Re: [quicwg/base-drafts] Clarify padding of INITIAL packets (#3255)

Martin Thomson <> Tue, 19 November 2019 10:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2E02F12086A for <>; Tue, 19 Nov 2019 02:02:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VKADWRB5Ynuj for <>; Tue, 19 Nov 2019 02:02:05 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9FA2B120857 for <>; Tue, 19 Nov 2019 02:02:05 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id EDA476E14B4 for <>; Tue, 19 Nov 2019 02:02:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1574157724; bh=ycLEAj4QjnXbuGokD1r29qZmvEQjDMafMGu43fgdT6E=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=aDIfVmGxY21bylZYu4bddIqqFiwaIKtmagyvcxr6Dvi7BOiHTZes3sY2PmLtRYMA6 mttHHhCJGHveFQHE7h0JIHtiK7+qTVaFWG/v55huMvgv7EPw/UTPkDxtisgWEqU+L6 sLmbyRQqlTm9RvvCiqs/r9VnPJ8FeCSynVRkhU9Y=
Date: Tue, 19 Nov 2019 02:02:04 -0800
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3255/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Clarify padding of INITIAL packets (#3255)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dd3bd9cddfdf_2d13fba248cd96c2828d8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Nov 2019 10:02:07 -0000

For the most part, yes, the second flight is generally sent with some evidence that the return address is live, however we can't guarantee that the second flight carries sufficient entropy.

For instance, HelloRetryRequest causes a second flight that still requires anti-amplification.

Initial packets with acknowledgments in the second flight might still require padding in the case that the client isn't able to send Handshake packets (which can happen when you have a partial server flight).

In the end, this is just simpler.  I would be sad if intermediaries were to "enforce" MUSTs from QUIC.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: