Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)

Christian Huitema <> Fri, 30 November 2018 17:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 49D3B130E9A for <>; Fri, 30 Nov 2018 09:46:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nalR4WzIVGCk for <>; Fri, 30 Nov 2018 09:46:13 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E7F3F130E9C for <>; Fri, 30 Nov 2018 09:46:12 -0800 (PST)
Date: Fri, 30 Nov 2018 09:46:12 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1543599972; bh=hj4vvD/8a9C3jH0da2+CXz8MkKBRzj8w+QCQ/7QGNDI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=cX8RV9uLOsvlOYDYkCql3RB2utr1YNXsQEcm+wP+cO+m95ZWWpp//4xhkDlvbXKZg Uzofb8xojlojhc0t75QjL9IYWABsZnYplEfmti9QSjy31UlVo5CKsG3JgPTcwXR+n+ fve6dHbzYa+5tILWa81MO+jPCVnThgEoeghKmuVY=
From: Christian Huitema <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2064/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c01776419e58_41033fa4a02d45b823837d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Nov 2018 17:46:14 -0000

How about the following rewrite:
Attackers could replay tokens to use servers as amplifiers
in DDOS attacks. Servers SHOULD protect against such attacks by ensuring that
tokens have a short life time. They MAY ensure that tokens are used by clients only once.
This takes into account Ian's comments that tokens need not be obtained fraudulently.
It also takes into account Jana's comment that on big server farms it is much easier to
limit lifetime than to enforce single use. The main point of the MAY is that it forces clients to not assume they can ever reuse a token.

Should we add a description of the attack in the security section?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: