From a35f3c43cbf793ba9da502361d9568615124f492 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 11 Dec 2019 10:38:20 +1100 Subject: [PATCH 1/2] Remove duplicated CONNECTION_CLOSE rules --- draft-ietf-quic-transport.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 8c3b8b7243..e9838dc565 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2475,12 +2475,6 @@ the handshake, it is possible that more advanced packet protection keys are not available to the peer, so the frame MAY be replicated in a packet that uses a lower packet protection level. -After the handshake is confirmed, an endpoint MUST send any CONNECTION_CLOSE -frames in a 1-RTT packet. Prior to handshake confirmation, the peer might not -have 1-RTT keys, so the endpoint SHOULD send CONNECTION_CLOSE frames in a -Handshake packet. If the endpoint does not have Handshake keys, it SHOULD send -CONNECTION_CLOSE frames in an Initial packet. - A client will always know whether the server has Handshake keys (see {{discard-initial}}), but it is possible that a server does not know whether the client has Handshake keys. Under these circumstances, a server SHOULD send a @@ -2489,7 +2483,8 @@ least one of them is processable by the client. Similarly, a peer might be unable to read 1-RTT packets, so an endpoint SHOULD send CONNECTION_CLOSE in Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2 of {{QUIC-TLS}}. These packets can be coalesced into a single UDP datagram; see -{{packet-coalesce}}. +{{packet-coalesce}}. After the handshake is confirmed, an endpoint MUST send +any CONNECTION_CLOSE frames in a 1-RTT packet. ## Stateless Reset {#stateless-reset} From 48958a7cc07f1732fb374648b44e99663c6b1159 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 11 Dec 2019 14:57:29 +1100 Subject: [PATCH 2/2] Move the retained sentence higher instead --- draft-ietf-quic-transport.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index e9838dc565..0e71d7d690 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2470,10 +2470,12 @@ signal closure. When sending CONNECTION_CLOSE, the goal is to ensure that the peer will process the frame. Generally, this means sending the frame in a packet with the highest -level of packet protection to avoid the packet being discarded. However, during -the handshake, it is possible that more advanced packet protection keys are not -available to the peer, so the frame MAY be replicated in a packet that uses a -lower packet protection level. +level of packet protection to avoid the packet being discarded. After the +handshake is confirmed (see Section 4.1.2 of {{QUIC-TLS}}), an endpoint MUST +send any CONNECTION_CLOSE frames in a 1-RTT packet. However, prior to +confirming the handshake, it is possible that more advanced packet protection +keys are not available to the peer, so the frame MAY be replicated in a packet +that uses a lower packet protection level. A client will always know whether the server has Handshake keys (see {{discard-initial}}), but it is possible that a server does not know whether the @@ -2481,10 +2483,8 @@ client has Handshake keys. Under these circumstances, a server SHOULD send a CONNECTION_CLOSE frame in both Handshake and Initial packets to ensure that at least one of them is processable by the client. Similarly, a peer might be unable to read 1-RTT packets, so an endpoint SHOULD send CONNECTION_CLOSE in -Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2 -of {{QUIC-TLS}}. These packets can be coalesced into a single UDP datagram; see -{{packet-coalesce}}. After the handshake is confirmed, an endpoint MUST send -any CONNECTION_CLOSE frames in a 1-RTT packet. +Handshake and 1-RTT packets prior to confirming the handshake. These packets +can be coalesced into a single UDP datagram; see {{packet-coalesce}}. ## Stateless Reset {#stateless-reset}