From 31c15369b4f27d4e0b03dfe46ca9eae22ebb8a5c Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Sun, 29 Nov 2020 13:32:31 +0900 Subject: [PATCH 1/3] handling of KeyUpdate in other epochs are specified in RFC 8446, do not override --- draft-ietf-quic-tls.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 6db7ed7002..5f96e3c2ba 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -1426,8 +1426,8 @@ packet that contains the changed value. This mechanism replaces the TLS KeyUpdate message. Endpoints MUST NOT send a TLS KeyUpdate message. Endpoints MUST treat the receipt of a TLS KeyUpdate -message as a connection error of type 0x10a, equivalent to a fatal TLS alert of -unexpected_message (see {{tls-errors}}). +message in a 1-RTT packet as a connection error of type 0x10a, equivalent to a +fatal TLS alert of unexpected_message (see {{tls-errors}}). {{ex-key-update}} shows a key update process, where the initial set of keys used (identified with @M) are replaced by updated keys (identified with @N). The From b33c48762efdd88170eebed13272bc14278495a1 Mon Sep 17 00:00:00 2001 From: Kazuho Oku Date: Sun, 29 Nov 2020 16:18:16 +0900 Subject: [PATCH 2/3] clarify that TLS sends KeyUpdates only in 1-RTT --- draft-ietf-quic-tls.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 5f96e3c2ba..c8571e2e60 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -1424,7 +1424,8 @@ without needing to receive the first packet that triggered the change. An endpoint that notices a changed Key Phase bit updates keys and decrypts the packet that contains the changed value. -This mechanism replaces the TLS KeyUpdate message. Endpoints MUST NOT send a +This mechanism replaces the key update mechanism of TLS, which relies on +KeyUpdate messages sent using 1-RTT encryption keys. Endpoints MUST NOT send a TLS KeyUpdate message. Endpoints MUST treat the receipt of a TLS KeyUpdate message in a 1-RTT packet as a connection error of type 0x10a, equivalent to a fatal TLS alert of unexpected_message (see {{tls-errors}}). From ad95f6930b9431d309d25d4f36aad5e580a929d5 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 9 Dec 2020 10:25:47 +1100 Subject: [PATCH 3/3] semi --- draft-ietf-quic-tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index c8571e2e60..620146202d 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -1428,7 +1428,7 @@ This mechanism replaces the key update mechanism of TLS, which relies on KeyUpdate messages sent using 1-RTT encryption keys. Endpoints MUST NOT send a TLS KeyUpdate message. Endpoints MUST treat the receipt of a TLS KeyUpdate message in a 1-RTT packet as a connection error of type 0x10a, equivalent to a -fatal TLS alert of unexpected_message (see {{tls-errors}}). +fatal TLS alert of unexpected_message; see {{tls-errors}}. {{ex-key-update}} shows a key update process, where the initial set of keys used (identified with @M) are replaced by updated keys (identified with @N). The