Re: [quicwg/base-drafts] rate-limiting of CID issuance needs to be allowed (#2436)

Martin Thomson <> Fri, 08 February 2019 09:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 99EE71288BD for <>; Fri, 8 Feb 2019 01:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Oot4nbfviP3w for <>; Fri, 8 Feb 2019 01:13:29 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 09B5C126F72 for <>; Fri, 8 Feb 2019 01:13:28 -0800 (PST)
Date: Fri, 08 Feb 2019 01:13:28 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1549617208; bh=WSzVC6sHIW6OU09J+5kU32wOe5enzcm26vZkuyNzpLg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=V6Qh9qwkvTtTiJIrFxLXER+k1uK2l8Q4D5VAjQpUOl2YRSNKy6ixA0fnQAe6pXwXf 9Yv/1GMMVjd7ON9XQS6Dk52t+QWxWtmmGuWkzNnRex0FfY+CB1TRPMYW+GvhpGevKP vSSBI6jJ4I9uEvtSfYnZgbP4wkUEHSPATxgF+Wpw=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2436/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] rate-limiting of CID issuance needs to be allowed (#2436)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5d483845e3_41673f8a63ed45b81738d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Feb 2019 09:13:31 -0000

Those are not scary numbers.  It almost fits into the smallest possible connection ID.

Keep in mind that you really don't want to reuse values: if you reuse values over that period, you risk reusing a value for which a stateless reset was sent.  That might increase the number a little.

With 100,000 active connections per server in a 1000 server cluster issuing 16 connection IDs per second for each connection (which is a very high rate, but you have to allow for those connections being new ones), you need 47 bits worth of space if you don't want to repeat once a day.  Add 3 for a week's worth of key identifier and that's 50 bits.  That's still short of the 64 bits that gQUIC had for connection IDs.  If you want to assign randomly, you can do that with 100 bits and avoid the birthday paradox.

The numbers seem to play out nicely.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: