Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

token-based greasing / initial packet protection #3166

Closed
wants to merge 30 commits into from
Closed

token-based greasing / initial packet protection #3166

Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
048788c
first cut
kazuho Oct 29, 2019
5067498
editorial
kazuho Oct 29, 2019
58468c5
define downgrade prevention
kazuho Oct 29, 2019
42a7387
clarify the requirement when building a token
kazuho Oct 29, 2019
81dc3d9
editorial
kazuho Oct 29, 2019
2553793
protect token using checksum (reusing text from #3120 by @DavidSchinazi)
kazuho Oct 29, 2019
d16700d
use list for implementation guidance, applying @DavidSchnazi's sugges…
kazuho Oct 30, 2019
06bd108
clarify what can be associated with the token, adopting @MikeBishop's…
kazuho Oct 30, 2019
6158bd9
s/comprises of/contains/ (@MikeBishop)
kazuho Oct 30, 2019
7eded0a
use "Long Packet Type" (@DavidSchinazi)
kazuho Oct 30, 2019
0720ef3
swap reserved bits and packet type modifier (suggested by @martinthom…
kazuho Oct 30, 2019
14469be
long packet types when encoded in a long header packet is an XOR (@ma…
kazuho Oct 30, 2019
4e95ee6
clarify how a server can opt-out
kazuho Oct 30, 2019
bacab50
Revert "protect token using checksum (reusing text from #3120 by @Dav…
kazuho Oct 30, 2019
d9ec324
no more downgrade
kazuho Oct 30, 2019
3f4e7cc
server always announce (though it can effectively opt-out)
kazuho Oct 30, 2019
69d9969
delete VERSION_NEGOTIATION_ERROR (once again)
kazuho Oct 30, 2019
373257b
clarify how to handle Retry, as well as stating that a fixed mapping …
kazuho Oct 30, 2019
94a5a1b
add Lifetime field
kazuho Oct 30, 2019
5f853ad
Update draft-ietf-quic-transport.md
kazuho Oct 31, 2019
75735e0
@MikeBishop's suggestions; https://github.com/quicwg/base-drafts/pull…
kazuho Oct 31, 2019
44c2b1d
oops, amend the previous commit
kazuho Oct 31, 2019
d557fb7
fix typo, emphasize that this is just an example
kazuho Oct 31, 2019
7d0fa47
Rephrase as "seeding"; The default of "alternative" being the standar…
kazuho Oct 31, 2019
3caa73e
Update draft-ietf-quic-transport.md
kazuho Oct 31, 2019
ead19c0
Update draft-ietf-quic-transport.md
kazuho Oct 31, 2019
bd45b37
Update draft-ietf-quic-transport.md
kazuho Oct 31, 2019
0a45df1
Update draft-ietf-quic-transport.md
kazuho Oct 31, 2019
d683da8
wordwrap
kazuho Oct 31, 2019
febd899
s/PRF/CSPRNG/ for clarification
kazuho Oct 31, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions draft-ietf-quic-transport.md
View file
Open in desktop
Expand Up @@ -2756,8 +2756,8 @@ Typically, a server would act in the following steps:
embeds the alternative initial set including the alternative initial salt
being generated. The token will be encrypted using a key known only to the
server, thereby conforming to the requirements in {{validate-future}}. After
that, the server sends a NEW_TOKEN frame that comprises of the generated token
and the alternative initial set that has been embedded to that token.
that, the server sends a NEW_TOKEN frame that contains the generated token and
the alternative initial set that has been embedded to that token.

* When the client reconnects to the server by using the provided token and the
alternative initial set, the server first checks if the version number field
Expand Down