Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)

Kazuho Oku <> Thu, 13 June 2019 00:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E6F6D120018 for <>; Wed, 12 Jun 2019 17:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.008
X-Spam-Status: No, score=-8.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6iiYhdFM1Kl5 for <>; Wed, 12 Jun 2019 17:39:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 164C0120164 for <>; Wed, 12 Jun 2019 17:39:43 -0700 (PDT)
Date: Wed, 12 Jun 2019 17:39:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1560386382; bh=2i1reFuOylFRlg6rUq5pUnnZSIFG9rwmdwEjJSjR65U=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=lkAWDMwYhjM8pxF4VVs7FVkRYImbZSBxlMTivhv3gU2jcX9cQHOS66ahC/99nbx8S xAZOyEO/J7Rr4Bdnmv9zRZs9IWV1eZ3BlNy1hdR2ht9rtm/W9oaSq3rmkIQAGoUpTb 4nL+x5ZH9V2MokL5MWiPly4E+9zj7iAKL9nxjKns=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2785/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d019b4dee865_74d63fe034ecd96c1088d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Jun 2019 00:39:45 -0000

I think what @MikeBishop says is correct.

OTOH, I now think that forbidding reuse of SRT might help the receiver of the stateless resets.

Without the prohibition, when retiring a CID, an endpoint needs to consult other SRTs that have been issued for the same connection to see if it can unregister the SRT corresponding to the CID being retired, or use a ref-counted hashmap for maintaining the mapping from SRTs to connections.

We might argue that this requirement is easy to miss, and hard to test.

Having the prohibition removes this requirement and therefore can be considered as a simplification.

Contrary to that, we might argue that allowing the reuse of SRT has marginal benefit. It is trivial to construct different SRT for each CID, as pointed out by @DavidSchinazi.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: