Re: [quicwg/base-drafts] Authenticating connection IDs (#3439)

MikkelFJ <> Thu, 05 March 2020 09:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AD2B93A10B3 for <>; Thu, 5 Mar 2020 01:13:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.554
X-Spam-Status: No, score=-1.554 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5uyuPOd21pSN for <>; Thu, 5 Mar 2020 01:13:55 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6D0693A10B2 for <>; Thu, 5 Mar 2020 01:13:55 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 4F8AAC602D1 for <>; Thu, 5 Mar 2020 01:13:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1583399634; bh=dlt9alk2nbHn1aJarYDTHEY3idwOK4WzW2M0NlNEVU4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=GyTcdicClgHX1IrrQmqHYPohUfFR4xEpoffPsSrwbfFx+3ApWrmVJNTFIZ+zFlhAQ OedFzuSTEztFkg+2EG6VmSeklA5ClYgz8eIBcjwe/UPmeT23Di8DAqdBFvTJVW/yv5 xRsfDQqDNh9tZ+Rgj3dIUcTOXWswtFGjKGcS3JZo=
Date: Thu, 05 Mar 2020 01:13:54 -0800
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3439/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Authenticating connection IDs (#3439)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e60c2d23f1c4_456e3ff1a56cd9603948c9"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Mar 2020 09:13:57 -0000

There is also an aspect of downgrade attacks to this: If part of a server farm has a flawed deployment, an attacker could use the SCID to route traffic to that part of the server farm and take advantage of that until the entire fleet has been upgraded.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: