Return-Path: X-Original-To: quic-issues@ietfa.amsl.com Delivered-To: quic-issues@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A46B130DDD for ; Tue, 3 Jul 2018 06:50:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.01 X-Spam-Level: X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id INgLF0FrAX3F for ; Tue, 3 Jul 2018 06:49:59 -0700 (PDT) Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 201791294D7 for ; Tue, 3 Jul 2018 06:49:59 -0700 (PDT) Date: Tue, 03 Jul 2018 06:49:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530625798; bh=7fThVKq4UCyCsKLCyBYz06F+HMJUDscQNtcM/EX9TDI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Wje7GzuqySkEK+DfLaQfXnSKDSQhVGzsV4eFz6nH3Nfq3+b9ijZYMaOqNI2q0qHpO ke/RteX8S4Eg3RI4yP9lHjZMUMupsedgfyRq19nkIHMuy0emcUiQAI+YlhAdimLAcN iJNLpOkq5hV0IAxUzvd3/Wu0ybwcC/NHkzy/hPk8= From: MikkelFJ Reply-To: quicwg/base-drafts To: quicwg/base-drafts Cc: Subscribed Message-ID: In-Reply-To: References: Subject: Re: [quicwg/base-drafts] Permit 0-RTT after Retry and VN (#1514) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5b3b7f065f46_7a13f83dc760f801407db"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: mikkelfj X-GitHub-Recipient: quic-issues X-GitHub-Reason: subscribed X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: quic-issues@ietf.org Archived-At: X-BeenThere: quic-issues@ietf.org X-Mailman-Version: 2.1.26 List-Id: Notification list for GitHub issues related to the QUIC WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 13:50:02 -0000 ----==_mimepart_5b3b7f065f46_7a13f83dc760f801407db Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit mikkelfj commented on this pull request. > @@ -727,16 +732,17 @@ Connection ID. ### Tokens -If the client has a token received in a NEW_TOKEN frame on a previous connection -to what it believes to be the same server, it can include that value in the -Token field of its Initial packet. +If the client has an token received in a NEW_TOKEN frame on a previous a token > @@ -601,6 +601,11 @@ the packet. This prevents an off-path attacker from injecting a Retry packet. The client responds to a Retry packet with Initial packet that includes the provided Retry Token to continue connection establishment. +A client MAY attempt 0-RTT after receiving a Retry packet by sending 0-RTT +packets to the connection ID provided by the server. A client that sends +additional 0-RTT packets MUST NOT reset the packet number to 0 after a Retry +packet, see {{retry-0rtt-pn}}. + sugg: A server MAY reject a redirected 0-RTT attempt because the DCID does not match the 0-RTT token. > -A client SHOULD NOT reuse a token. Reusing a token on different network paths -would allow activity to be linked between paths (see {{migration-linkability}}). -A client MUST NOT reuse a token if it believes that its point of network -attachment has changed; that is, if there is a change in its local IP address or -network interface. A client needs to start the connection process over if it -migrates prior to completing the handshake. +A client SHOULD NOT reuse a token; reused tokens enable activity on connections +to be correlated. A client MUST NOT reuse a token if it believes that its point +of network attachment has changed; that is, if there is a change in its local IP +address or network interface. Reusing a token on different network paths would +allow activity to be linked between paths (see {{migration-linkability}}). A +client needs to start the connection process over if it migrates prior to +completing the handshake. Redundant explanation using both "correlate" and "linked" in separate sentences. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/1514#pullrequestreview-134002355 ----==_mimepart_5b3b7f065f46_7a13f83dc760f801407db Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mikkelfj commented on this pull request.

In draft-ietf-quic-transport.md:

> @@ -727,16 +732,17 @@ Connection ID.
 
 ### Tokens
 
-If the client has a token received in a NEW_TOKEN frame on a previous connection
-to what it believes to be the same server, it can include that value in the
-Token field of its Initial packet.
+If the client has an token received in a NEW_TOKEN frame on a previous

a token

In draft-ietf-quic-transport.md:

> @@ -601,6 +601,11 @@ the packet.  This prevents an off-path attacker from injecting a Retry packet.
 The client responds to a Retry packet with Initial packet that includes the
 provided Retry Token to continue connection establishment.
 
+A client MAY attempt 0-RTT after receiving a Retry packet by sending 0-RTT
+packets to the connection ID provided by the server.  A client that sends
+additional 0-RTT packets MUST NOT reset the packet number to 0 after a Retry
+packet, see {{retry-0rtt-pn}}.
+

sugg: A server MAY reject a redirected 0-RTT attempt because the DCID does not match the 0-RTT token.

In draft-ietf-quic-transport.md:

>  
-A client SHOULD NOT reuse a token.  Reusing a token on different network paths
-would allow activity to be linked between paths (see {{migration-linkability}}).
-A client MUST NOT reuse a token if it believes that its point of network
-attachment has changed; that is, if there is a change in its local IP address or
-network interface.  A client needs to start the connection process over if it
-migrates prior to completing the handshake.
+A client SHOULD NOT reuse a token; reused tokens enable activity on connections
+to be correlated.  A client MUST NOT reuse a token if it believes that its point
+of network attachment has changed; that is, if there is a change in its local IP
+address or network interface.  Reusing a token on different network paths would
+allow activity to be linked between paths (see {{migration-linkability}}).  A
+client needs to start the connection process over if it migrates prior to
+completing the handshake.

Redundant explanation using both "correlate" and "linked" in separate sentences.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5b3b7f065f46_7a13f83dc760f801407db--