Re: [quicwg/base-drafts] Subsequent Initial Packets with Token Field (#1649)
Kazuho Oku <notifications@github.com> Mon, 13 August 2018 15:07 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FBD7130F3C for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 08:07:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYOfWyugosoF for <quic-issues@ietfa.amsl.com>; Mon, 13 Aug 2018 08:07:26 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45CBC130F40 for <quic-issues@ietf.org>; Mon, 13 Aug 2018 08:07:26 -0700 (PDT)
Date: Mon, 13 Aug 2018 08:07:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1534172845; bh=POQB9OGlPqde26KIzbye7BJPe83tPhz0tSHgnvcU4Cg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TU2I0v+BNslaCf/eTYxej0QzUio86Tc6OJrurfIKHBlujIRaeUCAuGjQkYkCMsSVl L+2Th24r5ZV9frXsicBcvTv6Rzn4YidcnkDT9SZWlGCdRL4KWuPVp2VqvLDnJU9wDe PJmLMQcLEE1l2Egh5pUGUtEELImgWKrM9CvEwVgA=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abb5ec884f6a6e6271ea4a8f9240843313bd22db2692cf00000001178960ad92a169ce14d6881b@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1649/412551467@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1649@github.com>
References: <quicwg/base-drafts/issues/1649@github.com>
Subject: Re: [quicwg/base-drafts] Subsequent Initial Packets with Token Field (#1649)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b719ead10bcc_4be3f861c6be61c105392"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/XO9j68FTWIyPtnWldxUFsot1ftE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 15:07:28 -0000
@nibanks > there is currently no such requirement that a DDoS mitigation device be stateful. My goal is to have a design where it could be stateless. Doesn't the mitigation device maintain state so that it could forward handshake, 0-rtt, 1-rtt packets that has certain properties (e.g. 5-tuple, CID)? Also, IIUC, when multiple retries are involved, the device that issued the first Retry cannot verify the token contained in the second Retry (i.e. the one contained in the third Initial packet sent by the client). So I would assume that a DDoS mitigation device (typically the first device to issue a Retry) will be required to create a state for the 5-tuple when it receives the second Initial, and keep forwarding the packets between the client and the server. Am I missing something? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1649#issuecomment-412551467
- [quicwg/base-drafts] Subsequent Initial Packets w… Nick Banks
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Martin Thomson
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Kazuho Oku
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Nick Banks
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Kazuho Oku
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Nick Banks
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Kazuho Oku
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Martin Thomson
- Re: [quicwg/base-drafts] Subsequent Initial Packe… Martin Thomson
- Re: [quicwg/base-drafts] Subsequent Initial Packe… janaiyengar