Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Forbid the sender from sending redundant update_requested KeyUpdates #1343

Merged
merged 2 commits into from
Jul 7, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions draft-ietf-tls-rfc8446bis.md
Original file line number Diff line number Diff line change
Expand Up @@ -3566,10 +3566,15 @@ send a KeyUpdate of its own with request_update set to "update_not_requested" pr
to sending its next Application Data record. This mechanism allows either side to force an update to the
entire connection, but causes an implementation which
receives multiple KeyUpdates while it is silent to respond with
a single update. Note that implementations may receive an arbitrary
a single update. Until receiving a subsequent KeyUpdate from the peer, the
sender MUST NOT send another KeyUpdate with request_update set to
"update_requested".

Note that implementations may receive an arbitrary
number of messages between sending a KeyUpdate with request_update set
to "update_requested" and receiving the
peer's KeyUpdate, because those messages may already be in flight.
peer's KeyUpdate, including unrelated KeyUpdates, because those messages may
already be in flight.
However, because send and receive keys are derived from independent
traffic secrets, retaining the receive traffic secret does not threaten
the forward secrecy of data sent before the sender changed keys.
Expand Down
Loading