Re: [quicwg/base-drafts] Limit RCID state (#3547)

Kazuho Oku <> Thu, 26 March 2020 23:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5CD943A07EE for <>; Thu, 26 Mar 2020 16:46:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.1
X-Spam-Status: No, score=-3.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id i6sYwzu0f7Go for <>; Thu, 26 Mar 2020 16:46:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A95D3A043D for <>; Thu, 26 Mar 2020 16:46:00 -0700 (PDT)
Date: Thu, 26 Mar 2020 16:45:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1585266358; bh=z0F9018+XEtJ3XgjgHU08CnKnz5MmY62rYXX/K26Hog=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=06rWG73kyea08M5K66w0acLRbRM1Fvre9YXnmFagXi1cQACh7o2GGjulnXxYosuqV rEmjwaTTYcbXycFuzDSl6V3c9/SYW7Kvfvtq3CN0AigK9UkQPdEB7ZAYc9Ubj8P64k tkcRnT99DeNNa01xUghEuHId1mHUoOFK8htjrhNs=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3547/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Limit RCID state (#3547)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e7d3eb6bda41_1afa3ff1160cd96418169c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Mar 2020 23:46:03 -0000

@kazuho requested changes on this pull request.

> @@ -1069,6 +1069,18 @@ to cease using the connection IDs when requested can result in connection
 failures, as the issuing endpoint might be unable to continue using the
 connection IDs with the active connection.
+An endpoint MAY elect to only send or retransmit RETIRE_CONNECTION_ID frames
+with sequence numbers greater than or equal to the highest Retire Prior To field
+received minus its advertised active_connection_id_limit. This bounds the

I'm afraid this advice might be inadequate.

It is possible to mount attacks without using Retire Prior To (see, and therefore the defense should rather not depend on the value of Retire Prior To.

I think it would be better to state that:
* An endpoint SHOULD limit the number of unacknowledged RETIRE_CONNECTION_ID frames (or the count of sequence numbers contained in those frames) that the endpoint tracks.
* That limitation SHOULD be no less than 2 * max_connection_id_limit.

I think that was what @martinthomson had in mind when he wrote

`2 * max_connection_id_limit` is a better ballpark figure than `max_connection_id_limit`, because it gives some confidence to the issuer of CIDs that it can issue a new CID immediately when it receives RCID, without the fear of that causing some state to be lost in the peer.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: