Re: [quicwg/base-drafts] NEW_TOKEN contains globally unique values (#3281)

Martin Thomson <> Tue, 10 December 2019 04:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55B0D120115 for <>; Mon, 9 Dec 2019 20:03:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eytcDkP1A7ku for <>; Mon, 9 Dec 2019 20:03:55 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CD1F3120114 for <>; Mon, 9 Dec 2019 20:03:54 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 2AFB1520189 for <>; Mon, 9 Dec 2019 20:03:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1575950634; bh=Y3g/lfYrSc2s91uTujSQbEH2Yk7qY+KJQKr/Wy0t1XA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=yc84WXbjQIVyAjAKTmMDr/8VpnAvA/dFzRwe/dOzED+soFbImQMWqZ21DvOkEzaMO WdlqrKs2/vzsCByppUQd5iZ5px9rSGU0m+DTq7+mThxq5qqdiwYbolzkANzNRKLPPy LQVKeCmW3TKlRMPB3yUfKqRwMGv3NrfYjP5afb50=
Date: Mon, 09 Dec 2019 20:03:54 -0800
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3281/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] NEW_TOKEN contains globally unique values (#3281)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5def192a1b39a_bba3fdde78cd96c1241d2"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Dec 2019 04:03:57 -0000

martinthomson commented on this pull request.

> @@ -1719,9 +1719,11 @@ encrypted form in the token.
 A token issued with NEW_TOKEN MUST NOT include information that would allow
 values to be linked by an on-path observer to the connection on which it was
 issued, unless the values are encrypted.  For example, it cannot include the
-previous connection ID or addressing information.  Information that allows the
-server to distinguish between tokens from Retry and NEW_TOKEN MAY be accessible
-to entities other than the server.
+previous connection ID or addressing information.  Each NEW_TOKEN frame MUST
+be unique among all connections to that server, unless the frame is sent to

No, there is no obligation to check.  Do you think that we need to say as much?

The client should only see duplicates if there is a spurious loss detected by the server.

I like your suggested text and will use that.  The duplicate detection is already described on [line 5073](

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: