69df024718e07835c9 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Sun, 10 Feb 2019 20:28:53 -0800 Subject: [PATCH 4/4] Update draft-ietf-quic-tls.md This is a better fix. Co-Authored-By: martinduke --- draft-ietf-quic-tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index e7ff01a4af..3b101009b8 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -788,7 +788,7 @@ The value of initial_salt is a 20 byte sequence shown in the figure in hexadecimal notation. Future versions of QUIC SHOULD generate a new salt value, thus ensuring that the keys are different for each version of QUIC. This prevents a middlebox that only recognizes one version of QUIC from seeing or -modifying the contents of Initial packets from future versions. +modifying the contents of packets from future versions. The HKDF-Expand-Label function defined in TLS 1.3 MUST be used for Initial packets even where the TLS versions offered do not include TLS 1.3.