Re: [quicwg/base-drafts] Remove DoS vector for spoofed connection migration (#2893)

ianswett <> Sat, 20 July 2019 20:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 72E5E12001E for <>; Sat, 20 Jul 2019 13:31:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fc9AithhxcJv for <>; Sat, 20 Jul 2019 13:31:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 73CCA12014B for <>; Sat, 20 Jul 2019 13:31:24 -0700 (PDT)
Date: Sat, 20 Jul 2019 13:31:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1563654683; bh=Exw5GKkehBRou0U5ffIrzUEz4VJUnikZ1KXYkmN7SII=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TL4c+9FGoWKlCw9T9sGWp28DTeJ2dnoptXwLdyFKoPUR4T3oDA7bBikuGpVoxENnG ribqCx4FDsIfzjcSyPzHtKovAtlIuzA3AT9591vKskQGBIqSkwDFLFN3FUvWEyPD0D IoCgzIVNMyH0CaxWO/6dgTIQBraKAn59xAE4zscc=
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2893/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Remove DoS vector for spoofed connection migration (#2893)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d337a1b850b9_17483f9442ccd95c1756019"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 20 Jul 2019 20:31:27 -0000

ianswett approved this pull request.

One editorial suggestion

> -INVALID_MIGRATION.  Similarly, an endpoint MUST NOT initiate migration if its
-peer supplies a zero-length connection ID as packets without a Destination
-Connection ID cannot be attributed to a connection based on address tuple.
-Not all changes of peer address are intentional migrations. The peer could
-experience NAT rebinding: a change of address due to a middlebox, usually a NAT,
-allocating a new outgoing port or even a new outgoing IP address for a flow.  An
-endpoint MUST perform path validation ({{migrate-validate}}) if it detects any
-change to a peer's address, unless it has previously validated that address.
+An endpoint also MUST NOT send packets from a different local address, actively
+initiating migration, if the peer sent the `disable_active_migration` transport
+parameter during the handshake. An endpoint which has sent this transport
+parameter, but detects that a peer has nonetheless migrated to a different
+network MUST either drop the incoming packets on that path without generating a
+stateless reset or proceed with path validation and allow the peer to migrate.
+This helps to prevent third parties in the network causing connections to close

This = Not generating a stateless reset?  If so, how about "Generating a stateless reset would allow third parties in the network to cause a connection to close by spoofing or other manipulation of observed traffic."?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: