Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)

Eric Kinnear <> Sat, 16 November 2019 12:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 492991200F4 for <>; Sat, 16 Nov 2019 04:50:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P4KPOADCcvJB for <>; Sat, 16 Nov 2019 04:50:03 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 67AC81200B4 for <>; Sat, 16 Nov 2019 04:50:03 -0800 (PST)
Date: Sat, 16 Nov 2019 04:50:02 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1573908602; bh=r429DS88wBBGXM0yFbZ3aI4Jea/XKaPlQgwsPKpLGlA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=pAw3DDCGen5sv4pqeGW8iufKlOMGeTH8MGNtHzeUDRv87txeY97/UGlsI7OOXQCIF rJXM53gHSGQ8Iqc8emuGI76OPqcHaYnIQy2vGIjK5LRrfj1sDhNCE1S63cgBWON1F8 k/p5CphHvShl/1cP0sZK4mIQVm24G9RLjSys3RBg=
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dcff07a76c17_346d3fde326cd9642708e3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Nov 2019 12:50:05 -0000

erickinnear commented on this pull request.

> +A limited on-path attacker differs from an on-path attacker in that it is not on
+the original path between endpoints, and therefore the original packets sent by
+an endpoint are still reaching their destination.  This means that a future
+failure to route copied packets to the destination faster than their original
+path will not prevent the original packets from reaching the destination.
+A limited on-path attacker can:
+- Inspect packets
+- Inject new packets
+- Modify unencrypted packet headers
+- Reorder packets
+A limited on-path attacker cannot:
+- Delay packets beyond the original packet duration

Fixed in 70dac1d

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: