Re: [quicwg/base-drafts] Immediately close with INVALID_TOKEN (#3107)

ianswett <> Tue, 22 October 2019 04:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF986120058 for <>; Mon, 21 Oct 2019 21:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.596
X-Spam-Status: No, score=-1.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Se-UWEtoqwGu for <>; Mon, 21 Oct 2019 21:28:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 98FF712004F for <>; Mon, 21 Oct 2019 21:28:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ohSrabSGpHn90lcJ8XHgi1FuQLQ=; b=e7EhQYT+3gNWlKtp 6+kuZ/ch77Va9rnXTxpTWdTXx3u+gGcJE4ID07uvKLnBjiHzjuywywzXwdJn0RbW KozCyRFom51kHGlMpBj1FGh9Z4UWDpg2ncpV5QuiA+/L/QPcvxo7dBU1TsbXBx2t Bs5vmcNnjmXM/rP4XOWO3vuISKI=
Received: by with SMTP id filter1453p1las1-28144-5DAE75C6-10 2019-10-22 03:21:42.362383201 +0000 UTC m=+363836.112836403
Received: from ( []) by (SG) with ESMTP id La1vkEakSGqBPa0uLJnmZQ for <>; Tue, 22 Oct 2019 03:21:42.229 +0000 (UTC)
Received: from ( []) by (Postfix) with ESMTP id CC822A1170 for <>; Mon, 21 Oct 2019 20:21:36 -0700 (PDT)
Date: Tue, 22 Oct 2019 03:21:42 +0000
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3107/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Immediately close with INVALID_TOKEN (#3107)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dae75c0bd964_20a43f9d842cd95c141363"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2UHbeuTiC25Z3j/6Zikze4vW1LORg79VuCZ1 iNWQtXXhHCoZaEUElivbiAblUNlrwZbhd8mfxnQiB2/++ImocLTSRkHtekGcdi+eD2VCiqfLyMgDg3 HAJHtGtUf50A9/N/+S0hZMBCYcJSBuBW3+TyDMzOtWF4osz+M1SazktS/84b9yk9am5F2y/O7eaml9 E=
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 22 Oct 2019 04:28:17 -0000

ianswett commented on this pull request.

> @@ -1641,6 +1641,14 @@ of connection establishment.  By giving the client a different connection ID to
 use, a server can cause the connection to be routed to a server instance with
 more resources available for new connections.
+If a server receives a client Initial with a unverifiable Retry token,
+it knows the client will not accept another Retry token.  It can either
+proceed with the handshake without verifying the token or immediately close

The server could decide it's not under heavy load and proceed with the handshake, even if the token doesn't constitute address validation.  ie: The token could expire on a shorter timeline than the session ticket/etc, so 0-RTT could succeed, but address validation would fail.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: