Re: [quicwg/base-drafts] Document request forgery (#3996)

ekr <> Fri, 28 August 2020 17:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B770B3A0E96 for <>; Fri, 28 Aug 2020 10:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.483
X-Spam-Status: No, score=-1.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nSdhWjdOZMBZ for <>; Fri, 28 Aug 2020 10:18:50 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 111C63A0E93 for <>; Fri, 28 Aug 2020 10:18:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id EAFC2560042 for <>; Fri, 28 Aug 2020 10:18:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1598635127; bh=vV19kOncbYWcI4ePvALPrpjcJKxi3u/jO1Al8fm5N6w=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=uoGK0e+0mnkodEiOJTTLqXMGKDzGaHpRTY/VPyUcYWiNfw80GA12US1r7dXrR+5vv eYGm33+aBfSQh9gHJhV+7OHJlDTPsHN1+HkLkE35k+vLda+loTlpKP44eS5G14A8II GoXjMYi+7rQ4wNgSyAeaUzk1JhvxHQ7Jh13pB3mI=
Date: Fri, 28 Aug 2020 10:18:47 -0700
From: ekr <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3996/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Document request forgery (#3996)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f493c77db8d5_659196426176b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Aug 2020 17:18:52 -0000

@ekr commented on this pull request.

> +A client MUST NOT send non-probing frames to a preferred address prior to
+validating that address; see {{address-validation}}. This greatly reduces the
+options that a server has to control the encrypted portion of datagrams.
+This document does not offer any additional countermeasures that are specific
+to use of preferred addresses and can be implemented by endpoints. The generic
+measures described in {{forgery-generic}} could be used as further mitigation.
+### Request Forgery with Spoofed Migration
+Clients are able to present a spoofed source address as part of an apparent
+connection migration to cause a server to send datagrams to that address.
+The Destination Connection ID field in any packets that a server subsequently
+sends to this spoofed address can be used for request forgery.

While the above is contrived, the server *does* have control of some things. For instance, I can control some of the content of GETs or ACKs.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: