Re: [quicwg/base-drafts] Attacks Against Address Migration (#2582)

Mike Bishop <> Thu, 18 April 2019 23:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4ED4C120112 for <>; Thu, 18 Apr 2019 16:08:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sJ_vEd7xHXdB for <>; Thu, 18 Apr 2019 16:08:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 48DD01200FE for <>; Thu, 18 Apr 2019 16:08:34 -0700 (PDT)
Date: Thu, 18 Apr 2019 16:08:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1555628913; bh=w08aSvN/sJbcUuUtH5jlxFRRcdVrKvLMo7bEdvpeJN4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ych8TwcTWx3jaR1PF77x2sV5TExXG/oqK1u7OvLJlgpZ5GMJk58HKO6dBfRgrb01X 4NSnLLKzcvYCBSo90khjlY9x7cAqOr0Uo/UObQLHyeiaPWbpiGVYrmy+XcsS+r02gY pPhj5CP5Gg5aDfngjxTk43OjSbjGptZDO1aCJsNg=
From: Mike Bishop <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2582/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Attacks Against Address Migration (#2582)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cb9037130d67_348d3fc24eecd95c33235f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 18 Apr 2019 23:08:36 -0000

I think the attacker's ability to do this argues for ignoring PATH_RESPONSE frames that mismatch rather than actively considering the validation to have failed; we added that text already:

> Note that receipt on a different local address does not result in path validation failure, as it might be a result of a forwarded packet (see Section 9.3.3) or misrouting. It is possible that a valid PATH_RESPONSE might be received in the future.

This text perhaps needs to be broadened to talk about both source and destination address rather than simply "local address."

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: