From cac3e7ec954ad589a33e3bd005d33d7d36bfab64 Mon Sep 17 00:00:00 2001
From: Martin Duke <m.duke@f5.com>
Date: Wed, 30 Oct 2019 09:53:30 -0700
Subject: [PATCH 1/2] Deny 1-RTT Rx keys till finished

---
 draft-ietf-quic-tls.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index d93f1702f0..ad8b193ddf 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -504,6 +504,9 @@ client could interleave ACK frames that are protected with Handshake keys with
 0-RTT data and the server needs to process those acknowledgments in order to
 detect lost Handshake packets.
 
+A TLS implementation MUST NOT provide a 1-RTT decrypt secret to QUIC until it
+has received a Finished message from the peer.
+
 QUIC also needs access to keys that might not ordinarily be available to a TLS
 implementation.  For instance, a client might need to acknowledge Handshake
 packets before it is ready to send CRYPTO frames at that encryption level.  TLS

From e7da545640c9f2230e44d8d60284b8ecc468612f Mon Sep 17 00:00:00 2001
From: martinduke <martin.h.duke@gmail.com>
Date: Thu, 31 Oct 2019 10:09:27 -0700
Subject: [PATCH 2/2] Update draft-ietf-quic-tls.md

Co-Authored-By: Martin Thomson <mt@lowentropy.net>
---
 draft-ietf-quic-tls.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index ad8b193ddf..b99e86c435 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -505,7 +505,7 @@ client could interleave ACK frames that are protected with Handshake keys with
 detect lost Handshake packets.
 
 A TLS implementation MUST NOT provide a 1-RTT decrypt secret to QUIC until it
-has received a Finished message from the peer.
+the TLS handshake is complete.
 
 QUIC also needs access to keys that might not ordinarily be available to a TLS
 implementation.  For instance, a client might need to acknowledge Handshake