Why be frugal with MC_KEY?

GrumpyOldTroll / draft-jholland-quic-multicast

Work in progress to propose a multicast extension to quic.

Other

6 stars 6 forks source link

Why be frugal with MC_KEY? #93

Open LPardue opened 2 years ago

LPardue commented 2 years ago

Section 10.2 says:

A server SHOULD NOT send MC_KEY frames for channels except those the client has joined or will be imminently asked to join.

That sounds sensible but my question is, why shouldn't they? If they ignore the recommendation, what can go wrong?

GrumpyOldTroll commented 2 years ago

Good point, thanks. I think the answer is "principle of least trust" from RFC 4949, which in this instance tells us we should not deliberately leak keys to clients that don't need them, as that would increase the key exposure footprint unnecessarily.