Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)

martinduke <> Thu, 27 September 2018 19:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 04199130F1C for <>; Thu, 27 Sep 2018 12:51:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.455
X-Spam-Status: No, score=-8.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZUCUbpSTDHdA for <>; Thu, 27 Sep 2018 12:51:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 58053127332 for <>; Thu, 27 Sep 2018 12:51:24 -0700 (PDT)
Date: Thu, 27 Sep 2018 12:51:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1538077883; bh=c0fPbpBjk44vOLxm/jy5k732MR4oeGQWA9NH9d7mevs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HzMqddLb+qAEbLxB1s8y1PQuUjkMDog0lQRtTwxciSALxkxLuX6FoDrivnFQUxilC QkILTzK7gdbagO9DF3QsPnGsEe/aAbZrjJstyFzbmqD6kpqQDjcVG5JUMeApzkJPXb ub6Truc6Y5GFMwpw8Ii/53gRhjjBtiphFWz0d8ZI=
From: martinduke <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/1786/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bad34bb905a2_45ec3fab2c0d45b4177226"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Sep 2018 19:51:27 -0000

I would very much like to close the hole where Initial packets injected at arbitrarily long times after the handshake are able to bring the connection down, for obvious reasons.

The editor's draft says that we can choose to silently drop Initial packets with invalid frames, which IMO  is the correct response once we have handshake keys.

STREAM packets are only in app-key-protected packets, so that's not an informative example.  I keep old keys around essentially just to ack stuff and help the peer account for its packets -- you can't accept additional CRYPTO frames, and my point is you shouldn't accept a CONN_CLOSE that can bring down the connection.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: