Re: [quicwg/base-drafts] Why does stateless reset have to be checked after MAC failure (#2152)

Kazuho Oku <> Tue, 27 August 2019 23:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C7B9B12004D for <>; Tue, 27 Aug 2019 16:03:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.455
X-Spam-Status: No, score=-6.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3FF6VffBJbEt for <>; Tue, 27 Aug 2019 16:03:57 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7EB5C12001A for <>; Tue, 27 Aug 2019 16:03:57 -0700 (PDT)
Date: Tue, 27 Aug 2019 16:03:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1566947036; bh=141oYJrR51tSFxBBkxDV0Jx/e2BLHpF4SRkU/uZ5g6M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=lEUdles4dTuIQUOowvaDMdrcWPtLUPlDa8PRLJzZmzirdGPjHefN2UJVTXj+lJFNL QZXtPyqUBiAAWj1cmoI4g7WBKF6Y1qEaN6BXHXBsOicBoQf9CyH844nAgmtEtPK73M 3AZioeqrMMdleofvMglaTDir86wMVwN6vueP/p2s=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2152/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Why does stateless reset have to be checked after MAC failure (#2152)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d65b6dc8466b_500a3fb6834cd9601516b3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 27 Aug 2019 23:03:59 -0000

I do not think that it would be expensive. Rather, I think using PRP might be the simplest and cheapest way.

The hash table needs to use be resistant to hash collision DoS attacks, because the stateless reset tokens are supplied by the peers. Therefore, to calculate the hash key, I'd assume that endpoints would be using some function that takes a master secret and a stateless reset token. That function can be a PRP.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: