Re: [quicwg/base-drafts] Subsequent Initial Packets with Token Field (#1649)
Nick Banks <notifications@github.com> Mon, 13 August 2018 15:17 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A903A130F3E for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 08:17:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UW8umLaqBbUj for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 08:17:00 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19374130934 for <quic-issues@ietf.org>; Mon, 13 Aug 2018 08:17:00 -0700 (PDT)
Date: Mon, 13 Aug 2018 08:16:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1534173419; bh=ke5KmqFq0F9xfLRnRY4j7eujYkJbzQ0WXN+kTQhy94U=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=r9CzWjgl1hXrN9e2ljxjt2vM0DaXoPSgfYtmX4D9XNBAQFyyHEdfbmIfLAAzXMMMg GLC3ClilgdTSbAXyvznuMbOMcgg2ykniGsW0bWumBNVWYSvN6UYIaES9spRDgu2NGX RCcauwqM/1a95ifJx6kdarYNDmaCSza8ByB8dCew=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9d69bcf64630d57be5b37c0cad65968017587cb792cf00000001178962eb92a169ce14d6881b@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1649/412554882@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1649@github.com>
References: <quicwg/base-drafts/issues/1649@github.com>
Subject: Re: [quicwg/base-drafts] Subsequent Initial Packets with Token Field (#1649)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b71a0eb3b6c5_3ae23fc3738be61c169150"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Nte-VX1qXEaXsohLJqrW3QFFZwg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 15:17:02 -0000
@kazuho I guess you're right. I got so focused on the subsequent Initial packets I forgot about the multiple Retry case. The DDoS mitigation device cannot be completely stateless because it cannot rely on its own Token always being in the client's Initial packet, in the multiple Retry case. As for how forwarding could work for all other non-Initial packets, the simplest design would be to just always let them through, and let the end server drop them if they don't correspond to an existing connection. With that type of design, the DDoS mitigation device just prevents new connections from being created, and ignores all other traffic. All that being said, then should we be a bit more clear in the spec and say that only the first Initial packets (not sure how best to word that) need carry the server's Token? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1649#issuecomment-412554882
- [quicwg/base-drafts] Subsequent Initial Packets w… Nick Banks
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Martin Thomson
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Kazuho Oku
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Nick Banks
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Kazuho Oku
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Nick Banks
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Kazuho Oku
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Martin Thomson
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Martin Thomson
- Re: [quicwg/base-drafts] Subsequent Initial Packe… janaiyengar