Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)

Eric Kinnear <> Sat, 16 November 2019 13:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7414F1200FF for <>; Sat, 16 Nov 2019 05:36:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YjeRYf7-mn1u for <>; Sat, 16 Nov 2019 05:36:54 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 00F601200B4 for <>; Sat, 16 Nov 2019 05:36:54 -0800 (PST)
Date: Sat, 16 Nov 2019 05:36:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1573911413; bh=MYZsjALAaAWcxGEJPXc9C4YgJOLyy5l5Snrf4qhdCOs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=tQPsAof6BTjraUZCC2E+IJYVGT0VEaCnhl4gd3BUkVCvbp7xQWGNXqS1KLQYXU/ot /GS7lD/RC3O6taiLpQ6hE1TgV83CdbrklpSPPKivrVGvp3Oi6Cyt5FZd9++QNJmQYV rfS3QEQTByKjC8xKSCyfrThB3vGZW6uIEND55zyI=
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dcffb74ec4c5_64583fdb954cd960276273"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Nov 2019 13:36:55 -0000

erickinnear commented on this pull request.

> +Both on-path and off-path attackers can mount a passive attack in which they
+save observed QUIC packets for an offline attack against QUIC packet protection
+at a future time; this is true for any observer of any packet on any network.

Moved this into short header section (and renamed that to packet protection, since technically that's not unique to SH even if this is not handshake-specific). Generally moved a bunch of text up, as well.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: