Re: [quicwg/base-drafts] Why does stateless reset have to be checked after MAC failure (#2152)

MikkelFJ <> Mon, 26 August 2019 11:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1A9BB12004E for <>; Mon, 26 Aug 2019 04:48:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZU3fr5BS1Kst for <>; Mon, 26 Aug 2019 04:48:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6A66A120041 for <>; Mon, 26 Aug 2019 04:48:40 -0700 (PDT)
Date: Mon, 26 Aug 2019 04:48:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1566820120; bh=Riw8LtD9qhS+NNn/ZxWGa4YMQ2Hdus/cVnI9wEBVnMk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=SSy6wTNCnQRBkBhOoK28Exz2Z9S0lTIn10Fv54rc2SXM1GPA5QxxBDjhbS8wnUKmG HzyxNuhrS0jW4tmIkB2zPlIT7svdflVxLfqpkrhGPd88EPJgIDAzbgH39YlhFz8xjk HX0guLXXogK76cyAiExFhYq0BItN+2UxYQ/mIvAk=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2152/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Why does stateless reset have to be checked after MAC failure (#2152)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d63c717b0c52_71a93f9fb28cd96c10575"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Aug 2019 11:48:42 -0000

If you can guarantee that there are only a short list to search, then yes. But it is only per connection ID that list is short, so you need to make the connection ID lookup constant time. You can potentially have much more than 100K connection ids to map. For normal operation you first validate the packet, so here the CID lookup is less critical, but for reset that is not the case. Clearly performing a linear search over all CID's is not viable.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: