target = "https://www.rfc-editor.org/rfc/rfc9001#section-4.9.1"

# 4.9.1.  Discarding Initial Keys
#
# Packets protected with Initial secrets (Section 5.2) are not
# authenticated, meaning that an attacker could spoof packets with the
# intent to disrupt a connection.  To limit these attacks, Initial
# packet protection keys are discarded more aggressively than other
# keys.
# 
# The successful use of Handshake packets indicates that no more
# Initial packets need to be exchanged, as these keys can only be
# produced after receiving all CRYPTO frames from Initial packets.
# Thus, a client MUST discard Initial keys when it first sends a
# Handshake packet and a server MUST discard Initial keys when it first
# successfully processes a Handshake packet.  Endpoints MUST NOT send
# Initial packets after this point.
# 
# This results in abandoning loss recovery state for the Initial
# encryption level and ignoring any outstanding Initial packets.

[[spec]]
level = "MUST"
quote = '''
Thus, a client MUST discard Initial keys when it first sends a
Handshake packet and a server MUST discard Initial keys when it first
successfully processes a Handshake packet.
'''

[[spec]]
level = "MUST"
quote = '''
Thus, a client MUST discard Initial keys when it first sends a
Handshake packet and a server MUST discard Initial keys when it first
successfully processes a Handshake packet.
'''

[[spec]]
level = "MUST"
quote = '''
Endpoints MUST NOT send
Initial packets after this point.
'''