Re: [quicwg/base-drafts] Clarify Actions on nonzero Reserved Bits (#2280)

martinduke <> Thu, 10 January 2019 16:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BDC1E130DE7 for <>; Thu, 10 Jan 2019 08:11:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.553
X-Spam-Status: No, score=-7.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ggp9gf4Vewa0 for <>; Thu, 10 Jan 2019 08:11:54 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 187A9126CB6 for <>; Thu, 10 Jan 2019 08:11:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=JhD+/npj6bEiOXhUjXAGdAeECps=; b=YXJFu8Eobrb3Rp/d DgrcratTM1mRtlNYTnqp+rM1Gt500jw9fvfdQjJHT98M9S/8WOWb01ppEoDmmcxa I07s69jNUDxMOdOrhAa0eaivZZ6ptfKHyxfJPjZV6ySoqcYghUh0ma+2eGwwEwhd eanFchTGLxbowRe6pVj6YtqhrA0=
Received: by with SMTP id filter1715p1mdw1-21576-5C376EC8-1B 2019-01-10 16:11:52.476356056 +0000 UTC m=+224823.497288493
Received: from (unknown []) by (SG) with ESMTP id Cw1X0flTQKaKg3BDx9cpWw for <>; Thu, 10 Jan 2019 16:11:52.574 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTP id 896C580050 for <>; Thu, 10 Jan 2019 08:11:52 -0800 (PST)
Date: Thu, 10 Jan 2019 16:11:52 +0000
From: martinduke <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2280/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Clarify Actions on nonzero Reserved Bits (#2280)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c376ec887d07_16803fc8a92d45b8240223"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0zsDGRXScq6ZIT3KQFqYQ8z73jtu/XYFdMs/ p7WIoc00CzPOUKgz97Gd6GtmyzzK96yF3D9Pli+/KxfeNG0QhKl+EJZhs2XRPAd7cuO+A4zHsQ7955 YgBx+Nl3IFTFVAnkkU5YxK8A64sFgxZ065eh+crXPms50zRWXtn9kK/fbkR5sx/O6ueF5qZjaiiEbL g=
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Jan 2019 16:11:56 -0000

@ianswett My previous reply was too glib. One problem with applying the check right after removing header protection is that the consequences are a connection error -- so a garbage packet has a 3 in 4 chance of taking down the connection.

There are three equilbria here:
1) Simply discard the packet after header protection. As @marten-seemann pointed out, it's not clear why this would provide any sort of intelligence to an attacker, as there is no response.
2) After packet protection, it's a PROTOCOL_VIOLATION. This is the current state of the draft with this PR serving to clarify a bit.
3) Not having any requirement for the reserved bits. There is a difference in opinion over whether this is a side channel issue or not, or if this should be done only with some sort of negotiation. I'm not the one to articulate this positon.

Which is all to say that I should have taken @martinthomson 's advice a week ago and filed and issue.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: