You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sectionm 5.2:
"Section 19 of [QUIC-TRANSPORT] encodes the Connection ID Sequence Number as a variable-length integer, allowing values up to 2^62-1; in this specification, a range of less than 2^32-1 values MUST be used before updating the packet protection key"
I think this is unlikely to cause a real issue, but is sloppy writing. At no point in time may a sequence number n and its next wrapped value ( n+2^32) be protected by the same packet protection key. This is unlikely to ever happen due to AEAD limits of at least current ciphers. But I think it would be good to be formally correct here.
I will note that there is duplication of the imprecise requirement in the last paragraph of the seciton too: "Due to the way the nonce is constructed, endpoints MUST NOT use more than 2^32 Connection IDs without a key update."
The text was updated successfully, but these errors were encountered:
Sectionm 5.2:
"Section 19 of [QUIC-TRANSPORT] encodes the Connection ID Sequence Number as a variable-length integer, allowing values up to 2^62-1; in this specification, a range of less than 2^32-1 values MUST be used before updating the packet protection key"
I think this is unlikely to cause a real issue, but is sloppy writing. At no point in time may a sequence number n and its next wrapped value ( n+2^32) be protected by the same packet protection key. This is unlikely to ever happen due to AEAD limits of at least current ciphers. But I think it would be good to be formally correct here.
I will note that there is duplication of the imprecise requirement in the last paragraph of the seciton too: "Due to the way the nonce is constructed, endpoints MUST NOT use more than 2^32 Connection IDs without a key update."
The text was updated successfully, but these errors were encountered: