From 72a21e7595b294393896c3a2c39393f2a0508186 Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Tue, 12 Jan 2021 18:05:53 +1100
Subject: [PATCH] Move HANDSHAKE_DONE requirement up

---
 draft-ietf-quic-tls.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md
index 8ca4d880b5..b09089bc07 100644
--- a/draft-ietf-quic-tls.md
+++ b/draft-ietf-quic-tls.md
@@ -378,7 +378,8 @@ perspective of the endpoint in question.
 ### Handshake Confirmed {#handshake-confirmed}
 
 In this document, the TLS handshake is considered confirmed at the server when
-the handshake completes.  At the client, the handshake is considered confirmed
+the handshake completes.  The server MUST send a HANDSHAKE_DONE frame as soon as
+the handshake is complete.  At the client, the handshake is considered confirmed
 when a HANDSHAKE_DONE frame is received.
 
 A client MAY consider the handshake to be confirmed when it receives an
@@ -872,8 +873,8 @@ and ignoring any outstanding Initial packets.
 ### Discarding Handshake Keys {#discard-handshake}
 
 An endpoint MUST discard its handshake keys when the TLS handshake is confirmed
-({{handshake-confirmed}}).  The server MUST send a HANDSHAKE_DONE frame as soon
-as it completes the handshake.
+({{handshake-confirmed}}).
+
 
 ### Discarding 0-RTT Keys