Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)

Eric Kinnear <> Sat, 16 November 2019 13:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8E385120132 for <>; Sat, 16 Nov 2019 05:41:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KObWbueNs-5S for <>; Sat, 16 Nov 2019 05:41:42 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9CE8C1200B4 for <>; Sat, 16 Nov 2019 05:41:42 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id C76BE6A0085 for <>; Sat, 16 Nov 2019 05:41:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1573911701; bh=ffDLIwrCa02IoH76H/aIy6vhDkMjE/yL9Na/DX8Yuoo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZVZ09AISrDhJon4mmoBebkFGQkM2bL39BzgxP9cDu8hbkm2iM9m/FT6/R76DNYlXq 8UPs9qDlUwMsTYvjdMU7G4gB7WtLpZfEEUiPHoxMrQkVB2gaGBjDUmWWHBr31EWsBi UI7QIGvho29SbxyrTTjbKQGaB2GdeAVDut+rf3xA=
Date: Sat, 16 Nov 2019 05:41:41 -0800
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dcffc95b7d31_5ebd3fa9408cd95c584678"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Nov 2019 13:41:45 -0000

erickinnear commented on this pull request.

> +
+However, an attacker can modify the boundaries between QUIC packets and UDP
+datagrams, causing multiple packets to be coalesced into a single datagram, or
+splitting coalesced packets into multiple datagrams.  Such modification has no
+functional effect on a QUIC connection, however it might change the performance
+characteristics exhibited by the receiving endpoint.
+A spoofing attack, in which an attacker rewrites unprotected parts of a QUIC
+packet such as the source or destination address, is only effective if the
+attacker can forward packets to the original endpoint, as path validation
+({{migrate-validate}}) ensures that an endpoint's ability and willingness to
+decrypt QUIC packets is demonstrated before sending significant amounts of data
+to a new endpoint as part of an established QUIC connection.
+##### On-Path Active Attacks

Moved, trimmed out the duplication, now at the top of the entire section and provides the definitions for the whole thing. Then the sections below move up one and are how those definitions, etc. apply to migration. Much better now -- thanks!

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: