Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Magnus' TLS nits #4205

Merged
merged 4 commits into from Oct 15, 2020
Merged

Magnus' TLS nits #4205

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0e46958
Describe TLS properties more precisely
martinthomson Oct 14, 2020
2ab6335
Just describe 0-RTT (and its limitations)
martinthomson Oct 14, 2020
baeefed
DCID is 0..20 and clarify...
martinthomson Oct 14, 2020
9811e96
so...
martinthomson Oct 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
22 changes: 12 additions & 10 deletions draft-ietf-quic-tls.md
View file
Open in desktop
Expand Up @@ -144,9 +144,10 @@ could be used; see {{tls-version}}.

## TLS Overview

TLS provides two endpoints with a way to establish a means of communication over
an untrusted medium (that is, the Internet) that ensures that messages they
exchange cannot be observed, modified, or forged.
TLS provides two endpoints with a way to establish a means of communication
over an untrusted medium (that is, the Internet). TLS enables authentication of
peers and provides confidentiality and integrity protection for messages that
endpoints exchange.

Internally, TLS is a layered protocol, with the structure shown in
{{tls-layers}}.
Expand Down Expand Up @@ -193,8 +194,8 @@ TLS provides two basic handshake modes of interest to QUIC:

* A 0-RTT handshake, in which the client uses information it has previously
learned about the server to send Application Data immediately. This
Application Data can be replayed by an attacker so it MUST NOT carry a
self-contained trigger for any non-idempotent action.
Application Data can be replayed by an attacker so 0-RTT is not suitable for
carrying instructions that might initiate any non-idempotent action.

A simplified TLS handshake with 0-RTT application data is shown in {{tls-full}}.

Expand Down Expand Up @@ -990,11 +991,12 @@ response to an Initial packet from the server.

Note:

: The Destination Connection ID is of arbitrary length, and it could be zero
length if the server sends a Retry packet with a zero-length Source Connection
ID field. In this case, the Initial keys provide no assurance to the client
that the server received its packet; the client has to rely on the exchange
that included the Retry packet for that property.
: The Destination Connection ID field could be any length up to 20 bytes,
including zero length if the server sends a Retry packet with a zero-length
Source Connection ID field. After a Retry, the Initial keys provide the client
no assurance that the server received its packet, so the client has to rely on
the exchange that included the Retry packet to validate the server address;
see Section 8.1 of {{QUIC-TRANSPORT}}.

{{test-vectors}} contains sample Initial packets.

Expand Down