Re: [quicwg/base-drafts] Document request forgery (#3996)

David Schinazi <> Mon, 31 August 2020 18:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B2FCA3A1882 for <>; Mon, 31 Aug 2020 11:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DltqlFccrsmW for <>; Mon, 31 Aug 2020 11:33:42 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5785F3A1880 for <>; Mon, 31 Aug 2020 11:33:42 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 95B599000A9 for <>; Mon, 31 Aug 2020 11:33:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1598898821; bh=8UuEdkJptHjgHxqz9jsnP1i1W0K9Zc39FC38L1u7GcU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=YpCZZ5a+c9ZvxEX23AnG4xIk7ThynVrTrz4KABpwGutbRnE5V2bJXT0J5ezdnnnbi DMyq0WKClqeQqR6nflgZKUMuxow6JrkWy6zBTTJrYjeknwuUtURxNSLI+GHYE4ULEi 8QnOLB08M+MsIAJVbGKGGxOmqnQ/yVdQMEO83d2s=
Date: Mon, 31 Aug 2020 11:33:41 -0700
From: David Schinazi <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3996/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Document request forgery (#3996)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f4d428586354_21a71964242696"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 31 Aug 2020 18:33:44 -0000

@DavidSchinazi commented on this pull request.

> +what packets the peer sends and where these packets are sent. If an attacker
+can target a vulnerable service with a controlled payload, that service might
+perform actions that are attributed to the attacker's peer, but decided by the
+For example, cross-site request forgery {{?CSRF=DOI.10.1145/1455770.1455782}}
+exploits on the Web cause a client to issue requests that include authorization
+cookies {{?COOKIE=RFC6265}}, allowing one site access to information and
+actions that are intended to be restricted to a different site.
+As QUIC runs over UDP, the primary attack modality of concern is one where an
+attacker can select the address to which its peer sends UDP datagrams and can
+control some of the unprotected content of those packets. As much of the data
+sent by QUIC endpoints is protected, this includes control over ciphertext. An
+attack is successful if an attacker can cause a peer to send a UDP datagram to
+a host that will perform some action based on content in the datagram.

I'm not trying to shame anyone. I'm trying to ascertain whether this change is the right one: we're worsening the performance of the protocol (by requiring extra round-trips in some scenarios) and if the attack is purely theoretical then we shouldn't do that. Having a concrete example of actual harm would help motivate the performance degradation.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: