Re: [quicwg/base-drafts] Why does stateless reset have to be checked after MAC failure (#2152)

ekr <> Mon, 30 September 2019 00:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AA6B41200A3 for <>; Sun, 29 Sep 2019 17:17:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c2hLwWFE46fL for <>; Sun, 29 Sep 2019 17:17:25 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CD73212006D for <>; Sun, 29 Sep 2019 17:17:24 -0700 (PDT)
Date: Sun, 29 Sep 2019 17:17:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1569802643; bh=9Kn8uxL1iGS+R7/kKUrqgrcO7H1aYeP1INyJ6xJKLOk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=FHkgFz2MhSs1MJlCcr/a2gmVXHN6GvU/XQu/P6aetWncXEBEXQBAI3GUOH0hpcZZ/ THf/n8fC2a8ItoVjbFzAYHi9BzZwT9Lp4TUFvlh58Lt+5C90NGJnLLLDI38Jl9oC8i SXlBVQiF9tB03clTHhrVqyYAuZQkbRPgDNb+AWnk=
From: ekr <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2152/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Why does stateless reset have to be checked after MAC failure (#2152)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d914993e0283_3ff73f8e1a0cd96410887d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Sep 2019 00:17:27 -0000

I don't think that the text here resolves the issue. I agree that you need to have a constant time comparison, but I don't believe it needs to post-date the MAC check, because the attacker knows that there is an invalid MAC. I don't object to landing the PR, but it doesn't resolve this issue.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: