[quicwg/base-drafts] f5d2d1: Remove recommendation to not include tokens
Martin Thomson <noreply@github.com> Thu, 10 September 2020 07:16 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF83C3A0F96 for <quic-issues@ietfa.amsl.com>; Thu, 10 Sep 2020 00:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lh5IZ1Tv0Ovo for <quic-issues@ietfa.amsl.com>; Thu, 10 Sep 2020 00:16:16 -0700 (PDT)
Received: from out-25.smtp.github.com (out-25.smtp.github.com [192.30.252.208]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F4F3A0F95 for <quic-issues@ietf.org>; Thu, 10 Sep 2020 00:16:16 -0700 (PDT)
Received: from github-lowworker-0f78100.ash1-iad.github.net (github-lowworker-0f78100.ash1-iad.github.net [10.56.25.48]) by smtp.github.com (Postfix) with ESMTP id 0E8AE840D63 for <quic-issues@ietf.org>; Thu, 10 Sep 2020 00:16:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1599722176; bh=1r0GhVReB3SS83HX39CYSDZyjFnSMZVyAR5LCcYPPvg=; h=Date:From:To:Subject:From; b=NAsyLJhPPop4b+Pho+cgs80qL8oko8Hy1sccM4RPbc8lqmEXkcAqADk2iJiEpNNe1 ebA1BvbEtqqbCLFT3pqCDYIEFjdZlMGWHqdTH2WWnpPkFYzF1W+mcD5+IxzYxzOM48 l8Q3cx4i9BxyKzz+wXsAMVVjZ5MzNQsTek0+mb4o=
Date: Thu, 10 Sep 2020 00:16:15 -0700
From: Martin Thomson <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/remove-new-token-forgery-req/000000-f5d2d1@github.com>
Subject: [quicwg/base-drafts] f5d2d1: Remove recommendation to not include tokens
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/AMD5AWlR46sF90cdJNTpqS0utag>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 07:16:18 -0000
Branch: refs/heads/remove-new-token-forgery-req Home: https://github.com/quicwg/base-drafts Commit: f5d2d1af76d9205883d89dc3fc20963883eb7b1a https://github.com/quicwg/base-drafts/commit/f5d2d1af76d9205883d89dc3fc20963883eb7b1a Author: Martin Thomson <mt@lowentropy.net> Date: 2020-09-10 (Thu, 10 Sep 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Remove recommendation to not include tokens This is another judgment call, but as this wasn't a MUST in the first place, we weren't really preventing an attack. This just removes the recommendation to remove NEW_TOKEN tokens from Initial packets to new server addresses. It leaves the generic guidance, which is far more nuanced. I've added some commentary about the effect of withholding tokens on performance, as it seems like that is worth highlighting here. All in all, this leans more toward saying that request forgery is not the responsibility of QUIC deployments. Closes #4076.
- [quicwg/base-drafts] f5d2d1: Remove recommendatio… Martin Thomson