Joining TCP connection [precisions]

[frochet]

"New Token" should be an Encrypted TLS Extension (encrypted with the hanshake key if received in the initial handshake) or a TCPLS CONTROL frame if received post handshake.

[mpiraux]

New Token is a frame currently, is that unclear? Providing the tokens to the client through a TLS Extension is an interesting idea to dig when we have a bit more time. I have a couple of questions I can't answer quickly enough:

• It's happening before the handshake is complete, is that a problem?
• What happens if the handshake fails down the line?
• Can we build an oracle based on the token we observe? It's seems a bit easier to do as we don't pay the price of the full handshake

Most of them can be non-issues, I just can wrap my head around them just now.

[frochet]

It's happening before the handshake is complete, is that a problem?

I think yes. It should be a TLS Encrypted Extension from the Server or it would not be compliant with TLS 1.3 protocol specs; which means potential middlebox issues, like those amazing cisco firewall that believe anything they don't understand is evil. The notion of what they understand may range from "This is an Encrypted Extension number I never saw, must be a skilled h4k3r, better block this!" to "Uh. This is not an Encrypted Extension from the server's response? qslkdfjqdsf what's my name again?"

We may also use New Token as a TCPLS frame as well post handshake (and should!). Basically this kind of message should be both: a TLS Encrypted Extension and a TCPLS frame we use with the right format in the right context