Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)

Eric Kinnear <> Sat, 16 November 2019 13:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 88E8D1200B4 for <>; Sat, 16 Nov 2019 05:41:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5k-0mOG3YHlZ for <>; Sat, 16 Nov 2019 05:41:56 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 997B81200FF for <>; Sat, 16 Nov 2019 05:41:56 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id DEA3CC6094D for <>; Sat, 16 Nov 2019 05:41:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1573911715; bh=fVUcqwaJGOKWdIJM0VqE08tEFoVVrGOpvUReBPTq80M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=FI+p8Qj2OBnl5LB5HLmxh/8jl8ONqi8cBzHyjl0ohSq5seGayWT63fs78GGkIc3up BZ9KquQ4T3n7yeaMY2TJ8+Ng3Z2jxT4ifwMPmjzViKy0IzZdMOAz9jKYkAOwaGyueu TOoMPF5s580j4/fa00NX5vs+aO7wsZu44jabcJXE=
Date: Sat, 16 Nov 2019 05:41:55 -0800
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dcffca3d054c_5da03f9066ccd964353478c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Nov 2019 13:42:00 -0000

erickinnear commented on this pull request.

> +
+An active attack ({{?RFC3552}}) involves writing data to the network.  An
+attacker with such a capability might be in a position to additionally prevent
+the original packets it observes from reaching their intended destination.  If
+so, they are considered to be an on-path attacker.
+An active attacker may also choose to rewrite the source or destination IP
+addresses of packets that it forwards or injects. Such spoofing attacks are only
+effective against a QUIC connection if the attacker can still forward the
+contents of the packets to the original endpoint, since QUIC connections are
+both authenticated and encrypted.
+A blind attacker, one who injects packets without being able to observe valid
+packets for a QUIC connection, is unlikely to be successful, since QUIC packet
+protection ensures that valid packets are only generated by endpoints which
+possess the key material established during the handshake.  Similarly, any


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: