Re: [quicwg/base-drafts] Be more conservative about migration? (#2143)

ekr <> Thu, 13 December 2018 23:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 00028130EC9 for <>; Thu, 13 Dec 2018 15:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DFsLsn-YH1RX for <>; Thu, 13 Dec 2018 15:45:09 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C2078130EBF for <>; Thu, 13 Dec 2018 15:45:08 -0800 (PST)
Date: Thu, 13 Dec 2018 15:45:07 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1544744707; bh=m0qhS5Wp6ah8cC5e5sDtZiRFzgcs+FKjSgQGua5Kfj4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=arkm9Wz9hlkwBWD/gvj2McoTgg2Hh4zmJfymlWl5Wtnh59GpK3Y+2DdtcHgZvdxwE hBnAfac7EyqVHAmO24xnclNl+ljJLueE2N5B+PH+jQZCR09nyNhQleoYwBvnhP7Mmo zFYapEJM3MIA8uq2vvYHyd0dxr5hu5F1B0k6V3w4=
From: ekr <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2143/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Be more conservative about migration? (#2143)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c12ef03cdef2_6fbf3ff952ed45b41827f1"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Dec 2018 23:45:11 -0000

> Because we [told it to](
> > In response to an apparent migration, endpoints MUST validate the previously active path using a PATH_CHALLENGE frame.

OK. I missed that section. However, I'm not sure how much it changes thing, though. The question is how much impact an on-path attacker can cheaply have (and of course, this goes back to what we claim our security guarantees are). 

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: