Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)

Marten Seemann <notifications@github.com> Mon, 31 December 2018 09:25 UTC

Date: Mon, 31 Dec 2018 01:25:07 -0800
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9c1eb4f504e05446045084248a0da3303f29ffb392cf000000011841a27392a169ce177f0208@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2259/450624307@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2259@github.com>
References: <quicwg/base-drafts/issues/2259@github.com>
Subject: Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c29e073141e4_40383fd72d8d45c0118533f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/5X9O9Rol1pT_Xgdk8IUY0vTA1Fo>

@kazuho We already have a MUST requirement for coalesced packets:
> Senders MUST NOT coalesce QUIC packets for different connections into a single UDP datagram. Receivers SHOULD ignore any subsequent packets with a different Destination Connection ID than the first packet in the datagram.

Both requirements cannot be enforced in the sense that the connection is closed. However, they are enforced in the sense that the incorrect packets are dropped, so there's no motivation whatsoever for an endpoint to misbehave.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2259#issuecomment-450624307

[quicwg/base-drafts] amplification attack using R… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Dmitri Tikhonov
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Martin Thomson
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… janaiyengar
Re: [quicwg/base-drafts] amplification attack usi… janaiyengar