Re: [quicwg/base-drafts] Most the Retry-related fixes (#1788)

MikkelFJ <> Sat, 22 September 2018 07:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 51C62130DF2 for <>; Sat, 22 Sep 2018 00:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iUTPbZ5Z-X80 for <>; Sat, 22 Sep 2018 00:17:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 96C7B128CF2 for <>; Sat, 22 Sep 2018 00:17:58 -0700 (PDT)
Date: Sat, 22 Sep 2018 00:17:57 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1537600677; bh=alRONwXfk28ESMqsqj5wXvZsUMjLGk7XXZy01ERQz2A=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=NUMbqtkijjHEFllkbiZJ10ncV44RUX9G2xn6c86wGCaWOqlOBHdAT11yb2UAt0sUQ SXcW5hhDullqHXq88bcK3TFYz2rfI3bLezsZTuBq10HBmKHN4LseBmOXFVR8nrC4iO +5vSykn5S0ntsEbbnqL2Mi++xUJNt5lYrk5GnsSk=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/1788/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Most the Retry-related fixes (#1788)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ba5eca5b7ad4_344c3f86afad45c4312d8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 22 Sep 2018 07:18:00 -0000

mikkelfj commented on this pull request.

-If the Original Destination Connection ID field does not match the Destination
-Connection ID from the most recent Initial packet it sent, clients MUST discard
-the packet.  This prevents an off-path attacker from injecting a Retry packet.
+Clients MUST discard Retry packets that contain an Original Destination
+Connection ID field that does not match the Destination Connection ID its

of its

> @@ -739,9 +742,10 @@ Source Connection IDs during the handshake.
 On first receiving an Initial or Retry packet from the server, the client uses
 the Source Connection ID supplied by the server as the Destination Connection ID
-for subsequent packets.  Once a client has received an Initial packet from the
-server, it MUST discard any packet it receives with a different Source
-Connection ID.
+for subsequent packets.  That means that a client might change the Destination
+Connection ID twice during connection establishment.  Once a client has received

only twice? Is there text to prevent a server from issuing a retry when a retry token is present in initial?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: