Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id C3A9912870E
 for <quic-issues@ietfa.amsl.com>; Mon, 31 Dec 2018 01:25:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.064
X-Spam-Level: 
X-Spam-Status: No, score=-8.064 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001,
 HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5,
 SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=github.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id DXtmmlVkgbZF for <quic-issues@ietfa.amsl.com>;
 Mon, 31 Dec 2018 01:25:07 -0800 (PST)
Received: from out-12.smtp.github.com (out-12.smtp.github.com [192.30.254.195])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id A5F8412875B
 for <quic-issues@ietf.org>; Mon, 31 Dec 2018 01:25:07 -0800 (PST)
Date: Mon, 31 Dec 2018 01:25:07 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
 s=pf2014; t=1546248307;
 bh=KBnMzxfClR0ecXI17SqHH6AklYHv7U8wKUIloxjoL2M=;
 h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
 List-Archive:List-Post:List-Unsubscribe:From;
 b=fytd7lMqwUumbYMCu+7d0AV+3RbXZWzUc7Fw3+EulEotHR9YZ30b84YvETsoWzlmS
 cn8JyL0HiQEv5VOs3Lj8zUAQSkw/bIsyxlIrprvcfJr6ZAvV62hRdRHt+UETNbJRgj
 IWbyLelxEQzIlsPfIlrOOh5DUmqPEXL5GxRdsT7w=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts
 <reply+0166e4ab9c1eb4f504e05446045084248a0da3303f29ffb392cf000000011841a27392a169ce177f0208@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2259/450624307@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2259@github.com>
References: <quicwg/base-drafts/issues/2259@github.com>
Subject: Re: [quicwg/base-drafts] amplification attack using Retry and VN
 triggered by coalesced Initial packets (#2259)
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5c29e073141e4_40383fd72d8d45c0118533f";
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/5X9O9Rol1pT_Xgdk8IUY0vTA1Fo>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG
 <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Dec 2018 09:25:09 -0000


----==_mimepart_5c29e073141e4_40383fd72d8d45c0118533f
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho We already have a MUST requirement for coalesced packets:
> Senders MUST NOT coalesce QUIC packets for different connections into a single UDP datagram. Receivers SHOULD ignore any subsequent packets with a different Destination Connection ID than the first packet in the datagram.

Both requirements cannot be enforced in the sense that the connection is closed. However, they are enforced in the sense that the incorrect packets are dropped, so there's no motivation whatsoever for an endpoint to misbehave.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2259#issuecomment-450624307
----==_mimepart_5c29e073141e4_40383fd72d8d45c0118533f
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><a class=3D"user-mention" data-hovercard-type=3D"user" data-hovercard-=
url=3D"/hovercards?user_id=3D41567" data-octo-click=3D"hovercard-link-cli=
ck" data-octo-dimensions=3D"link_type:self" href=3D"https://github.com/ka=
zuho">@kazuho</a> We already have a MUST requirement for coalesced packet=
s:</p>
<blockquote>
<p>Senders MUST NOT coalesce QUIC packets for different connections into =
a single UDP datagram. Receivers SHOULD ignore any subsequent packets wit=
h a different Destination Connection ID than the first packet in the data=
gram.</p>
</blockquote>
<p>Both requirements cannot be enforced in the sense that the connection =
is closed. However, they are enforced in the sense that the incorrect pac=
kets are dropped, so there's no motivation whatsoever for an endpoint to =
misbehave.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/quic=
wg/base-drafts/issues/2259#issuecomment-450624307">view it on GitHub</a>,=
 or <a href=3D"https://github.com/notifications/unsubscribe-auth/AWbkqyXA=
escXyFIufamyt9ElQoggYyQ1ks5u-dfzgaJpZM4Zh5Ox">mute the thread</a>.<img sr=
c=3D"https://github.com/notifications/beacon/AWbkq4lsUhR3NkhsXAjfxrIO3wRP=
dYjiks5u-dfzgaJpZM4Zh5Ox.gif" height=3D"1" width=3D"1" alt=3D"" /></p>
<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/quicwg/base-drafts","title":"=
quicwg/base-drafts","subtitle":"GitHub repository","main_image_url":"http=
s://github.githubassets.com/images/email/message_cards/header.png","avata=
r_image_url":"https://github.githubassets.com/images/email/message_cards/=
avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/q=
uicwg/base-drafts"}},"updates":{"snippets":[{"icon":"PERSON","message":"@=
marten-seemann in #2259: @kazuho We already have a MUST requirement for c=
oalesced packets:\r\n\u003e Senders MUST NOT coalesce QUIC packets for di=
fferent connections into a single UDP datagram. Receivers SHOULD ignore a=
ny subsequent packets with a different Destination Connection ID than the=
 first packet in the datagram.\r\n\r\nBoth requirements cannot be enforce=
d in the sense that the connection is closed. However, they are enforced =
in the sense that the incorrect packets are dropped, so there's no motiva=
tion whatsoever for an endpoint to misbehave."}],"action":{"name":"View I=
ssue","url":"https://github.com/quicwg/base-drafts/issues/2259#issuecomme=
nt-450624307"}}}</script>
<script type=3D"application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/quicwg/base-drafts/issues/2259#issuecomment=
-450624307",
"url": "https://github.com/quicwg/base-drafts/issues/2259#issuecomment-45=
0624307",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>=

----==_mimepart_5c29e073141e4_40383fd72d8d45c0118533f--