Re: [quicwg/base-drafts] Lift single-packet ClientHello requirement? (#2928)

Nick Banks <> Tue, 23 July 2019 20:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 997BB120910 for <>; Tue, 23 Jul 2019 13:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bktQd0PYgg9d for <>; Tue, 23 Jul 2019 13:21:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DD15F120352 for <>; Tue, 23 Jul 2019 13:21:33 -0700 (PDT)
Date: Tue, 23 Jul 2019 13:21:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1563913292; bh=OEPAOpGoEMKvpKqEhOnF6HM41+VY13sVgLDi2+qL2BQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=qAraRLqDrjPMo7PHVqe+rZ2hm3y4AbW97ni2GOGZLxdvmxYV915E5ZX1zq9Oj9r6h kGh+2gnfodK7Qli6Eyl14Bo7rb7kaGuORU+/pSJcFiUDv2CnWNSNXH/vMTm8UDqd0B QxQOaCI/LwlNsuVH10EaEANdwFO4Z+0TET1UC7J0=
From: Nick Banks <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2928/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Lift single-packet ClientHello requirement? (#2928)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d376c4cba2c3_46fc3ff9630cd964826639"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 23 Jul 2019 20:21:36 -0000

If we did allow for multiple packets for the ClientHello, I'd still want to retain the ability to decide whether or not to accept the incoming connection from every one of those initial packets. This would mean things like ALPN and SNI would need to be duplicated in each packet. I wouldn't want to accept a design where an attacker forces the server to buffer packets while it wait for the necessary information just to decided if it can accept the connection. IMO, this sounds like a v2 feature. Does this prevent us from shipping v1?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: