Re: [quicwg/base-drafts] clarify the scope of a NEW_TOKEN token (#3156)

MikkelFJ <> Fri, 15 November 2019 08:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A8B8612013F for <>; Fri, 15 Nov 2019 00:56:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3eMGeHoKuBqo for <>; Fri, 15 Nov 2019 00:55:56 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E1BBE120119 for <>; Fri, 15 Nov 2019 00:55:55 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 507981204F9 for <>; Fri, 15 Nov 2019 00:55:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1573808155; bh=8aTm+gYtoega+wBnSVlXptoXvy/C+0602D289IhVKBk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=YzIuSLRHBvksPRkC1qD6d67NafCjwZrJ+/bbuOas8Xh+IWo8MoN/30Q7nOZvsOnlA q0ZT5Z1cOK5mibPs4dOMyLKBF1/o98CfvWPpJeiPvl+fxFs4Dk1uSHa1dXwEkKHUn7 N8GkW9r1Uu7ZpNK1g/LERBxss8flWK6qL/L7MLJ4=
Date: Fri, 15 Nov 2019 00:55:55 -0800
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3156/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] clarify the scope of a NEW_TOKEN token (#3156)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dce681bc7f8_17663fb3ee8cd96c150721c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Nov 2019 08:56:03 -0000

> I'm not sure that this is the right scoping. Consider that NST is explicitly tied just to the server you connected to, not to any server found in the certificate. Why isn't this "same server name"?

Retry is a server controlled method that can be used for various things including client address validation, but also load balancing or redirects to a more local or somehow better service. Requiring these alternative locations to be tightly coupled to the original connection would work against this.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: