Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)

Eric Kinnear <> Tue, 03 September 2019 23:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B9BE412004F for <>; Tue, 3 Sep 2019 16:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eV09PKlsE7-I for <>; Tue, 3 Sep 2019 16:54:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 47B9E12004C for <>; Tue, 3 Sep 2019 16:54:34 -0700 (PDT)
Date: Tue, 03 Sep 2019 16:54:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1567554873; bh=BACYVuxLAyjG5BxD6vyFrzy2g16slXIvnz5PhtxODHE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=S/KbjNLdg3tSoklPM1NfjWobWTkNILJopztzLe1+xHPe+8WzyH1PXWVThPaFMrtDo NjfyUzwsLYdFwDptOTuUzhf/Yqq09tmfi8NrBupNy7hf3k8T6Jkk7WvW+f/zwr5kGC BnNwGCM/TwXK831HJUR1SKaLjvwQzFNfxMQ+ieqA=
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d6efd3951a8b_34193fde2aacd96840283"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Sep 2019 23:54:36 -0000

erickinnear commented on this pull request.

> +An on-path attacker can:
+- Inspect packets
+- Modify unencrypted packet headers
+- Inject new packets
+- Delay packets
+- Drop packets
+An on-path attacker cannot:
+- Modify encrypted packet payloads
+In the presence of an on-path attacker, QUIC aims to provide the following
+1. An on-path attacker can interrupt a QUIC connection, causing it to fail if it

Reworded this to be a bit more clear about exactly what's getting broken (that path, not the whole thing). 

The establishment case I think I'm going to leave for the section on the handshake here.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: