Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)

Martin Thomson <> Mon, 11 May 2020 22:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D53383A0D7F for <>; Mon, 11 May 2020 15:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.652
X-Spam-Status: No, score=-1.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.173, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OOigkDqGdrpG for <>; Mon, 11 May 2020 15:56:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 87CD23A0C3E for <>; Mon, 11 May 2020 15:56:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 973861C0B09 for <>; Mon, 11 May 2020 15:56:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1589237811; bh=y9wjP9C5bZA2GaLLsEJhVuwPZjwKwi7euPkesGEeXW4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rxEjmc7dI7wIWppdhazEdLtc+ow9wTDhXBL2E/l085yMRTordipPnOi9tM7PkQ221 hF+0724KJcsR21rdKGPlCdYXMMblYXRfwsFXQ40r2HsU5NI+x3vcvc5x6VO2I0Vrq+ 74B83yO4Qq4tn8CYwY17epkyeTlrd7OtvdDym4WQ=
Date: Mon, 11 May 2020 15:56:51 -0700
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3499/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5eb9d83386f48_188f3fb2efecd95c184918"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 May 2020 22:56:54 -0000

@martinduke, if the attacker modifies the SCID in an Initial that ultimately causes a Retry to be sent, that doesn't affect the final state in any way, so there is no harm done.

The reason we authenticate the DCID on that packet in the way we do is to verify that the the server is cooperating with the entity that generated the Retry token.  Also, the client-chosen DCID value might persist as the server could use that value to determine its choice of connection ID.  The client can't change its mind, so authenticating a single value is enough.

That said, I will take on advisement that we don't require that the client doesn't change its connection ID.  Issue inbound.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: