Re: [quicwg/base-drafts] Most the Retry-related fixes (#1788)

Martin Thomson <> Sun, 23 September 2018 16:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3B1BE130DE3 for <>; Sun, 23 Sep 2018 09:19:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Gp4kztt7sHTB for <>; Sun, 23 Sep 2018 09:19:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B1F78130DC0 for <>; Sun, 23 Sep 2018 09:19:46 -0700 (PDT)
Date: Sun, 23 Sep 2018 09:19:45 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1537719585; bh=4mkBwLYnG00tUrRMJkFsFRfj8c06J2Ap5ZqWb0q5DOA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=l9Tudg4FotpZKev52u4IVjttydLGQ3JNoYIyF+Uq5qmtWyKS0yaXsDu+YMXvKOtmP rfj9W7J/KKpELEI69Myr+0JRxcD+I4QPE8bIj7W/E9+g8jMDqorDsBp7SP8Y3hbNwH yH/cFzBTEwnZBvEn1axjpUsD+PWLW773YvDnKBw0=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/1788/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Most the Retry-related fixes (#1788)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ba7bd219e329_2bf43fbe264d45bc124680"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 23 Sep 2018 16:19:48 -0000

martinthomson commented on this pull request.

-A server MUST NOT send a Retry in response to packets other than Initial
-or 0-RTT packets.  A server MAY choose to only send Retry in response to Initial
-packets and discard or buffer 0-RTT packets corresponding to unvalidated client
+A client MUST accept and process at most one Retry packet for each connection

Yeah, I thought about that.  The way to finagle this is to think of the defense against spoofed Retry as forking off multiple connections.  Each Retry you decide to process makes another connection.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: