Re: [quicwg/base-drafts] Be more conservative about migration? (#2143)

MikkelFJ <> Thu, 13 December 2018 14:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EFF8B126F72 for <>; Thu, 13 Dec 2018 06:45:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GV3XEMbIjDp0 for <>; Thu, 13 Dec 2018 06:45:38 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1138B124408 for <>; Thu, 13 Dec 2018 06:45:38 -0800 (PST)
Date: Thu, 13 Dec 2018 06:45:36 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1544712336; bh=zY8YW6a3tpA5wrTYbuxVheOsHUd6Neo10dmRDnDjI/o=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=CWwtgg7dxXGvC04pBXP9psolI0X2ZV6jyezLlcqNIRMZupu3vUB0QOEEAnR9qNbUi 3MVMX5/twJfakSfgGv041FyvK7py/YXjsXSBDGnejucQ5io9D/QdlrdOG/U6DFfYfr fZ5MbgN2FlwNykLmpjKKifp1hUfstneMVqzDdK/c=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2143/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Be more conservative about migration? (#2143)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c127090babca_5eef3f8b80ad45bc247ee"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Dec 2018 14:45:41 -0000

To prevent a race from being successful the probe needs to checksum the visible address and have that checksum be reflected back by the client rather than just ACK'ing the probe. Once the reflected checksum is seen the path must be valid.

For true on path, the attacker can drop packets from client to server to maintain the illusion of a different client address, but then the probe will never be reflected correctly. It will eventually time out.

BTW: the description on notation is confusing, mixing [A:B] with [X:Y] and sometimes having Z as payload and sometimes as an address.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: