Re: [quicwg/base-drafts] Remove DoS vector for spoofed connection migration (#2893)

Praveen Balasubramanian <> Wed, 07 August 2019 00:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5D7C12009C for <>; Tue, 6 Aug 2019 17:17:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eYRvLNS5-ISg for <>; Tue, 6 Aug 2019 17:17:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 60E5012008C for <>; Tue, 6 Aug 2019 17:17:02 -0700 (PDT)
Date: Tue, 06 Aug 2019 17:17:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1565137021; bh=D4pVWYtxTMng2NihGnpp1cKxCbSYMdcDA/CyUnkpdck=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=nVtBuLlDYdYexfs2U90d3jtUo/1bi11VQ7R5z1lBs1gxrgCbnFs9x2it8izJ9tgNQ fm+UoC9keOavtDXt7Gvi7yDXBznij44iipDjj47PvygjBGLWfcO9xza0yyUOWQzndD oKrsEHhYF1evJssVWnqjvogRiRlgnihoxSv+qYBI=
From: Praveen Balasubramanian <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2893/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Remove DoS vector for spoofed connection migration (#2893)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d4a187d53a3f_2d443fa251acd9641811c7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: pravb
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Aug 2019 00:17:04 -0000

The primary use case for disable_active_migration is that load balancing infrastructure cannot support any changes to the 4-tuple, intentional or otherwise. So in this case if a peer still changes its tuples, the packets may hit a a new server endpoint that doesn't have any existing state, and will generate a stateless reset? 

I'd like to hold consensus on this issue until this is clarified in the text. 

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: