Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be clearer about protections #3900

Merged
merged 12 commits into from Aug 4, 2020
Merged

Be clearer about protections #3900

Changes from 3 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
a38e49b
Be clearer about protections
martinthomson Jul 14, 2020
25264d0
First initial
martinthomson Jul 14, 2020
83e840e
first Initial
martinthomson Jul 14, 2020
5782bf9
Merge branch 'master' into less-protection
martinthomson Jul 16, 2020
c78921e
Use text from master for this paragraph
martinthomson Jul 16, 2020
1db24ca
Trailing whitespace, gah
martinthomson Jul 16, 2020
05cb8f2
Lots of review comments
martinthomson Jul 19, 2020
bca2743
wrap
martinthomson Jul 19, 2020
92d1701
Moor sugestions
martinthomson Jul 21, 2020
00d90fc
Some more rearrangement
martinthomson Jul 20, 2020
645d6f8
Cleaner
martinthomson Jul 20, 2020
7f190d7
Split sentence; reword
martinthomson Jul 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 11 additions & 12 deletions draft-ietf-quic-transport.md
View file
Open in desktop
Expand Up @@ -3168,20 +3168,19 @@ Version Negotiation packets have no cryptographic protection; see
Retry packets use an authenticated encryption with associated data function
(AEAD; {{?AEAD=RFC5116}}) to protect against accidental modification.

Initial packets use an AEAD with keys that are derived using a value that is
visible on the wire, and therefore does not provide effective confidentiality
protection. Initial protection exists to ensure that the sender of the packet is
on the network path. Any entity that receives an Initial packet from a client
can recover the keys that will allow them to both read the contents of the packet
and generate Initial packets that will be successfully authenticated at either
endpoint.
Initial packets use an AEAD, the keys for which are derived using a value that
is visible on the wire. Initial packets therefore do not have effective
confidentiality protection. Initial protection exists to ensure that the sender
of the packet is on the network path. Any entity that receives an Initial packet
from a client can recover the keys that will allow them to both read the
contents of the packet and generate Initial packets that will be successfully
authenticated at either endpoint.

All other packets are protected with keys derived from the cryptographic
handshake. The type of the packet from the long header or key phase from the
short header are used to identify which encryption keys are used. Packets
protected with 0-RTT and 1-RTT keys are expected to have strong confidentiality
and integrity protection; the cryptographic handshake ensures that only the
communicating endpoints receive the corresponding keys.
handshake. The cryptographic handshake ensures that only the communicating
endpoints receive the corresponding keys for Handshake, 0-RTT, and 1-RTT
packets. Packets protected with 0-RTT and 1-RTT keys have strong
confidentiality and integrity protection.

The Packet Number field that appears in some packet types has alternative
confidentiality protection that is applied as part of header protection; see
Expand Down