Re: [quicwg/base-drafts] Construction of address validation token (#2587)

Erik Sy <> Tue, 09 April 2019 19:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DCDE5120236 for <>; Tue, 9 Apr 2019 12:47:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.001
X-Spam-Status: No, score=-3.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fWYhRl4CZZij for <>; Tue, 9 Apr 2019 12:47:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 91B9612016A for <>; Tue, 9 Apr 2019 12:47:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=aak7x62MlOl9avzIoIw0YQDlVNU=; b=vPdCuSk2dkXoxquv bRvW4yWJ8mldaAeb87GDUlXhSlfkiOwghNA7JAXpuLhjA6Z82bCkESoEAcA/gubD /LcHWPs8HOySpB4RnQ0UMM7hV6rvbBXmssgv+/VnJiMRQeITypxi+F6VZrfTdOrv dTRnl3hBYzIRIZ0EvWXGSK6o/J4=
Received: by with SMTP id filter1477p1mdw1-21654-5CACF6BE-18 2019-04-09 19:47:10.71884813 +0000 UTC m=+70625.936400173
Received: from (unknown []) by (SG) with ESMTP id kA3pPEHHRyK84mJSBU8wyw for <>; Tue, 09 Apr 2019 19:47:10.565 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTP id 9F432400BD2 for <>; Tue, 9 Apr 2019 12:47:10 -0700 (PDT)
Date: Tue, 09 Apr 2019 19:47:10 +0000 (UTC)
From: Erik Sy <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2587/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Construction of address validation token (#2587)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cacf6be9d8cf_78aa3feff80d45bc183258"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kirsey
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak3GqA+GxC1M10fD8UzinnwrVbCF5W3xKjwYom tmCQMlPsQyyqq2J4lpMULhYP7aCG/lMaumLVgqjt7+uGzfQN1lJFKUg2PwA/oq5owZprhcr34cK5ju TvcZszlj5sdhTn4w/fPzGXOrIllDZjpt+DAVllKfY6cAXvnrLysooS/mAw==
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Apr 2019 19:47:15 -0000

No, #2543 does not cover this particular point. #2543 makes the point that a network observer should not be able to derive information such as a timestamp from observed tokens.

However, this issue says that the construction of the token should not be deterministic. To illustrate this problem, assume that the token is more or less the hash of the client's source address. Thus, the client receives upon repeat connections the each time the same token, if its source address is identical. As a result, even if the client uses each token only a single time the corresponding connections established with these tokens can be correlated to each other by a network observer.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: