Re: [quicwg/base-drafts] What needs to be checked for address validation (#3327)

ekr <> Fri, 14 February 2020 13:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 10495120074 for <>; Fri, 14 Feb 2020 05:45:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id C3hcf8rEIryD for <>; Fri, 14 Feb 2020 05:45:53 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7706E120041 for <>; Fri, 14 Feb 2020 05:45:53 -0800 (PST)
Date: Fri, 14 Feb 2020 05:45:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1581687952; bh=ngx+zBdd3+gSUgOkfeiybiqVny8dpcV15W3We+BY4VU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Nf7MCKbgUYHzTr6k/KOlEWlM6jGfHG8TTW8RDa1L2bMv3C/8aZiKZSlnPHYFAaTQQ miFzrdSBdwUUB3nO0kk65Uxss37s/+yfzIGClOv+Q1qzdG8ocIkZwz2L5W+3ZPbOup oDr71ALlKSRZJFBHDBNe1Z/8ackrrZKlge7+Flxo=
From: ekr <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3327/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] What needs to be checked for address validation (#3327)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e46a4907e225_7cc3fc39bccd9603825c6"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Feb 2020 13:45:57 -0000

ekr commented on this pull request.

> @@ -1834,10 +1834,9 @@ SHOULD include information that allows the server to verify that the source IP
 address and port in client packets remains constant.
 Servers might use tokens from NEW_TOKEN in deciding not to send a Retry packet,
-even if the client address has changed.  A token that was provided in
-NEW_TOKEN cannot be used for address validation if the client address is not the
-same, though servers MAY allow for the possibility of changes arising from new
-mappings at a NAT.
+even if the client address has changed. Tokens sent in NEW_TOKEN frames SHOULD
+include information that allows the server to verify if the client address is
+stable, but might allow for different NAT bindings or ephemeral port selection.

I don't really understand the second sentence. What's an example of information that would allow the server to verify if the client address is stable.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: