Re: [quicwg/base-drafts] Limit RCID state (#3547)

Kazuho Oku <> Thu, 02 April 2020 00:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 60AA83A1585 for <>; Wed, 1 Apr 2020 17:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.696
X-Spam-Status: No, score=-1.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 990ds2bDrkTa for <>; Wed, 1 Apr 2020 17:23:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C03783A1584 for <>; Wed, 1 Apr 2020 17:23:05 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 2169E6A0DFB for <>; Wed, 1 Apr 2020 17:23:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1585786985; bh=yrX/KFzoG1YDyo+V9u2sSG133UgnvLinc3MWeGvFkSA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=J6IAKQxwcPYLETCKBCOtFWwSxsPYXL1q2ZamuZdttEN9Q30jkA10aBOB/7t8m/XqN RoGeQddX+zuTH10QHYXFHQlL29MPdoSlZUAM3J1dM4NsolvWZpxi21eCUEID7hO1LS kX7hlICvtbyuIqKz96QhW+wH6GPj4spjPIcO7V7M=
Date: Wed, 01 Apr 2020 17:23:05 -0700
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3547/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Limit RCID state (#3547)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e85306912afb_65973f8aef6cd96436862"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Apr 2020 00:23:08 -0000

@kazuho commented on this pull request.

> @@ -1069,6 +1069,15 @@ to cease using the connection IDs when requested can result in connection
 failures, as the issuing endpoint might be unable to continue using the
 connection IDs with the active connection.
+An endpoint SHOULD limit the number of outstanding RETIRE_CONNECTION_ID frames
+to bound the necessary state. In order to allow a peer to retire all previously
+issued connection IDs, the limit on the number of outstanding
+RETIRE_CONNECTION_IDs SHOULD be at least the active_connection_id_limit. An

> The endpoint can say "I will only have 10 RCIDs in flight at a time".

Yes. That's possible, but having that limitation does not mitigate the attack.

> So if the peer makes me send 20, it'll take me at least 2 RTTs to resolve. Now obviously it can take longer if I don't have enough cwnd, but that's orthogonal to this and no change to the spec.

The attack is that peer might make you send more than 20 or more. And we need to either provide a guidance on when an endpoint can start leaking retirements or close the connection.

However, the only SHOULD being added in this PR is something unrelated to the attack. And the location of the text gives the false impression that the limit in that sentence is the threshold for mitigating the attack.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: