Deleting old stuff seems arbitrary

GrumpyOldTroll / draft-jholland-quic-multicast

Work in progress to propose a multicast extension to quic.

Other

6 stars 6 forks source link

Deleting old stuff seems arbitrary #92

Open LPardue opened 2 years ago

LPardue commented 2 years ago

Section 10.2 says

Clients MUST delete old secrets within 10 seconds after receiving a new key, and within 3 seconds after receiving a new key and not receiving any data traffic decrypted with the old key.

My first question is why is it a MUST. My second question is why these values?

Since this is a client behaviour that is hard for the peer to enforce, it would help to explain the rational behind these requirements so that implementations Do the Right Thing.

GrumpyOldTroll commented 2 years ago

The MUST delete is for forward secrecy. Like in TLS, if all clients have deleted all keys, the key exposure footprint is reduced to only what's necessary.

The time choices are arbitrary, yes. I wanted something in there, but I don't have a principled answer for what they should be. It's possible that these should be server-advertised values instead of a client-side constant, but I'd expect for most practical purposes a time-based hard limit will suffice.

Maybe we should add this to the list of things we hope to learn by making this experimental, like the congestion control handwaviness?

LPardue commented 1 year ago

yep sounds all good