Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)

janaiyengar <> Tue, 04 December 2018 02:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E3041130E58 for <>; Mon, 3 Dec 2018 18:03:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nMZFqd58v5mT for <>; Mon, 3 Dec 2018 18:03:24 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E7FE0130E02 for <>; Mon, 3 Dec 2018 18:03:23 -0800 (PST)
Date: Mon, 03 Dec 2018 18:03:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1543889003; bh=EEMcqrYg7f9LrWYTeHvGTKyt8/Ysg8QawTvAWIgOYVs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=iZDUgssPrBybkkRaGWClkVh3YDgmT+XnsTA6BcIDyuFc5zUwvC7tL5OtXLWj6C6ab JQ8hciRd0y6+f2f39TmC2GwQSZKgdnTTrINWQQit21IzHXKa6kNou8G+3AM4Ew5M0u P/2xnv+oqyECGQWbcn3tS3ahN5sAbFCl7eCkrUkQ=
From: janaiyengar <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2064/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c05e06b206df_27c23f879eed45bc21248a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Dec 2018 02:03:37 -0000

@huitema: I like the rephrase you suggest ([here]( I might make a minor change:
Attackers could replay tokens to use servers as amplifiers in DDoS attacks. To protect against such attacks, servers SHOULD ensure that tokens have a short life time.  Servers that are able to should ensure that tokens are used by clients only once.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: