Re: [quicwg/base-drafts] rate-limiting of CID issuance needs to be allowed (#2436)

martinduke <> Tue, 12 February 2019 21:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 87577128B36 for <>; Tue, 12 Feb 2019 13:26:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.597
X-Spam-Status: No, score=-6.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ctd4rm6DVA2W for <>; Tue, 12 Feb 2019 13:26:22 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C27B2124BF6 for <>; Tue, 12 Feb 2019 13:26:21 -0800 (PST)
Date: Tue, 12 Feb 2019 13:26:20 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1550006780; bh=0o8Tjy6q8G53bddf0EDr2E7LWClRXDbfSsJ+Y5m65qc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=h+KWQpxnOHVk7WqxkLvhabh6SIZ4QX1TsMpUEVHlRUjwv508eZJ0xbzqk3E5hAq8B lYZfBeR/3HqePBDpceru9vvLgWsvkQTsJiq+/7NVYLoZPsSxM6RYfL0hCj6xOq6LNA YSy52T+H9Ww1tagm6G9wQDom0xlSeBNFm/E++9LM=
From: martinduke <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2436/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] rate-limiting of CID issuance needs to be allowed (#2436)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c6339fc68e06_3ed23fe4cbcd45c098831"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 Feb 2019 21:26:23 -0000

I strongly support limiting Connection ID pulls. Beyond the DoS issues, for servers with a relatively limited pool of connection IDs, for whatever reason, allowing an attacker to open a connection and getting a large sample of connection IDs from one server can open up various attempts to crack the route encoding scheme.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: