Re: [quicwg/base-drafts] Stateless reset comparisons (constant time/any order/datagram) (#2993)

Martin Thomson <> Wed, 16 October 2019 21:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C6C0C120823 for <>; Wed, 16 Oct 2019 14:26:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id e1Kwa6AqrsrR for <>; Wed, 16 Oct 2019 14:26:09 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AEC1F1201EF for <>; Wed, 16 Oct 2019 14:26:09 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 06C638C03AF for <>; Wed, 16 Oct 2019 14:26:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1571261169; bh=gKpUBZGmJvPKFdkD5B09xkto/O9R2OA0+lwie2Rrho0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=h8UtHZ7X5Pb3P73EpbEF8RFxDI/e9veo5fyIBpqkxaMrGxGI0I6LXQTMGl+7FrI/L hgNSVW3aSMMf7nm8A96bJaatJsIEZ4/+OWETZoBk3SNdyXvlkTtqVjbcAUrF1k04wa HL2aVsPb9JEMwmB/jP6McKe/CkiJPfrheGu31ilE=
Date: Wed, 16 Oct 2019 14:26:08 -0700
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2993/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Stateless reset comparisons (constant time/any order/datagram) (#2993)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5da78af0eb8e0_35213fb0108cd96c1381ad"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Oct 2019 21:26:12 -0000

martinthomson commented on this pull request.

> -If the last 16 bytes of the packet values are identical to a Stateless Reset
+An endpoint detects a potential stateless reset using the trailing 16 bytes of
+the UDP datagram.  An endpoint remembers all Stateless Reset Tokens associated
+with the connection IDs and remote addresses for datagrams it has recently sent.
+This includes Stateless Reset Tokens from NEW_CONNECTION_ID frames and the
+server's transport parameters but excludes Stateless Reset Tokens associated
+with connection IDs that are either unused or retired.  The endpoint identifies
+a received datagram as a stateless reset by comparing the last 16 bytes of the
+datagram with all Stateless Reset Tokens associated with the remote address on
+which the datagram was received.
+This comparison can be performed for every inbound datagram.  Endpoints MAY skip
+this check if any packet from a datagram is successfully processed.  However,
+the comparison MUST be performed when the first packet in an incoming datagram
+either cannot be associated with a connection, cannot be decrypted, or carries
+a duplicate packet number.

Yeah, I just worked through it and this is negatively good, because it implies that you have an early exit from the packet protection removal code.  That wouldn't be constant time in any way.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: