target = "https://www.rfc-editor.org/rfc/rfc9001#section-4"

# 4.  Carrying TLS Messages
#
# QUIC carries TLS handshake data in CRYPTO frames, each of which
# consists of a contiguous block of handshake data identified by an
# offset and length.  Those frames are packaged into QUIC packets and
# encrypted under the current encryption level.  As with TLS over TCP,
# once TLS handshake data has been delivered to QUIC, it is QUIC's
# responsibility to deliver it reliably.  Each chunk of data that is
# produced by TLS is associated with the set of keys that TLS is
# currently using.  If QUIC needs to retransmit that data, it MUST use
# the same keys even if TLS has already updated to newer keys.
# 
# Each encryption level corresponds to a packet number space.  The
# packet number space that is used determines the semantics of frames.
# Some frames are prohibited in different packet number spaces; see
# Section 12.5 of [QUIC-TRANSPORT].
# 
# Because packets could be reordered on the wire, QUIC uses the packet
# type to indicate which keys were used to protect a given packet, as
# shown in Table 1.  When packets of different types need to be sent,
# endpoints SHOULD use coalesced packets to send them in the same UDP
# datagram.
# 
#     +=====================+=================+==================+
#     | Packet Type         | Encryption Keys | PN Space         |
#     +=====================+=================+==================+
#     | Initial             | Initial secrets | Initial          |
#     +=====================+-----------------+------------------+
#     | 0-RTT Protected     | 0-RTT           | Application data |
#     +=====================+-----------------+------------------+
#     | Handshake           | Handshake       | Handshake        |
#     +=====================+-----------------+------------------+
#     | Retry               | Retry           | N/A              |
#     +=====================+-----------------+------------------+
#     | Version Negotiation | N/A             | N/A              |
#     +=====================+-----------------+------------------+
#     | Short Header        | 1-RTT           | Application data |
#     +=====================+-----------------+------------------+
# 
#               Table 1: Encryption Keys by Packet Type
# 
# Section 17 of [QUIC-TRANSPORT] shows how packets at the various
# encryption levels fit into the handshake process.

[[spec]]
level = "MUST"
quote = '''
If QUIC needs to retransmit that data, it MUST use
the same keys even if TLS has already updated to newer keys.
'''

[[spec]]
level = "SHOULD"
quote = '''
When packets of different types need to be sent,
endpoints SHOULD use coalesced packets to send them in the same UDP
datagram.
'''