Re: [quicwg/base-drafts] Be more conservative about migration? (#2143)

Martin Thomson <> Wed, 30 January 2019 05:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6721313117A for <>; Tue, 29 Jan 2019 21:16:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sAv34pXuNnHb for <>; Tue, 29 Jan 2019 21:16:15 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 97E7013117C for <>; Tue, 29 Jan 2019 21:16:15 -0800 (PST)
Date: Tue, 29 Jan 2019 21:16:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1548825374; bh=wSTc1lDYkrh5rzvupNLDkM/WVQ3xEDvCDxKtSA9u/R4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=zV9pkEKcjyrJDApEN4FQe9B9Hhyz+lg0oJDHkofwcTy2873ZQcU2ApAIQMqyv2BEk wMXmH+rjelGU8XNLE9Ib9KSYug9zrZvGSaF/Zs879L9xbD4Di3o8in/biFlIT96WbV S/CzcKrPPR0ZJf0vcO1IKl3utO5d+fpnFOJEBcXk=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2143/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Be more conservative about migration? (#2143)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c51331eaabdd_67613fe84ccd45b42597b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Jan 2019 05:16:17 -0000

Proposal from Tokyo:

Endpoints MUST validate new paths before using them.  In reaction to a migration they MUST continue using the old path until they receive new non-probing packets on the new path AND validation of that path is complete.  

Research question: Allow an exception in the case that the rebinding appears to be a NAT rebinding.  Heuristics are necessary here: e.g., a port-only change after a period of inactivity.  If we adopt the strict requirement, but learn that we get a lot of hitches from apparent migration, then we can find a way to relax the requirement.  If we allow this exception, then we have to address the problem of what to do when there are multiple such changes in a short period.  ==> Open this as an issue to track the research question.

Otherwise, eliminate the distinction between IP and port changes and just say "address change".

Stricter rules would close off the ability for an attacker to force a connection into a non-functioning state, even if that state is temporary.  The cost is that migration can result in a delay of a round trip or more.

(We might also want to know more about the severity of the attack.)

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: