From e686f9ee4b806a918db1231a7bf5b7c96a621826 Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Thu, 17 Oct 2019 16:23:30 -0700
Subject: [PATCH 1/2] Forbid Handshake key discarding

After many iterations of solutions to this problem, we have decided to
first forbid discard.  We would like to have a concrete discard point,
but we couldn't agree on one that was provably safe.

If we can come up with a mechanism for discarding earlier, or a signal
that comes earlier than the end of the connection, we will first
carefully look at it, but we might accept further changes.

Closes #2863.
---
 draft-ietf-quic-tls.md | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index d93f1702f0..5a68f5f634 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -760,14 +760,8 @@ and ignoring any outstanding Initial packets.
 
 ### Discarding Handshake Keys
 
-An endpoint MUST NOT discard its handshake keys until the TLS handshake is
-confirmed ({{handshake-confirmed}}).  An endpoint SHOULD discard its handshake
-keys as soon as it has confirmed the handshake.  Most application protocols
-will send data after the handshake, resulting in acknowledgements that allow
-both endpoints to discard their handshake keys promptly.  Endpoints that do
-not have reason to send immediately after completing the handshake MAY send
-ack-eliciting frames, such as PING, which will cause the handshake to be
-confirmed when they are acknowledged.
+An endpoint MUST NOT discard its handshake keys.  Discarding Handshake keys too
+early can lead to deadlock conditions.
 
 
 ### Discarding 0-RTT Keys

From 844fcff850afbf98c758ccd9080e5d0f6c8b88f1 Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Tue, 22 Oct 2019 12:43:23 +1100
Subject: [PATCH 2/2] Explain moar

---
 draft-ietf-quic-tls.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index 5a68f5f634..bc8786a0df 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -761,7 +761,8 @@ and ignoring any outstanding Initial packets.
 ### Discarding Handshake Keys
 
 An endpoint MUST NOT discard its handshake keys.  Discarding Handshake keys too
-early can lead to deadlock conditions.
+early can lead to a deadlock condition where one endpoint never receives
+acknowledgments for Handshake packets.
 
 
 ### Discarding 0-RTT Keys