Re: [quicwg/base-drafts] Does a Retry really need to change the CID? (#2837)

Mike Bishop <> Tue, 25 June 2019 17:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B2D60120AA1 for <>; Tue, 25 Jun 2019 10:51:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pFst-Nxj-7hQ for <>; Tue, 25 Jun 2019 10:51:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EA838120A9D for <>; Tue, 25 Jun 2019 10:51:02 -0700 (PDT)
Date: Tue, 25 Jun 2019 10:51:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1561485061; bh=1HCwud6XxwTIlLQnmFaws7t4EZXEzfJOvyoLmRjz9wQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=uzzMMg8K29lQAhS3dcSYHLWg5lZ/IU7TXJvjaPAeeJuz99Jl++0TUdkZYAXdO4wJE 1dRHGsHn6uftNQCmZGFXqvPTBpCpcCqEdcvUmdR0HsKVlCuaAXny0KZgpnxLNpoZEw SSmP4tAK2MD9cnURsaHPRETV9J3FcEvrOthuCy3s=
From: Mike Bishop <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2837/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Does a Retry really need to change the CID? (#2837)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d125f05796d8_557d3fe57aacd95c697a2"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Jun 2019 17:51:08 -0000

Consider the case where:
- Client sends Initial packet 0, no token, DCID A
- Client times out the Initial packet and sends Initial packet 1, no token, DCID A
- Client receives a Retry with ODCID = SCID = A.
- Client sends Initial packet 2, with token from Retry, DCID A
- Client receives a Retry with ODCID = SCID = A.

Is this Retry a response to packet 1 from a stateless server with a high RTT, or a prohibited second Retry in response to packet 2?  If packet 2 carries a different DCID, the client can tell by inspecting the ODCID field in the Retry packet.  If packet 2 uses the same DCID as packets 0-1, it can't tell.

Requiring a change allows the client to determine that the server isn't misbehaving in this case.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: