Re: [quicwg/base-drafts] NEW_CONNECTION_ID text is too restrictive on receivers (#3534)

martinduke <> Fri, 20 March 2020 00:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55FF23A132F for <>; Thu, 19 Mar 2020 17:28:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.545
X-Spam-Status: No, score=-1.545 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wAPR3FrMWTuX for <>; Thu, 19 Mar 2020 17:28:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 97C343A132B for <>; Thu, 19 Mar 2020 17:28:16 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 03E53261576 for <>; Thu, 19 Mar 2020 17:28:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1584664085; bh=lA2A7cUrMEtAvAP7/jZ+ZJ373EgmfqinGwZgTswg3iQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=LzxrADoztL+a+vFG2+9DUJS3KFivKV1AEgLkUdfPGSd4k0eL8FhnER8jA9KzrvgCA XIk+jCgbOTYJL7SDoAbN67nyrkSz7uc4vwygthdv6h8MOV+rDPi3LX8m4ESS1NK67J mitGPOsxBdCOUy0/AofkCO46T88RuIQnofjYBXtE=
Date: Thu, 19 Mar 2020 17:28:04 -0700
From: martinduke <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3534/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] NEW_CONNECTION_ID text is too restrictive on receivers (#3534)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e740e14d1b6a_6d683f935c8cd9601725e3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 Mar 2020 00:28:55 -0000

@kazuho what you suggest would certainly work. However, a malicious peer could send an infinite number of NCIDs as long as it kept advancing rpt, spiraling the state upwards.

To avoid this, we keep a window of unacked but retired sequence numbers and construct RCID from that. That's why having an NCID come in well below the window results in additional state for us.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: