[quicwg/base-drafts] Duplicate NEW_TOKEN should only be on same connection (#3179)

MikkelFJ <notifications@github.com> Thu, 31 October 2019 07:53 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 08E751201EA for <quic-issues@ietfa.amsl.com>; Thu, 31 Oct 2019 00:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id MbieFaxjty0L for <quic-issues@ietfa.amsl.com>; Thu, 31 Oct 2019 00:53:00 -0700 (PDT)
Received: from out-24.smtp.github.com (out-24.smtp.github.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33C771200E3 for <quic-issues@ietf.org>; Thu, 31 Oct 2019 00:53:00 -0700 (PDT)
Date: Thu, 31 Oct 2019 00:52:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1572508379; bh=rzFAWtmEPHpK4LbFSDiJ2GRql0O3QJaA+NrR51LN6qc=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=evg2XTyXmh9DkIwjzxD9orImQXZSCw6/8Hv5AzoOyjsJybPUL+iAwPwmI2Z4jnZqX ZJBiUn46wRCdizAF9tSXFhmhHEkDHcmD38JI90YSVAmP/DEyoDFUntBfMPnxDNP0Q/ V4Bt0auZMYKeYiid9ZLWiZbrubtfrC7TenjMhRIs=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK3IOYVF3CSFBSC25NV3Y7CVXEVBNHHB5NOWSE@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3179@github.com>
Subject: [quicwg/base-drafts] Duplicate NEW_TOKEN should only be on same connection (#3179)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dba92db4e4cf_68e3ffcfc8cd96070952b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/gaM6VmgtpgEHcdwJ7ywi4JmqM04>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 07:53:02 -0000

> An endpoint might receive multiple NEW_TOKEN frames that contain the same token value. Endpoints are responsible for discarding duplicate values, which might be used to link connection attempts; see Section 8.1.2.

This text does not forbid the server from sending the same token on multiple connections. Consequently the client has a hard, or impossible, task of excluding duplicates. At least if you only read that section.

Later the text says:

>The token MUST NOT include information that would allow it to be linked by an on-path observer to the connection on which it was issued.

This suggests that the token MUST indeed be unique, but in a roundabout manner.

It would be helpful to make the initial paragraph clearer by stating the that the duplicate token can only happen on the same connection and that the server MUST ensure different connections use different tokens.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: