Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)

Eric Kinnear <> Tue, 03 September 2019 23:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3D3C31200B8 for <>; Tue, 3 Sep 2019 16:53:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id O7r3vA1rN9Zb for <>; Tue, 3 Sep 2019 16:53:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0866A12004C for <>; Tue, 3 Sep 2019 16:53:12 -0700 (PDT)
Date: Tue, 03 Sep 2019 16:53:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1567554791; bh=1m42qRlMG+oy/6v6mooaowGHYlqdN+YZ1U9vTZNOnN8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=0JZKwMyelsIICuanaRgKuqp4i/Fbm73eHgFtRqC+mtnRTi3MJXxMJYTvotYVWCsdW 76Da7OpJRJhu9Fp2Q5dTQ9UCQbUkrlvX/qw7a4RcVKmubpebIlkt0XBQubvjp0J+7O kw6Tz4L/H1D1TBkbXlV+ol9obiOmvuwtGHghSauo=
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d6efce7da3fa_a7b3fb07d6cd96078094"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Sep 2019 23:53:15 -0000

erickinnear commented on this pull request.

> +- Delay packets
+- Drop packets
+An off-path attacker can, however, modify packets that it has observed and
+inject them back into the network, potentially with spoofed source and
+destination addresses.
+For the purposes of this discussion, we assume that an off-path attacker has the
+ability to observe, modify, and re-inject a packet into the network that will
+reach the destination endpoint prior to the arrival of the original packet
+observed by the attacker.  In other words, the attacker has the ability to
+consistently "win" a race with the legitimate packets between the endpoints,
+potentially causing the original packet to be ignored by the recipient.
+We also assume that the attacker has the resources necessary to affect NAT
+state, potentially both causing an endpoint to lose its NAT binding, and an

I've changed some "the attacker" to "an attacker" to be more specific, we've got "an" for endpoint everywhere except one place where it's a packet between "the endpoints" that are having a conversation. 

There's a few places where we say something along the lines of 
> 2. An on-path attacker can prevent migration to a new path for which the
> attacker is also on-path by causing path validation to fail on the new path.

Which is a case where we use both "an" and "the", but otherwise it's all the same now. (And suggestions welcome for those cases, it started to sound very wrong when I switched those around.)

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: