Return-Path: X-Original-To: quic-issues@ietfa.amsl.com Delivered-To: quic-issues@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 788D4124BE5 for ; Wed, 27 Jun 2018 14:19:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.01 X-Spam-Level: X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWa9JoGAff8O for ; Wed, 27 Jun 2018 14:19:41 -0700 (PDT) Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F885130E2A for ; Wed, 27 Jun 2018 14:19:41 -0700 (PDT) Date: Wed, 27 Jun 2018 14:19:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530134380; bh=y0u1rvXWddlbEhTg4mclL6iDBQOPXkt6wMHRZevm/UI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=g42Kll3qxJvhbdqPyCcEiAmmI9qOpDP3dBIY+KIVUmSzcWJAPlvQfAjOLqh9hxWDY KqXJ6o+3lk+xwyOxK5acZPUjYakYOaBGugIpkdf0viJNpySKRONv8ideBe4DHJtofm eNYF+DL5FVkNNOVBzOqumpjO2Ze1THbL3Iszs/R8= From: ianswett Reply-To: quicwg/base-drafts To: quicwg/base-drafts Cc: Subscribed Message-ID: In-Reply-To: References: Subject: Re: [quicwg/base-drafts] Don't Change Source CID After Retry (#1491) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5b33ff6c44c15_12913f928a7fef843327"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: ianswett X-GitHub-Recipient: quic-issues X-GitHub-Reason: subscribed X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: quic-issues@ietf.org Archived-At: X-BeenThere: quic-issues@ietf.org X-Mailman-Version: 2.1.26 List-Id: Notification list for GitHub issues related to the QUIC WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2018 21:19:44 -0000 ----==_mimepart_5b33ff6c44c15_12913f928a7fef843327 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ianswett commented on this pull request. Agreed, MUST NOT > @@ -633,7 +633,11 @@ If the client received a Retry packet from the server and sends an Initial packet in response, then it sets the Destination Connection ID to the value from the Source Connection ID in the Retry packet. Changing Destination Connection ID also results in a change to the keys used to protect the Initial packet. It also -sets the Token field to the token provided in the Retry. +sets the Token field to the token provided in the Retry. Additionally, the +client SHOULD NOT change the Source Connection ID because the server may include +the connection ID as part of its token validation logic. If the client changes +the Source Connection ID in this case, it would likely trigger a new Retry to be nit: would likely -> could > @@ -633,7 +633,11 @@ If the client received a Retry packet from the server and sends an Initial packet in response, then it sets the Destination Connection ID to the value from the Source Connection ID in the Retry packet. Changing Destination Connection ID also results in a change to the keys used to protect the Initial packet. It also -sets the Token field to the token provided in the Retry. +sets the Token field to the token provided in the Retry. Additionally, the +client SHOULD NOT change the Source Connection ID because the server may include MUST NOT -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/1491#pullrequestreview-132613045 ----==_mimepart_5b33ff6c44c15_12913f928a7fef843327 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@ianswett commented on this pull request.

Agreed, MUST NOT

In draft-ietf-quic-transport.md:

> @@ -633,7 +633,11 @@ If the client received a Retry packet from the server and sends an Initial
 packet in response, then it sets the Destination Connection ID to the value from
 the Source Connection ID in the Retry packet. Changing Destination Connection ID
 also results in a change to the keys used to protect the Initial packet. It also
-sets the Token field to the token provided in the Retry.
+sets the Token field to the token provided in the Retry. Additionally, the
+client SHOULD NOT change the Source Connection ID because the server may include
+the connection ID as part of its token validation logic. If the client changes
+the Source Connection ID in this case, it would likely trigger a new Retry to be

nit: would likely -> could

In draft-ietf-quic-transport.md:

> @@ -633,7 +633,11 @@ If the client received a Retry packet from the server and sends an Initial
 packet in response, then it sets the Destination Connection ID to the value from
 the Source Connection ID in the Retry packet. Changing Destination Connection ID
 also results in a change to the keys used to protect the Initial packet. It also
-sets the Token field to the token provided in the Retry.
+sets the Token field to the token provided in the Retry. Additionally, the
+client SHOULD NOT change the Source Connection ID because the server may include

MUST NOT


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5b33ff6c44c15_12913f928a7fef843327--